path: root/wpa_supplicant
Commit message (Collapse)AuthorAgeFilesLines
* Fix couple more typosHEADpendingmasterJouni Malinen20 hours2-6/+4
| | | | | | Couple of similar cases that were not included in the previous commit. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wpa_supplicant: Fix typosYegor Yefremov20 hours23-50/+50
| | | | Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
* wpa_supplicant: Remove unfeasible conditions in config parsingAndrei Otcheretianski22 hours1-3/+1
| | | | | | | | pos can't be NULL in wpa_global_config_parse_str(), so there is no point checking this, especially when pos was already dereferenced earlier. Remove the redundant conditions. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* wpa_cli: Don't access uninitialized variablesAndrei Otcheretianski22 hours1-2/+5
| | | | | | | Don't print potentially uninitialized variables in wpa_ctrl_command_bss(). Some compilers and analyzers may warn about it. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* wpa_supplicant: Fix frequency config for VHT/HE casesMarkus Theil4 days1-9/+13
| | | | | | | Fix compilation without CONFIG_P2P and only set secondary channel seg idx if we use a mode supporting a sec channel for VHT/HE. Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
* Fix spelling of "unexpected" in messagesJouni Malinen4 days1-1/+1
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* MSCS: Fix decapsulating subelements from MSCS descriptorVamsi Krishna6 days1-2/+5
| | | | | | | | Fix pointer sent for decapsulating subelements from MSCS descriptor IE while processing (re)association response frames. Fixes: af8ab3208d03 ("MSCS: Parse result of MSCS setup in (Re)Association Response frames") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wpa_supplicant: Enable VHT and HE in default config parametersMarkus Theil6 days2-1/+4
| | | | | | | Enable VHT and HE as default config parameters in order for wpa_supplicant AP mode to use it, if hw support is given. Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
* wpa_supplicant: Handle HT40 and mode downgrade in AP modeMarkus Theil6 days1-9/+43
| | | | | | | | | | | Add some missing pieces to the interface configuration of AP/mesh mode in wpa_supplicant. - check for secondary channel and HT40 capability - try to downgrade to IEEE 802.11b if 802.11g is not available Especially with the HT40 check, this code now performs all settings, which the deleted/duplicated mesh code did. Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
* mesh: Fix channel init order, disable pri/sec channel switchMarkus Theil6 days1-2/+25
| | | | | | | | | | | | | | | | wpa_supplicant_conf_ap_ht() has to happen before hostapd_setup_interface() in order for its configuration settings to have effect on interface configuration. Disable primary and secondary channel switch because of missing tie breaking rule/frames in mesh networks. A rather long comment about this issue is placed in mesh.c in the corresponding place. I was not able to reproduce the memory corruption during mesh_secure_ocv_mix_legacy, which lead to a revert of a similar patch in the past. Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
* HE/VHT: Fix frequency setup with HE enabledMarkus Theil6 days2-41/+23
| | | | | | | | | | | | | | | | | | | Some places in the code base were not using the wrappers like hostapd_set_oper_centr_freq_seg0_idx and friends. This could lead to errors, for example when joining 80 MHz mesh networks. Fix this, by enforcing usage of these wrappers. wpa_supplicant_conf_ap_ht() now checks for HE capability before dealing with VHT in order for these wrappers to work, as they first check HE support in the config. While doing these changes, I've noticed that the extra channel setup code for mesh networks in wpa_supplicant/mesh.c should not be necessary anymore and dropped it. wpa_supplicant_conf_ap_ht() should handle this setup already. Acked-by: John Crispin <john@phrozen.org> Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
* DPP2: Use the new privacy protection key to protect E-id on EnrolleeJouni Malinen7 days1-1/+3
| | | | | | | Use ppKey instead of C-sign-key to encrypted E-id to E'-id into Reconfig Announcement frame on the Enrollee side. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Copy received ppKey into wpa_supplicant network profileJouni Malinen7 days4-0/+36
| | | | | | | | Store the received privacy protection key from Connector into wpa_supplicant network profile and indicate it through the control interface similarly to C-sign-key. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* mesh: Stop SAE auth timer when mesh node is removedUdhayakumar Mahendiran8 days1-0/+1
| | | | | | Not doing this could cause wpa_supplicant to crash. Signed-off-by: Udhayakumar Mahendiran <udhayakumar@qubercomm.com>
* DPP2: Add DPP_CHIRP commands to hostapd_cli and wpa_cliWystan Schmidt9 days1-0/+25
