Deepthi Gowri [Wed, 6 Feb 2013 22:55:06 +0000 (00:55 +0200)]
eap_proxy: Add mechanism for allowing EAP methods to be offloaded
In addition to the offload mechanism, the Android configuration and
makefiles are extended to allow this to be configured for the build by
dropping in platform specific configuration files and makefile without
having to modify any existing files.
Jouni Malinen [Thu, 7 Feb 2013 22:10:39 +0000 (00:10 +0200)]
P2P: Fix GO Probe Response IEs when Wi-Fi Display is enabled
Commit 1a9f6509b3a711071c12006ff7c3a9cb2a6691f2 added support for
fragmenting the P2P IE in Probe Response frames from a GO. However, it
did not take into account the possibility of Wi-Fi Display IE being
included in the same buffer and caused a regression for the cases where
Wi-Fi Display is enabled. Fix this by building the possibly fragmented
P2P IE first and then concatenating the separate IEs together.
Dmitry Shmidt [Thu, 7 Feb 2013 16:06:51 +0000 (18:06 +0200)]
Add 'SCAN TYPE=ONLY' functionality
Usual manual scan request may cause reassociation due to several
reasons. New command is intended to perform pure scan without taking any
automatic action based on the results.
Raja Mani [Thu, 7 Feb 2013 13:24:53 +0000 (15:24 +0200)]
nl80211: Add ctrl_iface message for AP mode connection rejection
When AP mode operation reject the client, nl80211 layer advertises the
connect failed event with the reason for failures (for example, max
client reached, etc.) using NL80211_CMD_CONN_FAILED.
This patch adds some debug messages whenever such an event is received
from the nl80211 layer and also the same event is posted to the upper
layer via wpa_msg().
Jouni Malinen [Thu, 7 Feb 2013 10:51:17 +0000 (12:51 +0200)]
P2P: Allow local configuration to use 5 GHz band 40 MHz channels
These channels were already enabled for P2P use, but the local
configuration parameter was not allowed to use the operating class in
which the 40 MHz channels are specified.
Amar Singhal [Thu, 7 Feb 2013 10:27:52 +0000 (12:27 +0200)]
Fix BSS RANGE command for no exact id match cases
The RANGE=N1-N2 command did not return any entries in some cases where
N1 does not match with any BSS entry. Fix this by allow entries to be
fetched even without knowing the exact id values.
Amar Singhal [Tue, 5 Feb 2013 22:28:48 +0000 (00:28 +0200)]
Fix the "BSS FIRST.." command
The "BSS FIRST.." command fails when additional parameters (e.g., MASK)
is used since the string comparsion does not take into account the
number of characters. Fix by comparing only 5 characters as in other
commands.
Jouni Malinen [Tue, 5 Feb 2013 15:40:09 +0000 (17:40 +0200)]
HS 2.0: Fix IE buffer length for extra scan IEs
The HS 2.0 Indication element is 7 (not 6) octets. The previous
implementation could result in wpabuf validation code stopping the
program if HS 2.0 was enabled without Interworking or P2P (which would
have created a large enough buffer to avoid hitting this) being enable.
Sunil Dutt [Tue, 5 Feb 2013 11:36:36 +0000 (13:36 +0200)]
TDLS: Fix MIC calculation for teardown frame to depend on reason code
The reason code used for calculating the MIC should correspond to the
reason code with which the teardown frame is sent, as the receiver shall
use the one obtained in the frame for validating the MIC.
Sunil Dutt [Tue, 5 Feb 2013 11:27:56 +0000 (13:27 +0200)]
TDLS: Remove link, if any, on an implicit set up request
If an implicit TDLS set up request is obtained on an existing link or an
to be established link, the previous link was not removed. This commit
disables the existing link on a new set up request. Also,
wpa_tdls_reneg() function was invoking wpa_tdls_start() on an already
existing peer for the case of internal setup, which is incorrect. Thus
the invocation of wpa_tdls_start() is removed in wpa_tdls_reneg() and
also this function is renamed to wps_tdls_remove() as it does not
renegotiation rather shall remove the link (if any) for the case of
external setup.
Sunil Dutt [Tue, 5 Feb 2013 11:10:34 +0000 (13:10 +0200)]
TDLS: Use existing peer entry if available when processing discovery
Peer entries were getting added on every discover request from the peer,
thus resulting in multiple entries with the same MAC address. Ensures
that a check is done for the presence of the peer entry and reuse the
existing entry instead of adding a new one.
Jouni Malinen [Mon, 4 Feb 2013 13:52:53 +0000 (15:52 +0200)]
P2P: Fix P2P-GROUP-STARTED event for p2p_connect-join
Commit 50178335bff450829729c91c8af798a1d3a7b408 introduced a regression
for P2P-GROUP-STARTED event indication during p2p_connect-join when
using a separate P2P group interface. wpa_s->global->p2p_group_formation
was already set in that case to point to the group interface and this
commit changed this to point to incorrect interface. Fix this by setting
p2p_group_formation here only in case a separate group interface is not
used.
