Po-Lun Lai [Wed, 23 Oct 2013 10:16:31 +0000 (13:16 +0300)]
P2P: Check Action frame payload match before accepted TX status
It is possible for there to be two pending off-channel TX frames, e.g.,
when two devices initiate GO Negotiation at more or less the same time.
This could result in the TX status report for the first frame clearing
wpa_s->pending_action_tx that included the newer frame that has not yet
been transmitted (i.e., is waiting to be sent out). Avoid losing that
frame by confirming that the TX status payload matches the pending frame
before clearing the pending frame and reporting the TX status callback.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 23 Oct 2013 08:51:45 +0000 (11:51 +0300)]
Fix ENABLE_NETWORK not to reconnect in disconnected state
DISCONNECT followed by ENABLE_NETWORK ended up starting a scan for a new
connection due to wpa_supplicant_enable_one_network() setting
wpa_s->reassociate = 1. This was done regardless of wpa_s->disconnected
being 1 which should imply that wpa_supplicant should not try to connect
before asked explicitly with REASSOCIATE or RECONNECT.
Fix this by making ENABLE_NETWORK setting of reassociate = 1 and
starting of scans for connection conditional on wpa_s->disconnected ==
0. This will make ENABLE_NETWORK trigger a connection only if
wpa_supplicant is already in a state where it would try to connect if
there are any enabled networks.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Helmut Schaa [Tue, 22 Oct 2013 21:27:34 +0000 (00:27 +0300)]
hostapd: Select any supported channel if ACS fails
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
Helmut Schaa [Tue, 22 Oct 2013 21:23:13 +0000 (00:23 +0300)]
hostapd: Allow ACS to deal with partial survey data
Previously ACS required valid survey data on all available channels.
This can however not be guaranteed. Instead of just failing, fall back
to the subset of channels that have valid ACS data.
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
Helmut Schaa [Tue, 22 Oct 2013 21:18:41 +0000 (00:18 +0300)]
hostapd: Propagate ACS errors to iface setup
Otherwise hostapd might hang doing nothing anymore. Propagate ACS
errors so we can fail gracefully.
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
Helmut Schaa [Tue, 22 Oct 2013 21:15:57 +0000 (00:15 +0300)]
hostapd: Don't get stuck after failed ACS
If ACS fails we still need to call hostapd_setup_interface_complete.
Otherwise hostapd will just hang doing nothing anymore. However, pass
an error to hostapd_setup_interface_complete to allow a graceful fail.
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
Dan Williams [Tue, 22 Oct 2013 20:35:45 +0000 (23:35 +0300)]
doc: Update D-Bus docs for Scan()'s new AllowRoam option
Signed-hostap: Dan Williams <dcbw@redhat.com>
Jouni Malinen [Tue, 22 Oct 2013 16:10:56 +0000 (19:10 +0300)]
Make frequency range list routines more general
This allows the frequency range list implementation to be shared for
other purposes.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 22 Oct 2013 15:44:05 +0000 (18:44 +0300)]
P2P: Add more user friendly debug print of channel lists
This makes it easier to go through the P2P channel list operations in
the debug log without having to parse through the hexdump manually.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Dan Williams [Tue, 22 Oct 2013 13:09:46 +0000 (16:09 +0300)]
dbus: Add boolean AllowRoam option to Scan() method options dictionary
To disallow roaming when a scan request's results are read, callers
of the D-Bus Scan() method may add a new "AllowRoam" boolean key
to the scan options dictionary and set that key's value to FALSE.
Signed-hostap: Dan Williams <dcbw@redhat.com>
Pontus Fuchs [Tue, 22 Oct 2013 12:57:21 +0000 (15:57 +0300)]
Don't start second scan when changing scan interval
If a scan is currently running and the scan interval is changed, a
second scan will be started before the current has finished. This will
in turn, if no networks are configured, cause wpa_s->state to be
forced to WPA_INACTIVE before the first scan has finished.
Signed-hostap: Pontus Fuchs <pontus.fuchs@gmail.com>
Michal Kazior [Tue, 22 Oct 2013 12:50:07 +0000 (15:50 +0300)]
nl80211: Fix DFS radar event parsing
Incorrect nla_get variants were used to get event type and frequency.
