Commit message (Collapse)AuthorAgeFilesLines
* wlantest: Use local ETH_P_IP define instead of linux/if_ether.hJouni Malinen2016-03-262-1/+3
| | | | | | | | There is no strong need for pulling in linux/if_ether.h here since all that is needed if ETH_P_IP and we already cover multiple other ETH_P_* values in utils/common.h. Signed-off-by: Jouni Malinen <j@w1.fi>
* Drop USE_KERNEL_HEADERS defineJouni Malinen2016-03-262-8/+0
| | | | | | | | | | This was only used for providing an option to use linux/if_packet.h instgead of netpacket/packet.h in src/ap/iapp.c. However, netpacket/packet.h is nowadays commonly available and hostapd already depends on it through src/l2_packet/l2_packet_linux.c, so there is no need to continue to provide this option for the kernel header. Signed-off-by: Jouni Malinen <j@w1.fi>
* Use a separate header file for Linux bridge interface definitionsJouni Malinen2016-03-262-10/+25
| | | | | | | This moves the BRCTL_* defines from vlan_full.c to linux_bridge.h to clean up header inclusion. Signed-off-by: Jouni Malinen <j@w1.fi>
* Use own header file for defining Linux VLAN kernel interfaceJouni Malinen2016-03-263-12/+56
| | | | | | | | This gets rid of need to include linux/if_vlan.h and additional defines in vlan_ioctl.c to avoid issues with missing definitions in libc headers. Signed-off-by: Jouni Malinen <j@w1.fi>
* vlan: Fix musl libc conflict with Linux kernel headersJörg Krause2016-03-261-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | Due to both <netinet/in.h> (in "utils/includes.h") and <linux/in6.h> (in <linux/if_bridge.h>) being included, the in6_addr is being redefined: once from the C library headers and once from the Linux kernel headers. This causes some build failures with for example the musl C library: In file included from /usr/include/linux/if_bridge.h:18, from ../src/ap/vlan_init.c:17: /usr/include/linux/in6.h:32: error: redefinition of 'struct in6_addr' /usr/include/linux/in6.h:49: error: redefinition of 'struct sockaddr_in6' /usr/include/linux/in6.h:59: error: redefinition of 'struct ipv6_mreq' Mixing C library and Linux kernel headers is a bit problematic [1] and should be avoided if possible [2]. In order to fix this, define just the macros needed from <linux/if_bridge.h> as done in Busybox for the brctl applet [3]. [1] https://sourceware.org/bugzilla/show_bug.cgi?id=15850 [2] http://www.openwall.com/lists/musl/2015/10/06/1 [3] https://git.busybox.net/busybox/commit/?id=5fa6d1a632505789409a2ba6cf8e112529f9db18 Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
* P2P: Fix persistent group for 60 GHz networksLior David2016-03-251-3/+6
| | | | | | | | | | | Fix two problems with storage of 60 GHz P2P persistent groups: 1. pbss flag was not stored in the network block. 2. When recreating the persistent group from storage, in addition to the missing pbss flag, the pairwise_cipher and group_cipher were initialized to CCMP which does not work in 60 GHz since the default in 60 GHz should be GCMP. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* vlan: Move if_nametoindex() use out of vlan_init.cJouni Malinen2016-03-253-4/+8
| | | | | | | | With this, vlan_init.c does not need any special header files anymore and vlan_ifconfig.c does not need hostapd-specific header files that might conflict with net/if.h on NetBSD. Signed-off-by: Jouni Malinen <j@w1.fi>
* vlan: Move ifconfig helpers to a separate fileJouni Malinen2016-03-254-50/+68
| | | | | | This removes final ioctl() use within vlan_init.c. Signed-off-by: Jouni Malinen <j@w1.fi>
* vlan: Move CONFIG_FULL_DYNAMIC_VLAN functionality into a separate fileJouni Malinen2016-03-255-742/+768
| | | | | | | This cleans up vlan_init.c by removing number of C pre-processor dependencies. Signed-off-by: Jouni Malinen <j@w1.fi>
* vlan: Remove unnecessary header includes from netlink implementationJouni Malinen2016-03-251-8/+0
| | | | | | | The implementation in vlan_util.c does not use many of the header files that were pulled in. Signed-off-by: Jouni Malinen <j@w1.fi>
* vlan: Clean up netlink vs. ioctl API implementationJouni Malinen2016-03-256-172/+186
| | | | | | | | | | | Move the ioctl-based VLAN implementation to a separate file to avoid need for conditional blocks within vlan_ioctl.c. This removes the internal CONFIG_VLAN_NETLINK define, i.e., this is now used only in build configuration (.config) to select whether to include the vlan_util.c (netlink) or vlan_ioctl.c (ioctl) implementation of the functions. Signed-off-by: Jouni Malinen <j@w1.fi>
* vlan: Fix musl build errorJörg Krause2016-03-251-3/+3