| | | | | | | Add the DPP control interface chirp commands to the CLIs for greater visibility and ease of use. Signed-off-by: Wystan Schmidt <wystan.schmidt@charter.com>
* P2P: Set ap_configured_cb during group reform processJimmy Chen9 days1-0/+14
| | | | | | | | | | | We found that if REMOVE-AND-REFORM occurs before a group is started, it would not send out GROUP-STARTED-EVENT after AP is enabled. In the remove-and-reform process, ap_configured_cb is cleared. If a group is not started, p2p_go_configured() will not be called after completing AP setup. Fix this by preserving the callback parameters. Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
* P2P: Fallback to GO negotiation after running out of GO scan attemptsJimmy Chen9 days1-0/+9
| | | | | | | | | | | | | | We found a problem that p2p_fallback_to_go_neg is not handled correctly after running out of GO scan attempts. When autojoin is enabled and a group is found in old scan results, supplicant would try to scan the group several times. If the group is still not found, it reports group formation failure while p2p_fallback_to_go_neg is enabled already. If p2p_fallback_to_go_neg is enabled, it should fallback to GO negotiation, but not report group formation failure after running out of GO scan attempts. Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
* wpa_cli: Add dpp_bootstrap_set commandAndrew Beltrano9 days1-0/+10
| | | | | | | Expose DPP_BOOTSTRAP_SET through wpa_cli command dpp_bootstrap_set <id> <configurator params..> Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
* gitignore: Clean up a bitJohannes Berg9 days1-0/+14
| | | | | | | | Now that we no longer leave build artifacts outside the build folder, we can clean up the gitignore a bit. Also move more things to per-folder files that we mostly had already anyway. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mesh: Allow channel switch commandMarkus Theil9 days1-2/+9
| | | | Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
* D-Bus: Share 'remove all networks' with CLIBrian Norris10 days4-50/+49
| | | | | | | | | | | | The D-Bus implementation of RemoveAllNetworks differs wildly from the CLI implementation. Let's share the implementations. This resolves use-after-free bugs I noticed, where we continue to use the 'wpa_s->current_ssid' wpa_ssid object after freeing it, because we didn't bother to disconnect from (and set to NULL) current_ssid before freeing it. Signed-off-by: Brian Norris <briannorris@chromium.org>
* wpa_supplicant: Do not retry scan if operation is not supportedGeorg Müller10 days1-0/+4
| | | | | | | | | | | | | | | | | | | | | When using NetworkManager to set up an access point, there seems to be a race condition which can lead to a new log message every second. The following message appears in AP mode: CTRL-EVENT-SCAN-FAILED ret=-95 retry=1 Normally, this log message only appears once. But then (and only then) the race is triggered and they appear every second, the following log messages are also present: Reject scan trigger since one is already pending Failed to initiate AP scan This patch just disables the retry for requests where the operation is not supported anyway. Signed-off-by: Georg Müller <georgmueller@gmx.net>
* P2P: Limit P2P_DEVICE name to appropriate ifname sizeBenjamin Berg10 days1-0/+4
| | | | | | | | | Otherwise the WPA_IF_P2P_DEVICE cannot be created if the base ifname is long enough. As this is not a netdev device, it is acceptable if the name is not completely unique. As such, simply insert a NUL byte at the appropriate place. Signed-off-by: Benjamin Berg <bberg@redhat.com>
* mesh: Set correct address for mesh default broadcast/multicast keysMarkus Theil10 days1-2/+4
| | | | | | | | | | | | | | | wpa_drv_set_key() was called with a NULL address for IGTK and MGTK before this patch. The nl80211 driver will then not add the NL80211_KEY_DEFAULT_TYPE_MULTICAST flag for the key, which wrongly marks this key also as a default unicast key in the Linux kernel. With SAE this is no real problem in practice, as a pairwise key will be negotiated in mesh mode, before the first data frame gets send. When using IEEE 802.1X in a mesh network in the future, this gets a problem, as Linux now will encrypt EAPOL frames with the default key, which is also marked for unicast usage without this patch. Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
* DBus: Add "Roam" command supportBrian Norris10 days3-0/+60
| | | | | | | | | | Add D-Bus interface for ROAM command, imitating the existing wpa_cli command. Chromium OS has been carrying a form of this patch for a very long time. I've cleaned it up a bit and documented it. Signed-off-by: Brian Norris <briannorris@chromium.org>
* Use consistent spelling of "homogeneous"Jouni Malinen10 days1-1/+1
