Jouni Malinen [Sat, 29 Oct 2016 19:23:53 +0000 (22:23 +0300)]
tests: Make ap_interworking_scan_filtering more robust
It was possible for the first wt.clear_bss_counters(bssid) call to fail
the test if timing worked out in a way that the wlantest process had not
received any Beacon frames from the first AP. Run a directed scan for
both of the BSSs before starting the test validation steps to make sure
such a case cannot fail this test case.
Ilan Peer [Thu, 27 Oct 2016 12:18:32 +0000 (15:18 +0300)]
FT: Differentiate between FT for station and for AP in build
Previously, CONFIG_IEEE80211R enabled build that supports FT for both
station mode and AP mode. However, in most wpa_supplicant cases only
station mode FT is required and there is no need for AP mode FT.
Add support to differentiate between station mode FT and AP mode FT in
wpa_supplicant builds by adding CONFIG_IEEE80211R_AP that should be used
when AP mode FT support is required in addition to station mode FT. This
allows binary size to be reduced for builds that require only the
station side FT functionality.
Avrahams Stern [Thu, 27 Oct 2016 12:18:27 +0000 (15:18 +0300)]
wpa_supplicant: Make CONFIG_MBO independent of CONFIG_AP
CONFIG_MBO was defined inside ifdef CONFIG_AP, so when AP support
was not compiled, MBO was not compiled either. However, CONFIG_MBO
is not related AP support, so it should not depend on CONFIG_AP.
Fix this by moving CONFIG_MBO outside of ifdef CONFIG_AP.
David Spinadel [Thu, 27 Oct 2016 12:18:25 +0000 (15:18 +0300)]
hostapd: Add a configuration to set an AP as stationary
Add a configuration option in hostapd.conf and in neighbor report that
sets an AP as stationary. To enable this option on the current AP set
the config option stationary_ap to 1. To set a neighbor entry to be
marked as stationary add the word stat to the SET_NEIGHBOR command. This
option tells hostapd to send LCI data even if it is older than requested
by max age subelement in RRM request.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Ilan Peer [Thu, 27 Oct 2016 12:18:24 +0000 (15:18 +0300)]
hostapd: Clear location configuration when it is reset
In case that LCI or location civic configuration is cleared,
free the buffer holding the corresponding information to avoid
cases that the information is considered as valid/useful.
Ilan Peer [Thu, 27 Oct 2016 12:18:23 +0000 (15:18 +0300)]
hostapd: Fix adding neighbor entry
It is possible that a LCI or location civic configuration buffer
is valid but contains no data. In such a case do not add the LCI
and location civic information to the entry in the neighbor
data base.
Sabrina Dubroca [Fri, 21 Oct 2016 12:45:26 +0000 (14:45 +0200)]
mka: Remove "channel" hacks from the stack and the macsec_qca driver
This is specific to the macsec_qca driver. The core implementation
shouldn't care about this, and only deal with the complete secure
channel, and pass this down to the driver.
Drivers that have such limitations should take care of these in their
->create functions and throw an error.
Since the core MKA no longer saves the channel number, the macsec_qca
driver must be able to recover it. Add a map (which is just an array
since it's quite short) to match SCIs to channel numbers, and lookup
functions that will be called in every place where functions would get
the channel from the core code. Getting an available channel should be
part of channel creation, instead of being a preparation step.
Avrahams Stern [Tue, 18 Oct 2016 09:44:17 +0000 (12:44 +0300)]
wpa_supplicant: Use correct interface type when creating P2P interface
When starting ASP provisioning with connection capability set to NEW,
don't create the pending P2P interface as a GO interface because
Go negotiation will determine which side will be the GO and it is
possible that eventually this interface will become the client.
In this case, when the P2P client is started it will start scanning
and do other station specific operations while the interface type
is AP.
Instead, use type WPA_IF_P2P_GROUP when creating the interface which
means the interface type will be determined later.
Avrahams Stern [Tue, 18 Oct 2016 09:44:16 +0000 (12:44 +0300)]
P2P: Clear old P2PS provision data
Receiving a provision discovery request for an ASP service that
has auto accept set to false should result in a provision discovery
response with the status field set to "currently unavailable".
Having stale P2PS provision data, results in sending a response with
the status set to success because it is mistakenly referred to as the
follow-on provision discovery request.
Fix that by clearing stale P2PS provision data in the following cases:
1. When provision discovery is complete
2. When ASP services are flushed (in which case old ASP provisioning
is no longer valid).
Arik Nemtsov [Tue, 18 Oct 2016 09:44:15 +0000 (12:44 +0300)]
P2P: Clear listen state during PD-in-FIND
drv->in_listen should be cleared whenever the state timeout is cleared,
if they were set together. If the flag is not cleared, the
p2p_listen_end() called during cancel-remain-on-channel will not restart
the search, relying on the state timeout function to do it. Use the
p2p_stop_listen_for_freq() function to clear the listen state properly.
Michael Braun [Fri, 21 Oct 2016 11:11:56 +0000 (13:11 +0200)]
Remove duplicate dl_list_init() for global_ctrl_dst
Commit 56885eecf4026b0199d5ba75bd50395a17d323cc ('hostapd: Add UDP
support for ctrl_iface') added dl_list_init() for global_ctrl_dst to
hostapd_global_ctrl_iface_init().
