Jouni Malinen [Mon, 22 Feb 2016 18:37:21 +0000 (20:37 +0200)]
MBO: Parse non-preferred channel list on the AP
This adds parsing of non-preferred channel list on an MBO AP. The
information in (Re)Association Request and WNM Notification Request
frames is parsed to get the initial value and updates from each
associated MBO STA. The parsed information is available through the STA
control interface command non_pref_chan[i] rows.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 22 Feb 2016 17:35:39 +0000 (19:35 +0200)]
tests: WNM Sleep Mode - AP side OOM
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 22 Feb 2016 17:34:06 +0000 (19:34 +0200)]
WNM: Fix a memory leak on AP error path
If the second memory allocation in ieee802_11_send_wnmsleep_resp() were
to fail and ieee80211_11_get_tfs_ie() succeed, the wnmtfs_ie allocation
would not have been freed on the error path.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Michael Braun [Sun, 21 Feb 2016 11:01:39 +0000 (12:01 +0100)]
VLAN: Fix vlan_compare() for tagged VLANs
While refactoring VLAN comparison into vlan_compare(), it was overlooked
that modifications are needed for tagged VLAN support.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Dedy Lansky [Sun, 21 Feb 2016 12:49:44 +0000 (14:49 +0200)]
hostapd_cli: Add support for RAW command
Same as for wpa_cli, RAW command is a passthrough to hostapd control
interface.
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Jouni Malinen [Mon, 22 Feb 2016 14:46:29 +0000 (16:46 +0200)]
MBO: Mandate use of PMF for WPA2+MBO association (STA)
If WPA2 is used, MBO AP must enable PMF. Refuse to select a BSS that has
MBO and WPA2 enabled without PMF.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 22 Feb 2016 14:39:24 +0000 (16:39 +0200)]
MBO: Mandate use of PMF for WPA2+MBO association (AP)
If WPA2 and MBO are enabled, PMF needs to be enabled in hostapd
configuration. If PMF is optional in the configuration, an MBO STA is
required to negotiate use of PMF.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 22 Feb 2016 14:26:29 +0000 (16:26 +0200)]
tests: MBO cellular data capability update with PMF required
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 22 Feb 2016 10:06:33 +0000 (12:06 +0200)]
tests: MBO cellular data capability update
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 22 Feb 2016 11:24:21 +0000 (13:24 +0200)]
MBO: Update STA cellular data capability based on WNM Notification
This makes hostapd parse a received WNM Notification Request frame
subelements and if a WFA MBO cellular data capability subelement is
seen, update the cellular data capability for the STA.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 22 Feb 2016 11:03:28 +0000 (13:03 +0200)]
MBO: Track STA cellular data capability from association request
This makes hostapd parse the MBO attribute in (Re)Association Request
frame and track the cellular data capability (mbo_cell_capa=<val> in STA
control interface command).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 22 Feb 2016 10:41:48 +0000 (12:41 +0200)]
WNM: Minimal processing for WNM Notification Request frames on AP
Write debug log entries on receiving WNM Notification Request frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 22 Feb 2016 10:41:00 +0000 (12:41 +0200)]
MBO: Indicate WNM-Notification support on AP when MBO is enabled
This is needed to allow MBO STAs to send WNM Notification Request
frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 22 Feb 2016 09:37:03 +0000 (11:37 +0200)]
Simplify hostapd_build_ap_extra_ies() with helper functions
This removes multiple copies of wpabuf_resize() following by
wpabuf_put_{buf,data}() with the help of two simple helper functions.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 22 Feb 2016 08:57:37 +0000 (10:57 +0200)]
tests: WNM BSS Transition Management query
This tests BSS Transition Management Query frame generation with
candidate list and transmission of the following request and response
frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 21 Feb 2016 21:01:45 +0000 (23:01 +0200)]
MBO: Expire non-matching bss_tmp_disallowed entries as part of check
This makes wpa_is_bss_tmp_disallowed() expire old entries from the
bss_tmp_disallowed list even if they do not match the BSSID that is
being searched for. This allows the list to be kept at shorter length to
speed up operations and minimize memory use in cases where the
previously disabled BSS is not in radio range anymore.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 21 Feb 2016 18:54:23 +0000 (20:54 +0200)]
MBO: Parse MBO IE in ieee802_11_parse_elems()
Signed-off-by: Jouni Malinen <j@w1.fi>
Avraham Stern [Mon, 15 Feb 2016 14:54:02 +0000 (16:54 +0200)]
MBO: Send WNM-Notification when cellular capabilities change
Send a WNM-Notification to the associated AP to indicate changes in
cellular data capabilities.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Mon, 15 Feb 2016 14:53:55 +0000 (16:53 +0200)]
tests: MBO association disallowed indication
Add a test that verifies that no Association Request frame is sent to
APs that include the MBO IE with association disallowed attribute in
Beacon and Probe Response frames.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Mon, 15 Feb 2016 14:53:54 +0000 (16:53 +0200)]
tests: WNM BSS Transition Management with MBO IE
Add tests to verify that MBO IE in BSS Transition Management Request
frame is parsed correctly:
