Led [Sun, 14 Dec 2014 15:19:57 +0000 (17:19 +0200)]
Fix bashisms in wps-ap-cli script
Option '-p' of 'read' command may be unsupported in some POSIX-complete
shells. So replace 'read -p' with 'echo -n'/'read' pair.
Signed-off-by: Oleksandr Chumachenko <ledest@gmail.com>
Jörg Krause [Wed, 3 Dec 2014 21:43:44 +0000 (22:43 +0100)]
wext: Fix musl build error
Building wpa_supplicant with the musl C library fails since musl does
not define type names such as '__uint32_t'. To support building
wpa_supplicant with the musl C library use the integer types declared in
the ISO C standard header file <stdint.h>.
Signed-off-by: Jörg Krause <jkrause@posteo.de>
Rafał Miłecki [Sat, 6 Dec 2014 15:06:35 +0000 (16:06 +0100)]
nl80211: Report new station / assoc event for the correct BSS
drv->ctx always points to the first BSS and we should report event using
BSS related to the interface we got NL80211_CMD_NEW_STATION from.
This fixes STA association for drivers using NL80211_CMD_NEW_STATION and
multiple virtual interfaces.
Before:
nl80211: Drv Event 19 (NL80211_CMD_NEW_STATION) received for wlan0-1 (ifindex:7)
nl80211: New station 02:00:00:00:01:00
wlan0: STA 02:00:00:00:01:00 IEEE 802.11: associated
After:
nl80211: Drv Event 19 (NL80211_CMD_NEW_STATION) received for wlan0-1 (ifindex:7)
nl80211: New station 02:00:00:00:01:00
wlan0-1: STA 02:00:00:00:01:00 IEEE 802.11: associated
This is not applicable to the cases where authentication (AP SME & MLME)
is in hostapd and hostapd_assoc_cb() instead of hostapd_notif_assoc()
handles BSS selection.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Arkadiusz (Arkq) Bokowy [Sat, 6 Dec 2014 16:05:09 +0000 (17:05 +0100)]
wpa_gui: Quiet mode - disable tray icon messages
If tray icon messages are perceived as disturbing, one can pass `-q`
parameter on the command line to disable them permanently.
Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
Arkadiusz (Arkq) Bokowy [Sat, 6 Dec 2014 16:02:18 +0000 (17:02 +0100)]
wpa_gui: More informative tray icon tool tip message
Show associated network SSID in the tool tip message of the
application's tray icon. When network is not associated, then simple
"(not-associated)" message is shown.
Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
Jouni Malinen [Sun, 14 Dec 2014 14:50:05 +0000 (16:50 +0200)]
tests: SAE with missing password
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 14 Dec 2014 14:48:38 +0000 (16:48 +0200)]
SAE: Report connection failure if SME cannot build auth frame
Instead of just stopping connection process and network discovery,
report SAE failures to build Authentication frames (e.g., due to missing
password) as a connection failure to get the normal retry mechanism into
use.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 14 Dec 2014 11:52:33 +0000 (13:52 +0200)]
tests: ERP when server has dropped the keys
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 14 Dec 2014 11:51:55 +0000 (13:51 +0200)]
ERP: Drop ERP keys on failure on the peer
This allows recovery through fallback to full EAP authentication if the
server rejects us, e.g., due to having dropped ERP state.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 14 Dec 2014 11:31:12 +0000 (13:31 +0200)]
ERP: Add ERP_FLUSH for hostapd
This can be used to drop any pending ERP key from both the internal AP
authentication server and RADIUS server use of hostapd.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 14 Dec 2014 11:16:05 +0000 (13:16 +0200)]
tests: P2P_PRESENCE_REQ on group interface
This ends up using the special offchannel.c code path where a different
interface is selected for TX. In addition, the P2P-PRESENCE-RESPONSE
event is verified to be delivered on the group interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 14 Dec 2014 11:06:41 +0000 (13:06 +0200)]
offchannel: Use wpas_get_tx_interface() src parameter more consistently
Both the wpa_s->pending_action_src and src argument to
wpas_get_tx_interface() were used somewhat randomly. Make this more
consistent since these values are pointing to the same address and the
implementation is easier to understand when it is obvious that there is
