刘涵宇 | 18 Apr 10:25 2014
Picon

Why does hostapd takeover control frame from mac80211?

Hi everyone,

I'm working on a WLAN program running on access point. It needs to capture control frame(ack) which not belong to its BSS. So I use a monitor interface to capture it in mac80211 with netlink socket. All that seem to be fine until I use hostapd to create a access point. It deliver all control frames to its user space daemon, but it looks like that it does nothing with control frame.

Why should hostapd do that? Is there any way to let it do not snatch control frame or get ack from its user space?

Thanks very much.

--
Regards,

Hanyu Liu
_______________________________________________
HostAP mailing list
HostAP <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
Zeeshan Ali (Khattak | 17 Apr 18:36 2014
Picon

Fwd: Geoclue & permissions

Hi everyone,

I'm forwarding my short discussion with Jouni about permissions on
D-Bus interface, as per his suggestion to bring the discussion to this
list.

Forwarded conversation
Subject: Geoclue & permissions
------------------------

From: Zeeshan Ali (Khattak) <zeeshanak <at> gnome.org>
Date: Thu, Apr 17, 2014 at 4:14 PM
To: Jouni Malinen <jouni <at> qca.qualcomm.com>

Moi Jouni,

For wifi-geolocation in geoclue project[1], I'm currently using
NetworkManager for getting list of WiFis in the area. Someone
suggested that I use wpa_supplicant directly for greater portability
and adoption so I'm looking into that.

I see that you have restricted all of your D-Bus API to root user
only. Geoclue is supposed to typically run as a special user
('geoclue') without admin preveleges so goeclue can't readily use
wpa_supplicant.

I see 3 options:

1. Geoclue installs a dbus policy file that gives its user permissions
on needed API.
2. wpa_supplicant give permissions in its policy file to geoclue user
specifically.
3. wpa_supplicant give permissions to readonly API (getting list of
interfaces, BSSs etc) to everyone.

I'm going to go for #1 for now but keeping in mind that its likely not
to work in post-kdbus world, I thought I should consult you on this.

--
Regards,

Zeeshan Ali (Khattak)
FSF member#5124

[1] http://www.freedesktop.org/wiki/Software/GeoClue/

----------
From: Jouni Malinen <jouni <at> qca.qualcomm.com>
Date: Thu, Apr 17, 2014 at 4:40 PM
To: "Zeeshan Ali (Khattak)" <zeeshanak <at> gnome.org>

On Thu, Apr 17, 2014 at 04:14:35PM +0100, Zeeshan Ali (Khattak) wrote:
> For wifi-geolocation in geoclue project[1], I'm currently using
> NetworkManager for getting list of WiFis in the area. Someone
> suggested that I use wpa_supplicant directly for greater portability
> and adoption so I'm looking into that.
>
> I see that you have restricted all of your D-Bus API to root user
> only. Geoclue is supposed to typically run as a special user
> ('geoclue') without admin preveleges so goeclue can't readily use
> wpa_supplicant.

You may want to bring this up on the hostap mailing list. I did not
design the D-Bus API or the permissions set in the configuration file
for this.

> I see 3 options:
>
> 1. Geoclue installs a dbus policy file that gives its user permissions
> on needed API.
> 2. wpa_supplicant give permissions in its policy file to geoclue user
> specifically.
> 3. wpa_supplicant give permissions to readonly API (getting list of
> interfaces, BSSs etc) to everyone.
>
> I'm going to go for #1 for now but keeping in mind that its likely not
> to work in post-kdbus world, I thought I should consult you on this.

I'm not using the D-Bus interface that much myself, but if (3) can be
done easily and safely, that sounds like a reasonable approach to me.
Anyway, this should be discussed with the people who use the D-Bus
interface, so the hostap mailing list would be more appropriate
destination for this.

--
Jouni Malinen                                            PGP id EFC895FA

--

-- 
Regards,

Zeeshan Ali (Khattak)
FSF member#5124
Marek Puzyniak | 16 Apr 12:22 2014

[PATCH] ap: Fix checking if DFS is required

Sometimes function hostapd_is_dfs_required returns -1 what indicates
that it was not possible to check if dfs was required. It happens
for channels from 2,4 GHz band where DFS checking should not happen.
This can be fixed by returning DFS not required for mode different than
IEEE80211A and when DFS support is not available (ieee80211h not set).