Jouni Malinen [Mon, 4 Feb 2013 13:38:35 +0000 (15:38 +0200)]
P2P: Fix Action frame processing if Interworking is enabled
GAS server used the same public_action_cb mechanism as P2P to process
Action frames. This ended up overriding P2P processing of Action frames
while running an AP/GO interface with a build that enables Interworking
(e.g., for Hotspot 2.0) and a driver that uses hostapd for AP mode
SME/MLME. Fix this by adding a separate callback registration for the
GAS server. This should really be cleaned up by supporting arbitrary
number of callback handlers, but for now, this addresses the regression
with a minimal change.
Mark Kettenis [Sun, 3 Feb 2013 19:16:29 +0000 (21:16 +0200)]
Add driver for OpenBSD net80211 layer
Very basic support for OpenBSD. No support for scanning yet, so this needs
ap_scan=0 and expects that the user has configured the interface manually
using ifconfig(8).
Signed-hostap: Mark Kettenis <kettenis@openbsd.org>
Paul Stewart [Sun, 3 Feb 2013 19:08:31 +0000 (21:08 +0200)]
wpa_supplicant: Implement fast-associate on SelectNetwork
If scan results are available when we perform a SelectNetwork, use
them to make an associate decision. This can save an entire scan
interval-worth of time in situations where something external to
wpa_supplicant (like a connection manager) has just previously
requested a scan before calling SelectNetwork.
Pontus Fuchs [Sun, 3 Feb 2013 16:14:05 +0000 (18:14 +0200)]
Update scan interval gracefully
When the scan interval is changed the new interval is effective
after the old interval timer fires off one last time. This can cause
an unacceptable long delay when updating the interval.
Change this behaviour to use MIN(left of old interval, new interval)
for the scan interval following the interval change.
Jouni Malinen [Sun, 3 Feb 2013 14:23:13 +0000 (16:23 +0200)]
Fix compilation with PMKSA caching support disabled
Commit 6aaac006af7fd39d618c6546939bed9f0f0cea37 modified the
pmksa_cache_init() prototype, but forgot to update the empty wrapper
function which is used when PMKSA caching is not included in the build.
Ben Greear [Sun, 3 Feb 2013 11:51:54 +0000 (13:51 +0200)]
hostapd: Fix crash when scan fails
When scan failed, the wpa_driver_nl80211_scan method tried
to recursively call itself, but it passed in the wrong argument
for the void*, and so then it crashed accessing bad memory.
With this fix, hostapd still will not retry the scan later, but
at least it will exit cleanly and won't polute the file system
with core files.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Sunil Dutt [Tue, 22 Jan 2013 12:09:54 +0000 (14:09 +0200)]
TDLS: Disable the link also on driver request for teardown
The link was not disabled for the case of implicit trigger from the
driver unlike in the case of explicit trigger fromc ctrl_iface. Make the
tear down sequences match in these cases by adding the TDLS_DISABLE_LINK
tdls_oper to the driver when processing the TDLS_REQUEST_TEARDOWN event.
Jouni Malinen [Thu, 17 Jan 2013 14:22:41 +0000 (16:22 +0200)]
wlantest: Add radiotap header when re-writing DLT_IEEE802_11 file
When using DLT_IEEE802_11 datalink type in a pcap file, wlantest will now
add a radiotap header to the re-written pcap file to make sure all frames
in the output file will include the radiotap header.
Jouni Malinen [Thu, 17 Jan 2013 10:55:30 +0000 (12:55 +0200)]
wlantest: Add -F option for assuming FCS is included
When using DLT_IEEE802_11 datalink type in a pcap file, wlantest can now
be instructed to assume there is an FCS included in the frame by adding
the new -F command line argument. This will make wlantest validate the
FCS and strip it from the frame before processing.
Pavan Kumar [Tue, 15 Jan 2013 09:52:20 +0000 (11:52 +0200)]
P2P: Send P2P-FIND-STOPPED event in the new continue-search states
The P2P-FIND-STOPPED event was sent only in the P2P_SEARCH state, but
this needs to be send also in the new continue-search-when-ready states
P2P_CONTINUE_SEARCH_WHEN_READY and P2P_SEARCH_WHEN_READY for consistent
behavior.
Jouni Malinen [Sat, 12 Jan 2013 07:54:54 +0000 (09:54 +0200)]
nl80211: Add MFP information for NL80211_CMD_CONNECT
This was previously included only with NL80211_CMD_ASSOCIATE, but the
information is as useful (if not even more useful) for
NL80211_CMD_CONNECT. It should be noted that cfg80211 does not yet use
this attribute with NL80211_CMD_CONNECT, but that can be added easily.