Kernel passes both as u32. This caused issues on tinynl/big-endian hosts
- CAC finished was treated as radar detection and frequency was 0.
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
Jouni Malinen [Tue, 22 Oct 2013 10:35:32 +0000 (13:35 +0300)]
nl80211: Free BSS structure even if netdev does not exists
It is possible for a vif netdev to be removed by something else than
hostapd and if that happens for a virtual AP interface, if_remove()
handler should still free the local data structure to avoid memory leaks
if something external removes a netdev.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 21 Oct 2013 15:09:37 +0000 (18:09 +0300)]
nl80211: Update send_action_cookie on AP-offchannel-TX path
Previously, the send_mlme->send_frame->send_frame_cmd path that could be
used when a GO sends an offchannel Action frame ended up not updating
drv->send_action_cookie. This can result in an issue with not being able
to cancel wait for the response, e.g., in invitation-to-running-group
case.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 21 Oct 2013 14:43:26 +0000 (17:43 +0300)]
tests: Add pre-authorized invitation-to-active-group
test_p2p_go_invite_auth is similar to test_p2p_go_invite with the main
difference being in the peer device pre-authorizing the invitation
instead of processing invitation at upper layers after having received
it.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 21 Oct 2013 11:17:58 +0000 (14:17 +0300)]
tests: Add test cases for GAS operations
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 21 Oct 2013 11:36:27 +0000 (14:36 +0300)]
GAS: Add support for multiple pending queries for the same destination
Need to use the pointer to the current ongoing query instead of matching
from the pending list based on the destination address so that we get
the correct query instance when processing the TX status report.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 21 Oct 2013 10:20:38 +0000 (13:20 +0300)]
GAS: Do not start new scan operation during an ongoing GAS query
These operations can have conflicting offchannel requirements, so wait
with a new scan trigger until a pending GAS query has been completed.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Kyeyoon Park [Mon, 21 Oct 2013 10:15:45 +0000 (13:15 +0300)]
GAS: Delay GAS query Tx while scanning/connecting
Offchannel operations needed for a GAS query can conflict with ongoing
scan/connection progress, so delay GAS queries if such an operation is
in progress on the current interface or any virtual interface sharing
the same radio.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Kyeyoon Park [Mon, 21 Oct 2013 10:13:42 +0000 (13:13 +0300)]
GAS: Delay GAS query Tx while another query is in progress
It would be possible to issue another GAS query when a previous one is
still in progress and this could result in conflicting offchannel
operations. Prevent that by delaying GAS query initiation until the
previous operation has been completed.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 20 Oct 2013 18:34:39 +0000 (21:34 +0300)]
WPS: Clear after_wps from number of new locations
This makes it less likely to forget WPS single-channel scan optimization
in effect after having completed the WPS operation or in case WPS
operating gets cancelled.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 16:47:39 +0000 (19:47 +0300)]
tests: Add domain_suffix_match validation
This verifies that domain_suffix_match works correctly both for the
matching and mismatching cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 16:41:01 +0000 (19:41 +0300)]
tests: Add negative TLS test case to verify trust root validation
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 16:14:41 +0000 (19:14 +0300)]
tests: Stop test run on NOTE command failure
There is no point trying to go through a test case if the NOTE command
to write TEST-START entry does not succeed. This avoids some excessive
waits on buildbot trying to forcefully kill the programs on its timeout
if wpa_supplicant gets stuck waiting for something (like the current
issue with libnl events and commands having a chance of hitting a
blocking wait on netlink messages).
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 15:33:17 +0000 (18:33 +0300)]
P2P: Fix Operating Channel in Invitation Request for operating group
When a GO or P2P Client invites a peer device to join an already
operating group, the Operating Channel in Invitation Request needs to be
forced to the current operating channel of the group.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 15:19:27 +0000 (18:19 +0300)]
P2P: Cancel offchannel TX wait on Invitation Response RX
This fixes issues where a GO used offchannel-TX operation to send an
Invitation Request frame. Wait for the offchannel TX operation needs to
be stopped as soon as the Invitation Response frame has been received.
