Commit message (Collapse)AuthorAgeFilesLines
* Make the example action script less likely to result in failuresJouni Malinen2011-04-131-2/+3
| | | | | Use "=" instead of "==" and add an example statement between "then" and "fi".
* bsd: Fix buffer size for routing socket with IPv6 disabledYi Zhu2011-04-121-7/+3
| | | | | | AF_INET6 is not always enabled by default, so use AF_INET instead. In addition, use the old fixed length, 2048, as a failover value if the sysctl fails for any reason.
* Make scan interval configurableDmitry Shmidt2011-04-115-1/+40
| | | | | | | | It is now possible to configure the the time in seconds that wpa_supplicant waits before requesting a new scan after failing to find a suitable network in scan results. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* Fix WPS AP mode regressionJouni Malinen2011-04-111-5/+24
| | | | | | | | | Commit 03d3f28a698ec2c269fed35b88be30373595eee2 broke initialization of EAPOL authenticator state machines since an error value from wpa_auth_sta_key_mgmt() (-1) was not handled properly and the fixed wpa_key_mgmt_wpa_psk() identified the value as a PSK-based AKM because of all bits being set to 1. The special error value needs to handled separately to avoid skipping EAPOL state machine initialization.
* Fix #ifdef check for older openssl versionsAdam Kent2011-04-111-1/+1
| | | | | Small compile fix for older versions of openssl that do not have SHA256 support and hence do not define OPENSSL_NO_SHA256.
* Remove references to time_t/time()/random()Per Ekman2011-04-115-23/+31
| | | | Replace direct calls in AP mode code with os_*() wrappers.
* Return NULL instead of 0 as the pointer on error caseJouni Malinen2011-04-081-3/+3
* Fix WPA/WPA2 AP rejection on parameter mismatchJouni Malinen2011-04-081-2/+9
| | | | | | If WPA/WPA2 was enabled in the configuration, the non-WPA exception could allow an incorrect AP to be selected from scan results. Do not use the exception if WPA/WPA2 is enabled in configuration.
* Fix wpa_key_mgmt_*() helper functions to handle multiple bitsJouni Malinen2011-04-081-10/+10
| | | | | | These can be used in some cases with a bitfield having multiple AKMs enabled (e.g., WPA-PSK and WPA-PSK-SHA256). Address those cases by checking whether any of the matching AKM are included.
* atheros: Add support for IEEE 802.11w configurationMahesh Palivela2011-04-083-0/+17
* nl80211: Add support for auth_alg auto-selection with connect commandJouni Malinen2011-04-071-0/+15
| | | | | | When the SME is in the driver or cfg80211, the automatic selection of auth_alg is done by leaving out the NL80211_ATTR_AUTH_TYPE attribute from the NL80211_CMD_CONNECT command.
* TDLS: Disable teardown MIC validation workaroundJouni Malinen2011-04-071-7/+0
| | | | | This MIC is required to be correct if the keys are set, so reject the message if it does not have a valid MIC.
* dbus: Add support to get/set the country codeSam Leffler2011-04-043-0/+69
| | | | | | Add an Interface.Country property and support to get/set the value. Signed-off-by: Sam Leffler <sleffler@chromium.org>
* Fix a typo in a MIB variable in hostapd ctrl_interfaceJouni Malinen2011-04-041-1/+1
* wpa_s AP mode: Fix regression in P2P AP mode setupJouni Malinen2011-04-041-4/+4
| | | | | | | | | | Commit c76e5d7f9b7a4ed8c201f280a04e579d52765572 moved the ap_configured_cb() call into a completion callback from AP mode code. However, this callback can be called before hostap_setup_interface() returns. In that case, the ap_configured_cb() ended up getting called before the wpa_supplicant connection information was updated. Fix this by reordering code to set up everything before calling hostapd_setup_interface().
* nl80211: Send EAPOL frames as QoS data frames for QoS aware clientsFelix Fietkau2011-04-0213-24/+27
| | | | | | | | | | | This should fix EAPOL reauthentication and rekeying timeout issues with Intel clients when using WMM (e.g., with IEEE 802.11n). These stations do not seem to be able to handle EAPOL data frames as non-QoS Data frames after the initial setup. This adds STA flags to hapd_send_eapol() driver op to allow driver_nl80211.c to mark the EAPOL frames as QoS Data frame when injecting it through the monitor interface.
