Commit message (Collapse)AuthorAgeFilesLines
* Remove the GPL notification from files contributed by AtherosJouni Malinen2012-02-1134-272/+68
| | | | | | | Remove the GPL notification text from files that were initially contributed by Atheros Communications or Qualcomm Atheros. Signed-hostap: Jouni Malinen <j@w1.fi>
* Remove the GPL notification from EAP-pwd implementationJouni Malinen2012-02-114-32/+8
| | | | | | | | | Remove the GPL notification text from EAP-pwd implementation per approval from Dan Harkins who contributed these files. (email from Dan Harkins <dharkins@lounge.org> dated Wed, 4 Jan 2012 16:25:48 -0800) Signed-hostap: Jouni Malinen <j@w1.fi>
* Select the BSD license terms as the only license alternativeJouni Malinen2012-02-1110-476/+67
| | | | | | | | | | | | | | | Simplify licensing terms for hostap.git by selecting the BSD license alternative for any future distribution. This drops the GPL v2 alternative from distribution terms and from contribution requirements. The BSD license alternative that has been used in hostap.git (the one with advertisement clause removed) is compatible with GPL and as such the software in hostap.git can still be used with GPL projects. In addition, any new contribution to hostap.git is expected to be licensed under the BSD terms that allow the changes to be merged into older hostap repositories that still include the GPL v2 alternative. Signed-hostap: Jouni Malinen <j@w1.fi>
* EAP-pwd: Add support for fragmentationDan Harkins2012-02-113-141/+484
| | | | Signed-hostap: Dan Harkins <dharkins@lounge.org>
* EAP-pwd: Describe build option for EAP-pwdDan Harkins2012-02-112-0/+6
| | | | Signed-hostap: Dan Harkins <dharkins@lounge.org>
* EAP-pwd: Fix the argument name in compute_keys()Dan Harkins2012-02-111-4/+4
| | | | | | The parameters used here are confirm, not commit values. Signed-hostap: Dan Harkins <dharkins@lounge.org>
* dbus: Make the P2P peer's properties accessible separatelyFlávio Ceolin2012-02-113-74/+267
| | | | | | | | | Since there is the method org.freedesktop.DBus.Properties.GetAll that returns all properties from a specific interface, it makes more sense to separate the properties to make it possible to get only a single property using the method org.freedesktop.DBus.Properties.Get as well. Signed-hostap: Flávio Ceolin <flavio.ceolin@profusion.mobi>
* P2P: Do not expire GO peer entry during group rekeyingPiotr Nakraszewicz2012-02-111-1/+2
| | | | | If wpas_go_connected() is called during group rekeying the P2P GO peer will expire. To prevent that check if group rekeying is not in progress.
* Fix CONFIG_NO_SCAN_PROCESSING=y buildJouni Malinen2012-02-111-24/+24
| | | | | | | | | This fixes a build regression from commit cd2f4ddfb91c330c778d7464a393c5f26f07d432 by moving wpa_supplicant_assoc_update_ie() outside the no-scan-processing ifdef block. Signed-hostap: Jouni Malinen <j@w1.fi>
* Fix pmksa_cache_get() arguments in !IEEE80211_X_EAPOL buildsAntonio Quartulli2012-02-111-1/+2
| | | | | | | | | In case of !defined(IEEE8021X_EAPOL) the definition of the stub pmksa_cache_get() in rsn_supp/pmksa_cache.h is not correct. This patch adds the missing argument to the function definition to fix a regression from commit 96efeeb66bd8762ab9fccd9fe2b5c3e276ff220c. Signed-hostap: Antonio Quartulli <ordex@autistici.org>
* P2P: Avoid re-starting p2p_search in some corner casesJouni Malinen2012-02-091-0/+14
| | | | | | | | | | | Search (p2p_scan) could already have been started at the point remain-on-channel end event is being processed, e.g., if an Action frame TX is reported immediately aftet the end of an earlier remain-on-channel operation and the response frame is sent using an offchannel operation while p2p_find is still in progress. Avoid trying to re-run p2p_scan while the previous one is still running. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Fix p2p_scan() error processing in p2p_search()Jouni Malinen2012-02-091-1/+1
| | | | | | | | | | | | Commit 39185dfa549f076a6be114e0149a3649d302f477 changed the p2p_scan() callback to return 1 in some cases, but forgot to change this p2p_scan() call to handle that properly. Fix this by processing any non-zero value as an error. This regression could leave the P2P module in state where it believed a P2P scan was still running and refused to start some operations until that scan gets completed (which would never happen since it was not really started). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Allow wildcard UUID PIN to be used twiceGanesh Prasadh2012-02-081-3/+11
