Jouni Malinen [Thu, 10 Feb 2011 20:12:29 +0000 (22:12 +0200)]
hostapd: Fix RADIUS client configuration update on reconfig
The internal pointer to RADIUS client configuration needs to be
updated whenever a new hostapd configuration is loaded. Without
this, freed memory may be dereferenced and this can result in
segmentation faults.
Ben Greear [Thu, 10 Feb 2011 18:14:46 +0000 (20:14 +0200)]
Use wpa_msg() instead of wpa_printf()
This converts number of debugging messages to use wpa_msg() in order
to allow the interface name to be shown with the messages.
A new function, wpa_dbg(), is introduced to allow
CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is
otherwise identical with wpa_msg(), but it gets compiled out if stdout
debugging is disabled.
Jouni Malinen [Tue, 8 Feb 2011 12:32:35 +0000 (14:32 +0200)]
wpa_s AP: Deliver EVENT_RX_PROBE_REQ events to AP processing
This is needed to allows WPS PBC session overlap detection to work
with drivers that process Probe Request frames internally. This
code is is run in hostapd, but the wpa_supplicant AP mode did not
have call to the hostapd_probe_req_rx() function even though it
registered handlers for hostapd Probe Request RX callbacks.
Jouni Malinen [Mon, 7 Feb 2011 16:28:36 +0000 (18:28 +0200)]
P2P: Allow WPS_PBC command on GO to select on P2P Device Address
An optional parameter, p2p_dev_addr, can now be given to WPS_PBC
command on P2P GO to indicate that only the P2P device with the
specified P2P Device Address is allowed to connect using PBC. If
any other device tries to use PBC, a session overlap is indicated
and the negotiation is rejected with M2D. The command format for
specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g.,
WPS_PBC p2p_dev_addr=02:03:04:05:06:07
In addition, show the PBC session overlap indication as a WPS failure
event on an AP/GO interface. This particular new case shows up as
"WPS-FAIL msg=4 config_error=12".
Ben Greear [Sun, 6 Feb 2011 18:39:34 +0000 (20:39 +0200)]
Add interface name to wpa_msg() output
This makes log files much more readable if multiple interfaces
are being controlled by the same process. The interface name is
added to stdout/file/syslog entries, but not to the messages
sent to control interface monitors to avoid issues with parsing
in external programs.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Johannes Berg [Wed, 2 Feb 2011 15:00:12 +0000 (17:00 +0200)]
DBus: Publish provisioned keys in network properties
When the network was provisioned, we need to get the keys to be able to
reconnect without new provisioning. To be able to publish those keys but
not normally configured ones, add a new attribute to struct wpa_ssid
indicating whether or not keys may be exported.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Wed, 2 Feb 2011 14:52:32 +0000 (16:52 +0200)]
AP: Introduce sta authorized wrappers
To enable making state change notifications on the WLAN_STA_AUTHORIZED
flag, introduce ap_sta_set_authorized(), and to reduce use of the flag
itself also add a wrapper for testing the flag: ap_sta_is_authorized().
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Tue, 1 Feb 2011 16:18:32 +0000 (18:18 +0200)]
nl80211: Use max_remain_on_chan data from nl80211
If the driver advertises max_remain_on_chan data, use it instead of
the hardcoded value of 5000. Keep the default at 5000 since that is the
value used by earlier versions of cfg80211/mac80211 and not advertised
in nl80211 for those.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Tue, 1 Feb 2011 16:09:38 +0000 (18:09 +0200)]
P2P: Fix p2p_long_listen
There are two issues with p2p_long_listen:
1) max_remain_on_channel is assumed to be 5 seconds,
2) if max_remain_on_channel is not a full multiple of
seconds, accounting breaks.
Fix these by converting p2p_long_listen to ms and
tracking it according to max_remain_on_channel.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Eliad Peller [Tue, 1 Feb 2011 14:38:38 +0000 (16:38 +0200)]
nl80211: Remove excessive nl80211_set_mode() call
When authenticating, and the interface type is not already
NL80211_IFTYPE_STATION, we need to call wpa_driver_nl80211_set_mode()
only once. Remove the excessive call.