1. The MBO transition reason code is received by the MBO station.
2. The MBO cellular data connection preference is received by the
MBO station.
3. The MBO station does not try to connect to the AP until the retry
delay is over.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Ilan Peer [Mon, 15 Feb 2016 14:53:58 +0000 (16:53 +0200)]
tests: Enable CONFIG_MBO in hwsim configs
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Avraham Stern [Mon, 15 Feb 2016 14:53:49 +0000 (16:53 +0200)]
hostapd: Add MBO IE to BSS Transition Management Request frame
Add an option to add MBO IE to BSS Transition Management Request frame.
The MBO IE includes the transition reason code, cellular data connection
preference, and, if the disassoc imminent bit is set, it may also
include re-association retry delay. Otherwise, the re-association retry
delay should be set to zero.
The additional BSS_TM_REQ argument uses the following format:
mbo=<reason>:<reassoc delay>:<cell pref>
reason: 0-9
reassoc delay: 0-65535 (seconds; 0 = disabled)
cell pref: 0, 1, 255
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Mon, 15 Feb 2016 14:53:52 +0000 (16:53 +0200)]
hostapd: Add MBO IE to Beacon, Probe Response, Association Response
Add MBO IE with AP capability attribute to Beacon, Probe Response, and
(Re)Association Response frames to indicate the AP supports MBO.
Add option to add Association Disallowed attribute to Beacon, Probe
Response, and (Re)Association Response frames. Usage:
SET mbo_assoc_disallow <reason code>
Valid reason code values are between 1-5. Setting the reason code to
0 will remove the Association Disallowed attribute from the MBO IE
and will allow new associations.
MBO functionality is enabled by setting "mbo=1" in the config file.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Mon, 15 Feb 2016 14:53:48 +0000 (16:53 +0200)]
Move Hotspot 2.0 element in (Re)Association Request frames
According to IEEE Std 802.11-2012, Table 8-22, vendor specific elements
must follow all other elements, so Hotspot 2.0 element which is actually
a vendor specific element must come after all other elements.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Mon, 15 Feb 2016 14:53:48 +0000 (16:53 +0200)]
Re-order elements in (Re)Association Request frames
According to IEEE Std 802.11-2012, Table 8-22, RM Enabled Capabilities
element must come before the Extended Capabilities element.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Mon, 15 Feb 2016 14:53:43 +0000 (16:53 +0200)]
WNM: Add candidate list to BSS transition query
Add an option to configure a candidate list to BSS transition query
("list" as the second argument to WNM_BSS_QUERY). The candidate list is
built from the available scan results. If no updated scan results (< 10
sec) are available, the command fails.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Mon, 15 Feb 2016 14:53:41 +0000 (16:53 +0200)]
WNM: Add candidate list to BSS transition response
Add the transition candidate list to BSS Transition Management Response
frame. The candidates preference is set using the regular wpa_supplicant
BSS selection logic. If the BSS transition request is rejected and
updated scan results are not available, the list is not added.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
David Spinadel [Mon, 15 Feb 2016 14:53:40 +0000 (16:53 +0200)]
utils: Derive phy type by frequency and bandwidth
Add a function to derive phy type from frequency and bandwidth
as defined in IEEE Std 802.11ac-2013 Annex C (dot11PHYType).