| | | | | | | | | | | | Previously, PINs that are added with a wildcard UUID were allowed to be used only by a single Enrollee. However, there may be more than one Enrollee trying to connect when an AP indicates that active Registrar is present. As a minimal workaround, allow two Enrollees to try to use the wildcard PIN. More complete extension could use timeout and allow larger set of Enrollees to try to connect (while still keeping in mind PIN disabling requirement after 10 failed attempts). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Show BSS entry age (seconds since last update)Jouni Malinen2012-02-081-1/+5
| | | | | | | | The BSS ctrl_iface command can sow the age of a BSS table entry to make it easier for external programs to figure out whether an entry is still current depending on the use case. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Move p2p_add_device() prototype to correct header fileJouni Malinen2012-02-072-3/+2
| | | | | | | This was supposed to be an internal API to be used only within src/p2p/*.c. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Allow BSS entry to be fetched based on GO P2P Device AddressJouni Malinen2012-02-075-0/+61
| | | | | | | | | | "BSS p2p_dev_addr=<P2P Device Address>" can now be used to fetch a specific BSS entry based on the P2P Device Address of the GO to avoid having to iterate through the full BSS table when an external program needs to figure out whether a specific peer is currently operating as a GO. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Set Invitation Type to 1 for GO inviting to a persistent groupJouni Malinen2012-02-063-5/+16
| | | | | | | | | | | When a GO is operating a persistent group and invites a peer that has been a P2P client in that persistent group, the Invitation Type in the Invitation Request frame can be set to 1 to indicate that this is a reinvocation of a persistent group. Do this based on the maintained list of P2P clients that have been provided the credentials to this group. Signed-hostap: Jouni Malinen <j@w1.fi>
* P2P: Wait for PD-before-join responseJouni Malinen2012-02-051-3/+31
| | | | | | | | | | | | | | | | | Even though the Provision Discovery Response frame from PD-before-join does not really provide any additional information, it can be better to wait for it before starting the join operation. This adds a minimal extra latency in the most common case and cleans up the sequence of driver operations and debug log by avoiding potential processing of the Provision Discovery Response while already running a scan for the actual connection. If transmission of Provision Discovery Request fails, join operation is started without the additional wait. In addition, a new timeout is used to start the join if Provision Discovery Response is lost for any reason. Signed-hostap: Jouni Malinen <j@w1.fi>
* P2P: Skip event notification on PD Response in join-group caseJouni Malinen2012-02-051-9/+10
| | | | | | | | | | | Provision Discovery is used as a notification to the GO in the case we are about join a running group. In such case, there is not much point in indicating the provision discovery response events to external programs especially when the PIN-to-be-displayed was different from the one returned for the p2p_connect command. Skip this confusing event completely for join-a-running-group case. Signed-hostap: Jouni Malinen <j@w1.fi>
* P2P: Remove unneeded go_neg_peer check from PDJohannes Berg2012-02-051-3/+2
| | | | | | | When the GO negotiation peer is assigned, the state also cannot be IDLE, SEARCH, or LISTEN_ONLY. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* bgscan_simple: Refinements to fast-scan backoffPaul Stewart2012-02-051-4/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | These changes account for situations where the CQM threshold might be approximately the same as the currently received signal, and thus CQM events are triggered often due to measurement error/small fluctuations. This results in scanning occurring too frequently. Firstly, inhibit the immediate scan when the short-scan count is at the maximum. This keeps bursts of CQM toggling from causing a torrent of back-to-back scans. This does not inhibit immediate scans if the CQM triggers a second time (if the signal falls lower past the hysteresis). This reduces the scan rate in the worst case (fast-rate toggling high/low CQM events) to the short scan interval. Secondly, change the behavior of the short scan count so it acts like a "leaky bucket". As we perform short-scans, the bucket fills until it reaches a maximal short-scan count, at which we back-off and revert to a long scan interval. The short scan count decreases by one (emptying the bucket) every time we complete a long scan interval without a low-RSSI CQM event. This reduces the impact of medium-rate toggling of high/low CQM events, reducing the number of short-interval scans that occur before returning to a long-interval if the system was recently doing short scans.
