Jouni Malinen [Thu, 20 Oct 2011 18:10:22 +0000 (21:10 +0300)]
Fix segfault on error path if driver initialization fails
wpa_s->wpa is NULL in this case and we better not call WPA state
machine functions.
Johannes Berg [Thu, 20 Oct 2011 18:08:26 +0000 (21:08 +0300)]
nl80211: Compat code for genl_ctrl_alloc_cache
It's really a waste of bits to duplicate the code for
genl_ctrl_alloc_cache() again and again -- just add a
wrapper like in iw.
Johannes Berg [Thu, 20 Oct 2011 18:03:08 +0000 (21:03 +0300)]
AP: Do station poll in driver wrapper
This offloads the station polling to driver wrappers, which may offload
it again to the driver. The hostap driver wrapper uses "real" data
frames while nl80211 uses null data frames.
Also add a specific event to indicate that a poll was successful for
future use with the nl80211 driver.
Jouni Malinen [Thu, 20 Oct 2011 17:49:21 +0000 (20:49 +0300)]
Interworking: Use unsigned integer for bitfield
Signed integer with one-bit value does not make much sense, so clean
this up by using an unsigned integer instead.
Jouni Malinen [Tue, 18 Oct 2011 20:04:36 +0000 (23:04 +0300)]
wext: Increase scan timeout from 5 to 10 seconds
Some dualband cards can use more than five seconds to run through
a full scan, so increase the timeout to avoid hitting the missing
scan completed event workaround.
Dmitry Shmidt [Tue, 18 Oct 2011 17:16:38 +0000 (20:16 +0300)]
Add log_level command
This can be used to display the current debugging level and to change
the log level during run time.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Jouni Malinen [Tue, 18 Oct 2011 15:44:35 +0000 (18:44 +0300)]
EAP: Clear ClientTimeout back to default value in INITIALIZE
This fixes an issue where WPS run leaves a small ClientTimeout
value (2) configured and the next EAPOL authentication is started
with that small value even for Identity exchange. This can cause
problems when an EAPOL packet gets dropped immediately after
association and a retry of that packet is needed (which may take
more than two seconds).
Dmitry Shmidt [Tue, 18 Oct 2011 14:27:53 +0000 (17:27 +0300)]
Android: Add wpa_ctrl_cleanup()
This function can be used to clean up local UNIX domain socket files
that may be left over from clients that were previously connected to
wpa_supplicant. At least for now, this is only available for Android
builds.
Jouni Malinen [Tue, 18 Oct 2011 14:15:36 +0000 (17:15 +0300)]
Android: Sync Android.mk with recent Makefile changes
Jouni Malinen [Tue, 18 Oct 2011 14:00:08 +0000 (17:00 +0300)]
netlink: Do not use void pointer for pointer arithmetic
This is a non-standard extension in gcc, so better not depend on it.
Jouni Malinen [Mon, 17 Oct 2011 21:24:16 +0000 (00:24 +0300)]
Add support for Time Advertisement
This adds preliminary support for IEEE 802.11v Time Advertisement
mechanism with UTC TSF offset.
Jouni Malinen [Mon, 17 Oct 2011 21:23:42 +0000 (00:23 +0300)]
Add os_gmtime() as wrapper for gmtime()
Jouni Malinen [Mon, 17 Oct 2011 20:55:50 +0000 (23:55 +0300)]
Interworking: Add support for configuring Roaming Consortium List
Jouni Malinen [Mon, 17 Oct 2011 20:19:52 +0000 (23:19 +0300)]
Interworking: Add Advertisement Protocol element
For now, assume that ANQP will always be enabled with Interworking.
This may be made separately configurable in the future.
Jouni Malinen [Mon, 17 Oct 2011 20:04:27 +0000 (23:04 +0300)]
Remove set_intra_bss() driver_ops
This has been replaced by the isolate parameter available through
set_ap() calls.
Jouni Malinen [Mon, 17 Oct 2011 18:36:28 +0000 (21:36 +0300)]
atheros: Add a placeholder function for set_ap() driver_ops
Jouni Malinen [Mon, 17 Oct 2011 18:35:41 +0000 (21:35 +0300)]
Add Interworking configuration in set_ap() driver_ops
Drivers that implement SME/MLME may find it easier to use separated
information to configure Interworking related parameters.
