wpa_supplicant with netlink on Android

[Jouni Malinen]

On Tue, Aug 23, 2016 at 01:39:01PM +0200, Utku Günay Acer wrote:
> I am trying to add a number of public action frame definitions to
> wpa_supplicant/hostapd (running version 2.5-devel). I run the
> wpa_supplicant side on both Raspberry Pi and an android phone through
> aosp. The hostapd runs in an OpenWRT router. In the system, one probe
> from the STA is replied by the action frame just before the probe
> response.

That's a pretty strange protocol design.. Probe Response frame is
supposed to be sent as the immediate response to Probe Request frames
and there are no guarantees that stations accept any other frame during
an active scan operation than Probe Response and Beacon frames.

> Now I am having no problem with the OpenWRT or RPi. Even though RPi
> runs the same code, it does not have this problem. However, on
> Android, I can not receive any of these action frames even though a
> near-by sniffer captures these frames that are sent by the router. The
> phone does receive probe responses but not these action frames. So,
> channel hopping shouldn't be the reason.

It sounds like the specific device on Android (either Wi-Fi hardware,
firmware, or driver) is filtering out unrelated frames when running a
scan operation. I don't think this has anything to do with
wpa_supplicant, though.

> By the way, I use the nl80211_register_action_frame(bss, (u8 *)
> "\x04\x80", 2) command in the beginning of the execution to register
> the public action frames with subtype 0x80 and I get no error. I tried
> receiving public action frames with other action types such as
> WLAN_PA_20_40_BSS_COEX that is defined in ieee802_11_defs.h. However,
> I am only able receive action frames associated with GAS, i.e.
> WLAN_PA_GAS_INITIAL_REQ, WLAN_PA_GAS_INITIAL_RESP,
> WLAN_PA_GAS_COMEBACK_REQ, WLAN_PA_GAS_COMEBACK_RESP.

That would likely be another driver specific constraint.

-- 
Jouni Malinen                                            PGP id EFC895FA