Jouni Malinen [Sun, 27 Oct 2013 10:56:56 +0000 (12:56 +0200)]
WPS: Clear known_wps_freq in addition to after_wps
Both of these variables can result in optimized WPS scans, so better
clear these more consistently to avoid unexpected single-channel scans.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Oct 2013 10:55:09 +0000 (12:55 +0200)]
Interworking: Clear known_wps_freq for network selection
This was forgotten from the previous commit which allowed some cases to
trigger single-channel scan incorrectly if an optimized WPS scan had not
yet been completed at the time network selection was started.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Oct 2013 10:16:36 +0000 (12:16 +0200)]
tests: Allow test case descriptions to be written into database
"run-tests.py -S <db file> -L" can now be used to update a database
table with the current set of test cases and their descriptions.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Oct 2013 09:26:58 +0000 (11:26 +0200)]
Interworking: Force normal scan for network selection
Make sure special optimized scans (like WPS-single-channel or
sched_scan) do not get used during the network selection scan. This
could have been hit in cases where a previous operation has been stopped
in a state where special scan parameters were going to be used.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Oct 2013 22:05:45 +0000 (01:05 +0300)]
tests: Add support for sqlite results database
This is more convenient to use directly than going through the
text-based results file.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Oct 2013 21:08:51 +0000 (00:08 +0300)]
tests: Unload cfg80211 on stop-wifi.sh
cfg80211 may keep some state (e.g., regulatory domain), so make sure
this gets cleared between each full testing cycle.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Oct 2013 18:50:44 +0000 (21:50 +0300)]
tests: Add P2P channel selection test cases for group re-invocation
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Oct 2013 18:02:42 +0000 (21:02 +0300)]
tests: Add P2P channel selection test cases with world roaming
This verifies that passive scan 5 GHz channels are not selected with and
without p2p_add_cli_chan=1.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Oct 2013 17:47:08 +0000 (20:47 +0300)]
tests: Add P2P channel selection test cases for group formation
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 22 Oct 2013 18:00:49 +0000 (21:00 +0300)]
P2P: Add option to allow additional client channels
The new p2p_add_cli_chan=1 configuration parameter can be used to
request passive-scan channels to be included in P2P channel lists for
cases where the local end may become the P2P client in a group. This
allows more options for the peer to use channels, e.g., if the local
device is not aware of its current location and has marked most channels
to require passive scanning.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 22 Oct 2013 16:45:46 +0000 (19:45 +0300)]
P2P: Add option to remove channels from GO use
The new p2p_no_go_freq frequency range list (comma-separated list of
min-max frequency ranges in MHz) can now be used to configure channels
on which the local device is not allowed to operate as a GO, but on
which that device can be a P2P Client. These channels are left in the
P2P Channel List in GO Negotiation to allow the peer device to select
one of the channels for the cases where the peer becomes the GO. The
local end will remove these channels from consideration if it becomes
the GO.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sat, 26 Oct 2013 14:00:57 +0000 (17:00 +0300)]
Use ARRAY_SIZE() macro
Replace the common sizeof(a)/sizeof(a[0]) constructions with a more
readable version.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Oct 2013 14:00:01 +0000 (17:00 +0300)]
Introduce ARRAY_SIZE() macro
This can be used to clean up the common sizeof(a)/sizeof(a[0])
constructions to use a more readable version.
Signed-hostap: Jouni Malinen <j@w1.fi>
Janusz Dziedzic [Sat, 26 Oct 2013 13:36:00 +0000 (16:36 +0300)]
DFS: Handle radar event when CAC actived correctly
When we have CAC active and receive a radar event, we should ignore
CAC_ABORT event and handle channel switch in the radar event handler.
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Sat, 26 Oct 2013 13:30:42 +0000 (16:30 +0300)]
DFS: Fix overlapped() function to check only DFS channels
This fixes a problem when operating on non-DFS channel and receiving a
radar event for that channel. Previously, we would have decided to
switch channels.
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Sat, 26 Oct 2013 13:28:45 +0000 (16:28 +0300)]
DFS: Adjust center freq correctly for VHT20/VHT40
Setup correct seg0 for VHT with 20/40 MHz width (VHT_CHANWIDTH_USE_HT).
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Sat, 26 Oct 2013 13:25:41 +0000 (16:25 +0300)]
DFS: Fix available channels list for VHT80
Add a table of available VHT80 channels. This table contains the first
available channel. We will also choose this first channel as the control
one.
