| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Use os_exec() to run the action script operations to avoid undesired
command line processing for control interface event strings. Previously,
it could have been possible for some of the event strings to include
unsanitized data which is not suitable for system() use. (CVE-2014-3686)
Change-Id: If46d6cfcb9d7fc9700965e818315e5aa50fa11a5
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Tested-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
Use os_exec() to run the action script operations to avoid undesired
command line processing for control interface event strings. Previously,
it could have been possible for some of the event strings to include
unsanitized data which is not suitable for system() use. (CVE-2014-3686)
Change-Id: I0005ed08e4b06ba3d2ebe95b9240050e47ed2e8c
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Tested-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
| |
|
|
|
|
| |
Change-Id: I579af1fa8c2f85622ffddb186ba799dcb9ac4b6f
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Tested-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a possible memcpy overflow for P2P dev->oper_ssid in
p2p_add_device(). The length provided by the peer device (0..255 bytes)
was used without proper bounds checking and that could have resulted in
arbitrary data of up to 223 bytes being written beyond the end of the
dev->oper_ssid[] array (of which about 150 bytes would be beyond the
heap allocation) when processing a corrupted management frame for P2P
peer discovery purposes.
This could result in corrupted state in heap, unexpected program
behavior due to corrupted P2P peer device information, denial of service
due to process crash, exposure of memory contents during GO Negotiation,
and potentially arbitrary code execution.
Thanks to Google security team for reporting this issue and smart
hardware research group of Alibaba security team for discovering it.
Change-Id: I9f350f20cdd010f2c096514b245b4a901ad74e46
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
| |
|
|
|
| |
Change-Id: Iad955663a694a88001fd8d4fc76fac3c6da7ba0e
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
|
| |
|
|
|
|
|
|
|
|
| |
This commit does not yet address support for different device roles,
i.e., the same set of subelements are returned regardless of which
role was indicated in the request.
Change-Id: I8ddccfc043187c00ca6ad8a0848db2ab5715089d
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
wpa_cli p2p_serv_disc_req command can now be used to request WSD
request to be sent to specified or all peers who support WSD.
format: wifi-display <list of roles> <list of subelements>
examples:
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source] 2,3,4,5
p2p_serv_disc_req 02:01:02:03:04:05 wifi-display [pri-sink] 3
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [sec-source] 2
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source+sink] 2,3,4,5
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source][pri-sink] 2,3,4,5
Change-Id: I14f8a92aa9a2161d7db97f5670d2dfe3b63ef1e3
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
|
| |
|
|
|
|
|
|
| |
This makes it easier to parse the WFD subelements from scan results.
Change-Id: I1ce349bb33b56470888b47a37a96e56f1e0d6342
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
|
| |
|
|
|
|
|
| |
Enable CONFIG_WIFI_DISPLAY flag for wpa_supplicant.
Change-Id: Id5e959647693a2aa814d9429f06f8576aaed8848
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds control interface commands and internal storage of
Wi-Fi Display related configuration. In addition, WFD IE is now added
to various P2P frames, Probe Request/Response, and (Re)Association
Request/Response frames. WFD subelements from peers are stored in the
P2P peer table.
Following control interface commands are now available:
SET wifi_display <0/1>
GET wifi_display
WFD_SUBELEM_SET <subelem> [hexdump of length+body]
WFD_SUBELEM_GET <subelem>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
[vishalm@ti.com: Backported it to curent tree]
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
Change-Id: Ief0cd61903facd9209927d9dc84c8f093f3b6bac
|
| |
|
|
|
|
|
| |
Update wpa_supplicant_template.conf for mr/mc
Change-Id: Ib64d97cbfd24f205c57da3392b6fe2982ab4ba1b
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
|
| |\
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
wpa_supplicant/wpa_supplicant_template.conf
Change-Id: Ifb38077650e8bb6075a17b8f2232f14b704281f1
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commit "P2P: Fix duplicate handling of rx action frames"
went too far and dropped any rx action frames arriving on the GO
interface. It assumed that any action frames were duplicated
and received on both GO interface and P2P device interface.
This is wrong as some actions frames like P2P presence request
are sent to the GO interface address and won't be duplicated.
The root cause of the duplication lies within the Rx path in mac80211
in Johannes` patch "mac80211: accept public action frames with mismatched BSSID".
When wpa_s works with a separate group interface this creates a duplicated Rx
on both the P2P dev interface and the GO interface.
Fix the issue by canceling the duplication in wpa_s and discarding
public action frames with unmatching bssid arriving on a dedicated GO interface
(This should be squashed with
"P2P: Fix duplicate handling of rx action frames")
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Clear any previous pending timeouts before scheduling
a new delayed sched scan.
