Ilan Peer | 2 Jul 15:21 2015
Picon

[PATCH 0/9] P2PS CPT support

The patch set adds support for including P2PS Coordination Transport
Protocol when adding P2PS services and in P2PS PD flows, and also adds
hwsim tests (these tests are based on the previous patch set).

Max Stepanov (9):
  utils: Add cstr_token() function
  P2PS: Add CPT parameter to P2P_SERVICE_ADD asp command
  P2PS: Add CPT parameter to P2PS_PROVISION and P2PS_PROVISION_RESP
  P2PS: Add CPT handling on PD request and response
  P2PS: Add feature capability to PD events
  tests: Add CPT parameter to wpasupplicant asp_provision
  tests: Add CPT parameter to p2ps_advertise()
  tests: Add CPT parameters to p2ps_provision()
  tests: Add P2PS PD feature capability CPT tests

 src/common/ieee802_11_defs.h       |   9 +++
 src/p2p/p2p.c                      |  15 +++--
 src/p2p/p2p.h                      |  41 ++++++++++++-
 src/p2p/p2p_pd.c                   | 116 +++++++++++++++++++++++++++++--------
 src/utils/common.c                 |  65 +++++++++++++++------
 src/utils/common.h                 |   1 +
 tests/hwsim/test_p2ps.py           |  73 ++++++++++++++++++++---
 tests/hwsim/wpasupplicant.py       |   5 +-
 wpa_supplicant/ctrl_iface.c        |  72 ++++++++++++++++++++++-
 wpa_supplicant/p2p_supplicant.c    |  78 ++++++++++++++++++++-----
 wpa_supplicant/p2p_supplicant.h    |   3 +-
 wpa_supplicant/p2p_supplicant_sd.c |   5 +-
 12 files changed, 406 insertions(+), 77 deletions(-)

--

-- 
(Continue reading)

Ilan Peer | 2 Jul 15:14 2015
Picon

[PATCH 0/9] P2PS fix for PIN handling and test modifications

While running WFDS certification tests, we've identified a bug in the way
the P2PS P2P-PROV-SHOW-PIN/P2P-PROV-ENTER-PIN where handled in the
wpa_supplicant.

The first patch in the set fixes this to behave as expected by the WFDS
specification. The fix caused some of the P2PS tests to fail as they
did not adhere to the WFDS specification.

The following patches in the set fix some issues identified during testing
and in addition re-factor the p2ps tests by adding a generic methods for p2ps
provision and connection establishments. These methods make more strict
validation of the expected p2ps flows and reused in all the p2ps tests,
which simplifies the existing tests and makes easier adding new ones.

Andrei Otcheretianski (8):
  tests: Wait for scan to complete on all interfaces in reset()
  tests: Clear scan cache on reset
  tests: Few trivial fixes to p2ps tests
  tests: Add asp_provision method to wpa_supplicant
  tests: Add p2ps_provision() method
  tests: Add p2ps_connect_pd() method
  tests: Re-factor PD and connection flows in p2ps tests
  tests: Use p2ps_provision() and p2ps_connect_pd() in
    p2ps_connect_p2ps_method()

Max Stepanov (1):
  P2PS: Fix PD PIN event notifications

 src/p2p/p2p.h                |   5 +
 src/p2p/p2p_pd.c             |  58 +++-
(Continue reading)

volker.obhof.w | 2 Jul 11:51 2015
Picon

connect to specific mac address (AP etc.) after bg scan

Which function have I to use to start association, authentication etc. for a specific mac address which was selected with e.g. bg scan as probe request.

 

I get a scan result in bg where it can be decided which AP I want to connect with.




SEW-EURODRIVE GmbH & Co KG
Kommanditgesellschaft, Sitz: Bruchsal, RG Mannheim HRA 230970
Komplementärin: SEW-EURODRIVE Verwaltungs-GmbH, Sitz: Bruchsal, RG Mannheim HRB 230207

Gesellschafter: Jürgen Blickle, Rainer Blickle
Geschäftsführer: Jürgen Blickle (Vorsitzender), Johann Soder, Dr. Jürgen Zanghellini
_______________________________________________
HostAP mailing list
HostAP <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
Michal Kazior | 2 Jul 10:24 2015

Association race when acting as AP?

