Cumulative patch from commit 5bb7327a697108c880dd31c9e421df386c904b1a

5bb7327 Share a common helper function for restarting sched_scan
be7ebd8 wpa_supplicant: Cancel sched_scan on SELECT_NETWORK initiated scan
8b7c5b8 QCA vendor command for antenna diversity feature
61bcc85 Update ChangeLog files for v2.6
64c92c0 MBO: Do not parse reason_detail in non_pref_chan attr (AP)
4a83d4b MBO: Do not add reason_detail in non_pref_chan attr (STA)
a483c6f WNM: Add testing option to reject BSS Transition Management Request
2800ec8 MBO: Add QCA vendor option to configure driver to ignore assoc disallow
6ad37d7 MBO: Add support to ignore association disallowed set by AP
320caea Add attributes for QCA_NL80211_VENDOR_SUBCMD_LL_STATS_EXT
0df12cb IEEE P802.11ah/D10.0 PV1 CCMP test vectors
02adead Add ignore_auth_resp control interface debug parameter
ef24ad3 nl80211: Remove unnecessary duplication from nl80211_set_param()
4d584d8 nl80211: Add driver parameter force_bss_selection
04e3d81 Blacklist correct BSSID on authentication timeout
dc2744f P2P: Fix common frequencies calculation for a group
5cdd729 P2P: Fix compilation warning in p2p_supplicant.c
14220fe Flush the BSS (scan) entries when an interface becomes disabled
b223b55 doc: Remove duplicate description for -t
cee0be7 Show mode=mesh in STATUS command
0d7eba5 Define a QCA vendor command to validate encryption engine
4428194 taxonomy: Store Probe Request frames in hostapd_sta_info
04059ab Passive Client Taxonomy
5e99339 Initialize iface->sta_seen on allocation
4424aa5 P2P: Fix D-Bus persistent parameter in group started event on GO
81258ef Remove unused generation of Request Authenticator in Account-Request
ea19b39 Revert "nl80211: Remove duplicated check in nl80211_setup_ap()"
205d2d1 Fix typos in wpa_supplicant configuration parameter documentation
660103e nl80211: Use the monitor interface only without device_ap_sme support
c7f9d44 FST: Fix search for peer's "other" connection
a62dea4 Fix mistakes in definition of QCA vendor commands for indoor location
711e3ca Handle NULL return from os_zalloc() in sta_track_add()