| | | | | | | | | | | | | | | | caddr_t is legacy BSD and should be avoided [1]. While glibc may still use __caddr_t as the type, Linux kernel does not (it is "void __user * ifru_data"). This fixes compile errors with the musl libc: ../src/ap/vlan_init.c: In function 'br_delif': ../src/ap/vlan_init.c:218:18: error: '__caddr_t' undeclared (first use in this function) ifr.ifr_data = (__caddr_t) args; [1] http://stackoverflow.com/questions/6381526/what-is-the-significance-of-caddr-t-and-when-is-it-used Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
* Make it a bit easier to roam from 2.4 GHz to 5 GHz within ESSJouni Malinen2016-03-251-1/+12
| | | | | | | | | | The initial connection to an ESS was already explicitly increasing the likelihood of picking a 5 GHz BSS. While the throughput estimation is likely to do same for the roaming decision, it might be possible that that does not cover all cases. Add couple of dB extra preference for 5 GHz in case the roaming decision falls back to comparing signal levels. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix a typo in a commentJouni Malinen2016-03-251-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: WNM BSS Transition Management and cfg80211 connect commandJouni Malinen2016-03-251-0/+53
| | | | | | | | For now, this is not enforcing cfg80211 reassociation since the needed changes do not yet exist in the upstream kernel. Once those changes are accepted, the TODO note in the test case can be addressed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: WNM BSS Transition Management and security mismatchJouni Malinen2016-03-241-0/+37
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Ignore deauth/disassoc event during Connect reassociationJouni Malinen2016-03-243-0/+23
| | | | | | | | cfg80211 reports a deauth/disassoc event when internally clearing connection with the previous BSS. Ignore that event to allow the new connect command to complete. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Include previous BSSID in connection request to indicate reassociationJouni Malinen2016-03-242-1/+10
| | | | | | | | This allows the SME-in-the-driver case to get similar information about reassociation that was already available for the SME-in-wpa_supplicant case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Add NL80211_ATTR_PREV_BSSID with Connect commandJouni Malinen2016-03-241-8/+8
| | | | | | | | | | | This makes it easier for drivers that use the Connect command instead of separate Auth+Assoc commands to determine when to use reassociation instead of association. Matching changes are still needed in cfg80211 to allow this parameter to be used, but it is safe for wpa_supplicant to start including this attribute now since it will be ignored by older cfg80211 versions. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WNM: Verify BSS TM target match against the current network profileJouni Malinen2016-03-241-0/+11
| | | | | | | Reject a BSS transition management candidate if it does not match the current network profile, e.g., due to incompatible security parameters. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* mesh: Simplify wpa_auth_pmksa_set_to_sm()Jouni Malinen2016-03-221-7/+3
| | | | | | | | pmksa->pmk or pmksa->pmkid cannot be NULL since they are arrays. Remove the unnecessary NULL checks and use the provided pmksa pointer directly to simplify the implementation. (CID 138519) Signed-off-by: Jouni Malinen <j@w1.fi>
* privsep: Fix a compiler warning on unsigned/signed comparisonJouni Malinen2016-03-221-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Add interface matching support with -M, guarded by CONFIG_MATCH_IFACERoy Marples2016-03-227-2/+205
| | | | | | | | | The new wpa_supplicant command line argument -M can be used to describe matching rules with a wildcard interface name (e.g., "wlan*"). This is very useful for systems without udev (Linux) or devd (FreeBSD). Signed-off-by: Roy Marples <roy@marples.name>
* Find correct driver for interface additions/removalsRoy Marples2016-03-2210-49/+226
| | | | | | | | | Interface additions/removals are not guaranteed to be for the driver listening to the kernel events. As such, send the events to wpa_supplicant_event_global() which can then pick the correct interface registered with wpa_supplicant to send the event to. Signed-off-by: Roy Marples <roy@marples.name>
* wpa_supplicant: Fix CONFIG_IBSS_RSN=y build without CONFIG_AP=yJouni Malinen2016-03-213-4/+5