Hello,

I've been recently trying to figure out why I'm seeing messages like the following in dmesg:

 [  135.866308] p2p-wlan1-0: authenticate with 02:03:7f:91:53:51
 [  135.869745] p2p-wlan1-0: send auth to 02:03:7f:91:53:51 (try 1/3)
 [  135.877538] p2p-wlan1-0: authenticated
 [  135.888029] p2p-wlan1-0: associate with 02:03:7f:91:53:51 (try 1/3)
 [  135.912461] p2p-wlan1-0: RX AssocResp from 02:03:7f:91:53:51 (capab=0x411 status=0 aid=1)
 [  135.916226] p2p-wlan1-0: associated
 [  135.918038] p2p-wlan1-0: deauthenticated from 02:03:7f:91:53:51 (Reason: 7=CLASS3_FRAME_FROM_NONASSOC_STA)

This gets repeated a few times. Sometimes the connection succeeds after a few cycles, sometimes it doesn't. I've seen this mostly while testing P2P.

After looking into hostapd code I noticed something strange and I wonder if anyone else is already aware of this problem:

 1. AP starts
 2. STA->AP auth OTA
 3. AP->STA auth OTA
 4. STA->AP assoc req OTA
 5. AP->STA assoc resp OTA
 6. STA sends NullFunc with "STA will go to sleep" bit set
 7. AP driver/device sees a frame from with unknown TA/SA and issues Deauth w/ Reason 7
   (this Deauth doesn't originate from hostapd; it comes from the device FW in my case)
 8. AP sees TX_STATUS for (5) so it just now installs station entry to device/driver
 9. AP attempts to send EAPOL but STA is no longer there

I'm able to reproduce this quite easily with QCA6174 (ath10k) acting as P2P GO and Intel 7260 (iwlmvm) as P2P Client.

This also suggests it's not P2P specific.

To me this looks like a race in hostapd. The station should be installed to driver _before_ sending Assoc Resp frame, not after. My quick-n-dirty hack seems to help:

--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
<at> <at> -42,6 +42,11 <at> <at>
 #include "dfs.h"
 
 
+static void handle_assoc_cb(struct hostapd_data *hapd,
+                           const struct ieee80211_mgmt *mgmt,
+                           size_t len, int reassoc, int ok);
+
+
 u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
 {
        u8 *pos = eid;
<at> <at> -1675,6 +1680,8 <at> <at> static void send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
 
        send_len += p - reply->u.assoc_resp.variable;
 
+       handle_assoc_cb(hapd, reply, send_len, 0, 1);
+
        if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0)
                wpa_printf(MSG_INFO, "Failed to send assoc resp: %s",
                           strerror(errno));
<at> <at> -2561,7 +2568,6 <at> <at> void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len,
                break;
        case WLAN_FC_STYPE_ASSOC_RESP:
                wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb");
-               handle_assoc_cb(hapd, mgmt, len, 0, ok);
                break;
        case WLAN_FC_STYPE_REASSOC_RESP:
                wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb");


Obviously this is whitespace damaged and incomplete as it doesn't cover all the possible fail cases. It's just a proof-of-concept for the purpose of discussion.

Is anyone aware of this problem already? Anyone working on it? Any gotchas I should be aware of before I go into fixing this in a proper way? Or am I missing something and this isn't actually a problem?


Michał
_______________________________________________
HostAP mailing list
HostAP <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
Ilan Peer | 2 Jul 09:44 2015
Picon

[PATCH 00/10] P2PS fixes

The patch set includes fixes for some P2PS issues found during
testing.