only one address being used.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 14 Dec 2014 11:02:04 +0000 (13:02 +0200)]
tests: Mesh and missing SAE password
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 14 Dec 2014 10:53:57 +0000 (12:53 +0200)]
tests: Mesh BSS data
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 14 Dec 2014 10:48:30 +0000 (12:48 +0200)]
tests: Mesh sae_groups configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 14 Dec 2014 10:24:15 +0000 (12:24 +0200)]
tests: Extra coverage for command line arguments
The results for these are not currently verified, but this allows
--codecov runs to get more coverage for the command line argument
parsers.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 14 Dec 2014 00:20:50 +0000 (02:20 +0200)]
tests: DEAUTHENTICATE/DISASSCIATE/CHAN_SWITCH error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 14 Dec 2014 00:15:30 +0000 (02:15 +0200)]
tests: Additional FETCH_OSU and CANCEL_FETCH_OSU coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 14 Dec 2014 00:14:29 +0000 (02:14 +0200)]
HS 2.0: Allow CANCEL_FETCH_OSU to stop at scan completion
There is no need to start the GAS/ANQP fetch if the FETCH_OSU operation
has already been canceled.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 13 Dec 2014 23:08:18 +0000 (01:08 +0200)]
tests: STOP_FETCH_ANQP
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 13 Dec 2014 23:01:56 +0000 (01:01 +0200)]
tests: P2P_UNAUTHORIZE to unauthorize a peer
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 13 Dec 2014 22:46:46 +0000 (00:46 +0200)]
tests: Move 'SET pmf 0' from reset() to test cases
This avoids one more cleanup step between most test cases by clearing
the default PMF behavior change only in case it was actually modified
during a test.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 13 Dec 2014 18:31:44 +0000 (20:31 +0200)]
tests: Move WPS_ER_STOP from reset() to test cases
This avoids one more cleanup step between most test cases by stopping ER
only in case it was actually used during a test.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 13 Dec 2014 18:19:41 +0000 (20:19 +0200)]
tests: WPS_ER_PBC error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 13 Dec 2014 17:51:03 +0000 (19:51 +0200)]
tests: WPS ER restart and stop
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 13 Dec 2014 17:50:16 +0000 (19:50 +0200)]
WPS ER: Remove unnecessary return value
wps_er_deinit() cannot fail and it does not return anything, so neither
should wpas_wps_er_stop().
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 13 Dec 2014 17:41:26 +0000 (19:41 +0200)]
tests: wpa_supplicant AP mode and PBC session overlap
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 13 Dec 2014 17:30:21 +0000 (19:30 +0200)]
tests: Additional coverage for miscellaneous ctrl_iface commands
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 13 Dec 2014 17:27:41 +0000 (19:27 +0200)]
Remove unnecessary STA_AUTOCONNECT handler function
This function could not fail and it can be replaced with a single
line variable update that takes less code than the function call.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 13 Dec 2014 17:22:23 +0000 (19:22 +0200)]
Remove unnecessary return value
wpa_bss_flush*() cannot fail and as such, there is no need for
wpa_supplicant_ctrl_iface_bss_flush() to return a value either.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 13 Dec 2014 17:15:38 +0000 (19:15 +0200)]
Simplify eapol_sm_get_mib() result handling
This function cannot return negative value, so no need to check for
that. If there is not enough room in the buffer or if something
unexpected happens, 0 is returned.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 12 Dec 2014 19:09:32 +0000 (21:09 +0200)]
tests: Extend RRM neighbor request testing
This uses a new testing mode in hostapd to allow RRM neighbor request
transmittion to be tested. For the second part of the test case to be
executed, mac80211_hwsim needs to be modified to claim support for the
required RRM capabilities (that change is not yet in Linux kernel).
