Jouni Malinen [Sat, 22 Nov 2014 09:31:03 +0000 (11:31 +0200)]
Add BSS_TM_REQ command to send BSS Transition Management Request
hostapd control interface can now be used to request transmission of a
BSS Transition Management Request frame to a specified station.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 21 Nov 2014 22:49:25 +0000 (00:49 +0200)]
tests: Authenticator processing for various EAPOL-Key key info values
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 21 Nov 2014 22:34:20 +0000 (00:34 +0200)]
tests: WPA EAPOL 4-way handshake protocol testing
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 21 Nov 2014 22:16:41 +0000 (00:16 +0200)]
tests: WPA2 EAPOL-Key with incorrect type
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 21 Nov 2014 19:46:01 +0000 (21:46 +0200)]
Add names for assigned QCA nl80211 vendor subcmds
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 21 Nov 2014 18:06:33 +0000 (20:06 +0200)]
tests: Authenticator 4-way handshake protocol testing
This implements minimal RSN 4-way handshake Supplicant in Python and
uses that to test hostapd Authenticator implementation in various
possible protocol sequencies.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 21 Nov 2014 15:02:00 +0000 (17:02 +0200)]
AP: Extend EAPOL-Key msg 1/4 retry workaround for changing SNonce
If the 4-way handshake ends up having to retransmit the EAPOL-Key
message 1/4 due to a timeout on waiting for the response, it is possible
for the Supplicant to change SNonce between the first and second
EAPOL-Key message 2/4. This is not really desirable due to extra
complexities it causes on the Authenticator side, but some deployed
stations are doing this.
This message sequence looks like this:
AP->STA: EAPOL-Key 1/4 (replay counter 1, ANonce)
AP->STA: EAPOL-Key 1/4 (replay counter 2, ANonce)
STA->AP: EAPOL-Key 2/4 (replay counter 1, SNonce 1)
AP->STA: EAPOL-Key 3/4 (replay counter 3, ANonce)
STA->AP: EAPOL-Key 2/4 (replay counter 2, SNonce 2)
followed by either:
STA->AP: EAPOL-Key 4/4 (replay counter 3 using PTK from SNonce 1)
or:
AP->STA: EAPOL-Key 3/4 (replay counter 4, ANonce)
STA->AP: EAPOL-Key 4/4 (replay counter 4, using PTK from SNonce 2)
Previously, Authenticator implementation was able to handle the cases
where SNonce 1 and SNonce 2 were identifical (i.e., Supplicant did not
update SNonce which is the wpa_supplicant behavior) and where PTK
derived using SNonce 2 was used in EAPOL-Key 4/4. However, the case of
using PTK from SNonce 1 was rejected ("WPA: received EAPOL-Key 4/4
Pairwise with unexpected replay counter" since EAPOL-Key 3/4 TX and
following second EAPOL-Key 2/4 invalidated the Replay Counter that was
used previously with the first SNonce).
This commit extends the AP/Authenticator workaround to keep both SNonce
values in memory if two EAPOL-Key 2/4 messages are received with
different SNonce values. The following EAPOL-Key 4/4 message is then
accepted whether the MIC has been calculated with the latest SNonce (the
previously existing behavior) or with the earlier SNonce (the new
extension). This makes 4-way handshake more robust with stations that
update SNonce for each transmitted EAPOL-Key 2/4 message in cases where
EAPOL-Key message 1/4 needs to be retransmitted.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 21 Nov 2014 13:35:19 +0000 (15:35 +0200)]
Print EAPOL-Key Replay Counter in Authenticator debug log
This makes it easier to debug issues relared to EAPOL-Key
retransmissions.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 20 Nov 2014 18:36:59 +0000 (20:36 +0200)]
Reserve QCA vendor specific nl80211 commands 53
These is reserved for QCA use.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jason Mobarak [Mon, 1 Sep 2014 04:23:36 +0000 (00:23 -0400)]
tests: Mesh HT mode
Change the mesh tests to check for the presence of HT in the scan
results.