Sunil Dutt [Wed, 9 Jan 2013 14:05:18 +0000 (16:05 +0200)]
P2P: Use the same Dialog Token value for every GO Negotiation retry
Each GO Negotiation Request is (re)tried with an unique dialog token and
a GO Negotiation Response / Confirmation from the peer with a mismatched
dialog token is ignored which could result in a failure in this group
formation attempt. Thus, the P2P device would continue retrying the GO
Negotiation Request frames till the GO Negotiation Response frame with a
matching dialog token is received. To avoid the failures due to the
dialog token mismatch in retry cases if the peer is too slow to reply
within the timeout, the same dialog token value is used for every retry
in the same group formation handshake.
It should be noted that this can result in different contents of the GO
Negotiation Request frame being sent with the same dialog token value
since the tie breaker bit in GO Intent is still toggled for each
attempt. The specification is not very clear on what would be the
correct behavior here. Tie breaker bit is not updated on
"retransmissions", but that is more likely referring to the layer 2
retransmission and not the retry at higher layer using a new MMPDU.
Jouni Malinen [Sun, 6 Jan 2013 17:26:27 +0000 (19:26 +0200)]
SAE: Move temporary data into a separate data structure
This allows even more memory to be freed when the SAE instance enters
Accepted state. This leaves only the minimal needed memory allocated
during the association which is especially helpful for the AP
implementation where multiple stations may be associated concurrently.
Jouni Malinen [Sun, 6 Jan 2013 15:34:05 +0000 (17:34 +0200)]
SAE: Validate peer commit values as part of parsing the message
There is no need to postpone this validation step to a separate
processing operation for the commit message, so move the minimal
validation tasks into the parsing functions.
Jouni Malinen [Sun, 6 Jan 2013 11:22:44 +0000 (13:22 +0200)]
Add Diffie-Hellman group definitions for MODP groups in RFC 5114
The groups 22, 23, and 24 are not based on a safe prime and generate a
prime order subgroup. As such, struct dh_group is also extended to
include the order for previously defined groups (q=(p-1)/2 since these
were based on a safe prime).
Jouni Malinen [Sat, 5 Jan 2013 19:22:00 +0000 (21:22 +0200)]
SAE: Add support for FFC groups
This allows FFC groups to be used with SAE. Though, these groups are not
included in the default sae_groups value based on what is available
since the FFC groups have the additional requirement of using a safe
prime with the current implementation (or specification of the group
order).
Jouni Malinen [Fri, 4 Jan 2013 10:19:02 +0000 (12:19 +0200)]
Allow AP mode deauth/disassoc reason code to be overridden
The optional "reason=<reason code>" parameter to the ctrl_iface
deauthenticate and disassociate commands can now be used to change the
reason code used in the disconnection frame. This can be used, e.g., by
P2P GO to disconnect a single P2P client from the group by sending it an
indication of the group getting terminated (Deauthentication frame with
reason code 3). It needs to be noted that the peer device is still in
possession on the PSK, so it can still reconnect to the group after this
if it does not follow the group termination indication.
Jouni Malinen [Tue, 1 Jan 2013 18:35:10 +0000 (20:35 +0200)]
Extra validation to keep static analyzers happy
Use of two variables to track bounds checking seems to be a bit too much
for some static analyzers, so add an extra condition for buffer padding
to avoid incorrect warnings.
Jouni Malinen [Tue, 1 Jan 2013 18:30:17 +0000 (20:30 +0200)]
WPS: Verify wpa_config_set() return value more consistently
Even though this command is very unlikely to fail, in theory, it could
and the WPS connection would fail in such a case. Return more clearer
failure indication in such a case without even trying to start
reassociation.
Jouni Malinen [Tue, 1 Jan 2013 18:26:20 +0000 (20:26 +0200)]
Use more explicit way of copying pointer value to a buffer
The code initializing GMK Counter uses the group pointer value as extra
entropy and to distinguish different group instances. Some static
analyzers complain about the sizeof(pointer) with memcpy, so use a more
explicit type casting to make it more obvious what the code is doing.
Jouni Malinen [Tue, 1 Jan 2013 14:23:47 +0000 (16:23 +0200)]
SAE: Allow enabled groups to be configured
hostapd.conf sae_groups parameter can now be used to limit the set of
groups that the AP allows for SAE. Similarly, sae_groups parameter is
wpa_supplicant.conf can be used to set the preferred order of groups. By
default, all implemented groups are enabled.
Jouni Malinen [Tue, 1 Jan 2013 12:00:40 +0000 (14:00 +0200)]
SAE: Add support for ECC group 21 (521-bit random ECP group)
In addition to the trivial change in adding the new group ientifier,
this required changes to KDF and random number generation to support
cases where the length of the prime in bits is not a multiple of eight.
The binary presentation of the value needs to be shifted so that the
unused most significant bits are the zero padding rather than the extra
bits in the end of the array.
projects / thirdparty / hostap.git / log