Signed-off-by: Marek Puzyniak <marek.puzyniak <at> tieto.com>
---
 src/ap/dfs.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/ap/dfs.c b/src/ap/dfs.c
index 3fb1881..abec652 100644
--- a/src/ap/dfs.c
+++ b/src/ap/dfs.c
 <at>  <at>  -916,8 +916,11  <at>  <at>  int hostapd_is_dfs_required(struct hostapd_iface *iface)
 {
 	int n_chans, start_chan_idx;

-	if (!iface->current_mode)
-		return -1;
+	if (!iface->conf->ieee80211h)
+		return 0;
+
+	if (!iface->current_mode || iface->current_mode->mode != HOSTAPD_MODE_IEEE80211A)
+		return 0;

 	/* Get start (first) channel for current configuration */
 	start_chan_idx = dfs_get_start_chan_idx(iface);
--

-- 
1.8.1.2
kiran k | 16 Apr 07:53 2014
Picon

GTK and 802.11R Fast BSS Transition

Hi,
When Fast BSS Transition is enabled on an AP1 and AP2, do we support GTK timeout. The scenario I have is
1 ) Station1 associates to AP1 enabled for Fast BSS Transition (11R). Station1 does initial authentication.Do we support GTK rekey timeout after initial authentication.
2) Station2 initally associates to AP2 using FT and roams to AP1. Now in this case if GTK rekey times out on AP1 do we need to rerun group key state machine and generate new GTK key. Station2 in my case does not seem to honor EAPOL key messages for GTK key refresh from AP1.

Can you let me know how does hostapd work in this case.

Thanks,
Kiran


_______________________________________________
HostAP mailing list
HostAP <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
Drasko DRASKOVIC | 15 Apr 19:15 2014
Picon

wpa_supplicant to hostapd dynamically

Hi all,
Staring wpa_supplicant daemon and hostapd over the same interface at
the same time is not possible.

I have however application that has to use an interface in STA mode
for some time, and then in AP mode, then back to STA, etc... Currently
to have this mode change I am killing wpa_supplicant and starting
hostapd process, and vice versa. But this looks like an ugly solution.

I was wondering is it possible to start wpa_supplicant and then turn
it to be hostapd somehow via D-Bus API?

Best regards,
Drasko
Greg Hackmann | 15 Apr 02:06 2014
Picon

[PATCH] Android: disable unused parameter warnings

Change-Id: I721b4a7de62a569d272fa31dfe6f3bb66192984a
Signed-off-by: Greg Hackmann <ghackmann <at> google.com>
---
 hostapd/Android.mk        | 3 +++
 wpa_supplicant/Android.mk | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/hostapd/Android.mk b/hostapd/Android.mk
index 6db82f8..74c9b27 100644
--- a/hostapd/Android.mk
+++ b/hostapd/Android.mk
 <at>  <at>  -24,6 +24,9  <at>  <at>  L_CFLAGS += -DVERSION_STR_POSTFIX=\"-$(PLATFORM_VERSION)\"
 # Set Android log name
 L_CFLAGS += -DANDROID_LOG_NAME=\"hostapd\"

+# Disable unused parameter warnings
+L_CFLAGS += -Wno-unused-parameter
+
 ifeq ($(BOARD_WLAN_DEVICE), bcmdhd)
 L_CFLAGS += -DANDROID_P2P
 endif
diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
index c8fe1c2..f56267c 100644
--- a/wpa_supplicant/Android.mk
+++ b/wpa_supplicant/Android.mk
 <at>  <at>  -24,6 +24,9  <at>  <at>  L_CFLAGS += -DVERSION_STR_POSTFIX=\"-$(PLATFORM_VERSION)\"
 # Set Android log name
 L_CFLAGS += -DANDROID_LOG_NAME=\"wpa_supplicant\"

+# Disable unused parameter warnings
+L_CFLAGS += -Wno-unused-parameter
+
 # Disable roaming in wpa_supplicant
 ifdef CONFIG_NO_ROAMING
 L_CFLAGS += -DCONFIG_NO_ROAMING
--