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 12 Dec 2014 19:09:11 +0000 (21:09 +0200)]
nl80211: Add rrm_flags to STATUS-DRIVER
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 12 Dec 2014 18:45:31 +0000 (20:45 +0200)]
RRM: Add AP mode minimal advertisement support for testing
The new hostapd.conf radio_measurements parameter can now be used to
configure a test build to advertise support for radio measurements with
neighbor report enabled. There is no real functionality that would
actually process the request, i.e., this only for the purpose of minimal
STA side testing for now.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 12 Dec 2014 18:12:24 +0000 (20:12 +0200)]
tests: Additional VENDOR_ELEM coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 12 Dec 2014 17:33:54 +0000 (19:33 +0200)]
tests: DATA_TEST_* error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 12 Dec 2014 17:16:34 +0000 (19:16 +0200)]
tests: EAPOL_RX failure cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 12 Dec 2014 17:08:24 +0000 (19:08 +0200)]
tests: DRIVER_EVENT failure case
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 12 Dec 2014 17:05:00 +0000 (19:05 +0200)]
tests: Additional MGMT_TX coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 12 Dec 2014 12:05:43 +0000 (14:05 +0200)]
tests: A single BSS with multiple key management options
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 12 Dec 2014 12:03:36 +0000 (14:03 +0200)]
Fix AP IE in EAPOL-Key 3/4 for WPA + FT combination
Previously, only WPA + WPA2 was covered. If FT is enabled in addition to
WPA, MDIE is included in the buffer between RSN and WPA elements. The
previous version ended up leaving only the MDIE after having skipped RSN
element. Fix this to skip MDIE as well to leave only WPA IE regardless
of whether FT is enabled in AP configuration.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 12 Dec 2014 11:40:07 +0000 (13:40 +0200)]
Add text names for number of the key_mgmt values
This completes STATUS command key_mgmt output for the missing values,
like SAE.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 11 Dec 2014 23:13:35 +0000 (01:13 +0200)]
tests: SCAN error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 11 Dec 2014 23:12:15 +0000 (01:12 +0200)]
Fix SCAN control interface command error cases
Update the scan parameters in wpa_s only in case the scan command is
going to be executed. In other words, do not change the parameters for
an ongoing scan (the SCAN command is rejected with FAIL-BUSY) or if any
of the parameters is invalid.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 11 Dec 2014 22:27:06 +0000 (00:27 +0200)]
tests: RADIO_WORK error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 11 Dec 2014 22:10:52 +0000 (00:10 +0200)]
tests: Invalid VENDOR command
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 11 Dec 2014 21:37:02 +0000 (23:37 +0200)]
tests: SIGNAL_POLL in 160 and 80+80 MHz channels
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 11 Dec 2014 21:03:10 +0000 (23:03 +0200)]
tests: WNM_SLEEP error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 11 Dec 2014 20:57:36 +0000 (22:57 +0200)]
tests: AUTOSCAN reconfiguration while in SCANNING state
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 11 Dec 2014 14:14:24 +0000 (16:14 +0200)]
tests: Additional HS20_ICON_REQUEST coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 11 Dec 2014 14:12:59 +0000 (16:12 +0200)]
tests: Additional coverage for HS20_GET_NAI_HOME_REALM_LIST
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 11 Dec 2014 13:40:07 +0000 (15:40 +0200)]
Remove unused send_eapol() driver op
The send_eapol() callback was used by driver_test.c, but with that
removed, there is no remaining users of the alternative EAPOL frame
transmitting mechanism in wpa_supplicant, i.e., all remaining driver
interfaces use l2_packet instead. Remove the send_eapol() to get rid of
unused code.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 11 Dec 2014 11:44:52 +0000 (13:44 +0200)]