Test: manual

Change-Id: I1d8bd5d084c3e72594004d10ceb254a2f766dfab
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog
index a97463d..e62d8c7 100644
--- a/wpa_supplicant/ChangeLog
+++ b/wpa_supplicant/ChangeLog
@@ -23,8 +23,20 @@
 	  - fix PMKID derivation
 	  - improve robustness on various exchanges
 	  - fix peer link counting in reconnect case
+	  - improve mesh joining behavior
+	  - allow DTIM period to be configured
+	  - allow HT to be disabled (disable_ht=1)
 	  - add MESH_PEER_ADD and MESH_PEER_REMOVE commands
 	  - add support for PMKSA caching
+	  - add minimal support for SAE group negotiation
+	  - allow pairwise/group cipher to be configured in the network profile
+	  - use ieee80211w profile parameter to enable/disable PMF and derive
+	    a separate TX IGTK if PMF is enabled instead of using MGTK
+	    incorrectly
+	  - fix AEK and MTK derivation
+	  - remove GTKdata and IGTKdata from Mesh Peering Confirm/Close
+	  - note: these changes are not fully backwards compatible for secure
+	    (RSN) mesh network
 	* fixed PMKID derivation with SAE
 	* added support for requesting and fetching arbitrary ANQP-elements
 	  without internal support in wpa_supplicant for the specific element
@@ -69,7 +81,7 @@
 	* extended INTERFACE_ADD command to allow certain type (sta/ap)
 	  interface to be created
 	* fixed and improved various FST operations
-	* added 80+80 MHz VHT support for IBSS/mesh
+	* added 80+80 MHz and 160 MHz VHT support for IBSS/mesh
 	* fixed SIGNAL_POLL in IBSS and mesh cases
 	* added an option to abort an ongoing scan (used to speed up connection
 	  and can also be done with the new ABORT_SCAN command)
@@ -104,7 +116,7 @@
 	* enabled ACS support for AP mode operations with wpa_supplicant
 	* EAP-PEAP: fixed interoperability issue with Windows 2012r2 server
 	  ("Invalid Compound_MAC in cryptobinding TLV")
-	* EAP-TTLS; fixed success after fragmented final Phase 2 message
+	* EAP-TTLS: fixed success after fragmented final Phase 2 message
 	* VHT: added interoperability workaround for 80+80 and 160 MHz channels
 	* WNM: workaround for broken AP operating class behavior
 	* added kqueue(2) support for eloop (CONFIG_ELOOP_KQUEUE)
@@ -112,6 +124,8 @@
 	  - add support for full station state operations
 	  - do not add NL80211_ATTR_SMPS_MODE attribute if HT is disabled
 	  - add NL80211_ATTR_PREV_BSSID with Connect command
+	  - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use
+	    unencrypted EAPOL frames
 	* added initial MBO support; number of extensions to WNM BSS Transition
 	  Management
 	* added support for PBSS/PCP and P2P on 60 GHz
@@ -123,6 +137,11 @@
 	* started to ignore pmf=1/2 parameter for non-RSN networks
 	* added wps_disabled=1 network profile parameter to allow AP mode to
 	  be started without enabling WPS
+	* wpa_cli: added action script support for AP-ENABLED and AP-DISABLED
+	  events
+	* improved Public Action frame addressing
+	  - add gas_address3 configuration parameter to control Address 3
+	    behavior
 	* number of small fixes
 
 2015-09-27 - v2.5
diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
index 356784a..5afb772 100644
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -675,7 +675,7 @@
 		return -1;
 	}
 
-	wpa_s->ap_iface = hapd_iface = os_zalloc(sizeof(*wpa_s->ap_iface));
+	wpa_s->ap_iface = hapd_iface = hostapd_alloc_iface();
 	if (hapd_iface == NULL)
 		return -1;
 	hapd_iface->owner = wpa_s;
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 9543fd1..1b81797 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -511,6 +511,12 @@
 		wpa_s->test_failure = atoi(value);
 	} else if (os_strcasecmp(cmd, "p2p_go_csa_on_inv") == 0) {
 		wpa_s->p2p_go_csa_on_inv = !!atoi(value);
+	} else if (os_strcasecmp(cmd, "ignore_auth_resp") == 0) {
+		wpa_s->ignore_auth_resp = !!atoi(value);
+	} else if (os_strcasecmp(cmd, "ignore_assoc_disallow") == 0) {
+		wpa_s->ignore_assoc_disallow = !!atoi(value);
+	} else if (os_strcasecmp(cmd, "reject_btm_req_reason") == 0) {
+		wpa_s->reject_btm_req_reason = atoi(value);
 #endif /* CONFIG_TESTING_OPTIONS */
 #ifndef CONFIG_NO_CONFIG_BLOBS
 	} else if (os_strcmp(cmd, "blob") == 0) {
@@ -1886,6 +1892,10 @@
 						  "mode=P2P GO - group "
 						  "formation\n");
 				break;
+			case WPAS_MODE_MESH:
+				ret = os_snprintf(pos, end - pos,
+						  "mode=mesh\n");
+				break;
 			default:
 				ret = 0;
 				break;
@@ -7195,6 +7205,9 @@
 	wpa_s->extra_roc_dur = 0;
 	wpa_s->test_failure = WPAS_TEST_FAILURE_NONE;
 	wpa_s->p2p_go_csa_on_inv = 0;
+	wpa_s->ignore_auth_resp = 0;
+	wpa_s->ignore_assoc_disallow = 0;
+	wpa_s->reject_btm_req_reason = 0;
 	wpa_sm_set_test_assoc_ie(wpa_s->wpa, NULL);
 #endif /* CONFIG_TESTING_OPTIONS */
 
