Commit message (Collapse)AuthorAgeFilesLines
* tests: AP tracking STA taxonomyJouni Malinen2016-09-212-0/+105
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* taxonomy: Store Probe Request frames in hostapd_sta_infoDenton Gentry2016-09-217-4/+61
| | | | | | | | | | | | | | | | | | | | | | | | A weakness in the initial client taxonomy mechanism is from storing both the Probe and Associate in struct sta_info. struct sta_info is created after a client associates (or starts authentication frame exchange), which means that any Probe Request frames sent prior to association are not retained. The Associate Request frame has to be seen, and then another Probe Request frame after association, before we have a signature for the client. Most clients send lots of Probe Request frames (lots and lots and lots of Probes, actually), but a few do not. ChromeOS is notably sparing in sending Probe Request frames, it can take a long time before a signature for a ChromeOS device is available. Store the most recent Probe Request frame in struct hostapd_sta_info tracking list. When a struct sta_info is created, move the Probe Request frame information from struct hostapd_sta_info to struct sta_info. Signed-off-by: dgentry@google.com (Denton Gentry) Signed-off-by: denny@geekhold.com (Denton Gentry) Signed-off-by: rofrankel@google.com (Richard Frankel) Signed-off-by: richard@frankel.tv (Richard Frankel)
* Passive Client TaxonomyDenton Gentry2016-09-2112-0/+391
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement the signature mechanism described in the paper "Passive Taxonomy of Wifi Clients using MLME Frame Contents" published by Denton Gentry and Avery Pennarun. http://research.google.com/pubs/pub45429.html https://arxiv.org/abs/1608.01725 This involves: 1. Add a CONFIG_TAXONOMY compile option. Enabling taxonomy incurs a memory overhead of up to several kilobytes per associated station. 2. If enabled, store the Probe Request and (Re)Associate Request frame in struct sta_info. 3. Implement code to extract the ID of each Information Element, plus selected fields and bitmasks from certain IEs, into a descriptive text string. This is done in a new source file, src/ap/taxonomy.c. 4. Implement a "signature qq:rr:ss:tt:uu:vv" command in hostapd_cli to retrieve the signature. Signatures take the form of a text string. For example, a signature for the Nexus 5X is: wifi4|probe:0,1,127,45,191,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:338061b2, vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:00000a0201000040|assoc:0,1,48,45, 221(0050f2,2),191,127,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:339071b2, vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:0000000000000040 Signed-off-by: dgentry@google.com (Denton Gentry) Signed-off-by: denny@geekhold.com (Denton Gentry) Signed-off-by: rofrankel@google.com (Richard Frankel) Signed-off-by: richard@frankel.tv (Richard Frankel)
* Initialize iface->sta_seen on allocationJouni Malinen2016-09-213-4/+18
| | | | | | | | | | | | Previously, struct hostapd_iface sta_seen list head was initialized only when completing interface setup. This left a window for operation that could potentially iterate through the list before the list head has been initialized. While the existing code checked iface->num_sta_seen to avoid this case, it is much cleaner to initialize the list when struct hostapd_iface is allocated to avoid any accidental missing of the extra checks before list iteration. Signed-off-by: Jouni Malinen <j@w1.fi>
* P2P: Fix D-Bus persistent parameter in group started event on GOJouni Malinen2016-09-211-1/+1
| | | | | | | | | | | | | | | | | When starting a P2P GO, the struct p2p_go_neg_results may use persistent_group == 2 to indicate use of persistent reconnect. Setting ssid->p2p_persistent_group based on this did not take into account this special case and that ended up in D-Bus code trying to encode 2 as a DBUS_TYPE_BOOLEAN value which results in an assert from the library. Fix this by setting ssid->p2p_persistent_group to 0 or 1 instead of raw params->persistent_group value without any filtering. This is similar to an earlier fix in commit 112fdee738d28c4e8bfb66ad7202d4348c4e7771 ('P2P: Fix D-Bus persistent parameter in group started event') that addressed another code path in sending out this D-Bus signal. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove unused generation of Request Authenticator in Account-RequestNick Lowe2016-09-211-5/+0
| | | | | | | | | Do not generate an unused and invalid Request Authenticator (random value) when constructing Accounting-Request packets. The correct Request Authenticator is calculated subsequently in radius_msg_finish_acct() using MD5(msg + shared secret). Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
