www.project-moonshot.org Git - mech

D-Bus: Check driver capability for IBSS in Modes property of Capabilities

Instead of hardcoding "ad-hoc" in the array of supported capabilities,
add this only if the driver indicates support for IBSS.

Signed-off-by: Saurav Babu <saurav.babu@samsung.com>

wpa_cli: Add backspace key process for some terminal

In some terminal, verified with gtkterm and teraterm, backspace key is
not properly processed. For instance, type 'abc', 3 times of backspace
key press then '123' shows the result of 'abc123' instead of '123'. To
fix this, add a routine to process '\b' character input when using
edit_simple.c instead of edit.c (i.e., without CONFIG_WPA_CLI_EDIT=y).

Signed-off-by: Siwon Kang <kkangshawn@gmail.com>

wpa_supplicant: Fix CONFIG_AP build without CTRL_IFACE

wpas_ap_pmksa_cache_list() and wpas_ap_pmksa_cache_flush() should be
under the #ifdef since they're only called for the control iface and
use functionality that otherwise isn't available.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>

drivers: Add NEED_RADIOTAP

If there's ever a driver that, like nl80211, requires radiotap,
we need to have a NEED_RADIOTAP variable to avoid trying to link
the radiotap helpers twice. Introduce that.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>

OpenSSL: Make dh5_init() match the generic implementation

Commit 4104267e81b0a0acdb43f693a67f236b3237a719 ('Fix memory leak on NFC
DH generation error path') modified the generic (non-OpenSSL)
implementation of dh5_init() to free the previously assigned public key,
if any. However, that commit did not modify the OpenSSL specific version
of this function. Add the same change there to maintain consistent
behavior between these two implementations of the same function.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

WPS: Fix segmentation fault in new DH key derivation

Commit 4104267e81b0a0acdb43f693a67f236b3237a719 ('Fix memory leak on NFC
DH generation error path') modified dh5_init() behavior in the
non-OpenSSL implementation to free the public key (if any was previously
set). However, this did not update one of the callers to make sure the
publ argument in the call is initialized. This could result in trying to
free invalid pointer and segmentation fault when hostapd or
wpa_supplicant was built against some other crypto library than OpenSSL.

Signed-off-by: Rujun Wang <chinawrj@gmail.com>

OpenSSL: BoringSSL has SSL_get_client_random(), etc.

BoringSSL added OpenSSL 1.1.0's SSL_get_client_random() and friends in
working towards opaquifying the SSL struct. But it, for the moment,
still looks more like 1.0.2 than 1.1.0 and advertises
OPENSSL_VERSION_NUMBER as such. This means that there is no need to
define those in BoringSSL and defining them causes conflicts. (C does
not like having static and non-static functions with the same name.)

As requested, this is conditioned on defined(BORINGSSL_API_VERSION) so
wpa_supplicant may continue to support older BoringSSLs for a time.
(BoringSSL revisions without the accessors predate BoringSSL maintaining
a BORINGSSL_API_VERSION.)

Also add a missing opensslv.h include. tls_openssl.c is sensitive to
OPENSSL_VERSION_NUMBER, so it should include the header directly rather
than rely on another header to do so.

Signed-off-by: David Benjamin <davidben@google.com>

tests: Open network connection with pmf=2

This verifies that pmf=2 is ignored for a non-RSN network while a
network profile specific ieee80211w=2 is enforced.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Skip connection attempt for non-RSN networks if PMF is set to required

Since ieee80211w=2 is an explicit configuration to wpa_supplicant, the
connection attempt for such non-PMF (non-RSN) capable networks should be
skipped.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Ignore pmf=1/2 parameter for non-RSN networks

PMF is available only with RSN and pmf=2 could have prevented open
network connections. Change the global wpa_supplicant pmf parameter to
be interpreted as applying only to RSN cases to allow it to be used with
open networks.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: wpa_supplicant config file parsing of arbitrary global values

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Reject SET commands with newline characters in the string values

Many of the global configuration parameters are written as strings
without filtering and if there is an embedded newline character in the
value, unexpected configuration file data might be written.

This fixes an issue where wpa_supplicant could have updated the
configuration file global parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the value of a parameter before passing it to
wpa_supplicant.