Jouni Malinen [Mon, 17 Oct 2011 18:30:44 +0000 (21:30 +0300)]
Add Ext Capab and Interworking elements to extra IEs
These need to be provided to drivers that implement SME/MLME.
Jouni Malinen [Mon, 17 Oct 2011 18:03:52 +0000 (21:03 +0300)]
Move Ext Capab and Interworking element construction into shared file
These needs to be available for drivers that implement SME/MLME.
Jouni Malinen [Mon, 17 Oct 2011 17:55:06 +0000 (20:55 +0300)]
Clean up AP mode extra IE construction
Make it easier to add more IEs into the buffers.
Jouni Malinen [Mon, 17 Oct 2011 17:10:07 +0000 (20:10 +0300)]
Remove unused function argument
Jouni Malinen [Mon, 17 Oct 2011 16:31:33 +0000 (19:31 +0300)]
Move AP BSS configuration parameters into set_ap()
Remove the separate driver_ops functions set_cts_protect(),
set_preamble(), set_short_slot_time(), and set_ht_params(). These
belong into same set of operations as set_ap(), so there is no need
to maintain separate functions that just make the driver wrapper
more complex.
Since these have only been used with driver_nl80211.c, the driver_ops
can be removed immediately instead of maintaining backwards
compatibility period with the old functions.
Jouni Malinen [Mon, 17 Oct 2011 15:58:46 +0000 (18:58 +0300)]
Deprecate set_intra_bss() driver_ops
The AP client isolation parameter is now available through set_ap().
driver_nl80211.c was the only driver wrapper using the set_intra_bss()
call in hostap.git, but some external trees may have used this. Once
those are cleared, the set_infra_bss() driver_ops can be removed
completely. The only remaining use case for it currently is in P2P
GO mode with wpa_supplicant.
Jouni Malinen [Mon, 17 Oct 2011 15:39:31 +0000 (18:39 +0300)]
Remove unused P2P device discovery hack from Beacon configuration
AP mode operations were used for P2P device discovery Listen state
only during early experiments. This has now been cleaned up and
ieee802_11_set_beacon() is not called for P2P device discovery.
As such, this hack to skip Beacon configuration can be removed.
Jouni Malinen [Mon, 17 Oct 2011 15:35:25 +0000 (18:35 +0300)]
Start deprecating various AP mode driver_ops
The preferred way of configuring AP mode will be to use set_ap() instead
of number of separate operations hostapd has collected over the years.
Jouni Malinen [Mon, 17 Oct 2011 14:56:59 +0000 (17:56 +0300)]
atheros: Add debug hexdumps for IE configuration
Mahesh Palivela [Mon, 17 Oct 2011 14:30:43 +0000 (17:30 +0300)]
Move SA Query mechanism into a file that can be shared more easily
This is the first step in allowing SA Query mechanism in hostapd to be
used with drivers that implement authentication and association MLME/SME
(i.e., do not use ieee802_11.c).
Jouni Malinen [Sun, 16 Oct 2011 19:44:28 +0000 (22:44 +0300)]
Interworking: Document network selection parameters
Jouni Malinen [Thu, 6 Oct 2011 19:26:33 +0000 (22:26 +0300)]
Interworking: Support for using EAP-SIM credentials in network selection
New configuration parameters home_imsi and home_milenage can be used
to configure SIM/USIM simulator parameters for network selection based
on SIM/USIM credentials.
home_imsi=(MCC | MNC | '-' | rest of IMSI)
home_milenage=(Ki):(OPc):(SQN)
For example:
home_imsi=310026-
000000000
home_milenage=
90dca4eda45b53cf0f12d7c9c3bc6a89:
cb9cccc4b9258e6dca4760379fb82581:
000000000123
Jouni Malinen [Wed, 5 Oct 2011 14:08:18 +0000 (17:08 +0300)]
Interworking: Support username/password based network selection
Add support for network selection for username/password credentials with
EAP-TTLS and EAP-PEAP. The new global configuration parameters
home_username, home_password, and home_ca_cert can be used to specify
credentials for network selection.