Though, hostapd_global_ctrl_iface_init() is only called from
main.c:main(), which already initializes global_ctrl_dst unconditionally
before. Same with global_ctrl_sock.
Remove this duplicate initialization.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Cedric Izoard [Mon, 24 Oct 2016 11:05:11 +0000 (11:05 +0000)]
TDLS: Fix checks on prohibit bits
ext_capab/ext_capab_len do not include ID and Length so no extra +2
offset should be used. This fixes a regression from commit faf427645aa79a32ebd8093ff676abfc9d36e951 ('TDLS: Use proper IE parsing
routine for non-EAPOL-Key cases') that replaced the IE parser without
noticing the difference in the pointer offset.
Peng Xu [Mon, 24 Oct 2016 23:54:36 +0000 (16:54 -0700)]
nl80211: Update channel information after channel switch notification
When channel switch happens, driver wrapper's internal channel
information needs to be updated so that the new frequency will be used
in operations using drv->assoc_freq. Previously, only bss->freq was
updated and the new frequency was also indicated in the EVENT_CH_SWITCH
event. This could potentially leave out couple of cases that use
drv->assoc_freq at least as a fallback mechanism for getting the current
operating frequency.
Jouni Malinen [Fri, 28 Oct 2016 16:33:20 +0000 (19:33 +0300)]
Do not try to start/join RSN IBSS without CONFIG_IBSS_RSN=y
Previously, a build without IBSS RSN support tried to start/join an IBSS
even if the profile was configured with RSN parameters. This does not
work and resulted in quite confusing debug log. Make this clearer by
explicitly checking for this case and reject the connection attempt with
a clearer debug log entry instead of trying something that is known to
fail.
Sunil Dutt [Tue, 25 Oct 2016 15:41:04 +0000 (21:11 +0530)]
nl80211: Allow TDLS trigger modes to be configured to the host driver
This commit adds a control interface command to configure the TDLS
trigger mode to the host driver. This TDLS mode is configured through
the "SET tdls_trigger_control" control interface command.
lifeng [Mon, 17 Oct 2016 07:27:53 +0000 (15:27 +0800)]
Add more QCA vendor attribute definitions into qca-vendor.h
These attributes were previously maintained elsewhere. This commit moves
them to follow the standard assignment process through the qca-vendor.h
file in hostap.git.
lifeng [Wed, 26 Oct 2016 13:20:46 +0000 (21:20 +0800)]
QCA vendor attribute to report frame aggregation failure
Add a new vendor attribute config to set the reorder blocksize and
timeout in 4 ACs, and then report the frame aggregation failure
statistics in QCA_NL80211_VENDOR_SUBCMD_STATS_EXT command. In addition,
fix the spelling of the enum value for this subcommand.
Jouni Malinen [Thu, 27 Oct 2016 18:37:19 +0000 (21:37 +0300)]
tests: Avoid failures in ap_vlan_without_station with new kernel
The kernel commit 'mac80211: filter multicast data packets on AP /
AP_VLAN' started filtering out the test frame used in
ap_vlan_without_station and that resulted in false failures. For now,
ignore that "error" case to avoid claiming failures when the kernel is
doing what it is expected to do.
Jouni Malinen [Tue, 25 Oct 2016 21:22:49 +0000 (00:22 +0300)]
Note set_key(WPA_ALG_NONE) failure in debug log
This makes wpa_remove_ptk() call to wpa_auth_set_key() more consistent
with all the other calls that verify the return value to keep static
analyzers happier.
Jouni Malinen [Tue, 25 Oct 2016 20:44:00 +0000 (23:44 +0300)]
FILS: Claim FILS capability only if driver supports it
"GET_CAPABILITY fils" used to return "FILS" based on wpa_supplicant
configuration. This can be made more useful by checking both for
wpa_supplicant and driver support for FILS.
Jouni Malinen [Sun, 23 Oct 2016 09:31:55 +0000 (12:31 +0300)]
driver: Add option to pass FILS KEK/AAD to the driver for association
This allows the FILS KEK and AAD data (nonces) to be configured to the
driver for association so that the driver can encrypt the
(Re)Association Request frame and decrypt the (Re)Association Response
frame.
Sunil Dutt [Fri, 21 Oct 2016 06:43:16 +0000 (12:13 +0530)]
P2P: Check if the pref_freq reported by the driver supports P2P
Filter out get_pref_freq_list() (i.e.,
QCA_NL80211_VENDOR_SUBCMD_GET_PREFERRED_FREQ_LIST) output in case of
channel negotiation by removing channels that do not allow P2P operation
at all. Previously, only the explicitly disallowed channels were removed
and that could have resulted in selecting an operating channel that is
not allowed for P2P and failing to complete the operation to start the
group.