| | | | | | | | | | The 'H' in HESSID was originally spelled "homogenous" in IEEE Std 802.11-2016 abbreviations and acronyms list, but that was changed in REVmd to the significantly more common spelling "homonegeneous". Update this older version to match the new spelling to be consistent throughout the repository. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Clear blacklist when SSID configs changeKevin Lund10 days4-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the stored configurations for an SSID have changed, we can no longer trust the current blacklist state of that SSID, since the updated configs could change the behavior of the network. E.g., the BSS could be blacklisted due to a bad password, and the config could be updated to store the correct password. In this case, keeping the BSS in the blacklist will prevent the user from connecting to the BSS after the correct password has been updated. Add the value was_changed_recently to the wpa_ssid struct. Update this value every time a config is changed through wpa_set_config(). Check this value in wpa_blacklist_get() to clear the blacklist whenever the configs of current_ssid have changed. This solution was chosen over simply clearing the blacklist whenever configs change because the user should be able to change configs on an inactive SSID without affecting the blacklist for the currently active SSID. This way, the blacklist won't be cleared until the user attempts to connect to the inactive network again. Furthermore, the blacklist is stored per-BSSID while configs are stored per-SSID, so we don't have the option to just clear out certain blacklist entries that would be affected by the configs. Finally, the function wpa_supplicant_reload_configuration() causes the configs to be reloaded from scratch, so after a call to this function all bets are off as to the relevance of our current blacklist state. Thus, we clear the entire blacklist within this function. Signed-off-by: Kevin Lund <kglund@google.com> Signed-off-by: Brian Norris <briannorris@chromium.org>
* wpa_supplicant: Add new blacklist testsKevin Lund10 days1-0/+17
| | | | | | | | | This change adds some barebones tests for new blacklisting functionality to wpas_module_tests.c. The tests ensure some basic functionality for the functions wpa_blacklist_is_blacklisted() and wpa_blacklist_update(). Signed-off-by: Kevin Lund <kglund@google.com> Signed-off-by: Brian Norris <briannorris@chromium.org>
* wpa_supplicant: Add wpa_blacklist_update()Kevin Lund10 days2-0/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | This change adds the function wpa_blacklist_update(), which goes through all blacklist entries and deletes them if their blacklist expired over an hour ago. The purpose of this is to remove stale entries from the blacklist which likely do not reflect the current condition of device's network surroundings. This function is called whenever the blacklist is polled, meaning that the caller always gets an up-to-date reflection of the blacklist. Another solution to clearing the blacklist that was considered was to slowly reduce the counts of blacklist entries over time, and delete them if the counts dropped below 0. We decided to go with the current solution instead because an AP's "problematic" status is really a binary thing: either the AP is no longer problematic, or it's still causing us problems. So if we see any more problems within a reasonable amount of time, it makes sense to just keep the blacklist where it was since the AP is likely still undergoing the same issue. If we go a significant amount of time (semi-arbitrarily chosen as 1 hour) without any issues with an AP, it's reasonable to behave as if the AP is no longer undergoing the same issue. If we see more problems at a later time, we can start the blacklisting process fresh again, treating this as a brand new issue. Signed-off-by: Kevin Lund <kglund@google.com> Signed-off-by: Brian Norris <briannorris@chromium.org>
* wpa_supplicant: Implement time-based blacklistingKevin Lund10 days4-19/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | wpa_supplicant keeps a blacklist of BSSs in order to prevent repeated associations to problematic APs*. Currently, this blacklist is completely cleared whenever we successfully connect to any AP. This causes problematic behavior when in the presence of both a bad AP and a good AP. The device can repeatedly attempt to roam to the bad AP because it is clearing the blacklist every time it connects to the good AP. This results in the connection constantly ping-ponging between the APs, leaving the user stuck without connection. Instead of clearing the blacklist, implement timeout functionality which allows association attempts to blacklisted APs after some time has passed. Each time a BSS would be added to the blacklist, increase the duration of this timeout exponentially, up to a cap of 1800 seconds. This means that the device will no longer be able to immediately attempt to roam back to a bad AP whenever it successfully connects to any other AP. Other details: The algorithm for building up the blacklist count and timeout duration on a given AP has been designed to be minimally obtrusive. Starting with a fresh blacklist, the device