Jouni Malinen [Wed, 5 Oct 2011 11:38:13 +0000 (14:38 +0300)]
Interworking: Parse NAI Realms and match against home realm
Jouni Malinen [Tue, 4 Oct 2011 19:13:22 +0000 (22:13 +0300)]
Interworking: Add commands for network selection
This adds the basic mechanism for running through network selection:
scan, ANQP fetch, network selection, and connection. Actual rules for
network selection and the creation of the network block are still
missing, but will be added in separate commits.
Jouni Malinen [Sun, 16 Oct 2011 19:44:28 +0000 (22:44 +0300)]
Interworking: Add ANQP query requests
Add mechanism for using GAS/ANQP to query Interworking related
information from APs. The received information is stored in the BSS
table and can be viewed with ctrl_iface BSS command.
New ctrl_iface command ANQP_GET can be used to fetch ANQP elements from
a specific AP. Additional commands FETCH_ANQP and STOP_FETCH_ANQP can be
used to initiate and stop an iteration through all APs in the BSS table
that indicate support Interworking to fetch ANQP elements from them.
Jouni Malinen [Wed, 5 Oct 2011 14:29:51 +0000 (17:29 +0300)]
wpa_cli: Make second argument to set command optional
This can be used to indicate zero length value.
Jouni Malinen [Sun, 16 Oct 2011 18:00:44 +0000 (21:00 +0300)]
GAS: Export gas_build_initial_resp()
This is needed for some GAS error response messages where the ANQP
Advertisement Protocol element is not used.
Jouni Malinen [Sun, 16 Oct 2011 17:57:11 +0000 (20:57 +0300)]
Define new IEEE 802.11u status codes
Jouni Malinen [Fri, 7 Oct 2011 10:33:04 +0000 (13:33 +0300)]
WNM: Add BSS Transition Management Request for ESS Disassoc Imminent
"hostapd_cli ess_disassoc (STA addr) (URL)" can now be used to send
an ESS Dissassociation Imminent notification to the STA. This event
is shown in wpa_supplicant ctrl_iface monitors (e.g., wpa_cli):
"WNM: ESS Disassociation Imminent - session_info_url=http://example.com/session/"
Jouni Malinen [Thu, 8 Sep 2011 17:52:23 +0000 (20:52 +0300)]
nl80211: Register GAS frames for Interworking
The GAS frames are used both with P2P and Interworking, so register
them if CONFIG_INTERWORKING is used without CONFIG_P2P.
Jouni Malinen [Sun, 16 Oct 2011 16:04:46 +0000 (19:04 +0300)]
Add Extended Capability element to AssocReq for Interworking
If Interworking is enabled, add Extended Capability element to
(Re)Association Request frames to indicate support for Interworking.
Jouni Malinen [Tue, 27 Sep 2011 20:15:05 +0000 (23:15 +0300)]
IEEE 802.11u: Allow Interworking and HESSID to be configured
The new wpa_supplicant.conf file global parameters interworking and
hessid can be used to configure wpa_supplicant to include
Interworking element in Probe Request frames.
Jouni Malinen [Fri, 23 Sep 2011 17:26:17 +0000 (20:26 +0300)]
IEEE 802.11u: Add configuration and advertisement for Interworking
Jouni Malinen [Mon, 3 Oct 2011 15:19:24 +0000 (18:19 +0300)]
Fix location of P2P indication flag in BSS ctrl_iface output
Gurumoorthi Gnanasambandhan [Tue, 15 Mar 2011 16:59:36 +0000 (18:59 +0200)]
Allow drivers to indicate WPS push button in station mode
EVENT_WPS_BUTTON_PUSHED wpa_supplicant_event can now be used in
station mode driver_*.c to indicate that a push button has been
pushed. This will activate WPS PBC mode.
