Jouni Malinen [Sat, 28 Dec 2013 11:41:02 +0000 (13:41 +0200)]
Enable FT with SAE
It was already possible to configure hostapd and wpa_supplicant to use
FT-SAE for the key management, but number of places were missing proper
AKM checks to allow FT to be used with the new AKM.
Jouni Malinen [Sun, 29 Dec 2013 07:57:42 +0000 (09:57 +0200)]
nl80211: Fix protected Action frame reporting for AP mode
Action frame RX report through EVENT_RX_ACTION did not indicate whether
the frame was protected or not even though that information is available
in mlme_event_mgmt(). hostapd_rx_action() has a workaround for setting
the protected flag for SA Query frames, but that did not apply for other
frames, like FT Action. This broke FT-over-DS when PMF is enabled with
newer kernel versions (i.e., the ones that do not use monitor interface
for receiving management frames).
Jouni Malinen [Sat, 28 Dec 2013 09:43:42 +0000 (11:43 +0200)]
tests: Verify PeerKey handshake
NOTE: Actual use of the direct link (DLS) is not supported in
mac80211_hwsim, so this operation fails at setting the keys after
successfully completed 4-way handshake. This test case does allow the
key negotiation part to be tested for coverage, though.
Jouni Malinen [Sat, 28 Dec 2013 09:40:23 +0000 (11:40 +0200)]
Fix PeerKey 4-way handshake
The earlier changes to buffer EAPOL frames when not associated to avoid
race conditions (especially commit 3ab35a660364dc68eaebfc0df6130071bbee6be5 but maybe something even before
that) broke PeerKey 4-way handshake. Fix this by using a separate check
before the race condition workaround to process PeerKey 4-way handshake
EAPOL-Key messages differently.
Jouni Malinen [Fri, 27 Dec 2013 16:44:21 +0000 (18:44 +0200)]
WNM: Fix AP processing without wnm_oper driver callback
hostapd_drv_wnm_oper() needs to indicate an error if the driver callback
function is not implemented. Without this, the buf_len argument could
have been left uninitialized which could result in crashing the process.
Jouni Malinen [Fri, 27 Dec 2013 15:42:11 +0000 (17:42 +0200)]
WNM: Minimal processing of BSS Transition Management Query/Response
This adds first steps at processing a BSS Transition Management Query on
the AP side. Mainly, the message is parsed and printed out in the debug
log and a minimal BSS Transition Management Request frame is sent as a
response. BSS Transition Management Response frame is also parsed and
details printed out in the debug log.
Jouni Malinen [Fri, 27 Dec 2013 09:04:38 +0000 (11:04 +0200)]
tests: Mark kernel issues more clearly in the log file
It was previously not obvious from the <test case>.log file that a test
case was marked failed based on kernel issues. Make this very clear to
avoid wasting time on figuring out what caused the failure.
Jouni Malinen [Fri, 27 Dec 2013 08:16:50 +0000 (10:16 +0200)]
tests: Collect code coverage separately from each component in vm
Use a more robust design for collecting the gcov logs from the case
where test cases are run within a virtual machine. This generates a
writable-from-vm build tree for each component separately so that the
lcov and gcov can easily find the matching source code and data files.
In addition, prepare the reports automatically at the end of the
vm-run.sh --codecov execution.
Jouni Malinen [Fri, 27 Dec 2013 06:27:44 +0000 (08:27 +0200)]
tests: Wait for AP-ENABLED
It takes some time for hostapd to complete AP startup. In some cases,
this could potentially result in station starting a scan before the AP
is beaconing or ready to reply to probes. To avoid such race conditions,
wait for AP-ENABLED before going ahead with the test cases.
Jouni Malinen [Thu, 26 Dec 2013 19:08:50 +0000 (21:08 +0200)]
WNM: Fix Sleep Mode AP processing in open network
The previous version could end up calling WPA authenticator routines
even though the authenticator had not been initialized and this could
result in NULL pointer dereference.
Sudha Daram [Wed, 18 Dec 2013 06:32:44 +0000 (12:02 +0530)]
WNM: Add debug logs to get the RSSI from the scan results
This commit adds few more debug prints to log the RSSI information from
the scanned BSSIDs and the current connected BSSID when comparing
neighbor results during WNM Transition Management Request processing.
Jouni Malinen [Fri, 29 Nov 2013 15:45:30 +0000 (17:45 +0200)]
WPS ER: Fix deinit timeout handling with delayed/failing unsubscribe
The five second timeout to call wps_er_deinit_finish() could potentially
be left behind when removing the ER data based on some other event. This
could result in double-freeing of wps_er context killing the process,
e.g., if the WPS ER functionality is stopped while in the process of
unsubscribing from an AP and then restarted.
In addition, AP entries could still be present in the
er->ap_unsubscribing list when the deinit timeout hits. These entries
would still maintain HTTP context pointing to the ER which would be
freed here and as such, the following HTTP client callback could refer
to freed memory and kill the process. Fix this by freeing AP entries
from ap_unsubscribing list when ER is deinitialized from timeout even if
such AP entries have not completed unsubscription from UPnP events.
Jouni Malinen [Fri, 29 Nov 2013 14:52:44 +0000 (16:52 +0200)]
WPS: Reschedule AP configuration reload on EAP completion
Reduce race condition of the station trying to reconnect immediately
after AP reconfiguration through WPS by rescheduling the reload
timeout to happen after EAP completion rather than the originally
scheduled 100 ms after new configuration became known.