[original implementation by Chun-Yeow Yeoh <yeohchunyeow@gmail.com>]
[some fixes by Masashi Honma <masashi.honma@gmail.com>]
Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Javier Lopez [Mon, 1 Sep 2014 04:23:35 +0000 (00:23 -0400)]
tests: Add test_wpas_mesh test cases
This wpa_supplicant tests include basic tests for:
- Mesh scan
- Mesh group add/remove
- Mesh peer connected/disconnected
- Add/Set/Remove to test mesh mode network
- Open mesh connectivity test
- Secure mesh connectivity test
- no_auto_peer
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
[no_auto_peer test by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Thomas Pedersen [Mon, 1 Sep 2014 04:23:34 +0000 (00:23 -0400)]
Add examples of new mesh options into wpa_supplicant.conf
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
Jouni Malinen [Thu, 20 Nov 2014 14:25:00 +0000 (16:25 +0200)]
nl80211: Do not try to change STA capability on NL80211_CMD_SET_STATION
cfg80211 will reject any of these attributes regardless of whether the
values actually change or not when NL80211_CMD_SET_STATION is used for
something else than TDLS. This path is hit at least when setting up
mesh, so filter out the attributes from NL80211_CMD_SET_STATION to match
the rules in cfg80211.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 19 Nov 2014 20:02:08 +0000 (22:02 +0200)]
tests: Fix regression in START line total count
The previous changes to enable stdin control broke the previous case of
showing the total number of test cases in the START lines. Fix that by
using a separate variable for the total number of test casess instead of
using length of the list of remaining test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 19 Nov 2014 15:57:49 +0000 (17:57 +0200)]
tests: WEP Shared Key index change without deauth
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 19 Nov 2014 15:37:54 +0000 (17:37 +0200)]
tests: WEP with non-zero key index
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 19 Nov 2014 14:08:34 +0000 (16:08 +0200)]
tests: P2P_FIND continuing after GO Negotiation failure
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Rashmi Ramanna [Mon, 17 Nov 2014 10:37:24 +0000 (16:07 +0530)]
P2P: Do not change P2P state on GO Neg failure if it is P2P_SEARCH
Changing the P2P state to P2P_IDLE on GO Negotiation Failure would stop
the previously issued P2P_FIND operation without notifying the upper
layers. Leave the search operation running if in P2P_SEARCH state to
avoid unexpected behavior in case the upper layers issued a new P2P_FIND
while waiting for GO Negotiation to complete.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Kyeyoon Park [Mon, 3 Nov 2014 22:10:24 +0000 (14:10 -0800)]
AP: Add support for multicast-to-unicast conversion for DGAF Disable
When DGAF Disable is on, perform multicast-to-unicast for DHCP packets
and Router Advertisement packets. This is a requirement for Hotspot 2.0.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
Kyeyoon Park [Sat, 1 Nov 2014 06:33:41 +0000 (23:33 -0700)]
AP: Add Neighbor Discovery snooping mechanism for Proxy ARP
This commit establishes the infrastructure, and handles the Neighbor
Solicitation and Neighbor Advertisement frames. This will be extended
in the future to handle other frames.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
Kyeyoon Park [Sat, 1 Nov 2014 05:15:19 +0000 (22:15 -0700)]
AP: Add multicast-to-unicast conversion send for "x_snoop"
Multicast-to-unicast conversion send will be needed in various part of
Proxy ARP and DGAF Disable.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
Kyeyoon Park [Thu, 6 Nov 2014 00:15:46 +0000 (16:15 -0800)]
AP: Extend the BSS bridge neighbor entry management to support IPv6
This allows adding/deleting an IPv6 neighbor entry to/from the bridge,
to which the BSS belongs. This commit adds the needed functionality in
driver_nl80211.c for the Linux bridge implementation. In theory, this
could be shared with multiple Linux driver interfaces, but for now, only
the main nl80211 interface is supported.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