Jouni Malinen [Sun, 16 Oct 2011 14:57:27 +0000 (17:57 +0300)]
Use a common error handler in hostapd_notif_assoc()
Jouni Malinen [Sun, 16 Oct 2011 14:49:02 +0000 (17:49 +0300)]
Clean up IE processing in hostapd_notif_assoc()
Jouni Malinen [Sun, 16 Oct 2011 13:41:51 +0000 (16:41 +0300)]
WPS: Fix WPS IE processing
Commit
17f6b9005641c9c44f55cda825b3a170ffa8ff04 moved the concatenation
of WPS IEs, but did not include the validation that the IE buffer is not
NULL. In addition, the concatenation needs to be done based on the full
IE buffer instead of the parsed pointer that includes only a single
WPS IE.
Jouni Malinen [Sun, 16 Oct 2011 11:00:30 +0000 (14:00 +0300)]
Remove unused function argument
Jouni Malinen [Sun, 16 Oct 2011 10:21:54 +0000 (13:21 +0300)]
Convert signed bit field to unsigned one
It's cleaner to use unsigned bit field with one bit values.
Jouni Malinen [Sun, 16 Oct 2011 10:19:33 +0000 (13:19 +0300)]
dbus: Fix potential memory leak with unexpected p2p_find calls
Should the RequestedDeviceTypes entry show up multiple times, the
previously allocated buffer would have been leaked.
Jouni Malinen [Sun, 16 Oct 2011 10:16:21 +0000 (13:16 +0300)]
Remove unnecessary wpa_s == NULL validation
wpa_s cannot be NULL here (it is already dereferenced above and
all the callers pass a valid pointer anyway).
Jouni Malinen [Sun, 16 Oct 2011 09:36:21 +0000 (12:36 +0300)]
base64: Stop decoding at the first sequence of pad characters
The base64 encoded data cannot included pad characters in the middle, so
we can stop the loop at the first sequence of pad characters. If the
sequence includes more than two pad characters, the encoding is invalid
and we can indicate failure.
Jouni Malinen [Sun, 16 Oct 2011 09:11:00 +0000 (12:11 +0300)]
Fix double free with CONFIG_WPS_STRICT=y
Commit
17f6b9005641c9c44f55cda825b3a170ffa8ff04 extended the use of
the concatenated WPS IE outside the CONFIG_WPS_STRICT block, but
forgot to remove the old wpabuf_free(wps) call.
Luciano Coelho [Tue, 27 Sep 2011 19:21:38 +0000 (22:21 +0300)]
Add delayed scheduled scan request
When initializing, the scheduled scan code was being called before
everything is ready. With normal scans, the first scan round is
delayed, so the initialization is finished by the time it really
starts.
Add a function that can be used to request a delayed scheduled scan.
The scan will only start after the specified time has elapsed. Call
this function instead of starting the scheduled scan directly during
driver initialization.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Luciano Coelho [Tue, 27 Sep 2011 19:21:36 +0000 (22:21 +0300)]
nl80211: Add support for sched_scan filtering
Use the SSID filter list passed in the scheduled scan request down to
the kernel driver, so it can use the list to return only the wanted
SSIDs. Some kernel drivers can use this information to offload the
SSID filter to the hardware, helping with reducing the power
consumption.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Luciano Coelho [Tue, 27 Sep 2011 19:21:35 +0000 (22:21 +0300)]
Add filter support to scheduled scans
Pass SSIDs to be matched in scheduled scan results. Only the SSIDs
that are included in the match lists will be reported by the driver,
so the filtering can be offloaded to the hardware and the power
consumption can be reduced.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Luciano Coelho [Tue, 27 Sep 2011 19:21:32 +0000 (22:21 +0300)]
Increase maximum number of SSIDs per scan
With scheduled scan support, we may need to pass more than 10 SSIDs in
a single scan request. Some drivers (e.g., wl12xx) support up to 16
SSIDs at once.