Jouni Malinen [Tue, 1 Feb 2011 14:09:26 +0000 (16:09 +0200)]
AP: Make sure ieee80211n_allowed_ht40_channel_pair() gets called
We need to call this function after having completed the neighboring
channel scan to figure out whether HT40 can be used and if so, which
channel is the secondary channel.
AP: Ensure ieee80211n_supported_ht_capab() gets called to check ht caps
ieee80211n_supported_ht_capab is called after ieee80211n_check_40mhz in
function hostapd_check_ht_capab. ieee80211n_check_40mhz can return 1 in
a valid scenario where the initialization is completed in a callback. In
this case ieee80211n_supported_ht_capab is skipped and hostapd does not
check the ht capabilities reported by the driver. Fix this issue making
sure ieee80211n_supported_ht_capab gets called.
Johannes Berg [Tue, 1 Feb 2011 12:34:12 +0000 (14:34 +0200)]
AP: Enable WMM with default parameters by default for HT
If WMM is not disabled explicitly (wmm_enabled=0 in hostapd.conf),
enable WMM automatically whenever HT (ieee80211n) is enabled. Use
the default WMM parameters for AP TX queues and the EDCA parameters
advertised for stations in WMM IE if no overriding values are
included in the configuration.
Jouni Malinen [Mon, 31 Jan 2011 22:06:13 +0000 (00:06 +0200)]
FT: Configure FT XXKey as PMK for driver-based 4-way handshake
When using FT-EAP, the second half of MSK is used as the starting
point for PMK key hierarchy. Configure that instead of the first
half of MSK when using FT with driver-based 4-way handshake and
FT protocol.
Jouni Malinen [Mon, 31 Jan 2011 22:04:02 +0000 (00:04 +0200)]
Set portValid=TRUE on association for driver-based 4-way handshake
This was previously done for WPA/WPA2-Personal as part of association
processing when the driver is implementing 4-way handshake. The
portValid needs to be done for WPA/WPA2-Enterprise to get the proper
EAPOL authentication completed callback to configure PMK to the driver.
Johannes Berg [Mon, 31 Jan 2011 19:49:48 +0000 (21:49 +0200)]
nl80211: use P2P interface types
We can use the P2P interface types to check if the driver supports P2P
and to tell the kernel that a given interface is going to be used for
P2P (when it is created).
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
There is no real reason to maintain these in the current development
branch anymore. If someone really needs support for the obsolete
driver interfaces, these can be found in older wpa_supplicant
branches.
driver_atmel.c
- vendor-specific interface for ATMEL AT76C5XXx cards
- for some old out-of-tree driver; not for the upstream atmel*
drivers
driver_ndiswrapper.c
- vendor-specific interface for an out-of-tree driver
- ndiswrapper should work with driver_wext.c, too
driver_ipw.c
- vendor-specific interface for old ipw2100/2200 driver
- the upstream driver works with driver_wext.c (and does not work
with the old interface)
driver_hermes.c
- vendor driver that was not even included in the main wpa_supplicant
releases
Helmut Schaa [Sun, 30 Jan 2011 19:16:29 +0000 (21:16 +0200)]
nl80211: Make use of the ht opmode bss attribute
In order to enable protection mechanisms for different HT opmodes the
driver needs to be aware of the current HT opmode that is calculated by
hostapd. Hence, pass the current opmode to the nl80211 driver via
the bss attribute NL80211_ATTR_BSS_HT_OPMODE.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Jouni Malinen [Fri, 28 Jan 2011 17:21:59 +0000 (19:21 +0200)]
hostapd: Allow TDLS use to be prohibited in the BSS
tdls_prohibit=1 and tdls_prohibit_chan_switch=1 and now be used to
disable use of TDLS or TDLS channel switching in the BSS using
extended cabilities IE as defined in IEEE 802.11z.