Kyeyoon Park [Thu, 6 Nov 2014 00:14:24 +0000 (16:14 -0800)]
l2_packet: Add support for NDISC packet filter in l2_packet_linux
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
Kyeyoon Park [Sat, 1 Nov 2014 01:18:35 +0000 (18:18 -0700)]
AP: Convert "dhcp_snoop" to use the generic "x_snoop"
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
Kyeyoon Park [Sat, 1 Nov 2014 01:18:35 +0000 (18:18 -0700)]
AP: Add a generic "x_snoop" infrastructure for Proxy ARP
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
Jouni Malinen [Wed, 19 Nov 2014 00:03:39 +0000 (02:03 +0200)]
tests: Move parallel-vm.py test control to the host
This allows all VMs to be used at the end of a test sequence by
assigning test cases to VMs based on which VM is available for a new
test case rather than splitting the full task at the beginning and
potentially getting stuck with the last VM running long test cases for
significantly longer than another VM that gets shorter duration tests
assigned to it.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 19 Nov 2014 00:01:27 +0000 (02:01 +0200)]
tests: Add run-tests.py -i to control execution from stdin
The new -i command line argument can be used to control test case
execution from stdin to run-tests.py and vm-run.sh. This can be used,
e.g., to run multiple repeated test sequences in a virtual machine
without havign to restart the VM between each iteration.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 18 Nov 2014 22:41:45 +0000 (00:41 +0200)]
tests: Allow run-tests.py to be run from the vm directory
Some of the paths in run-tests.py are hardcoded and could not handle
tests/hwsim/vm as the working directory. Modify the design enough to
allow ../run-tests.py -L to be used from the vm directory.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 18 Nov 2014 22:34:36 +0000 (00:34 +0200)]
tests: Make run-tests.py process test case selection arguments
This allows a list of matching test cases to be produced without having
to run the test cases. Previously, -L output included all defined test
cases regardless of what else was included on the command line.
Signed-off-by: Jouni Malinen <j@w1.fi>
Ilan Peer [Wed, 5 Nov 2014 08:50:34 +0000 (03:50 -0500)]
AP: Drop retransmitted auth/assoc/action frames
It is possible that a station device might miss an ACK for an
authentication, association, or action frame, and thus retransmit the
same frame although the frame is already being processed in the stack.
While the duplicated frame should really be dropped in the kernel or
firmware code where duplicate detection is implemented for data frames,
it is possible that pre-association cases are not fully addressed (which
is the case at least with mac80211 today) and the frame may be delivered
to upper layer stack.
In such a case, the local AP will process the retransmitted frame although
it has already handled the request, which might cause the station to get
confused and as a result disconnect from the AP, blacklist it, etc.
To avoid such a case, save the sequence control of the last processed
management frame and in case of retransmissions drop them.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Jouni Malinen [Sun, 16 Nov 2014 23:20:10 +0000 (01:20 +0200)]
EAP-pwd: Remove unnecessary OpenSSL EVP_sha256() registration
This gets registered in tls_openssl.c from tls_init(), so there is no
need for EAP-pwd implementation to register explicitly. This avoids some
corner cases where OpenSSL resources do not get fully freed on exit.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 16 Nov 2014 23:14:35 +0000 (01:14 +0200)]
DFS: Fix hostapd operation without hw_mode driver data
If DFS implementation was built in, some configurations with drivers
that do not provide mode information could end up dereferencing a NULL
pointer. Fix this by skipping DFS operations in such cases since not
having information about modes and channels means that hostapd could not
perform DFS anyway (i.e., either this is not a wireless driver or the
driver takes care of DFS internally).