* Try fallback drivers if global init for preferred drivers failsDan Williams2012-02-041-2/+5
| | | | | | | | | | | | | | | | | Driver global init was considered a hard failure. Thus if, for example, you used the Broadcom STA driver and didn't have nl80211 or cfg80211 loaded into the kernel, and specified a driver value of "nl80211,wext", the nl80211 driver's global init would fail with the following message: nl80211: 'nl80211' generic netlink not found Failed to initialize driver 'nl80211' but since global init was a hard failure, creating the supplicant interface would fail and the WEXT driver would not be tried. Give other drivers a chance instead. Signed-hostap: Dan Williams <dcbw@redhat.com> intended-for: hostap-1
* P2P: Fix the setter function for DBus group propertiesTodd Previte2012-02-041-5/+5
| | | | | | | | | | | | The setter function uses the same hostapd_data structure as the getter which causes it to crash if called on a P2P client. To overcome this issue, the role is checked to ensure it is called on a group owner and the pointer is examined for validity. The function will return an error if called on a non-GO system. Signed-hostap: Todd Previte <toddx.a.previte@intel.com> Signed-hostap: Angie Chinchilla <angie.v.chinchilla@intel.com> intended-for: hostap-1
* P2P: Fix DBus crash and return additional P2P group propertiesTodd Previte2012-02-041-14/+72
| | | | | | | | | | | | | | | When using DBus to get group properties, a segmentation fault is generated on P2P clients due to a NULL pointer for the ap_iface struct. The current implementation only returns vendor extensions when called on a P2P group owner. The code now checks the P2P role which allows for role-specific information to be provided. This also fixes the crash issue by only looking for the correct structures based on the current P2P role. Signed-hostap: Todd Previte <toddx.a.previte@intel.com> Signed-hostap: Angie Chinchilla <angie.v.chinchilla@intel.com> intended-for: hostap-1
* Use PMKSA cache entries with only a single network contextJouni Malinen2012-02-045-17/+37
| | | | | | | | When looking for PMKSA cache entries to use with a new association, only accept entries created with the same network block that was used to create the cache entry. Signed-hostap: Jouni Malinen <j@w1.fi>
* Delay scan request on select_network if disconnectingJouni Malinen2012-02-041-3/+6
| | | | | | | | | | | | | The disconnection command results in disassociation and deauthentication events which were previously processed during the scan in case of select_network command being used while associated with another network. While this works in most cases, it can result in confusing event messages in ctrl_iface and debug log. Avoid this by using a short delay between the disconnection and scan request to allow the disconnection events to be processed prior to starting the new scan. Signed-hostap: Jouni Malinen <j@w1.fi> intended-for: hostap-1
* Clear EAPOL authenticator authFail for PMKSA caching/FTJouni Malinen2012-02-041-1/+3
| | | | | | | | | | | | | | | | This fixes a corner case where a STA that has PMKSA cache entry (or valid FT keys) could try to use full EAPOL/EAP authentication and fail. If the STA will then try to use the still valid PMKSA cache entry (or FT) before the STA entry has been cleared, authFail could have been left to TRUE. That will make EAPOL authenticator PAE state machine enter HELD state even though authSuccess was already forced to TRUE. This results in the STA getting disconnected even though it should be allowed to continue with 4-way handshake. While this is unlikely to happen in practice, it is better to get this fixed by clearing authFail when setting authSuccess. Signed-hostap: Jouni Malinen <j@w1.fi> intended-for: hostap-1
* Ignore TX status for Data frames from not associated STAJouni Malinen2012-02-041-2/+6