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Avraham Stern [Mon, 15 Feb 2016 14:53:37 +0000 (16:53 +0200)]
MBO: Add MBO IE to BSS Transition Management Response frame
When rejecting a BSS Transition Management Request frame, add MBO IE to
the BSS Transition Management Response frame to specify the transition
rejection reason.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Mon, 15 Feb 2016 14:53:36 +0000 (16:53 +0200)]
MBO: Parse MBO IE in BSS Transition Management Request frames
Add parsing of MBO IE in BSS Transition Management Request frames. If
the MBO IE includes the association retry delay attribute, do not try to
reconnect to the current BSS until the delay time is over.
If the MBO IE includes the cellular data connection preference attribute
or the transition rejection reason attribute, send a message to upper
layers with the data.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Mon, 15 Feb 2016 14:53:34 +0000 (16:53 +0200)]
MBO: Add Supported Operating Classes element to Association Request
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Mon, 15 Feb 2016 14:53:32 +0000 (16:53 +0200)]
MBO: Add global operating class definitions
Add definitions for global operating classes. These definitions will be
used to construct supported operating classes information element.
The operating classes definitions used locally for P2P module will be
removed and included in the general operating classes definitions.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
David Spinadel [Mon, 15 Feb 2016 14:53:29 +0000 (16:53 +0200)]
MBO: Prevent association to APs that explicitly disallow this
Prevent association to MBO APs that have association disallowed
attribute in MBO IE in Beacon or Probe Response frames.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
David Spinadel [Mon, 15 Feb 2016 14:53:28 +0000 (16:53 +0200)]
MBO: Add cellular capability to MBO IE
Add cellular capability attribute to MBO IE and add MBO IE with cellular
capabilities to Probe Request frames. By default, cellular capability
value is set to Not Cellular capable (3).
Signed-off-by: David Spinadel <david.spinadel@intel.com>
David Spinadel [Mon, 15 Feb 2016 14:53:25 +0000 (16:53 +0200)]
MBO: Send MBO WNM-Notification Request frames to notify changes
Send a WNM-Notification Request frame with Non-preferred Channel Report
subelement if the non-preferred channels list changes during an
association.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
David Spinadel [Mon, 15 Feb 2016 14:53:24 +0000 (16:53 +0200)]
MBO: Implement MBO non-preferred channel report in Association Request
Add MBO IE with non-preferred channels to (Re)Association Request
frames.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
David Spinadel [Mon, 15 Feb 2016 14:53:22 +0000 (16:53 +0200)]
MBO: Add non-preferred channel configuration in wpa_supplicant
Add non-preferred channel configuration to wpa_config for MBO.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
David Spinadel [Mon, 15 Feb 2016 14:53:19 +0000 (16:53 +0200)]
MBO: Add Multi Band Operation definitions
These are based on the specification draft WFA_MBO_TechSpec_v0.0_r19.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Jouni Malinen [Sun, 21 Feb 2016 15:07:47 +0000 (17:07 +0200)]
ndis: Use the new get_ie() helper to avoid duplicated code
This removes more duplicated implementation of finding the first IE
based on the id.
Signed-off-by: Jouni Malinen <j@w1.fi>
Avraham Stern [Mon, 15 Feb 2016 14:53:17 +0000 (16:53 +0200)]
utils: Share a single helper function to get IE by ID
Add a helper function to find a certain IE inside IEs buffer by ID and
use this function in several places that implemented similar
functionality locally.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Mon, 15 Feb 2016 14:53:13 +0000 (16:53 +0200)]
wpa_supplicant: Share a single get_mode() implementation
There is no need to duplicate this helper function in multiple files.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Jouni Malinen [Sat, 20 Feb 2016 17:22:43 +0000 (19:22 +0200)]
VLAN: Check vlan_desc validity in a failure debug print
The recent VLAN changes added an explicit code path that sets vlan_desc
= NULL within ap_sta_set_vlan(). This makes some code analyzers warn
about the debug print that could potentially dereference this pointer.
Silence that warning by verifying the pointer more consistently within
this function.