tests: Additiona GAS_REQUEST/GAS_RESPONSE_GET coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 11 Dec 2014 11:04:08 +0000 (13:04 +0200)]
tests: Make wep_open_auth less likely to fail due to old scan entry
Flush cfg80211 cached scan results to avoid getting any non-WEP matches
for the BSS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 10 Dec 2014 23:49:32 +0000 (01:49 +0200)]
tests: Additional ANQP_GET and HS20_ANQP_GET error coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 10 Dec 2014 23:41:48 +0000 (01:41 +0200)]
Fix ANQP_GET/HS20_GET_ANQP parsing to skip space after address
The space following the BSSID was not skipped properly if the following
parameter started with the "hs20:" prefix. For other cases, atoi() ended
up ignoring the space, but it is cleaner to skip it anyway for all
cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 10 Dec 2014 23:29:33 +0000 (01:29 +0200)]
tests: INTERWORKING_CONNECT with invalid parameter
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 10 Dec 2014 23:25:14 +0000 (01:25 +0200)]
tests: Optimize p2p_persistent test cases
Number of unnecessary scan iterations can removed from these test cases
by specifying a single channel.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 10 Dec 2014 22:03:01 +0000 (00:03 +0200)]
tests: Additional P2P_REMOVE_CLIENT coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 10 Dec 2014 21:47:04 +0000 (23:47 +0200)]
tests: Additional coverage for P2P_EXT_LISTEN
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 10 Dec 2014 21:35:29 +0000 (23:35 +0200)]
tests: Additional P2P_PRESENCE_REQ coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 10 Dec 2014 17:25:35 +0000 (19:25 +0200)]
tests: ProxyARP ARP processing
This verifies processing of various ARP messages at an AP that enables
ProxyARP. All the validation steps have not yet been scripted, i.e., the
sniffer traces need manual analysis for full coverage.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 10 Dec 2014 00:01:04 +0000 (02:01 +0200)]
tests: Additional P2P_SET coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 9 Dec 2014 23:59:47 +0000 (01:59 +0200)]
tests: P2P cross connection
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 9 Dec 2014 23:54:27 +0000 (01:54 +0200)]
P2P: Allow cross connection on the parent interface
Previously, any P2P capable interface was skipped in cross connection
uplink consideration. However, this ends up skipping more or less all
nl80211-based driver cases now since they mark the main interface P2P
capable. Relax this rule to allow the parent interface to be used as the
non-P2P station interface for cross connection purposes.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 9 Dec 2014 22:46:11 +0000 (00:46 +0200)]
tests: Additional P2P_PEER coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 9 Dec 2014 21:55:41 +0000 (23:55 +0200)]
OpenSSL: Simplify EAP-FAST peer workaround
Commit
d4913c585ec9b62a667473878a7fd7d8600d3388 ('OpenSSL: Fix EAP-FAST
peer regression') introduced a workaround to use a new SSL_CTX instance
set for TLSv1_method() when using EAP-FAST. While that works, it is
unnecessarily complex since there is not really a need to use a separate
SSL_CTX to be able to do that. Instead, simply use SSL_set_ssl_method()
to update the ssl_method for the SSL instance. In practice, this commit
reverts most of the tls_openssl.c changes from that earlier commit and
adds that single call into tls_connection_set_params() based on EAP-FAST
flag.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 9 Dec 2014 21:47:47 +0000 (23:47 +0200)]
tests: Verify that EAP-FAST PAC and TLS session ticket was used
This provides a regression test that would have caught the recent
issue with tls_openssl.c change breaking EAP-FAST.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 9 Dec 2014 21:41:09 +0000 (23:41 +0200)]
Add tls_session_reused=<0/1> into EAP peer TLS status
This can be used to determine whether the last TLS-based EAP
authentication instance re-used a previous session (e.g., TLS session
resumption or EAP-FAST session ticket).