@@ -8551,10 +8564,7 @@
 			}
 		} else if (wpa_s->sched_scanning &&
 			   (type & MAC_ADDR_RAND_SCHED_SCAN)) {
-			/* simulate timeout to restart the sched scan */
-			wpa_s->sched_scan_timed_out = 1;
-			wpa_s->prev_sched_ssid = NULL;
-			wpa_supplicant_cancel_sched_scan(wpa_s);
+			wpas_scan_restart_sched_scan(wpa_s);
 		}
 		return 0;
 	}
@@ -8580,12 +8590,8 @@
 		wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCHED_SCAN,
 					    addr, mask);
 
-		if (wpa_s->sched_scanning && !wpa_s->pno) {
-			/* simulate timeout to restart the sched scan */
-			wpa_s->sched_scan_timed_out = 1;
-			wpa_s->prev_sched_ssid = NULL;
-			wpa_supplicant_cancel_sched_scan(wpa_s);
-		}
+		if (wpa_s->sched_scanning && !wpa_s->pno)
+			wpas_scan_restart_sched_scan(wpa_s);
 	}
 
 	if (type & MAC_ADDR_RAND_PNO) {
diff --git a/wpa_supplicant/doc/docbook/wpa_supplicant.sgml b/wpa_supplicant/doc/docbook/wpa_supplicant.sgml
index c8c1ac4..11e0e90 100644
--- a/wpa_supplicant/doc/docbook/wpa_supplicant.sgml
+++ b/wpa_supplicant/doc/docbook/wpa_supplicant.sgml
@@ -377,13 +377,6 @@
       </varlistentry>
 
       <varlistentry>
-	<term>-t</term>
-	<listitem>
-	  <para>Include timestamp in debug messages.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
 	<term>-h</term>
 	<listitem>
 	  <para>Help.  Show a usage message.</para>
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index ef62d70..6f8fc81 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -1101,6 +1101,10 @@
 			continue;
 		}
 #ifdef CONFIG_MBO
+#ifdef CONFIG_TESTING_OPTIONS
+		if (wpa_s->ignore_assoc_disallow)
+			goto skip_assoc_disallow;
+#endif /* CONFIG_TESTING_OPTIONS */
 		assoc_disallow = wpas_mbo_get_bss_attr(
 			bss, MBO_ATTR_ID_ASSOC_DISALLOW);
 		if (assoc_disallow && assoc_disallow[1] >= 1) {
@@ -1115,6 +1119,9 @@
 				"   skip - MBO retry delay has not passed yet");
 			continue;
 		}
+#ifdef CONFIG_TESTING_OPTIONS
+	skip_assoc_disallow:
+#endif /* CONFIG_TESTING_OPTIONS */
 #endif /* CONFIG_MBO */
 
 		/* Matching configuration found */
@@ -3445,6 +3452,13 @@
 		sme_event_auth(wpa_s, data);
 		break;
 	case EVENT_ASSOC:
+#ifdef CONFIG_TESTING_OPTIONS
+		if (wpa_s->ignore_auth_resp) {
+			wpa_printf(MSG_INFO,
+				   "EVENT_ASSOC - ignore_auth_resp active!");
+			break;
+		}
+#endif /* CONFIG_TESTING_OPTIONS */
 		wpa_supplicant_event_assoc(wpa_s, data);
 		if (data && data->assoc_info.authorized)
 			wpa_supplicant_event_assoc_auth(wpa_s, data);
@@ -3459,6 +3473,13 @@
 				    data ? &data->disassoc_info : NULL);
 		break;
 	case EVENT_DEAUTH:
+#ifdef CONFIG_TESTING_OPTIONS
+		if (wpa_s->ignore_auth_resp) {
+			wpa_printf(MSG_INFO,
+				   "EVENT_DEAUTH - ignore_auth_resp active!");
+			break;
+		}
+#endif /* CONFIG_TESTING_OPTIONS */
 		wpas_event_deauth(wpa_s,
 				  data ? &data->deauth_info : NULL);
 		break;
@@ -3959,6 +3980,7 @@
 				wpa_s, WLAN_REASON_DEAUTH_LEAVING, 1);
 		}
 		wpa_supplicant_mark_disassoc(wpa_s);
+		wpa_bss_flush(wpa_s);
 		radio_remove_works(wpa_s, NULL, 0);
 