Signed-off-by: Jouni Malinen <j@w1.fi>
Nick Lowe [Fri, 19 Feb 2016 15:22:25 +0000 (15:22 +0000)]
Use 64-bit TX/RX byte counters for statistics
If the driver supports 64-bit TX/RX byte counters, use them directly.
The old 32-bit counter extension is maintained for backwards
compatibility with older drivers.
For nl80211 driver interface, the newer NL80211_STA_INFO_RX_BYTES64 and
NL80211_STA_INFO_TX_BYTES64 attributes are used when available. This
resolves the race vulnerable 32-bit value wrap/overflow. Rework RADIUS
accounting to use these for Acct-Input-Octets, Acct-Input-Gigawords,
Acct-Output-Octets, and Acct-Output-Gigawords, these values are often
used for billing purposes.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Andrei Otcheretianski [Tue, 16 Feb 2016 09:54:33 +0000 (11:54 +0200)]
AP: Set STA assoc flag in the driver before sending Assoc Resp frame
Previously, stations were added to the driver only after the
(Re)Association Response frame was acked. In the time period between the
station has acked the (Re)Association Response frame and the time the
station was added to the kernel, the station can already start sending
Data frames, which will be dropped by the hardware/driver. In addition
to the data loss, the driver may ignore NDPs with PM bit set from this
STA.
Fix this by setting/adding the STA with associated flag set to the
driver before the AP sends the (Re)Association Response frame with
status success. If the (Re)Association Response frame wasn't acked,
remove the station from the driver.
Note that setting a station to associated state before the non-AP
station acknowledges the (Re)Association Response frame is not compliant
with the IEEE 802.11 standard that specifically states that a non-AP
station should transition to authenticated/associated state only after
it acknowledged the (Re)Association Response frame. However, this is a
justifiable simplification to work around the issue described above since
1. The station will be removed in case it does not acknowledge the
(Re)Association Response frame.
2. All Data frames would be dropped until the station is set to
authorized state and there are no known issues with processing the
other Class 3 frames during the short window before the
acknowledgement is seen.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Ayala Beker [Tue, 16 Feb 2016 09:54:32 +0000 (11:54 +0200)]
AP: Add support for full station state
Add support for drivers that support full AP client state, i.e., can
handle adding stations that are not associated yet. For such drivers,
add a station after processing the authentication request, instead of
adding it in the association response callback.
Doing so is beneficial in cases where the driver cannot handle the add
station request, in which case it is useless to perform the complete
connection establishment.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Ayala Beker [Tue, 16 Feb 2016 09:54:31 +0000 (11:54 +0200)]
nl80211: Add support for full station state operations
This provides means for determining whether the driver supports full AP
station state and setting the needed STA flags for using this
functionality.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Jouni Malinen [Sat, 20 Feb 2016 10:05:48 +0000 (12:05 +0200)]
tests: EAP-FAST protocol testing
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 20 Feb 2016 08:06:48 +0000 (10:06 +0200)]
EAP-FAST peer: Remove fixed return value from eap_fast_parse_phase1()
This function was always returning 0, so the error path was unreachable.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 20 Feb 2016 08:06:02 +0000 (10:06 +0200)]
tests: Verify fast_max_pac_list_len=0 special case
Signed-off-by: Jouni Malinen <j@w1.fi>
Nick Lowe [Tue, 9 Feb 2016 16:02:32 +0000 (16:02 +0000)]
EAP-pwd server: Use os_get_random() for unpredictable token
Do not use os_random() that uses a low quality PRNG to generate the
anti-clogging token. The construction can be improved upon by replacing
it with a call to os_get_random(), which uses a high quality PRNG. While
the RFC 5931 explictly recommends not to do this ("SHOULD NOT be from a
source of random entropy"), it does still mandate unpredicability ("MUST
be unpredictable"). The anti-clogging token is most unpredictable when
it is taken from a high quality PRNG.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Nick Lowe [Tue, 9 Feb 2016 14:49:35 +0000 (14:49 +0000)]
DFS: Remove the os_random() fallback
Remove the fallback dependency on os_random() from the code that gets a
valid DFS channel. This is exceptionally unlikely to ever be called as
the call to os_get_random() is unlikely to fail. The intention is to
facilitate future removal of os_random() as it uses a low quality PRNG.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Nick Lowe [Tue, 9 Feb 2016 14:47:47 +0000 (14:47 +0000)]
WPS: Use only os_get_random() for PIN generation
Remove the fallback dependency on os_random() when generating a WPS pin.
