2010-08-04 14:17:50 +04:00
|
|
|
/*
|
|
|
|
|
* wpa_supplicant - Temporary BSSID blacklist
|
|
|
|
|
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
|
|
|
|
|
*
|
import v2_0:
2013-01-12 - v2.0
* removed Qt3-based wpa_gui (obsoleted by wpa_qui-qt4)
* removed unmaintained driver wrappers broadcom, iphone, osx, ralink,
hostap, madwifi (hostap and madwifi remain available for hostapd;
their wpa_supplicant functionality is obsoleted by wext)
* improved debug logging (human readable event names, interface name
included in more entries)
* changed AP mode behavior to enable WPS only for open and
WPA/WPA2-Personal configuration
* improved P2P concurrency operations
- better coordination of concurrent scan and P2P search operations
- avoid concurrent remain-on-channel operation requests by canceling
previous operations prior to starting a new one
- reject operations that would require multi-channel concurrency if
the driver does not support it
- add parameter to select whether STA or P2P connection is preferred
if the driver cannot support both at the same time
- allow driver to indicate channel changes
- added optional delay=<search delay in milliseconds> parameter for
p2p_find to avoid taking all radio resources
- use 500 ms p2p_find search delay by default during concurrent
operations
- allow all channels in GO Negotiation if the driver supports
multi-channel concurrency
* added number of small changes to make it easier for static analyzers
to understand the implementation
* fixed number of small bugs (see git logs for more details)
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands for AP mode
- additional information for driver-based AP SME
- STA entry authorization in RSN IBSS
* EAP-pwd:
- fixed KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using wpa_supplicant AP mode SME/MLME)
* added "GET country" ctrl_iface command
* do not save an invalid network block in wpa_supplicant.conf to avoid
problems reading the file on next start
* send STA connected/disconnected ctrl_iface events to both the P2P
group and parent interfaces
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* added "SET pno <1/0>" ctrl_iface command to start/stop preferred
network offload with sched_scan driver command
* merged in number of changes from Android repository for P2P, nl80211,
and build parameters
* changed P2P GO mode configuration to use driver capabilities to
automatically enable HT operations when supported
* added "wpa_cli status wps" command to fetch WPA2-Personal passhrase
for WPS use cases in AP mode
* EAP-AKA: keep pseudonym identity across EAP exchanges to match EAP-SIM
behavior
* improved reassociation behavior in cases where association is rejected
or when an AP disconnects us to handle common load balancing
mechanisms
- try to avoid extra scans when the needed information is available
* added optional "join" argument for p2p_prov_disc ctrl_iface command
* added group ifname to P2P-PROV-DISC-* events
* added P2P Device Address to AP-STA-DISCONNECTED event and use
p2p_dev_addr parameter name with AP-STA-CONNECTED
* added workarounds for WPS PBC overlap detection for some P2P use cases
where deployed stations work incorrectly
* optimize WPS connection speed by disconnecting prior to WPS scan and
by using single channel scans when AP channel is known
* PCSC and SIM/USIM improvements:
- accept 0x67 (Wrong length) as a response to READ RECORD to fix
issues with some USIM cards
- try to read MNC length from SIM/USIM
- build realm according to 3GPP TS 23.003 with identity from the SIM
- allow T1 protocol to be enabled
* added more WPS and P2P information available through D-Bus
* improve P2P negotiation robustness
- extra waits to get ACK frames through
- longer timeouts for cases where deployed devices have been
identified have issues meeting the specification requirements
- more retries for some P2P frames
- handle race conditions in GO Negotiation start by both devices
- ignore unexpected GO Negotiation Response frame
* added support for libnl 3.2 and newer
* added P2P persistent group info to P2P_PEER data
* maintain a list of P2P Clients for persistent group on GO
* AP: increased initial group key handshake retransmit timeout to 500 ms
* added optional dev_id parameter for p2p_find
* added P2P-FIND-STOPPED ctrl_iface event
* fixed issues in WPA/RSN element validation when roaming with ap_scan=1
and driver-based BSS selection
* do not expire P2P peer entries while connected with the peer in a
group
* fixed WSC element inclusion in cases where P2P is disabled
* AP: added a WPS workaround for mixed mode AP Settings with Windows 7
* EAP-SIM: fixed AT_COUNTER_TOO_SMALL use
* EAP-SIM/AKA: append realm to pseudonym identity
* EAP-SIM/AKA: store pseudonym identity in network configuration to
allow it to persist over multiple EAP sessions and wpa_supplicant
restarts
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* added support for WFA Hotspot 2.0
- GAS/ANQP to fetch network information
- credential configuration and automatic network selections based on
credential match with ANQP information
* limited PMKSA cache entries to be used only with the network context
that was used to create them
* improved PMKSA cache expiration to avoid unnecessary disconnections
* adjusted bgscan_simple fast-scan backoff to avoid too frequent
background scans
* removed ctrl_iface event on P2P PD Response in join-group case
* added option to fetch BSS table entry based on P2P Device Address
("BSS p2p_dev_addr=<P2P Device Address>")
* added BSS entry age to ctrl_iface BSS command output
* added optional MASK=0xH option for ctrl_iface BSS command to select
which fields are included in the response
* added optional RANGE=ALL|N1-N2 option for ctrl_iface BSS command to
fetch information about several BSSes in one call
* simplified licensing terms by selecting the BSD license as the only
alternative
* added "P2P_SET disallow_freq <freq list>" ctrl_iface command to
disable channels from P2P use
* added p2p_pref_chan configuration parameter to allow preferred P2P
channels to be specified
* added support for advertising immediate availability of a WPS
credential for P2P use cases
* optimized scan operations for P2P use cases (use single channel scan
for a specific SSID when possible)
* EAP-TTLS: fixed peer challenge generation for MSCHAPv2
* SME: do not use reassociation after explicit disconnection request
(local or a notification from an AP)
* added support for sending debug info to Linux tracing (-T on command
line)
* added support for using Deauthentication reason code 3 as an
indication of P2P group termination
* added wps_vendor_ext_m1 configuration parameter to allow vendor
specific attributes to be added to WPS M1
* started using separate TLS library context for tunneled TLS
(EAP-PEAP/TLS, EAP-TTLS/TLS, EAP-FAST/TLS) to support different CA
certificate configuration between Phase 1 and Phase 2
* added optional "auto" parameter for p2p_connect to request automatic
GO Negotiation vs. join-a-group selection
* added disabled_scan_offload parameter to disable automatic scan
offloading (sched_scan)
* added optional persistent=<network id> parameter for p2p_connect to
allow forcing of a specific SSID/passphrase for GO Negotiation
* added support for OBSS scan requests and 20/40 BSS coexistence reports
* reject PD Request for unknown group
* removed scripts and notes related to Windows binary releases (which
have not been used starting from 1.x)
* added initial support for WNM operations
- Keep-alive based on BSS max idle period
- WNM-Sleep Mode
- minimal BSS Transition Management processing
* added autoscan module to control scanning behavior while not connected
- autoscan_periodic and autoscan_exponential modules
* added new WPS NFC ctrl_iface mechanism
- added initial support NFC connection handover
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added optional framework for external password storage ("ext:<name>")
* wpa_cli: added optional support for controlling wpa_supplicant
remotely over UDP (CONFIG_CTRL_IFACE=udp-remote) for testing purposes
* wpa_cli: extended tab completion to more commands
* changed SSID output to use printf-escaped strings instead of masking
of non-ASCII characters
- SSID can now be configured in the same format: ssid=P"abc\x00test"
* removed default ACM=1 from AC_VO and AC_VI
* added optional "ht40" argument for P2P ctrl_iface commands to allow
40 MHz channels to be requested on the 5 GHz band
* added optional parameters for p2p_invite command to specify channel
when reinvoking a persistent group as the GO
* improved FIPS mode builds with OpenSSL
- "make fips" with CONFIG_FIPS=y to build wpa_supplicant with the
OpenSSL FIPS object module
- replace low level OpenSSL AES API calls to use EVP
- use OpenSSL keying material exporter when possible
- do not export TLS keys in FIPS mode
- remove MD5 from CONFIG_FIPS=y builds
- use OpenSSL function for PKBDF2 passphrase-to-PSK
- use OpenSSL HMAC implementation
- mix RAND_bytes() output into random_get_bytes() to force OpenSSL
DRBG to be used in FIPS mode
- use OpenSSL CMAC implementation
* added mechanism to disable TLS Session Ticket extension
- a workaround for servers that do not support TLS extensions that
was enabled by default in recent OpenSSL versions
- tls_disable_session_ticket=1
- automatically disable TLS Session Ticket extension by default when
using EAP-TLS/PEAP/TTLS (i.e., only use it with EAP-FAST)
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* disable network block temporarily on authentication failures
* improved WPS AP selection during WPS PIN iteration
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for Wi-Fi Display extensions
- WFD_SUBELEMENT_SET ctrl_iface command to configure WFD subelements
- SET wifi_display <0/1> to disable/enable WFD support
- WFD service discovery
- an external program is needed to manage the audio/video streaming
and codecs
* optimized scan result use for network selection
- use the internal BSS table instead of raw scan results
- allow unnecessary scans to be skipped if fresh information is
available (e.g., after GAS/ANQP round for Interworking)
* added support for 256-bit AES with internal TLS implementation
* allow peer to propose channel in P2P invitation process for a
persistent group
* added disallow_aps parameter to allow BSSIDs/SSIDs to be disallowed
from network selection
* re-enable the networks disabled during WPS operations
* allow P2P functionality to be disabled per interface (p2p_disabled=1)
* added secondary device types into P2P_PEER output
* added an option to disable use of a separate P2P group interface
(p2p_no_group_iface=1)
* fixed P2P Bonjour SD to match entries with both compressed and not
compressed domain name format and support multiple Bonjour PTR matches
for the same key
* use deauthentication instead of disassociation for all disconnection
operations; this removes the now unused disassociate() wpa_driver_ops
callback
* optimized PSK generation on P2P GO by caching results to avoid
multiple PBKDF2 operations
* added okc=1 global configuration parameter to allow OKC to be enabled
by default for all network blocks
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added basic support for 60 GHz band
* extend EAPOL frames processing workaround for roaming cases
(postpone processing of unexpected EAPOL frame until association
event to handle reordered events)
2014-01-03 06:04:55 +04:00
|
|
|
* This software may be distributed under the terms of the BSD license.
