aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant
Commit message (Collapse)AuthorAgeFilesLines
* Select the BSD license terms as the only license alternativeJouni Malinen2012-02-114-63/+15
| | | | | | | | | | | | | | | Simplify licensing terms for hostap.git by selecting the BSD license alternative for any future distribution. This drops the GPL v2 alternative from distribution terms and from contribution requirements. The BSD license alternative that has been used in hostap.git (the one with advertisement clause removed) is compatible with GPL and as such the software in hostap.git can still be used with GPL projects. In addition, any new contribution to hostap.git is expected to be licensed under the BSD terms that allow the changes to be merged into older hostap repositories that still include the GPL v2 alternative. Signed-hostap: Jouni Malinen <j@w1.fi>
* EAP-pwd: Describe build option for EAP-pwdDan Harkins2012-02-111-0/+3
| | | | Signed-hostap: Dan Harkins <dharkins@lounge.org>
* dbus: Make the P2P peer's properties accessible separatelyFlávio Ceolin2012-02-113-74/+267
| | | | | | | | | Since there is the method org.freedesktop.DBus.Properties.GetAll that returns all properties from a specific interface, it makes more sense to separate the properties to make it possible to get only a single property using the method org.freedesktop.DBus.Properties.Get as well. Signed-hostap: Flávio Ceolin <flavio.ceolin@profusion.mobi>
* P2P: Do not expire GO peer entry during group rekeyingPiotr Nakraszewicz2012-02-111-1/+2
| | | | | If wpas_go_connected() is called during group rekeying the P2P GO peer will expire. To prevent that check if group rekeying is not in progress.
* Fix CONFIG_NO_SCAN_PROCESSING=y buildJouni Malinen2012-02-111-24/+24
| | | | | | | | | This fixes a build regression from commit cd2f4ddfb91c330c778d7464a393c5f26f07d432 by moving wpa_supplicant_assoc_update_ie() outside the no-scan-processing ifdef block. Signed-hostap: Jouni Malinen <j@w1.fi>
* Show BSS entry age (seconds since last update)Jouni Malinen2012-02-081-1/+5
| | | | | | | | The BSS ctrl_iface command can sow the age of a BSS table entry to make it easier for external programs to figure out whether an entry is still current depending on the use case. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Allow BSS entry to be fetched based on GO P2P Device AddressJouni Malinen2012-02-073-0/+26
| | | | | | | | | | "BSS p2p_dev_addr=<P2P Device Address>" can now be used to fetch a specific BSS entry based on the P2P Device Address of the GO to avoid having to iterate through the full BSS table when an external program needs to figure out whether a specific peer is currently operating as a GO. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Set Invitation Type to 1 for GO inviting to a persistent groupJouni Malinen2012-02-063-5/+16
| | | | | | | | | | | When a GO is operating a persistent group and invites a peer that has been a P2P client in that persistent group, the Invitation Type in the Invitation Request frame can be set to 1 to indicate that this is a reinvocation of a persistent group. Do this based on the maintained list of P2P clients that have been provided the credentials to this group. Signed-hostap: Jouni Malinen <j@w1.fi>
* P2P: Wait for PD-before-join responseJouni Malinen2012-02-051-3/+31
| | | | | | | | | | | | | | | | | Even though the Provision Discovery Response frame from PD-before-join does not really provide any additional information, it can be better to wait for it before starting the join operation. This adds a minimal extra latency in the most common case and cleans up the sequence of driver operations and debug log by avoiding potential processing of the Provision Discovery Response while already running a scan for the actual connection. If transmission of Provision Discovery Request fails, join operation is started without the additional wait. In addition, a new timeout is used to start the join if Provision Discovery Response is lost for any reason. Signed-hostap: Jouni Malinen <j@w1.fi>
* P2P: Skip event notification on PD Response in join-group caseJouni Malinen2012-02-051-9/+10