 		wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED);
diff --git a/wpa_supplicant/mbo.c b/wpa_supplicant/mbo.c
index 91667b0..13d764e 100644
--- a/wpa_supplicant/mbo.c
+++ b/wpa_supplicant/mbo.c
@@ -68,14 +68,13 @@
 
 	wpabuf_put_u8(mbo, wpa_s->non_pref_chan[start].preference);
 	wpabuf_put_u8(mbo, wpa_s->non_pref_chan[start].reason);
-	wpabuf_put_u8(mbo, wpa_s->non_pref_chan[start].reason_detail);
 }
 
 
 static void wpas_mbo_non_pref_chan_attr(struct wpa_supplicant *wpa_s,
 					struct wpabuf *mbo, u8 start, u8 end)
 {
-	size_t size = end - start + 4;
+	size_t size = end - start + 3;
 
 	if (size + 2 > wpabuf_tailroom(mbo))
 		return;
@@ -100,7 +99,7 @@
 					      struct wpabuf *mbo, u8 start,
 					      u8 end)
 {
-	size_t size = end - start + 8;
+	size_t size = end - start + 7;
 
 	if (size + 2 > wpabuf_tailroom(mbo))
 		return;
@@ -131,7 +130,6 @@
 		if (!non_pref ||
 		    non_pref->oper_class != start_pref->oper_class ||
 		    non_pref->reason != start_pref->reason ||
-		    non_pref->reason_detail != start_pref->reason_detail ||
 		    non_pref->preference != start_pref->preference) {
 			if (subelement)
 				wpas_mbo_non_pref_chan_subelement(wpa_s, mbo,
@@ -250,9 +248,9 @@
  *
  * In MBO IE non-preferred channel subelement we can put many channels in an
  * attribute if they are in the same operating class and have the same
- * preference, reason, and reason detail. To make it easy for the functions that
- * build the IE attributes and WNM Request subelements, save the channels sorted
- * by their oper_class, reason, and reason_detail.
+ * preference and reason. To make it easy for the functions that build
+ * the IE attributes and WNM Request subelements, save the channels sorted
+ * by their oper_class and reason.
  */
 static int wpa_non_pref_chan_cmp(const void *_a, const void *_b)
 {
@@ -262,8 +260,6 @@
 		return a->oper_class - b->oper_class;
 	if (a->reason != b->reason)
 		return a->reason - b->reason;
-	if (a->reason_detail != b->reason_detail)
-		return a->reason_detail - b->reason_detail;
 	return a->preference - b->preference;
 }
 
@@ -298,7 +294,6 @@
 		unsigned int _chan;
 		unsigned int _preference;
 		unsigned int _reason;
-		unsigned int _reason_detail;
 
 		if (num == size) {
 			size = size ? size * 2 : 1;
@@ -314,13 +309,11 @@
 
 		chan = &chans[num];
 
-		ret = sscanf(token, "%u:%u:%u:%u:%u", &_oper_class,
-			     &_chan, &_preference, &_reason,
-			     &_reason_detail);
-		if ((ret != 4 && ret != 5) ||
+		ret = sscanf(token, "%u:%u:%u:%u", &_oper_class,
+			     &_chan, &_preference, &_reason);
+		if (ret != 4 ||
 		    _oper_class > 255 || _chan > 255 ||
-		    _preference > 255 || _reason > 65535 ||
-		    (ret == 5 && _reason_detail > 255)) {
+		    _preference > 255 || _reason > 65535 ) {
 			wpa_printf(MSG_ERROR, "Invalid non-pref chan input %s",
 				   token);
 			goto fail;
@@ -329,7 +322,6 @@
 		chan->chan = _chan;
 		chan->preference = _preference;
 		chan->reason = _reason;
-		chan->reason_detail = ret == 4 ? 0 : _reason_detail;
 