This is exceptionally unlikely to ever be called as the call to
os_get_random() is unlikely to fail. The intention is to facilitate
future removal of os_random() as it uses a low quality PRNG.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Nick Lowe [Tue, 9 Feb 2016 14:43:21 +0000 (14:43 +0000)]
Use os_get_random() for Shared Key authentication challenge
Do not use the system clock or os_random() that uses a low quality PRNG
as part of the pseudo-random challenge in auth_shared_key(). The
construction can be improved upon by replacing it with a call to
os_get_random(), which uses a high quality PRNG.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Jouni Malinen [Fri, 19 Feb 2016 16:43:45 +0000 (18:43 +0200)]
tests: Allow PIN generation failure during OOM in ap_wps_random_ap_pin
This is needed to avoid reporting failures after a change to remove the
fallback path in PIN generation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Nick Lowe [Sat, 13 Feb 2016 12:20:12 +0000 (12:20 +0000)]
Add RADIUS Service-Type attribute with a value of Framed
This seems to be the common value used by APs and also mentioned in RFC
3580.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Jouni Malinen [Fri, 19 Feb 2016 16:41:23 +0000 (18:41 +0200)]
tests: Renew expired certificates
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Masashi Honma [Wed, 17 Feb 2016 10:48:53 +0000 (19:48 +0900)]
mesh: Drop Authentication frames from BLOCKED STA
Previously, only mesh Action frames from BLOCKED STA were dropped.
Extend that to drop Authentication frames as well.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Masashi Honma [Mon, 15 Feb 2016 02:23:37 +0000 (11:23 +0900)]
SAE: Fix PMKID calculation for PMKSA cache
The SAE PMKID is calculated with IEEE Std 802.11-2012 11.3.5.4, but the
PMKID was re-calculated with 11.6.1.3 and saved into PMKSA cache. Fix
this to save the PMKID calculated with 11.3.5.4 into the PMKSA cache.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Nick Lowe [Sat, 13 Feb 2016 20:29:47 +0000 (20:29 +0000)]
Print Acct-Session-Id and Acct-Multi-Session-Id 64-bit values
These are now 64-bit variables and the printf formats and type casts
need to be updated to match.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Roy Marples [Wed, 10 Feb 2016 20:39:14 +0000 (20:39 +0000)]
kqueue: Use 0 instead of NULL for udata
Use 0 for udata instead of NULL for portability.
NetBSD uses uintptr_t, others a pointer.
Signed-off-by: Roy Marples <roy@marples.name>
Roy Marples [Wed, 10 Feb 2016 19:27:42 +0000 (19:27 +0000)]
ctype functions require an unsigned char
Ensure that characters are represented as unsigned char when using
isblank() and isspace(). These function take in a "int c" argument, but
it needs to be unsigned for the cases where EOF is not indicated.
Signed-off-by: Roy Marples <roy@marples.name>
Roy Marples [Wed, 10 Feb 2016 11:53:41 +0000 (11:53 +0000)]
Fix compile on NetBSD for vlan
Shuffle includes above system ones so to fix a compile issue
on NetBSD where the if_type #define from <net/if.h>
conflicts with the wpa_driver_if_type enum.
Signed-off-by: Roy Marples <roy@marples.name>
Roy Marples [Wed, 10 Feb 2016 11:22:11 +0000 (11:22 +0000)]
wired: Fix compile on NetBSD for wired driver
Shuffle wpa_supplicant includes above system ones so that
to fix a compile problem on NetBSD where if_type #define
conflicts with the wpa_driver_if_type enum.