Andrei Otcheretianski (8):
  P2PS: validate correctly wps methods in PD request
  P2PS: Save wps_prov_info on the responder side
  P2PS: Use wpas_p2p_create_iface() to check if dedicated iface is
    needed
  P2PS: Fix P2PS-PROV-DONE event on GO
  P2PS: Add intended iface address during PD for persistent group
  P2PS: Add PD response validation
  P2PS: Set intended interface address correctly for new group
  P2PS: Save intended interface address after P2PS PD

Max Stepanov (2):
  P2P: fix adv_id and adv_mac params of P2P-PROV-DISC-FAILURE
  P2P: refactor p2p_process_prov_disc_resp() function

 src/p2p/p2p.h                   |   7 +-
 src/p2p/p2p_i.h                 |   2 +
 src/p2p/p2p_pd.c                | 181 ++++++++++++++++++++++++++++++++++++----
 wpa_supplicant/p2p_supplicant.c |  66 +++++++++++----
 4 files changed, 223 insertions(+), 33 deletions(-)

--

-- 
1.9.1
Dan Williams | 1 Jul 17:52 2015
Picon

[PATCH] drivers/hostap: fix send_mlme after 'freq' parameter addition


Fixes: 5d180a77
---
 src/drivers/driver_hostap.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/drivers/driver_hostap.c b/src/drivers/driver_hostap.c
index 8835005..afc44f4 100644
--- a/src/drivers/driver_hostap.c
+++ b/src/drivers/driver_hostap.c
 <at>  <at>  -316,7 +316,7  <at>  <at>  static int hostap_send_eapol(void *priv, const u8 *addr, const u8 *data,
 	pos += 2;
 	memcpy(pos, data, data_len);

-	res = hostap_send_mlme(drv, (u8 *) hdr, len, 0);
+	res = hostap_send_mlme(drv, (u8 *) hdr, len, 0, 0);
 	if (res < 0) {
 		wpa_printf(MSG_ERROR, "hostap_send_eapol - packet len: %lu - "
 			   "failed: %d (%s)",
 <at>  <at>  -1053,7 +1053,7  <at>  <at>  static int hostap_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
 	memcpy(mgmt.bssid, own_addr, ETH_ALEN);
 	mgmt.u.deauth.reason_code = host_to_le16(reason);
 	return hostap_send_mlme(drv, (u8 *) &mgmt, IEEE80211_HDRLEN +
-				sizeof(mgmt.u.deauth), 0);
+				sizeof(mgmt.u.deauth), 0, 0);
 }

 
 <at>  <at>  -1091,7 +1091,7  <at>  <at>  static int hostap_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
 	memcpy(mgmt.bssid, own_addr, ETH_ALEN);
 	mgmt.u.disassoc.reason_code = host_to_le16(reason);
 	return  hostap_send_mlme(drv, (u8 *) &mgmt, IEEE80211_HDRLEN +
-				 sizeof(mgmt.u.disassoc), 0);
+				 sizeof(mgmt.u.disassoc), 0, 0);
 }

 
 <at>  <at>  -1169,7 +1169,7  <at>  <at>  static void wpa_driver_hostap_poll_client(void *priv, const u8 *own_addr,
 	os_memcpy(hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
 	os_memcpy(hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);

-	hostap_send_mlme(priv, (u8 *)&hdr, sizeof(hdr), 0);
+	hostap_send_mlme(priv, (u8 *)&hdr, sizeof(hdr), 0, 0);
 }

 
--

-- 
2.1.0
volker.obhof.w | 1 Jul 16:14 2015
Picon

copy value into unsigned int variable

In BSS Load IE station count is interpreted as unsinged int value. I have to copy it from IE which is a little endian into unsigned int in big endian.

 

Which function can I use in wpa_supplicant to do that?




SEW-EURODRIVE GmbH & Co KG
Kommanditgesellschaft, Sitz: Bruchsal, RG Mannheim HRA 230970
Komplementärin: SEW-EURODRIVE Verwaltungs-GmbH, Sitz: Bruchsal, RG Mannheim HRB 230207

Gesellschafter: Jürgen Blickle, Rainer Blickle
Geschäftsführer: Jürgen Blickle (Vorsitzender), Johann Soder, Dr. Jürgen Zanghellini
_______________________________________________
HostAP mailing list
HostAP <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
Jan K | 30 Jun 21:05 2015
Picon

wpa-supplicant 2.4 and "RSN: no PMKSA entry found"

Hello,

I'm having trouble with WPA-EAP and wpa_supplicant 2.4; I get deauth for local reason during EAPOL,
probably due to PMKSA cache problem.
Using identical config with 2.1 and 2.3 successfully connects, while 2.4 fails.