Jouni Malinen [Mon, 24 Jan 2011 13:25:59 +0000 (15:25 +0200)]
wlantest: Fix TDLS setup failure counting
Need to be able to handle TDLS Setup Response frame with LinkId IE
when non-zero status code is used. In addition, allow finding of a
TDLS entry based on real BSSID instead of the one used in the LinkId
to allow negative testing of different BSS.
Jouni Malinen [Mon, 24 Jan 2011 12:26:35 +0000 (14:26 +0200)]
wlantest: Maintain only a single entry for an active direct link
The TDLS link itself is bidirectional, but there is explicit
initiator/responder roles. Remove the other direction of the link if it
exists when processing TDLS Setup Confirm to make sure that the link
counters are stored for the current TDLS entery.
This is also changing the control interface search for TDLS counters
to require initiator/responder addresses in the correct order instead
of matching entries regardless of the role.
Jouni Malinen [Mon, 17 Jan 2011 10:21:29 +0000 (12:21 +0200)]
AP: Validate management frame length
Make sure that received management frames are long enough before
processing them. This avoids a potential segmentation fault if a
driver delivers an invalid frame all the way to hostapd.
Dan Harkins [Sun, 16 Jan 2011 11:12:07 +0000 (13:12 +0200)]
EAP-pwd: Fix some interoperability issues
The changes are:
1. the word "and" in the hunting-and-pecking string passed to the KDF
should be capitalized.
2. the primebitlen used in the KDF should be a short not an int.
3. the computation of MK in hostap is based on an older version of the
draft and is not the way it's specified in the RFC.
4. the group being passed into computation of the Commit was not in
network order.
Jouni Malinen [Sat, 15 Jan 2011 14:55:15 +0000 (16:55 +0200)]
IBSS RSN: Do not start multiple Auth/Supp for same peer
This avoids an issue when a received EAPOL-Key frame from a peer
is initiating IBSS RSN Authenticator and Supplicant for the peer
and the following new-STA-in-IBSS event from the driver is adding
yet another instance of Authenticator/Supplicant. The EAPOL-Key
RX case was already checking whether an instance had been started;
the driver new-STA event needs to do same.
Jouni Malinen [Sat, 15 Jan 2011 12:07:02 +0000 (14:07 +0200)]
IBSS RSN: Delay setting of the initial TX GTK
The driver may get confused if we set the initial TX GTK before having
fully configured and connected to an IBSS, so better delay this
operation until the connection (join/start IBSS) has been completed.
Chao-Wen Yang [Thu, 13 Jan 2011 16:04:33 +0000 (18:04 +0200)]
WPS: Indicate WPS-FAIL event on EAPOL timeout-based failure callback
If the EAPOL processing times out (e.g., if the AP stops replying
to messages for some reason) during WPS negotiation, we need to
indicate WPS-FAIL event from eapol_cb since no other WPS failure is
reported for this particular case.
Chao-Wen Yang [Thu, 13 Jan 2011 15:50:59 +0000 (17:50 +0200)]
WPS: Add mechanism for indicating non-standard WPS errors
Previously, only the Configuration Error values were indicated in
WPS-FAIL events. Since those values are defined in the specification
it is not feasible to extend them for indicating other errors. Add
a new error indication value that is internal to wpa_supplicant and
hostapd to allow other errors to be indicated.
Use the new mechanism to indicate if negotiation fails because of
WEP or TKIP-only configurations being disallows by WPS 2.0.
Jouni Malinen [Wed, 12 Jan 2011 11:48:55 +0000 (13:48 +0200)]
P2P: Check GO Neg Req retransmit limit in p2p_listen_end
This needs to be done both in the more normal location in
p2p_timeout_connect_listen() (internal timeout after driver event) and
in p2p_listen_end() as a workaround for the case where the driver event
is delayed to happen after the internal timeout.
