This repository has been archived by the owner on Nov 14, 2024. It is now read-only.
Adding support for WiFi promiscuous mode operation #115
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Modifications for building supplicant on Zephyr RTOS. Signed-off-by: Sridhar Nuvusetty <sridhar.nuvusetty@nordicsemi.no> Signed-off-by: Sachin Kulkarni <sachin.kulkarni@nordicsemi.no> Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no> Signed-off-by: Krishna T <krishna.t@nordicsemi.no> Co-authored-by: krishna T <krishna.t@nordicsemi.no>
The file was removed but was still included.
sdk-nrf has a different version where these variables are not private, so, remove the private macro for build.
* Adding CODEOWNERS file .. Adding @krish2718 @sr1dh48r @rlubos @sachinthegreen Co-authored-by: krish2718 <100136718+krish2718@users.noreply.github.com>
Remove uninitialized variable that is no longer needed, this causes crash in case supplicant thread exits.
* Include HOSTAP_BASE to fix header file paths * Select WEP automatically through Kconfig
nRF CI treats warnings as errors, so, this is must.
Add proper pre-processor conditions to the code that uses IPv4 API. Signed-off-by: Damian Krolik <damian.krolik@nordicsemi.no>
PR [1] is now up-merged to NCS, so, remove the workaround. [1] - zephyrproject-rtos/zephyr#45592 Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Previous to [1] we used to get L2 header and that was used to filter unregistered frames (another bug), but now that L2 header is removed, we cannot use L2 header, so, directly parse payload and filter EAPoL frames only. [1] - zephyrproject-rtos/zephyr#45592 Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Add const qualifier to the declaration. Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
1. Add WPA_SUPP_LOG_LEVEL_* Kconfig options to control the WPA supplicant log level the same way as other SDK components. 2. Add WPA_SUPP_DEBUG_LEVEL Kconfig option to be used for compile-time filtering of WPA supplicant debug messages. By default, it is aligned with WPA_SUPP_LOG_LEVEL. 3. Implement Zephyr variants of wpa_debug.h and wpa_debug.c files that use Zephyr logging subystem as the default output and apply compile-time filtering for the messages. Signed-off-by: Damian Krolik <damian.krolik@nordicsemi.no>
As per Apache-2.0 license, we need to indicate that the files have been modified, the recommended way is to add an extra copyright header. Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Eloop framework in wpa_supplicant uses select with minimal timeout of all registered users, but by default it is 10secs (periodic cleanup task), so, in case of no other events all registered users will be delayed by 10secs. In Linux, select exits without waiting for full 10secs as for there is a handler registered for NL80211 sockets and whenever there is a event from Kernel select exits and processes expired events immediately. In Zephyr, we don't have such mechanism as we use direction function calls between kernel and wpa_supplicant, so, add an event socket and register it with Eloop and use this to post the event, the socket handler pass the event to wpa_supplicant. For user interface we just post a dummy message only to unblock select. This solves both problems: * Unblocking select for all interesting events immediately * Terminate driver context for events as we use sockets, so, remove mbox + thread. This significantly improves the association time from 30s to 5s. Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
This fixes unnecessary wait for scan results in case of failure scenarios. Signed-off-by: krishna T <krishna.t@nordicsemi.no>
Scan results are allocated by driver using k_malloc Zephyr allocator but are freed by wpa_supplicant using libc free, due to changes in metadata differences between them, we free the pointer which is 8 bytes below the actual one and cause a bus and mem fault. Copy the scan results from driver before passing to the wpa_supplicant and then let driver free them using the same k_free allocator API. We can now enable the scan results free code. Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
This can cause allocation failures and an unnecessary prints. Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Using first interface handle everywhere is not ideal, esp. when we add support for multi-VIF, so, query wpa_supplicant with the interface name to get the handle. The interface name itself is hard coded to "wlan0" everywhere for now.
Sometimes we are getting a unsolicited or spurious scan result from UMAC but we have already freed the scan results buffer, so, add a null check before processing scan result.