|
|
|
|
|
* See README for more details.
|
2010-08-04 14:17:50 +04:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include "includes.h"
|
|
|
|
|
|
|
|
|
|
#include "common.h"
|
|
|
|
|
#include "wpa_supplicant_i.h"
|
|
|
|
|
#include "blacklist.h"
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* wpa_blacklist_get - Get the blacklist entry for a BSSID
|
|
|
|
|
* @wpa_s: Pointer to wpa_supplicant data
|
|
|
|
|
* @bssid: BSSID
|
|
|
|
|
* Returns: Matching blacklist entry for the BSSID or %NULL if not found
|
|
|
|
|
*/
|
|
|
|
|
struct wpa_blacklist * wpa_blacklist_get(struct wpa_supplicant *wpa_s,
|
|
|
|
|
const u8 *bssid)
|
|
|
|
|
{
|
|
|
|
|
struct wpa_blacklist *e;
|
|
|
|
|
|
import v2_0:
2013-01-12 - v2.0
* removed Qt3-based wpa_gui (obsoleted by wpa_qui-qt4)
* removed unmaintained driver wrappers broadcom, iphone, osx, ralink,
hostap, madwifi (hostap and madwifi remain available for hostapd;
their wpa_supplicant functionality is obsoleted by wext)
* improved debug logging (human readable event names, interface name
included in more entries)
* changed AP mode behavior to enable WPS only for open and
WPA/WPA2-Personal configuration
* improved P2P concurrency operations
- better coordination of concurrent scan and P2P search operations
- avoid concurrent remain-on-channel operation requests by canceling
previous operations prior to starting a new one
- reject operations that would require multi-channel concurrency if
the driver does not support it
- add parameter to select whether STA or P2P connection is preferred
if the driver cannot support both at the same time
- allow driver to indicate channel changes
- added optional delay=<search delay in milliseconds> parameter for
p2p_find to avoid taking all radio resources
- use 500 ms p2p_find search delay by default during concurrent
operations
- allow all channels in GO Negotiation if the driver supports
multi-channel concurrency
* added number of small changes to make it easier for static analyzers
to understand the implementation
* fixed number of small bugs (see git logs for more details)
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands for AP mode
- additional information for driver-based AP SME
- STA entry authorization in RSN IBSS
* EAP-pwd:
- fixed KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using wpa_supplicant AP mode SME/MLME)
* added "GET country" ctrl_iface command
* do not save an invalid network block in wpa_supplicant.conf to avoid
problems reading the file on next start
* send STA connected/disconnected ctrl_iface events to both the P2P
group and parent interfaces
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* added "SET pno <1/0>" ctrl_iface command to start/stop preferred
network offload with sched_scan driver command
* merged in number of changes from Android repository for P2P, nl80211,
and build parameters
* changed P2P GO mode configuration to use driver capabilities to
automatically enable HT operations when supported
* added "wpa_cli status wps" command to fetch WPA2-Personal passhrase
for WPS use cases in AP mode
* EAP-AKA: keep pseudonym identity across EAP exchanges to match EAP-SIM
behavior
* improved reassociation behavior in cases where association is rejected
or when an AP disconnects us to handle common load balancing
mechanisms
- try to avoid extra scans when the needed information is available
* added optional "join" argument for p2p_prov_disc ctrl_iface command
* added group ifname to P2P-PROV-DISC-* events
* added P2P Device Address to AP-STA-DISCONNECTED event and use
p2p_dev_addr parameter name with AP-STA-CONNECTED
* added workarounds for WPS PBC overlap detection for some P2P use cases
where deployed stations work incorrectly
* optimize WPS connection speed by disconnecting prior to WPS scan and
by using single channel scans when AP channel is known
* PCSC and SIM/USIM improvements:
- accept 0x67 (Wrong length) as a response to READ RECORD to fix
issues with some USIM cards
- try to read MNC length from SIM/USIM
- build realm according to 3GPP TS 23.003 with identity from the SIM
- allow T1 protocol to be enabled
* added more WPS and P2P information available through D-Bus
* improve P2P negotiation robustness
- extra waits to get ACK frames through
- longer timeouts for cases where deployed devices have been
identified have issues meeting the specification requirements
- more retries for some P2P frames
- handle race conditions in GO Negotiation start by both devices
- ignore unexpected GO Negotiation Response frame
* added support for libnl 3.2 and newer
* added P2P persistent group info to P2P_PEER data
* maintain a list of P2P Clients for persistent group on GO
* AP: increased initial group key handshake retransmit timeout to 500 ms
* added optional dev_id parameter for p2p_find
* added P2P-FIND-STOPPED ctrl_iface event
* fixed issues in WPA/RSN element validation when roaming with ap_scan=1
and driver-based BSS selection
* do not expire P2P peer entries while connected with the peer in a
group
* fixed WSC element inclusion in cases where P2P is disabled
* AP: added a WPS workaround for mixed mode AP Settings with Windows 7
* EAP-SIM: fixed AT_COUNTER_TOO_SMALL use
* EAP-SIM/AKA: append realm to pseudonym identity
* EAP-SIM/AKA: store pseudonym identity in network configuration to
allow it to persist over multiple EAP sessions and wpa_supplicant
restarts
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* added support for WFA Hotspot 2.0
- GAS/ANQP to fetch network information
- credential configuration and automatic network selections based on
credential match with ANQP information
* limited PMKSA cache entries to be used only with the network context
that was used to create them
* improved PMKSA cache expiration to avoid unnecessary disconnections
* adjusted bgscan_simple fast-scan backoff to avoid too frequent
background scans
* removed ctrl_iface event on P2P PD Response in join-group case
* added option to fetch BSS table entry based on P2P Device Address
("BSS p2p_dev_addr=<P2P Device Address>")
* added BSS entry age to ctrl_iface BSS command output
* added optional MASK=0xH option for ctrl_iface BSS command to select
which fields are included in the response
* added optional RANGE=ALL|N1-N2 option for ctrl_iface BSS command to
fetch information about several BSSes in one call
* simplified licensing terms by selecting the BSD license as the only
alternative
* added "P2P_SET disallow_freq <freq list>" ctrl_iface command to
disable channels from P2P use
* added p2p_pref_chan configuration parameter to allow preferred P2P
channels to be specified
* added support for advertising immediate availability of a WPS
credential for P2P use cases
* optimized scan operations for P2P use cases (use single channel scan
for a specific SSID when possible)
* EAP-TTLS: fixed peer challenge generation for MSCHAPv2
* SME: do not use reassociation after explicit disconnection request
(local or a notification from an AP)
* added support for sending debug info to Linux tracing (-T on command
line)
* added support for using Deauthentication reason code 3 as an
indication of P2P group termination
* added wps_vendor_ext_m1 configuration parameter to allow vendor
specific attributes to be added to WPS M1
* started using separate TLS library context for tunneled TLS
(EAP-PEAP/TLS, EAP-TTLS/TLS, EAP-FAST/TLS) to support different CA
certificate configuration between Phase 1 and Phase 2
* added optional "auto" parameter for p2p_connect to request automatic
GO Negotiation vs. join-a-group selection
* added disabled_scan_offload parameter to disable automatic scan
offloading (sched_scan)
* added optional persistent=<network id> parameter for p2p_connect to
allow forcing of a specific SSID/passphrase for GO Negotiation
* added support for OBSS scan requests and 20/40 BSS coexistence reports
* reject PD Request for unknown group
* removed scripts and notes related to Windows binary releases (which
have not been used starting from 1.x)
* added initial support for WNM operations
- Keep-alive based on BSS max idle period
- WNM-Sleep Mode
- minimal BSS Transition Management processing
* added autoscan module to control scanning behavior while not connected
- autoscan_periodic and autoscan_exponential modules
* added new WPS NFC ctrl_iface mechanism
- added initial support NFC connection handover
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added optional framework for external password storage ("ext:<name>")
* wpa_cli: added optional support for controlling wpa_supplicant
remotely over UDP (CONFIG_CTRL_IFACE=udp-remote) for testing purposes
* wpa_cli: extended tab completion to more commands
* changed SSID output to use printf-escaped strings instead of masking
of non-ASCII characters
- SSID can now be configured in the same format: ssid=P"abc\x00test"
* removed default ACM=1 from AC_VO and AC_VI
* added optional "ht40" argument for P2P ctrl_iface commands to allow
40 MHz channels to be requested on the 5 GHz band
* added optional parameters for p2p_invite command to specify channel
when reinvoking a persistent group as the GO
* improved FIPS mode builds with OpenSSL
- "make fips" with CONFIG_FIPS=y to build wpa_supplicant with the
OpenSSL FIPS object module
- replace low level OpenSSL AES API calls to use EVP
- use OpenSSL keying material exporter when possible
- do not export TLS keys in FIPS mode
- remove MD5 from CONFIG_FIPS=y builds
- use OpenSSL function for PKBDF2 passphrase-to-PSK
- use OpenSSL HMAC implementation
- mix RAND_bytes() output into random_get_bytes() to force OpenSSL
DRBG to be used in FIPS mode
- use OpenSSL CMAC implementation
* added mechanism to disable TLS Session Ticket extension
- a workaround for servers that do not support TLS extensions that
was enabled by default in recent OpenSSL versions
- tls_disable_session_ticket=1
- automatically disable TLS Session Ticket extension by default when
using EAP-TLS/PEAP/TTLS (i.e., only use it with EAP-FAST)
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* disable network block temporarily on authentication failures
* improved WPS AP selection during WPS PIN iteration
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for Wi-Fi Display extensions
- WFD_SUBELEMENT_SET ctrl_iface command to configure WFD subelements
- SET wifi_display <0/1> to disable/enable WFD support