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 16 Nov 2014 23:08:04 +0000 (01:08 +0200)]
Fix hostapd operation without hw_mode driver data
Commit
7f0303d5b0bb425f3e7318a7016b55ba9e67f9de ('hostapd: Verify VHT
160/80+80 MHz driver support') added couple of hapd->iface->current_mode
dereferences of which the one in hostapd_set_freq() can be hit with some
configuration files when using driver wrappers that do not have hw_mode
data, i.e., when current_mode is NULL. This could result in segmentation
fault when trying to use driver=wired. Fix this by checking that
current_mode is not NULL before dereferencing it to get vht_capab.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 16 Nov 2014 22:57:15 +0000 (00:57 +0200)]
wired: Fix deinit path to unregister eloop read_sock
The previous version was leaving behind registered eloop socket
instances.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 16 Nov 2014 20:34:54 +0000 (22:34 +0200)]
tests: Report kernel panic clearly in parallel-vm.py
Previously, it was possible for a kernel panic to be missed since the
only sign of it in stdout was reduced number of passed test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 16 Nov 2014 20:24:18 +0000 (22:24 +0200)]
tests: Use a single timestamp in all vm-run.sh instances
This avoids possible mismatches in directory and log file timestamps if
the UNIX timestamp (seconds) changes during the startup sequence.
Signed-off-by: Jouni Malinen <j@w1.fi>
Eliad Peller [Wed, 22 Oct 2014 12:04:04 +0000 (08:04 -0400)]
tests: Add wpa_supplicant WMM-AC test
Add basic wpa_supplicant tests for WMM-AC TSPEC addition/deletion.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Johannes Berg [Wed, 22 Oct 2014 12:04:03 +0000 (08:04 -0400)]
WMM AC: Notify driver before sending DelTS
Switch the stop and sending DelTS to avoid sending data packets
for the session after the DelTS, which is otherwise possible.
This also helps the mac80211 implementation as it requires stopping the
traffic flow before sending the DelTS as it may modify the AC parameters
for the affected queue, and that may in turn affect management frames.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Moshe Benji [Wed, 22 Oct 2014 12:04:02 +0000 (08:04 -0400)]
WMM AC: Add wmm_ac_status control interface command
This wmm_ac_status command will show the current status for WMM AC.
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Moshe Benji [Wed, 22 Oct 2014 12:04:02 +0000 (08:04 -0400)]
Add wpa_scnprintf() helper function
This provides a simpler version of snprintf that doesn't require further
error checks.
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Moshe Benji [Wed, 22 Oct 2014 12:04:01 +0000 (08:04 -0400)]
nl80211: Implement add_ts/del_ts ops
Add ops to notify about TSPECs to add/remove. Additionally, subscribe to
ADDTS/DELTS Action frames to be able to process WMM AC Action frames.
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Moshe Benji [Wed, 22 Oct 2014 12:04:00 +0000 (08:04 -0400)]
wpa_cli: WMM_AC_ADDTS and WMM_AC_DELTS commands
wmm_ac_addts command will add (or update) a traffic stream and
wmm_ac_delts command will delete an existing traffic stream.
Each of the above commands will call its corresponding
ctrl_iface command.
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Moshe Benji [Wed, 22 Oct 2014 12:03:59 +0000 (08:03 -0400)]
ctrl_iface: Add wmm_ac_addts and wmm_ac_delts commands
wmm_ac_addts command will add (or update) a traffic stream and
wmm_ac_delts command will delete an existing traffic stream.
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Eliad Peller [Wed, 22 Oct 2014 12:03:58 +0000 (08:03 -0400)]
Add str_token() function
Add helper function to get the next token from a string.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Moshe Benji [Wed, 22 Oct 2014 12:03:57 +0000 (08:03 -0400)]
WMM AC: Handle TSPEC action frames
Add the TSPEC to the driver on successful TSPEC ADDTS response. Delete
the TSPEC when receiving DELTS action.
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Eliad Peller [Wed, 22 Oct 2014 12:03:56 +0000 (08:03 -0400)]
WMM AC: Add basic ADDTS/DELTS sending functions
Add basic implementation for ADDTS and DELTS sending
functions.
wpas_wmm_ac_addts() will send ADDTS request public action,
containing TSPEC (traffic stream specification) with
the given params.
wpas_wmm_ac_delts() will look for the saved tspec with
the given tid, and send DELTS public action for it.
(Handling of ADDTS response and actually configuring the admission
control params will be added in following patches.)
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Moshe Benji [Wed, 22 Oct 2014 12:03:55 +0000 (08:03 -0400)]
WMM AC: Add add_tx_ts and del_tx_ts driver ops
Add add_tx_ts() and del_tx_ts() ops to notify the driver about
TSPEC add / delete.