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 9 Dec 2014 21:03:27 +0000 (23:03 +0200)]
tests: Additional P2P_GROUP_ADD coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Chet Lanctot [Sat, 6 Dec 2014 00:48:23 +0000 (16:48 -0800)]
nl80211: Add QCA vendor specific query of device/driver features
This commit introduces a QCA vendor command that allows interrogation of
the vendor-specific features supported by the device/driver. Currently
the only defined feature is the ability to offload key management.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 9 Dec 2014 13:57:03 +0000 (15:57 +0200)]
OpenSSL: Fix EAP-FAST peer regression
Commit
35efa2479ff19c3f13e69dc50d2708ce79a99beb ('OpenSSL: Allow TLS
v1.1 and v1.2 to be negotiated by default') changed from using
TLSv1_method() to SSLv23_method() to allow negotiation of TLS v1.0,
v1.1, and v1.2.
Unfortunately, it looks like EAP-FAST does not work with this due to
OpenSSL not allowing ClientHello extensions to be configured with
SSL_set_session_ticket_ext() when SSLv23_method() is used. Work around
this regression by initiating a separate SSL_CTX instance for EAP-FAST
phase 1 needs with TLSv1_method() while leaving all other EAP cases
using TLS to work with the new default that allows v1.1 and v1.2 to be
negotiated. This is not ideal and will hopefully get fixed in the future
with a new OpenSSL method, but until that time, this can be used allow
other methods use newer TLS versions while still allowing EAP-FAST to be
used even if it remains to be constraint to TLS v1.0 only.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 9 Dec 2014 11:19:22 +0000 (13:19 +0200)]
Fix OpenSSL 0.9.8za patch for EAP-FAST support
OpenSSL 0.9.8za added a fix for CVE-2014-0224 and the original fix broke
EAP-FAST support due to forgotten SSL3_FLAGS_CCS_OK marking for
tls_session_secret_cb. Fix for this regression was added into OpenSSL
1.x and newer. The same fix is needed in this backport patch for
0.9.8za.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 9 Dec 2014 10:31:08 +0000 (12:31 +0200)]
TLS: Add new cipher suites to tls_get_cipher()
This fixes EAP-FAST server side issues for anonymous provisioning when
using the internal TLS implementation.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 9 Dec 2014 10:05:03 +0000 (12:05 +0200)]
OpenSSL: Remove support for the old EAP-FAST interface
Commit
f5fa824e9a86940835e30a5a0b1fd3d8a7c4c640 ('Update OpenSSL 0.9.8
patch for EAP-FAST support') changed the OpenSSL 0.9.8 patch to support
the new API that was introduced in OpenSSL 1.0.0 for EAP-FAST. As such,
there should be no valid users of the old API anymore and tls_openssl.c
can be cleaned up to use only the new API.
Signed-off-by: Jouni Malinen <j@w1.fi>
Xiaofei Shen [Tue, 9 Dec 2014 14:20:31 +0000 (16:20 +0200)]
MACsec: Update protect frames and replay on reauthentication
Some cases like ifconfig down/up may require MACsec restart. To make
sure the appropriate protect frames and replay parameters get configured
in cases where the interface was down, set these parameters from KaY
configuration to the driver before creating a new transmit SC. This
allows MACsec functionality to recover automatically on such restart.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 8 Dec 2014 23:56:57 +0000 (01:56 +0200)]
tests: Invitation Request retry and duplicated response
This verifies that the corner case of a duplicated, retransmitted
Invitation Response frame ends up being dropped instead of being
processed twice for the case of Invitation Request getting resend with
social channel as an operating channel in case of no common channels
found.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Sunil Dutt [Mon, 8 Dec 2014 09:41:16 +0000 (15:11 +0530)]
P2P: Check Invitation Response dialog token match for resend case
Commit
ac330cfd87397a1a01e697984f3944f427e88dad ('P2P: Reinvite with
social operation channel if no common channels') introduced a mechamisn
to reinvite a peer during a persistent group reinvocation from a GO with
a different operating channel proposal. This mechanism can fail if the
inviting device (GO) ends up getting a retransmitted, duplicated
Invitation Response frame processed second time while waiting for the
response to the retried Invitation Request (using one of the social
channels as the operating channel). IEEE 802.11 duplicate frame
detection mechanisms are supposed to prevent this type of sequence, but
not all drivers support those rules properly for pre-association frames,
including P2P Public Action frames.