- WFD service discovery
- an external program is needed to manage the audio/video streaming
and codecs
* optimized scan result use for network selection
- use the internal BSS table instead of raw scan results
- allow unnecessary scans to be skipped if fresh information is
available (e.g., after GAS/ANQP round for Interworking)
* added support for 256-bit AES with internal TLS implementation
* allow peer to propose channel in P2P invitation process for a
persistent group
* added disallow_aps parameter to allow BSSIDs/SSIDs to be disallowed
from network selection
* re-enable the networks disabled during WPS operations
* allow P2P functionality to be disabled per interface (p2p_disabled=1)
* added secondary device types into P2P_PEER output
* added an option to disable use of a separate P2P group interface
(p2p_no_group_iface=1)
* fixed P2P Bonjour SD to match entries with both compressed and not
compressed domain name format and support multiple Bonjour PTR matches
for the same key
* use deauthentication instead of disassociation for all disconnection
operations; this removes the now unused disassociate() wpa_driver_ops
callback
* optimized PSK generation on P2P GO by caching results to avoid
multiple PBKDF2 operations
* added okc=1 global configuration parameter to allow OKC to be enabled
by default for all network blocks
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added basic support for 60 GHz band
* extend EAPOL frames processing workaround for roaming cases
(postpone processing of unexpected EAPOL frame until association
event to handle reordered events)
2014-01-03 06:04:55 +04:00
|
|
|
if (wpa_s == NULL || bssid == NULL)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
2010-08-04 14:17:50 +04:00
|
|
|
e = wpa_s->blacklist;
|
|
|
|
|
while (e) {
|
|
|
|
|
if (os_memcmp(e->bssid, bssid, ETH_ALEN) == 0)
|
|
|
|
|
return e;
|
|
|
|
|
e = e->next;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* wpa_blacklist_add - Add an BSSID to the blacklist
|
|
|
|
|
* @wpa_s: Pointer to wpa_supplicant data
|
|
|
|
|
* @bssid: BSSID to be added to the blacklist
|
2012-10-08 03:46:57 +04:00
|
|
|
* Returns: Current blacklist count on success, -1 on failure
|
2010-08-04 14:17:50 +04:00
|
|
|
*
|
|
|
|
|
* This function adds the specified BSSID to the blacklist or increases the
|
|
|
|
|
* blacklist count if the BSSID was already listed. It should be called when
|
|
|
|
|
* an association attempt fails either due to the selected BSS rejecting
|
|
|
|
|
* association or due to timeout.
|
|
|
|
|
*
|
|
|
|
|
* This blacklist is used to force %wpa_supplicant to go through all available
|
|
|
|
|
* BSSes before retrying to associate with an BSS that rejected or timed out
|
|
|
|
|
* association. It does not prevent the listed BSS from being used; it only
|
|
|
|
|
* changes the order in which they are tried.
|
|
|
|
|
*/
|
|
|
|
|
int wpa_blacklist_add(struct wpa_supplicant *wpa_s, const u8 *bssid)
|
|
|
|
|
{
|
|
|
|
|
struct wpa_blacklist *e;
|
|
|
|
|
|
import v2_0:
2013-01-12 - v2.0
* removed Qt3-based wpa_gui (obsoleted by wpa_qui-qt4)
* removed unmaintained driver wrappers broadcom, iphone, osx, ralink,
hostap, madwifi (hostap and madwifi remain available for hostapd;
their wpa_supplicant functionality is obsoleted by wext)
* improved debug logging (human readable event names, interface name
included in more entries)
* changed AP mode behavior to enable WPS only for open and
WPA/WPA2-Personal configuration
* improved P2P concurrency operations
- better coordination of concurrent scan and P2P search operations
- avoid concurrent remain-on-channel operation requests by canceling
previous operations prior to starting a new one
- reject operations that would require multi-channel concurrency if
the driver does not support it
- add parameter to select whether STA or P2P connection is preferred
if the driver cannot support both at the same time
- allow driver to indicate channel changes
- added optional delay=<search delay in milliseconds> parameter for
p2p_find to avoid taking all radio resources
- use 500 ms p2p_find search delay by default during concurrent
operations
- allow all channels in GO Negotiation if the driver supports
multi-channel concurrency
* added number of small changes to make it easier for static analyzers
to understand the implementation
* fixed number of small bugs (see git logs for more details)
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands for AP mode
- additional information for driver-based AP SME
- STA entry authorization in RSN IBSS
* EAP-pwd:
- fixed KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using wpa_supplicant AP mode SME/MLME)
* added "GET country" ctrl_iface command
* do not save an invalid network block in wpa_supplicant.conf to avoid
problems reading the file on next start
* send STA connected/disconnected ctrl_iface events to both the P2P
group and parent interfaces
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* added "SET pno <1/0>" ctrl_iface command to start/stop preferred
network offload with sched_scan driver command
* merged in number of changes from Android repository for P2P, nl80211,
and build parameters
* changed P2P GO mode configuration to use driver capabilities to
automatically enable HT operations when supported
* added "wpa_cli status wps" command to fetch WPA2-Personal passhrase
for WPS use cases in AP mode
* EAP-AKA: keep pseudonym identity across EAP exchanges to match EAP-SIM
behavior
* improved reassociation behavior in cases where association is rejected
or when an AP disconnects us to handle common load balancing
mechanisms
- try to avoid extra scans when the needed information is available
* added optional "join" argument for p2p_prov_disc ctrl_iface command
* added group ifname to P2P-PROV-DISC-* events
* added P2P Device Address to AP-STA-DISCONNECTED event and use
p2p_dev_addr parameter name with AP-STA-CONNECTED
* added workarounds for WPS PBC overlap detection for some P2P use cases
where deployed stations work incorrectly
* optimize WPS connection speed by disconnecting prior to WPS scan and
by using single channel scans when AP channel is known
* PCSC and SIM/USIM improvements:
- accept 0x67 (Wrong length) as a response to READ RECORD to fix
issues with some USIM cards
- try to read MNC length from SIM/USIM
- build realm according to 3GPP TS 23.003 with identity from the SIM
- allow T1 protocol to be enabled
* added more WPS and P2P information available through D-Bus
* improve P2P negotiation robustness
- extra waits to get ACK frames through
- longer timeouts for cases where deployed devices have been
identified have issues meeting the specification requirements
- more retries for some P2P frames
- handle race conditions in GO Negotiation start by both devices
- ignore unexpected GO Negotiation Response frame
* added support for libnl 3.2 and newer
* added P2P persistent group info to P2P_PEER data
* maintain a list of P2P Clients for persistent group on GO
* AP: increased initial group key handshake retransmit timeout to 500 ms
* added optional dev_id parameter for p2p_find
* added P2P-FIND-STOPPED ctrl_iface event
* fixed issues in WPA/RSN element validation when roaming with ap_scan=1
and driver-based BSS selection
* do not expire P2P peer entries while connected with the peer in a
group
* fixed WSC element inclusion in cases where P2P is disabled
* AP: added a WPS workaround for mixed mode AP Settings with Windows 7
* EAP-SIM: fixed AT_COUNTER_TOO_SMALL use
* EAP-SIM/AKA: append realm to pseudonym identity
* EAP-SIM/AKA: store pseudonym identity in network configuration to
allow it to persist over multiple EAP sessions and wpa_supplicant
restarts
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* added support for WFA Hotspot 2.0
- GAS/ANQP to fetch network information
- credential configuration and automatic network selections based on
credential match with ANQP information
* limited PMKSA cache entries to be used only with the network context
that was used to create them
* improved PMKSA cache expiration to avoid unnecessary disconnections
* adjusted bgscan_simple fast-scan backoff to avoid too frequent
background scans
* removed ctrl_iface event on P2P PD Response in join-group case
* added option to fetch BSS table entry based on P2P Device Address
("BSS p2p_dev_addr=<P2P Device Address>")
* added BSS entry age to ctrl_iface BSS command output
* added optional MASK=0xH option for ctrl_iface BSS command to select
which fields are included in the response
* added optional RANGE=ALL|N1-N2 option for ctrl_iface BSS command to
fetch information about several BSSes in one call
* simplified licensing terms by selecting the BSD license as the only
alternative
* added "P2P_SET disallow_freq <freq list>" ctrl_iface command to
disable channels from P2P use
* added p2p_pref_chan configuration parameter to allow preferred P2P
channels to be specified
* added support for advertising immediate availability of a WPS
credential for P2P use cases
* optimized scan operations for P2P use cases (use single channel scan
for a specific SSID when possible)
* EAP-TTLS: fixed peer challenge generation for MSCHAPv2
* SME: do not use reassociation after explicit disconnection request
(local or a notification from an AP)
* added support for sending debug info to Linux tracing (-T on command
line)
* added support for using Deauthentication reason code 3 as an
indication of P2P group termination
* added wps_vendor_ext_m1 configuration parameter to allow vendor
specific attributes to be added to WPS M1
* started using separate TLS library context for tunneled TLS
(EAP-PEAP/TLS, EAP-TTLS/TLS, EAP-FAST/TLS) to support different CA
certificate configuration between Phase 1 and Phase 2
* added optional "auto" parameter for p2p_connect to request automatic
GO Negotiation vs. join-a-group selection
* added disabled_scan_offload parameter to disable automatic scan
offloading (sched_scan)
* added optional persistent=<network id> parameter for p2p_connect to
allow forcing of a specific SSID/passphrase for GO Negotiation
* added support for OBSS scan requests and 20/40 BSS coexistence reports
* reject PD Request for unknown group
* removed scripts and notes related to Windows binary releases (which
have not been used starting from 1.x)
* added initial support for WNM operations