Jouni Malinen [Mon, 10 Jan 2011 18:41:04 +0000 (20:41 +0200)]
test-sha1: Add test vectors from RFC 6070
The test with very large iterations count is commented out since it
takes quite long to derive (it does pass, though). In addition, the
last test vector is commented out since pbkdf2_sha1() does not support
arbitrary binary passphrases (\0 inside the string).
Jouni Malinen [Sun, 9 Jan 2011 17:44:28 +0000 (19:44 +0200)]
Use set_key addr to distinguish default and multicast keys
Previously, both NULL and ff:ff:ff:ff:ff:ff addr were used in various
places to indicate default/broadcast keys. Make this more consistent
and useful by defining NULL to mean default key (i.e., used both for
unicast and broadcast) and ff:ff:ff:ff:ff:ff to indicate broadcast
key (i.e., used only with broadcast).
Jouni Malinen [Sun, 9 Jan 2011 17:18:50 +0000 (19:18 +0200)]
nl80211: Avoid infinite loop when searching a BSS
When hostapd is removing a virtual BSS interface, the loop here was
incorrectly not updating the iterator during list traversal and
ended up in an infinite loop in some cases.
Jouni Malinen [Sun, 9 Jan 2011 10:09:04 +0000 (12:09 +0200)]
Use more consistent set_key seq value when nothing is being set
Use NULL instead of (u8 *) "" as the seq value and make sure the
driver wrapper implementations can handle NULL value. This was
previously already done in number of places, but not everywhere.
Jouni Malinen [Wed, 5 Jan 2011 09:49:03 +0000 (11:49 +0200)]
WPS: Make WPS-AP-AVAILABLE* events a bit more consistent
The BSS table entries may be in more or less random order and it is
better to show the most likely WPS configuration method in a way that is
somewhat more consistent instead of just showing the method of the first
BSS entry found in the table.
Jouni Malinen [Thu, 30 Dec 2010 16:27:33 +0000 (18:27 +0200)]
Fix wpa_supplicant_ssid_bss_match() handler for non-WPA
The proto configuration may be left to non-zero when moving from one
configuration to another. To avoid misidentifying a network
configuration as enabling WPA, check key_mgmt field, too.
Yi Zhu [Thu, 9 Dec 2010 19:30:20 +0000 (11:30 -0800)]
bsd: Fix receive buffer alignment issue
wpa_supplicant seems to crash from time to time on a NetBSD 4.0 MIPS
platform. The root cause turned out to be a MIPS alignment issue.
In my wpa_supplicant crash case, in function
wpa_driver_bsd_event_receive (from driver_bsd.c), the buf[2048] address
is started from i.e. 0x7fffd546, which is not 4 bytes aligned. Later
when it is casted to (struct if_msghdr *), and rtm->rtm_flags is used.
rtm->rtm_flags is "int" type, but its address is not 4 bytes aligned.
This is because the start address of rtm is not 4 bytes aligned.
Unfortunately in NetBSD MIPS kernel (unlike Linux MIPS kernel emulates
unaligned access in its exception handler), the default behavior is to
generate a memory fault to the application that accesses unaligned
memory address. Thus comes the early mentioned wpa_supplicant crash. An
interesting note is when I'm using the wpa_supplicant version 0.4.9, I
never saw this problem. Maybe the stack layout is different. But I
didn't look into details.
I used below patch to resolve this problem. Now it runs correctly for at
least several hours. But you might have a better fix (maybe we can use
malloc/free so that it is at least cache line aligned?). I'm also not
sure if other drivers should have the same problem.
Jouni Malinen [Thu, 30 Dec 2010 10:48:55 +0000 (12:48 +0200)]
P2P: Add initial support for driver-based P2P management
This adds partial callbacks and events to allow P2P management to be
implemented in a driver/firmware. This is not yet complete and is
very much subject to change in the future.
Jouni Malinen [Wed, 22 Dec 2010 09:33:59 +0000 (11:33 +0200)]
WPS: Add option to disable open networks by default
CONFIG_WPS_REG_DISABLE_OPEN=y can be used to configure wpa_supplicant
to disable open networks by default when wps_reg command is used to
learn the current AP settings. When this is enabled, there will be a
WPS-OPEN-NETWORK ctrl_iface event and the user will need to explicitly
enable the network (e.g., with "select_network <id>") to connect to
the open network.