Work around this issue by checking that the dialog token in the
Invitation Response frame matches the one from the last Invitation
Request if the special invitation retry mechanism is used. This is safer
to do now than to enable dialog token matching for all invitation cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 8 Dec 2014 23:19:20 +0000 (01:19 +0200)]
nl80211: Add frame control and sequence control field in RX frame debug
This makes it easier to debug issues related to duplicated management
frames on receive path.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 8 Dec 2014 16:54:27 +0000 (18:54 +0200)]
tests: Additional P2P SD coverage
This adds P2P_SERV_DISC_REQ, P2P_SERVICE_ADD, and P2P_SERVICE_DEL error
cases and P2P_SERVICE_FLUSH and P2P_SERC_DISC_EXTERNAL testing.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 8 Dec 2014 19:10:03 +0000 (21:10 +0200)]
tests: P2P_GET_PASSPHRASE in P2P Client mode
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 8 Dec 2014 17:46:00 +0000 (19:46 +0200)]
tests: Invalid P2P_INVITE parameters
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 8 Dec 2014 17:34:49 +0000 (19:34 +0200)]
tests: Invalid P2P_REJECT command
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 8 Dec 2014 16:42:16 +0000 (18:42 +0200)]
tests: Additional coverage for P2P_PROV_DISC
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 8 Dec 2014 16:25:05 +0000 (18:25 +0200)]
tests: P2P_LISTEN while interface is disabled
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 8 Dec 2014 16:21:48 +0000 (18:21 +0200)]
tests: Additional P2P_CONNECT coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 8 Dec 2014 15:56:47 +0000 (17:56 +0200)]
tests: Additional P2P_FIND parameter coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 8 Dec 2014 15:47:06 +0000 (17:47 +0200)]
tests: Additional BSS and BSS_FLUSH ctrl_iface command coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 8 Dec 2014 14:22:13 +0000 (16:22 +0200)]
Clear wpa_s->disconnected on ctrl_iface FLUSH
This is needed to get into more consistent state after the FLUSH
command. DISCONNECT followed by FLUSH could result in
wpa_s->disconnected being left to 1 and this resulted in a test failure,
e.g., when running wpas_ctrl_dup_network followed by
wpas_ctrl_enable_disable_network where the latter was expecting
ENABLE_NETWORK on a disabled network to connect automatically and that
does not happen if wpa_s->disconnected == 1.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 8 Dec 2014 14:10:46 +0000 (16:10 +0200)]
nl80211: Try to unmask 11b rates again on next connection request
It is possible for unmasking of 11b rates to fail if a P2P group is
terminated while the netdev is down (e.g., due to rfkill block). This
could result in the 11b TX rates being left masked for non-P2P
operations. This would be particularly unfortunate for channel 14 use
since OFDM rates are not allowed on channel 14 and only OFDM rates were
configured P2P. This issue showed up, e.g., when running hwsim test case
rfkill_autogo followed by ap_wps_conf_chan14.
It may be possible to allow the failed operation in cfg80211/mac80211,
but it looks better to work around this on wpa_supplicant side as well.