- Keep-alive based on BSS max idle period
- WNM-Sleep Mode
- minimal BSS Transition Management processing
* added autoscan module to control scanning behavior while not connected
- autoscan_periodic and autoscan_exponential modules
* added new WPS NFC ctrl_iface mechanism
- added initial support NFC connection handover
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added optional framework for external password storage ("ext:<name>")
* wpa_cli: added optional support for controlling wpa_supplicant
remotely over UDP (CONFIG_CTRL_IFACE=udp-remote) for testing purposes
* wpa_cli: extended tab completion to more commands
* changed SSID output to use printf-escaped strings instead of masking
of non-ASCII characters
- SSID can now be configured in the same format: ssid=P"abc\x00test"
* removed default ACM=1 from AC_VO and AC_VI
* added optional "ht40" argument for P2P ctrl_iface commands to allow
40 MHz channels to be requested on the 5 GHz band
* added optional parameters for p2p_invite command to specify channel
when reinvoking a persistent group as the GO
* improved FIPS mode builds with OpenSSL
- "make fips" with CONFIG_FIPS=y to build wpa_supplicant with the
OpenSSL FIPS object module
- replace low level OpenSSL AES API calls to use EVP
- use OpenSSL keying material exporter when possible
- do not export TLS keys in FIPS mode
- remove MD5 from CONFIG_FIPS=y builds
- use OpenSSL function for PKBDF2 passphrase-to-PSK
- use OpenSSL HMAC implementation
- mix RAND_bytes() output into random_get_bytes() to force OpenSSL
DRBG to be used in FIPS mode
- use OpenSSL CMAC implementation
* added mechanism to disable TLS Session Ticket extension
- a workaround for servers that do not support TLS extensions that
was enabled by default in recent OpenSSL versions
- tls_disable_session_ticket=1
- automatically disable TLS Session Ticket extension by default when
using EAP-TLS/PEAP/TTLS (i.e., only use it with EAP-FAST)
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* disable network block temporarily on authentication failures
* improved WPS AP selection during WPS PIN iteration
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for Wi-Fi Display extensions
- WFD_SUBELEMENT_SET ctrl_iface command to configure WFD subelements
- SET wifi_display <0/1> to disable/enable WFD support
- WFD service discovery
- an external program is needed to manage the audio/video streaming
and codecs
* optimized scan result use for network selection
- use the internal BSS table instead of raw scan results
- allow unnecessary scans to be skipped if fresh information is
available (e.g., after GAS/ANQP round for Interworking)
* added support for 256-bit AES with internal TLS implementation
* allow peer to propose channel in P2P invitation process for a
persistent group
* added disallow_aps parameter to allow BSSIDs/SSIDs to be disallowed
from network selection
* re-enable the networks disabled during WPS operations
* allow P2P functionality to be disabled per interface (p2p_disabled=1)
* added secondary device types into P2P_PEER output
* added an option to disable use of a separate P2P group interface
(p2p_no_group_iface=1)
* fixed P2P Bonjour SD to match entries with both compressed and not
compressed domain name format and support multiple Bonjour PTR matches
for the same key
* use deauthentication instead of disassociation for all disconnection
operations; this removes the now unused disassociate() wpa_driver_ops
callback
* optimized PSK generation on P2P GO by caching results to avoid
multiple PBKDF2 operations
* added okc=1 global configuration parameter to allow OKC to be enabled
by default for all network blocks
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added basic support for 60 GHz band
* extend EAPOL frames processing workaround for roaming cases
(postpone processing of unexpected EAPOL frame until association
event to handle reordered events)
2014-01-03 06:04:55 +04:00
|
|
|
if (wpa_s == NULL || bssid == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
|
2010-08-04 14:17:50 +04:00
|
|
|
e = wpa_blacklist_get(wpa_s, bssid);
|
|
|
|
|
if (e) {
|
|
|
|
|
e->count++;
|
|
|
|
|
wpa_printf(MSG_DEBUG, "BSSID " MACSTR " blacklist count "
|
|
|
|
|
"incremented to %d",
|
|
|
|
|
MAC2STR(bssid), e->count);
|
2012-10-08 03:46:57 +04:00
|
|
|
return e->count;
|
2010-08-04 14:17:50 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
e = os_zalloc(sizeof(*e));
|
|
|
|
|
if (e == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
os_memcpy(e->bssid, bssid, ETH_ALEN);
|
|
|
|
|
e->count = 1;
|
|
|
|
|
e->next = wpa_s->blacklist;
|
|
|
|
|
wpa_s->blacklist = e;
|
|
|
|
|
wpa_printf(MSG_DEBUG, "Added BSSID " MACSTR " into blacklist",
|
|
|
|
|
MAC2STR(bssid));
|
|
|
|
|
|
2012-10-08 03:46:57 +04:00
|
|
|
return e->count;
|
2010-08-04 14:17:50 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* wpa_blacklist_del - Remove an BSSID from the blacklist
|
|
|
|
|
* @wpa_s: Pointer to wpa_supplicant data
|
|
|
|
|
* @bssid: BSSID to be removed from the blacklist
|
|
|
|
|
* Returns: 0 on success, -1 on failure
|
|
|
|
|
*/
|
|
|
|
|
int wpa_blacklist_del(struct wpa_supplicant *wpa_s, const u8 *bssid)
|
|
|
|
|
{
|
|
|
|
|
struct wpa_blacklist *e, *prev = NULL;
|
|
|
|
|
|
import v2_0:
2013-01-12 - v2.0
* removed Qt3-based wpa_gui (obsoleted by wpa_qui-qt4)
* removed unmaintained driver wrappers broadcom, iphone, osx, ralink,
hostap, madwifi (hostap and madwifi remain available for hostapd;
their wpa_supplicant functionality is obsoleted by wext)
* improved debug logging (human readable event names, interface name
included in more entries)
* changed AP mode behavior to enable WPS only for open and
WPA/WPA2-Personal configuration
* improved P2P concurrency operations
- better coordination of concurrent scan and P2P search operations
- avoid concurrent remain-on-channel operation requests by canceling
previous operations prior to starting a new one
- reject operations that would require multi-channel concurrency if
the driver does not support it
- add parameter to select whether STA or P2P connection is preferred
if the driver cannot support both at the same time
- allow driver to indicate channel changes
- added optional delay=<search delay in milliseconds> parameter for
p2p_find to avoid taking all radio resources
- use 500 ms p2p_find search delay by default during concurrent
operations
- allow all channels in GO Negotiation if the driver supports
multi-channel concurrency
* added number of small changes to make it easier for static analyzers
to understand the implementation
* fixed number of small bugs (see git logs for more details)
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands for AP mode
- additional information for driver-based AP SME
- STA entry authorization in RSN IBSS
* EAP-pwd:
- fixed KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using wpa_supplicant AP mode SME/MLME)
* added "GET country" ctrl_iface command
* do not save an invalid network block in wpa_supplicant.conf to avoid
problems reading the file on next start
* send STA connected/disconnected ctrl_iface events to both the P2P
group and parent interfaces
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* added "SET pno <1/0>" ctrl_iface command to start/stop preferred
network offload with sched_scan driver command
* merged in number of changes from Android repository for P2P, nl80211,
and build parameters
* changed P2P GO mode configuration to use driver capabilities to
automatically enable HT operations when supported
* added "wpa_cli status wps" command to fetch WPA2-Personal passhrase
for WPS use cases in AP mode
* EAP-AKA: keep pseudonym identity across EAP exchanges to match EAP-SIM
behavior
* improved reassociation behavior in cases where association is rejected
or when an AP disconnects us to handle common load balancing
mechanisms
- try to avoid extra scans when the needed information is available
* added optional "join" argument for p2p_prov_disc ctrl_iface command
* added group ifname to P2P-PROV-DISC-* events
* added P2P Device Address to AP-STA-DISCONNECTED event and use
p2p_dev_addr parameter name with AP-STA-CONNECTED
* added workarounds for WPS PBC overlap detection for some P2P use cases
where deployed stations work incorrectly
* optimize WPS connection speed by disconnecting prior to WPS scan and
by using single channel scans when AP channel is known
* PCSC and SIM/USIM improvements:
- accept 0x67 (Wrong length) as a response to READ RECORD to fix
issues with some USIM cards
- try to read MNC length from SIM/USIM
- build realm according to 3GPP TS 23.003 with identity from the SIM
- allow T1 protocol to be enabled
* added more WPS and P2P information available through D-Bus
* improve P2P negotiation robustness
- extra waits to get ACK frames through
- longer timeouts for cases where deployed devices have been
identified have issues meeting the specification requirements
- more retries for some P2P frames
- handle race conditions in GO Negotiation start by both devices
- ignore unexpected GO Negotiation Response frame
* added support for libnl 3.2 and newer
* added P2P persistent group info to P2P_PEER data
* maintain a list of P2P Clients for persistent group on GO
* AP: increased initial group key handshake retransmit timeout to 500 ms
* added optional dev_id parameter for p2p_find
* added P2P-FIND-STOPPED ctrl_iface event
* fixed issues in WPA/RSN element validation when roaming with ap_scan=1
and driver-based BSS selection
* do not expire P2P peer entries while connected with the peer in a
group
* fixed WSC element inclusion in cases where P2P is disabled
* AP: added a WPS workaround for mixed mode AP Settings with Windows 7
* EAP-SIM: fixed AT_COUNTER_TOO_SMALL use
* EAP-SIM/AKA: append realm to pseudonym identity
* EAP-SIM/AKA: store pseudonym identity in network configuration to
allow it to persist over multiple EAP sessions and wpa_supplicant
restarts
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* added support for WFA Hotspot 2.0
- GAS/ANQP to fetch network information
- credential configuration and automatic network selections based on
credential match with ANQP information
* limited PMKSA cache entries to be used only with the network context
that was used to create them
* improved PMKSA cache expiration to avoid unnecessary disconnections
