aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* privsep: Fix scan result fetching with Beacon frame IEsJouni Malinen2016-12-032-2/+6
| | | | | | | | | wpa_priv did not yet support Beacon frame IEs (res->beacon_ie_len) which resulted in invalid scan data being accepted in driver_privsep.c. Add support for res->beacon_ie_len and also fix the validation step to take this new variable length field into account. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_priv: Document reduced functionalityJouni Malinen2016-12-031-0/+11
| | | | | | | | | wpa_priv has never really been fully up-to-date with the wpa_supplicant driver interface extensions. This does not seem like something that would change in the future either, so document this reduced functionality as a potential drawback. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_priv: Handler driver global_deinit() on termination pathJouni Malinen2016-12-031-2/+6
| | | | | | | This avoids a theoretical resource leak on exit path if wpa_priv is killed while there is a wpa_supplicant process using it. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_priv: Explicitly clear padding in message structuresJouni Malinen2016-12-031-1/+2
| | | | | | | This avoids some valgrind warnings about use of uninitialized memory in cases where a struct may have padding octets between the fields. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_priv: Use fromlen instead sizeof(struct sockaddr_un)Jouni Malinen2016-12-031-38/+45
| | | | | | | | | This gets rid of some dependencies on how extra octets at the end of the struct sockaddr_un get "uninitialized" consistently by only using the exact length of the address data from the recvfrom() call. This resolves number of valgrind warnings about use of uninitialized memory. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_priv: Add support for multiple l2_packet connectionsJouni Malinen2016-12-031-38/+92
| | | | | | | | This is needed to be able to work with many wpa_supplicant use cases, e.g., due to use of TDLS or RSN pre-authentication needing a separate l2_packet socket. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: P2P provision discovery while GO/CLIJouni Malinen2016-12-031-0/+81
| | | | | | | These test cases verify that there is no duplicate processing of P2P Action frames while operating in a P2P group. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Split nl80211_check_bss_status() into a separate functionJouni Malinen2016-12-021-26/+26
| | | | | | | | This allows a single scan result to be checked at a time. This is a step towards optimizing scan result fetching without having to allocate memory for all entries at the same time. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Separate channel noise fetch from scan result processingJouni Malinen2016-12-021-21/+44
| | | | | | | | | | | | This untangles the NL80211_CMD_GET_SURVEY handler loop from NL80211_CMD_GET_SCAN processing so that the per-channel noise information can be fetched with a common function to a local data structure that can then be easily used to update individual scan results (a single BSS) instead of having to go through a full set of scan results. This is a step towards optimizing scan result fetching without having to allocate memory for all entries at the same time. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: WDS 4addr behavior on reassociation and with open and WEPJouni Malinen2016-12-022-2/+78
| | | | | | | | | | | | | This extends the ap_wds_sta test case to cover post-reassociation case (both with and without Authentication frame exchange) and add similar test cases to cover open and WEP cases in addition to this existing WPA2-PSK test case. These cover functionality testing for the previous fix in reassociation-without-new-authentication case. In addition, these find a new mac80211 issue for the WEP + 4addr combination. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix 4addr reassociation-without-deauthentication on APJouni Malinen2016-12-021-10/+13
| | | | | | | | | Data connection was lost if a station reassociated without the STA entry being cleaned up on the AP side. Fix this by moving reconfiguration of the STA WDS parameters in association response callback to happen only after the STA flags have been updated to associated stated. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wired: Mark some common helper functions staticJouni Malinen2016-11-302-8/+4
| | | | | | | | These are used only within driver_wired_common.c now at the end of the refactoring changes, so there is no need to make these helper functions available outside driver_wired_common.c. Signed-off-by: Jouni Malinen <j@w1.fi>