* bgscan_simple: Reschedule first fast scanPaul Stewart2011-03-311-0/+12
| | | | | | | | | If the scan interval switches to the short interval soon after a scan, bgscan_simple should not immediately scan again. However, it should also make sure that the next scan occurs no later than the new, short scan interval. Signed-off-by: Paul Stewart <pstew@google.com>
* bgscan_simple: Time out short scan intervalPaul Stewart2011-03-311-1/+18
| | | | | | | | | | We gain diminishing returns by the short scan interval. The short scan interval is used to hunt for a better AP if the RSSI of the current AP drops. However, if we never roam, and the AP continues to have low RSSI, at some point we should give up and return to the slow background scan rate, otherwise we waste a lot of power. Signed-off-by: Paul Stewart <pstew@google.com>
* bgscan-simple: Poll for signal in initPaul Stewart2011-03-311-0/+9
| | | | | | | | It is not guaranteed that we will get a CQM signal shortly after setting up monitoring. In order to establish the correct initial background scanning rate, poll directly for the signal strength. Signed-off-by: Paul Stewart
* driver: Function to directly poll signal qualityPaul Stewart2011-03-314-14/+51
| | | | | | | | | This provides a means for the supplicant to directly request signal quality metrics from the driver. This is useful, for example for background scan algorithms that might ask desire this information out-of-band with CQM events. Signed-off-by: Paul Stewart <pstew@google.com>
* dbus: Add "excessive" to debug_stringsPaul Stewart2011-03-312-4/+5
| | | | | | | | The "debug_strings" private array in dbus_new_handles.c has fallen out of sync with wpa_debug.h. Add the new "excessive" level to the head of the list, realigning everything. Signed-off-by: Paul Stewart <pstew@google.com>
* P2P: add a missing 'return' after building IE from an empty stringEliad Peller2011-03-301-0/+1
| | | | | | | | | When building IE from an empty string and CONFIG_WPS_STRICT is not defined, redundant 2 bytes are being added to the string. We have to return right after building the "dummy" string. Signed-off-by: Eliad Peller <eliad@wizery.com>
* Work around SNonce updates on EAPOL-Key 1/4 retransmissionJouni Malinen2011-03-295-1/+56
| | | | | | | | | | | | | | | | | | | | Some deployed supplicants update their SNonce for every receive EAPOL-Key message 1/4 even when these messages happen during the same 4-way handshake. Furthermore, some of these supplicants fail to use the first SNonce that they sent and derive an incorrect PTK using another SNonce that does not match with what the authenticator is using from the first received message 2/4. This results in failed 4-way handshake whenever the EAPOL-Key 1/4 retransmission timeout is reached. The timeout for the first retry is fixed to 100 ms in the IEEE 802.11 standard and that seems to be short enough to make it difficult for some stations to get the response out before retransmission. Work around this issue by increasing the initial EAPOL-Key 1/4 timeout by 1000 ms (i.e., total timeout of 1100 ms) if the station acknowledges reception of the EAPOL-Key frame. If the driver does not indicate TX status for EAPOL frames, use longer initial timeout (1000 ms) unconditionally.
* Add driver capa flag for EAPOL TX status and store capa in hostapdJouni Malinen2011-03-294-5/+12
* P2P: Store more WPS attributes for peersJouni Malinen2011-03-284-70/+120
| | | | | | Store Manufacturer, Model Name, Model Number, and Serial Number attributes for P2P peers and expose these through the existing peer information mechanisms.
* P2P: Add more WPS attributes into Listen state Probe ResponseJouni Malinen2011-03-284-21/+156
| | | | | Configure more WPS attributes in the P2P module and use them when generating WSC IE for Probe Response frames in Listen state.
* TDLS: Allow TDLS to be disabled at runtime for testing purposesJouni Malinen2011-03-245-1/+37
| | | | | | Control interface command 'SET tdls_disabled <1/0>' can now be used to disable/enable TDLS at runtime. This is mainly for testing purposes.
* RSN IBSS: Restart IBSS state machines for each new IBSSJouni Malinen2011-03-234-47/+32
| | | | | | | | Change the old design of running a single long living RSN IBSS instance to keep a separate instance for each IBSS connection. This fixes number of issues in getting keys set properly for new connections and is in general quite a bit more correct design.
* nl80211: Implement deauth for IBSS as leave IBSS commandJouni Malinen2011-03-231-0/+4
* Make GKeyDoneStations counting able to recover from mismatchesJouni Malinen2011-03-231-7/+16
| | | | | | | | | Previously, a bug in GKeyDoneStations count would remain in effect until the authenticator is restarted. Make this more robust by clearing the station count before each rekeying setup. While this is not really supposed to be needed, there has been bugs in this area in the past and it is safer to make the implementation recover from such an issue automatically.
* Decrement GKeyDoneStations in WPA authenticator when STA is freedJouni Malinen2011-03-231-0/+4
| | | | | | | | | | | | If the STA to be freed is still included in GKeyDoneStations count, decrement the count when the STA is freed. This does not happen in AP mode since there is enough time to go through the authenticator state machine to clear the STA. However, in the current RSN IBSS implementation, the authenticator state for the STA is freed in a way that does not allow the state machine to go through the clearing. To address this, make sure that wpa_free_sta_sm() decrements the GKeyDoneStations count if the STA happened to be in the process of GTK rekeying.