* adjusted bgscan_simple fast-scan backoff to avoid too frequent
background scans
* removed ctrl_iface event on P2P PD Response in join-group case
* added option to fetch BSS table entry based on P2P Device Address
("BSS p2p_dev_addr=<P2P Device Address>")
* added BSS entry age to ctrl_iface BSS command output
* added optional MASK=0xH option for ctrl_iface BSS command to select
which fields are included in the response
* added optional RANGE=ALL|N1-N2 option for ctrl_iface BSS command to
fetch information about several BSSes in one call
* simplified licensing terms by selecting the BSD license as the only
alternative
* added "P2P_SET disallow_freq <freq list>" ctrl_iface command to
disable channels from P2P use
* added p2p_pref_chan configuration parameter to allow preferred P2P
channels to be specified
* added support for advertising immediate availability of a WPS
credential for P2P use cases
* optimized scan operations for P2P use cases (use single channel scan
for a specific SSID when possible)
* EAP-TTLS: fixed peer challenge generation for MSCHAPv2
* SME: do not use reassociation after explicit disconnection request
(local or a notification from an AP)
* added support for sending debug info to Linux tracing (-T on command
line)
* added support for using Deauthentication reason code 3 as an
indication of P2P group termination
* added wps_vendor_ext_m1 configuration parameter to allow vendor
specific attributes to be added to WPS M1
* started using separate TLS library context for tunneled TLS
(EAP-PEAP/TLS, EAP-TTLS/TLS, EAP-FAST/TLS) to support different CA
certificate configuration between Phase 1 and Phase 2
* added optional "auto" parameter for p2p_connect to request automatic
GO Negotiation vs. join-a-group selection
* added disabled_scan_offload parameter to disable automatic scan
offloading (sched_scan)
* added optional persistent=<network id> parameter for p2p_connect to
allow forcing of a specific SSID/passphrase for GO Negotiation
* added support for OBSS scan requests and 20/40 BSS coexistence reports
* reject PD Request for unknown group
* removed scripts and notes related to Windows binary releases (which
have not been used starting from 1.x)
* added initial support for WNM operations
- Keep-alive based on BSS max idle period
- WNM-Sleep Mode
- minimal BSS Transition Management processing
* added autoscan module to control scanning behavior while not connected
- autoscan_periodic and autoscan_exponential modules
* added new WPS NFC ctrl_iface mechanism
- added initial support NFC connection handover
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added optional framework for external password storage ("ext:<name>")
* wpa_cli: added optional support for controlling wpa_supplicant
remotely over UDP (CONFIG_CTRL_IFACE=udp-remote) for testing purposes
* wpa_cli: extended tab completion to more commands
* changed SSID output to use printf-escaped strings instead of masking
of non-ASCII characters
- SSID can now be configured in the same format: ssid=P"abc\x00test"
* removed default ACM=1 from AC_VO and AC_VI
* added optional "ht40" argument for P2P ctrl_iface commands to allow
40 MHz channels to be requested on the 5 GHz band
* added optional parameters for p2p_invite command to specify channel
when reinvoking a persistent group as the GO
* improved FIPS mode builds with OpenSSL
- "make fips" with CONFIG_FIPS=y to build wpa_supplicant with the
OpenSSL FIPS object module
- replace low level OpenSSL AES API calls to use EVP
- use OpenSSL keying material exporter when possible
- do not export TLS keys in FIPS mode
- remove MD5 from CONFIG_FIPS=y builds
- use OpenSSL function for PKBDF2 passphrase-to-PSK
- use OpenSSL HMAC implementation
- mix RAND_bytes() output into random_get_bytes() to force OpenSSL
DRBG to be used in FIPS mode
- use OpenSSL CMAC implementation
* added mechanism to disable TLS Session Ticket extension
- a workaround for servers that do not support TLS extensions that
was enabled by default in recent OpenSSL versions
- tls_disable_session_ticket=1
- automatically disable TLS Session Ticket extension by default when
using EAP-TLS/PEAP/TTLS (i.e., only use it with EAP-FAST)
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* disable network block temporarily on authentication failures
* improved WPS AP selection during WPS PIN iteration
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for Wi-Fi Display extensions
- WFD_SUBELEMENT_SET ctrl_iface command to configure WFD subelements
- SET wifi_display <0/1> to disable/enable WFD support
- WFD service discovery
- an external program is needed to manage the audio/video streaming
and codecs
* optimized scan result use for network selection
- use the internal BSS table instead of raw scan results
- allow unnecessary scans to be skipped if fresh information is
available (e.g., after GAS/ANQP round for Interworking)
* added support for 256-bit AES with internal TLS implementation
* allow peer to propose channel in P2P invitation process for a
persistent group
* added disallow_aps parameter to allow BSSIDs/SSIDs to be disallowed
from network selection
* re-enable the networks disabled during WPS operations
* allow P2P functionality to be disabled per interface (p2p_disabled=1)
* added secondary device types into P2P_PEER output
* added an option to disable use of a separate P2P group interface
(p2p_no_group_iface=1)
* fixed P2P Bonjour SD to match entries with both compressed and not
compressed domain name format and support multiple Bonjour PTR matches
for the same key
* use deauthentication instead of disassociation for all disconnection
operations; this removes the now unused disassociate() wpa_driver_ops
callback
* optimized PSK generation on P2P GO by caching results to avoid
multiple PBKDF2 operations
* added okc=1 global configuration parameter to allow OKC to be enabled
by default for all network blocks
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added basic support for 60 GHz band
* extend EAPOL frames processing workaround for roaming cases
(postpone processing of unexpected EAPOL frame until association
event to handle reordered events)
2014-01-03 06:04:55 +04:00
|
|
|
if (wpa_s == NULL || bssid == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
|
2010-08-04 14:17:50 +04:00
|
|
|
e = wpa_s->blacklist;
|
|
|
|
|
while (e) {
|
|
|
|
|
if (os_memcmp(e->bssid, bssid, ETH_ALEN) == 0) {
|
|
|
|
|
if (prev == NULL) {
|
|
|
|
|
wpa_s->blacklist = e->next;
|
|
|
|
|
} else {
|
|
|
|
|
prev->next = e->next;
|
|
|
|
|
}
|
|
|
|
|
wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR " from "
|
|
|
|
|
"blacklist", MAC2STR(bssid));
|
|
|
|
|
os_free(e);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
prev = e;
|
|
|
|
|
e = e->next;
|
|
|
|
|
}
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* wpa_blacklist_clear - Clear the blacklist of all entries
|
|
|
|
|
* @wpa_s: Pointer to wpa_supplicant data
|
|
|
|
|
*/
|
|
|
|
|
void wpa_blacklist_clear(struct wpa_supplicant *wpa_s)
|
|
|
|
|
{
|
|
|
|
|
struct wpa_blacklist *e, *prev;
|
import v2_0:
2013-01-12 - v2.0
* removed Qt3-based wpa_gui (obsoleted by wpa_qui-qt4)
* removed unmaintained driver wrappers broadcom, iphone, osx, ralink,
hostap, madwifi (hostap and madwifi remain available for hostapd;
their wpa_supplicant functionality is obsoleted by wext)
* improved debug logging (human readable event names, interface name
included in more entries)
* changed AP mode behavior to enable WPS only for open and
WPA/WPA2-Personal configuration
* improved P2P concurrency operations
- better coordination of concurrent scan and P2P search operations
- avoid concurrent remain-on-channel operation requests by canceling
previous operations prior to starting a new one
- reject operations that would require multi-channel concurrency if
the driver does not support it
- add parameter to select whether STA or P2P connection is preferred
if the driver cannot support both at the same time
- allow driver to indicate channel changes
- added optional delay=<search delay in milliseconds> parameter for
p2p_find to avoid taking all radio resources
- use 500 ms p2p_find search delay by default during concurrent
operations
- allow all channels in GO Negotiation if the driver supports
multi-channel concurrency
* added number of small changes to make it easier for static analyzers
to understand the implementation
* fixed number of small bugs (see git logs for more details)
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands for AP mode
- additional information for driver-based AP SME
- STA entry authorization in RSN IBSS
* EAP-pwd:
- fixed KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using wpa_supplicant AP mode SME/MLME)
* added "GET country" ctrl_iface command
* do not save an invalid network block in wpa_supplicant.conf to avoid
problems reading the file on next start
* send STA connected/disconnected ctrl_iface events to both the P2P
group and parent interfaces
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* added "SET pno <1/0>" ctrl_iface command to start/stop preferred
network offload with sched_scan driver command
* merged in number of changes from Android repository for P2P, nl80211,
and build parameters
* changed P2P GO mode configuration to use driver capabilities to
automatically enable HT operations when supported
* added "wpa_cli status wps" command to fetch WPA2-Personal passhrase
for WPS use cases in AP mode
* EAP-AKA: keep pseudonym identity across EAP exchanges to match EAP-SIM
behavior
* improved reassociation behavior in cases where association is rejected
or when an AP disconnects us to handle common load balancing
mechanisms
- try to avoid extra scans when the needed information is available
* added optional "join" argument for p2p_prov_disc ctrl_iface command
* added group ifname to P2P-PROV-DISC-* events
* added P2P Device Address to AP-STA-DISCONNECTED event and use
p2p_dev_addr parameter name with AP-STA-CONNECTED
* added workarounds for WPS PBC overlap detection for some P2P use cases
where deployed stations work incorrectly
* optimize WPS connection speed by disconnecting prior to WPS scan and
by using single channel scans when AP channel is known
* PCSC and SIM/USIM improvements:
- accept 0x67 (Wrong length) as a response to READ RECORD to fix
issues with some USIM cards
- try to read MNC length from SIM/USIM