| | | | | | | | | | | Provision Discovery is used as a notification to the GO in the case we are about join a running group. In such case, there is not much point in indicating the provision discovery response events to external programs especially when the PIN-to-be-displayed was different from the one returned for the p2p_connect command. Skip this confusing event completely for join-a-running-group case. Signed-hostap: Jouni Malinen <j@w1.fi>
* bgscan_simple: Refinements to fast-scan backoffPaul Stewart2012-02-051-4/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | These changes account for situations where the CQM threshold might be approximately the same as the currently received signal, and thus CQM events are triggered often due to measurement error/small fluctuations. This results in scanning occurring too frequently. Firstly, inhibit the immediate scan when the short-scan count is at the maximum. This keeps bursts of CQM toggling from causing a torrent of back-to-back scans. This does not inhibit immediate scans if the CQM triggers a second time (if the signal falls lower past the hysteresis). This reduces the scan rate in the worst case (fast-rate toggling high/low CQM events) to the short scan interval. Secondly, change the behavior of the short scan count so it acts like a "leaky bucket". As we perform short-scans, the bucket fills until it reaches a maximal short-scan count, at which we back-off and revert to a long scan interval. The short scan count decreases by one (emptying the bucket) every time we complete a long scan interval without a low-RSSI CQM event. This reduces the impact of medium-rate toggling of high/low CQM events, reducing the number of short-interval scans that occur before returning to a long-interval if the system was recently doing short scans.
* Try fallback drivers if global init for preferred drivers failsDan Williams2012-02-041-2/+5
| | | | | | | | | | | | | | | | | Driver global init was considered a hard failure. Thus if, for example, you used the Broadcom STA driver and didn't have nl80211 or cfg80211 loaded into the kernel, and specified a driver value of "nl80211,wext", the nl80211 driver's global init would fail with the following message: nl80211: 'nl80211' generic netlink not found Failed to initialize driver 'nl80211' but since global init was a hard failure, creating the supplicant interface would fail and the WEXT driver would not be tried. Give other drivers a chance instead. Signed-hostap: Dan Williams <dcbw@redhat.com> intended-for: hostap-1
* P2P: Fix the setter function for DBus group propertiesTodd Previte2012-02-041-5/+5
| | | | | | | | | | | | The setter function uses the same hostapd_data structure as the getter which causes it to crash if called on a P2P client. To overcome this issue, the role is checked to ensure it is called on a group owner and the pointer is examined for validity. The function will return an error if called on a non-GO system. Signed-hostap: Todd Previte <toddx.a.previte@intel.com> Signed-hostap: Angie Chinchilla <angie.v.chinchilla@intel.com> intended-for: hostap-1
* P2P: Fix DBus crash and return additional P2P group propertiesTodd Previte2012-02-041-14/+72
| | | | | | | | | | | | | | | When using DBus to get group properties, a segmentation fault is generated on P2P clients due to a NULL pointer for the ap_iface struct. The current implementation only returns vendor extensions when called on a P2P group owner. The code now checks the P2P role which allows for role-specific information to be provided. This also fixes the crash issue by only looking for the correct structures based on the current P2P role. Signed-hostap: Todd Previte <toddx.a.previte@intel.com> Signed-hostap: Angie Chinchilla <angie.v.chinchilla@intel.com> intended-for: hostap-1
* Use PMKSA cache entries with only a single network contextJouni Malinen2012-02-041-0/+2
| | | | | | | | When looking for PMKSA cache entries to use with a new association, only accept entries created with the same network block that was used to create the cache entry. Signed-hostap: Jouni Malinen <j@w1.fi>
* Delay scan request on select_network if disconnectingJouni Malinen2012-02-041-3/+6
| | | | | | | | | | | | | The disconnection command results in disassociation and deauthentication events which were previously processed during the scan in case of select_network command being used while associated with another network. While this works in most cases, it can result in confusing event messages in ctrl_iface and debug log. Avoid this by using a short delay between the disconnection and scan request to allow the disconnection events to be processed prior to starting the new scan. Signed-hostap: Jouni Malinen <j@w1.fi> intended-for: hostap-1
