path: root/wpa_supplicant/wpa_supplicant.c
Commit message (Collapse)AuthorAgeFilesLines
* mesh: Allow 160 MHz channel to be configuredJouni Malinen2016-06-041-0/+10
| | | | | | | | This allows minimal testing with 160 MHz channel with country code ZA that happens to be the only one with a non-DFS 160 MHz frequency. DFS with mesh is not yet supported. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Use extended capabilities per interface typeKanchanapally, Vidyullatha2016-05-311-0/+5
| | | | | | | | | | This adds the necessary changes to support extraction and use of the extended capabilities specified per interface type (a recent cfg80211/nl80211 extension). If that information is available, per-interface values will be used to override the global per-radio value. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Ignore pmf=1/2 parameter for non-RSN networksJouni Malinen2016-05-051-0/+13
| | | | | | | | | PMF is available only with RSN and pmf=2 could have prevented open network connections. Change the global wpa_supplicant pmf parameter to be interpreted as applying only to RSN cases to allow it to be used with open networks. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Handle LCI requestDavid Spinadel2016-04-171-0/+144
| | | | | | | | | | | | | | Handle radio measurement request that contains LCI request. Send measurement report based on a configurable LCI report element. The LCI report element is configured over the control interface with SET lci <hexdump of the element> and cleared with SET lci "" Signed-off-by: David Spinadel <david.spinadel@intel.com>
* wpa_supplicant: Add LCI and civic request to Neighbor Report RequestDavid Spinadel2016-04-161-2/+79
| | | | | | | | | | | | | | | | Add an option to request LCI and Location Civic Measurement in Neighbor Report Request frame, as described in IEEE P802.11-REVmc/D5.0, Note: This changes the encoding format of the NEIGHBOR_REP_REQUEST ssid=<val> parameter. This used to be parsed as raw SSID data which is problematic for accepting additional parameters. The new encoding allows either a string within double-quotation marks or a hexdump of the raw SSID. Thew new format: NEIGHBOR_REP_REQUEST [ssid=<SSID>] [lci] [civic] Signed-off-by: David Spinadel <david.spinadel@intel.com>
* HS 2.0: Add support for configuring frame filtersMatti Gottlieb2016-04-081-1/+11
| | | | | | | | | | | | | | | When a station starts an association to a Hotspot 2.0 network, request the driver to do the following, based on the BSS capabilities: 1. Enable gratuitous ARP filtering 2. Enable unsolicited Neighbor Advertisement filtering 3. Enable unicast IP packet encrypted with GTK filtering if DGAF disabled bit is zero Clear the filter configuration when the station interface is disassociated. Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
* wpa_supplicant: "don't care" value for pbss in ssid structureLior David2016-04-081-1/+1
| | | | | | | | | | Add a new value 2 to the pbss parameter of wpa_ssid structure, which means "don't care". This value is used in infrastructure mode to request connection to either AP or PCP, whichever is available in the scan results. The value is also used in regular WPS (not P2P group formation) to make WPS work with devices running as either AP or PCP. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* Include previous BSSID in connection request to indicate reassociationJouni Malinen2016-03-241-0/+8
| | | | | | | | This allows the SME-in-the-driver case to get similar information about reassociation that was already available for the SME-in-wpa_supplicant case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add interface matching support with -M, guarded by CONFIG_MATCH_IFACERoy Marples2016-03-221-0/+92
| | | | | | | | | The new wpa_supplicant command line argument -M can be used to describe matching rules with a wildcard interface name (e.g., "wlan*"). This is very useful for systems without udev (Linux) or devd (FreeBSD). Signed-off-by: Roy Marples <roy@marples.name>
* Find correct driver for interface additions/removalsRoy Marples2016-03-221-1/+1
| | | | | | | | | Interface additions/removals are not guaranteed to be for the driver listening to the kernel events. As such, send the events to wpa_supplicant_event_global() which can then pick the correct interface registered with wpa_supplicant to send the event to. Signed-off-by: Roy Marples <roy@marples.name>
* wpa_supplicant: Expose wpas_get_bands() and related APILior David2016-03-031-3/+2