Johannes Berg [Wed, 29 Dec 2010 12:05:34 +0000 (14:05 +0200)]
nl80211: Use driver-based off-channel TX if available
If the underlying driver supports off-channel TX, it will now be used by
the nl80211 driver wrapper, setting WPA_DRIVER_FLAGS_OFFCHANNEL_TX
accordingly.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Wed, 29 Dec 2010 11:59:17 +0000 (13:59 +0200)]
P2P: Add option for offloading off-channel TX to the driver
With the new kernel functionality coming to Linux to allow off-channel
TX, we can take advantage of that in the P2P code that currently uses
remain-on-channel. If a driver advertises support for it, it will be
asked to handle off-channel TX by itself.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Tue, 28 Dec 2010 15:15:01 +0000 (17:15 +0200)]
Allow AP mode to disconnect STAs based on low ACK condition
The nl80211 driver can report low ACK condition (in fact it reports
complete loss right now only). Use that, along with a config option, to
disconnect stations when the data connection is not working properly,
e.g., due to the STA having went outside the range of the AP. This is
disabled by default and can be enabled with disassoc_low_ack=1 in
hostapd or wpa_supplicant configuration file.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Tue, 28 Dec 2010 10:09:14 +0000 (12:09 +0200)]
Re-initialize EAP ClientTimeout on for each session
ClientTimeout changes from EAP peer methods were not supposed to
change behavior for other EAP peer methods or even other sessions
of the same method. Re-initialize ClientTimeout whenever an EAP
peer method is initialized to avoid this. This addresses problems
where WPS (EAP-WSC) reduces the timeout and consecutive EAP runs
may fail due to too small timeout.
Fabien Marotte [Tue, 28 Dec 2010 09:48:58 +0000 (11:48 +0200)]
P2P: Limit the retransmission of GO Negotiation request to 120
If the peer you want to connect to is no longer available (does not
acknowledge frames) when wpa_supplicant sends GO Negotition Request
frames, retransmission of this frame is done until the associated
p2p_device structure is removed on timeout. In that case, no signal
is emitted to inform the GO Negotiation has failed.
When sending an Invitation Request frame, the same retransmission
mechanism is in place but limit the transmission to 100 and hitting
the limit generates an event.
This patch adds the same mechanism as the one in place for Invitation
Request, but with limit of 120 to match the existing wait_count for
for GO Negotiation.
Jouni Malinen [Tue, 28 Dec 2010 06:56:23 +0000 (08:56 +0200)]
WPS: Require PBC match with wps_pbc that specifies BSSID
The WPS mode was already verified when the AP was configured for
WPA/WPA2, but this was not done with AP that was in open mode.
Fix this by allowing wpa_supplicant_ssid_bss_match() to be called
in non-WPA configuration, too. With this change, wps_pbc BSSID
command will wait until the specified target AP is in active PBC
mode before trying to connect to it.
Jouni Malinen [Sun, 19 Dec 2010 09:58:00 +0000 (11:58 +0200)]
Use SA Query procedure to recovery from AP/STA state mismatch
If a station received unprotected Deauthentication or Disassociation
frame with reason code 6 or 7 from the current AP, there may be a
mismatch in association state between the AP and STA. Verify whether
this is the case by using SA Query procedure. If not response is
received from the AP, deauthenticate.
This implementation is only for user space SME with
driver_nl80211.c.
Johannes Berg [Fri, 17 Dec 2010 13:31:05 +0000 (15:31 +0200)]
Allow setting scan_res_handler from the callback function
Some new code I'm working on will need the scan_res_handler assigned all
the time in certain circumstances, so the easiest way is to reset it
within the handler. This is currently prevented by the way the code in
the event handler works -- change that to permit such usage.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
projects / thirdparty / hostap.git / log