Change WPAS_MAX_SCAN_SSIDS from 10 to 16.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Luciano Coelho [Tue, 27 Sep 2011 19:21:31 +0000 (22:21 +0300)]
Use sched_scan in driver init
This patch uses sched_scan, if available, when the driver is
initialized. It also adds a couple of cancel operations where
appropriate.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Luciano Coelho [Tue, 27 Sep 2011 19:21:30 +0000 (22:21 +0300)]
nl80211: Add scheduled scan support
This commit adds scheduled scan support in the nl80211 driver.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Luciano Coelho [Tue, 27 Sep 2011 19:21:29 +0000 (22:21 +0300)]
Add scheduled scan driver operations
In new Linux kernel versions (>=3.0), nl80211 adds scheduled scan
capability. In order to use this feature to its full extent, we need
to support it in the wpa_supplicant core, so that it can also be used
by other drivers.
This commit adds initial scheduled scan support operations and events.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Luciano Coelho [Sat, 15 Oct 2011 14:35:04 +0000 (17:35 +0300)]
Reorganize P2P and WPS scan code
Move some code to separate functions to reorganize the P2P and WPS
handling during scans. This makes the code a bit cleaner and is
needed for the scheduled scan implementation to avoid duplicated code.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Mukesh Agrawal [Sat, 15 Oct 2011 13:52:51 +0000 (16:52 +0300)]
Fix object file list for hlr_auc_gw
If CONFIG_NO_RANDOM_POOL is unset, src/crypto/random.o is linked
into hlr_auc_gw. However, in this configuration, random.o requires
symbols defined in src/utils/eloop.o. So add eloop.o to the object
file list for hlr_auc_gw.
Jouni Malinen [Sat, 15 Oct 2011 11:03:35 +0000 (14:03 +0300)]
edit: Fix history prev/next selection
Commit
19ec1f262e67fe7094365d53ee177f900afdaad5 tried to fix some
cases for history prev selection, but it broke others. Fix this
properly by using a separate entry for the current edit line that
is not yet in history buffer.
Jouni Malinen [Sat, 15 Oct 2011 10:29:56 +0000 (13:29 +0300)]
nl80211: Add debug print for channel changes
Jouni Malinen [Sat, 15 Oct 2011 10:15:24 +0000 (13:15 +0300)]
Fix some forgotten comments in set_beacon to set_ap change
Jithu Jance [Sat, 15 Oct 2011 10:07:30 +0000 (13:07 +0300)]
nl80211: Use shorter monitor interface name for P2P GO
Currently the P2P Interface name[p2p-%s-%d] is reset when the P2P
Interface name reaches the "IFNAMSIZ" limit. Monitor interface name is
derived from p2p interface name with the addition of few characters
[mon.p2p-%s-%d] and hence Monitor interface name hits IFNAMSIZ limit
before P2P Interface name. Rename the monitor interface name to
mon-%s-%d to reduce the length to same with p2p-%s-%d.
Yogesh Ashok Powar [Sat, 15 Oct 2011 09:41:28 +0000 (12:41 +0300)]
Disconnect STA when it fails to get added in kernel driver/firmware
Data path for stations that get successfully associated to the
hostapd but fail to get added in the driver/firmware, will not
work. In such cases, hostapd should deauth and disconnect such
stations. In such scenario, hostapd should disconnect the STAs.
Sample output with following patch
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: authenticated
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: associated (aid 1)
wlan0: AP-STA-CONNECTED 0c:74:c2:9a:4c:59
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: Could not add STA to kernel driver
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: deauthenticated due to local deauth request
Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
B. J [Sat, 15 Oct 2011 09:13:27 +0000 (12:13 +0300)]
Fix NT-hash password use with integrated authentication server
The password_hash parameter was not copied in case of the integrated
authentication server (but was for RADIUS server). This broke EAP
authentication when the user entry used NT-hash.
Janusz Dziedzic [Wed, 12 Oct 2011 22:06:11 +0000 (01:06 +0300)]
P2P: Fix wpabuf reuse on p2p_group_notif_noa()
This currently unused function would have triggered wpabuf overflows
due to incorrect variable being reset to zero in the case the old
NoA wpabuf was large enough for the new data.
Janusz Dziedzic [Wed, 12 Oct 2011 18:06:39 +0000 (21:06 +0300)]
P2P: Cleanup AP callbacks when removing the group
Clear the P2P GO callback parameters when removing the group to avoid
using these for non-P2P AP mode.