| | | | | | | | | | | | | | | | Commit 1889af2e0f89f9a98171761683eb1c244584daf8 ('VLAN: Separate station grouping and uplink configuration') added an ap_sta_set_vlan() function that gets called from pmksa_cache_auth.c. This broke CONFIG_IBSS_RSN=y build if src/ap/sta_info.c did not get included in the build, i.e., if CONFIG_AP=y was not set. Fix this by making the ap_sta_set_vlan() call conditional on CONFIG_NO_VLAN being undefined and define this for CONFIG_IBSS_RSN=y builds. This is fine for wpa_supplicant since CONFIG_AP=y case was already defining this. For hostapd, this function call is not needed for CONFIG_NO_VLAN case either. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Allow RC4-SHA failure in ap_wpa2_eap_fast_cipher_suitesJouni Malinen2016-03-211-5/+17
| | | | | | | This needs to be allowed with OpenSSL 1.1.0 since the RC4-based cipher has been disabled by default. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Improve debug logs in hostapd/wpasupplicant with remote commandsJanusz Dziedzic2016-03-202-22/+28
| | | | | | | Show more info when we are using remote wpaspy and UDP-based control interface. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* tests: hostapd.py/wpasupplicant.py use Host when executing commandsJanusz Dziedzic2016-03-202-17/+17
| | | | | | | Execute commands using the Host class. This enables use of remote hosts as well. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* tests: Add remotehost.py and Host classJanusz Dziedzic2016-03-201-0/+99
| | | | | | | | | | | | | | This class allows execution of commands on a remote hosts/machine. This is based on ssh with authorized keys, so you should be able to execute such commands without any password: ssh <user>@<hostname> id By default user is root. Support for sync and async calls is included. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* wpa_supplicant: Fix p2p_group_add when UDP-based ctrl_iface is usedJanusz Dziedzic2016-03-201-2/+11
| | | | | | | | | While p2p_group_add ctrl_interface name could be derived from the main interface (simple p2p_group_add command), we failed to bind the same UDP port. Fix this problem and also update the correct ctrl_interface name (port decrement). Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* FST: Fix a compiler warningJouni Malinen2016-03-201-1/+2
| | | | | | | | | FST_MAX_PRIO_VALUE is unsigned (u32) and some gcc versions warning about comparisong to long int val at least on 32-bit builds. Get rid of this warning by type casesing val to unsigned long int after having verified that it is positive. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix nfc_pw_token build with CONFIG_FST=yJouni Malinen2016-03-201-0/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Add CONFIG_VLAN_NETLINK=y to hostapd build configurationJouni Malinen2016-03-201-0/+1
| | | | | | | | This is needed for ap_vlan_tagged_wpa2_radius_id_change to pass. The ioctl-based vlan_add() function does not use the vlan_if_name parameter at all. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Use appropriate BLOCKED state durationMasashi Honma2016-03-202-9/+5
| | | | | | | | | | | | | | Previously, BLOCKED state duration slightly increased up to 3600. Though the BLOCKED state could be canceled by ap_handle_timer(). Because the timer timeouts in ap_max_inactivity(default=300sec) and remove STA objects (the object retains BLOCKED state). This patch re-designs my commit bf51f4f82bdb50356de5501acac53fe1b91a7b86 ('mesh: Fix remaining BLOCKED state after SAE auth failure') to replace mesh_auth_block_duration by ap_max_inactivity and remove incremental duration. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* tests: Secure mesh network and PMKSA cachingJouni Malinen2016-03-201-0/+158
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: PMKSA cache control interface operationsJouni Malinen2016-03-202-0/+58
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Add support for PMKSA cachingMasashi Honma2016-03-2013-18/+147
| | | | | | | | | | | | | | | | | | | | | | | | | This patch add functionality of mesh SAE PMKSA caching. If the local STA already has peer's PMKSA entry in the cache, skip SAE authentication and start AMPE with the cached value. If the peer does not support PMKSA caching or does not have the local STA's PMKSA entry in the cache, AMPE will fail and the PMKSA cache entry of the peer will be removed. Then STA retries with ordinary SAE authentication. If the peer does not support PMKSA caching and the local STA uses no_auto_peer=1, the local STA can not retry SAE authentication because NEW_PEER_CANDIDATE event cannot start SAE authentication when no_auto_peer=1. So this patch extends MESH_PEER_ADD command to use duration(sec). Throughout the duration, the local STA can start SAE authentication triggered by NEW_PEER_CANDIDATE even though no_auto_peer=1. This commit requires commit 70c93963edefa37ef84b73efb9d04ea10268341c ('SAE: Fix PMKID calculation for PMKSA cache'). Without that commit, chosen PMK comparison will fail. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* PMKSA: Flush AP/mesh PMKSA cache by PMKSA_FLUSH commandMasashi Honma2016-03-2011-1/+65