| | | | | | | | Expose the functions wpas_get_bands() and wpas_freq_to_band() and the enum wpa_radio_work_band, since they will be needed outside wpa_supplicant.c. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* P2P: Support dedicated P2P_DEVICE without separate group interfaceLior David2016-02-271-0/+2
| | | | | | | | | | | Add support for drivers with dedicated P2P_DEVICE interface, but without group interface concurrency (only a single netdev is used). With such devices, wpa_supplicant tried to use the p2p_dev interface instead of the group interface and most P2P operations failed. Extend wpa_supplicant to use the primary interface instead of a separate group interface in such cases. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* P2P: Add a separate pointer to the P2P Device instanceLior David2016-02-271-3/+4
| | | | | | | | | | | | | | | In many places in the code there was a reference to wpa_s->parent to get from group interface to p2p_dev interface. These places can break if P2P_DEVICE interface would need to be used with the primary interface as the group interface, since the parent of the primary interface points to itself and not the p2p_dev interface. Fix this by adding a separate "p2pdev" pointer to wpa_supplicant, it will be the same as parent pointer in most cases but whenever the primary interface is used as a group interface, change it to point to the correct p2p_dev interface. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* MBO: Expire non-matching bss_tmp_disallowed entries as part of checkJouni Malinen2016-02-221-14/+19
| | | | | | | | | | This makes wpa_is_bss_tmp_disallowed() expire old entries from the bss_tmp_disallowed list even if they do not match the BSSID that is being searched for. This allows the list to be kept at shorter length to speed up operations and minimize memory use in cases where the previously disabled BSS is not in radio range anymore. Signed-off-by: Jouni Malinen <j@w1.fi>
* Move Hotspot 2.0 element in (Re)Association Request framesAvraham Stern2016-02-221-20/+21
| | | | | | | | According to IEEE Std 802.11-2012, Table 8-22, vendor specific elements must follow all other elements, so Hotspot 2.0 element which is actually a vendor specific element must come after all other elements. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* MBO: Parse MBO IE in BSS Transition Management Request framesAvraham Stern2016-02-221-0/+86
| | | | | | | | | | | | | Add parsing of MBO IE in BSS Transition Management Request frames. If the MBO IE includes the association retry delay attribute, do not try to reconnect to the current BSS until the delay time is over. If the MBO IE includes the cellular data connection preference attribute or the transition rejection reason attribute, send a message to upper layers with the data. Signed-off-by: David Spinadel <david.spinadel@intel.com> Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* MBO: Add Supported Operating Classes element to Association RequestAvraham Stern2016-02-221-9/+25
| | | | Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* MBO: Implement MBO non-preferred channel report in Association RequestDavid Spinadel2016-02-221-0/+26
| | | | | | | Add MBO IE with non-preferred channels to (Re)Association Request frames. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* wpa_supplicant: Share a single get_mode() implementationAvraham Stern2016-02-211-0/+14
| | | | | | There is no need to duplicate this helper function in multiple files. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* SAE: Fix PMKID calculation for PMKSA cacheMasashi Honma2016-02-181-4/+7
| | | | | | | | The SAE PMKID is calculated with IEEE Std 802.11-2012, but the PMKID was re-calculated with and saved into PMKSA cache. Fix this to save the PMKID calculated with into the PMKSA cache. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* wpa_supplicant: Basic support for PBSS/PCPLior David2016-02-081-0/+2
| | | | | | | | | | | | | | | | | | | | | PBSS (Personal Basic Service Set) is a new BSS type for DMG networks. It is similar to infrastructure BSS, having an AP-like entity called PCP (PBSS Control Point), but it has few differences. PBSS support is mandatory for IEEE 802.11ad devices. Add a new "pbss" argument to network block. The argument is used in the following scenarios: 1. When network has mode=2 (AP), when pbss flag is set will start as a PCP instead of an AP. 2. When network has mode=0 (station), when pbss flag is set will connect to PCP instead of AP. The function wpa_scan_res_match() was modified to match BSS according to the pbss flag in the network block (wpa_ssid structure). When pbss flag is set it will match only PCPs, and when it is clear it will match only APs. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* eloop: Add eloop_sock_requeue()Roy Marples2016-02-071-1/+2