This could allow such an untrusted user to inject almost arbitrary data
into the configuration file. Such configuration file could result in
wpa_supplicant trying to load a library (e.g., opensc_engine_path,
pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
controlled location when starting again. This would allow code from that
library to be executed under the wpa_supplicant process privileges.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Use \t instead of \n in discovery_ctrl_char_in_devname

This is needed to allow the SET command to be modified to reject newline
characters.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: wpa_supplicant config parsing of arbitrary cred values

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Reject SET_CRED commands with newline characters in the string values

Most of the cred block parameters are written as strings without
filtering and if there is an embedded newline character in the value,
unexpected configuration file data might be written.

This fixes an issue where wpa_supplicant could have updated the
configuration file cred parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the credential value before passing it to
wpa_supplicant.

This could allow such an untrusted user to inject almost arbitrary data
into the configuration file. Such configuration file could result in
wpa_supplicant trying to load a library (e.g., opensc_engine_path,
pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
controlled location when starting again. This would allow code from that
library to be executed under the wpa_supplicant process privileges.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Remove newlines from wpa_supplicant config network output

Spurious newlines output while writing the config file can corrupt the
wpa_supplicant configuration. Avoid writing these for the network block
parameters. This is a generic filter that cover cases that may not have
been explicitly addressed with a more specific commit to avoid control
characters in the psk parameter.

Signed-off-by: Paul Stewart <pstew@google.com>

tests: wpa_supplicant config file writing with arbitrary PSK value

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Reject psk parameter set with invalid passphrase character

WPA/WPA2-Personal passphrase is not allowed to include control
characters. Reject a passphrase configuration attempt if that passphrase
includes an invalid passphrase.

This fixes an issue where wpa_supplicant could have updated the
configuration file psk parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the passphrase value before passing it to
wpa_supplicant.

This could allow such an untrusted user to inject up to 63 characters of
almost arbitrary data into the configuration file. Such configuration
file could result in wpa_supplicant trying to load a library (e.g.,
opensc_engine_path, pkcs11_engine_path, pkcs11_module_path,
load_dynamic_eap) from user controlled location when starting again.
This would allow code from that library to be executed under the
wpa_supplicant process privileges.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: wpa_supplicant config file parsing/writing with WPS

This verifies that a WPA2PSK passphrase with control characters gets
rejected in a WPS Credential and that control characters in SSID get
written as a hexdump.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

WPS: Reject a Credential with invalid passphrase

WPA/WPA2-Personal passphrase is not allowed to include control
characters. Reject a Credential received from a WPS Registrar both as
STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or
WPA2PSK authentication type and includes an invalid passphrase.

This fixes an issue where hostapd or wpa_supplicant could have updated
the configuration file PSK/passphrase parameter with arbitrary data from
an external device (Registrar) that may not be fully trusted. Should
such data include a newline character, the resulting configuration file
could become invalid and fail to be parsed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

nl80211: Try running without mgmt frame subscription (driver AP SME)

One of supported code paths already allows this scenario. It is used if
driver doesn't report NL80211_ATTR_DEVICE_AP_SME and doesn't support
monitor interface. In such situation:
1) We don't quit if subscribing for WLAN_FC_STYPE_PROBE_REQ fails
2) We don't try subscribing for WLAN_FC_STYPE_ACTION
3) We fallback to AP SME mode after failing to create monitor interface
4) We don't quit if subscribing for WLAN_FC_STYPE_PROBE_REQ fails
Above scenario is used, e.g., with brcmfmac. As you can see - thanks to
events provided by cfg80211 - it's not really required to receive Probe
Request or action frames.

However, the previous implementation did not allow using hostapd with
drivers that:
1) Report NL80211_ATTR_DEVICE_AP_SME
2) Don't support subscribing for PROBE_REQ and/or ACTION frames
In case of using such a driver hostapd will cancel setup after failing
to subscribe for WLAN_FC_STYPE_ACTION. I noticed it after setting flag
WIPHY_FLAG_HAVE_AP_SME in brcmfmac driver for my experiments.

This patch allows working with such drivers with just a small warning
printed as debug message.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

Android: Remove EAP-FAST option

Current BoringSSL version is not suitable for EAP-FAST.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

WPS: Explicitly clear wpabuf memory with key information

This reduces duration that private keying material might remain in the
process memory by clearing wpabuf data used in WPS operations when there
is possibility of the buffer including keys or related material.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Do not use tabs for indentation

Be more consistent with indentation (always uses spaces in Python
files).