This addresses some issues where Probe Response frame from the GO
through the monitor interface may end up going out on a wrong channel
(the channel of this offchannel TX operation for invitation).
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 15:09:46 +0000 (18:09 +0300)]
D-Bus: Clean up debug print for P2P invitation result
wpa_printf() does not need '\n' so remove the extra newline. In
addition, drop the priority of this message from MSG_INFO to MSG_DEBUG
since this is in no way exceptional operation.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 15:06:15 +0000 (18:06 +0300)]
P2P: Fix PD retry channel on join-a-group case
Join-a-group needs to force the current operating channel of the target
group as the frequency to use for the PD exchange. When the channel was
selected based on a BSS entry for the GO, this worked only for the first
PD Request frame while the retries reverted to a potentially different
channel based on a P2P peer entry. Fix this by maintaining the forced
channel through the PD retry sequence.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 15:03:33 +0000 (18:03 +0300)]
tests: Force GO to have an old entry in test_p2p_go_invite
This adds more coverage to testing by forcing the GO to be found with an
older entry in the BSS table and with that entry having a different
operating channel. Such a case has found issues with PD retries and
scanning if incorrect frequency and SSID is selected for the group.
Instead of relying on the old BSS entry with different operating channel
to happen based on a specific test case sequence, force this to happen
for this test case every time.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 14:53:46 +0000 (17:53 +0300)]
P2P: Add GO BSS entry details to debug log on join-a-group
This makes it easier to debug issues related to selecting GO information
from the latest updated BSS table entry.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 14:22:50 +0000 (17:22 +0300)]
P2P: Accept Invitation Response non-success without Channel List
P2P Invitation Response frame is required to include the Channel List
attribute only in Status=Success case. Skip the debug message claiming
that a mandatory attribute was not included in non-Success case.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 10:41:23 +0000 (13:41 +0300)]
tests: Test case for Hotspot 2.0 with external SIM processing
This verifies network selection using 3GPP Network Information and
connection using EAP-SIM with GSM authentication handled by an external
program.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 09:10:53 +0000 (12:10 +0300)]
eap_proxy: Fix IMSI fetch for home vs. visited network determination
Use similar mechanism to CONFIG_PCSC=y case to set the IMSI and MNC
length for eap_proxy. This allows automatic 3GPP realm comparison
against the domain list.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 19 Oct 2013 21:01:24 +0000 (00:01 +0300)]
EAP-AKA/AKA' peer: Allow external USIM processing to be used
This allows the new external_sim=1 case to be used to perform UMTS
authentication step in EAP-AKA/AKA' peer process. Following control
interface event is used to request the operation:
CTRL-REQ-SIM-<network id>:UMTS-AUTH:<RAND>:<AUTN> needed for SSID <SSID>
Response from external processing is returned with
CTRL-RSP-SIM-<network id> UMTS-AUTH:<IK>:<CK>:<RES>
or
CTRL-RSP-SIM-<network id> UMTS-AUTS:<AUTS>
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 19 Oct 2013 15:36:12 +0000 (18:36 +0300)]
EAP-SIM peer: Allow external SIM processing to be used
This allows the new external_sim=1 case to be used to perform GSM
authentication step in EAP-SIM peer process. Following control interface
event is used to request the operation:
CTRL-REQ-SIM-<network id>:GSM-AUTH:<RAND1>:<RAND2>[:<RAND3>] needed
for SSID <SSID>
For example:
<3>CTRL-REQ-SIM-0:GSM-AUTH:
5e3496ce7d5863b3b09f97f565513bc3:
73f0f0bc5c47bcbed6f572d07ab74056:
447b784f08de80bdc2b1e100fccbb534
needed for SSID test
Response from external processing is returned with
CTRL-RSP-SIM-<network id> GSM-AUTH:<Kc1>:<SRES1>:<Kc2>:<SRES2>
[:<Kc3>:<SRES3>]
For example:
wpa_cli sim 0 GSM-AUTH:
d41c76e0079247aa:
2709ebfb:
43baa77cfc8bcd6c:
0fa98dc1:
a8ad1f6e30e
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 19 Oct 2013 15:35:04 +0000 (18:35 +0300)]
hlr_auc_gw: Add GSM-AUTH-REQ command
This can be used instead of SIM-REQ-AUTH to derive Kc and SRES values
from a previously assigned set of RAND values.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 19 Oct 2013 14:32:05 +0000 (17:32 +0300)]
EAP peer: Add framework for external SIM/USIM processing
The new configuration parameter external_sim=<0/1> can now be used to
configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM
authentication for EAP-SIM or UMTS authentication for EAP-AKA). The
requests and responses for such operations are sent over the ctrl_iface
CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing
password query mechanism.