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Jouni Malinen [Sat, 26 Oct 2013 13:13:34 +0000 (16:13 +0300)]
nl80211: Add debug prints on nl_recvmsgs() failure
These libnl calls could potentially fail and it is useful to know if
that has happened.
Signed-hostap: Jouni Malinen <j@w1.fi>
Johannes Berg [Sat, 26 Oct 2013 13:09:56 +0000 (16:09 +0300)]
nl80211: Make eloop sockets non-blocking
To avoid a problem where the beacon socket occasionally
blocks, mark any sockets on the eloop as non-blocking.
The previous patch reordered the code to never send a
command after a socket was put on the eloop, but now also
invalidate the nl handle pointer while it's on there.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Sat, 26 Oct 2013 13:06:49 +0000 (16:06 +0300)]
nl80211: Abstract handling of sockets on eloop
Abstract the handling of sockets on the eloop to avoid
destroying sockets still on the eloop and also to allow
the next patch to mark the socket non-blocking.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Sat, 26 Oct 2013 13:00:52 +0000 (16:00 +0300)]
nl80211: Register for IBSS auth frames before eloop
The IBSS code registers the bss nl_mgmt socket for auth
frames when the join event happens, but that is too late
as then the socket is already on the eloop, which could
cause problems when other events are received at the
same time as the registration is done.
Move the auth frame registration to the initial setup
before the socket is put onto the eloop.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Sat, 26 Oct 2013 10:30:28 +0000 (13:30 +0300)]
Clean up get_seqnum() use for IPN
Some driver wrappers may implement this by writing eight octets even
though IPN is only six octets. Use a separate WPA_KEY_RSC_LEN (8) octet
buffer in the call to make sure there is enough buffer room available
for the full returned value and then copy it to IPN field.
The previous implementation used the following igtk field as the extra
buffer and then initialized that field afterwards, so this change does
not fix any real issue in behavior, but it is cleaner to use an explicit
buffer of the maximum length for get_seqnum().
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Oct 2013 10:18:40 +0000 (13:18 +0300)]
Stop ctrl_iface monitor send loop on reinit failure
There is no point trying to continue sending messages with sendmsg() if
socket reinitialization fails.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Oct 2013 10:09:50 +0000 (13:09 +0300)]
Remove unnecessary wpa_s->conf checks
wpa_s->conf cannot be NULL because wpa_supplicant_init_iface() would not
allow wpa_supplicant_add_iface() to return wpa_s instance in such state.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Oct 2013 09:54:20 +0000 (12:54 +0300)]
Add explicit buffer length checks for p2p_build_wps_ie()
Even though the length of this buffer is based only on locally
configured information, it is cleaner to include explicit buffer room
validation steps when adding the attributes into the buffer.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Oct 2013 09:25:20 +0000 (12:25 +0300)]
Verify that readlink() did not truncate result
linux_br_get() was forcing null termination on the buffer, but did not
check whether the string could have been truncated. Make this more
strict by rejecting any truncation case.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Oct 2013 09:14:03 +0000 (12:14 +0300)]
nl80211: Clean up if_add() for hostapd use
The allocation of new_bss and its use was separated by a lot of code in
this function. This can be cleaned up by moving the allocation next to
the use, so that this all can be within a single #ifdef HOSTAPD block.
The i802_check_bridge() call was outside type == WPA_IF_AP_BSS case, but
in practice, it is only used for WPA_IF_AP_BSS (and if used for
something else, this would have resulted in NULL pointer dereference
anyway).
