| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Change-Id: I579af1fa8c2f85622ffddb186ba799dcb9ac4b6f
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Tested-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a possible memcpy overflow for P2P dev->oper_ssid in
p2p_add_device(). The length provided by the peer device (0..255 bytes)
was used without proper bounds checking and that could have resulted in
arbitrary data of up to 223 bytes being written beyond the end of the
dev->oper_ssid[] array (of which about 150 bytes would be beyond the
heap allocation) when processing a corrupted management frame for P2P
peer discovery purposes.
This could result in corrupted state in heap, unexpected program
behavior due to corrupted P2P peer device information, denial of service
due to process crash, exposure of memory contents during GO Negotiation,
and potentially arbitrary code execution.
Thanks to Google security team for reporting this issue and smart
hardware research group of Alibaba security team for discovering it.
Change-Id: I9f350f20cdd010f2c096514b245b4a901ad74e46
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
wpa_cli p2p_serv_disc_req command can now be used to request WSD
request to be sent to specified or all peers who support WSD.
format: wifi-display <list of roles> <list of subelements>
examples:
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source] 2,3,4,5
p2p_serv_disc_req 02:01:02:03:04:05 wifi-display [pri-sink] 3
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [sec-source] 2
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source+sink] 2,3,4,5
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source][pri-sink] 2,3,4,5
Change-Id: I14f8a92aa9a2161d7db97f5670d2dfe3b63ef1e3
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
|
| |
|
|
|
|
|
|
| |
This makes it easier to parse the WFD subelements from scan results.
Change-Id: I1ce349bb33b56470888b47a37a96e56f1e0d6342
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds control interface commands and internal storage of
Wi-Fi Display related configuration. In addition, WFD IE is now added
to various P2P frames, Probe Request/Response, and (Re)Association
Request/Response frames. WFD subelements from peers are stored in the
P2P peer table.
Following control interface commands are now available:
SET wifi_display <0/1>
GET wifi_display
WFD_SUBELEM_SET <subelem> [hexdump of length+body]
WFD_SUBELEM_GET <subelem>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
[vishalm@ti.com: Backported it to curent tree]
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
Change-Id: Ief0cd61903facd9209927d9dc84c8f093f3b6bac
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit "P2P: Fix duplicate handling of rx action frames"
went too far and dropped any rx action frames arriving on the GO
interface. It assumed that any action frames were duplicated
and received on both GO interface and P2P device interface.
This is wrong as some actions frames like P2P presence request
are sent to the GO interface address and won't be duplicated.
The root cause of the duplication lies within the Rx path in mac80211
in Johannes` patch "mac80211: accept public action frames with mismatched BSSID".
When wpa_s works with a separate group interface this creates a duplicated Rx
on both the P2P dev interface and the GO interface.
Fix the issue by canceling the duplication in wpa_s and discarding
public action frames with unmatching bssid arriving on a dedicated GO interface
(This should be squashed with
"P2P: Fix duplicate handling of rx action frames")
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
| |
Add this for supporting country command coming as DRIVER command in Android.
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
|
| |
|
|
|
|
|
|
|
| |
add APIs for dynamically changing the macaddr_acl
policy and mac addresses lists.
once changed, hostapd will deauth stations which
do not pass the new policy.
Signed-off-by: Nadim Zubidat <nadimz@ti.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
A wait of 200ms is configured after sending the go neg request.
The go neg process can end quickly within less than 200ms. If this wait
isn't canceled it can cause the beaconing of the GO to start while
mac80211 is still off channel on the listen channel and this may cause
beaconing on the wrong channel if oper channel is different from
the listen channel.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is replaced by a recent patch by Jouni in the upstream:
"P2P: Allow P2P functionality to be disabled per interface"
This reverts commit a56f6df6f8e5dcd650893e8beb4a16a633c179d1.
Conflicts:
src/p2p/p2p.c
|
| |
|
|
|
|
|
|
|
|
|
| |
The missing call to scan_action_done keeps us offchan
on the listen channel for 250ms following sending go neg resp.
In case the oper channel is different from the listen channel
and we're GO a race could lead to start beaconing while offchan.
This causes the beacons to go out on the listen channel instead
of the oper channel.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
| |
Used the wrong string compare API before.
Fix it by using the correst API.
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
|
| |
|
|
|
|
|
|
| |
SETBAND command is handled in wpa_supplicant_driver_cmd API.
Add a dummy handler in driver_nl80211 for avoiding misleading log,
"Unsupported command: SETBAND ".
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Handles the forgotten p2p_process_go_neg_resp() case of patch:
commit 66b8140a08b9f6297cd49a3428ada713bf668300
Author: Arik Nemtsov <arik@wizery.com>
Date: Thu Aug 30 21:06:45 2012 +0300
P2P: always re-select oper channel if not hard coded
Signed-off-by: Arik Nemtsov <arik@wizery.com>
|
| |
|
|
|
|
| |
add channel switch related commands and attributes
Signed-off-by: Arik Nemtsov <arik@wizery.com>
|
| |
|
|
|
|
|
|
| |
Implement AP channel switch command. Handle
channel switch request and channel switch
complete events.