may attempt to connect to a problematic AP no more than 6 times in any ~45 minute period. Once an AP has reached a blacklist count >= 6, the device may attempt to connect to it no more than once every 30 minutes. The goal of these limits is to find an ideal balance between minimizing connection attempts to bad APs while still trying them out occasionally to see if the problems have stopped. The only exception to the above limits is that the blacklist is still completely cleared whenever there are no APs available in a scan. This means that if all nearby APs have been blacklisted, all APs will be completely exonerated regardless of their blacklist counts or how close their blacklist entries are to expiring. When all nearby APs have been blacklisted we know that every nearby AP is in some way problematic. Once we know that every AP is causing problems, it doesn't really make sense to sort them beyond that because the blacklist count and timeout duration don't necessarily reflect the degree to which an AP is problematic (i.e. they can be manipulated by external factors such as the user physically moving around). Instead, its best to restart the blacklist and let the normal roaming algorithm take over to maximize our chance of getting the best possible connection quality. As stated above, the time-based blacklisting algorithm is designed to be minimally obtrusive to user experience, so occasionally restarting the process is not too impactful on the user. *problematic AP: rejects new clients, frequently de-auths clients, very poor connection quality, etc. Signed-off-by: Kevin Lund <kglund@google.com> Signed-off-by: Brian Norris <briannorris@chromium.org>
* wpa_supplicant: Track consecutive connection failuresKevin Lund10 days5-34/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Within wpas_connection_failed(), the 'count' value of wpa_blacklist is erroneously used as a tally of the number times the device has failed to associate to a given BSSID without making a successful connection. This is not accurate because there are a variety of ways a BSS can be added to the blacklist beyond failed association such as interference or deauthentication. This 'count' is lost whenever the blacklist is cleared, so the wpa_supplicant stores an additional value 'extra_blacklist_count' which helps persist the 'count' through clears. These count values are used to determine how long to wait to rescan after a failed connection attempt. While this logic was already slightly wrong, it would have been completely broken by the upcoming change which adds time-based blacklisting functionality. With the upcoming change, 'count' values are not cleared on association, and thus do not necessarily even approximate the "consecutive connection failures" which they were being used for. This change seeks to remove this unnecessary overloading of the blacklist 'count' by directly tracking consecutive connection failures within the wpa_supplicant struct, independent of the blacklist. This new 'consecutive_conn_failures' is iterated with every connection failure and cleared when any successful connection is made. This change also removes the now unused 'extra_blacklist_count' value. Signed-off-by: Kevin Lund <kglund@google.com> Signed-off-by: Brian Norris <briannorris@chromium.org>
* Fix STA mode default TXOP Limit values for AC_VI and AC_VOYogesh Kulkarni10 days1-2/+2
| | | | | | | | | | commit f4e3860f ("Fix AP mode default TXOP Limit values for AC_VI and AC_VO") corrects the default values of txop_limit from 93/46 to 94/47 for AP. STA would also need the same change. Signed-off-by: Yogesh Kulkarni <yogesh.kulkarni@nxp.com> Signed-off-by: Cathy Luo <xiaohua.luo@nxp.com> Signed-off-by: Ganapathi Bhat <ganapathi.bhat@nxp.com>
* gitignore: Add various thingsJohannes Berg10 days2-0/+3
| | | | Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* build: Remove hostapd vs. wpa_supplicant build checksJohannes Berg10 days1-8/+0
| | | | | | | | These are no longer needed now. Note that this was never actually sufficient since src/drivers/ isn't the only thing shared, and thus a cross-build detection didn't work in all cases. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* build: Add .config file to dependenciesJohannes Berg10 days1-2/+0
| | | | | | | | | If the .config file changes, basically everything needs to be rebuilt since we don't try to detect which symbols changed or such. Now that the .config file handling is in the common build system, make everything depend on it if there's one. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* build: Put object files into build/ folderJohannes Berg10 days1-8/+26
| | | | | | | | | | | | | | | | Instead of building in the source tree, put most object files into the build/ folder at the root, and put each thing that's being built into a separate folder. This then allows us to build hostapd and wpa_supplicant (or other combinations) without "make clean" inbetween. For the tests keep the objects in place for now (and to do that, add the build rule) so that we don't have to rewrite all of that with $(call BUILDOBJS,...) which is just noise there. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* build: Move config file handling into build.rulesJohannes Berg10 days1-12/+1