* Interworking: Fix EAP-TTLS/MSCHAP configurationJouni Malinen2012-01-311-2/+2
| | | | | | | Copy-paste error ended up using CHAP when MSCHAP was supposed to be set. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Disable AP PIN after 10 consecutive failuresJouni Malinen2012-01-301-0/+2
| | | | | | | | | | | While the exponential increase in the lockout period provides an efficient mitigation mechanism against brute force attacks, this additional trigger to enter indefinite lockout period (cleared by restarting hostapd) will limit attacks even further by giving maximum of 10 attempts (without authorized user action) even in a very long term attack. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Support HT capability overridesBen Greear2012-01-297-0/+284
| | | | | | | | | | | | | | | | | | | | | | This allows HT capabilities overrides on kernels that support these features. MCS Rates can be disabled to force to slower speeds when using HT. Rates cannot be forced higher. HT can be disabled, forcing an 802.11a/b/g/n station to act like an 802.11a/b/g station. HT40 can be disabled. MAX A-MSDU can be disabled. A-MPDU Factor and A-MPDU Density can be modified. Please note that these are suggestions to the kernel. Only mac80211 drivers will work at all. The A-MPDU Factor can only be decreased and the A-MPDU Density can only be increased currently. Signed-hostap: Ben Greear <greearb@candelatech.com>
* Remove duplicated TERMINATING eventJouni Malinen2012-01-291-5/+0
| | | | | | | | Now that CTRL-EVENT-TERMINATING even is sent at the end of interface removal in case wpa_supplicant process is going to terminate, there is no need for this duplicated event in the signal handler. Signed-hostap: Jouni Malinen <j@w1.fi>
* Move ctrl_iface deinit into the end of interface deinitDmitry Shmidt2012-01-291-6/+13
| | | | | | | | | This allows TERMINATING ctrl_iface event to be sent at the end of the deinit sequence to avoid race conditions with new operations that this event may trigger while wpa_supplicant would still be running through the deinitialization path. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* Deinit driver before notifying interface has been removedDmitry Shmidt2012-01-291-3/+3
| | | | | | | | This avoids issues with some external program starting to use the interface based on the interface removal event before wpa_supplicant has completed deinitialization of the driver interface. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* Let wpa_supplicant_deinit_iface() know that process is terminatingDmitry Shmidt2012-01-296-12/+14
| | | | | | | This will be needed to be able to move ctrl_iface TERMINATING event to the end of interface removal. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* SME: Fix processing of Authentication timeout and failureEyal Shapira2012-01-291-2/+2
| | | | | | | | | | current_bss and pending_bssid weren't cleaned up so BSS kept appearing in the scan results even when it was actually gone. Use wpa_supplicant_mark_disassoc() to cleanup the wpa_s context instead of just dropping wpa_state back to DISCONNECTED. Reported-by: Vishal Mahaveer <vishalm@ti.com> Signed-hostap: Eyal Shapira <eyal@wizery.com>
* Interleave wildcard and specific SSID scans when max_ssids=1Eyal Shapira2012-01-293-8/+31
| | | | | | | | For drivers limited to scan a single SSID at a time, this prevents waiting too long for a wildcard scan in case there are several scan_ssid networks in the configuration. Signed-hostap: Eyal Shapira <eyal@wizery.com>
* Install only the binaries into BINDIRJouni Malinen2012-01-291-3/+4
| | | | | | There is no point in installing *.service files into BINDIR. Signed-hostap: Jouni Malinen <j@w1.fi>
* build: Fix install target parent directory prerequisitesGrant Erickson2012-01-291-3/+4
| | | | | | | | This changes the install target such that parent directories of installed paths area created and each path is only installed on a dependency basis. Signed-off-by: Grant Erickson <marathon96@gmail.com>
* dbus: Remove unused D-Bus version definesJouni Malinen2012-01-293-34/+0
| | | | | | | These have not been used since commit 8ddef94bd41747ba658ed4ed5dfa9e62b4b84cfa. Signed-hostap: Jouni Malinen <j@w1.fi>