Signed-off-by: Roy Marples <roy@marples.name>
Roy Marples [Wed, 10 Feb 2016 10:48:01 +0000 (10:48 +0000)]
Add CONFIG_ELOOP_KQUEUE to defconfig
Signed-off-by: Roy Marples <roy@marples.name>
Jouni Malinen [Thu, 18 Feb 2016 09:59:58 +0000 (11:59 +0200)]
nl80211: Avoid wpa_printf %s call with NULL pointer in set_param()
While most C libraries print "(null)" when NULL is used as an argument
to printf format string %s, this is not really necessary to print here,
so move the debug print to be after the NULL check.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Michael Braun [Thu, 21 Jan 2016 13:52:07 +0000 (14:52 +0100)]
tests: Verify correct VLAN after RSN pre-authentication
This enhances the test pmksa_cache_preauth_vlan_used to check
connectivity in the correct VLAN bridge.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:52:06 +0000 (14:52 +0100)]
tests: Verify connectivity with untagged/tagged VLAN mixed configuration
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:52:05 +0000 (14:52 +0100)]
tests: Untagged VLAN ID with EGRESS_VLANID RADIUS attribute
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:52:04 +0000 (14:52 +0100)]
tests: STA assigned to vif under per_sta_vif
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:52:03 +0000 (14:52 +0100)]
tests: Verify ap_vlan_iface_cleanup_multibss with per_sta_vif
This adds a new test case to run ap_vlan_iface_cleanup_multibss with
per_sta_vif enabled.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:52:02 +0000 (14:52 +0100)]
tests: Verify tagged-only connectivity
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:52:01 +0000 (14:52 +0100)]
wpa_supplicant: Parse ifname argument from DATA_TEST_CONFIG
This is required to test tagged VLANs.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:52:00 +0000 (14:52 +0100)]
VLAN: Add per-STA vif option
This allows the stations to be assigned to their own vif. It does not
need dynamic_vlan to be set. Make hostapd call ap_sta_set_vlan even if
!vlan_desc.notempty, so vlan_id can be assigned regardless.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:51:59 +0000 (14:51 +0100)]
VLAN: Actually add tagged VLANs to AP_VLAN
This makes vlan_newlink() and vlan_dellink() add tagged VLANs to AP_VLAN
interfaces as given by struct vlan_description.
hostapd_vlan_if_remove() is done in vlan_dellink() as tagged interfaces
need to be removed before the interface can be deleted and a DELLINK
message can be generated.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:51:58 +0000 (14:51 +0100)]
VLAN: Factor out per-vid code in newlink/dellink
To prepare for adding tagged VLAN support in vlan_init.c, vlan_newlink()
and vlan_dellink() are split into multiple functions. This reduces
indention and eases adding tagged VLANs as well.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:51:57 +0000 (14:51 +0100)]
radius: Add tagged VLAN parsing
1. Add tagged VLAN to struct vlan_description
(compile limited number of tagged VLANs per description)
For k tagged VLANs, the first k entries in vlan_description.tagged
are used. They are sorted in ascending order. All other entries are
zero. This way os_memcmp() can find identical configurations.
2. Let tagged VLANs be parsed from RADIUS Access-Accept
3. Print VLAN %d+ with %d=untagged VID if tagged VLANs are set
4. Select an unused vlan_id > 4096 for new tagged VLAN configurations
5. Add EGRESS_VLAN RADIUS attribute parsing also for untagged VLANs
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Thu, 21 Jan 2016 13:51:56 +0000 (14:51 +0100)]
VLAN: Separate station grouping and uplink configuration
Separate uplink configuration (IEEE 802.1q VID) and grouping of stations
into AP_VLAN interfaces.
The int vlan_id will continue to identify the AP_VLAN interface the
station should be assigned to. Each AP_VLAN interface corresponds to an
instance of struct hostapd_vlan that is uniquely identified by int
vlan_id within an BSS.
New: Each station and struct hostapd_vlan holds a struct
vlan_description vlan_desc member that describes the uplink
configuration requested. Currently this is just an int untagged IEEE
802.1q VID, but can be extended to tagged VLANs and other settings
easily.
When the station was about to be assigned its vlan_id, vlan_desc and
vlan_id will now be set simultaneously by ap_sta_set_vlan(). So
sta->vlan_id can still be tested for whether the station needs to be
moved to an AP_VLAN interface.