| | | | | | | This function can be used to re-build eloop socket tables after forking for eloop implementations that need this. Signed-off-by: Roy Marples <roy@marples.name>
* mesh: Connection and group started/removed events into debug logJouni Malinen2016-01-061-6/+5
| | | | | | | | The messages were sent out with wpa_msg_ctrl() so they were not visible in the debug log. However, these would be quite helpful strings to search for in the debug log, so change these messages to use wpa_msg(). Signed-off-by: Jouni Malinen <j@w1.fi>
* Update copyright notices for the new year 2016Jouni Malinen2016-01-011-2/+2
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Do not wait for monitor on P2P Device interfaceIlan Peer2015-12-281-1/+1
| | | | | | | | | | | External programs are not aware of the creation of a dedicated P2P Device interface, so it does not make sense to wait for a monitor to connect on such an interface. Fix this by not waiting on a dedicated P2P Device interface for monitor to attach. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* Drop any pending EAPOL RX frame when starting a new connectionJouni Malinen2015-12-201-0/+7
| | | | | | | | | Such a pending frame cannot be valid anymore, so drop it instead of risking of using an unexpected EAPOL frame after association if a previous association received one at the end and the new association can happen within 100 ms. Signed-off-by: Jouni Malinen <j@w1.fi>
* HS 2.0: Convert icon storage to use dl_listJouni Malinen2015-12-191-0/+4
| | | | | | This simplifies the list operations quite a bit. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP peer: External server certificate chain validationJouni Malinen2015-12-121-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds support for optional functionality to validate server certificate chain in TLS-based EAP methods in an external program. wpa_supplicant control interface is used to indicate when such validation is needed and what the result of the external validation is. This external validation can extend or replace the internal validation. When ca_cert or ca_path parameter is set, the internal validation is used. If these parameters are omitted, only the external validation is used. It needs to be understood that leaving those parameters out will disable most of the validation steps done with the TLS library and that configuration is not really recommend. By default, the external validation is not used. It can be enabled by addingtls_ext_cert_check=1 into the network profile phase1 parameter. When enabled, external validation is required through the CTRL-REQ/RSP mechanism similarly to other EAP authentication parameters through the control interface. The request to perform external validation is indicated by the following event: CTRL-REQ-EXT_CERT_CHECK-<id>:External server certificate validation needed for SSID <ssid> Before that event, the server certificate chain is provided with the CTRL-EVENT-EAP-PEER-CERT events that include the cert=<hexdump> parameter. depth=# indicates which certificate is in question (0 for the server certificate, 1 for its issues, and so on). The result of the external validation is provided with the following command: CTRL-RSP-EXT_CERT_CHECK-<id>:<good|bad> It should be noted that this is currently enabled only for OpenSSL (and BoringSSL/LibreSSL). Due to the constraints in the library API, the validation result from external processing cannot be reported cleanly with TLS alert. In other words, if the external validation reject the server certificate chain, the pending TLS handshake is terminated without sending more messages to the server. Signed-off-by: Jouni Malinen <j@w1.fi>
* dbus: Add support for vendor specific elementsAvichal Agarwal2015-12-061-0/+83
| | | | | | | | | | | | | | | | | | The new methods are 1. VendorElemAdd "i" "ay" i=integer ay=array of bytes 2. VendorElemGet "i" i=integer (output array of bytes) 3. VendorElemRem "i" "ay" i=integer ay=array of bytes These provide functionality similar to the control interface commands VENDOR_ELEM_ADD, VENDOR_ELEM_GET, and VENDOR_ELEM_REMOVE. Signed-off-by: Avichal Agarwal <avichal.a@samsung.com> Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com> Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com> Signed-off-by: Mayank Haarit <mayank.h@samsung.com> Signed-off-by: Dilshad Ahmad <dilshad.a@samsung.com> [VendorElemGet to return array of bytes instead of string; cleanup] Signed-off-by: Jouni Malinen <j@w1.fi>