* mka: Remove references to macsec_qca from wpa_supplicant.confSabrina Dubroca2016-11-301-6/+4
| | | | | | | Make the documentation generic, as this is no longer the only macsec driver. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* macsec_linux: Add a driver for macsec on Linux kernelsSabrina Dubroca2016-11-307-0/+1299
| | | | | | | | | This uses libnl3 to communicate with the macsec module available on Linux. A recent enough version of libnl is needed for the macsec.h file (which is not yet available in a formal libnl release at the time of this commit). Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* drivers: Move driver_wired_get_ssid() to a common fileSabrina Dubroca2016-11-304-16/+10
| | | | | | | This continues refactoring of the common parts of wired drivers code into a shared file, so that they can be reused by other drivers. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* drivers: Move driver_wired_get_bssid() to a common fileSabrina Dubroca2016-11-304-18/+11
| | | | | | | This continues refactoring of the common parts of wired drivers code into a shared file, so that they can be reused by other drivers. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* drivers: Move driver_wired_get_capa() to a common fileSabrina Dubroca2016-11-304-18/+11
| | | | | | | This continues refactoring of the common parts of wired drivers code into a shared file, so that they can be reused by other drivers. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* drivers: Move driver_wired_deinit_common() to a common fileSabrina Dubroca2016-11-304-70/+44
| | | | | | | This continues refactoring of the common parts of wired drivers code into a shared file, so that they can be reused by other drivers. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* drivers: Move driver_wired_init_common() to a common fileSabrina Dubroca2016-11-304-108/+72
| | | | | | | This continues refactoring of the common parts of wired drivers code into a shared file, so that they can be reused by other drivers. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* drivers: Move driver_wired_get_ifstatus() to a common fileSabrina Dubroca2016-11-304-60/+32
| | | | | | | This continues refactoring of the common parts of wired drivers code into a shared file, so that they can be reused by other drivers. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* drivers: Move driver_wired_set_ifflags() to a common fileSabrina Dubroca2016-11-304-62/+36
| | | | | | | This continues refactoring of the common parts of wired drivers code into a shared file, so that they can be reused by other drivers. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* drivers: Move driver_wired_get_ifflags() to a common fileSabrina Dubroca2016-11-304-58/+34
| | | | | | | This continues refactoring of the common parts of wired drivers code into a shared file, so that they can be reused by other drivers. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* drivers: Move driver_wired_multi() to a common fileSabrina Dubroca2016-11-304-114/+62
| | | | | | | This continues refactoring of the common parts of wired drivers code into a shared file, so that they can be reused by other drivers. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* drivers: Move wired_multicast_membership() to a common fileSabrina Dubroca2016-11-306-62/+76
| | | | | | | This continues refactoring of the common parts of wired drivers code into a shared file, so that they can be reused by other drivers. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* drivers: Move common definitions for wired drivers outSabrina Dubroca2016-11-303-86/+103
| | | | | | | | | | Refactor the common parts of wired drivers code into a shared file, so that they can be reused by other drivers. The macsec_qca driver already contains a lot of code duplication from the wired driver, and the macsec_linux driver would do the same. A structure to hold data common to all wired drivers is added and used in all these drivers. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* Add support to abort vendor scanSunil Dutt2016-11-303-8/+29