| | | | | | | | | | | | | The TX status event may be received after a stations has been disassociated in cases where the disassociation is following a transmission of a Data frame. Ignore such events if the STA is not associated at the moment the event is being processed. This avoids confusing debug entries and rescheduling of the EAPOL TX timeouts for STAs that are still in the STA table, but are not really in active EAPOL session. Signed-hostap: Jouni Malinen <j@w1.fi> intended-for: hostap-1
* Interworking: Fix EAP-TTLS/MSCHAP configurationJouni Malinen2012-01-311-2/+2
| | | | | | | Copy-paste error ended up using CHAP when MSCHAP was supposed to be set. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Disable AP PIN after 10 consecutive failuresJouni Malinen2012-01-305-4/+55
| | | | | | | | | | | While the exponential increase in the lockout period provides an efficient mitigation mechanism against brute force attacks, this additional trigger to enter indefinite lockout period (cleared by restarting hostapd) will limit attacks even further by giving maximum of 10 attempts (without authorized user action) even in a very long term attack. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Support HT capability overridesBen Greear2012-01-2910-0/+320
| | | | | | | | | | | | | | | | | | | | | | This allows HT capabilities overrides on kernels that support these features. MCS Rates can be disabled to force to slower speeds when using HT. Rates cannot be forced higher. HT can be disabled, forcing an 802.11a/b/g/n station to act like an 802.11a/b/g station. HT40 can be disabled. MAX A-MSDU can be disabled. A-MPDU Factor and A-MPDU Density can be modified. Please note that these are suggestions to the kernel. Only mac80211 drivers will work at all. The A-MPDU Factor can only be decreased and the A-MPDU Density can only be increased currently. Signed-hostap: Ben Greear <greearb@candelatech.com>
* Remove duplicated TERMINATING eventJouni Malinen2012-01-291-5/+0
| | | | | | | | Now that CTRL-EVENT-TERMINATING even is sent at the end of interface removal in case wpa_supplicant process is going to terminate, there is no need for this duplicated event in the signal handler. Signed-hostap: Jouni Malinen <j@w1.fi>
* Move ctrl_iface deinit into the end of interface deinitDmitry Shmidt2012-01-291-6/+13
| | | | | | | | | This allows TERMINATING ctrl_iface event to be sent at the end of the deinit sequence to avoid race conditions with new operations that this event may trigger while wpa_supplicant would still be running through the deinitialization path. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* Deinit driver before notifying interface has been removedDmitry Shmidt2012-01-291-3/+3
| | | | | | | | This avoids issues with some external program starting to use the interface based on the interface removal event before wpa_supplicant has completed deinitialization of the driver interface. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* Let wpa_supplicant_deinit_iface() know that process is terminatingDmitry Shmidt2012-01-296-12/+14
| | | | | | | This will be needed to be able to move ctrl_iface TERMINATING event to the end of interface removal. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* nl80211: Sync with linux/nl80211.h in wireless-testing.gitJouni Malinen2012-01-291-1/+63
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* wpa_auth: Fix race in rejecting 4-way handshake for entropyNicolas Cavallari2012-01-291-8/+9
| | | | | | | | | | | | | | When there is not enough entropy and there are two station associating at the same time, one of the stations will be rejected, but during that rejection, the "reject_4way_hs_for_entropy" flag gets cleared. This may allow the second station to avoid rejection and complete a 4-Way Handshake with a GTK that will be cleared as soon as more entropy is available and another station connects. This reworks the logic to ban all 4-way handshakes until enough entropy is available. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
* SME: Fix processing of Authentication timeout and failureEyal Shapira2012-01-291-2/+2
| | | | | | | | | | current_bss and pending_bssid weren't cleaned up so BSS kept appearing in the scan results even when it was actually gone. Use wpa_supplicant_mark_disassoc() to cleanup the wpa_s context instead of just dropping wpa_state back to DISCONNECTED. Reported-by: Vishal Mahaveer <vishalm@ti.com> Signed-hostap: Eyal Shapira <eyal@wizery.com>