Signed-hostap: Victor Goldenshtein <victorg@ti.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add channel switch command and handle channel switch
request/complete events.
New hostapd_eid_csa() which builds the channel switch
announcement IE. Add this CSA to the beacon frame prior
performing a channel switch and remove it once it's
completed.
New EVENT_REQ_CH_SW which indicates that the driver
has requested to perform a channel switch.
Signed-hostap: Victor Goldenshtein <victorg@ti.com>
|
| |
|
|
|
|
| |
New hostapd_channel_switch – to handle channel switch request.
Signed-hostap: Victor Goldenshtein <victorg@ti.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is part of changing the RX filters configuration to being
global and not dependent on the interface context.
RX filter #0 should point to a filter matching any unicast frame
sent to the STA (wlan0) mac. The configuration is done by
querying the mac address of the interface. As we now have
reconfiguration of filters done from the context of the p2p interface
filter #0 would get reconfigured with the P2P dev mac.
Avoid this by hard coded querying for the mac of wlan0 when
creating the pattern for RX filter #0.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is used to reconfigure RX filters to include a new filter whenever
the P2P group interface is added. The new filter matches any unicast
frame sent to a dest mac which matches the P2P group interface mac.
This is important as otherwise we wouldn't allow any data frames through
to this interface.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The current RX filters are statically defined and can only
be enabled or disabled by the DRIVER RX-FILTER commands.
Add support to add or remove RX filters "on the fly" from
within wpa_s code so we can use this to add an RX filter matching
unicast packets going to the new P2P interface mac.
Whenever the filters change the whole list of filters needs
to be configured to the kernel.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The RX filters (wowlan) configuration is per interface
but this doesn't reflect the state in the kernel where it's
per hw device (effectively in Android global).
In JB this is more important as wpa_s uses up to 3 different
interfaces when running P2P+STA. Also, fix a minor bug
in nl80211_toggle_wowlan_trigger where the wpa_s wowlan state
changed even if configuring the kernel failed.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
|
|
|
| |
The following driver specific commands aren't used in JB
and were replaced by other APIs:
POWERMODE,GETPOWER,LINKSPEED,RSSI,RSSI-APPROX
Remove code handling these commands.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
|
| |
There's no support for this in the driver for now
as the relevant patches were dropped. Therefore
remove relevant code in wpa_s as well.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Commit e5693c4775bae65faa960f80889f98b0a6cb2e1c added a copy of the
determined basic rate set into struct hostapd_iface, but did not
actually copy the terminating -1 value. This could be problematic if
something were to actually try to use this list since would be no way to
know what is the last entry in the list. Fix this by copying the
terminating value.
Signed-hostap: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
|
| |
When no other user preference is specified, opt to use an operating
channel that allows HT40 operation. This way, if driver capabilities
and regulatory constraints allow, we might enjoy increased bandwidth.
Signed-hostap: Arik Nemtsov <arik@wizery.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Since the operating channel is randomly set to 1/6/11 on init, which is
always in the channel intersection, we were effectively ignoring the set
of p2p preferred channels.
Fix this by trying to get the best channel we can, unless the user hard
coded the operating channel in the configuration file. Fall back to the
initial randomly selected channel if a better one cannot be chosen.
Signed-hostap: Arik Nemtsov <arik@wizery.com>
|
| |
|
|
|
|
|
| |
Increase GO config timeout if HT40 is used since it takes some time
to scan channels for coex purposes before the BSS can be started.
Signed-hostap: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
|
| |
Add optional "ht40" argument for p2p_group_add command to enable 40 MHz
in 5GHz band. This configures the secondary channel, when HT support is
enabled and if the HW supports 40 MHz channel width.
Signed-hostap: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
| |
There is no need to mandate admission control (ACM=1) by default, so
clear that flag in the case the configuration file does not specify
wmm_ac_{vo,vi}_acm value. This gets closer to the values mentioned
in the sample hostapd.conf file and reduces the need to specify WMM
parameters in the configuration file for most common use cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
|
|
| |
The conf doesn't contain any basic rates in some cases. Most notably,
when starting a p2p GO in 5Ghz. Use the iface rates which are
initialized in hostapd_prepare_rates() to the conf rates or set to
default values if no conf values exist.
Signed-hostap: Arik Nemtsov <arik@wizery.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The current code caused P2P and consquently WPS IEs to be added
to any probe as the check was for non null global->p2p.
global->p2p gets set whenever P2P is initialized globally
and that occurs on the first interface init.
Fix this by indicating wps is in use only when in active P2P
discovery or connection establishement.
(i.e. not P2P_IDLE - either doing search, neg or provisioning)
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
| |
Multiple memcmps of nonces were actually comparing
only the first byte instead of all 16 bytes.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
p2p_set_timeout() calls in GO Neg Req/Resp TX callbacks used timeout of
100 ms which is the value given in the P2P specification for GO
Negotiation, but this was actually shorter than the
wait-for-offchannel-TX value (200 ms) used for the driver call. In
addition, it looks like some devices (e.g., Galaxy Nexus with JB image)
can take longer time to reply to GO Negotiation Response (somewhere
between 200 and 250 ms has been observed).