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Oct 2013 09:02:50 +0000 (12:02 +0300)]
OpenSSL: Fix memory leak on error path
If SSL_CTX_new() fails in tls_init(), the per-SSL app-data allocation
could have been leaked when multiple TLS instances are allocated.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Oct 2013 08:53:02 +0000 (11:53 +0300)]
nl80211: Fix strerror() value in P2P Dev debug messages
send_and_recv_msgs() returns negative errno, so need to use -ret in the
strerror() call.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Oct 2013 08:49:46 +0000 (11:49 +0300)]
DFS: Add forgotten break statement
The VHT_CHANWIDTH_160MHZ case fell through to the default case and
printed out a debug message that was not supposed to be shown here.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Oct 2013 08:43:28 +0000 (11:43 +0300)]
Remove os_strncpy()
os_strlpcy() should be used instead of os_strncpy() to guarantee null
termination. Since there are no remaining strncpy uses, remove
os_strncpy() definition.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Oct 2013 08:42:09 +0000 (11:42 +0300)]
Replace remainining strncpy() uses with strlcpy()
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 24 Oct 2013 17:13:32 +0000 (20:13 +0300)]
P2P: Fix snprintf buffer length for group ifname backup
Commit
2e5ba4b6d14e600d259bbaf59a8fca61dab8f987 moved this to a function
and updated one of the os_snprintf() calls to use the len parameter, but
forgot the other one.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Naresh Jayaram [Wed, 23 Oct 2013 16:19:25 +0000 (19:19 +0300)]
eap_proxy: Add context data pointer to the get_imsi call
This was already included in all the other calls to eap_proxy, but
somehow the get_imsi call had been forgotten.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Naresh Jayaram [Wed, 23 Oct 2013 16:17:14 +0000 (19:17 +0300)]
eap_proxy: Confirm eap_proxy initialization before reading SIM info
Trying to access the SIM card details without checking if the eap_proxy
layer has been initialized can results in a crash. Address this by
sending the request for the IMSI through eapol_supp_sm.c which can
verify that eap_proxy has been initialized.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Po-Lun Lai [Wed, 23 Oct 2013 10:16:31 +0000 (13:16 +0300)]
P2P: Check Action frame payload match before accepted TX status
It is possible for there to be two pending off-channel TX frames, e.g.,
when two devices initiate GO Negotiation at more or less the same time.
This could result in the TX status report for the first frame clearing
wpa_s->pending_action_tx that included the newer frame that has not yet
been transmitted (i.e., is waiting to be sent out). Avoid losing that
frame by confirming that the TX status payload matches the pending frame
before clearing the pending frame and reporting the TX status callback.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 23 Oct 2013 08:51:45 +0000 (11:51 +0300)]
Fix ENABLE_NETWORK not to reconnect in disconnected state
DISCONNECT followed by ENABLE_NETWORK ended up starting a scan for a new
connection due to wpa_supplicant_enable_one_network() setting
wpa_s->reassociate = 1. This was done regardless of wpa_s->disconnected
being 1 which should imply that wpa_supplicant should not try to connect
before asked explicitly with REASSOCIATE or RECONNECT.
Fix this by making ENABLE_NETWORK setting of reassociate = 1 and
starting of scans for connection conditional on wpa_s->disconnected ==
0. This will make ENABLE_NETWORK trigger a connection only if
wpa_supplicant is already in a state where it would try to connect if
there are any enabled networks.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Helmut Schaa [Tue, 22 Oct 2013 21:27:34 +0000 (00:27 +0300)]
hostapd: Select any supported channel if ACS fails
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
Helmut Schaa [Tue, 22 Oct 2013 21:23:13 +0000 (00:23 +0300)]
hostapd: Allow ACS to deal with partial survey data
Previously ACS required valid survey data on all available channels.
This can however not be guaranteed. Instead of just failing, fall back
to the subset of channels that have valid ACS data.
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
Helmut Schaa [Tue, 22 Oct 2013 21:18:41 +0000 (00:18 +0300)]
hostapd: Propagate ACS errors to iface setup
Otherwise hostapd might hang doing nothing anymore. Propagate ACS
errors so we can fail gracefully.
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
Helmut Schaa [Tue, 22 Oct 2013 21:15:57 +0000 (00:15 +0300)]
hostapd: Don't get stuck after failed ACS
If ACS fails we still need to call hostapd_setup_interface_complete.
Otherwise hostapd will just hang doing nothing anymore. However, pass
an error to hostapd_setup_interface_complete to allow a graceful fail.
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
Dan Williams [Tue, 22 Oct 2013 20:35:45 +0000 (23:35 +0300)]
doc: Update D-Bus docs for Scan()'s new AllowRoam option
Signed-hostap: Dan Williams <dcbw@redhat.com>
Jouni Malinen [Tue, 22 Oct 2013 16:10:56 +0000 (19:10 +0300)]
Make frequency range list routines more general
This allows the frequency range list implementation to be shared for
other purposes.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 22 Oct 2013 15:44:05 +0000 (18:44 +0300)]
P2P: Add more user friendly debug print of channel lists
This makes it easier to go through the P2P channel list operations in
the debug log without having to parse through the hexdump manually.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Dan Williams [Tue, 22 Oct 2013 13:09:46 +0000 (16:09 +0300)]
dbus: Add boolean AllowRoam option to Scan() method options dictionary
To disallow roaming when a scan request's results are read, callers
of the D-Bus Scan() method may add a new "AllowRoam" boolean key
to the scan options dictionary and set that key's value to FALSE.