Changes to the EAP methods to use this new mechanism will be added in
separate commits.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 19 Oct 2013 13:28:56 +0000 (16:28 +0300)]
eapol_test: Initialize BSS lists
This is needed to avoid issues with control interface commands that
could request BSS list during an eapol_test run. wpa_cli tries to update
its internal BSS list and that could trigger eapol_test crashes without
this.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 19 Oct 2013 13:26:01 +0000 (16:26 +0300)]
Send CTRL-RSP command response before processing EAPOL update
This is what the original implementation did years ago, but the move to
using separate control interface backends re-ordered the implementation
to process EAPOL notification first. Use a registered timeout to allow
the ctrl_iface response to be sent out first to get somewhat faster
response time and to avoid pending operations that could result in
ctrl_iface response and unsolicited event messages from getting mixed
up.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 19 Oct 2013 10:44:39 +0000 (13:44 +0300)]
eapol_test: Fix external EAP request mechanism
The eap_param_needed callback was forgotten from eapol_test and this
prevented external EAP request processing through ctrl_iface from being
tested.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 19 Oct 2013 10:08:37 +0000 (13:08 +0300)]
eapol_test: Initialize wpa_s->global to fix ctrl_iface
wpa_s->global is now dereferenced in number of places and at least one
of them hits in eapol_test cases. Fix issues with this by setting the
global pointer to empty data.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 18 Oct 2013 12:18:40 +0000 (15:18 +0300)]
Android: Add dfs.c into build
This fixes Android build after commit
e76da5052980f301fe61f2fc0e1e7a5789716061 that added the new dfs.c file.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 18 Oct 2013 10:16:37 +0000 (13:16 +0300)]
WNM: Set Disassoc Imminent flag in ESS Disassoc Imminent frame
The Disassociation Timer field is only valid if Disassoc Imminent is set
to 1.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 30 Jan 2013 05:34:47 +0000 (21:34 -0800)]
Interworking: Add required_roaming_consortium parameter for credentials
This allows credentials to be limited from being used to connect to a
network unless the AP advertises a matching roaming consortium OI.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sat, 15 Jun 2013 03:40:52 +0000 (20:40 -0700)]
GAS: Update timeout from TX status handler
This allow GAS operations to be fine-tuned based what happens with GAS
query TX. Failed queries are timed out immediately and acknowledged
queries are given some more time to account for possible TX queue
latencies.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 14 Jun 2013 18:42:23 +0000 (11:42 -0700)]
HTTP server: Allow TCP socket to be reused
This makes it easier to handle cases where the application is restarted
and the previously used local TCP port may not have been fully cleared
in the network stack.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 6 Aug 2013 15:23:22 +0000 (18:23 +0300)]
Add test option for specifying hardcoded BSS Load element
The new bss_load_test parameter can be used to configure hostapd to
advertise a fixed BSS Load element in Beacon and Probe Response frames
for testing purposes. This functionality is disabled in the build by
default and can be enabled with CONFIG_TESTING_OPTIONS=y.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 18 Oct 2013 11:06:11 +0000 (14:06 +0300)]
Define BSS Load element id
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 24 Jul 2013 10:17:56 +0000 (13:17 +0300)]
Interworking: Add support for QoS Mapping functionality for the STA
Indicate support for QoS Mapping and configure driver to update the QoS
Map if QoS Map Set elements is received from the AP either in
(Re)Association Response or QoS Map Configure frame.