* nl80211: Use NL80211_CMD_DEL_STATION event to indicate IBSS peer lossJouni Malinen2011-03-231-0/+23
* random: Read /dev/random in the background with eloop read socketJouni Malinen2011-03-224-2/+91
| | | | | | This makes it more likely to be able to fetch the 20 octet seed from /dev/random in cases where other programs may also be competing for this.
* nl80211: Do not add interface to the global list in case of failureJohannes Berg2011-03-221-2/+3
| | | | | This avoids leaving a freed interface on the global list in case driver initialization fails.
* hostapd: Add testing mode for RSN element extensionsJouni Malinen2011-03-213-0/+75
| | | | | | | | CFLAGS += -DCONFIG_RSN_TESTING in .config and rsn_testing=1 in hostapd.conf can now be used to enable a testing mode that adds extensions to RSN element. This can be used to check whether station implementations are incompatible with future extensions to the RSN element.
* wpa_supplicant: Parameterize BSS table expiration age + countSam Leffler2011-03-2011-21/+264
| | | | | | Replace compile-time BSS cache expiration age and scan count by config parameters that can be set via wpa_cli and the new D-Bus API. The latter is done with interface properties BSSExpireAge and BSSExpireCount.
* wpa_supplicant: Start bgscan on COMPLETED, not ASSOCIATEDPaul Stewart2011-03-202-21/+42
| | | | | | | Move the code snippet to switch on bgscan over to wpa_supplicant.c from event.c, so that it can be activated on wpa_supplicant_set_state(). Also create a centralized place to switch off bgscan. bgscan is now turned on in COMPLETED, not ASSOCIATED.
* Fix a typo in a commentJouni Malinen2011-03-201-1/+1
* dbus: Add RemoveAllNetworks to the new D-Bus APISam Leffler2011-03-205-0/+73
| | | | | | This adds a new command to the interface to remove all configured netblocks. Without this it's necessary to query properties on the interface and explicitly remove each netblock.
* wpa_supplicant: Search BSS list from back to frontNathan Williams2011-03-201-1/+1
| | | | | | | | | | This fixes an issue seen in our wifi testbed, where we frequently switch the SSID of the AP. wpa_supplicant's BSS list will have, for example both <bssid, "Check11b"> (from the previous test) and <bssid, "Check11g"> (from the current test) - note that the bssid is the same for both. The (old) D-Bus API for fetching scan responses from wpa_supplicant is fetch-by-bssid, so the caller (flimflam) incorrectly believes we're associated with <bssid, "Check11b">.
* dbus: Add D-Bus methods to flush the BSS cacheSam Leffler2011-03-208-6/+97
| | | | | | | | | | | Add an "Interface.FlushBSS" method to the new D-Bus API and a "flush" method to the old API. Both take an age parameter that is a threshold (in seconds) for selecting entries to evict. Setting this parameter to zero flushes all entries from the cache. This mechanism is useful for a connection manager to clear state at startup and on resume (where the age parameter may be used to hold onto recent/valid data).
* dbus: Add ConfigFile to AddInterface propertiesSam Leffler2011-03-201-0/+8
| | | | | | | This provides feature parity with the old-style D-Bus API. Explicit properties to control global parameters is preferred but until that happens this allows doing things like setting pkcs11_engine_path and pkcs11_module_path via D-Bus.
* Document CONFIG_DEBUG_SYSLOG and CONFIG_DEBUG_SYSLOG_FACILITYJouni Malinen2011-03-201-0/+5
* Add support for setting the syslog facility from the config fileSam Leffler2011-03-202-1/+8
| | | | This enables setting the syslog facility at build time.
* wpa_s AP mode: complete only when setup is completeJohannes Berg2011-03-193-5/+20
| | | | | | | | | | | The AP code might, currently only in the case of HT40, defer actual enabling to after a scan. In this case, the wpa_s AP code gets confused. Add a callback for it to use and make it use it to finish only when the setup has actually completed. With appropriate hacks in place this allows using HT40 in P2P mode. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* wpa_s AP mode: propagate scan eventJohannes Berg2011-03-191-0/+4
| | | | | | | | When wpa_s scans in AP mode, it doesn't propagate the scan event to the AP code, so that code can get stuck if it uses the callbacks there. Simply call them where appropriate. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* P2P: Add option for requested device type in P2P search/scanJean-Michel Bachot2011-03-1912-18/+101
| | | | | | | With this, p2p_find can be extended to find certain requested device types. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* P2P: Use a single define for max number of vendor extensionsJouni Malinen2011-03-195-17/+14
* P2P: Keep track of peer WPS vendor extensionsJean-Michel Bachot2011-03-197-4/+63
| | | | | | | | Make the P2P code keep track of WPS vendor extensions received from peers so they can be exposed via DBus later. Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* P2P: Allow adding of WPS vendor extension attributesJean-Michel Bachot2011-03-196-0/+99
| | | | | | | | This adds the ability to add WPS vendor extension attributes in P2P frames, like GO Negotiation and Probe Response frames. Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>