Signed-hostap: Dan Williams <dcbw@redhat.com>
Pontus Fuchs [Tue, 22 Oct 2013 12:57:21 +0000 (15:57 +0300)]
Don't start second scan when changing scan interval
If a scan is currently running and the scan interval is changed, a
second scan will be started before the current has finished. This will
in turn, if no networks are configured, cause wpa_s->state to be
forced to WPA_INACTIVE before the first scan has finished.
Signed-hostap: Pontus Fuchs <pontus.fuchs@gmail.com>
Michal Kazior [Tue, 22 Oct 2013 12:50:07 +0000 (15:50 +0300)]
nl80211: Fix DFS radar event parsing
Incorrect nla_get variants were used to get event type and frequency.
Kernel passes both as u32. This caused issues on tinynl/big-endian hosts
- CAC finished was treated as radar detection and frequency was 0.
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
Jouni Malinen [Tue, 22 Oct 2013 10:35:32 +0000 (13:35 +0300)]
nl80211: Free BSS structure even if netdev does not exists
It is possible for a vif netdev to be removed by something else than
hostapd and if that happens for a virtual AP interface, if_remove()
handler should still free the local data structure to avoid memory leaks
if something external removes a netdev.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 21 Oct 2013 15:09:37 +0000 (18:09 +0300)]
nl80211: Update send_action_cookie on AP-offchannel-TX path
Previously, the send_mlme->send_frame->send_frame_cmd path that could be
used when a GO sends an offchannel Action frame ended up not updating
drv->send_action_cookie. This can result in an issue with not being able
to cancel wait for the response, e.g., in invitation-to-running-group
case.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 21 Oct 2013 14:43:26 +0000 (17:43 +0300)]
tests: Add pre-authorized invitation-to-active-group
test_p2p_go_invite_auth is similar to test_p2p_go_invite with the main
difference being in the peer device pre-authorizing the invitation
instead of processing invitation at upper layers after having received
it.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 21 Oct 2013 11:17:58 +0000 (14:17 +0300)]
tests: Add test cases for GAS operations
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 21 Oct 2013 11:36:27 +0000 (14:36 +0300)]
GAS: Add support for multiple pending queries for the same destination
Need to use the pointer to the current ongoing query instead of matching
from the pending list based on the destination address so that we get
the correct query instance when processing the TX status report.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 21 Oct 2013 10:20:38 +0000 (13:20 +0300)]
GAS: Do not start new scan operation during an ongoing GAS query
These operations can have conflicting offchannel requirements, so wait
with a new scan trigger until a pending GAS query has been completed.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Kyeyoon Park [Mon, 21 Oct 2013 10:15:45 +0000 (13:15 +0300)]
GAS: Delay GAS query Tx while scanning/connecting
Offchannel operations needed for a GAS query can conflict with ongoing
scan/connection progress, so delay GAS queries if such an operation is
in progress on the current interface or any virtual interface sharing
the same radio.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Kyeyoon Park [Mon, 21 Oct 2013 10:13:42 +0000 (13:13 +0300)]
GAS: Delay GAS query Tx while another query is in progress
It would be possible to issue another GAS query when a previous one is
still in progress and this could result in conflicting offchannel
operations. Prevent that by delaying GAS query initiation until the
previous operation has been completed.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 20 Oct 2013 18:34:39 +0000 (21:34 +0300)]
WPS: Clear after_wps from number of new locations
This makes it less likely to forget WPS single-channel scan optimization
in effect after having completed the WPS operation or in case WPS
operating gets cancelled.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 16:47:39 +0000 (19:47 +0300)]
tests: Add domain_suffix_match validation
This verifies that domain_suffix_match works correctly both for the
matching and mismatching cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 16:41:01 +0000 (19:41 +0300)]
tests: Add negative TLS test case to verify trust root validation
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 16:14:41 +0000 (19:14 +0300)]
tests: Stop test run on NOTE command failure
There is no point trying to go through a test case if the NOTE command
to write TEST-START entry does not succeed. This avoids some excessive
waits on buildbot trying to forcefully kill the programs on its timeout
if wpa_supplicant gets stuck waiting for something (like the current
issue with libnl events and commands having a chance of hitting a
blocking wait on netlink messages).