This commit adds support for receiving the frames with nl80211 drivers,
but the actual QoS Map configuration command is still missing.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Kyeyoon Park [Wed, 24 Jul 2013 09:26:26 +0000 (12:26 +0300)]
atheros: Add support for QoS Mapping configuration
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Kyeyoon Park [Wed, 24 Jul 2013 09:28:20 +0000 (12:28 +0300)]
Interworking: Add support for QoS Mapping functionality for the AP
This allows QoS Map Set element to be added to (Re)Association Response
frames and in QoS Map Configure frame. The QoS Mapping parameters are
also made available for the driver interface.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 7 Oct 2013 01:14:51 +0000 (18:14 -0700)]
Interworking: Add domain_suffix_match for credentials
This allow domain_suffix_match to be specified for a cred block and then
get this copied for the network blocks generated from this credential as
part of Interworking network selection.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 2 Aug 2013 15:42:54 +0000 (18:42 +0300)]
Interworking: Add support for multiple home FQDNs
Credentials can now be configured with more than one FQDN ('domain'
field in the cred block) to perform Domain Name List matching against
multiple home domains.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 18 Oct 2013 11:12:09 +0000 (14:12 +0300)]
tests: Remove cred before changing domain
This is in preparation for supporting multiple domain values after which
setting the domain value does not replace the old value, but adds a new
one.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 7 Oct 2013 01:02:16 +0000 (18:02 -0700)]
Add AAA server domain name suffix matching constraint
The new domain_suffix_match (and domain_suffix_match2 for Phase 2
EAP-TLS) can now be used to specify an additional constraint for the
server certificate domain name. If set, one of the dNSName values (or if
no dNSName is present, one of the commonName values) in the certificate
must have a suffix match with the specified value. Suffix match is done
based on full domain name labels, i.e., "example.com" matches
"test.example.com" but not "test-example.com".
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 30 Sep 2013 07:56:32 +0000 (10:56 +0300)]
OpenSSL: Fix code indentation in OCSP processing
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Janusz Dziedzic [Wed, 16 Oct 2013 15:42:57 +0000 (18:42 +0300)]
hostapd: Add support for DFS with 160 MHz channel width
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Wed, 16 Oct 2013 11:15:06 +0000 (14:15 +0300)]
Mark DFS functions static and rename them
These functions are not used from outside dfs.c anymore.
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Wed, 16 Oct 2013 09:18:52 +0000 (12:18 +0300)]
hostapd: DFS with 40/80 MHz channel width support
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Wed, 16 Oct 2013 09:18:52 +0000 (12:18 +0300)]
DFS: Add more parameters to radar events
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Wed, 16 Oct 2013 09:18:52 +0000 (12:18 +0300)]
nl80211: Use struct hostapd_freq_params with start_dfs_cac
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Wed, 16 Oct 2013 09:18:52 +0000 (12:18 +0300)]
hostapd: Split hostapd_set_freq to helper function
This allows the functionality to fill in a struct hostapd_freq_params to
be shared.
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Tue, 15 Oct 2013 17:27:25 +0000 (20:27 +0300)]
hostapd: Add AP DFS support
Add DFS structures/events handlers, CAC handling, and radar detection.
By default, after radar is detected or the channel became unavailable, a
random channel will be chosen.
This patches are based on the original work by Boris Presman and
Victor Goldenshtein. Most of the DFS code is moved to a new dfs.c/dfs.h
files.
Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Jouni Malinen [Tue, 15 Oct 2013 14:07:35 +0000 (17:07 +0300)]
tests: Make sure hlr_auc_gw exits and clean up sockets
If a test run is terminated forcefully, hlr_auc_gw could have been left
running and/or some of the control interface files could still remain.