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Test configuration propagation to group interface

When a dedicated P2P Device interface is used, its configuration should
be cloned to the group interface. Add a test that covers this both when
a separate group interface is used and not.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

P2P: Copy config from p2pdev when not using dedicated group interface

When the P2P Device interface is used and an existing interface is used
for P2P GO/Client, the P2P Device configuration was not cloned to the
configuration of the existing interface. Thus, configuration parameters
such as idle_group_time, etc., were not propagated to the P2P GO/Client
interface.

Handle this by copying all configuration parameters of the P2P device
interface to the reused interface, with the following exceptions:

1. Copy the NFC key data only if it was not set in the configuration
   file.
2. The WPS string fields are set only if they were not previously set
   in the configuration of the destination interface (based on the
   assumption that these fields should be identical among all
   interfaces).

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

P2P: Fix wpas_p2p_nfc_auth_join()

Use the p2pdev pointer instead of the parent pointer to comply with the
flows when a dedicated P2P Device interface is used and
p2p_no_group_iface == 1 (in which case the parent of the reused
interface isn't necessary the same as p2pdev).

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

tests: Fix persistent_group_peer_dropped tests

Use the global control interface to remove P2P network blocks, to
support cases when a dedicated P2P Device interface is used.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

tests: Don't use proxy in urllib.urlopen()

Some environments define default system wide HTTP proxy. Using default
system configuration may result in a failure to open some HTTP URLs. Fix
this by ensuring that no proxies are used.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

tests: Use global control interface for P2P configurations

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

tests: Use global control interface to set p2p_no_group_iface

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

tests: Parse group results in a couple of p2p_channel tests

In p2p_channel_vht80_autogo and p2p_channel_vht80p80_autogo, parse the
P2P-GROUP-STARTED event prior to calling the group_request() method, as
otherwise the group ifname is not set.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

tests: Modify use of GET command to support P2P Device interface

Support configurations that use a dedicated P2P Device interface by
using the global control interface and specifying the interface name for
the GET commands fetching the ip_addr_go parameter.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

tests: persistent_group_profile_add to support P2P Device interface

Modify the persistent_group_profile_add test to support configurations
that use a dedicated P2P Device interface by sending the ADD_NETWORK and
SET_NETWORK commands on the global control interface and specifying the
P2P Device interface name.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

tests: Store P2P Device ifname in class WpaSupplicant

Add an attribute to class WpaSupplicant with the name of the
P2P Device interface. If a separate interface is not used for
P2P Device, this attribute will hold the name of the only used
interface (with functions also as the P2P Device management
interface).

This attribute will be used to direct P2P related commands to the
P2P Device interface, which is needed for configurations that use
a separate interface for the P2P Device.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

tests: Modify p2p_msg_long_ssid to support P2P Device interface

Waiting for the P2P-DEVICE-FOUND event should be done on the global
control interface to support configurations that use a dedicated P2P
Device interface.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

tests: Modify autogo_scan to support P2P Device interface

Support configurations that use a dedicated P2P Device interface by
sending the P2P_CONNECT command on the global control interface.

In addition, when a dedicated P2P Device interface is used, there is no
need to manually respond to the Provision Discovery Request since the
request is processed by the P2P Device interface and this interface was
not set for external RX management frames handling.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

tests: Fix error message in test_p2ps_connect_p2ps_method_4()

This fixes commit 2f0f69a9ec93e063822628578bceb947cf083918 ('tests: Use
p2ps_provision() and p2ps_connect_pd() in p2ps_connect_p2ps_method()').

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

tests: Add couple of roam failure tests

1. Fail roaming to an AP which exceeded its number of allowed stations.
2. Fail roaming due to passphrase mismatch.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

tests: Remove unused eap_connect import

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Convert Host() class to use list of arguments instead of string

It is better to use a list of command line arguments for the local
execution case and convert that to a space-separated string for the
remote case.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Print traceback if test fails

This is useful in case we hit a problem in test code.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Use hapd from hostapd.add_bss()

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Use hapd from hostapd.add_ap()

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Use hapd from hostapd.add_ap() in start_ap_er()

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Use hapd from hostapd.add_ap() in TDLS

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Pass apdev to HostapdGlobal() in ap_add_with_driver

This is needed for running the test with a remote host.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Use hapd from hostapd.add_ap() in eap_connect()

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Use hapd from hostapd.add_iface()

Since add_iface() now returns the correct hapd, just use it.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Pass apdev to HostapdGlobal()

This can be used to work with remote hosts.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Replace HostapdGlobal() + remove() with hostapd.remove_bss()