 		if (wpas_mbo_validate_non_pref_chan(chan->oper_class,
 						    chan->chan, chan->reason)) {
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index 31eeb38..b1fdc28 100644
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -1881,7 +1881,7 @@
 	wpa_config_set_network_defaults(ssid);
 	ssid->temporary = 1;
 	ssid->p2p_group = 1;
-	ssid->p2p_persistent_group = params->persistent_group;
+	ssid->p2p_persistent_group = !!params->persistent_group;
 	ssid->mode = group_formation ? WPAS_MODE_P2P_GROUP_FORMATION :
 		WPAS_MODE_P2P_GO;
 	ssid->frequency = params->freq;
@@ -3369,7 +3369,7 @@
 				     u8 channel)
 {
 	u8 center_channels[] = { 42, 58, 106, 122, 138, 155 };
-	unsigned int i;
+	size_t i;
 
 	if (mode->mode != HOSTAPD_MODE_IEEE80211A)
 		return 0;
diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c
index 371c16a..60e7b68 100644
--- a/wpa_supplicant/scan.c
+++ b/wpa_supplicant/scan.c
@@ -2726,3 +2726,31 @@
 	wpa_printf(MSG_ERROR, "invalid scan plans list");
 	return -1;
 }
+
+
+/**
+ * wpas_scan_reset_sched_scan - Reset sched_scan state
+ * @wpa_s: Pointer to wpa_supplicant data
+ *
+ * This function is used to cancel a running scheduled scan and to reset an
+ * internal scan state to continue with a regular scan on the following
+ * wpa_supplicant_req_scan() calls.
+ */
+void wpas_scan_reset_sched_scan(struct wpa_supplicant *wpa_s)
+{
+	wpa_s->normal_scans = 0;
+	if (wpa_s->sched_scanning) {
+		wpa_s->sched_scan_timed_out = 0;
+		wpa_s->prev_sched_ssid = NULL;
+		wpa_supplicant_cancel_sched_scan(wpa_s);
+	}
+}
+
+
+void wpas_scan_restart_sched_scan(struct wpa_supplicant *wpa_s)
+{
+	/* simulate timeout to restart the sched scan */
+	wpa_s->sched_scan_timed_out = 1;
+	wpa_s->prev_sched_ssid = NULL;
+	wpa_supplicant_cancel_sched_scan(wpa_s);
+}
diff --git a/wpa_supplicant/scan.h b/wpa_supplicant/scan.h
index b2bb386..2aa0a8b 100644
--- a/wpa_supplicant/scan.h
+++ b/wpa_supplicant/scan.h
@@ -44,6 +44,8 @@
 void wpa_scan_free_params(struct wpa_driver_scan_params *params);
 int wpas_start_pno(struct wpa_supplicant *wpa_s);
 int wpas_stop_pno(struct wpa_supplicant *wpa_s);
+void wpas_scan_reset_sched_scan(struct wpa_supplicant *wpa_s);
+void wpas_scan_restart_sched_scan(struct wpa_supplicant *wpa_s);
 
 void wpas_mac_addr_rand_scan_clear(struct wpa_supplicant *wpa_s,
 				   unsigned int type);
diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
index 7674825..1b3409c 100644
--- a/wpa_supplicant/wnm_sta.c
+++ b/wpa_supplicant/wnm_sta.c
@@ -1159,6 +1159,19 @@
 		   wpa_s->wnm_dialog_token, wpa_s->wnm_mode,
 		   wpa_s->wnm_dissoc_timer, valid_int);
 