* tests: Setup wlantest once for qosmap testsJonathan Afek2016-09-171-1/+3
| | | | | | | | | | | | Some tests call the check_qos_map() function more than once. Make sure each test sets up wlantest only once before the first time the function is called. The wlantest setup sets the channel for the wlantest interface and executes the wlantest executable. It is more efficient to do that only once for each test. Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
* tests: Increase timeout for remote testsJonathan Afek2016-09-172-2/+4
| | | | | | | | Some operations take longer time on real hardware than on hwsim. This commit increases two timeouts so that the tests will pass on real hardware, too. Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
* tests: Increase connection timeouts for remote testsJonathan Afek2016-09-171-2/+6
| | | | | | | Use increased timeouts for connect and disconnect since these operations take a longer time on real harware than they do on hwsim. Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
* Revert "nl80211: Remove duplicated check in nl80211_setup_ap()"Rafał Miłecki2016-09-171-1/+2
| | | | | | | | | | | | | | | | | This reverts commit 647862eb60c324015ea31293cc052558b5185ca4. The second check of device_ap_sme looks like duplicated, but it isn't actually. The trick is nl80211_create_monitor_interface may change that variable value and the second evaluation may give a different result. This definitely isn't a very clear code, but that change caused a regression for drivers that: 1) Don't report NL80211_ATTR_DEVICE_AP_SME 2) Don't support monitor mode 3) Don't support subscribing for PROBE_REQ and/or ACTION frames like brcmfmac. With such drivers hostapd doesn't start anymore. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* Fix typos in wpa_supplicant configuration parameter documentationJouni Malinen2016-09-102-12/+12
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Use the monitor interface only without device_ap_sme supportSunil Dutt2016-09-081-19/+2
| | | | | | | | | | | | | | | | | The places using drv->use_monitor were already skipping creation of the monitor interface if drv->device_ap_sme == 0. This means that the monitor interface operations would not have worked anyway and it is safe to set drv->use_monitor to zero for all such cases. This fixes an issue with management frame subscription not happening properly for the case where the AP SME is in the driver and the driver supports monitor interfaces (for other purposes). This commit also removes the check for monitor support and the previously used workaround that cleared drv->use_monitor in drv->device_ap_sme == 1 case if monitor interface was not supported since that condition cannot occur anymore. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Dynamic Interworking element updateJouni Malinen2016-09-081-0/+30
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: Fix search for peer's "other" connectionDedy Lansky2016-09-083-115/+175
| | | | | | | | | | | | | Upon receiving FST Setup Request from some peer on some interface, search is made to see if same peer is connected on other interface with specific band_id. With multiple peers, bug in fst_group_does_iface_appear_in_other_mbies() caused wrong peer address to be returned sometimes. Fix this with a modified, simplified search algorithm of peer's "other" connection. Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
* Fix mistakes in definition of QCA vendor commands for indoor locationLior David2016-09-061-2/+3
| | | | | | | | | | | | | | Fix some mistakes in the previous commit for adding QCA vendor commands for indoor location. Note: The renamed enum value does not change the ABI, but the addition of QCA_WLAN_VENDOR_ATTR_FTM_MEAS_INVALID in the beginning of enum qca_wlan_vendor_attr_ftm_meas does renumber QCA_WLAN_VENDOR_ATTR_FTM_MEAS_* values. The previous values were committed yesterday and have not been used in any released code yet, so this is a justifiable quick fix. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* Handle NULL return from os_zalloc() in sta_track_add()Joel Cunningham2016-09-061-0/+2
| | | | | | This adds handling for a memory allocation failure in sta_track_add(). Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
* Add QCA vendor commands/attributes for indoor locationLior David2016-09-051-0/+439