- build realm according to 3GPP TS 23.003 with identity from the SIM
- allow T1 protocol to be enabled
* added more WPS and P2P information available through D-Bus
* improve P2P negotiation robustness
- extra waits to get ACK frames through
- longer timeouts for cases where deployed devices have been
identified have issues meeting the specification requirements
- more retries for some P2P frames
- handle race conditions in GO Negotiation start by both devices
- ignore unexpected GO Negotiation Response frame
* added support for libnl 3.2 and newer
* added P2P persistent group info to P2P_PEER data
* maintain a list of P2P Clients for persistent group on GO
* AP: increased initial group key handshake retransmit timeout to 500 ms
* added optional dev_id parameter for p2p_find
* added P2P-FIND-STOPPED ctrl_iface event
* fixed issues in WPA/RSN element validation when roaming with ap_scan=1
and driver-based BSS selection
* do not expire P2P peer entries while connected with the peer in a
group
* fixed WSC element inclusion in cases where P2P is disabled
* AP: added a WPS workaround for mixed mode AP Settings with Windows 7
* EAP-SIM: fixed AT_COUNTER_TOO_SMALL use
* EAP-SIM/AKA: append realm to pseudonym identity
* EAP-SIM/AKA: store pseudonym identity in network configuration to
allow it to persist over multiple EAP sessions and wpa_supplicant
restarts
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* added support for WFA Hotspot 2.0
- GAS/ANQP to fetch network information
- credential configuration and automatic network selections based on
credential match with ANQP information
* limited PMKSA cache entries to be used only with the network context
that was used to create them
* improved PMKSA cache expiration to avoid unnecessary disconnections
* adjusted bgscan_simple fast-scan backoff to avoid too frequent
background scans
* removed ctrl_iface event on P2P PD Response in join-group case
* added option to fetch BSS table entry based on P2P Device Address
("BSS p2p_dev_addr=<P2P Device Address>")
* added BSS entry age to ctrl_iface BSS command output
* added optional MASK=0xH option for ctrl_iface BSS command to select
which fields are included in the response
* added optional RANGE=ALL|N1-N2 option for ctrl_iface BSS command to
fetch information about several BSSes in one call
* simplified licensing terms by selecting the BSD license as the only
alternative
* added "P2P_SET disallow_freq <freq list>" ctrl_iface command to
disable channels from P2P use
* added p2p_pref_chan configuration parameter to allow preferred P2P
channels to be specified
* added support for advertising immediate availability of a WPS
credential for P2P use cases
* optimized scan operations for P2P use cases (use single channel scan
for a specific SSID when possible)
* EAP-TTLS: fixed peer challenge generation for MSCHAPv2
* SME: do not use reassociation after explicit disconnection request
(local or a notification from an AP)
* added support for sending debug info to Linux tracing (-T on command
line)
* added support for using Deauthentication reason code 3 as an
indication of P2P group termination
* added wps_vendor_ext_m1 configuration parameter to allow vendor
specific attributes to be added to WPS M1
* started using separate TLS library context for tunneled TLS
(EAP-PEAP/TLS, EAP-TTLS/TLS, EAP-FAST/TLS) to support different CA
certificate configuration between Phase 1 and Phase 2
* added optional "auto" parameter for p2p_connect to request automatic
GO Negotiation vs. join-a-group selection
* added disabled_scan_offload parameter to disable automatic scan
offloading (sched_scan)
* added optional persistent=<network id> parameter for p2p_connect to
allow forcing of a specific SSID/passphrase for GO Negotiation
* added support for OBSS scan requests and 20/40 BSS coexistence reports
* reject PD Request for unknown group
* removed scripts and notes related to Windows binary releases (which
have not been used starting from 1.x)
* added initial support for WNM operations
- Keep-alive based on BSS max idle period
- WNM-Sleep Mode
- minimal BSS Transition Management processing
* added autoscan module to control scanning behavior while not connected
- autoscan_periodic and autoscan_exponential modules
* added new WPS NFC ctrl_iface mechanism
- added initial support NFC connection handover
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added optional framework for external password storage ("ext:<name>")
* wpa_cli: added optional support for controlling wpa_supplicant
remotely over UDP (CONFIG_CTRL_IFACE=udp-remote) for testing purposes
* wpa_cli: extended tab completion to more commands
* changed SSID output to use printf-escaped strings instead of masking
of non-ASCII characters
- SSID can now be configured in the same format: ssid=P"abc\x00test"
* removed default ACM=1 from AC_VO and AC_VI
* added optional "ht40" argument for P2P ctrl_iface commands to allow
40 MHz channels to be requested on the 5 GHz band
* added optional parameters for p2p_invite command to specify channel
when reinvoking a persistent group as the GO
* improved FIPS mode builds with OpenSSL
- "make fips" with CONFIG_FIPS=y to build wpa_supplicant with the
OpenSSL FIPS object module
- replace low level OpenSSL AES API calls to use EVP
- use OpenSSL keying material exporter when possible
- do not export TLS keys in FIPS mode
- remove MD5 from CONFIG_FIPS=y builds
- use OpenSSL function for PKBDF2 passphrase-to-PSK
- use OpenSSL HMAC implementation
- mix RAND_bytes() output into random_get_bytes() to force OpenSSL
DRBG to be used in FIPS mode
- use OpenSSL CMAC implementation
* added mechanism to disable TLS Session Ticket extension
- a workaround for servers that do not support TLS extensions that
was enabled by default in recent OpenSSL versions
- tls_disable_session_ticket=1
- automatically disable TLS Session Ticket extension by default when
using EAP-TLS/PEAP/TTLS (i.e., only use it with EAP-FAST)
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* disable network block temporarily on authentication failures
* improved WPS AP selection during WPS PIN iteration
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for Wi-Fi Display extensions
- WFD_SUBELEMENT_SET ctrl_iface command to configure WFD subelements
- SET wifi_display <0/1> to disable/enable WFD support
- WFD service discovery
- an external program is needed to manage the audio/video streaming
and codecs
* optimized scan result use for network selection
- use the internal BSS table instead of raw scan results
- allow unnecessary scans to be skipped if fresh information is
available (e.g., after GAS/ANQP round for Interworking)
* added support for 256-bit AES with internal TLS implementation
* allow peer to propose channel in P2P invitation process for a
persistent group
* added disallow_aps parameter to allow BSSIDs/SSIDs to be disallowed
from network selection
* re-enable the networks disabled during WPS operations
* allow P2P functionality to be disabled per interface (p2p_disabled=1)
* added secondary device types into P2P_PEER output
* added an option to disable use of a separate P2P group interface
(p2p_no_group_iface=1)
* fixed P2P Bonjour SD to match entries with both compressed and not
compressed domain name format and support multiple Bonjour PTR matches
for the same key
* use deauthentication instead of disassociation for all disconnection
operations; this removes the now unused disassociate() wpa_driver_ops
callback
* optimized PSK generation on P2P GO by caching results to avoid
multiple PBKDF2 operations
* added okc=1 global configuration parameter to allow OKC to be enabled
by default for all network blocks
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added basic support for 60 GHz band
* extend EAPOL frames processing workaround for roaming cases
(postpone processing of unexpected EAPOL frame until association
event to handle reordered events)
2014-01-03 06:04:55 +04:00
|
|
|
int max_count = 0;
|
2010-08-04 14:17:50 +04:00
|
|
|
|
|
|
|
|
e = wpa_s->blacklist;
|
|
|
|
|
wpa_s->blacklist = NULL;
|
|
|
|
|
while (e) {
|
import v2_0:
2013-01-12 - v2.0
* removed Qt3-based wpa_gui (obsoleted by wpa_qui-qt4)
* removed unmaintained driver wrappers broadcom, iphone, osx, ralink,
hostap, madwifi (hostap and madwifi remain available for hostapd;
their wpa_supplicant functionality is obsoleted by wext)
* improved debug logging (human readable event names, interface name
included in more entries)
* changed AP mode behavior to enable WPS only for open and
WPA/WPA2-Personal configuration
* improved P2P concurrency operations
- better coordination of concurrent scan and P2P search operations
- avoid concurrent remain-on-channel operation requests by canceling
previous operations prior to starting a new one
- reject operations that would require multi-channel concurrency if
the driver does not support it
- add parameter to select whether STA or P2P connection is preferred
if the driver cannot support both at the same time
- allow driver to indicate channel changes
- added optional delay=<search delay in milliseconds> parameter for
p2p_find to avoid taking all radio resources
- use 500 ms p2p_find search delay by default during concurrent
operations
- allow all channels in GO Negotiation if the driver supports
multi-channel concurrency
* added number of small changes to make it easier for static analyzers
to understand the implementation
* fixed number of small bugs (see git logs for more details)
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands for AP mode
- additional information for driver-based AP SME
- STA entry authorization in RSN IBSS
* EAP-pwd:
- fixed KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using wpa_supplicant AP mode SME/MLME)
* added "GET country" ctrl_iface command
* do not save an invalid network block in wpa_supplicant.conf to avoid
problems reading the file on next start
* send STA connected/disconnected ctrl_iface events to both the P2P
group and parent interfaces
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* added "SET pno <1/0>" ctrl_iface command to start/stop preferred
network offload with sched_scan driver command
* merged in number of changes from Android repository for P2P, nl80211,
and build parameters
* changed P2P GO mode configuration to use driver capabilities to