-- 
1.9.1.423.g4596e3a
Dmitry Shmidt | 12 Apr 01:05 2014
Picon

[PATCH] Android: Use extended P2P functionality (ANDROID_P2P) for all vendors

Change-Id: I781ce5410bda14bc55719198e14c9ce36fa3b648
Signed-off-by: Dmitry Shmidt <dimitrysh <at> google.com>
---
 hostapd/Android.mk           | 12 +++---------
 src/drivers/driver_nl80211.c | 17 +++++++++++++++++
 wpa_supplicant/Android.mk    | 15 ++++++---------
 3 files changed, 26 insertions(+), 18 deletions(-)

diff --git a/hostapd/Android.mk b/hostapd/Android.mk
index 6db82f8..5125b21 100644
--- a/hostapd/Android.mk
+++ b/hostapd/Android.mk
 <at>  <at>  -24,16 +24,10  <at>  <at>  L_CFLAGS += -DVERSION_STR_POSTFIX=\"-$(PLATFORM_VERSION)\"
 # Set Android log name
 L_CFLAGS += -DANDROID_LOG_NAME=\"hostapd\"

-ifeq ($(BOARD_WLAN_DEVICE), bcmdhd)
-L_CFLAGS += -DANDROID_P2P
-endif
-
-ifeq ($(BOARD_WLAN_DEVICE), qcwcn)
-L_CFLAGS += -DANDROID_P2P
-endif
-
-ifeq ($(BOARD_WLAN_DEVICE), mrvl)
+# Set Android extended P2P functionality
 L_CFLAGS += -DANDROID_P2P
+ifeq ($(BOARD_HOSTAPD_PRIVATE_LIB),)
+L_CFLAGS += -DANDROID_P2P_STUB
 endif

 # Use Android specific directory for control interface sockets
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index e531e22..10c2cd4 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
 <at>  <at>  -369,12 +369,29  <at>  <at>  extern int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf,
 					 size_t buf_len);
 #endif /* ANDROID */
 #ifdef ANDROID_P2P
+#ifdef ANDROID_P2P_STUB
+int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration) {
+	return 0;
+}
+int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len) {
+	return 0;
+}
+int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow) {
+	return -1;
+}
+int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon,
+				 const struct wpabuf *proberesp,
+				 const struct wpabuf *assocresp) {
+	return 0;
+}
+#else
 int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration);
 int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len);
 int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow);
 int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon,
 				 const struct wpabuf *proberesp,
 				 const struct wpabuf *assocresp);
+#endif /* ANDROID_P2P_STUB */
 #endif /* ANDROID_P2P */

 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
index c8fe1c2..0020ae5 100644
--- a/wpa_supplicant/Android.mk
+++ b/wpa_supplicant/Android.mk
 <at>  <at>  -24,24 +24,21  <at>  <at>  L_CFLAGS += -DVERSION_STR_POSTFIX=\"-$(PLATFORM_VERSION)\"
 # Set Android log name
 L_CFLAGS += -DANDROID_LOG_NAME=\"wpa_supplicant\"

+# Set Android extended P2P functionality
+L_CFLAGS += -DANDROID_P2P
+ifeq ($(BOARD_WPA_SUPPLICANT_PRIVATE_LIB),)
+L_CFLAGS += -DANDROID_P2P_STUB
+endif
+
 # Disable roaming in wpa_supplicant
 ifdef CONFIG_NO_ROAMING
 L_CFLAGS += -DCONFIG_NO_ROAMING
 endif

 ifeq ($(BOARD_WLAN_DEVICE), bcmdhd)
-L_CFLAGS += -DANDROID_P2P
 L_CFLAGS += -DP2P_CONCURRENT_SEARCH_DELAY=0
 endif

-ifeq ($(BOARD_WLAN_DEVICE), qcwcn)
-L_CFLAGS += -DANDROID_P2P
-endif
-
-ifeq ($(BOARD_WLAN_DEVICE), mrvl)
-L_CFLAGS += -DANDROID_P2P
-endif
-
 # Use Android specific directory for control interface sockets
 L_CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_DIR=\"/data/misc/wifi/sockets\"
 L_CFLAGS += -DCONFIG_CTRL_IFACE_DIR=\"/data/system/wpa_supplicant\"
--