Jouni Malinen [Fri, 29 Nov 2013 12:56:11 +0000 (14:56 +0200)]
WPS: Remove old duplicate network even if key is different
Previously, WPS credential provisioning removed duplicated network
entries only if they had identicical SSID, security parameters, and the
keys. However, it is possible that the AP has changes its keys and
leaving the old entry behind can result in connectibity issues (e.g.,
with 4-way handshake failing due to use of the old PSK). Fix this by
allowing the old network entry to be removed even if the keys
(passphrase, PSK, WEP keys) are different.
Jouni Malinen [Thu, 28 Nov 2013 10:56:21 +0000 (12:56 +0200)]
WPS: Reduce scan wait time during WPS processing
Since the AP is expected to be available, there is no need to wait for
the full five second wait between scans during WPS connection. This
speeds up cases where the first scan misses the AP for some reason.
Jouni Malinen [Thu, 26 Dec 2013 17:00:48 +0000 (19:00 +0200)]
Do not use results from externally requested scan for network selection
It may not always be desirable to trigger reassociation or network
change based on scan results from externally to wpa_supplicant trigger
scan operations. Skip network selection and roaming determination if the
received scan result is known to be triggered by something external to
wpa_supplicant. The control interface SCAN command can be used to
request wpa_supplicant to determine the best network.
Jouni Malinen [Thu, 26 Dec 2013 15:53:20 +0000 (17:53 +0200)]
Reschedule own scan request if an externally started one is in progress
This avoids some unnecessary attempts to request the driver to start a
scan while it is still busy with the scan operation that was started by
an external program.
Jouni Malinen [Thu, 26 Dec 2013 14:38:05 +0000 (16:38 +0200)]
Remove unused last_scan_full
This parameter was not really used for anything else apart from a debug
message in the same function that set it. In addition, cfg80211 returns
the set of scanned frequencies even for the full scan, so the code that
was setting this conditionally on frequency list not being there was not
really ever entered either.
Jouni Malinen [Thu, 26 Dec 2013 06:35:22 +0000 (08:35 +0200)]
hostapd: Allow external management frame processing or testing
This enables more convenient protocol testing of station side
functionality in various error cases and unexpected sequences without
having to implement each test scenario within hostapd.
ext_mgmt_frame_handle parameter can be set to 1 to move all management
frame processing into an external program through control interface
events (MGMT-RX and MGMT-TX-STATUS) and command (MGMT_TX).
Jouni Malinen [Wed, 25 Dec 2013 18:04:52 +0000 (20:04 +0200)]
Allow channel list to be specified for SCAN command
The new freq=<frequency ranges> parameter to the SCAN command can be
used to request a scan to be performed on the specified set of channels
instead of on all channels. For example, "wpa_cli scan
freq=2400-2500,5180" would scan channels 1-14 and 36. Only the channels
that the driver indicates as enabled and that are within the specified
ranges are included in the request.
Jouni Malinen [Wed, 25 Dec 2013 11:44:38 +0000 (13:44 +0200)]
Add make lcov-html to generate code coverage report
In addition, update build rules to compile object files in the same
directory as the source code file if CONFIG_CODE_COVERAGE=y is set to
make lcov find the source code files.
Jouni Malinen [Tue, 24 Dec 2013 20:59:52 +0000 (22:59 +0200)]
Remove obsolete license notifications
These files have been distributed only under the BSD license option
since February 2012. Clarify the license statements in the files to
match that to avoid confusion.
Jouni Malinen [Tue, 24 Dec 2013 20:38:16 +0000 (22:38 +0200)]
Verify group key configuration for WPA group
If configuration of the group key to the driver fails, move the WPA
group into failed state and indication group setup error to avoid cases
where AP could look like it is working even through the keys are not set
correctly.
Moshe Benji [Sun, 15 Dec 2013 08:50:07 +0000 (10:50 +0200)]
wpa_supplicant: Fix crash when terminating all interfaces
In wpa_supplicant_terminate_proc(), while iterating and
terminating interfaces, after an interface is terminated,
we can no longer access its memory as it is no longer valid
and causes a crash.
Fix this by saving the pointer to the next interface before freeing
the current one to avoid accessing an invalid memory location.
When CSA flow starts, store the entire struct hostapd_freq_params and
not only CS frequency as it was before. The additional freq_params are
required to advertise CS supplementary IEs such as secondary channel,
wide bandwidth CS, etc.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Johannes Berg [Mon, 16 Dec 2013 20:08:44 +0000 (21:08 +0100)]
wpa_supplicant: Use monotonic time for last_scan check
This just serves to check if there was a scan within
the last 5 seconds, hence it should use monotonic time.
While at it, also use os_reltime_expired().
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Mon, 16 Dec 2013 20:08:42 +0000 (21:08 +0100)]
wpa_supplicant: Use relative time for TKIP Michael MIC failures
The MMIC failure code should use monotonic time to check
whether 60 seconds have elapsed or not. For type-safety,
use struct os_reltime for the timestamp variable, and
also convert to using os_reltime_expired().
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Mon, 16 Dec 2013 20:08:40 +0000 (21:08 +0100)]
P2P: Use monotonic time for GO client waiting
GO activation can fail if the first client doesn't connect
within a certain time, but this should not be dependent on
wall time -- use monotonic time instead.
While at it, use os_reltime_expired().
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Mon, 16 Dec 2013 20:08:39 +0000 (21:08 +0100)]
IBSS RSN: Use monotonic time for reinit detection
The reinit detection skips reinit when the time since the own
authentication frame TX is less than half a second, so it shouldn't
be affected by wall time and use monotonic time instead.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Mon, 16 Dec 2013 20:08:38 +0000 (21:08 +0100)]
WPS_UPNP: Use monotonic time for event debouncing
The event debouncing isn't very accurate (since it doesn't
take sub-second resolution into account), but it should use
monotonic time anyway since it doesn't care about the wall
clock.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
projects / thirdparty / hostap.git / log