* Interleave wildcard and specific SSID scans when max_ssids=1Eyal Shapira2012-01-293-8/+31
| | | | | | | | For drivers limited to scan a single SSID at a time, this prevents waiting too long for a wildcard scan in case there are several scan_ssid networks in the configuration. Signed-hostap: Eyal Shapira <eyal@wizery.com>
* Install only the binaries into BINDIRJouni Malinen2012-01-291-3/+4
| | | | | | There is no point in installing *.service files into BINDIR. Signed-hostap: Jouni Malinen <j@w1.fi>
* build: Fix install target parent directory prerequisitesGrant Erickson2012-01-291-3/+4
| | | | | | | | This changes the install target such that parent directories of installed paths area created and each path is only installed on a dependency basis. Signed-off-by: Grant Erickson <marathon96@gmail.com>
* dbus: Remove unused D-Bus version definesJouni Malinen2012-01-293-34/+0
| | | | | | | These have not been used since commit 8ddef94bd41747ba658ed4ed5dfa9e62b4b84cfa. Signed-hostap: Jouni Malinen <j@w1.fi>
* nl80211: Subscribe management frames for WPA_IF_AP_BSS typesYogesh Ashok Powar2012-01-291-0/+6
| | | | | | | | | | In multiple BSSes scenario for the drivers that do not use monitor interface and do not implement AP SME, RX MGMT frame subscription happens only for the default bss (first_bss). Subscribe for RX MGMT frames for such BSSes. Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
* nl80211: Derive frequency for BSSes other than the firstYogesh Ashok Powar2012-01-291-0/+1
| | | | | | | | | | | | | Commit e4fb21676972952b5434e8c2a049e239d457abe6 moved frequency storage from driver struct to bss struct and is assigned in wpa_driver_nl80211_set_freq. As this wpa_driver_nl80211_set_freq is triggered only on the first_bss, bss->freq for other BSSes is never being set to the correct value. This sends MLME frames on frequency zero (initialized value of freq) for BSSes other than the first. To fix this derive frequency value from first_bss. Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
* IBSS RSN: Provide ibss_rsn_get_peer() helper functionAntonio Quartulli2012-01-291-12/+20
| | | | | | | This is a useful function that simplifies some code and can eventually be used somewhere else in future. Signed-hostap: Antonio Quartulli <ordex@autistici.org>
* wpa_debug: Support outputting hexdumps into syslogNicolas Cavallari2012-01-291-0/+32
| | | | | | | | | This patch allows to log hexdumps into syslog. This is useful when testing, as syslog's network logging helps to collect debug outputs from several machines. Signed-hostapd: Nicolas Cavallari <cavallar@lri.fr>
* EAP-AKA peer: Append realm when learning the pseudonymSimon Baatz2012-01-281-9/+30
| | | | | | | | The pseudonym identity should use a realm in environments where a realm is used. Thus, the realm of the permanent identity is added to the pseudonym username sent by the server. Signed-hostap: Simon Baatz <gmbnomis@gmail.com>
* EAP-SIM peer: Append realm when learning the pseudonymSimon Baatz2012-01-281-9/+30
| | | | | | | | The pseudonym identity should use a realm in environments where a realm is used. Thus, the realm of the permanent identity is added to the pseudonym username sent by the server. Signed-hostap: Simon Baatz <gmbnomis@gmail.com>
* dbus: Fix endianness bug in Frequency and Signal propertiesSylvestre Gallon2012-01-281-2/+6
| | | | | | | | These properties did not work on big endian PowerPC (always 100% for Signal and 0 for Frequency) due to endianness problem (u32 to u16 data loss). Signed-off-by: Sylvestre Gallon <ccna.syl@gmail.com>
* Rename systemd template files to avoid @ in the file nameJouni Malinen2012-01-284-0/+3
| | | | | | | | | Perforce does not like @ in the file name and since these template files do not really need to have that in the name, make the files in repository friendlier to Perforce. The generated *.service file will maintain their old names. Signed-hostap: Jouni Malinen <j@w1.fi>