I've compared wpa_supplicant -ddd output to find the following change:

(both)RSN: Added PMKSA cache entry for 00:04:96:68:71:31 network_ctx=(...)
(both)nl80211: Add PMKID for 00:04:96:68:71:31

(bad) wlp4s0: RSN: no PMKSA entry found - trigger full EAP authentication
(good)wlp4s0: RSN: the new PMK matches with the PMKID

Next: 2.3 and 2.1 succeed EAPOL, 2.4 prints out several lines, waits for 0.5s and deauths.

I inserted larger context of logs below.

Initially I've been looking for the source of the problem around card drivers, network manager etc., but a
colleague of mine encountered today the same problem on Fedora 22 after wpa_supplicant 2.3->2.4 update.
I checked against an 2.1 version, and bingo, connection established.

I observed the problem using Intel Dual Band Wireless-AC 7265 (iwlwifi iwlmvm,
iwlwifi-7265D-12.ucode), with linux-4.1.0, gentoo.

Do I correctly blame wpa_supplicant for regression? If no, where else should I report the problem?

Regards,
Jan

================ wpa_supplicant v2.4 ================
wlp4s0: State: ASSOCIATED -> 4WAY_HANDSHAKE
wlp4s0: WPA: RX message 1 of 4-Way Handshake from 00:04:96:68:71:31 (ver=2)
RSN: msg 1/4 key data - hexdump(len=22): dd 14 00 0f ac 04 5b 61 2f 34 dd c5 23 d0 57 fa 57 be 9d 95 e8 f3
WPA: PMKID in EAPOL-Key - hexdump(len=22): dd 14 00 0f ac 04 5b 61 2f 34 dd c5 23 d0 57 fa 57 be 9d 95 e8 f3
RSN: PMKID from Authenticator - hexdump(len=16): 5b 61 2f 34 dd c5 23 d0 57 fa 57 be 9d 95 e8 f3
wlp4s0: RSN: no matching PMKID found
EAPOL: Successfully fetched key (len=32)
EAPOL: Successfully fetched key (len=64)
WPA: PMK from EAPOL state machines - hexdump(len=32): [REMOVED]
RSN: Added PMKSA cache entry for 00:04:96:68:71:31 network_ctx=0x259daf0
nl80211: Add PMKID for 00:04:96:68:71:31
wlp4s0: RSN: no PMKSA entry found - trigger full EAP authentication
wlp4s0: RSN: Do not reply to msg 1/4 - requesting full EAP authentication
l2_packet_receive: src=00:04:96:68:71:31 len=121
wlp4s0: RX EAPOL from 00:04:96:68:71:31
RX EAPOL - hexdump(len=121): 01 03 00 75 02 00 8a 00 10 00 00 00 00 00 00 00 02 ae 09 7c e1 c1 0f f2 93 6c 68 8a 16 c7 20 0c
c2 73 11 32 52 80 09 09 f8 ff 34 a1 1d ab 49 71 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 dd 14 00 0f ac 04 5b 61 2f 34 dd c5 23 d0 57 fa 57 be 9d 95 e8 f3
EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines
wlp4s0: IEEE 802.1X RX: version=1 type=3 length=117
WPA: RX EAPOL-Key - hexdump(len=121): 01 03 00 75 02 00 8a 00 10 00 00 00 00 00 00 00 02 ae 09 7c e1 c1 0f f2 93 6c 68 8a
16 c7 20 0c c2 73 11 32 52 80 09 09 f8 ff 34 a1 1d ab 49 71 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 dd 14 00 0f ac 04 5b 61 2f 34 dd c5 23 d0 57 fa 57
be 9d 95 e8 f3
wlp4s0:   EAPOL-Key type=2
wlp4s0:   key_info 0x8a (ver=2 keyidx=0 rsvd=0 Pairwise Ack)
wlp4s0:   key_length=16 key_data_length=22
  replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 02
  key_nonce - hexdump(len=32): ae 09 7c e1 c1 0f f2 93 6c 68 8a 16 c7 20 0c c2 73 11 32 52 80 09 09 f8 ff 34 a1 1d ab 49 71 f8
  key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_mic - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