To ease addition of tagged VLAN support, a member notempty is added to
struct vlan_description. Is is set to 1 if an untagged or tagged VLAN
assignment is requested and needs to be validated. The inverted form
allows os_zalloc() to initialize an empty description.
Though not depended on by the code, vlan_id assignment ensures:
* vlan_id = 0 will continue to mean no AP_VLAN interface
* vlan_id < 4096 will continue to mean vlan_id = untagged vlan id
with no per_sta_vif and no extra tagged vlan.
* vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans.
This way struct wpa_group and drivers API do not need to be changed in
order to implement tagged VLANs or per_sta_vif support.
DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only,
thus grouping of the stations for per_sta_vif can be used with
DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct
hostapd_vlan is still used to manage AP_VLAN interfaces.
MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of
VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will
continue to refer to int vlan_id.
Renaming vlan_id to vlan_desc when type changed from int to struct
vlan_description was avoided when vlan_id was also used in a way that
did not depend on its type (for example, when passed to another
function).
Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN
%d" will refer to untagged IEEE 802.1q VID.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Jouni Malinen [Tue, 16 Feb 2016 16:30:55 +0000 (18:30 +0200)]
OpenSSL: Fix PKCS#12 parsing of extra certificates with OpenSSL 1.0.1
Commit
8bcf8de827e841a35841034edd6f8281a7a3aeba ('OpenSSL: Fix memory
leak in PKCS12 additional certificate parsing') tried to fix a memory
leak in both the 1.0.2(and newer) and 1.0.1 branches of PKCS12 parsing.
However, the 1.0.1 case was not properly tested and freeing of the
certificate after a successful SSL_CTX_add_extra_chain_cert() call
resulted in use of freed memory when going through the TLS handshake.
Fix this by not freeing the certificate in that specific case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 16 Feb 2016 13:52:08 +0000 (15:52 +0200)]
wpa_cli: Clean up logical operation
While '!func() == 0' here resulted in correct behavior, it is not clear
and clang is starting to warn about this (-Wlogical-not-parentheses).
Use 'func()' instead as the condition to clear this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 16 Feb 2016 13:49:28 +0000 (15:49 +0200)]
TDLS: Clean up os_memcmp use
Ciuple of the nonce comparisons used a strange '!os_memcmp() == 0' to
check if the values were different. While this resulted in correct
behavior, the construction is not exactly clear and clang has started
warning about this (-Wlogical-not-parentheses). Clean this up by using
'os_mecmp() != 0'.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 16 Feb 2016 13:28:16 +0000 (15:28 +0200)]
tests: Fix eap_proto_sake_errors with OpenSSL 1.1.0
The use of the newer OpenSSL API in openssl_hmac_vector() removes one of
the memory allocations, so the TEST_ALLOC_FAIL here could not trigger.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 16 Feb 2016 12:10:29 +0000 (14:10 +0200)]
trace: Free symbols on program exit
This makes valgrind memleak checks with CONFIG_WPA_TRACE=y somewhat
cleaner.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 16 Feb 2016 11:29:40 +0000 (13:29 +0200)]
OpenSSL: Fix memory leak in PKCS12 additional certificate parsing
The additional PKCS12 certificates were not freed properly in the loop
added in commit
de2a7b796d82d92120aa9532450863f503e1885a ('OpenSSL: Use
connection certificate chain with PKCS#12 extra certs').