| | | | | | | | | | | | | | | | | | | | | | | Assign QCA vendor specific commands, attributes, and events for supporting indoor location features. These features include: 1. Fine timing measurement (FTM) - allows measurement of distance between two stations. Based on IEEE P802.11-REVmc/D7.0, 11.24.6 FTM is performed between two stations: one is an initiator, typically a client that wants to measure distance to another AP, and one is a responder, typically an AP which responds to measurement requests from other clients. The responder can be configured to report its location, either in absolute coordinates (LCI) or free-form description (LCR). 2. Angle of arrival (AOA) - allows measurement of azimuth and elevation between two stations. The above features can be combined to allow a station to get an accurate indoor location. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* tests: FTM capability indicationJouni Malinen2016-09-051-0/+20
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Allow FTM functionality to be publishedLior David2016-09-056-0/+63
| | | | | | | | | | | | Add configuration options that control publishing of fine timing measurement (FTM) responder and initiator functionality via bits 70, 71 of Extended Capabilities element. Typically, FTM functionality is controlled by a location framework outside wpa_supplicant. When framework is activated, it will use wpa_supplicant to configure the STA/AP to publish the FTM functionality. See IEEE P802.11-REVmc/D7.0, Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* hostapd: Allow FTM functionality to be publishedLior David2016-09-054-0/+26
| | | | | | | | | | | Add configuration options that control publishing of fine timing measurement (FTM) responder and initiator functionality via bits 70, 71 of Extended Capabilities element. Typically, FTM functionality is controlled by a location framework outside hostapd. When framework is activated, it will use hostapd to configure the AP to publish the FTM functionality. See IEEE P802.11-REVmc/D7.0, Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* tests: VHT with 80 MHz channel width and use_sta_nsts=1Jouni Malinen2016-09-051-0/+31
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Use stations nsts capability in (Re)Association Response frameTamizh chelvam2016-09-058-7/+45
| | | | | | | | | | | | | | | Some deployed stations incorrectly consider nsts capability in (Re)Association Response frame as required capability instead of maximum capability and if it is greater than station's capability then beamform will not happen in uplink traffic. This commit adds support for an optional workaround to use station's nsts capability in (Re)Association Response frame if the station's nsts is less than AP by using the use_sta_nsts=1 configuration parameter. This configuration is introduced in this commit and it is disabled by default. Signed-off-by: Tamizh chelvam <c_traja@qti.qualcomm.com>
* QCA vendor subcommand for LL_STATS extensionZhang Qian2016-09-051-0/+46
| | | | | | | | | | | | | Some user space monitor wants to offload link layer statistics to firmware. A new command QCA_NL80211_VENDOR_SUBCMD_LL_STATS_EXT and associcated attributes are added. The monitor will use this new command to configure monitoring paramters and get link layer statistics. Attributes added in this change: 1. Parameters for FW to trigger the statistics report 2. Peer STA power state 3. TX failure statistics Signed-off-by: Zhang Qian <zhangq@qti.qualcomm.com>
* D-Bus: Add ConfigFile parameter into the interface propertiesJose Blanquicet2016-08-294-0/+35
| | | | | | | | | This patch aims to expose the configuration file path as an interface property, like is done with the driver and the bridge name. Doing so, higher layer programs become responsible to recreate interfaces with the correct configuration file path when programs need to remove them. Signed-off-by: Jose Blanquicet <blanquicet@gmail.com>
* mka: Clean up key allocationSabrina Dubroca2016-08-282-133/+64
| | | | | | | | | | | | | Assign cs in ieee802_1x_mka_decode_dist_sak_body and reuse it. Cleanup of key allocation: ieee802_1x_kay_generate_new_sak() and ieee802_1x_mka_decode_dist_sak_body() both allocate a struct key_conf, fill it, and ask ieee802_1x_kay_init_data_key() to allocate and set up a struct data_key. They also allocate multiple key buffers and copy the same data around. Stop moving data from buffer to buffer, and just allocate what we really need. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Get rid of struct ieee802_1x_cp_confSabrina Dubroca2016-08-284-60/+10
| | | | | | | Instead of copying from kay to a temporary struct, and then from the struct to the sm, just copy from kay to cp. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Store cipher suite ID in a u64 instead of u8 pointerSabrina Dubroca2016-08-2812-42/+36
| | | | Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Make csindex unsignedJouni Malinen2016-08-282-6/+7
