path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* mesh: Add scan result for mesh networkMasashi Honma2014-11-161-0/+1
| | | | | | | Android 4.4 uses "BSS" command instead of "SCAN_RESULT" command. So this patch add the mesh scan result for BSS command. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Add mesh_group_{add,remove} control interface commandsJavier Lopez2014-11-161-0/+2
| | | | | | | | | | | | | Parse MESH_GROUP_ADD/REMOVE commands on ctrl interface and call wpa_supplicant routines. These commands are used to start or join and leave a mesh network. The mesh id is given in the configuration file, therefore there is no need to scan before joining a mesh network. We reuse the connect_without_scan construct used by P2P for that same purpose. Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Javier Lopez <jlopex@gmail.com>
* mesh: Enable mesh HT modeJason Mobarak2014-11-163-1/+39
| | | | | | | | | | | | Add a new option "mesh_ht_mode" that specifies the HT mode for the mesh, with this option on, mesh beacons, actions frames, and probe responses with include the appropriate HT information elements. [original implementation by Chun-Yeow Yeoh <yeohchunyeow@gmail.com>] [some fixes by Masashi Honma <masashi.honma@gmail.com>] Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
* mesh: Add timer for SAE authentication in RSN meshChun-Yeow Yeoh2014-11-163-0/+7
| | | | | | | | | | | | Add timer to do SAE re-authentication with number of tries defined by MESH_AUTH_RETRY and timeout defined by MESH_AUTH_TIMEOUT. Ignoring the sending of reply message on "SAE confirm before commit" to avoid "ping-pong" issues with other mesh nodes. This is obvious when number of mesh nodes in MBSS reaching 6. Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com> Signed-off-by: Bob Copeland <me@bobcopeland.com>
* mesh: Start mesh peering after successful authenticationBob Copeland2014-11-162-4/+47
| | | | | [original patch by: Thomas Pedersen <thomas@noack.us>] Signed-off-by: Bob Copeland <me@bobcopeland.com>
* SAE: Enhance AP implementation to handle auth for mesh interfacesBob Copeland2014-11-161-55/+204
| | | | | | | | | | | Add state transition logic to the SAE frame handling in order to more fully implement the state machine from the IEEE 802.11 standard. Special cases are needed for infrastructure BSS case to avoid unexpected Authentication frame sequence by postponing transmission of the second Authentication frame untile the STA sends its Confirm. [original patch by: Thomas Pedersen <thomas@noack.us>] Signed-off-by: Bob Copeland <me@bobcopeland.com>
* mesh: Add mesh robust security networkThomas Pedersen2014-11-162-0/+8
| | | | | | | | | | | | | | This implementation provides: - Mesh SAE authentication mechanism - Key management (set/get PSK) - Cryptographic key establishment - Enhanced protection mechanisms for robust management frames Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Thomas Pedersen <thomas@noack.us>
* hostapd: Add wowlan_triggers config paramDmitry Shmidt2014-11-164-0/+84
| | | | | | | | | | New kernels in wiphy_suspend() will call cfg80211_leave_all() that will eventually end up in cfg80211_stop_ap() unless wowlan_triggers were set. For now, use the parameters from the station mode as-is. It may be desirable to extend (or constraint) this in the future for specific AP mode needs. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* nl80211: Fix Android compilation by adding include for fcntl.hIlan Peer2014-11-161-0/+1
| | | | | | This is needed for fcntl() at least with Android KK. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* Suite B: Select EAPOL-Key integrity and key-wrap algorithms based on AKMJouni Malinen2014-11-165-29/+74
| | | | | | | | | This adds support for AKM 00-0F-AC:11 to specify the integrity and key-wrap algorithms for EAPOL-Key frames using the new design where descriptor version is set to 0 and algorithms are determined based on AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
* Suite B: PMKID derivation for AKM 00-0F-AC:11Jouni Malinen2014-11-169-8/+93
| | | | | | | | | The new AKM uses a different mechanism of deriving the PMKID based on KCK instead of PMK. hostapd was already doing this after the KCK had been derived, but wpa_supplicant functionality needs to be moved from processing of EAPOL-Key frame 1/4 to 3/4 to have the KCK available. Signed-off-by: Jouni Malinen <j@w1.fi>
* Suite B: Add AKM 00-0F-AC:11Jouni Malinen2014-11-169-5/+39