| | | | | | | | | | | | | | | | | | | This commit enhances the existing implementation of abort scan to also abort concurrent active vendor scans. This is achieved by passing the the scan_cookie to the driver interface with the intention to abort the specific scan request. This scan_cookie is returned from the driver interface when the scan request is scheduled. This scan_cookie is 0 if the scan is triggered through the upstream cfg80211 interface. Thus, the scan_cookie is used to determine whether to abort the cfg80211 or vendor scan request. Also, the previous implementation of relying on scan_work/p2p_scan_work for the active work to trigger the abort scan is enhanced to check for the started state of either of these work operations. This should also help to abort the concurrent active scan/p2p-scan operations. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Enhance abort scan to also abort the vendor scanSunil Dutt2016-11-305-18/+101
| | | | | | | This commit enhances the abort scan implementation to also abort the vendor scan, if one was used to trigger the scan. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Define a QCA vendor command to abort vendor scanSunil Dutt2016-11-301-0/+6
| | | | | | | | The new QCA_NL80211_VENDOR_SUBCMD_ABORT_SCAN command can be used to abort an ongoing scan that was started with QCA_NL80211_VENDOR_SUBCMD_TRIGGER_SCAN. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: PMF and Authentication frame injectionJouni Malinen2016-11-291-0/+27
| | | | | | | | | Verify that AP does not break PMF-enabled connection due to injected Authentication frame. This is a regression test for NL80211_FEATURE_FULL_AP_CLIENT_STATE changes resulting in dropping the key in such a case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add MGMT_RX_PROCESS test command for hostapdJouni Malinen2016-11-291-0/+73
| | | | | | | | | | | | | | This makes it easier to write hwsim test cases to verify management frame processing sequences with dropped or modified frames. When ext_mgmt_frame_handling is used, this new command can be used to request hostapd to process a received a management frame, e.g., based on information reported in the MGMT-RX events. This is more or less identical to the earlier wpa_supplicant commit 4de70e2330c54c32f42a5fc93517d65c0a2c3be9 ('Add MGMT_RX_PROCESS test command for wpa_supplicant'), but for hostapd. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* AP: Do not drop STA entry if PMF is used with full AP client stateJouni Malinen2016-11-291-0/+7
| | | | | | | | | | | | | | | | | This fixes a regression from commit bb598c3bdd0616f0c15e1a42e99591d8f3ff3323 ('AP: Add support for full station state'). That commit added code to remove and re-add the kernel STA entry when processing Authentication frames with a driver that advertises support for full AP client state. That resulted in bypassing PMF protections for unprotected Authentication frames with such drivers since the TK was lost in this operation. It is simplest to skip the STA entry clearing in this type of case completely to leave the TK in place and to process the new authentication exchange otherwise normally. This matches the behavior used with the drivers that do not implement full AP client state. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDEJouni Malinen2016-11-261-0/+29
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Explicitly check for MDE not present in non-FT associationWill Glynn2016-11-261-0/+4
| | | | | | | | | | | IEEE Std 802.11-2012, 12.4.2 states that if an MDE is present in an (Re)Association Request frame but the RSNE uses a non-FT AKM suite, the AP shall reject the association using status code 43 ("Invalid AKMP"). wpa_validate_wpa_ie() now explicitly checks for this condition to meet this requirement instead of simply ignoring the MDE based on non-FT AKM. Signed-off-by: Will Glynn <will@willglynn.com>
* tests: Beacon frame TX rate configurationJouni Malinen2016-11-251-1/+105
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Configure Beacon frame TX rate if driver advertises supportPurushottam Kushwaha2016-11-252-0/+110
| | | | | | | | | | | If the driver advertises support for setting Beacon frame data rate, allow the user to configure this rate as part of starting the AP. Only one Beacon frame TX rate is allowed. Drivers advertising such support should set corresponding flag via the NL80211_ATTR_EXT_FEATURES attribute. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add support for user configurable Beacon frame data rate for AP modePurushottam Kushwaha2016-11-256-0/+79
| | | | | | | | | | | | | | | Allow configuration of Beacon frame TX rate from hostapd.conf with "beacon_rate=xx" option. The following format is used to set legacy/HT/VHT beacon rates: Legacy (CCK/OFDM rates): beacon_rate=<legacy rate in 100 kbps> HT: beacon_rate=ht:<HT MCS> VHT: beacon_rate=vht:<VHT MCS> Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Random MAC address in scans while connectedJouni Malinen2016-11-252-1/+27