automatically enable HT operations when supported
* added "wpa_cli status wps" command to fetch WPA2-Personal passhrase
for WPS use cases in AP mode
* EAP-AKA: keep pseudonym identity across EAP exchanges to match EAP-SIM
behavior
* improved reassociation behavior in cases where association is rejected
or when an AP disconnects us to handle common load balancing
mechanisms
- try to avoid extra scans when the needed information is available
* added optional "join" argument for p2p_prov_disc ctrl_iface command
* added group ifname to P2P-PROV-DISC-* events
* added P2P Device Address to AP-STA-DISCONNECTED event and use
p2p_dev_addr parameter name with AP-STA-CONNECTED
* added workarounds for WPS PBC overlap detection for some P2P use cases
where deployed stations work incorrectly
* optimize WPS connection speed by disconnecting prior to WPS scan and
by using single channel scans when AP channel is known
* PCSC and SIM/USIM improvements:
- accept 0x67 (Wrong length) as a response to READ RECORD to fix
issues with some USIM cards
- try to read MNC length from SIM/USIM
- build realm according to 3GPP TS 23.003 with identity from the SIM
- allow T1 protocol to be enabled
* added more WPS and P2P information available through D-Bus
* improve P2P negotiation robustness
- extra waits to get ACK frames through
- longer timeouts for cases where deployed devices have been
identified have issues meeting the specification requirements
- more retries for some P2P frames
- handle race conditions in GO Negotiation start by both devices
- ignore unexpected GO Negotiation Response frame
* added support for libnl 3.2 and newer
* added P2P persistent group info to P2P_PEER data
* maintain a list of P2P Clients for persistent group on GO
* AP: increased initial group key handshake retransmit timeout to 500 ms
* added optional dev_id parameter for p2p_find
* added P2P-FIND-STOPPED ctrl_iface event
* fixed issues in WPA/RSN element validation when roaming with ap_scan=1
and driver-based BSS selection
* do not expire P2P peer entries while connected with the peer in a
group
* fixed WSC element inclusion in cases where P2P is disabled
* AP: added a WPS workaround for mixed mode AP Settings with Windows 7
* EAP-SIM: fixed AT_COUNTER_TOO_SMALL use
* EAP-SIM/AKA: append realm to pseudonym identity
* EAP-SIM/AKA: store pseudonym identity in network configuration to
allow it to persist over multiple EAP sessions and wpa_supplicant
restarts
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* added support for WFA Hotspot 2.0
- GAS/ANQP to fetch network information
- credential configuration and automatic network selections based on
credential match with ANQP information
* limited PMKSA cache entries to be used only with the network context
that was used to create them
* improved PMKSA cache expiration to avoid unnecessary disconnections
* adjusted bgscan_simple fast-scan backoff to avoid too frequent
background scans
* removed ctrl_iface event on P2P PD Response in join-group case
* added option to fetch BSS table entry based on P2P Device Address
("BSS p2p_dev_addr=<P2P Device Address>")
* added BSS entry age to ctrl_iface BSS command output
* added optional MASK=0xH option for ctrl_iface BSS command to select
which fields are included in the response
* added optional RANGE=ALL|N1-N2 option for ctrl_iface BSS command to
fetch information about several BSSes in one call
* simplified licensing terms by selecting the BSD license as the only
alternative
* added "P2P_SET disallow_freq <freq list>" ctrl_iface command to
disable channels from P2P use
* added p2p_pref_chan configuration parameter to allow preferred P2P
channels to be specified
* added support for advertising immediate availability of a WPS
credential for P2P use cases
* optimized scan operations for P2P use cases (use single channel scan
for a specific SSID when possible)
* EAP-TTLS: fixed peer challenge generation for MSCHAPv2
* SME: do not use reassociation after explicit disconnection request
(local or a notification from an AP)
* added support for sending debug info to Linux tracing (-T on command
line)
* added support for using Deauthentication reason code 3 as an
indication of P2P group termination
* added wps_vendor_ext_m1 configuration parameter to allow vendor
specific attributes to be added to WPS M1
* started using separate TLS library context for tunneled TLS
(EAP-PEAP/TLS, EAP-TTLS/TLS, EAP-FAST/TLS) to support different CA
certificate configuration between Phase 1 and Phase 2
* added optional "auto" parameter for p2p_connect to request automatic
GO Negotiation vs. join-a-group selection
* added disabled_scan_offload parameter to disable automatic scan
offloading (sched_scan)
* added optional persistent=<network id> parameter for p2p_connect to
allow forcing of a specific SSID/passphrase for GO Negotiation
* added support for OBSS scan requests and 20/40 BSS coexistence reports
* reject PD Request for unknown group
* removed scripts and notes related to Windows binary releases (which
have not been used starting from 1.x)
* added initial support for WNM operations
- Keep-alive based on BSS max idle period
- WNM-Sleep Mode
- minimal BSS Transition Management processing
* added autoscan module to control scanning behavior while not connected
- autoscan_periodic and autoscan_exponential modules
* added new WPS NFC ctrl_iface mechanism
- added initial support NFC connection handover
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added optional framework for external password storage ("ext:<name>")
* wpa_cli: added optional support for controlling wpa_supplicant
remotely over UDP (CONFIG_CTRL_IFACE=udp-remote) for testing purposes
* wpa_cli: extended tab completion to more commands
* changed SSID output to use printf-escaped strings instead of masking
of non-ASCII characters
- SSID can now be configured in the same format: ssid=P"abc\x00test"
* removed default ACM=1 from AC_VO and AC_VI
* added optional "ht40" argument for P2P ctrl_iface commands to allow
40 MHz channels to be requested on the 5 GHz band
* added optional parameters for p2p_invite command to specify channel
when reinvoking a persistent group as the GO
* improved FIPS mode builds with OpenSSL
- "make fips" with CONFIG_FIPS=y to build wpa_supplicant with the
OpenSSL FIPS object module
- replace low level OpenSSL AES API calls to use EVP
- use OpenSSL keying material exporter when possible
- do not export TLS keys in FIPS mode
- remove MD5 from CONFIG_FIPS=y builds
- use OpenSSL function for PKBDF2 passphrase-to-PSK
- use OpenSSL HMAC implementation
- mix RAND_bytes() output into random_get_bytes() to force OpenSSL
DRBG to be used in FIPS mode
- use OpenSSL CMAC implementation
* added mechanism to disable TLS Session Ticket extension
- a workaround for servers that do not support TLS extensions that
was enabled by default in recent OpenSSL versions
- tls_disable_session_ticket=1
- automatically disable TLS Session Ticket extension by default when
using EAP-TLS/PEAP/TTLS (i.e., only use it with EAP-FAST)
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* disable network block temporarily on authentication failures
* improved WPS AP selection during WPS PIN iteration
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for Wi-Fi Display extensions
- WFD_SUBELEMENT_SET ctrl_iface command to configure WFD subelements
- SET wifi_display <0/1> to disable/enable WFD support
- WFD service discovery
- an external program is needed to manage the audio/video streaming
and codecs
* optimized scan result use for network selection
- use the internal BSS table instead of raw scan results
- allow unnecessary scans to be skipped if fresh information is
available (e.g., after GAS/ANQP round for Interworking)
* added support for 256-bit AES with internal TLS implementation
* allow peer to propose channel in P2P invitation process for a
persistent group
* added disallow_aps parameter to allow BSSIDs/SSIDs to be disallowed
from network selection
* re-enable the networks disabled during WPS operations
* allow P2P functionality to be disabled per interface (p2p_disabled=1)
* added secondary device types into P2P_PEER output
* added an option to disable use of a separate P2P group interface
(p2p_no_group_iface=1)
* fixed P2P Bonjour SD to match entries with both compressed and not
compressed domain name format and support multiple Bonjour PTR matches
for the same key
* use deauthentication instead of disassociation for all disconnection
operations; this removes the now unused disassociate() wpa_driver_ops
callback
* optimized PSK generation on P2P GO by caching results to avoid
multiple PBKDF2 operations
* added okc=1 global configuration parameter to allow OKC to be enabled
by default for all network blocks
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added basic support for 60 GHz band
* extend EAPOL frames processing workaround for roaming cases
(postpone processing of unexpected EAPOL frame until association
event to handle reordered events)
2014-01-03 06:04:55 +04:00
|
|
|
if (e->count > max_count)
|
|
|
|
|
max_count = e->count;
|
2010-08-04 14:17:50 +04:00
|
|
|
prev = e;
|
|
|
|
|
e = e->next;
|
|
|
|
|
wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR " from "
|
|
|
|
|
"blacklist (clear)", MAC2STR(prev->bssid));
|
|
|
|
|
os_free(prev);
|
|
|
|
|
}
|
import v2_0:
2013-01-12 - v2.0
* removed Qt3-based wpa_gui (obsoleted by wpa_qui-qt4)
* removed unmaintained driver wrappers broadcom, iphone, osx, ralink,
hostap, madwifi (hostap and madwifi remain available for hostapd;
their wpa_supplicant functionality is obsoleted by wext)
* improved debug logging (human readable event names, interface name
included in more entries)
* changed AP mode behavior to enable WPS only for open and
WPA/WPA2-Personal configuration
* improved P2P concurrency operations
- better coordination of concurrent scan and P2P search operations
- avoid concurrent remain-on-channel operation requests by canceling
previous operations prior to starting a new one
- reject operations that would require multi-channel concurrency if
the driver does not support it
- add parameter to select whether STA or P2P connection is preferred
if the driver cannot support both at the same time
- allow driver to indicate channel changes
- added optional delay=<search delay in milliseconds> parameter for