This could result in hlr_auc_gw not starting again for the next test
run.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 15 Oct 2013 14:02:43 +0000 (17:02 +0300)]
tests: Skip EAP-SIM/AKA/AKA' if hlr_auc_gw not available
Do not fail the EAP-SIM/AKA/AKA' test cases if hlr_auc_gw is not
available since hlr_auc_gw is not considered required part for the test
setup.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Pontus Fuchs [Mon, 14 Oct 2013 17:49:26 +0000 (20:49 +0300)]
Increase buffer size and prevent write beyond buffer end
wpa_config_write_key_mgmt has a buffer size of 50. This is not enough
to fit the longest case. I used a network with "WPA-PSK WPA-EAP
WPA-NONE" and CONFIG_IEEE80211R=y + CONFIG_IEEE80211W=y to produce
a string longer than 50 chars. Increase the buffer size to 100 to
prevent truncated output.
Truncated output is not the only problem. If the buffer end is
reached when adding certain key mgmt types the function does not
return immediately. This leaves pos > end. When a second os_sprintf
is called the calculation of end - pos yields a large positive
number for buffer size. End result is a write beyond the buffer end.
Fix this by bailing out if buffer end is reached.
Signed-hostap: Pontus Fuchs <pontus.fuchs@gmail.com>
Helmut Schaa [Mon, 14 Oct 2013 17:44:31 +0000 (20:44 +0300)]
hostapd: Fix segfault after ACS when flushing STAs
When hostapd receives an auth frame during ACS the transmission of
the according auth response will always fail:
ACS: Automatic channel selection started, this may take a bit
[..]
send_auth_reply: send: Resource temporarily unavailable
[..]
However, a station info entry was created. Once ACS is finished
it will flush all stations even though hapd was not yet fully
initialized. This results in a segfault when trying to access
hapd->radius:
0 0x0042c1c0 in radius_client_flush_auth ()
1 0x00416a94 in ap_free_sta ()
2 0x00416cc0 in hostapd_free_stas ()
3 0x0040bce8 in hostapd_flush_old_stations ()
4 0x0040c790 in hostapd_setup_interface_complete ()
5 0x0046347c in acs_scan_complete ()
6 0x0040f834 in hostapd_wpa_event ()
7 0x0043af08 in send_scan_event.part.46 ()
8 0x00443a64 in send_scan_event ()
9 0x00443c24 in do_process_drv_event ()
10 0x004449e8 in process_global_event ()
11 0x7767d7d0 in ?? ()
Fix this by not presuming anything about the initialization state of
hapd and checking ->radius before accessing.
Signed-off-hostapd: Helmut Schaa <helmut.schaa@googlemail.com>
Jithu Jance [Mon, 14 Oct 2013 17:42:27 +0000 (20:42 +0300)]
WPS NFC: Cancel scheduled scan before attempting a scan
Cancel scheduled scan (if any) before attempting to scan for the newly
received configuration/credential in WPS NFC Config token case.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
Dmitry Shmidt [Mon, 14 Oct 2013 17:40:57 +0000 (20:40 +0300)]
Replace printf with wpa_printf debug message
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Jouni Malinen [Mon, 14 Oct 2013 16:41:23 +0000 (19:41 +0300)]
P2P: Do not allow P2P client connection without P2P IE from GO
P2P-GROUP-STARTED event depends on having enough information about the
group available. To avoid incomplete information from being delivered to
upper layers, do not accept scan results without P2P IE (e.g., from a
non-P2P scan) for P2P client association process. This can be of use for
some join-a-group cases where non-P2P scans have generated the BSS entry
for the GO.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 14 Oct 2013 16:28:00 +0000 (19:28 +0300)]
P2P: Allow persistent group determination based on Beacon frame
P2P IE may be available from a Beacon frame from a GO even if we have
not yet received a Probe Response frame with P2P IE from that GO. Since
all the needed information for determining the GO's P2P Device Address
and group capabilities are available, use that information instead of
displaying incomplete group information.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 14 Oct 2013 16:25:28 +0000 (19:25 +0300)]
P2P: Allow GO to be discovered based on Beacon frame
This fixes some P2P-join-a-group cases where GO may have been discovered