This can be used to work with remote hosts.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Use hostapd.add_ap() instead of HostapdGlobal() (DFS)

This makes the DFS test cases that use start_dfs_ap() more usable for
testing with remote hosts.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Use hostapd.remove_bss() instead of HostapdGlobal() (WPS)

This makes ap_wps_twice more usable for testing with remote hosts.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Use hostapd.add_ap() instead of HostapdGlobal() (PSK)

This makes ap_cli_order more usable for testing with remote hosts.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Remove HostapdGlobal() use from invalid_ap()

Pass apdev to instead of HostapdGlobal() to invalid_ap() to make the
dynamic AP test cases more useful for testing with remove hosts.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Remove direct HostapdGlobal() use

Use hostapd.add_ap() and hostapd.remove_bss() to avoid direct
HostapdGlobal() use in some of the dynamic AP test cases to make them
more usable for testing with remote hosts.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Return hapd when add_bss() and add_iface() are used

Return hapd from add_bss() and add_iface() while we can next use it.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Pass apdev param to HostapdGlobal()

Pass apdev param to HostapdGlobal() to support operating with a remote
test host.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Pass apdev to hostapd.add_bss()

Pass apdev param to hostapd.add_bss(). Kill hardcoded phy param and get
phy base on apdev. These are needed to support operation with a remote
test host.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Pass apdev to hostapd.add_iface()

Pass apdev param to hostapd.add_iface() to support operation with a
remote test host.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Pass apdev to hostapd.terminate()

Pass apdev dictionary to hostapd.terminate() to support operation with a
remote test host.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

tests: Pass apdev to remove_bss()

We need this for remote host support. From apdev we can get
apdev['hostname'] and apdev['port'].

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>

WNM: Fetch scan results before checking transition candidates

On receiving a WNM BSS Transition Management Request frame with a
candidate list, fetch the latest scan results from the kernel to see if
there are any recent scan results for the candidates and initiate a
connection if found. This helps to avoid triggering a new scan in cases
where a scan initiated by something else (e.g., an internal beacon
measurement report functionality in a driver) has processed Beacon or
Probe Response frames without wpa_supplicant having received a
notification of such an update yet.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: hostapd assocresp_elements

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Use a shared helper function for parsing hostapd.conf IEs

wpabuf_parse_bin() can be used to take care of parsing a hexstring to a
wpabuf and a shared helper function can take care of clearing the
previous value when empty string is used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Add assocresp_elements parameter for hostapd

This new parameter allows hostapd to add Vendor Specific elements into
(Re)Association Response frames similarly to the way vendor_elements
parameter can be used for Beacon and Probe Response frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

OpenSSL: Support OpenSSL 1.1.0 DH opacity

The OpenSSL 1.1.0 Beta 2 release made DH opaque and that broke
compilation of crypto_openssl.c. Fix this by using the new accessor
functions when building against OpenSSL 1.1.0 or newer.

Signed-off-by: Jouni Malinen <j@w1.fi>

FT: Fix RRB for FT over-the-air case

Commit 66d464067d626cc64c5a543a8f91fe58727f4e5e ('FT: Register RRB
l2_packet only if FT-over-DS is enabled') disabled RRB l2_packet socket
if ft_over_ds is disabled, but this socket is required for FT
over-the-air, too (FT key distribution). Enable the socket regardless of
ft_over_ds setting if FT is enabled.

Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>

systemd: Update service files according to D-Bus interface version

systemd service files were supplied with old D-Bus bus name. After
service activation systemd was waiting for appearance of specified bus
name to consider it started successfully. However, if wpa_supplicant was
compiled only with the new D-Bus interface name, systemd didn't notice
configured (old) D-Bus bus name appearance. In the end, service was
considered malfunctioning and it was deactivated.

Update systemd service BusName property according to supported D-Bus
interface version.

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>

Assign QCA vendor command/attributes for set/get wifi configuration

This adds QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION and
QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_CONFIGURATION and the attributes used
with these commands.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: P2P_GROUP_MEMBER

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Add P2P_GROUP_MEMBER command to fetch client interface address

This allows local GO to fetch the P2P Interface Address of a P2P Client
in the group based on the P2P Device Address for the client. This
command should be sent only on a group interface (the same peer may be
in multiple concurrent groups).