Jouni Malinen [Sat, 22 Oct 2016 19:48:25 +0000 (22:48 +0300)]
SME: Clear possibly used WPA/RSN IE for new connection
This was already done in the case SME in the driver is used, but the SME
code path was resetting the local WPA/RSN IE only for association. While
that was fine for existing use cases, FILS needs a new RSN IE to be set
for PMKSA caching case in Authentication frames, so clear the local IE
before starting new authentication.
This implements Key-Auth derivation for (Re)Association Request frames
(see P802.11ai/D11.0 12.12.2.6.2) and (Re)Association Response frames
(see P802.11ai/D11.0 12.12.2.6.3).
Lior David [Mon, 26 Sep 2016 21:09:36 +0000 (00:09 +0300)]
Add QCA vendor command/attr for low level DMG(11ad) RF sector control
Add operations to allow low level control over RF sectors in QCA DMG
(11ad) chipsets. Operations include getting/setting the configuration of
a specific sector, as well as getting/setting the selected sector which
the HW uses to communicate with a specific station.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Mikael Kanstrup [Wed, 12 Oct 2016 12:18:58 +0000 (14:18 +0200)]
hostapd_cli: Process events received following control iface commands
Events received as an immediate result of control interface commands
end up on the control request message callback function instead of
the registered read socket. This makes for example the station list
used for complete functions for disassociate and deauthenticate out
of sync. Process events in the message callback function too to ensure
no events are missed.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Mikael Kanstrup [Wed, 12 Oct 2016 12:18:57 +0000 (14:18 +0200)]
hostapd_cli: Refactor control iface reconnects with common helper
Code for connecting/reconnecting to the hostapd control interface
is found duplicated a number of times. Create a common reconnect
helper function to avoid code duplication.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Mikael Kanstrup [Wed, 12 Oct 2016 12:18:56 +0000 (14:18 +0200)]
hostapd_cli: Refresh stations list on control interface reconnect
Whenever reconnecting the control interface the hostapd station list
is unknown as stations might have dropped or connected. Refresh the
list of stations used for command completion on cli connect, reconnect
and interface change.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Benjamin Richter [Tue, 11 Oct 2016 03:57:38 +0000 (05:57 +0200)]
wpa_supplicant: Restore permanent MAC address on reassociation
With mac_addr=0 and preassoc_mac_addr=1, the permanent MAC address
should be restored for association. Previously this did not happen when
reassociating to the same ESS.
Signed-off-by: Benjamin Richter <br@waldteufel.eu>
Avraham Stern [Mon, 10 Oct 2016 15:22:09 +0000 (18:22 +0300)]
Always propagate scan results to all interfaces
Scan results were not propagated to all interfaces if scan results
started a new operation, in order to prevent concurrent operations. But
this can cause other interfaces to trigger a new scan when scan results
are already available. Instead, always notify other interfaces of the
scan results, but note that new operations are not allowed.
Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Joel Cunningham [Sat, 8 Oct 2016 17:04:15 +0000 (12:04 -0500)]
Check for NULL qsort() base pointers
There are a couple of places in wpa_supplicant/hostapd where qsort() can
be called with a NULL base pointer. This results in undefined behavior
according to the C standard and with some standard C libraries (ARM RVCT
2.2) results in a data abort/memory exception. Fix this by skipping such
calls since there is nothing needing to be sorted.
Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
Jouni Malinen [Mon, 10 Oct 2016 21:25:20 +0000 (00:25 +0300)]
WPS: Force BSSID for WPS provisioning step connection
This was already done for most driver cases, but it is possible that the
BSSID/frequency is not forced if the driver reports BSS selection
capability (e.g., NL80211_ATTR_ROAM_SUPPORT). That could potentially
result in the driver ignoring the BSSID/frequency hint and associating
with another (incorrect) AP for the WPS provisioning step if that
another AP in the same ESS is more preferred (e.g., better signal
strength) by the driver and only one of the APs (the not preferred one)
is in active WPS registrar state.
While most drivers follow the BSSID hint for the initial connection to
an ESS, not doing it here for the WPS provisioning would break the
protocol. Fix this by enforcing a single BSSID/frequency to disallow the
driver from selecting an incorrect AP for the WPS provisioning
association.
ERP: Do not pass full EAP header to eap_peer_erp_reauth_start()
That function does not need the full EAP header -- it only needs to know
which EAP identifier to use in the message. Make this usable for cases
where the previous EAP message may not exist (FILS).
FILS: Use AEAD cipher to check received EAPOL-Key frames (STA)
This changes 4-way handshake authenticator processing to decrypt the
EAPOL-Key frames using an AEAD cipher (AES-SIV with FILS AKMs) before
processing the Key Data field. This replaces Key MIC validation for the
cases where AEAD cipher is used.
FILS: Use AEAD cipher to check received EAPOL-Key frames (AP)
This changes 4-way handshake authenticator processing to decrypt the
EAPOL-Key frames using an AEAD cipher (AES-SIV with FILS AKMs) before
processing the Key Data field. This replaces Key MIC validation for the
cases where AEAD cipher is used. This needs to move the EAPOL-Key msg
2/4 RSN element processing to happen only after the PTK has been derived
and validated. That is done for all AKMs to avoid extra complexity with
having to maintain two code paths for this.
projects / thirdparty / hostap.git / log