based on passive scan or non-P2P scan. P2P IEs may have been received
from a Beacon frame in such a case and that information can be used to
create a P2P peer entry, e.g., to allow provision discovery exchange to
be completed.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 14 Oct 2013 16:23:38 +0000 (19:23 +0300)]
P2P: Show p2p flag in debug info for scan results
This makes it easier to confirm that P2P capabilities for a GO has been
discovered properly.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 14 Oct 2013 16:22:09 +0000 (19:22 +0300)]
P2P: Show P2P flag in BSS entries also based on Beacon frames
It is possible that a P2P GO has been discovered through a non-P2P scan
that did not return P2P IE in Probe Response frames. To cover those
cases, check also Beacon frame (if received) for P2P IE.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 27 Sep 2013 18:03:16 +0000 (21:03 +0300)]
P2P: Do not drop P2P IEs from BSS table on non-P2P scans
This could happen when non-P2P station interface runs a scan without P2P
IE in the Probe Request frame. P2P GO would reply to that with a Probe
Response that does not include P2P IE. Do not update the IEs in this BSS
entry to avoid such loss of information that may be needed for P2P
operations to determine group information.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 6 Oct 2013 05:15:28 +0000 (22:15 -0700)]
P2P: Make sure wait for the first client gets stopped
If a group was removed before the wait for the first client had timed
out and the client had not yet connected, p2p_go_wait_client could have
been left set and with that, scan operations could be unnecessarily
delayed. This fixes some undesired delays from commit
c1c0b35fea656345b672984910cc3b93938bc5e5.
Signed-hostap: Jouni Malinen <j@w1.fi>
Dmitry Shmidt [Wed, 2 Oct 2013 23:14:55 +0000 (16:14 -0700)]
P2P: Clone 'disable_scan_offload' parameter for p2p group
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Swaroop Golti [Sun, 6 Oct 2013 01:14:33 +0000 (18:14 -0700)]
P2P: Increase Invitation Request timeouts
In noisy environment peer may take more time to send Invitation
Response so increase Invitation Response timeout to 500 ms in success
case and also increase Invitation Request action wait time to 500 ms.
This makes the Invitation Request case use the same timeout with GO
Negotiation.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Deepthi Gowri [Sun, 6 Oct 2013 00:54:52 +0000 (17:54 -0700)]
P2P: Clear p2p_group_formation and p2p_in_provisioning on group removal
Commit
41f853235fe1d1fad1acecc0ee5dfe81c872c6b2 extends group formation
timeout for the first data connection to complete and resets
p2p_go_group_formation_completed flag due to which p2p_in_provisioning
and p2p_group_formation flags are not cleared when
wpas_group_formation_completed() is called. This can result in both
station scan and p2p_find failures in the case where separate P2P group
interface is not used and the client does not complete 4-way handshake.
Fix this by clearing p2p_group_formation and p2p_in_provisioning when
such a P2P group is deleted.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Arif Hussain [Wed, 2 Oct 2013 14:38:35 +0000 (07:38 -0700)]
Include Extended Capabilities element based on scan results
Add Extended Capabilities element to association request only if the AP
included this element in Beacon/Probe Response frames. This is a
workaround to address interoperability issues with some older APs that
do not seem to be able to handle Extended Capabilities element in
(Re)Association Request frames.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Deepthi Gowri [Wed, 2 Oct 2013 14:32:17 +0000 (07:32 -0700)]
P2P Extend postponing of concurrent scans for persistent GO
Update the p2p_go_wait_client timestamp in p2p_go_configured() to
address the case where the group is set up without the provisioning
step.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Sunil Dutt [Mon, 30 Sep 2013 14:38:41 +0000 (17:38 +0300)]
TDLS: Do not start concurrent TDLS setup
A new TDLS request shall transmit TPK M1 frame with a unique INonce.