Increase the wait-for-GO-Neg-Resp timeout from 100 ms to 200 ms if GO
Negotiation Request frame was acknowledged (this matches with the
offchannel wait timeout that used previously). The no-ack case is left
at 100 ms since we use GO Negotiation Request frame also to discover
whether the peer is on its Listen channel.
Increase the wait-for-GO-Neg-Conf timeout from 100 ms to 250 ms (and
increase the offchannel wait timeout to matching 250 ms) as a workaround
for devices that take over 200 ms to reply to GO Negotiation Response.
Signed-hostap: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
| |
Found using valgrind.
Signed-hostap: Paul Stewart <pstew@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Relevant for wl6/7 only, we need to figure out the wl8 MR case.
We now declare iface combinations in wlcore due to cfg80211
enforcement of that. Since we declare support for concurrent
STA and P2P_GO, wpa_s would like to use another interface for
GO. However, since we don't really support P2P_GO so well in MR
but we do want to enable it in MR, prevent wpa_s from using P2P
concurrent mode.
This should be removed once we support P2P_GO properly in MR.
[Arik - should be changed to a configuration parameter to wpa_s, and the
current default should be preserved]
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Supposedly fixed a crash which occurs during actual PBC overlap
according to BRCM commit log.
(Not quite sure what's the exact cause of the crash here. However
this looks like a non BRCM specific change so take it).
p2p_dev_addr can be NULL in some of the calls. Might cause a problem ?)
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
|
| |
(This seems to be a bug fix squashed in one of the BRCM patches.
Could be that the probability of this occuring once the expiration
time was reduced to 30s is higher)
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Avoid reporting scan results to the application in case a P2P search
is in progress as there will be many events but the scan is only
done on channels 1,6,11. This may cause APs on other channels to "disappear"
from the scan results.
Also avoid updating P2P interfaces with STA interfaces scan results
in order to avoid having results which are not on the social channels.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
p2p find can now defer starting the p2p scan due to an ongoing
scan on a different interface. Relying on p2p_cb_on_scan_complete
which is a per interface flag is wrong here and we won't resume
the p2p find in case the scan wasn't on the same interface (which is
the case in Android JB).
Fix this by relying on the global p2p state instead.
(This description is based on analysis of the code as the original
BRCM commit doesn't contain any useful information)
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
| |
Changed from 5 min to 30 secs probably in order
to avoid stale peers appearing in the Android UI.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
| |
Add a parameter which can be set from wpa_s commandline
or conf file to force real multi channel.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
|
| |
Commit d3bd0f "nl80211: Extend shared_freq to handle AP/GO mode interfaces"
still discards AP/GO interfaces so effectively shared_freq
won't work on AP/GO interaces like intended.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upon association check whether there's a a frequency
conflict given that no support for multi channel. In case
there's a freq conflict with an existing P2P_GO or P2P_CLI
decide how to resolve it (which one to disable or disconnect)
according to the priority configuration.
Effectively on Android JB, STA is always prioritized over P2P
so in case of a conflict P2P will be disconnected so that STA
can associate on a different channel.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a new configurable property which points to the interface
name that should prioritized in case of resolving connection
conflicts.
(This appears to be prep work which doesn't get used however
we include it to better align with JB)
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
|
|
|
| |
[Eyal - Keep specific BRCM specific stuff under
ANDROID_BRCM_P2P_PATCH and not ANDROID_P2P which
TI solution compiles with]
Change-Id: I0f6222839ac87241f1bfbbb1fdc6469bf6359652
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
| |
- Fix listen timing to improve SD reliability
- Fix SD packet scheduling
Signed-off-by: Eyal Shapira <eyal@wizery.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The new keystore ENGINE is usable to perform private key operations when
we can't get the actual private key data. This is the case when hardware
crypto is enabled: the private key never leaves the hardware.
Subsequently, we need to be able to talk to OpenSSL ENGINEs that aren't
PKCS#11 or OpenSC. This just changes a few #define variables to allow us
to talk to our keystore engine without having one of those enabled and
without using a PIN.
|
| |
|
|
|
|
|
|
| |
Add DRIVER DROPBCAST {GET,ENABLE,DISABLE} commands to show the current
setting, enable and disable the feature of dropping all broadcast
packets while in suspend mode.
Signed-off-by: Luciano Coelho <coelho@ti.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement the LINKSPEED and RSSI/RSSI-APPROX private commands.
Upstream implementation sends the HANGED state event on
private command failure. Unimplemented commands were
sent to the driver as-is, causing the HANGED event to be sent
and cause a recovery. Private command handling was modified so
that only implemented commands are sent to the driver and
the sending of the HANGED event was removed.
[Arik - The "linkspeed" driver command incorrectly reported the
rate in kbps. Fix this]
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Yotam Rubin <yotam@wizery.com>
|