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 15:33:17 +0000 (18:33 +0300)]
P2P: Fix Operating Channel in Invitation Request for operating group
When a GO or P2P Client invites a peer device to join an already
operating group, the Operating Channel in Invitation Request needs to be
forced to the current operating channel of the group.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 15:19:27 +0000 (18:19 +0300)]
P2P: Cancel offchannel TX wait on Invitation Response RX
This fixes issues where a GO used offchannel-TX operation to send an
Invitation Request frame. Wait for the offchannel TX operation needs to
be stopped as soon as the Invitation Response frame has been received.
This addresses some issues where Probe Response frame from the GO
through the monitor interface may end up going out on a wrong channel
(the channel of this offchannel TX operation for invitation).
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 15:09:46 +0000 (18:09 +0300)]
D-Bus: Clean up debug print for P2P invitation result
wpa_printf() does not need '\n' so remove the extra newline. In
addition, drop the priority of this message from MSG_INFO to MSG_DEBUG
since this is in no way exceptional operation.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 15:06:15 +0000 (18:06 +0300)]
P2P: Fix PD retry channel on join-a-group case
Join-a-group needs to force the current operating channel of the target
group as the frequency to use for the PD exchange. When the channel was
selected based on a BSS entry for the GO, this worked only for the first
PD Request frame while the retries reverted to a potentially different
channel based on a P2P peer entry. Fix this by maintaining the forced
channel through the PD retry sequence.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 15:03:33 +0000 (18:03 +0300)]
tests: Force GO to have an old entry in test_p2p_go_invite
This adds more coverage to testing by forcing the GO to be found with an
older entry in the BSS table and with that entry having a different
operating channel. Such a case has found issues with PD retries and
scanning if incorrect frequency and SSID is selected for the group.
Instead of relying on the old BSS entry with different operating channel
to happen based on a specific test case sequence, force this to happen
for this test case every time.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 14:53:46 +0000 (17:53 +0300)]
P2P: Add GO BSS entry details to debug log on join-a-group
This makes it easier to debug issues related to selecting GO information
from the latest updated BSS table entry.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 14:22:50 +0000 (17:22 +0300)]
P2P: Accept Invitation Response non-success without Channel List
P2P Invitation Response frame is required to include the Channel List
attribute only in Status=Success case. Skip the debug message claiming
that a mandatory attribute was not included in non-Success case.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 10:41:23 +0000 (13:41 +0300)]
tests: Test case for Hotspot 2.0 with external SIM processing
This verifies network selection using 3GPP Network Information and
connection using EAP-SIM with GSM authentication handled by an external
program.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Oct 2013 09:10:53 +0000 (12:10 +0300)]
eap_proxy: Fix IMSI fetch for home vs. visited network determination
Use similar mechanism to CONFIG_PCSC=y case to set the IMSI and MNC
length for eap_proxy. This allows automatic 3GPP realm comparison
against the domain list.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 19 Oct 2013 21:01:24 +0000 (00:01 +0300)]
EAP-AKA/AKA' peer: Allow external USIM processing to be used
This allows the new external_sim=1 case to be used to perform UMTS
authentication step in EAP-AKA/AKA' peer process. Following control
interface event is used to request the operation:
CTRL-REQ-SIM-<network id>:UMTS-AUTH:<RAND>:<AUTN> needed for SSID <SSID>
Response from external processing is returned with
CTRL-RSP-SIM-<network id> UMTS-AUTH:<IK>:<CK>:<RES>
or
CTRL-RSP-SIM-<network id> UMTS-AUTS:<AUTS>
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 19 Oct 2013 15:36:12 +0000 (18:36 +0300)]
EAP-SIM peer: Allow external SIM processing to be used
This allows the new external_sim=1 case to be used to perform GSM
authentication step in EAP-SIM peer process. Following control interface
event is used to request the operation:
CTRL-REQ-SIM-<network id>:GSM-AUTH:<RAND1>:<RAND2>[:<RAND3>] needed
for SSID <SSID>
For example:
<3>CTRL-REQ-SIM-0:GSM-AUTH:
5e3496ce7d5863b3b09f97f565513bc3:
73f0f0bc5c47bcbed6f572d07ab74056:
447b784f08de80bdc2b1e100fccbb534
needed for SSID test
Response from external processing is returned with
CTRL-RSP-SIM-<network id> GSM-AUTH:<Kc1>:<SRES1>:<Kc2>:<SRES2>
[:<Kc3>:<SRES3>]
For example:
wpa_cli sim 0 GSM-AUTH:
d41c76e0079247aa:
2709ebfb:
43baa77cfc8bcd6c:
0fa98dc1:
a8ad1f6e30e
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 19 Oct 2013 15:35:04 +0000 (18:35 +0300)]
hlr_auc_gw: Add GSM-AUTH-REQ command
This can be used instead of SIM-REQ-AUTH to derive Kc and SRES values
from a previously assigned set of RAND values.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 19 Oct 2013 14:32:05 +0000 (17:32 +0300)]
EAP peer: Add framework for external SIM/USIM processing
The new configuration parameter external_sim=<0/1> can now be used to
configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM
authentication for EAP-SIM or UMTS authentication for EAP-AKA). The
requests and responses for such operations are sent over the ctrl_iface
CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing
password query mechanism.