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Use random MAC address for scanning only in non-connected stateSrinivas Dasari2016-11-251-3/+6
| | | | | | | | | | | cfg80211 rejects the scans issued with random MAC address if the STA is in connected state. This resulted in failures when using MAC_RAND_SCAN while connected (CTRL-EVENT-SCAN-FAILED ret=-95). Enable random MAC address functionality only if the STA is not in connected state to avoid this. The real MAC address of the STA is already revealed in the association, so this is an acceptable fallback mechanism for now. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: D-Bus P2P and IP address parametersJouni Malinen2016-11-211-0/+73
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* D-Bus: Send P2P IP address assignment info with GroupStarted eventNishant Chaprana2016-11-215-9/+22
| | | | | | | This commit adds IP address information into GroupStarted event on the P2P client side like it is sent over the control interface. Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
* D-Bus: Add getter and setter for P2P IP address config parametersNishant Chaprana2016-11-201-0/+61
| | | | | | | | | | This patch adds setter and getter for P2P IP address config parameters: 1. ip_addr_go 2. ip_addr_mask 3. ip_addr_start 4. ip_addr_end Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
* FT: Complete CONFIG_IEEE80211R_AP renaming for hostapdJouni Malinen2016-11-192-10/+10
| | | | | | | | | | | | Commit 4ec1fd8e42bad9390f14a58225b6e5f6fb691950 ('FT: Differentiate between FT for station and for AP in build') renamed all CONFIG_IEEE80211R instances within src/ap/* to CONFIG_IEEE80211R_AP, but it did not change hostapd/* files to match. While this does not cause much harm for normal use cases, this broke some test builds where wpa_supplicant build is used to build in hostapd/*.c files for analysis. Fix this by completing CONFIG_IEEE80211R_AP renaming. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Allow configuring the MACsec port for MKASabrina Dubroca2016-11-198-5/+21
| | | | | | | Previously, wpa_supplicant only supported hardcoded port == 1 in the SCI, but users may want to choose a different port. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Add enable_encrypt op and call it from CP state machineSabrina Dubroca2016-11-197-0/+50
| | | | | | This allows MKA to turn encryption on/off down to the driver. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* wpa_supplicant: Add macsec_integ_only setting for MKASabrina Dubroca2016-11-199-1/+38
| | | | | | | | | So that the user can turn encryption on (MACsec provides confidentiality+integrity) or off (MACsec provides integrity only). This commit adds the configuration parameter while the actual behavior change to disable encryption in the driver is handled in the following commit. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Disable peer detection timeout for PSK modeSabrina Dubroca2016-11-191-2/+10
| | | | | | | | | The first peer may take a long time to come up. In PSK mode we are basically in a p2p system, and we cannot know when a peer will join the key exchange. Wait indefinitely, and let the administrator decide if they want to abort. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* wpa_supplicant: Allow pre-shared (CAK,CKN) pair for MKASabrina Dubroca2016-11-197-1/+193
| | | | | | | | | | | | This enables configuring key_mgmt=NONE + mka_ckn + mka_cak. This allows wpa_supplicant to work in a peer-to-peer mode, where peers are authenticated by the pre-shared (CAK,CKN) pair. In this mode, peers can act as key server to distribute keys for the MACsec instances. This is what some MACsec switches support, and even without HW support, it's a convenient way to setup a network. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* Fix hostapd usage entry style for -TJouni Malinen2016-11-191-1/+1
| | | | | | | | Remove the extra equals sign from the line since hostapd usage text does not have it for other entries either (while wpa_supplicant does and this was likely copy-pasted from there). Signed-off-by: Jouni Malinen <j@w1.fi>
* Add doxygen ref to eap_method structureSergei Sinyak2016-11-191-1/+1
| | | | | | | doc/eap.doxygen was mentioning eap_method structure, but there was no reference as in doc/eap_server.doxygen on a similar paragraph Signed-off-by: Sergei Sinyak <serega.belarus@gmail.com>
* Android: Remove BoringSSL guardKenny Root2016-11-191-2/+0
| | | | | | | BoringSSL is the only supported version of SSL, so remove this guard so we can continue to compile when the flavor.mk is removed. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>