+#if defined(CONFIG_MBO) && defined(CONFIG_TESTING_OPTIONS)
+	if (wpa_s->reject_btm_req_reason) {
+		wpa_printf(MSG_INFO,
+			   "WNM: Testing - reject BSS Transition Management Request: reject_btm_req_reason=%d",
+			   wpa_s->reject_btm_req_reason);
+		wnm_send_bss_transition_mgmt_resp(wpa_s,
+						  wpa_s->wnm_dialog_token,
+						  wpa_s->reject_btm_req_reason,
+						  0, NULL);
+		return;
+	}
+#endif /* CONFIG_MBO && CONFIG_TESTING_OPTIONS */
+
 	pos += 5;
 
 	if (wpa_s->wnm_mode & WNM_BSS_TM_REQ_BSS_TERMINATION_INCLUDED) {
diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
index ca3d8f8..a848b77 100644
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
@@ -451,7 +451,10 @@
 		"tdls_external_control", "osu_dir", "wowlan_triggers",
 		"p2p_search_delay", "mac_addr", "rand_addr_lifetime",
 		"preassoc_mac_addr", "key_mgmt_offload", "passive_scan",
-		"reassoc_same_bss_optim", "wps_priority"
+		"reassoc_same_bss_optim", "wps_priority",
+#ifdef CONFIG_TESTING_OPTIONS
+		"ignore_auth_resp",
+#endif /* CONFIG_TESTING_OPTIONS */
 	};
 	int i, num_fields = ARRAY_SIZE(fields);
 
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 0785576..7361ee9 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -192,7 +192,9 @@
 {
 	struct wpa_supplicant *wpa_s = eloop_ctx;
 	const u8 *bssid = wpa_s->bssid;
-	if (is_zero_ether_addr(bssid))
+	if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
+	    (wpa_s->wpa_state == WPA_AUTHENTICATING ||
+	     wpa_s->wpa_state == WPA_ASSOCIATING))
 		bssid = wpa_s->pending_bssid;
 	wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
 		MAC2STR(bssid));
@@ -2173,7 +2175,10 @@
 	} else {
 		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
 			wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
-		os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
+		if (bss)
+			os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
+		else
+			os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
 	}
 	if (!wpa_s->pno)
 		wpa_supplicant_cancel_sched_scan(wpa_s);
@@ -2702,12 +2707,12 @@
 		MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
 		reason_code, wpa_supplicant_state_txt(wpa_s->wpa_state));
 
-	if (!is_zero_ether_addr(wpa_s->bssid))
-		addr = wpa_s->bssid;
-	else if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
-		 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
-		  wpa_s->wpa_state == WPA_ASSOCIATING))
+	if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
+	    (wpa_s->wpa_state == WPA_AUTHENTICATING ||
+	     wpa_s->wpa_state == WPA_ASSOCIATING))
 		addr = wpa_s->pending_bssid;
+	else if (!is_zero_ether_addr(wpa_s->bssid))
+		addr = wpa_s->bssid;
 	else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
 		/*
 		 * When using driver-based BSS selection, we may not know the
@@ -3012,6 +3017,7 @@
 	if (wpa_s->connect_without_scan ||
 	    wpa_supplicant_fast_associate(wpa_s) != 1) {
 		wpa_s->scan_req = NORMAL_SCAN_REQ;
+		wpas_scan_reset_sched_scan(wpa_s);
 		wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
 	}
 
@@ -3372,6 +3378,13 @@
 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
 	wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
 
+#ifdef CONFIG_TESTING_OPTIONS
+	if (wpa_s->ignore_auth_resp) {
+		wpa_printf(MSG_INFO, "RX EAPOL - ignore_auth_resp active!");
+		return;
+	}
+#endif /* CONFIG_TESTING_OPTIONS */
+
 #ifdef CONFIG_PEERKEY
 	if (wpa_s->wpa_state > WPA_ASSOCIATED && wpa_s->current_ssid &&
 	    wpa_s->current_ssid->peerkey &&
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index c3d5272..b3138e3 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -200,7 +200,7 @@
 #load_dynamic_eap=/usr/lib/wpa_supplicant/eap_md5.so
 
 # Driver interface parameters
-# This field can be used to configure arbitrary driver interace parameters. The
+# This field can be used to configure arbitrary driver interface parameters. The
 # format is specific to the selected driver interface. This field is not used
 # in most cases.
 #driver_param="field=value"
@@ -677,11 +677,11 @@
 