Signed-off-by: Victor Goldenshtein <victorg@ti.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The channel list can be changed as a result of arriving
beacon hints during normal scan or as a result of local
Reg-Domain change, some passive channels can become
active and shall be reconfigured accordingly for the
scheduled scan.
This fixes the connection to hidden SSIDs on 5Ghz band
during default Reg-Domain 00 (world roaming).
Signed-off-by: Victor Goldenshtein <victorg@ti.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Current sched scan in the kernel is limited to SSID matching.
A rare corner case is when an AP with a matching SSID but unmatching
security to a saved profile is in the vicinity. In such a case
sched scan results will immediately be returned after initiating sched
scan however no match will be found due to the security mismatch.
This goes on in a tight loop which is bad as it will effectively
prevent the host from suspending and scan results will eventually
contain the single AP matched by the sched scan due to expiration
of other APs scanned in normal scans which are less frequent.
Avoid this by stopping sched scan after detecting sched scan results
were received but no matched network. Don't start another sched
scan immediately but wait for the next normal scan without any results
to restart it. This prevents the tight loop.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| | |
| |
| |
| |
| |
| | |
Add this for supporting country command coming as DRIVER command in Android.
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
add APIs for dynamically changing the macaddr_acl
policy and mac addresses lists.
once changed, hostapd will deauth stations which
do not pass the new policy.
Signed-off-by: Nadim Zubidat <nadimz@ti.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When using a separate group iface both p2p device iface
and the group iface are registered for action frames.
This causes duplicate handling of rx action frames.
One side effect of this is getting multiple responses for
requests sent over action frames while GO/CLI are up
like prov disc and dev disc.
Fix this by discarding the duplicate p2p action frames received
on the group iface. The code will handle all of these correctly
when coming on the p2p dev iface as it looks at the DA when
where relevant.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The previous value of 30s was problematic in passing WiFi Direct
certification test 6.1.12. In this test the GO is checked for
buffering packets while the client is in PS and doesn't send a trigger
to get out of PS for 50s. Any value less than 50s would lead to a
failed inactivity check and the GO disconnecting the client in this test.
It's important to minimize p2p_go_max_inactivity as it helps the GO
detect clients which disconnected despite missing on the deauth frame.
This is not uncommon in JB as there are scans on the STA interface
which take us off the GO oper channel. Until the GO performs an
inactivity check the UI will keep showing the client as "Connected"
and the GO will remain operational which creates a bad user experience.
[This should supersede "P2P: set P2P_GO_MAX_INACTIVITY to 100s" in
the next rebase]
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A wait of 200ms is configured after sending the go neg request.
The go neg process can end quickly within less than 200ms. If this wait
isn't canceled it can cause the beaconing of the GO to start while
mac80211 is still off channel on the listen channel and this may cause
beaconing on the wrong channel if oper channel is different from
the listen channel.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
WiFi Direct certification test 6.1.12 expects GO to be active
during 50 sec, so changing P2P_GO_MAX_INACTIVITY from 30 sec
to 100 sec to pass the test.
Signed-off-by: Igal Chernobelsky <igalc@ti.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Current SETBAND would trigger network selection and as part of this
a scan attempt. This is not required in case SETBAND didn't change the
existing setting.
In Android which sends SETBAND immediately after WiFi startup this
would trigger needless scan attempts which would usually fail with -EBUSY
as another framework triggers scan was already going on.
The retry mechanism would then attempt further scans every 1 sec.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The switch to triggering a normal scan initially was done
to prevent interference between sched scan and normal scan.
This is no longer an issue. Triggering a sched scan is better
as it works better in our case than the normal scan
wrt hidden networks.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Our solution supports this and it speeds up initial connection
to hidden networks.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some drivers support sched scan and normal scan. Enable this
by configuration of concurrent_sched_scan=1
This can speed up connection to scan_ssid=1 networks as
the sched scan doesn't get interrupted by a normal scan
for wildcard SSID.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the case of max_scan_ssids=1 we may fallback to normal scan
if there's a single scan_ssid network. However the normal scan
can't add a wildcard SSID to the ssid list as it's limited to a single
entry. This delays getting broadcast scan results.
Always prefer to do a sched scan in such a case.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This prevents P2P IEs from being added to probes of scans on the
STA interface. These are not needed and prolong required channel
dwell time and Tx of probes.
This is somewhat of a hack but was a preferred approach on adding
framework changes to add p2p_disabled=1 to p2p_supplicant.conf and
not to wpa_supplicant.conf when both are created from the same template.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
By default, P2P is enabled globally for all virtual interfaces and this
makes wpa_supplicant include WSC and P2P IEs in Probe Request frames for
all scans even if this is for a non-P2P station connection to speed up
device discovery. If an interface is dedicated for non-P2P station mode
operations, it is now possible to disable addition of WSC and P2P IEs
into Probe Request frames with a per-interface p2p_disabled parameter.