wlp4s0: State: 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE
wlp4s0: WPA: RX message 1 of 4-Way Handshake from 00:04:96:68:71:31 (ver=2)
RSN: msg 1/4 key data - hexdump(len=22): dd 14 00 0f ac 04 5b 61 2f 34 dd c5 23 d0 57 fa 57 be 9d 95 e8 f3
WPA: PMKID in EAPOL-Key - hexdump(len=22): dd 14 00 0f ac 04 5b 61 2f 34 dd c5 23 d0 57 fa 57 be 9d 95 e8 f3
RSN: PMKID from Authenticator - hexdump(len=16): 5b 61 2f 34 dd c5 23 d0 57 fa 57 be 9d 95 e8 f3
EAPOL: Successfully fetched key (len=32)
EAPOL: Successfully fetched key (len=64)
WPA: PMK from EAPOL state machines - hexdump(len=32): [REMOVED]
WPA: reusing previous PMKSA entry
Get randomness: len=32 entropy=11
random from os_get_random - hexdump(len=32): [REMOVED]
random_mix_pool - hexdump(len=20): [REMOVED]
random from internal pool - hexdump(len=16): [REMOVED]
random_mix_pool - hexdump(len=20): [REMOVED]
random from internal pool - hexdump(len=16): [REMOVED]
mixed random - hexdump(len=32): [REMOVED]
WPA: Renewed SNonce - hexdump(len=32): f0 b9 6c 0e 44 7c a5 f8 0e e5 b4 e9 26 c3 b4 a1 27 5e e5 39 e6 7b c7 0d 43 ff fc 47
25 0c 9d 02
WPA: PTK derivation - A1=60:57:18:7a:43:ba A2=00:04:96:68:71:31
WPA: Nonce1 - hexdump(len=32): f0 b9 6c 0e 44 7c a5 f8 0e e5 b4 e9 26 c3 b4 a1 27 5e e5 39 e6 7b c7 0d 43 ff fc 47 25 0c 9d 02
WPA: Nonce2 - hexdump(len=32): ae 09 7c e1 c1 0f f2 93 6c 68 8a 16 c7 20 0c c2 73 11 32 52 80 09 09 f8 ff 34 a1 1d ab 49 71 f8
WPA: PMK - hexdump(len=32): [REMOVED]
WPA: PTK - hexdump(len=48): [REMOVED]
WPA: KCK - hexdump(len=16): [REMOVED]
WPA: KEK - hexdump(len=16): [REMOVED]
WPA: TK - hexdump(len=16): [REMOVED]
WPA: WPA IE for msg 2/4 - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00
WPA: Replay Counter - hexdump(len=8): 00 00 00 00 00 00 00 02
wlp4s0: WPA: Sending EAPOL-Key 2/4
WPA: KCK - hexdump(len=16): [REMOVED]
WPA: Derived Key MIC - hexdump(len=16): 17 72 0f b6 2b d3 6b 88 39 a0 c4 62 62 08 1a 14
WPA: TX EAPOL-Key - hexdump(len=121): 01 03 00 75 02 01 0a 00 00 00 00 00 00 00 00 00 02 f0 b9 6c 0e 44 7c a5 f8 0e e5 b4
e9 26 c3 b4 a1 27 5e e5 39 e6 7b c7 0d 43 ff fc 47 25 0c 9d 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 17 72 0f b6 2b d3 6b 88 39 a0 c4 62 62 08 1a 14 00 16 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00
0f ac 01 00 00
RTM_NEWLINK: ifi_index=4 ifname=wlp4s0 operstate=2 linkmode=1 ifi_family=0 ifi_flags=0x1003 ([UP])
nl80211: Event message available
nl80211: Drv Event 20 (NL80211_CMD_DEL_STATION) received for wlp4s0
nl80211: Delete station 00:04:96:68:71:31
nl80211: Event message available
nl80211: Drv Event 39 (NL80211_CMD_DEAUTHENTICATE) received for wlp4s0
nl80211: MLME event 39 (NL80211_CMD_DEAUTHENTICATE) on wlp4s0(60:57:18:7a:43:ba)
A1=60:57:18:7a:43:ba A2=00:04:96:68:71:31
nl80211: MLME event frame - hexdump(len=26): c0 00 3a 01 60 57 18 7a 43 ba 00 04 96 68 71 31 00 04 96 68 71 31 60 8c 0f 00
nl80211: Deauthenticate event
wlp4s0: Event DEAUTH (12) received
wlp4s0: Deauthentication notification
wlp4s0:  * reason 15
wlp4s0:  * address 00:04:96:68:71:31
Deauthentication frame IE(s) - hexdump(len=0): [NULL]
wlp4s0: CTRL-EVENT-DISCONNECTED bssid=00:04:96:68:71:31 reason=15
=====================================================