This is a fix for the bug I found in the following scenario:
A) p2p_group_add
A) p2p_group_remove wlan0
A) add_n
A) set_n 0 ssid "testap"
A) set_n 0 key_mgmt NONE
A) set_n 0 mode 2
A) set_n 0 frequency 2412
A) enable_n 0
B) try connect to testap
Authentication request will be always rejected because of
HOSTAPD_ACL_REJECT and not cleaned callbacks when group removed.
Jouni Malinen [Wed, 12 Oct 2011 17:07:16 +0000 (20:07 +0300)]
EAPOL auth: Disconnect after IEEE 802.1X failure
The EAPOL authenticator was previously forcing disconnection in the WPS
use case. However, this can be benefitial operation with any IEEE 802.1X
authentication mechanism and need not be limited to WPS. This helps some
use cases like EAP-FAST where provisioning may require two
authentication runs if the authentication server does not allow the PAC
provisioning step to be used for normal data connection. While the
station would be free to decide to re-associate in such a case, not all
stations do and as such, it helps if the AP does that instead of leaving
the association up with EAPOL state machine in HELD state for 60
seconds.
Jouni Malinen [Wed, 12 Oct 2011 17:05:02 +0000 (20:05 +0300)]
EAP-FAST: Allow unprotected EAP-Failure in provisioning case
While EAP-FAST uses protected success notification, RFC 5422, Section
3.5 points out a possibility of EAP-Failure being sent out even after
protected success notification in case of provisioning. Change the
EAP-FAST peer implementation to accept that exception to the protected
success notification. This allows the station to re-connect more quickly
to complete EAP-FAST connection in the case the server rejects the
initial attempt by only allowing it to use to provision a new PAC.
Jouni Malinen [Tue, 11 Oct 2011 15:29:31 +0000 (18:29 +0300)]
P2P: Do not change SSID during GO negotiation
If GO Negotiation Request (or in theory, also GO Negotiation Response)
frame is delivered multiple time for processing, the SSID of the group
could end up getting changed. This could result in possible issues if
the peer ended up using different SSID. To avoid this, make sure the
SSID does not get changed unless the negotiation is for a new group.
Jouni Malinen [Sun, 2 Oct 2011 16:36:37 +0000 (19:36 +0300)]
Clear OKC-based PMKSA caching entries if PMK is changed
Whenever PMK gets changed (e.g., due to re-authentication), all PMKSA
caching entries that were created using the previous PMK needs to be
replaced. Previously, only the entry for the current AP was cleared.
Flush the other entries based on network_ctx matches to get rid of the
OKC entries. These entries can then be re-creating using OKC with the
new PMK.
Mohamed Abbas [Sun, 2 Oct 2011 10:27:09 +0000 (13:27 +0300)]
dbus: Export max scan ssids supported by driver
This is needed for network managers that want to know how
many SSIDs they can scan at the same time.
Jouni Malinen [Sun, 2 Oct 2011 10:16:42 +0000 (13:16 +0300)]
Sync with wireless-testing.git linux/nl80211.h
Jithu Jance [Sun, 2 Oct 2011 10:12:43 +0000 (13:12 +0300)]
Do not re-associate on SELECT_NETWORK to current network
Signed-off-by: Jithu Jance <jithu@broadcom.com>
Johannes Berg [Sat, 1 Oct 2011 18:04:11 +0000 (21:04 +0300)]
AP: Use QoS nullfunc for connection poll
When polling a station that has been inactive for a while, hostapd currently
always uses a null data frame. This is a bit strange with uAPSD clients
(though it seems to mostly work) since the EOSP bit can never be set in a
non-QoS frame. Make hostapd use QoS null data frames for probing when the
station is a QoS STA.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Marek Kwaczynski [Sat, 1 Oct 2011 17:40:14 +0000 (20:40 +0300)]
P2P: Refresh peer entries on Probe Request RX
Do not expire P2P peer entries if Probe Request frames are received from
them.
Zhi Chen [Fri, 30 Sep 2011 19:26:37 +0000 (22:26 +0300)]
WPS: Send AP Settings as a wrapped Credential attribute to ctrl_iface
Wrap self-generated WPS credential for new AP settings and send that to
control interface to provide the needed information in
WPS-NEW-AP-SETTINGS for external processing.