* IBSS RSN: Provide ibss_rsn_get_peer() helper functionAntonio Quartulli2012-01-291-12/+20
| | | | | | | This is a useful function that simplifies some code and can eventually be used somewhere else in future. Signed-hostap: Antonio Quartulli <ordex@autistici.org>
* dbus: Fix endianness bug in Frequency and Signal propertiesSylvestre Gallon2012-01-281-2/+6
| | | | | | | | These properties did not work on big endian PowerPC (always 100% for Signal and 0 for Frequency) due to endianness problem (u32 to u16 data loss). Signed-off-by: Sylvestre Gallon <ccna.syl@gmail.com>
* Rename systemd template files to avoid @ in the file nameJouni Malinen2012-01-284-0/+3
| | | | | | | | | Perforce does not like @ in the file name and since these template files do not really need to have that in the name, make the files in repository friendlier to Perforce. The generated *.service file will maintain their old names. Signed-hostap: Jouni Malinen <j@w1.fi>
* Support fixing the BSSID in IBSS modeNicolas Cavallari2012-01-281-0/+7
| | | | | | | | | When the "bssid=" option is set for an IBSS network and ap_scan = 2, ask the driver to fix this BSSID, if possible. Previously, any "bssid=" option were ignored in IBSS mode when ap_scan=2. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
* dbus: Create DBus getter/setter for FastReauthPaul Stewart2012-01-283-0/+60
| | | | | | | | Provide a means over DBus to set the conf->fast_reauth property, which controls whether TLS session resumption should be attempted for EAP-TLS 802.1X networks. Signed-off-by: Paul Stewart <pstew@chromium.org>
* P2P: Fix WSC IE inclusion for P2P disabled caseJouni Malinen2012-01-271-4/+6
| | | | | | | | | | | wpas_wps_in_use() was forcing WPS to be enabled unconditionally if P2P support was included in the build. This is not really the correct behavior for the case when P2P has been disabled at runtime. Change the code here to verify runtime configuration of P2P before forcing WPS to be enabled. This allows WSC IE to be left out from Probe Request frames when scanning for APs without P2P or WPS being in use. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Do not expire peer entry if we are connected to the peerJouni Malinen2012-01-252-0/+24
| | | | | | | | Even though we may not update P2P peer entry while connected to the peer as a P2P client, we should not be expiring a P2P peer entry while that peer is the GO in a group where we are connected as a P2P client. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Stop sched_scan in number of cases where it should not be runningJouni Malinen2012-01-232-0/+5
| | | | | | | | | | | | When a P2P group is removed, we better not leave possibly started sched_scan running. This could happen when a separate group interface was not used. In addition, it looks safer to explicitly stop sched_scan before starting P2P Listen or Find operations to make sure the offloaded scanning is not running when doing similar P2P operations. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Update WPA/RSN IE properly for driver based BSS selectionSujith Manoharan2012-01-231-6/+56
| | | | | | | | | | | | | | | | | | | | This patch fixes an issue with roaming for drivers that set WPA_DRIVER_FLAGS_BSS_SELECTION (currently ath6kl). On moving to an AP with a different BSSID, an EVENT_ASSOC is received and the subsequent 4-way handshake may fail because of a mismatch between the RSN IE in message 3/4 and in Beacon/Probe Response. This happens only when the APs use different RSN IE contents and ap_scan is set to 1, since wpa_supplicant fails to update its cached IEs. Initial association may fail, too, in case of multiple APs with the same SSID, since BSSID selection is done by the driver and again a mismatch could be seen. Fix these two issues by clearing and updating the cached IEs on receiving an Association event from the driver. Also, retrieve the scan results when the new BSS information is not present locally. Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
* eapol_test: Show MNC length in debug outputJouni Malinen2012-01-221-0/+3
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* dbus: Validate SSID length in new D-Bus scan requestSam Leffler2012-01-221-0/+10
| | | | | Validate the length of each SSID passed in a new D-Bus protocol Scan request.