Thus a new explicit request would fail an ongoing TDLS negotiation with
the error "TDLS: FTIE SNonce in TPK M3 does not match with FTIE SNonce
used in TPK M1" if the peer happens to receive two M1 frames before an
M3 frame. Check for the ongoing negotiation with the peer and do not
start a new one if we are already in a setup negotiation with the peer.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Sunil Dutt [Mon, 30 Sep 2013 14:36:26 +0000 (17:36 +0300)]
TDLS: Use wpa_tdls_disable_peer_link() in TPK M1 processing
This function is used only with external setup, so this can cleaned up
to use simpler design.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Sunil Dutt [Mon, 30 Sep 2013 14:34:13 +0000 (17:34 +0300)]
TDLS: Use wpa_tdls_disable_peer_link() to avoid peer search
There is no need to go through the peer list when we already have a
pointer to the specific peer entry.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Sunil Dutt [Mon, 30 Sep 2013 14:23:23 +0000 (17:23 +0300)]
TDLS: Use helper function for disable link operation
This is called from number of locations and it is more efficient to use
a new helper function instead of wpa_tdls_disable_link() that would do
peer address search from the list of peers.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Sunil Dutt [Mon, 30 Sep 2013 14:10:18 +0000 (17:10 +0300)]
TDLS: Clean up wpa_tdls_teardown_link() uses
Making this function be used only for external setup case simplifies the
implementation and makes core wpa_supplicant calls in ctrl_iface.c and
events.c consistent.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 29 Sep 2013 17:42:37 +0000 (20:42 +0300)]
tests: Flush stdout after each status line print
This makes it more convenient to follow live test execution status.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Sep 2013 17:35:26 +0000 (20:35 +0300)]
tests: Add test cases for WPA2-Enterprise
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Sep 2013 16:14:16 +0000 (19:14 +0300)]
tests: Start RADIUS authentication server
This can be used to run WPA2-Enterprise test cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Sep 2013 15:47:26 +0000 (18:47 +0300)]
hlr_auc_gw: Fix max_chal value validation
This was supposed to be at maximum EAP_SIM_MAX_CHAL (3).
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Sep 2013 15:42:37 +0000 (18:42 +0300)]
hlr_auc_gw: Add support for processing command line operations
This allows hlr_auc_gw to be used to run a single operation without
having to use it as a server. This can be useful, e.g., for generating
GSM authentication triplets for external programs. For example:
./hlr_auc_gw -m hlr_auc_gw.milenage_db "SIM-REQ-AUTH
232010000000000"
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Sep 2013 15:39:14 +0000 (18:39 +0300)]
EAP-AKA server: Fix AUTS processing
Commit
8a9f58f2cca92e5e362809ae4a531a4676c29888 ("EAP-AKA server: Store
permanent username in session data") broke AUTS processing by skipping
new authentication triplet fetch after having reported AUTS. Fix this by
started new full authentication sequence immediately after reporting
AUTS so that the updated parameters are available for the Challenge
message.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Sep 2013 14:29:44 +0000 (17:29 +0300)]
hlr_auc_gw: Update file comments to mention Milenage
The notes about using only fixed GSM authentication triplets were not
really up-to-date with the implementation. Milenage and GSM-Milenage
were available for EAP-SIM, EAP-AKA, and EAP-AKA'.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Sep 2013 13:41:17 +0000 (16:41 +0300)]
tests: Auto detect group name
Some older systems used admin group, but adm group seems to be more
common nowadays, so detect this automatically rather than assume admin
group is used.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Sep 2013 13:37:25 +0000 (16:37 +0300)]
tests: Merge start-p2p-concurrent.sh functionality into start.sh
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Sep 2013 13:21:42 +0000 (16:21 +0300)]
tests: Add mechanism for test cases to indicate a skipped run
This can be used by test cases that depend on some external component
that may not always be available to indicate clearly that a test case
was skipped rather than passed or failed.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Sep 2013 13:11:48 +0000 (16:11 +0300)]
tests: run-tests.py -L to print out list of test cases
This can be used to get a summary of all the available test cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Sep 2013 13:07:01 +0000 (16:07 +0300)]
tests: Adjust debug verbosity levels to get rid of extra info
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Sep 2013 12:55:43 +0000 (15:55 +0300)]
tests: Document automated mac80211_hwsim test setup
This provides guidance on how to build the test setup, how to run the
tests, and how to add new test cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 Sep 2013 10:15:26 +0000 (13:15 +0300)]
tests: Add test cases for P2P service discovery
Signed-hostap: Jouni Malinen <j@w1.fi>