Additionally, add wmm_ac_supported flag to indicate
whether the driver supports WMM AC.
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Moshe Benji [Wed, 22 Oct 2014 12:03:54 +0000 (08:03 -0400)]
WMM AC: Parse WMM IE on association
Initialize WMM AC data structures upon successful association
with an AP that publishes WMM support, and deinitialize the data
structure when the association is no longer valid.
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Eliad Peller [Wed, 22 Oct 2014 12:03:53 +0000 (08:03 -0400)]
nl80211: Parse WMM parameters on association
Set the relevant WMM parameters in the assoc_data event.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Eliad Peller [Wed, 22 Oct 2014 12:03:52 +0000 (08:03 -0400)]
drivers: Add WMM parameters to association event data
The WMM parameters will be used later for setting default tspec values.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Jouni Malinen [Sun, 16 Nov 2014 18:07:09 +0000 (20:07 +0200)]
Sync with wireless-testing.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2014-11-11.
Signed-off-by: Jouni Malinen <j@w1.fi>
Masashi Honma [Sat, 15 Nov 2014 01:35:32 +0000 (10:35 +0900)]
mesh: Make plink params configurable
This patch makes four MIB variables for plink configurable and sets the
correct default values based on IEEE Std 802.11s-2011.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Masashi Honma [Sat, 15 Nov 2014 01:35:28 +0000 (10:35 +0900)]
mesh: Check mesh key management method
Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Masashi Honma [Sat, 15 Nov 2014 01:35:24 +0000 (10:35 +0900)]
mesh: Add wpa_cli action script processing for mesh events
Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Masashi Honma [Mon, 1 Sep 2014 04:23:39 +0000 (00:23 -0400)]
mesh: Add scan result for mesh network
Android 4.4 uses "BSS" command instead of "SCAN_RESULT" command.
So this patch add the mesh scan result for BSS command.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Masashi Honma [Mon, 1 Sep 2014 04:23:38 +0000 (00:23 -0400)]
mesh: Make BSSBasicRateSet configurable
STAs that have different BSSBasicRateSet cannot connect to each other
as per IEEE 802.11s-2011 9.6.0c1:
"A mesh STA shall not establish a mesh peering with a mesh STA using a
different BSSBasicRateSet."
Make BSSBasicRateSet configurable to improve interoperability with other
stations.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Javier Lopez [Mon, 1 Sep 2014 04:23:33 +0000 (00:23 -0400)]
Add mesh_group_{add,remove} control interface commands
Parse MESH_GROUP_ADD/REMOVE commands on ctrl interface and call
wpa_supplicant routines. These commands are used to start or
join and leave a mesh network.
The mesh id is given in the configuration file, therefore there is
no need to scan before joining a mesh network. We reuse the
connect_without_scan construct used by P2P for that same purpose.
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Masashi Honma [Sat, 15 Nov 2014 01:35:27 +0000 (10:35 +0900)]
mesh: Reduce none 11N Self-protected Action frame allocation size
Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Masashi Honma [Sat, 15 Nov 2014 01:35:26 +0000 (10:35 +0900)]
mesh: Fix 11N capability in Self-protected Action frame
mesh_ht_mode default value is CHAN_UNDEFINED.
So previous code set 11N capability even though 11N is not used.
Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Masashi Honma [Sat, 15 Nov 2014 01:35:25 +0000 (10:35 +0900)]
mesh: Set driver capability flags to mesh interface
Signed-off-by: Kenzoh Nishikawa <Kenzoh.Nishikawa@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Masashi Honma [Sat, 15 Nov 2014 01:35:29 +0000 (10:35 +0900)]
mesh: Fix segmentation fault by repeating MESH_GROUP_ADD/REMOVE
Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Jason Mobarak [Mon, 1 Sep 2014 04:23:36 +0000 (00:23 -0400)]
mesh: Enable mesh HT mode
Add a new option "mesh_ht_mode" that specifies the HT mode for the
mesh, with this option on, mesh beacons, actions frames, and probe
responses with include the appropriate HT information elements.