| | | | | | | This will make it easier to split out the handling in a proper way, and handle common cflags/dependencies. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* build: Add a common-clean targetJohannes Berg10 days1-2/+2
| | | | | | | | Clean up in a more common fashion as well, initially for ../src/. Also add $(Q) to the clean target in src/ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* build: Pull common fragments into a build.rules fileJohannes Berg10 days1-48/+17
| | | | | | | Some things are used by most of the binaries, pull them into a common rule fragment that we can use properly. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* iface match: Unspecified matched interfaces should not log driver failsRoy Marples11 days3-6/+27
| | | | | | | | | If there is no matching interface given, but interface matching is enabled, all interfaces on the system will try to be initialized. Non wireless interfaces will fail and the loopback device will be one of these, so just log a diagnostic rather than an error. Signed-off-by: Roy Marples <roy@marples.name>
* op_classes: Don't report an error when there are none to addRoy Marples11 days1-2/+6
| | | | | | | | Instead, log a diagnostic so that noise to the user is reduced. This is expected behavior with driver interfaces that do not report supported operating modes/classes. Signed-off-by: Roy Marples <roy@marples.name>
* D-Bus: Allow empty string in dbus network propertiesMatthew Wang11 days1-2/+0
| | | | | | | | This is needed for clearing previously set parameters in a similar manner that was already available through the control interface SET_NETWORK command. Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
* Allow bgscan parameters to be reconfiguredMatthew Wang11 days6-16/+67
| | | | | | | Teach wpa_supplicant to {de,}initialize bgscans when bgscan parameters are set after initial connection. Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
* Global parser functions to return 1 when property unchangedMatthew Wang11 days3-7/+65
| | | | | | | | | | | Currently, wpa_config_set(), the function that sets wpa_supplicant per-network properties, returns 1 when a property it attempts to set is unchanged. Its global parallel, wpa_config_process_global(), doesn't do this even though much of the code is very similar. Change this, and several of the parser functions, to resemble the per-network parser and setter functions. Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
* D-Bus: Skip property update actions when wpa_config_set() returns 1Matthew Wang11 days1-1/+5
| | | | | | | | | When network properties are updated via dbus, wpa_config_set() is used to update the property in the wpa_ssid struct. If it returns 1, the property was not changed and there's no need to perform any of the update actions. Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
* D-Bus: Allow changing an interface bridge via D-BusBeniamino Galvani11 days5-1/+100
| | | | | | | | | | | | | D-Bus clients can call CreateInterface() once and use the resulting Interface object to connect multiple times to different networks. However, if the network interface gets added to a bridge, clients currently have to remove the Interface object and create a new one. Improve this by supporting the change of the BridgeIfname property of an existing Interface object. Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
* P2P: Add configuration support to disable P2P in 6 GHz bandSreeramya Soratkal12 days4-2/+69
| | | | | | | | | Add a new configuration parameter p2p_6ghz_disable=1 to disable P2P operation in the 6 GHz band. This avoids additional delays caused by scanning 6 GHz channels in p2p_find and p2p_join operations in the cases where user doesn't want P2P connection in the 6 GHz band. Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
* DPP2: Presence Announcement notification in STAAndrew Beltrano13 days1-0/+2
| | | | | | | | Generate a control interface event upon receipt of DPP Presence Announcement frames. This allows external programs to instrument wpa_supplicant with bootstrapping information on-demand. Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
* Document the missing ignore_broadcast_ssid network profile parameterYegor Yefremov13 days1-0/+10
| | | | | | Copy parameter description from hostapd.conf. Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
* DBus: Update dont_quote[] with ignore_broadcast_ssid parameterYegor Yefremov13 days1-0/+1
| | | | | | | | ignore_broadcast_ssid is supported when using with the config file. But it generates an error if you try to set it via the DBus interface. Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>