| | | | | | | | This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The functionality itself is not yet complete, i.e., this commit only includes parts to negotiate the new AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Allow TLS v1.1 and v1.2 to be negotiated by defaultJouni Malinen2014-11-151-1/+4
| | | | | | | | | Use SSLv23_method() to enable TLS version negotiation for any version equal to or newer than 1.0. If the old behavior is needed as a workaround for some broken authentication servers, it can be configured with phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1". Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-IKEv2: Fix compilation warningAndrei Otcheretianski2014-11-151-1/+1
| | | | | | | Fix signed/unsigned comparison compilation warning introduced in 08ef442 "EAP-IKEv2: Fix the payload parser". Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* Add CTRL-EVENT-SCAN-FAILED notification in case of scan failureDmitry Shmidt2014-11-151-0/+2
| | | | | | | | This is needed since the SCAN command with radio work returns before the actual driver operation to trigger a scan has been executed and as such, cannot return result of that operation. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* Work around AP misbehavior on EAPOL-Key descriptor versionJouni Malinen2014-11-141-0/+3
| | | | | | | | | | | | | | | | | | | It looks like some APs are incorrectly selecting descriptor version 3 (AES-128-CMAC) for EAPOL-Key frames when version 2 (HMAC-SHA1) was expected to be used. This is likely triggered by an attempt to negotiate PMF with SHA1-based AKM. Since AES-128-CMAC is considered stronger than HMAC-SHA1, allow the incorrect, but stronger, option to be used in these cases to avoid interoperability issues with deployed APs. This issue shows up with "WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2" in debug log. With the new workaround, this issue is ignored and "WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used" is written to the log. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Change drv_flags from unsigned int to u64Yanbo Li2014-11-141-1/+1
| | | | | | | | Some flag already using a bit larger than 32, so extend the hostapd drv_flags type similarly to the earlier wpa_supplicant change to get the full flag content. Signed-off-by: Yanbo Li <yanbol@qti.qualcomm.com>
* Assign QCA vendor specific nl80211 command id 52 for APFINDJouni Malinen2014-11-131-0/+1
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove unused EVENT_MLME_RXJouni Malinen2014-11-012-19/+0
| | | | | | | This was used in driver_test.c, but that driver wrapper has been removed and there are no remaining or expected users for EVENT_MLME_RX. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove unused EVENT_FT_RRB_RXJouni Malinen2014-11-013-21/+0
| | | | | | | | This was used in hostapd driver_test.c, but that driver wrapper has been removed and there are no remaining or expected users for EVENT_FT_RRB_RX. Signed-off-by: Jouni Malinen <j@w1.fi>
* madwifi: Remove obsolete madwifi driver interfaceJouni Malinen2014-11-014-1333/+0
| | | | | | | | The MadWifi project is not active anymore and the last release happened in early 2008. As such, there is no remaining justification for maintaining the madwifi-specific driver interface for hostapd either. Signed-off-by: Jouni Malinen <j@w1.fi>
* P2P: Document p2p_in_progress() return value 2Jouni Malinen2014-10-301-1/+2
| | | | | | Function documentation was not in sync with the implementation. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Set p2p_scan_running based on driver scan request resultSunil Dutt2014-10-302-15/+26
| | | | | | | | | | | With the radio work interface, the actual request to start p2p_scan operation is scheduled from a radio work and hence the initial return value cannot provide the real result of the driver operation to trigger a scan. Introduce a new notification API to indicate the scan trigger status based on which the p2p_scan_running instance can be set using the real return value from the driver operation. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* MACsec: Fix policy configurationJouni Malinen2014-10-301-2/+2
| | | | | | | | | | | macsec_validate variable was set incorrectly to FALSE(0) or TRUE(1) instead of the enum validate_frames values (Disabled(0), Checked(1), Strict(2). This ended up policy == SHOULD_SECURE to be mapped to macsec_validate == Checked instead of Strict. This could have resulted in unintended SecY forwarding of invalid packets rather than dropping them. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Clean up p2p_go_neg_failed() callsJouni Malinen2014-10-293-33/+28