[original implementation by Chun-Yeow Yeoh <yeohchunyeow@gmail.com>]
[some fixes by Masashi Honma <masashi.honma@gmail.com>]
Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Chun-Yeow Yeoh [Mon, 1 Sep 2014 04:23:31 +0000 (00:23 -0400)]
mesh: Add timer for SAE authentication in RSN mesh
Add timer to do SAE re-authentication with number of tries defined
by MESH_AUTH_RETRY and timeout defined by MESH_AUTH_TIMEOUT.
Ignoring the sending of reply message on "SAE confirm before commit"
to avoid "ping-pong" issues with other mesh nodes. This is obvious when
number of mesh nodes in MBSS reaching 6.
Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Bob Copeland [Mon, 1 Sep 2014 04:23:30 +0000 (00:23 -0400)]
mesh: Start mesh peering after successful authentication
[original patch by: Thomas Pedersen <thomas@noack.us>]
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Bob Copeland [Mon, 1 Sep 2014 04:23:30 +0000 (00:23 -0400)]
SAE: Enhance AP implementation to handle auth for mesh interfaces
Add state transition logic to the SAE frame handling in order to more
fully implement the state machine from the IEEE 802.11 standard. Special
cases are needed for infrastructure BSS case to avoid unexpected
Authentication frame sequence by postponing transmission of the second
Authentication frame untile the STA sends its Confirm.
[original patch by: Thomas Pedersen <thomas@noack.us>]
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Thomas Pedersen [Mon, 1 Sep 2014 04:23:29 +0000 (00:23 -0400)]
mesh: Add mesh robust security network
This implementation provides:
- Mesh SAE authentication mechanism
- Key management (set/get PSK)
- Cryptographic key establishment
- Enhanced protection mechanisms for robust management frames
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
Dmitry Shmidt [Wed, 3 Sep 2014 21:58:37 +0000 (14:58 -0700)]
hostapd: Add wowlan_triggers config param
New kernels in wiphy_suspend() will call cfg80211_leave_all() that will
eventually end up in cfg80211_stop_ap() unless wowlan_triggers were set.
For now, use the parameters from the station mode as-is. It may be
desirable to extend (or constraint) this in the future for specific AP
mode needs.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Ilan Peer [Wed, 5 Nov 2014 08:50:37 +0000 (03:50 -0500)]
nl80211: Fix Android compilation by adding include for fcntl.h
This is needed for fcntl() at least with Android KK.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Jouni Malinen [Sun, 16 Nov 2014 13:42:29 +0000 (15:42 +0200)]
tests: Suite B
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 16 Nov 2014 13:40:02 +0000 (15:40 +0200)]
Suite B: Select EAPOL-Key integrity and key-wrap algorithms based on AKM
This adds support for AKM 00-0F-AC:11 to specify the integrity and
key-wrap algorithms for EAPOL-Key frames using the new design where
descriptor version is set to 0 and algorithms are determined based on
AKM.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 16 Nov 2014 11:22:46 +0000 (13:22 +0200)]
Suite B: PMKID derivation for AKM 00-0F-AC:11
The new AKM uses a different mechanism of deriving the PMKID based on
KCK instead of PMK. hostapd was already doing this after the KCK had
been derived, but wpa_supplicant functionality needs to be moved from
processing of EAPOL-Key frame 1/4 to 3/4 to have the KCK available.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 16 Nov 2014 11:20:51 +0000 (13:20 +0200)]
Suite B: Add AKM 00-0F-AC:11
This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The
functionality itself is not yet complete, i.e., this commit only
includes parts to negotiate the new AKM.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Nov 2014 10:56:02 +0000 (12:56 +0200)]
tests: Clear ignore_old_scan_res setting
This parameter was used in some of the NFC test cases to make scanning
more robust in case of changing AP configuration. However, the parameter
was not cleared anywhere, so it could have been left in use for other
test cases as well. To get more consistent behavior, clear the value
back to its default between test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Nov 2014 10:35:10 +0000 (12:35 +0200)]
OpenSSL: Allow TLS v1.1 and v1.2 to be negotiated by default
Use SSLv23_method() to enable TLS version negotiation for any version
equal to or newer than 1.0. If the old behavior is needed as a
workaround for some broken authentication servers, it can be configured
with phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1".