Usage:
P2P_GROUP_MEMBER <P2P Device Address>

Output:
<P2P Interface Address>

Signed-off-by: Purushottam Kushwaha <pkushwah@qti.qualcomm.com>

P2P: Trigger event when invitation is accepted

Trigger an event when wpa_supplicant accepts an invitation to re-invoke
a persistent group. Previously wpa_supplicant entered group formation
without triggering any specific events and it could confuse clients,
especially when operating with a driver that does not support
concurrency between P2P and infrastructure connection.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>

nl80211: Get rid of unused assignment warning

The os_snprintf() call here cannot really fail in practice, but since
its result was stored into the local variable and not checked, static
analyzers could warn about the unused assignment. Clean this up by
checking the return value.

Signed-off-by: Jouni Malinen <j@w1.fi>

bsd: Set level correctly for non FreeBSD systems

Only FreeBSD treats rssi as dBm, other BSD have no special meaning to
rssi.

Signed-off-by: Roy Marples <roy@marples.name>

tests: Add RRM tests

1. Add tests for hostapd neighbor database and neighbor report and
   request. Remove the partial neighbor report request test from
   test_wpas_ctrl.py since they are now covered more completely in
   test_rrm.py.
2. Add LCI request test.
3. Add FTM range request signaling test. This covers only the control
   interface commands and measurement request/response exchange for now.
   Full end-to-end functionality requires support of station reporting
   RRM capability.

Signed-off-by: David Spinadel <david.spinadel@intel.com>

RRM: Modify the processing of a received neighbor report

Parse a received neighbor report and report for each neighbor report the
data received for it:

RRM-NEIGHBOR-REP-RECEIVED bssid=<BSSID> info=0x<hex> op_class=<class> chan=<chan> [lci=hex] [civic=hex]

Note that this modifies the previous format that originally reported
only the length of the received frame.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

SME: Add support for global RRM flag

Add RRM to SME authentication/association if the global RRM flag is set.

Signed-off-by: Beni Lev <beni.lev@intel.com>

nl80211: Add support for global RRM flag

Set the global RRM flag if global RRM is supported by the device. Also,
allow RRM in (Re)Association Request frame if the global RRM flag is
set.

Signed-off-by: Beni Lev <beni.lev@intel.com>

driver: Add global RRM support flag

This flag indicates that RRM can be used in (Re)Association Request
frames, without supporting quiet period.

Signed-off-by: Beni Lev <beni.lev@intel.com>

nl80211: Register to receive Radio Measurement Request frames

Register to receive Radio Measurement Request frames since LCI request
is supported by wpa_supplicant.

Signed-off-by: David Spinadel <david.spinadel@intel.com>

wpa_supplicant: Handle LCI request

Handle radio measurement request that contains LCI request. Send
measurement report based on a configurable LCI report element. The LCI
report element is configured over the control interface with

SET lci <hexdump of the element>

and cleared with

SET lci ""

Signed-off-by: David Spinadel <david.spinadel@intel.com>

hostapd: Add FTM range request

Add FTM range request via RRM. The AP sends Radio measurement request
with FTM range request as a request for the receiving STA to send FTM
requests to the given list of APs. The neighbor report part of the
request is taken from the neighbor database.

The control interface command is:

REQ_RANGE <dst addr> <rand_int> <min_ap> <responder> [<responder>..]

dst addr: MAC address of an associated STA
rand_int: Randomization Interval (0..65535) in TUs
min_ap: Minimum AP Count (1..15); minimum number of requested FTM ranges
between the associated STA and the listed APs
responder: List of BSSIDs for neighboring APs for which a measurement
is requested

Signed-off-by: David Spinadel <david.spinadel@intel.com>

hostapd: Add LCI request

Add a hostapd control interface command REQ_LCI to request LCI from an
associated station using radio measurement.

Signed-off-by: David Spinadel <david.spinadel@intel.com>

hostapd: Save RM enabled capability of station

Save RM enabled capability element of an associating station if radio
measurement is supported in its capability field.

Signed-off-by: David Spinadel <david.spinadel@intel.com>

hostapd: Handle Neighbor Report Request frame

Process Neighbor Report Request frame and send Neighbor Report Response
frame based on the configured neighbor report data.

Signed-off-by: David Spinadel <david.spinadel@intel.com>

hostapd: Add own neighbor report data to neighbor database

Add own neighbor report data to neighbor database based on local LCI and
location civic data.

Signed-off-by: David Spinadel <david.spinadel@intel.com>

hostapd: Add a database of neighboring APs

Add a configurable neighbor database that includes the content of
Nighbor Report element, LCI and Location Civic subelements and SSID.