This can be set either in the configuration file (p2p_disabled=1) or at
run time ("wpa_cli -i wlan0 set p2p_disabled 1"). Unlike the previous
mechanism ("wpa_cli p2p_set disabled 1"), the new parameter changes the
behavior only for the specified interface while other interfaces
continue to follow the global P2P enabled/disabled state.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is replaced by a recent patch by Jouni in the upstream:
"P2P: Allow P2P functionality to be disabled per interface"
This reverts commit a56f6df6f8e5dcd650893e8beb4a16a633c179d1.
Conflicts:
src/p2p/p2p.c
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the case of a persistent GO invoking a P2P group by invite
the P2P client starts scanning for the GO but it might still
not be up. If not found the next scan is scheduled for scan_interval
secs but this too long.
Speed up scans to find GO like it's being done in P2P provisioing.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Configuring two identical SSIDs - one with WEP-SHARED
security and one with AES/TKIP breaks any authentication
attempt with WEP-SHARED SSID.
Reason for this behavior is that during BSS selection
from the priority group wrong BSS (with AES/TKIP) was
selected. Fix this by disallowing "non-WPA/WPA2" BSS
selection with defined rsn_ie/wpa_ie.
Signed-off-by: Victor Goldenshtein <victorg@ti.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The missing call to scan_action_done keeps us offchan
on the listen channel for 250ms following sending go neg resp.
In case the oper channel is different from the listen channel
and we're GO a race could lead to start beaconing while offchan.
This causes the beacons to go out on the listen channel instead
of the oper channel.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
With the availability of MASK option, the number of lines per BSS is not obvious,
add a delimiter to make parsing less flaky
Bug: 2961159
Change-Id: I9e5523f8da183e0735dbc06f0c09c9f841060504
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
p2p_group_remove * calls wpas_p2p_disconnect on all
interfaces including non P2P ones. This has undesired
effects such as disconnecting concurrent connected STA
interfaces as well as emitting P2P-GROUP-REMOVED events
on all interfaces including ones that didn't actually
have a P2P CLI or GO running.
Instead fail explicitly when attempting to p2p disconnect
an interface with no P2P activity.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| | |
| |
| |
| |
| |
| | |
When operating as a GO, disassoc the peer station on aging/Tx failure
Signed-off-by: Arik Nemtsov <arik@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The roc on a channel for 100+ ms which is part of the find
disturbs the P2P GO/CLI as these scenarios are unsupported
in non multi channel driver.
Therefore block the find in this case.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Used the wrong string compare API before.
Fix it by using the correst API.
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Stop blocking GO role if its operational channel
differs from the STA channel, as now the driver
can handle channel conflicts by sending channel
switch request to the userspace.
Signed-off-by: Victor Goldenshtein <victorg@ti.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
SETBAND command is handled in wpa_supplicant_driver_cmd API.
Add a dummy handler in driver_nl80211 for avoiding misleading log,
"Unsupported command: SETBAND ".
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Should be squashed with:
commit 61d59eaa7ebf59c926d40b00228e227b3d27f8c9
Author: Arik Nemtsov <arik@wizery.com>
Date: Mon Sep 24 17:39:23 2012 +0200
P2P: add conf param to prefer p2p multi channel
Reported-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Set the p2p_multi_chan parameter to 1 by default. It will have no effect
if the current driver doesn't support multi-channel. Otherwise it will
allow the P2P channel to be set while disregarding other connected
interfaces on the phy.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When p2p_multi_chan=1 is set in the wpa_supplicant.conf file, don't set
the P2P operating channel according to any existing shared frequency.
Normally we would force the operating channel to be the same as that of
other interfaces operating on the same phy. This param allow us to optimize
P2P user experience by allowing an arbitrary operating channel.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Handles the forgotten p2p_process_go_neg_resp() case of patch:
commit 66b8140a08b9f6297cd49a3428ada713bf668300
Author: Arik Nemtsov <arik@wizery.com>
Date: Thu Aug 30 21:06:45 2012 +0300
P2P: always re-select oper channel if not hard coded
Signed-off-by: Arik Nemtsov <arik@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| | |
When the multi-channel flag is on, don't try to force specific
p2p connection modes or change go_intent.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| | |
add channel switch related commands and attributes
Signed-off-by: Arik Nemtsov <arik@wizery.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Implement AP channel switch command. Handle
channel switch request and channel switch
complete events.
Signed-hostap: Victor Goldenshtein <victorg@ti.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add channel switch command and handle channel switch
request/complete events.
New hostapd_eid_csa() which builds the channel switch
announcement IE. Add this CSA to the beacon frame prior
performing a channel switch and remove it once it's
completed.
New EVENT_REQ_CH_SW which indicates that the driver
has requested to perform a channel switch.
Signed-hostap: Victor Goldenshtein <victorg@ti.com>
|