* Allow sched_scan_plans to be updated at runtimeJouni Malinen2015-11-301-0/+3
| | | | | | | | This allows the control interface SET command to be used to update the sched_scan_plans parameter at runtime. In addition, an empty string can be used to clear the previously configured plan. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add support for configuring scheduled scan plansAvraham Stern2015-11-301-0/+11
| | | | | | | | | | | | Add the option to configure scheduled scan plans in the config file. Each scan plan specifies the interval between scans and the number of scan iterations. The last plan will run infinitely and thus specifies only the interval between scan iterations. usage: sched_scan_plans=<interval:iterations> <interval2:iterations2> ... <interval> Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* Abort an ongoing scan before connectKanchanapally, Vidyullatha2015-11-261-0/+2
| | | | | | | | | | Connect radio work is sometimes delayed for a considerable duration if there is an ongoing scan radio work. To avoid these delays abort the ongoing scan on that interface before queuing a connect request. Upon a scan done indication from the driver, connect radio work will be scheduled. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* IBSS/mesh: Add support for VHT80P80 configurationAhmad Kholaif2015-11-261-3/+38
| | | | | | | | | | | A new network profile configuration parameter max_oper_chwidth=3 can be used to specify preference to enable 80+80 MHz VHT channel for IBSS. If that is set, the first 80 MHz segment is specified based on the frequency parameter in the network profile and the second segment is selected automatically (which will practically be limited to a single possibility due to DFS requirements in most countries). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix CONFIG_NO_WPA=y buildJouni Malinen2015-11-231-0/+5
| | | | | | | | Number of places were calling functions that are not included in CONFIG_NO_WPA=y build anymore. Comment out such calls. In addition, pull in SHA1 and MD5 for config_internal.c, if needed. Signed-off-by: Jouni Malinen <j@w1.fi>
* Skip SELECT_NETWORK steps only if already connected or connectingJouni Malinen2015-11-191-1/+2
| | | | | | | | | | | | | | | | Commit 2a6f78fbbefc34fec6685d08f46797c4ef4b2a6e ('Do not re-associate on SELECT_NETWORK to current network') started skipping all SELECT_NETWORK connection steps if the selected network had already been selected previously. This happened regardless of whether the connection was already established. This is not necessarily desirable for all cases where there is no immediate action to even try to connect (e.g., long wait for the next scan). Speed this up by allowing the SELECT_NETWORK operation to get started if there is no connection or ongoing connection attempt with the selected network. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add VHT support for MeshPeter Oh2015-11-191-3/+33
| | | | | | | | | | Mesh Points themselves have capability to support VHT as long as hardware supports it. However, supporting VHT in mesh mode was disabled because no one had clearly tested and confirmed its functionality. Since VHT80 has now been verified to work with ath10k QCA988X driver and mac80211_hwsim, enable VHT support in mesh mode. Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
* wpa_supplicant: Reopen debug log file upon receipt of SIGHUP signalLubomir Rintel2015-10-251-0/+5
| | | | | | | This is useful for logrotate to be able to rotate the file even if the control interface is not enabled (e.g., when using DBus). Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* Clear own_disconnect_req on new connection attemptJouni Malinen2015-10-121-0/+2
| | | | | | | | | | | | | | | It was possible for wpa_s->own_disconnect_req to be left set to 1 from a disconnection attempt from a prior connection. This could then prevent proper connection failure processing with the new connection in wpas_connection_failed(). This was triggered by the following hwsim test case sequence: wpas_mesh_secure sae_no_ffc_by_default. In this sequence, the SAE failure due to unsupported group did not result in proper wpas_connection_failed() processing and retry. Fix this by clearing wpa_s->own_disconnect_req in wpa_supplicant_associate() before starting a new connection. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Parallelize distinct radio work operationsKanchanapally, Vidyullatha2015-09-301-8/+189