This print is only for debugging, so, should use DEBUG level. Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
These APIs will be used by nRF Wi-Fi management to interact with wpa_supplicant. Signed-off-by: Krishna T <krishna.t@nordicsemi.no> Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
This is now purely an internal utility, so, moved from sdk-nrf to here as it works with wpa_supplicant. Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Now that display scan is natively supported using wifi_mgmt, remove it from WPA supplicant API and wpa_cli. Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Using UDP sockets need an interface with properly configured IP address and then either IPv4/IPv6 enabled, UNIX socket don't need any of those and work perfectly well for IPC. This solves two bugs: * Matter doesn't enable IPv4, so, the events stop working, as the code doesn't support IPv6 sockets and also doesn't protect with IPv4 define. * Wi-Fi sample assigns IP address in the `prj.conf` but if an application doesn't do that, then socket send fails. Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
After every successful association, restart DHCP to get a fresh lease. For the initial association this avoid delay due to DHCP exponential retries, and also handles the case where interface has changed IP subnet. Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
With recent changes, WPA CLI build is broken. Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
All options depend on WPA_SUPP, so, add a check. Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Don't use the same acronym in help. Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
The scan result is always freed in the driver for both success and failure cases, so, no need for wpa_supplicant to free in failure case. Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
If a second configuration is defined but failed to read, then the first configuration is leaked. Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Previously for some reason we have removed logs as they were causing issues, but that is not true anymore. So, add back all error logs. Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
This is a data path print and not adding much value. Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Use the pattern matching on interface names to filter only Wi-Fi interfaces. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Remove remnants of mbedtls entropy usage. Entropy is now accessed through zephyr APIs so enabling MBEDTLS_ENTROPY_C is no longer needed. Without MBEDTLS_ENTROPY_C option there is no reason to change the default configuration value of MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. NCSDK-22096 Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Generate supplicant ready event once the control connection between cli and supplicant is setup. Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
This significantly saves flash size that is much needed for Matter apps. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
This is happening when disabling debug logs with CONFIG_WPA_SUPP_NO_DEBUG. It's both 'level' and 'wpas_ctrl_cmd_debug_level'. Signed-off-by: Marcin Kajor <marcin.kajor@nordicsemi.no>
Includes mbedtls/build_info.h instead. Enables developer to use a generated or custom config. Signed-off-by: Bastian Kalthoff <bastian.kalthoff@assaabloy.com>
Key mgmt value being passed to wpas_key_mgmt_to_zephyr is the combination (bitwise OR) of all configured security modes for an SSID while the expected input is the security mode negotiated for the association. This results in wpas_key_mgmt_to_zephyr failing to identify correct security mode and falling through to the default case (UNKNOWN). Security mode which is being used by the current association is stored in supplicant interface structure. Refer to this(struct wpa_supplicant) instead of network configuration data (struct wpa_ssid), for reading security mode. Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
Free the memory once its done. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Register WPA supplicant as a Wi-Fi network manager. Also fix a memory leak while handling the error patch in remove interface. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Divide them cleanly in to private and public. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
These ops are not implemented by the WPA supplicant and too much of a hassle to implement a pass through all the way to the driver, so, we use the offloaded APIs registered by the driver and make direct calls. Though offloaded APIs are are registered as long as the interface is managed by the WPA supplicant, Wi-Fi management will not invoke them directly. But if WPA supplicant is disabled (Scan only mode), then Wi-Fi management invokes them directly. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Add support for newly added scan parameters structure handling. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
This is not a user configuration option and is automatically selected by CONFIG_WPS, hence no CONFIG_ prefix. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
As per 802.11-2020: 11.21.13 BSS max idle period management "If dot11WirelessManagementImplemented is true, dot11BSSMaxIdlePeriod is nonzero and dot11BSSMaxIdlePeriodIndicationByNonAPSTA is true, then a non-S1G non-AP STA shall include a BSS Max Idle Period element in the (Re)Association Request frame. If the BSS Max Idle Period element is present in the (Re)Association Request frame received by a non-S1G AP that has dot11BSSMaxIdlePeriodIndicationByNonAPSTA equal to true, then the non-S1G AP may choose the non-AP STA’s preferred maximum idle period. The non-S1G AP indicates its chosen value to the non-S1G STA in the (Re)Association Response frame." Add BSS max idle timeout (default 300s) in association request. Use CONFIG_BSS_MAX_IDLE_TIME to modify this timeout at build time. Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
Fix PSA dependency on random number support. Random number generated is wanted, instead of a specific PRNG algorithm. Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
During disconnect, abort ongoing scan (if any). This keeps the interface usable after disconnect i.e., first scan wouldn't fail because of a in progress scan. Fixes SHEL-1778. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
When available HEAP is low, the allocation failure to receive the message from control interface can cause the control interface socket to be always "ready" causing the WPA supplicant eloop to a busy loop and no other threads are run (The thread that implements control interface command timeout). If this is from shell, then it results in a shell hang forever. Use stack to avoid this busy loop. Fixes WSP-137. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Enable the PSA key type which enables AES block cipher support. Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This set of changes brings in Wi-Fi promiscuous mode settings support Signed-off-by: Vivekananda Uppunda <vivekananda.uppunda@nordicsemi.no>
VivekUppunda
requested review from
krish2718,
rado17,
rlubos and
sachinthegreen
as code owners
rado17
approved these changes
Jul 27, 2023
krish2718
approved these changes
Jul 28, 2023
There was a problem hiding this comment.
Beware of nrfconnect/sdk-nrf#11899 that moves these files to sdk-nrf esp. if mine gets merged which I intend to so.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This set of changes brings in Wi-Fi promiscuous mode settings support