p2p_find to avoid taking all radio resources
- use 500 ms p2p_find search delay by default during concurrent
operations
- allow all channels in GO Negotiation if the driver supports
multi-channel concurrency
* added number of small changes to make it easier for static analyzers
to understand the implementation
* fixed number of small bugs (see git logs for more details)
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands for AP mode
- additional information for driver-based AP SME
- STA entry authorization in RSN IBSS
* EAP-pwd:
- fixed KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using wpa_supplicant AP mode SME/MLME)
* added "GET country" ctrl_iface command
* do not save an invalid network block in wpa_supplicant.conf to avoid
problems reading the file on next start
* send STA connected/disconnected ctrl_iface events to both the P2P
group and parent interfaces
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* added "SET pno <1/0>" ctrl_iface command to start/stop preferred
network offload with sched_scan driver command
* merged in number of changes from Android repository for P2P, nl80211,
and build parameters
* changed P2P GO mode configuration to use driver capabilities to
automatically enable HT operations when supported
* added "wpa_cli status wps" command to fetch WPA2-Personal passhrase
for WPS use cases in AP mode
* EAP-AKA: keep pseudonym identity across EAP exchanges to match EAP-SIM
behavior
* improved reassociation behavior in cases where association is rejected
or when an AP disconnects us to handle common load balancing
mechanisms
- try to avoid extra scans when the needed information is available
* added optional "join" argument for p2p_prov_disc ctrl_iface command
* added group ifname to P2P-PROV-DISC-* events
* added P2P Device Address to AP-STA-DISCONNECTED event and use
p2p_dev_addr parameter name with AP-STA-CONNECTED
* added workarounds for WPS PBC overlap detection for some P2P use cases
where deployed stations work incorrectly
* optimize WPS connection speed by disconnecting prior to WPS scan and
by using single channel scans when AP channel is known
* PCSC and SIM/USIM improvements:
- accept 0x67 (Wrong length) as a response to READ RECORD to fix
issues with some USIM cards
- try to read MNC length from SIM/USIM
- build realm according to 3GPP TS 23.003 with identity from the SIM
- allow T1 protocol to be enabled
* added more WPS and P2P information available through D-Bus
* improve P2P negotiation robustness
- extra waits to get ACK frames through
- longer timeouts for cases where deployed devices have been
identified have issues meeting the specification requirements
- more retries for some P2P frames
- handle race conditions in GO Negotiation start by both devices
- ignore unexpected GO Negotiation Response frame
* added support for libnl 3.2 and newer
* added P2P persistent group info to P2P_PEER data
* maintain a list of P2P Clients for persistent group on GO
* AP: increased initial group key handshake retransmit timeout to 500 ms
* added optional dev_id parameter for p2p_find
* added P2P-FIND-STOPPED ctrl_iface event
* fixed issues in WPA/RSN element validation when roaming with ap_scan=1
and driver-based BSS selection
* do not expire P2P peer entries while connected with the peer in a
group
* fixed WSC element inclusion in cases where P2P is disabled
* AP: added a WPS workaround for mixed mode AP Settings with Windows 7
* EAP-SIM: fixed AT_COUNTER_TOO_SMALL use
* EAP-SIM/AKA: append realm to pseudonym identity
* EAP-SIM/AKA: store pseudonym identity in network configuration to
allow it to persist over multiple EAP sessions and wpa_supplicant
restarts
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* added support for WFA Hotspot 2.0
- GAS/ANQP to fetch network information
- credential configuration and automatic network selections based on
credential match with ANQP information
* limited PMKSA cache entries to be used only with the network context
that was used to create them
* improved PMKSA cache expiration to avoid unnecessary disconnections
* adjusted bgscan_simple fast-scan backoff to avoid too frequent
background scans
* removed ctrl_iface event on P2P PD Response in join-group case
* added option to fetch BSS table entry based on P2P Device Address
("BSS p2p_dev_addr=<P2P Device Address>")
* added BSS entry age to ctrl_iface BSS command output
* added optional MASK=0xH option for ctrl_iface BSS command to select
which fields are included in the response
* added optional RANGE=ALL|N1-N2 option for ctrl_iface BSS command to
fetch information about several BSSes in one call
* simplified licensing terms by selecting the BSD license as the only
alternative
* added "P2P_SET disallow_freq <freq list>" ctrl_iface command to
disable channels from P2P use
* added p2p_pref_chan configuration parameter to allow preferred P2P
channels to be specified
* added support for advertising immediate availability of a WPS
credential for P2P use cases
* optimized scan operations for P2P use cases (use single channel scan
for a specific SSID when possible)
* EAP-TTLS: fixed peer challenge generation for MSCHAPv2
* SME: do not use reassociation after explicit disconnection request
(local or a notification from an AP)
* added support for sending debug info to Linux tracing (-T on command
line)
* added support for using Deauthentication reason code 3 as an
indication of P2P group termination
* added wps_vendor_ext_m1 configuration parameter to allow vendor
specific attributes to be added to WPS M1
* started using separate TLS library context for tunneled TLS
(EAP-PEAP/TLS, EAP-TTLS/TLS, EAP-FAST/TLS) to support different CA
certificate configuration between Phase 1 and Phase 2
* added optional "auto" parameter for p2p_connect to request automatic
GO Negotiation vs. join-a-group selection
* added disabled_scan_offload parameter to disable automatic scan
offloading (sched_scan)
* added optional persistent=<network id> parameter for p2p_connect to
allow forcing of a specific SSID/passphrase for GO Negotiation
* added support for OBSS scan requests and 20/40 BSS coexistence reports
* reject PD Request for unknown group
* removed scripts and notes related to Windows binary releases (which
have not been used starting from 1.x)
* added initial support for WNM operations
- Keep-alive based on BSS max idle period
- WNM-Sleep Mode
- minimal BSS Transition Management processing
* added autoscan module to control scanning behavior while not connected
- autoscan_periodic and autoscan_exponential modules
* added new WPS NFC ctrl_iface mechanism
- added initial support NFC connection handover
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added optional framework for external password storage ("ext:<name>")
* wpa_cli: added optional support for controlling wpa_supplicant
remotely over UDP (CONFIG_CTRL_IFACE=udp-remote) for testing purposes
* wpa_cli: extended tab completion to more commands
* changed SSID output to use printf-escaped strings instead of masking
of non-ASCII characters
- SSID can now be configured in the same format: ssid=P"abc\x00test"
* removed default ACM=1 from AC_VO and AC_VI
* added optional "ht40" argument for P2P ctrl_iface commands to allow
40 MHz channels to be requested on the 5 GHz band
* added optional parameters for p2p_invite command to specify channel
when reinvoking a persistent group as the GO
* improved FIPS mode builds with OpenSSL
- "make fips" with CONFIG_FIPS=y to build wpa_supplicant with the
OpenSSL FIPS object module
- replace low level OpenSSL AES API calls to use EVP
- use OpenSSL keying material exporter when possible
- do not export TLS keys in FIPS mode
- remove MD5 from CONFIG_FIPS=y builds
- use OpenSSL function for PKBDF2 passphrase-to-PSK
- use OpenSSL HMAC implementation
- mix RAND_bytes() output into random_get_bytes() to force OpenSSL
DRBG to be used in FIPS mode
- use OpenSSL CMAC implementation
* added mechanism to disable TLS Session Ticket extension
- a workaround for servers that do not support TLS extensions that
was enabled by default in recent OpenSSL versions
- tls_disable_session_ticket=1
- automatically disable TLS Session Ticket extension by default when
using EAP-TLS/PEAP/TTLS (i.e., only use it with EAP-FAST)
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* disable network block temporarily on authentication failures
* improved WPS AP selection during WPS PIN iteration
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for Wi-Fi Display extensions
- WFD_SUBELEMENT_SET ctrl_iface command to configure WFD subelements
- SET wifi_display <0/1> to disable/enable WFD support
- WFD service discovery
- an external program is needed to manage the audio/video streaming
and codecs
* optimized scan result use for network selection
- use the internal BSS table instead of raw scan results
- allow unnecessary scans to be skipped if fresh information is
available (e.g., after GAS/ANQP round for Interworking)
* added support for 256-bit AES with internal TLS implementation
* allow peer to propose channel in P2P invitation process for a
persistent group
* added disallow_aps parameter to allow BSSIDs/SSIDs to be disallowed
from network selection
* re-enable the networks disabled during WPS operations
* allow P2P functionality to be disabled per interface (p2p_disabled=1)
* added secondary device types into P2P_PEER output
* added an option to disable use of a separate P2P group interface
(p2p_no_group_iface=1)
* fixed P2P Bonjour SD to match entries with both compressed and not
compressed domain name format and support multiple Bonjour PTR matches
for the same key
* use deauthentication instead of disassociation for all disconnection
operations; this removes the now unused disassociate() wpa_driver_ops
callback
* optimized PSK generation on P2P GO by caching results to avoid
multiple PBKDF2 operations
* added okc=1 global configuration parameter to allow OKC to be enabled
by default for all network blocks
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added basic support for 60 GHz band
* extend EAPOL frames processing workaround for roaming cases
(postpone processing of unexpected EAPOL frame until association
event to handle reordered events)
2014-01-03 06:04:55 +04:00
|
|
|
|
|
|
|
|
wpa_s->extra_blacklist_count += max_count;
|
2010-08-04 14:17:50 +04:00
|
|
|
}
|