This fragment defines how the Android init system should start hostapd
as a standalone service. Previously, hostapd was fork/exec'd from
Android's netd. This left hostapd with some dangling file descriptors
and a process parent minimally interested in acting as init for child
processes.
Signed-off-by: Christopher Wiley <wiley@google.com>
Johannes Berg [Wed, 17 Aug 2016 09:40:25 +0000 (11:40 +0200)]
nl80211: Fix control port protocol no-encrypt setting
Previously, driver_nl80211 sets NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT in
AP mode, to get EAPOL frames out unencrypted when using IEEE 802.1X/WEP.
However, due to the way nl80211/cfg80211 is implemented, this attribute
is ignored by the kernel if NL80211_ATTR_CONTROL_PORT_ETHERTYPE isn't
specified as well. Fix this by including
NL80211_ATTR_CONTROL_PORT_ETHERTYPE set to ETH_P_PAE. This can be done
unconditionally, since the kernel will allow ETH_P_PAE to be set even
when the driver didn't advertise support for arbitrary ethertypes.
Additionally, the params->pairwise_ciphers appear to not be set at
this point, so relax the check and allow them to be zero.
In client mode, this whole thing was missing, so add it. Again, the
pairwise suite can be WPA_CIPHER_NONE, so allow that case as well.
This fixed IEEE 802.1X/WEP EAP reauthentication and rekeying to use
unencrypted EAPOL frames which is the de facto way of implementing this
in wireless networks.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Wed, 17 Aug 2016 09:24:59 +0000 (12:24 +0300)]
tests: Fix ap_wps_er_http_proto max concurrent requests case
Commit 2d6a526ac3885605f34df4037fc79ad330565b23 ('tests: Make
ap_wps_er_http_proto more robust') tried to work around the timeouts
here, but that was not really the best approach since the one second
timeout that was used here for connect() ended up being very close to
the limit even before the kernel change. The longer connect() time is
caused by a sequence where the listen() backlog ignores the connection
instead of accept() followed by close() within the wpa_supplicant ER
HTTP connection handling. The time to retransmit the SYN changed a bit
in the kernel from 1.0 sec to about 1.03 sec. This was enough to push
that over the one second timeout.
Fix this by using a sufficiently long timeout (10 sec) to allow SYN
retransmission to occur to recover from the listen() backlog case.
Roshan Pius [Wed, 10 Aug 2016 16:35:34 +0000 (09:35 -0700)]
Move disconnect command handling to a common place
Move out the disconnect command handling from |ctrl_iface.c| to
|wpa_supplicant.c| so that it can be reused across the different
control interfaces (socket, dbus & binder).
To be consistent with OpenSSL 1.1.0, the free functions should
internally check for NULL. EVP_MD_CTX_free also was missing an
EVP_MD_CTX_cleanup, so this leaked a little.
OpenSSL 1.1.0 also has given get_rfc3526_prime_1536 a better namespace
with get_rfc3526_prime_1536 as a compatibility-only name. Use that
instead in 1.1.0.
Signed-off-by: David Benjamin <davidben@google.com>
Felix Fietkau [Tue, 26 Jul 2016 11:29:37 +0000 (13:29 +0200)]
hostapd: Fix parsing the das_client option
The musl implementation of inet_aton() returns an error if there are any
characters left after the IP address. When parsing the das_client, split
the string at the whitespace separator to be able to parse the address
successfully.
Nick Lowe [Mon, 8 Aug 2016 13:19:57 +0000 (14:19 +0100)]
Do not include NAS-Port attribute with AID 0
Do not include a NAS-Port attribute in Access-Request and
Accounting-Request packets where the Association ID (AID) is 0, i.e.,
not yet assigned or known.
Manish Shukla [Thu, 11 Aug 2016 13:08:30 +0000 (16:08 +0300)]
atheros: Accept Public Action frames sent to Wildcard BSSID
Previously, the check for mgmt->bssid matching own address (= BSSID)
ended up rejecting the case where Public Action frames are using
Wildcard BSSID in the Address 3 field. This could result in GAS queries
being dropped. Fix this by allowing both the own address (= AP BSSID)
and Wildcard BSSID in Action frame Address 3 field.
Jouni Malinen [Wed, 10 Aug 2016 20:51:21 +0000 (23:51 +0300)]
Fix EAP state machine reset with offloaded roaming and authorization
If the driver indicates a roamed event with already completed
authorization, altAccept = TRUE could have resulted in the EAP state
machine ending up in the FAILURE state from the INITIALIZE state. This
is not correct behavior and similar cases were already addressed for FT
and WPA-PSK. Fix the offloaded roamed+authorized (EAP/PMKSA caching)
case by doing similar changes to EAPOL/EAP state variable updates during
association event handling.
Jouni Malinen [Thu, 11 Aug 2016 12:58:13 +0000 (15:58 +0300)]
tests: Make ap_wps_er_http_proto more robust
It looks like connect() for a TCP socket can time out at least with a
recent kernel. Handle that case more gracefully by ignoring that socket
while allowing the test to continue.
Jouni Malinen [Wed, 10 Aug 2016 14:55:20 +0000 (17:55 +0300)]
tests: Make FST config tests more robust and easier to debug
It looks like it is possible for the separate started wpa_supplicant
process to remain running after a test case like fst_sta_config_default.
This would result in failures to run any following test case that uses
the wlan5 interface. Try to kill the process more thoroughly by waiting
for the PID file to show up and write more details into the logs to make
it easier to debug issues in this area.