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 16 Feb 2016 11:13:36 +0000 (13:13 +0200)]
OpenSSL: Fix memory leak in HMAC_CTX compatibility wrapper function
Commit
5c9a33702fd9e9ae9c349d6461a6621801d4f9cb ('OpenSSL: Clean up
crypto_hash_*() to use a single implementation') added a wrapper
function to allow the new OpenSSL API to be used with older OpenSSL
versions. However, the HMAC_CTX_free() wrapper was incorrectly skipping
the call to HMAC_CTX_cleanup() which is still needed to free the
resources OpenSSL allocated internally.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 22:40:41 +0000 (00:40 +0200)]
OpenSSL: Fix memory leak in OCSP parsing
The result from OCSP_cert_to_id() needs to be freed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 22:35:34 +0000 (00:35 +0200)]
OpenSSL: Do not use library init/deinit functions with 1.1.0
SSL_library_init() does not work properly after EVP_cleanup() starting
from OpenSSL 1.1.0 pre release 3. The automated library init/deinit
functions in that pre release are supposed to handle all initialization
and deinitialiation, so comment out the explicit calls to these function
with OpenSSL 1.1.0 and newer.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 22:34:42 +0000 (00:34 +0200)]
OpenSSL: Fix memory leak in subjectAltName parsing
The parsed data from X509_get_ext_d2i() needs to be freed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 22:33:27 +0000 (00:33 +0200)]
curl: Fix memory leak in subjectAltName parsing
The parsed data from X509_get_ext_d2i() needs to be freed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 22:30:43 +0000 (00:30 +0200)]
OpenSSL: Fix memory leak with EVP_CIPHER_CTX_new()
Commit
1eb87ae48d829b77e805de9ba71f958b53930c88 ('OpenSSL: Use
EVP_CIPHER_CTX_new() to work with OpenSSL 1.1.0') started using
EVP_CIPHER_CTX_new() to allocate EVP_CIPHER_CTX from heap instead of
using stack memory. This commit used incorrect EVP_CIPHER_CTX_reset()
function in number of cases when the allocated memory was supposed to be
freed instead of just reset for reuse. Fix this by using
EVP_CIPHER_CTX_free() properly.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 22:14:47 +0000 (00:14 +0200)]
rfkill: Fix a memory leak
rfkill_init() uses realpath() which allocates memory and that memory was
not freed on the success path.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 15 Feb 2016 19:53:33 +0000 (21:53 +0200)]
OpenSSL: Fix memory leak on error path
If SSL_CTX_new(SSLv23_method()) fails, tls_init() error path did not
free the allocated struct tls_data instance.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Lior David [Mon, 8 Feb 2016 10:30:04 +0000 (12:30 +0200)]
wpa_supplicant: Basic support for PBSS/PCP
PBSS (Personal Basic Service Set) is a new BSS type for DMG
networks. It is similar to infrastructure BSS, having an AP-like
entity called PCP (PBSS Control Point), but it has few differences.
PBSS support is mandatory for IEEE 802.11ad devices.
Add a new "pbss" argument to network block. The argument is used
in the following scenarios:
1. When network has mode=2 (AP), when pbss flag is set will start
as a PCP instead of an AP.
2. When network has mode=0 (station), when pbss flag is set will
connect to PCP instead of AP.
The function wpa_scan_res_match() was modified to match BSS according to
the pbss flag in the network block (wpa_ssid structure). When pbss flag
is set it will match only PCPs, and when it is clear it will match only
APs.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Lior David [Mon, 8 Feb 2016 10:16:45 +0000 (12:16 +0200)]
nl80211: Basic support for PBSS/PCP
PBSS (Personal Basic Service Set) is a new BSS type for DMG
networks. It is similar to infrastructure BSS, having an AP-like
entity called PCP (PBSS Control Point), but it has few differences.
PBSS support is mandatory for IEEE 802.11ad devices.
Add a pbss flag to the relevant structures to support starting a PCP and
connecting to a PCP. Implement support in the nl80211 driver by using
the new PBSS flag attribute.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Jouni Malinen [Mon, 8 Feb 2016 20:12:57 +0000 (22:12 +0200)]
Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2016-01-28.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 19:14:45 +0000 (21:14 +0200)]
tests: EAP state machine status information
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 19:05:02 +0000 (21:05 +0200)]
tests: Additional EAP-Finish local error coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 19:01:41 +0000 (21:01 +0200)]
EAP peer: Simplify buildNotify return
There is no need for the local variable and two return statements.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 19:01:06 +0000 (21:01 +0200)]
tests: EAP Notification errors
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 18:51:04 +0000 (20:51 +0200)]
Clean up EAP peer PCSC identity functions
Leave out more code if PCSC_FUNCS is not defined since config->pcsc != 0
case cannot be used with such a build.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Feb 2016 18:43:48 +0000 (20:43 +0200)]
tests: EAP-Nak special cases
Signed-off-by: Jouni Malinen <j@w1.fi>