* P2P: Allow Device ID to be specified for p2p_find commandJouni Malinen2012-01-085-10/+26
| | | | | | | dev_id=<P2P Device Addr> can now be specified as an argument to p2p_find to request P2P find for a specific P2P device. Signed-hostap: Jouni Malinen <j@w1.fi>
* Update copyright notices to include year 2012Jouni Malinen2012-01-013-3/+3
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* Do not trigger fast reconnection on locally generated deauth/disassocJouni Malinen2012-01-011-7/+19
| | | | | | | | | | | | | | | The deauthentication and disassociation events from nl80211 were being processed identically regardless of whether the frame was generated by the local STA or the AP. This resulted in fast reconnection mechanism getting triggered even in the case where the disconnection was detected locally (e.g., due to beacon loss) while this was supposed to happen only in the case where the AP is sending an explicit Deauthentication or Disassociation frame with a specific reason code. Fix this by adding a new deauth/disassoc event variable to indicate whether the event was generated locally. Signed-hostap: Jouni Malinen <j@w1.fi>
* Fix BSS property names in the example D-Bus scriptJouni Malinen2012-01-011-2/+2
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* dbus: Fix extra semicolonSyam Sidhardhan2012-01-011-1/+1
| | | | Signed-off-by: Syam Sidhardhan <syamsidhardh@gmail.com>
* dbus: Increase buffer size to fix Introspect XMLJouni Malinen2011-12-311-1/+7
| | | | | | | | | | | Commit e9c3c1afedd2d0c6a0939f40c40701af8c450e1f added a new D-Bus method and that was enough to push the Introspect XML buffer over the previously allocated 8000 bytes. Increase the buffer size to make enough room for P2P interface. In addition, add a debug message to indicate if an XML segment does not fit into the buffer to make this types of failures somewhat easier to catch. Signed-hostap: Jouni Malinen <j@w1.fi>
* Remove possible authentication timeout on connection failureJouni Malinen2011-12-311-0/+5
| | | | | | | | | The authentication timeout could be triggered after the connection has already been known to have failed. The event at that point can be confusing, so better cancel the timeout when processing connection failure. Signed-hostap: Jouni Malinen <j@w1.fi>
* WPS: Use single channel scan if AP channel already knownJouni Malinen2011-12-313-4/+25
| | | | | | | | | If the BSSID of the AP is specified in the WPS command, the target AP is likely already in the BSS table and its operating channel is known. Use this information to speed up connection by only scanning the known channel. Signed-hostap: Jouni Malinen <j@w1.fi>
* Use correct (multi-user) target when installing systemd unitsMichał Górny2011-12-294-4/+4
| | | | | | | | | | | The 'network.target' is special (per systemd.special(7)), and is to be brought up indirectly when network is actually configured (i.e. through DHCP or static address settings). Irrelevant of that, all services should be always installed in multi-user.target. [Bug 427]
* P2P: Stop remain-on-channel prior to starting join-a-group clientJouni Malinen2011-12-291-0/+7
| | | | | | | | | This fixes issues with drivers that do not handle concurrent remain-on-channel and scan operations in a case where Provision Discovery Response frame is not received to stop the Action frame handshake. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Reject p2p_group_add if forced frequency is not acceptableNeeraj Kumar Garg2011-12-271-5/+16
| | | | | | | | | | If the freq parameter is specified and we are already running legacy STA on a different frequency with a driver that does not support multi-channel concurrency, reject p2p_group_add. Same code already exists in the path of P2P connection with go negotiation but is missing for autonomous GO. Signed-hostap: Neeraj Garg <neerajkg@broadcom.com>