-- 
1.9.1.423.g4596e3a
Dmitry Shmidt | 12 Apr 01:05 2014
Picon

[PATCH] Android: Use extended P2P functionality (ANDROID_P2P) for all vendors

Change-Id: I781ce5410bda14bc55719198e14c9ce36fa3b648
Signed-off-by: Dmitry Shmidt <dimitrysh <at> google.com>
---
 hostapd/Android.mk           | 12 +++---------
 src/drivers/driver_nl80211.c | 17 +++++++++++++++++
 wpa_supplicant/Android.mk    | 15 ++++++---------
 3 files changed, 26 insertions(+), 18 deletions(-)

diff --git a/hostapd/Android.mk b/hostapd/Android.mk
index 6db82f8..5125b21 100644
--- a/hostapd/Android.mk
+++ b/hostapd/Android.mk
 <at>  <at>  -24,16 +24,10  <at>  <at>  L_CFLAGS += -DVERSION_STR_POSTFIX=\"-$(PLATFORM_VERSION)\"
 # Set Android log name
 L_CFLAGS += -DANDROID_LOG_NAME=\"hostapd\"

-ifeq ($(BOARD_WLAN_DEVICE), bcmdhd)
-L_CFLAGS += -DANDROID_P2P
-endif
-
-ifeq ($(BOARD_WLAN_DEVICE), qcwcn)
-L_CFLAGS += -DANDROID_P2P
-endif
-
-ifeq ($(BOARD_WLAN_DEVICE), mrvl)
+# Set Android extended P2P functionality
 L_CFLAGS += -DANDROID_P2P
+ifeq ($(BOARD_HOSTAPD_PRIVATE_LIB),)
+L_CFLAGS += -DANDROID_P2P_STUB
 endif

 # Use Android specific directory for control interface sockets
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index e531e22..71a25fd 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
 <at>  <at>  -369,12 +369,29  <at>  <at>  extern int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf,
 					 size_t buf_len);
 #endif /* ANDROID */
 #ifdef ANDROID_P2P
+#ifdef ANDROID_P2P_STUB
+int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration) {
+	return -1;
+}
+int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len) {
+	return -1;
+}
+int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow) {
+	return -1;
+}
+int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon,
+				 const struct wpabuf *proberesp,
+				 const struct wpabuf *assocresp) {
+	return -1;
+}
+#else
 int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration);
 int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len);
 int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow);
 int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon,
 				 const struct wpabuf *proberesp,
 				 const struct wpabuf *assocresp);
+#endif /* ANDROID_P2P_STUB */
 #endif /* ANDROID_P2P */

 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
index c8fe1c2..0020ae5 100644
--- a/wpa_supplicant/Android.mk
+++ b/wpa_supplicant/Android.mk
 <at>  <at>  -24,24 +24,21  <at>  <at>  L_CFLAGS += -DVERSION_STR_POSTFIX=\"-$(PLATFORM_VERSION)\"
 # Set Android log name
 L_CFLAGS += -DANDROID_LOG_NAME=\"wpa_supplicant\"

+# Set Android extended P2P functionality
+L_CFLAGS += -DANDROID_P2P
+ifeq ($(BOARD_WPA_SUPPLICANT_PRIVATE_LIB),)
+L_CFLAGS += -DANDROID_P2P_STUB
+endif
+
 # Disable roaming in wpa_supplicant
 ifdef CONFIG_NO_ROAMING
 L_CFLAGS += -DCONFIG_NO_ROAMING
 endif

 ifeq ($(BOARD_WLAN_DEVICE), bcmdhd)
-L_CFLAGS += -DANDROID_P2P
 L_CFLAGS += -DP2P_CONCURRENT_SEARCH_DELAY=0
 endif

-ifeq ($(BOARD_WLAN_DEVICE), qcwcn)
-L_CFLAGS += -DANDROID_P2P
-endif
-
-ifeq ($(BOARD_WLAN_DEVICE), mrvl)
-L_CFLAGS += -DANDROID_P2P
-endif
-
 # Use Android specific directory for control interface sockets
 L_CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_DIR=\"/data/misc/wifi/sockets\"
 L_CFLAGS += -DCONFIG_CTRL_IFACE_DIR=\"/data/system/wpa_supplicant\"
--

-- 
1.9.1.423.g4596e3a
Sreenath S | 10 Apr 14:12 2014
Picon

Doubts regarding HS 2.0R2 OSU SPP server and client

Hi Jouni,

In 'sql-example.txt' file, 'aaa_trust_root_cert_url' is set as
'https://<URL>/hs20/files/aaa-root-ca.pem'. During online-signup OSU client
will download and store the same certificate as base64 encoded. However if the
file is PEM encoded, then base64 encoding will corrupt the file. So the file
should be DER encoded. It is better to rename the file as 'aaa-root-ca.der'
to avoid the confusion. Please correct if I am missing the point.