 # Multi Band Operation (MBO) non-preferred channels
 # A space delimited list of non-preferred channels where each channel is a colon
-# delimited list of values. Reason detail is optional.
+# delimited list of values.
 # Format:
-# non_pref_chan=<oper_class>:<chan>:<preference>:<reason>[:reason_detail]
+# non_pref_chan=<oper_class>:<chan>:<preference>:<reason>
 # Example:
-# non_pref_chan="81:5:10:2:0 81:1:0:2:0 81:9:0:2"
+# non_pref_chan="81:5:10:2 81:1:0:2 81:9:0:2"
 
 # MBO Cellular Data Capabilities
 # 1 = Cellular data connection available
@@ -918,7 +918,7 @@
 #
 # Following fields are only used with internal EAP implementation.
 # eap: space-separated list of accepted EAP methods
-#	MD5 = EAP-MD5 (unsecure and does not generate keying material ->
+#	MD5 = EAP-MD5 (insecure and does not generate keying material ->
 #			cannot be used with WPA; to be used as a Phase 2 method
 #			with EAP-PEAP or EAP-TTLS)
 #       MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used
@@ -1009,23 +1009,23 @@
 #	automatically converted into DH params.
 # subject_match: Substring to be matched against the subject of the
 #	authentication server certificate. If this string is set, the server
-#	sertificate is only accepted if it contains this string in the subject.
+#	certificate is only accepted if it contains this string in the subject.
 #	The subject string is in following format:
 #	/C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com
-#	Note: Since this is a substring match, this cannot be used securily to
+#	Note: Since this is a substring match, this cannot be used securely to
 #	do a suffix match against a possible domain name in the CN entry. For
 #	such a use case, domain_suffix_match or domain_match should be used
 #	instead.
 # altsubject_match: Semicolon separated string of entries to be matched against
 #	the alternative subject name of the authentication server certificate.
-#	If this string is set, the server sertificate is only accepted if it
+#	If this string is set, the server certificate is only accepted if it
 #	contains one of the entries in an alternative subject name extension.
 #	altSubjectName string is in following format: TYPE:VALUE
 #	Example: EMAIL:server@example.com
 #	Example: DNS:server.example.com;DNS:server2.example.com
 #	Following types are supported: EMAIL, DNS, URI
 # domain_suffix_match: Constraint for server domain name. If set, this FQDN is
-#	used as a suffix match requirement for the AAAserver certificate in
+#	used as a suffix match requirement for the AAA server certificate in
 #	SubjectAltName dNSName element(s). If a matching dNSName is found, this
 #	constraint is met. If no dNSName values are present, this constraint is
 #	matched against SubjectName CN using same suffix match comparison.
@@ -1278,13 +1278,13 @@
 ##### Fast Session Transfer (FST) support #####################################
 #
 # The options in this section are only available when the build configuration
-# option CONFIG_FST is set while compiling hostapd. They allow this interface
-# to be a part of FST setup.
+# option CONFIG_FST is set while compiling wpa_supplicant. They allow this
+# interface to be a part of FST setup.
 #
 # FST is the transfer of a session from a channel to another channel, in the
 # same or different frequency bands.
 #
-# For detals, see IEEE Std 802.11ad-2012.
+# For details, see IEEE Std 802.11ad-2012.
 
 # Identifier of an FST Group  the interface belongs to.
 #fst_group_id=bond0
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index f3f96a3..44f72a6 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -1023,7 +1023,10 @@
 	struct l2_packet_data *l2_test;
 	unsigned int extra_roc_dur;
 	enum wpa_supplicant_test_failure test_failure;
+	unsigned int reject_btm_req_reason;
 	unsigned int p2p_go_csa_on_inv:1;
+	unsigned int ignore_auth_resp:1;
+	unsigned int ignore_assoc_disallow:1;
 #endif /* CONFIG_TESTING_OPTIONS */
 
 	struct wmm_ac_assoc_data *wmm_ac_assoc_info;
@@ -1047,7 +1050,6 @@
 		enum mbo_non_pref_chan_reason reason;
 		u8 oper_class;
 		u8 chan;
-		u8 reason_detail;
 		u8 preference;
 	} *non_pref_chan;
 	size_t non_pref_chan_num;