All parameters for a neighbor must be updated at once; Neighbor Report
element and SSID are mandatory, LCI and civic are optional. The age of
LCI is set to the time of neighbor update.

The control interface API is:
SET_NEIGHBOR <BSSID> <ssid=SSID> <nr=data> [lci=<data>] [civic=<data>]

To delete a neighbor use:
REMOVE_NEIGHBOR <BSSID> <SSID>

Signed-off-by: David Spinadel <david.spinadel@intel.com>

tests: Replace radio_measurements with rrm_neighbor_report

This moves neighbor report testing to use the new hostapd.conf
parameter.

Signed-off-by: David Spinadel <david.spinadel@intel.com>

hostapd: Extend the configuration of RRM capabilities

Extend the radio_measurements parameter to save all the supported
RRM capabilities as it's used in RM enabled capabilities element.

Make this parameter not directly configurable via config file (though,
keep the radio_measurements parameter for some time for backwards
compatibility). Instead, add a configuration option to enable neighbor
report via radio measurements. Other features can be added later as
well.

Signed-off-by: David Spinadel <david.spinadel@intel.com>

tests: Update NEIGHBOR_REP_REQUEST format

Use quotation marks to match the new SSID encoding format in the
NEIGHBOR_REP_REQUEST command. In this specific test case, the exact SSID
value did not make any difference for behavior. The previous version
ended up getting decoded as a hexstring after the NEIGHBOR_REP_REQUEST
format change. The new version goes back to the ASCII string version of
"abcdef".

Signed-off-by: David Spinadel <david.spinadel@intel.com>

Fix spelling of "neighbor" in a function name

The missing letter 'h' made it more difficult to find this function.

Signed-off-by: Jouni Malinen <j@w1.fi>

wpa_supplicant: Add LCI and civic request to Neighbor Report Request

Add an option to request LCI and Location Civic Measurement in Neighbor
Report Request frame, as described in IEEE P802.11-REVmc/D5.0, 9.6.7.6.

Note: This changes the encoding format of the NEIGHBOR_REP_REQUEST
ssid=<val> parameter. This used to be parsed as raw SSID data which is
problematic for accepting additional parameters. The new encoding allows
either a string within double-quotation marks or a hexdump of the raw
SSID.

Thew new format:
NEIGHBOR_REP_REQUEST [ssid=<SSID>] [lci] [civic]

Signed-off-by: David Spinadel <david.spinadel@intel.com>

utils: Add ssid_parse() function

Add a function that parses SSID in text or hex format. In case of the
text format, the SSID is enclosed in double quotes. In case of the hex
format, the SSID must include only hex digits and not be enclosed in
double quotes. The input string may include other arguments after the
SSID.

Signed-off-by: David Spinadel <david.spinadel@intel.com>

Add measurement and neighbor report definitions

Add measurement report definitions from Table 9-81 in IEEE
P802.11-REVmc/D5.0 "Measurement type definition for measurement
requests".

Add measurement report definitions from IEEE Std 802.11-2012 Table 8-71
"Location subject definition".

Add neighbor report bandwidth subelement definition from IEEE
P802.11-REVmc/D5.0 MC Table 9-150 - "Optional subelement IDs
neighbor report"

Add neighbor report channel width definition from IEEE
P802.11-REVmc/D5.0, Table 9-152 - "HT/VHT Operation Information
subfields".

Add definitions for neighbor report BSSID info from IEEE
P802.11-REVmc/D5.0, 9.4.2.37 Neighbor Report element.

Signed-off-by: David Spinadel <david.spinadel@intel.com>

utils: Rename hostapd_parse_bin to wpabuf_parse_bin and move it

Make the function available as part of the wpabuf API.
Use this renamed function where possible.

Signed-off-by: David Spinadel <david.spinadel@intel.com>

hostapd: Set LCI and Location Civic information in configuration

Enable configuration of LCI and location civic information in
hostapd.conf.

Signed-off-by: David Spinadel <david.spinadel@intel.com>

tests: AP with open mode and STA poll

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Add POLL_STA command to check connectivity in AP mode

The hostapd "POLL_STA <addr>" control interface command can be used to
check whether an associated station ACKs a QoS Data frame. The received
ACK for such a frame is reported as an event message ("AP-STA-POLL-OK
<addr>").

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: hostapd disconnecting STA without transmitting Deauth/Disassoc

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>