Zhi Chen [Fri, 30 Sep 2011 19:01:42 +0000 (22:01 +0300)]
Allow wildcard SSID to be used with WPA-PSK if bssid is set
This allows the AP to be selected based on the BSSID when WPA-PSK
is used with a passphrase. The PSK will be derived from the passphrase
after the SSID has been learned from scan results.
Shan Palanisamy [Thu, 29 Sep 2011 21:05:29 +0000 (00:05 +0300)]
FT: Add driver wrappers for FT with driver-based MLME/SME
Jouni Malinen [Thu, 29 Sep 2011 16:22:08 +0000 (19:22 +0300)]
GAS: Use off-channel operations for requests
This separates off-channel Action frame TX/RX from P2P into a generic
implementation that can now be used both for P2P and GAS needs.
Jouni Malinen [Wed, 28 Sep 2011 16:44:25 +0000 (19:44 +0300)]
GAS: Add a generic GAS query module
This implements GAS request mechanism that is aimed at being used to
replace use case specific GAS/ANQP implementations in the future.
Compared to the earlier implementation in P2P SD, this implementation
includes support for multiple concurrent requests and more thorough
validation of frames against the pending query data.
GAS header processing, including comeback and reassembly, are handled
within gas_query.c and the users of this module will only need to
provide the Query Request and process the (possibly reassembled)
Query Response.
Jouni Malinen [Tue, 27 Sep 2011 14:28:46 +0000 (17:28 +0300)]
Move GAS/ANQP build routines to a separate file from P2P
GAS/ANQP is a generic protocol and in no way specific to P2P, so move
routines used to build GAS/ANQP frames to a separate file that can be
shared for other uses than just P2P service discovery.
Jouni Malinen [Thu, 28 Apr 2011 13:14:35 +0000 (16:14 +0300)]
P2P: Provide mechanism for figuring out p2p_scan_ie() buffer need
The new function, p2p_scan_ie_buf_len(), can be used to figure out
how large a buffer needs to be allocated for p2p_scan_ie() use. This
makes it easier to add new data into the buffer without forcing all
callers to be updated to use a larger buffer.
Jouni Malinen [Thu, 29 Sep 2011 18:48:07 +0000 (21:48 +0300)]
P2P: Fix group formation after previous commit
p2p_in_progress() have to ignore P2P_PROVISIONING state to allow
station mode (which includes P2P client) scan to work.
Jouni Malinen [Thu, 29 Sep 2011 13:53:55 +0000 (16:53 +0300)]
P2P: Do not request station mode scans during P2P operations
The P2P search mechanism depends on the same scan functionality that
is used for station mode scans. If these operations are being used
at the same time, scan result processing is not handled properly.
Avoid unexpected behavior by delaying station mode scan requests
if a P2P operation is in progress.
Among other things, this allows the station mode connection attempt
to be continued after a P2P find or group formation has been completed
if the interface is available (i.e., when the P2P group uses a
separate virtual interface).
Jouni Malinen [Thu, 29 Sep 2011 13:52:23 +0000 (16:52 +0300)]
P2P: Do not leave P2P scan handler registered if scan fails
If the initial attempt to start a scan for p2p_find fails, an error
is reported. However, the P2P scan handler and search state was
left behind. That can result in unexpected behavior when the next
non-P2P scan results are indicated. Avoid this by clearing the
P2P search state on failure.
Jouni Malinen [Mon, 26 Sep 2011 12:17:01 +0000 (15:17 +0300)]
Do not enable bgscan when driver takes care of BSS selection
There is no need to request periodic bgscans when the driver claims
to have capability for roaming within ESS. Ignoring the bgscan
configuration allows the same configuration file to be used both
with drivers the handle roaming and with drivers that don't.
Jouni Malinen [Mon, 26 Sep 2011 11:57:23 +0000 (14:57 +0300)]
Support driver-based BSS selection in ap_scan=1 mode
If the driver indicates that it supports BSS selection (including
roaming within an ESS) with WPA_DRIVER_FLAGS_BSS_SELECTION, modify
ap_scan=1 mode to behave like ap_scan=2 mode for BSS selection.