After online signup how to make the downloaded credentials persistent?
Because in the reference OSU client during 'signup' command, credentials are
configured to supplicant using SET command and then INTERWORKING_SELECT command
is used to initiate connection. The subsequent connections to same production
AP doesn't need online-signup, as credentials are already available. The
question is where to keep the credentials persistent, in wpa_supplicant.conf
file or in downloaded MO file - pps.xml. If the credentials are kept in MO
file, then on what basis framework can pick the right MO and configure the
credentials to supplicant using "set_pps" command. Also after "set_pps" command
INTERWORKING_SELECT command should be issued explicitly to initiate the
connection. Any pointers/suggestion to handle this issue is highly appreciated.

Does OSU SPP server has any option to test user remediation, because it looks
like only machine remediation is supported?

Regards,
Sreenath
Sreenath S | 10 Apr 12:46 2014
Picon

[PATCH] HS 2.0R2: Add password to DB from OSU SPP server in case of machine managed subscription

Add password and machine_managed flag to database in case of machine
managed subscription to fix EAP-TTLS connection failure to production AP.
In case of user managed subscription, the entered password is added to DB
from the PHP script. However in machine managed subscription, machine
generated password is added only in SOAP messages and PPS MO. So
connection to production will fail as the generated password is not
present in the database used by AAA server.

Signed-off-by: Sreenath Sharma <sreenath.mailing.lists <at> gmail.com>
---
 hs20/server/spp_server.c |   25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/hs20/server/spp_server.c b/hs20/server/spp_server.c
index 4d77d0e..5f11fd7 100644
--- a/hs20/server/spp_server.c
+++ b/hs20/server/spp_server.c
 <at>  <at>  -103,6 +103,26  <at>  <at>  static void db_update_session_password(struct
hs20_svc *ctx, const char *user,
 }

+static void db_update_session_machine_managed(struct hs20_svc *ctx,
+       const char *user, const char *realm,
+       const char *sessionid, const int pw_mm)
+{
+ char *sql;
+
+ sql = sqlite3_mprintf("UPDATE sessions SET machine_managed=%Q WHERE "
+      "id=%Q AND user=%Q AND realm=%Q",
+      pw_mm ? "1" : "0", sessionid, user, realm);
+ if (sql == NULL)
+ return;
+ debug_print(ctx, 1, "DB: %s", sql);
+ if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) {
+ debug_print(ctx, 1, "Failed to update session machine_managed: %s",
+    sqlite3_errmsg(ctx->db));
+ }
+ sqlite3_free(sql);
+}
+
+
 static void db_add_session_pps(struct hs20_svc *ctx, const char *user,
        const char *realm, const char *sessionid,
        xml_node_t *node)
 <at>  <at>  -1378,6 +1398,11  <at>  <at>  static xml_node_t *
hs20_user_input_registration(struct hs20_svc *ctx,

  debug_print(ctx, 1, "Request DB subscription registration on success "
     "notification");
+ if (machine_managed) {
+ db_update_session_password(ctx, user, realm, session_id, pw);
+ db_update_session_machine_managed(ctx, user, realm, session_id,
+   machine_managed);
+ }
  db_add_session_pps(ctx, user, realm, session_id, pps);

  hs20_eventlog_node(ctx, user, realm, session_id,
--
1.7.9.5
Dmitry Shmidt | 10 Apr 00:48 2014
Picon

[PATCH] Fix scanning state when sched_scan is stopped explicitly

Change-Id: I6deca387f7c64e4125e85ecfd585e1cff6931ab1
Signed-off-by: Dmitry Shmidt <dimitrysh <at> google.com>
---
 wpa_supplicant/scan.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c
index 1d4e6e5..af34887 100644
--- a/wpa_supplicant/scan.c
+++ b/wpa_supplicant/scan.c
 <at>  <at>  -261,6 +261,9  <at>  <at>  int wpa_supplicant_stop_sched_scan(struct wpa_supplicant *wpa_s)
 		wpa_dbg(wpa_s, MSG_DEBUG, "stopping sched_scan failed!");
 		/* TODO: what to do if stopping fails? */
 		return -1;
+	} else {
+		wpa_s->sched_scanning = 0;
+		wpa_supplicant_notify_scanning(wpa_s, 0);
 	}

 	return ret;
--

-- 
1.9.1.423.g4596e3a

Gmane