Signed-off-by: Jouni Malinen <j@w1.fi>
Andrei Otcheretianski [Wed, 5 Nov 2014 08:50:35 +0000 (03:50 -0500)]
EAP-IKEv2: Fix compilation warning
Fix signed/unsigned comparison compilation warning introduced in
08ef442 "EAP-IKEv2: Fix the payload parser".
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Dmitry Shmidt [Wed, 5 Nov 2014 21:22:25 +0000 (13:22 -0800)]
Add CTRL-EVENT-SCAN-FAILED notification in case of scan failure
This is needed since the SCAN command with radio work returns before the
actual driver operation to trigger a scan has been executed and as such,
cannot return result of that operation.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Jouni Malinen [Fri, 14 Nov 2014 18:57:05 +0000 (20:57 +0200)]
Work around AP misbehavior on EAPOL-Key descriptor version
It looks like some APs are incorrectly selecting descriptor version 3
(AES-128-CMAC) for EAPOL-Key frames when version 2 (HMAC-SHA1) was
expected to be used. This is likely triggered by an attempt to negotiate
PMF with SHA1-based AKM.
Since AES-128-CMAC is considered stronger than HMAC-SHA1, allow the
incorrect, but stronger, option to be used in these cases to avoid
interoperability issues with deployed APs.
This issue shows up with "WPA: CCMP is used, but EAPOL-Key descriptor
version (3) is not 2" in debug log. With the new workaround, this issue
is ignored and "WPA: Interoperability workaround: allow incorrect
(should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor
version to be used" is written to the log.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 14 Nov 2014 18:56:43 +0000 (20:56 +0200)]
tests: PMF required with SHA1-based AKM
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Yanbo Li [Sun, 2 Nov 2014 09:46:35 +0000 (17:46 +0800)]
hostapd: Change drv_flags from unsigned int to u64
Some flag already using a bit larger than 32, so extend the hostapd
drv_flags type similarly to the earlier wpa_supplicant change to get the
full flag content.
Signed-off-by: Yanbo Li <yanbol@qti.qualcomm.com>
Jouni Malinen [Thu, 13 Nov 2014 14:26:55 +0000 (16:26 +0200)]
Assign QCA vendor specific nl80211 command id 52 for APFIND
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sat, 1 Nov 2014 17:42:49 +0000 (19:42 +0200)]
tests: DFS with chanlist
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 1 Nov 2014 17:31:23 +0000 (19:31 +0200)]
Remove unused EVENT_MLME_RX
This was used in driver_test.c, but that driver wrapper has been removed
and there are no remaining or expected users for EVENT_MLME_RX.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 1 Nov 2014 17:27:48 +0000 (19:27 +0200)]
Remove unused EVENT_FT_RRB_RX
This was used in hostapd driver_test.c, but that driver wrapper has been
removed and there are no remaining or expected users for
EVENT_FT_RRB_RX.