| | | | | | | | | This extends the wpa_supplicant PMKSA_FLUSH control interface command to allow the PMKSA list from the authenticator side to be flushed for AP and mesh mode. In addition, this adds a hostapd PMKSA_FLUSH control interface command to flush the PMKSA entries. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* PMKSA: Show AP/mesh PMKSA list in PMKSA commandMasashi Honma2016-03-2011-2/+132
| | | | | | | | | This extends the wpa_supplicant PMKSA control interface command to allow the PMKSA list from the authenticator side to be listed for AP and mesh mode. In addition, this adds a hostapd PMKSA control interface command to show the same list for the AP case. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Add MESH_PEER_ADD commandMasashi Honma2016-03-206-0/+77
| | | | | | | | This allows a mesh peer connection to be initiated manually in no_auto_peer mesh networks. Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Add MESH_PEER_REMOVE commandMasashi Honma2016-03-206-2/+56
| | | | | | | This command allows the specified mesh peer to be disconnected. Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* P2P: Advertise IP Address Allocation only if it is enabled on GOJouni Malinen2016-03-203-1/+10
| | | | | | | | | | | | This group capability bit was previously added unconditionally which could result in the P2P Client assuming the functionality is available even though the GO would always reject the request (not reply to it with an assigned IP address) during the 4-way handshake. Fix this by advertising the capability only if the GO configuration allow IP address assignment to be completed. Signed-off-by: Jouni Malinen <j@w1.fi>
* BSD: Only down the interface once we are sure we can work with itRoy Marples2016-03-201-4/+4
| | | | Signed-off-by: Roy Marples <roy@marples.name>
* Handle OSEN IE in Assoc Request info if req_ies existsDaisuke Niwa2016-03-201-0/+2
| | | | | | | | | | The 4-way handshake fails with the error "WPA: No wpa_ie set - cannot generate msg 2/4" while connecting to OSEN network with drivers that indicate used Association Request frame elements because OSEN IE is not handled in wpa_supplicant_event_associnfo() if data->assoc_info.req_ies is not NULL. Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
* tests: Return result from WpaSupplicant::global_request() in all casesJouni Malinen2016-03-201-1/+1
| | | | | | | | | The no self.global_iface case was not returning the result from the self.request() case. While this is not really a path that is supposed to be used, make it return the response since it is at least theoretically possible to get here. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Fix error path in if_indices_reason reallocationJouni Malinen2016-03-181-1/+1
| | | | | | | | | | | | | Commit 732b1d20ec06ab92fd22dbdea4609a6528bcf50a ('nl80211: Clean up ifidx properly if interface in a bridge is removed') added drv->if_indices_reason array similarly to the previously used drv->if_indices. However, it had a copy-paste error here on the error path where a reallocation failure after at least one successful reallocation would result in the drv->if_indices being overridden instead of restoring drv->if_indices_reason to the old value. Fix this by setting the correct variable on the error path. (CID 138514) Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: wpa_supplicant AP mode - open network and HT disabledJouni Malinen2016-03-181-0/+15
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Do not add NL80211_ATTR_SMPS_MODE attribute if HT is disabledJouni Malinen2016-03-181-17/+19
| | | | | | | | | SMPS mode is applicable only for HT and including an attribute to configure it when HT is disabled could result in the AP start operation failing. Fix this by adding the attribute only in cases where HT is enabled. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Assign QCA vendor command and attribute for Tx/Rx aggregationSunil Dutt2016-03-171-0/+19
| | | | | | | | Assign nl80211 vendor command QCA_NL80211_VENDOR_SUBCMD_SET_TXRX_AGGREGATION and corresponding attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* libxml2: Check for xmlDocDumpFormatMemory() error caseJouni Malinen2016-03-161-0/+2
| | | | | | | | Since this function needs to allocate memory, it might fail. Check that the returned memory pointer is not NULL before trying to parse the output. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>