The initial scan is still done to avoid the need for strict
configuration of or security parameters (e.g., to figure out whether
TKIP or CCMP is being used as the group cipher). However, when
requesting the driver to connect, the bssid and freq parameters are
not provided to leave the driver in control of selecting which BSS
to use and to allow the driver to decide when to roam.
Vivek Natarajan [Mon, 26 Sep 2011 11:26:55 +0000 (14:26 +0300)]
nl80211: Add driver flag for firmware-based BSS selection
This new flag can be used to change wpa_supplicant behavior in the
default ap_scan=1 mode to move BSS selection into the driver (likely
firmware). This commit is only adding the flag; separate commits
will be used to change the actual connection/roaming behavior.
Jouni Malinen [Thu, 8 Sep 2011 17:52:23 +0000 (20:52 +0300)]
Rename and fix ANQP definitions to match IEEE Std 802.11u-2011
Mathieu Olivari [Mon, 26 Sep 2011 08:49:22 +0000 (11:49 +0300)]
atheros: Allow flattened driver include file directories
Remove the full driver path to the driver header file to make it
easier to use common include directory for all driver headers.
Jouni Malinen [Sun, 25 Sep 2011 18:28:32 +0000 (21:28 +0300)]
Remove EAP-TTLSv1 and TLS/IA
These protocols seem to be abandoned: latest IETF drafts have expired
years ago and it does not seem likely that EAP-TTLSv1 would be
deployed. The implementation in hostapd/wpa_supplicant was not complete
and not fully tested. In addition, the TLS/IA functionality was only
available when GnuTLS was used. Since GnuTLS removed this functionality
in 3.0.0, there is no available TLS/IA implementation in the latest
version of any supported TLS library.
Remove the EAP-TTLSv1 and TLS/IA implementation to clean up unwanted
complexity from hostapd and wpa_supplicant. In addition, this removes
any potential use of the GnuTLS extra library.
Jouni Malinen [Sun, 25 Sep 2011 16:32:28 +0000 (19:32 +0300)]
GnuTLS: Fix build bit various GnuTLS versions
This fixes some build issues in GnuTLS wrapper to be compatible with
at least following GnuTLS versions: 2.2.5, 2.4.3, 2.6.6, 2.8.6,
2.10.5, 2.12.11, 3.0.3.
Jouni Malinen [Sun, 25 Sep 2011 14:24:46 +0000 (17:24 +0300)]
TLS: Add support for TLS v1.1 (RFC 4346) with internal TLS
This is disabled by defautl and can be enabled with CONFIG_TLSV11=y
build configuration parameter.
Jouni Malinen [Sun, 25 Sep 2011 14:11:52 +0000 (17:11 +0300)]
TLS: Do not enforce in-place processing in tlsv1_record_send()
In preparation for record layer format changes, modify
tlsv1_record_send() to use separate buffers for payload
and the output message.
Jouni Malinen [Sun, 25 Sep 2011 13:57:35 +0000 (16:57 +0300)]
TLS: Add protection against record layer CBC attacks
Instead of using separate bad_record_mac and decryption_failed alerts,
use only bad_record_mac alert regardless of how the CBC decryption
failed. This provides less information to attackers that could modify
packets. In addition, instead of returning immediately on error, run
through the MAC check to make timing attacks more difficult.
Jouni Malinen [Sun, 25 Sep 2011 13:52:46 +0000 (16:52 +0300)]
TLS: Avoid unnecessary copying of encrypted data at record layer
When the received data will be decrypted, there is no need to first
copy it and then handle decryption in-place when decryption step can
take care of both operations.
Jouni Malinen [Sun, 25 Sep 2011 13:48:06 +0000 (16:48 +0300)]
TLS: Fix record layer protocol version validation
TLS v1.0 and v1.1 RFCs were not exactly clear on the use of the
protocol version in record later. As such, accept any {03,xx} value
to remain compatible with existing implementations and new protocol
versions.