| | | | | | | | | | This function is always called with the peer argument equal to p2p->go_neg_peer, so there is no need for that argument to be there. In addition, p2p->go_neg_peer is not NULL in cases where there is an ongoing GO Negotiation, so the function can be simplified to just check once whether the peer pointer is set and if not, skip all processing. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Use timer to fail GO Negotation while waiting for peerRashmi Ramanna2014-10-293-11/+27
| | | | | | | | | | | | | | The timeout check while waiting for the peer to accept the GO Negotiation depended on the WAIT_PEER_IDLE or WAIT_PEER_CONNECT states being in use. Any P2P command to alter such states would have resulted in the failure to time out GO Negotiation and thus ended up in not indicating GO Negotiation failure or left the selected peer available for new GO negotiation after the expected two minute timeout. Fix this by using a separate timer to time out GO Negotiation irrespective of the P2P state. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Fix a copy-paste error in key offload managementJouni Malinen2014-10-271-1/+1
| | | | | | | | | | | Commit b41f26845aaa7cf8aed6e4889e7041debc476ef9 ('Add support for offloading key management operations to the driver') used incorrect variable for determining the KCK length. This does not get triggered in normal use cases since KCK and KEK are always included and of the same length (in currently supported key management cases). Anyway, this needs to be fixed to check the correct attribute. (CID 74491) Signed-off-by: Jouni Malinen <j@w1.fi>
* AP: Add support for Proxy ARP, DHCP snooping mechanismKyeyoon Park2014-10-279-0/+248
| | | | | | | | | | | | | | | | | | | | Proxy ARP allows the AP devices to keep track of the hardware address to IP address mapping of the STA devices within the BSS. When a request for such information is made (i.e., ARP request, Neighbor Solicitation), the AP will respond on behalf of the STA device within the BSS. Such requests could originate from a device within the BSS or also from the bridge. In the process of the AP replying to the request (i.e., ARP reply, Neighbor Advertisement), the AP will drop the original request frame. The relevant STA will not even know that such information was ever requested. This feature is a requirement for Hotspot 2.0, and is defined in IEEE Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly resides in the kernel bridge code, in order to optimize the performance and simplify kernel implementation, the DHCP snooping code was added to the hostapd. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* common: Add definition for ETH_HLENKyeyoon Park2014-10-271-0/+3
| | | | Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* AP: Add support for setting bridge network parameterKyeyoon Park2014-10-273-0/+65
| | | | | | | | | | | | This allows setting a network parameter on the bridge that the BSS belongs to. This commit adds the needed functionality in driver_nl80211.c for the Linux bridge implementation. In theory, this could be shared with multiple Linux driver interfaces, but for now, only the main nl80211 interface is supported. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* AP: Add support for setting bridge port attributesKyeyoon Park2014-10-273-0/+86
| | | | | | | | | | | | This allows setting a bridge port attribute. Specifically, the bridge port in this context is the port to which the BSS belongs. This commit adds the needed functionality in driver_nl80211.c for the Linux bridge implementation. In theory, this could be shared with multiple Linux driver interfaces, but for now, only the main nl80211 interface is supported. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* AP: Add support for IPv4 neighbor entry management to the BSS bridgeKyeyoon Park2014-10-273-0/+180
| | | | | | | | | | This allows adding/deleting an IPv4 neighbor entry to/from the bridge, to which the BSS belongs. This commit adds the needed functionality in driver_nl80211.c for the Linux bridge implementation. In theory, this could be shared with multiple Linux driver interfaces, but for now, only the main nl80211 interface is supported. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* nl80211: Make br_ifindex available in i802_bssKyeyoon Park2014-10-272-3/+6
| | | | Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* l2_packet: Add support for DHCP packet filter in l2_packet_linuxKyeyoon Park2014-10-277-0/+103
| | | | Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* P2P: Support GCMP as part of 60 GHz supportAhmad Masri2014-10-271-1/+1
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Move more event processing into driver_nl80211_event.cJouni Malinen2014-10-263-1281/+1265
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Move event handling into a separate fileJouni Malinen2014-10-265-635/+677
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Move capability determination into a separate fileJouni Malinen2014-10-265-1414/+1439
| | | | | | This moves significant amount of code away from large driver_nl80211.c. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Move QCA DFS offload capability determination to init timeJouni Malinen2014-10-261-57/+63
| | | | | | There is no need to fetch this capability for each get_capa() call. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Move AP monitor interface handling to a separate fileJouni Malinen2014-10-265-476/+501
| | | | | | This moves the old monitor interface design to driver_nl80211_monitor.c. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Make some helper functions non-staticJouni Malinen2014-10-262-36/+58
| | | | | | This allows more functionality to be moved to separate files. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Move most of the Android code into a separate fileJouni Malinen2014-10-264-212/+241
| | | | | | | This moves most of the Android specific implementation from driver_nl80211.c to driver_nl80211_android.c. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Move definitions into separate header filesJouni Malinen2014-10-263-200/+233
| | | | | | | This is an initial step in starting to split the large driver_nl80211.c implementation into somewhat smaller parts. Signed-off-by: Jouni Malinen <j@w1.fi>
* Write human readable version of channel width to CSA event debug logJouni Malinen2014-10-261-3/+4
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Store externally managed bridge name in driver statusJouni Malinen2014-10-261-0/+10
| | | | | | | | | This makes it easier to figure out from hostapd control interface whether an interface had been added to a bridge externally at the time hostapd interface was enabled or if the interface gets added during hostapd operations. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Add INTERFACE-ENABLED and INTERFACE-DISABLED eventsJouni Malinen2014-10-262-0/+9
| | | | | | | | These can be convenient for upper layer programs to determine if the hostapd interface gets disabled/re-enabled, e.g., due to rfkill block/unblock. Signed-off-by: Jouni Malinen <j@w1.fi>
* P2P: Save group common frequencies in invitation resultIlan Peer2014-10-253-17/+38
| | | | | | | | | | | Save the group common frequencies when starting a GO due to an invitation signaling requesting to re-invoke a persistent GO. To do so, move the code that handles the translation of p2p_channels to frequency list into a public function so it can be re-used both when GO Negotiation is done and invitation signaling is done. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* WPS: Add missing device typesIlan Peer2014-10-251-2/+43
| | | | | | Add missing device category and device sub category definitions. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* nl80211: Clear beacon_set when deleting a beacon from deinit_ap()Ilan Peer2014-10-251-0/+1
| | | | | | | | | | When a beacon was deleted from the kernel in wpa_driver_nl80211_deinit_ap(), bss->beacon_set was not cleared so restarting the AP again was not possible. Fix this by clearing the variable once the beacon was deleted. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* nl80211: Add indoor only and GO concurrent flagsIlan Peer2014-10-252-0/+7
| | | | | | | | | | | | | | | Add the following channel flags: * INDOOR_ONLY: The channel can be used if and only if there is a clear assessment that the device is operating in an indoor environment, i.e., it is AC power. * CONCURRENT_GO: The channel can be used for instantiating a GO if and only if there is an additional station interface that is currently connected to an AP on the same channel or on the same U-NII band (assuming that the AP is an authorized master). Signed-off-by: Ilan Peer <ilan.peer@intel.com>