| | | | | | | This avoids unnecessary typecasting while still being able to compare the value to CS_TABLE_SIZE without compiler warnings. Signed-off-by: Jouni Malinen <j@w1.fi>
* mka: Reorganize live peer creation and key server electionSabrina Dubroca2016-08-281-29/+11
| | | | | | | This modifies ieee802_1x_kay_decode_mkpdu() check for peer including me in its peer list. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Share a single delete mka implementationSabrina Dubroca2016-08-281-15/+12
| | | | | | | Share mka deletion implementation in ieee802_1x_participant_timer() for the cak_life and mka_life expiration cases. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Introduce compare_priorities()Sabrina Dubroca2016-08-281-16/+18
| | | | | | | This takes care of priority comparison followed by MAC address comparison if the priorities are identical. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Clean up ieee802_1x_kay_mkpdu_sanity_check()Sabrina Dubroca2016-08-281-10/+8
| | | | | | This drops one indentation level and makes the code a bit more readable. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Simplify ieee802_1x_mka_dist_sak_body_present()Sabrina Dubroca2016-08-281-4/+1
| | | | | | No need for an if statement to figure out Boolean return value. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Replace participant->kay with a local kay variableSabrina Dubroca2016-08-281-64/+55
| | | | Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Fix typos in grammar in variable names and commentsSabrina Dubroca2016-08-281-10/+10
| | | | Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Use named initializers for mka_body_handler[]Sabrina Dubroca2016-08-281-46/+46
| | | | | | Also move the struct definition to be next to this array definition. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Remove unused enum mka_created_mode valuesSabrina Dubroca2016-08-281-2/+0
| | | | | | DISTRIBUTED and CACHED were not used anywhere. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Remove cs_len argument from the set_current_cipher_suite functionsSabrina Dubroca2016-08-288-20/+13
| | | | | | | | This is a known constant value (CS_ID_LEN, i.e., the length of the EUI64 identifier) and does not need to be provided separately in these function calls. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Clean up ieee802_1x_mka_decode_potential_peer_body()Sabrina Dubroca2016-08-281-9/+9
| | | | Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Simplify ieee802_1x_mka_encode_icv_body() memory copyingSabrina Dubroca2016-08-281-6/+3
| | | | | | | There is no need to maintain two os_memcpy() calls to cover different cmac lengths. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Simplify ieee802_1x_mka_sak_use_body_present()Sabrina Dubroca2016-08-281-4/+1
| | | | | | | to_use_sak is a Boolean variable, so there is no need for an if statement to figure out whether to return TRUE or FALSE. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Reorganize loops in number of KaY functionsSabrina Dubroca2016-08-281-48/+35
| | | | | | | | | Use for loop to remove unnecessary goto use and similar cleanup to simplify the loops in ieee802_1x_mka_i_in_peerlist(), ieee802_1x_mka_decode_live_peer_body(), and ieee802_1x_kay_decode_mkpdu(). Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Remove unused body_peer incrementationSabrina Dubroca2016-08-281-2/+0
| | | | | | | Each loop iteration resets body_peer in the beginning, so there is no need to increment this pointer in the end. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Add reset_participant_mi() helperSabrina Dubroca2016-08-281-18/+19
| | | | Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Clean up printf formatsSabrina Dubroca2016-08-281-32/+32
| | | | Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Use named initializers for static structsSabrina Dubroca2016-08-281-15/+19
| | | | Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Add MKA_ALIGN_LENGTH macroSabrina Dubroca2016-08-281-14/+9
| | | | Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Add helper functions for dumping and creating peerSabrina Dubroca2016-08-281-29/+36
| | | | | | | This allows more code reuse for creating live/potential peer and dumping peer entries. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Clean up ieee802_1x_kay_get_cipher_suite() lookup functionSabrina Dubroca2016-08-281-4/+2
| | | | Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
* mka: Refactor the get_*_peer() functionsSabrina Dubroca2016-08-281-20/+27
| | | | | | | | Add ieee802_1x_kay_get_potential_peer() similarly to the previously used ieee802_1x_kay_get_live_peer() and use these helper functions more consistently to avoid multiple implementations of peer lookups. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>