| | | | | | | | | This commit contains the necessary changes to parallelize distinct radio work operations which are different in type and the band used, only when the underlying driver is capable of supporting such simultaneous offchannel operations. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix get_shared_radio_freqs_data() used-by flags settingAndrei Otcheretianski2015-09-251-1/+1
| | | | | | | | Fix an iteration bug in get_shared_radio_freqs_data when building freqs_data array. Only the last used-by flag was maintained instead of making this a bitfield of all found uses. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* mesh: Add support for scanning only the current frequencyMasashi Honma2015-09-251-1/+2
| | | | | | This patch enables scan_cur_freq=1 on VIF based mesh network. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Avoid reconnection on ENABLE_NETWORK if already connectedJouni Malinen2015-09-221-1/+4
| | | | | | | | | | | | | | | This was already the case for most command sequences, but it was possible for wpa_s->reassociate to be set to 1 when CTRL-RSP-* commands were used to set identity, password, or passphrase for EAP authentication. In such cases, ENABLE_NETWORK issued after the connection was completed could result in a new connection attempt (likely reconnection back to the same BSS). Fix this by checking whether an actual connection is already present even if wpa_s->reassociate is set when processing the ENABLE_NETWORK command. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Make it clearer that ap_scan=2 mode should not be used with nl80211Jouni Malinen2015-09-041-0/+11
| | | | | | | Add more details into configuration comments and a runtime info message if ap_scan=2 is used with the nl80211 driver interface. Signed-off-by: Jouni Malinen <j@w1.fi>
| | | | | | | | | | | wpa_s->scan_req needs to be set in these cases to get correct scanning behavior. This is mainly needed for starting of AP mode operation immediately in ap_scan=2 case. This fixes an issue that was found with mac80211_hwsim test cases in the following sequence: dbus_autoscan dbus_ap_scan_2_ap_mode_scan Signed-off-by: Jouni Malinen <j@w1.fi>
* Do not stop ongoing PNO sched_scan on association/disconnectionMahesh A Saptasagar2015-08-131-1/+3
| | | | | | | | | | PNO was stopped by the wpa_supplicant during the connection attempts or while handling disassociation indication. External entities, mainly, the Android Wi-Fi framework, does not expects PNO to be stopped by other modules. Hence, do not stop the sched_scan in these scenarios if it is triggered externally for PNO. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Drop connection attempt if network is disabled before radio work startsHu Wang2015-08-101-1/+2
| | | | | | | | | | | With the radio work design, it is possible for a network entry to get disabled (e.g., DISABLE_NETWORK <id>) during the time the connect or sme-connect radio work waits to start. Previously, only the validity of the BSS entry and BSSID/SSID was verified when starting the actual connection step. Add call to wpas_network_disabled() to those checks to catch the case where the network profile is disabled. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: Mark fst_ies buffer constJouni Malinen2015-08-031-1/+1
| | | | | | | | This buffer is owned by the FST module, so mark it const in the set_ies() callback to make it clearer which component is responsible for modifying and freeing this. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Fix P2P configuration file nameGautam2015-08-021-0/+8
| | | | | | | | | The P2P configuration file is wrongly set as STA configuration file, even though a separate configuration file is mentioned with '-m' option. Add initialization and deallocation of global.params->conf_p2p_dev to fix this. Signed-off-by: Gautam <gautams@broadcom.com>
* Add shared periodic cleanup function for AP modeJouni Malinen2015-07-201-1/+5
| | | | | | | | | This new mechanism can be used to combine multiple periodic AP (including P2P GO) task into a single eloop timeout to minimize number of wakeups for the process. hostapd gets its own periodic caller and wpa_supplicant uses the previously added timer to trigger these calls. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Use a single cleanup timer per wpa_supplicant processJouni Malinen2015-07-201-0/+28
| | | | | | | | | | Previously, one timeout per process (by default every 30 seconds) was used P2P peer expiration and another per-interface timeout (every 10 seconds) was used to expire BSS entries. Merge these to a single per-process timeout that triggers every 10 seconds to minimize number of process wakeups due to periodic operations. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>