Signed-off-by: Jouni Malinen <j@w1.fi>
Ilan Peer [Mon, 27 Oct 2014 14:00:57 +0000 (10:00 -0400)]
tests: Make vm-run.sh arguments non-positional
This was currently breaking parallel-run.*, as it was passing
--split num/num parameters (intended for rnu-tests.py)
to vm-run.sh which broke the --codecov and --timewrap options.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Ilan Peer [Mon, 27 Oct 2014 14:00:56 +0000 (10:00 -0400)]
tests: Update vm README
Update the code coverage documentation to also specify the
source base directory for the code coverage generation.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Ilan Peer [Mon, 27 Oct 2014 14:00:55 +0000 (10:00 -0400)]
tests: Add usage() to run-all.sh
The -h or --help command line arguments can now be used to request usage
information for run-all.sh.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Ilan Peer [Mon, 27 Oct 2014 14:00:54 +0000 (10:00 -0400)]
tests: Add option to build before running all tests
Add an option --build to run-all.sh to build before starting to run all
the tests. In addition, add an option --codecov to extract the code
coverage data at the end of the run.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Ilan Peer [Mon, 27 Oct 2014 14:00:53 +0000 (10:00 -0400)]
tests: Make run-all.sh arguments non-positional
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Jouni Malinen [Sat, 1 Nov 2014 14:24:36 +0000 (16:24 +0200)]
Remove completed to-do items
While this file has not really been updated in years, some of the
completed items can easily be removed.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 1 Nov 2014 14:15:53 +0000 (16:15 +0200)]
Remove references to madwifi from various files
Number of documentation and configuration files had references to the
madwifi driver interface that was removed in the previous commit. Remove
these references as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 1 Nov 2014 14:13:41 +0000 (16:13 +0200)]
madwifi: Remove obsolete madwifi driver interface
The MadWifi project is not active anymore and the last release happened
in early 2008. As such, there is no remaining justification for
maintaining the madwifi-specific driver interface for hostapd either.
Signed-off-by: Jouni Malinen <j@w1.fi>
Slava Monich [Tue, 28 Oct 2014 16:20:37 +0000 (18:20 +0200)]
dbus: Fix memory leak in wpas_dbus_getter_bss_wps
Signed-off-by: Slava Monich <slava.monich@jolla.com>
Martin Kletzander [Wed, 29 Oct 2014 10:12:36 +0000 (11:12 +0100)]
wpa_gui: Use dialog window type
This helps window managers treat the window properly. Mostly tiling WMs
are affected by this. All other windows inherit this option from QDialog
already.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Jouni Malinen [Thu, 30 Oct 2014 22:48:12 +0000 (00:48 +0200)]
tests: Concurrent station mode scan and p2p_find with P2P Device
This verifies that station mode interface SCAN command gets executed if
P2P Device instance is running p2p_find.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 30 Oct 2014 18:01:21 +0000 (20:01 +0200)]
tests: P2P_STOP_FIND/P2P_FLUSH to ignore new results
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Sunil Dutt [Thu, 30 Oct 2014 15:21:52 +0000 (20:51 +0530)]
P2P: Do not consider the p2p_scan results after p2p_stop_find
If p2p_stop_find is issued after the p2p_scan request is triggered to
the host driver, the obtained scan results are also considered to update
the P2P peer entries. This is not always desired behavior, i.e., it can
be clearer if no P2P-DEVICE-FOUND events are generated based of that
final pending scan.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 30 Oct 2014 18:13:16 +0000 (20:13 +0200)]
P2P: Document p2p_in_progress() return value 2
Function documentation was not in sync with the implementation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Sunil Dutt [Thu, 30 Oct 2014 12:07:46 +0000 (17:37 +0530)]
P2P: Delay scan operation only when P2P is not in search state
With the radio work interface in place, station interface SCAN command
was not scheduled (i.e., it got continously delayed with "Delay station
mode scan while P2P operation is in progress") when a p2p_find was
operational. Fix this be delaying station mode scan only when a P2P
operation is in progress, but not in search state.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Sunil Dutt [Thu, 30 Oct 2014 10:50:22 +0000 (16:20 +0530)]
P2P: Set p2p_scan_running based on driver scan request result
With the radio work interface, the actual request to start p2p_scan
operation is scheduled from a radio work and hence the initial return
value cannot provide the real result of the driver operation to trigger
a scan. Introduce a new notification API to indicate the scan trigger
status based on which the p2p_scan_running instance can be set using the
real return value from the driver operation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 30 Oct 2014 09:43:47 +0000 (11:43 +0200)]
MACsec: Fix policy configuration
macsec_validate variable was set incorrectly to FALSE(0) or TRUE(1)
instead of the enum validate_frames values (Disabled(0), Checked(1),
Strict(2). This ended up policy == SHOULD_SECURE to be mapped to
macsec_validate == Checked instead of Strict. This could have resulted
in unintended SecY forwarding of invalid packets rather than dropping
them.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>