Changes to the EAP methods to use this new mechanism will be added in
separate commits.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 19 Oct 2013 13:28:56 +0000 (16:28 +0300)]
eapol_test: Initialize BSS lists
This is needed to avoid issues with control interface commands that
could request BSS list during an eapol_test run. wpa_cli tries to update
its internal BSS list and that could trigger eapol_test crashes without
this.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 19 Oct 2013 13:26:01 +0000 (16:26 +0300)]
Send CTRL-RSP command response before processing EAPOL update
This is what the original implementation did years ago, but the move to
using separate control interface backends re-ordered the implementation
to process EAPOL notification first. Use a registered timeout to allow
the ctrl_iface response to be sent out first to get somewhat faster
response time and to avoid pending operations that could result in
ctrl_iface response and unsolicited event messages from getting mixed
up.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 19 Oct 2013 10:44:39 +0000 (13:44 +0300)]
eapol_test: Fix external EAP request mechanism
The eap_param_needed callback was forgotten from eapol_test and this
prevented external EAP request processing through ctrl_iface from being
tested.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 19 Oct 2013 10:08:37 +0000 (13:08 +0300)]
eapol_test: Initialize wpa_s->global to fix ctrl_iface
wpa_s->global is now dereferenced in number of places and at least one
of them hits in eapol_test cases. Fix issues with this by setting the
global pointer to empty data.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 18 Oct 2013 12:18:40 +0000 (15:18 +0300)]
Android: Add dfs.c into build
This fixes Android build after commit
e76da5052980f301fe61f2fc0e1e7a5789716061 that added the new dfs.c file.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 18 Oct 2013 10:16:37 +0000 (13:16 +0300)]
WNM: Set Disassoc Imminent flag in ESS Disassoc Imminent frame
The Disassociation Timer field is only valid if Disassoc Imminent is set
to 1.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 30 Jan 2013 05:34:47 +0000 (21:34 -0800)]
Interworking: Add required_roaming_consortium parameter for credentials
This allows credentials to be limited from being used to connect to a
network unless the AP advertises a matching roaming consortium OI.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sat, 15 Jun 2013 03:40:52 +0000 (20:40 -0700)]
GAS: Update timeout from TX status handler
This allow GAS operations to be fine-tuned based what happens with GAS
query TX. Failed queries are timed out immediately and acknowledged
queries are given some more time to account for possible TX queue
latencies.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 14 Jun 2013 18:42:23 +0000 (11:42 -0700)]
HTTP server: Allow TCP socket to be reused
This makes it easier to handle cases where the application is restarted
and the previously used local TCP port may not have been fully cleared
in the network stack.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 6 Aug 2013 15:23:22 +0000 (18:23 +0300)]
Add test option for specifying hardcoded BSS Load element
The new bss_load_test parameter can be used to configure hostapd to
advertise a fixed BSS Load element in Beacon and Probe Response frames
for testing purposes. This functionality is disabled in the build by
default and can be enabled with CONFIG_TESTING_OPTIONS=y.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 18 Oct 2013 11:06:11 +0000 (14:06 +0300)]
Define BSS Load element id
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 24 Jul 2013 10:17:56 +0000 (13:17 +0300)]
Interworking: Add support for QoS Mapping functionality for the STA
Indicate support for QoS Mapping and configure driver to update the QoS
Map if QoS Map Set elements is received from the AP either in
(Re)Association Response or QoS Map Configure frame.