================ wpa_supplicant v2.1 ================
wlp4s0: State: ASSOCIATED -> 4WAY_HANDSHAKE
wlp4s0: WPA: RX message 1 of 4-Way Handshake from 00:04:96:68:71:31 (ver=2)
RSN: msg 1/4 key data - hexdump(len=22): dd 14 00 0f ac 04 48 8e 54 f0 86 4a 7e ef 0e 07 f7 8c cf de 66 69
WPA: PMKID in EAPOL-Key - hexdump(len=22): dd 14 00 0f ac 04 48 8e 54 f0 86 4a 7e ef 0e 07 f7 8c cf de 66 69
RSN: PMKID from Authenticator - hexdump(len=16): 48 8e 54 f0 86 4a 7e ef 0e 07 f7 8c cf de 66 69
wlp4s0: RSN: no matching PMKID found
EAPOL: Successfully fetched key (len=32)
EAPOL: Successfully fetched key (len=64)
WPA: PMK from EAPOL state machines - hexdump(len=32): [REMOVED]
RSN: Added PMKSA cache entry for 00:04:96:68:71:31 network_ctx=0x200cf30
nl80211: Add PMKID for 00:04:96:68:71:31
wlp4s0: RSN: the new PMK matches with the PMKID
Get randomness: len=32 entropy=11
random from os_get_random - hexdump(len=32): [REMOVED]
random_mix_pool - hexdump(len=20): [REMOVED]
random from internal pool - hexdump(len=16): [REMOVED]
random_mix_pool - hexdump(len=20): [REMOVED]
random from internal pool - hexdump(len=16): [REMOVED]
mixed random - hexdump(len=32): [REMOVED]
WPA: Renewed SNonce - hexdump(len=32): e5 da c9 ce d0 d5 d5 f1 e2 8d 83 ee 7f 06 39 48 00 5c 39 91 bf 07 44 a9 86 e2 cf ba
ac db 6f f8
WPA: PTK derivation - A1=60:57:18:7a:43:ba A2=00:04:96:68:71:31
WPA: Nonce1 - hexdump(len=32): e5 da c9 ce d0 d5 d5 f1 e2 8d 83 ee 7f 06 39 48 00 5c 39 91 bf 07 44 a9 86 e2 cf ba ac db 6f f8
WPA: Nonce2 - hexdump(len=32): d1 36 fe a1 60 ea 11 c6 08 60 e6 05 06 cb 5a 34 cc 08 96 bc 89 1a 6f a4 82 bd a8 2c 51 57 3f 44
WPA: PMK - hexdump(len=32): [REMOVED]
WPA: PTK - hexdump(len=48): [REMOVED]
WPA: WPA IE for msg 2/4 - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00
WPA: Replay Counter - hexdump(len=8): 00 00 00 00 00 00 00 01
wlp4s0: WPA: Sending EAPOL-Key 2/4
=====================================================
Pedro Salazar | 30 Jun 17:14 2015
Picon

Beacon Stuffing using hostapd

Hi all,
I'm a final year master student and I'm currently working on my master thesis.