Yingying Tang [Wed, 10 Aug 2016 13:49:46 +0000 (16:49 +0300)]
QCA vendor command to get hardware capabilities
This commit introduces a new vendor sub command
QCA_NL80211_VENDOR_SUBCMD_GET_HW_CAPABILITY and the associated
attributes to get Wi-Fi hardware capabilities.
mka: Avoid inconsistent state in ieee802_1x_kay_move_live_peer()
If the memory allocation in ieee802_1x_kay_init_receive_sc() fails, we
end up in an inconsistent state where the peer is moved to the live
peers list and its sci is setup, but we don't have an rxsc.
The room we actually use is length. This could also mess up the
receiver, since it will advance by the actual length (as indicated by
the parameter body's length), which could differ from the offset at
which we stored the next item.
1. The comparison between SCI's of two servers with identical priority
is broken, and would always return TRUE. Just use os_memcmp(), which
provides the ordering we need.
2. If no peer can be key server but this instance can, then become the
key server.
3. The ordering of blocks between peer as key server and ourself as key
server overwrites settings. Simple reordering fixes this.
4. Default to being the key server, so that we advertise our ability in
the MKPDUs we send. That's the only way peers can know we can be key
server. Cleared automatically as soon as we find a better peer.
Mikael Kanstrup [Thu, 7 Jul 2016 12:04:36 +0000 (14:04 +0200)]
hostapd_cli: Completion for disassociate and deauthenticate
Command completion routine for disassociate and deauthenticate
commands implemented. Tracks AP-STA-CONNECTED/AP-STA-DISCONNECTED
events for easy station MAC address lookup.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Mikael Kanstrup [Thu, 7 Jul 2016 12:04:35 +0000 (14:04 +0200)]
hostapd_cli: Implement event handler
Add an empty event handler in preparation for additional command
completion routines that will need to dynamically build parameters
based on events received.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Mikael Kanstrup [Thu, 7 Jul 2016 12:04:34 +0000 (14:04 +0200)]
Move parts of wpa_cli to a new common file
In preparation for adding further command completion support
to hostapd_cli move some cli related utility functions out of
wpa_cli into a new common cli file.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Mikael Kanstrup [Thu, 7 Jul 2016 12:04:31 +0000 (14:04 +0200)]
hostapd_cli: Add command completion support
Add command completion support for hostapd_cli. Only completion
for available commands and basic building blocks in preparation for
per command parameter completion.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Sunil Dutt [Thu, 4 Aug 2016 10:01:31 +0000 (15:31 +0530)]
Define vendor command to support IE based access control
This commit defines QCA vendor subcommand and attributes for IE based
access control, i.e., the specific configured IE (full IE) is matched
with the frames originated by the Wi-Fi STA / AP to accept or deny the
connection. A specific IE can either be a whitelist or blacklist.
Jouni Malinen [Tue, 2 Aug 2016 20:47:38 +0000 (23:47 +0300)]
P2P: Fix D-Bus persistent parameter in group started event
wpas_p2p_persistent_group() returns non-zero for persistent groups. This
value happens to be 2 instead of 1 due to the
P2P_GROUP_CAPAB_PERSISTENT_GROUP value. This ended up with D-Bus code
trying to encode 2 as a DBUS_TYPE_BOOLEAN value which results in an
assert from the library. Fix this by modifying
wpas_p2p_persistent_group() to return 0 or 1 instead of 0 or an
arbitrary non-zero.
Set default scan IEs to the driver (QCA vendor extension)
This makes wpa_supplicant set default scan IEs to the driver (if the
vendor command is supported). The driver can use these IEs in the scan
requests initiated by the driver itself. Also the driver can merge these
IEs into further scan requests that it receives, in case if the scan
request doesn't carry any of the IEs sent in this command.
Jouni Malinen [Tue, 2 Aug 2016 14:41:01 +0000 (17:41 +0300)]
Show disabled HT/VHT properly in AP mode STATUS command
Previously, HT/VHT state was shown in STATUS based on the configuration
parameter instead of the runtime operational parameters. This could
result in claiming HT/VHT to be enabled even when it was forced to be
disabled due to an incompatible configuration. Clear HT/VHT information
in the STATUS output if HT/VHT has been disabled.
Previously, HT capability IE and HT information IE were included in
Beacon and Mesh Peering Open/Confirm frames even if HT is disabled with
disable_ht=1. This patch removes these.
P2Ps: Clear existing value when peer stops sending adv_service_instance
If a peer stops sending adv_service_instance, we should clear the
existing dev->info.p2ps_instance.
This commit fixes the following scenario:
When peer device stops sending adv_service_instance, wpa_supplicant did
not remove old dev->info.p2ps_instance from device's property. This
variable should be updated as per peer behavior and should be cleared
when peer stops sending this information.
P2P: Cleanup by removing unnecessary os_free() call from p2p_deinit()
Remove the unnecessary os_free() call from p2p_deinit() since
p2p_flush() called just above this takes care of freeing
p2p->after_scan_tx and the second call here ends up being no-op
os_free(NULL) in practice.
Previously, mesh power management functionality works only with kernel
MPM. Because user space MPM did not report mesh peer AID to kernel,
the kernel could not identify the bit in TIM element. So this patch
reports mesh peer AID to kernel.
QCA vendor command to configure conditional switch channel for AP
This commit introduces a new vendor sub command
QCA_NL80211_VENDOR_SUBCMD_SAP_CONDITIONAL_CHAN_SWITCH and associated
attributes which aim to configure selected frequencies on which the AP
can conditionally switch onto for preferred operation.
The local found variable is not used in this case. Commit 653d227e9f40cad1114c1c96654061446fd8b131 ('MBO: Improve supported
operating class generation') introduced this variable and unnecessarily
set it here. Remove the write-only assignment to silence static
analyzers.
If no new sme_sa_query_timer() callback is scheculed,
sme_stop_sa_query() needs to be called to allow new SA Query operations
to be started after the failure.
projects / thirdparty / hostap.git / log