This commit adds support for receiving the frames with nl80211 drivers,
but the actual QoS Map configuration command is still missing.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Kyeyoon Park [Wed, 24 Jul 2013 09:26:26 +0000 (12:26 +0300)]
atheros: Add support for QoS Mapping configuration
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Kyeyoon Park [Wed, 24 Jul 2013 09:28:20 +0000 (12:28 +0300)]
Interworking: Add support for QoS Mapping functionality for the AP
This allows QoS Map Set element to be added to (Re)Association Response
frames and in QoS Map Configure frame. The QoS Mapping parameters are
also made available for the driver interface.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 7 Oct 2013 01:14:51 +0000 (18:14 -0700)]
Interworking: Add domain_suffix_match for credentials
This allow domain_suffix_match to be specified for a cred block and then
get this copied for the network blocks generated from this credential as
part of Interworking network selection.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 2 Aug 2013 15:42:54 +0000 (18:42 +0300)]
Interworking: Add support for multiple home FQDNs
Credentials can now be configured with more than one FQDN ('domain'
field in the cred block) to perform Domain Name List matching against
multiple home domains.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 18 Oct 2013 11:12:09 +0000 (14:12 +0300)]
tests: Remove cred before changing domain
This is in preparation for supporting multiple domain values after which
setting the domain value does not replace the old value, but adds a new
one.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 7 Oct 2013 01:02:16 +0000 (18:02 -0700)]
Add AAA server domain name suffix matching constraint
The new domain_suffix_match (and domain_suffix_match2 for Phase 2
EAP-TLS) can now be used to specify an additional constraint for the
server certificate domain name. If set, one of the dNSName values (or if
no dNSName is present, one of the commonName values) in the certificate
must have a suffix match with the specified value. Suffix match is done
based on full domain name labels, i.e., "example.com" matches
"test.example.com" but not "test-example.com".
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 30 Sep 2013 07:56:32 +0000 (10:56 +0300)]
OpenSSL: Fix code indentation in OCSP processing
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Janusz Dziedzic [Wed, 16 Oct 2013 15:42:57 +0000 (18:42 +0300)]
hostapd: Add support for DFS with 160 MHz channel width
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Wed, 16 Oct 2013 11:15:06 +0000 (14:15 +0300)]
Mark DFS functions static and rename them
These functions are not used from outside dfs.c anymore.
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Wed, 16 Oct 2013 09:18:52 +0000 (12:18 +0300)]
hostapd: DFS with 40/80 MHz channel width support
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Wed, 16 Oct 2013 09:18:52 +0000 (12:18 +0300)]
DFS: Add more parameters to radar events
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Wed, 16 Oct 2013 09:18:52 +0000 (12:18 +0300)]
nl80211: Use struct hostapd_freq_params with start_dfs_cac
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Wed, 16 Oct 2013 09:18:52 +0000 (12:18 +0300)]
hostapd: Split hostapd_set_freq to helper function
This allows the functionality to fill in a struct hostapd_freq_params to
be shared.
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Tue, 15 Oct 2013 17:27:25 +0000 (20:27 +0300)]
hostapd: Add AP DFS support
Add DFS structures/events handlers, CAC handling, and radar detection.
By default, after radar is detected or the channel became unavailable, a
random channel will be chosen.
This patches are based on the original work by Boris Presman and
Victor Goldenshtein. Most of the DFS code is moved to a new dfs.c/dfs.h
files.
Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Jouni Malinen [Tue, 15 Oct 2013 14:07:35 +0000 (17:07 +0300)]
tests: Make sure hlr_auc_gw exits and clean up sockets
If a test run is terminated forcefully, hlr_auc_gw could have been left
running and/or some of the control interface files could still remain.
This could result in hlr_auc_gw not starting again for the next test
run.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 15 Oct 2013 14:02:43 +0000 (17:02 +0300)]
tests: Skip EAP-SIM/AKA/AKA' if hlr_auc_gw not available
Do not fail the EAP-SIM/AKA/AKA' test cases if hlr_auc_gw is not
available since hlr_auc_gw is not considered required part for the test
setup.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>