One of the first objectives I'm trying to achieve is to perform beacon stuffing using the Vendor Specific Information Element (IE 221) to pass around some network metrics in Beacons. Nodes will be running hostapd.
To enable this Information Element in beacons and probe response frames I used the "vendor_elements" field in the hostapd.conf file and everything is working fine.
Although, my metrics change during run-time so I need to be able to change the IE 221 without restarting hostapd.

After tracing the hostapd source code I still can't find the solution to my problem: How to change the IE 221 during run time?

I see that the vendor_elements is loaded from the configuration file in hostapd_config_fill (inside config_file.c) and that the beacon is constructed in ieee802_11_build_ap_params (inside beacon.c). Then it seems that wpa_driver_nl80211_set_ap (inside driver_nl80211.c) sends Head and Tail beacon parts to cfg80211 then everything is handled by the lower level drivers. Am I right?

Using Debug Mode I can see that hostapd is in charge of handling both MLME and Probe Req/Rep frames. But what about Beacons, does hostapd also send the beacon frames or are these handled by mac80211?

What I am trying to understand is where should I focus if I want to update the IE 221 during run time. Could I use for example the ieee802_11_update_beacons function to achieve this?

Sorry for such a long email, but I've been trying to solve this question for quite a long time and the deadline is getting closer and closer.

Best Regards,
Pedro Salazar
_______________________________________________
HostAP mailing list
HostAP <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
Jouni Malinen | 26 Jun 21:56 2015
Picon

Re: [PATCH] Send CTRL-EVENT-NETWORK-NOT-FOUND if no suitable network was found

On Fri, Jun 19, 2015 at 10:40:02AM -0700, Dmitry Shmidt wrote:
> This patch informs upper wifi manager that
> selected network was not found.

> diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
>  <at>  <at>  -1563,7 +1563,7  <at>  <at>  static int wpas_select_network_from_last_scan(struct wpa_supplicant *wpa_s,
> -		wpa_dbg(wpa_s, MSG_DEBUG, "No suitable network found");
> +		wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_NETWORK_NOT_FOUND);
>  		ssid = wpa_supplicant_pick_new_network(wpa_s);
>  		if (ssid) {
>  			wpa_dbg(wpa_s, MSG_DEBUG, "Setup a new network");

Replacing wpa_dbg() with wpa_msg_ctrl() would mean that there is no more
debug log entry here which would be undesired. In theory, this could be
wpa_msg() instead of wpa_msg_ctrl(), but I'm not sure this should really
be in debug log at INFO level, so it may be easiest to just leave the
wpa_dbg() there and add a new control-interface-only message with
wpa_msg_ctrl().

That said, this looks a bit confusing control interface message for some
use cases, i.e., this new CTRL-EVENT-NETWORK-NOT-FOUND would show up
when setting up an IBSS or AP mode operation with wpa_supplicant. Those
can use this code path.

What would the wifi manager do with this information? How would that
work if wpa_supplicant were to follow up with IBSS or AP mode setup? I
guess the upper layer component would be able to figure out whether that
can happen based on what kind of network profiles are enabled, but
still, that message text would look quite confusing when it would be
immediately followed by starting a network..

--

-- 
Jouni Malinen                                            PGP id EFC895FA
volker.obhof.w | 26 Jun 10:36 2015
Picon

Get IEs from Scan result

I try to modify a background scan.

 

So there are the structs “wpa_scan_results” and “wpa_scan_res”. In struct “wpa_scan_res” there is a variable “ie_len”.

 

How can I get IEs from  current scan (probe response) because I only have IE length in that struct?

 

 

 




SEW-EURODRIVE GmbH & Co KG
Kommanditgesellschaft, Sitz: Bruchsal, RG Mannheim HRA 230970
Komplementärin: SEW-EURODRIVE Verwaltungs-GmbH, Sitz: Bruchsal, RG Mannheim HRB 230207

Gesellschafter: Jürgen Blickle, Rainer Blickle
Geschäftsführer: Jürgen Blickle (Vorsitzender), Johann Soder, Dr. Jürgen Zanghellini
_______________________________________________
HostAP mailing list
HostAP <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap

Gmane