Try to unmask the 11b rates again on the next connection request if the
rate unmasking operation had failed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 8 Dec 2014 14:01:51 +0000 (16:01 +0200)]
nl80211: Add more debug prints for 11b rate disabling and re-enabling
This makes it easier to debug issues related to TX rate masking for P2P
use cases (and unmasking for non-P2P).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 7 Dec 2014 13:45:02 +0000 (15:45 +0200)]
Check os_snprintf() result more consistently - more checks
Add more os_snprintf() result validation checks.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 6 Dec 2014 19:40:31 +0000 (21:40 +0200)]
Check os_snprintf() result more consistently
While these are using practically large enoungh buffer sizes, it is
better to be more consistent with checking os_snprintf() return value.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Dec 2014 10:52:59 +0000 (12:52 +0200)]
Check os_snprintf() result more consistently - manual
This converts os_snprintf() result validation cases to use
os_snprintf_error() for cases that were note covered by spatch and
semantic patches.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 8 Dec 2014 09:22:52 +0000 (11:22 +0200)]
Check os_snprintf() result more consistently - automatic 3
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the comparison was 'res > size' instead of
'res >= size - 1'. These changes were done automatically with spatch
using the following semantic patch:
@@
identifier E1;
expression E2,E3,E4,E5,E6;
statement S1;
@@
(
E1 = os_snprintf(E2, E3, ...);
|
int E1 = os_snprintf(E2, E3, ...);
|
if (E5)
E1 = os_snprintf(E2, E3, ...);
else
E1 = os_snprintf(E2, E3, ...);
|
if (E5)
E1 = os_snprintf(E2, E3, ...);
else if (E6)
E1 = os_snprintf(E2, E3, ...);
else
E1 = 0;
|
if (E5) {
...
E1 = os_snprintf(E2, E3, ...);
} else {
...
return -1;
}
|
if (E5) {
...
E1 = os_snprintf(E2, E3, ...);
} else if (E6) {
...
E1 = os_snprintf(E2, E3, ...);
} else {
...
return -1;
}
|
if (E5) {
...
E1 = os_snprintf(E2, E3, ...);
} else {
...
E1 = os_snprintf(E2, E3, ...);
}
)
? os_free(E4);
- if (E1 < 0 || (size_t) E1 >= E3 - 1)
+ if (os_snprintf_error(E3, E1))
(
S1
|
{ ... }
)
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 8 Dec 2014 09:18:39 +0000 (11:18 +0200)]
Check os_snprintf() result more consistently - automatic 2
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the comparison was 'res > size' instead of
'res >= size'. These changes were done automatically with spatch using
the following semantic patch:
@@
identifier E1;
expression E2,E3,E4,E5,E6;
statement S1;
@@
(
E1 = os_snprintf(E2, E3, ...);
|
int E1 = os_snprintf(E2, E3, ...);
|
if (E5)
E1 = os_snprintf(E2, E3, ...);
else
E1 = os_snprintf(E2, E3, ...);
|
if (E5)
E1 = os_snprintf(E2, E3, ...);
else if (E6)
E1 = os_snprintf(E2, E3, ...);
else
E1 = 0;
|
if (E5) {
...
E1 = os_snprintf(E2, E3, ...);
} else {
...
return -1;
}
|
if (E5) {
...
E1 = os_snprintf(E2, E3, ...);
} else if (E6) {
...
E1 = os_snprintf(E2, E3, ...);
} else {
...
return -1;
}
|
if (E5) {
...
E1 = os_snprintf(E2, E3, ...);
} else {
...
E1 = os_snprintf(E2, E3, ...);
}
)
? os_free(E4);
- if (E1 < 0 || \( E1 > E3 \| (size_t) E1 > E3 \| E1 > (int) E3 \))
+ if (os_snprintf_error(E3, E1))
(
S1
|
{ ... }
)
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 8 Dec 2014 09:15:51 +0000 (11:15 +0200)]
Check os_snprintf() result more consistently - automatic 1
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the exact rule used in os_snprintf_error() was
used. These changes were done automatically with spatch using the
following semantic patch:
@@
identifier E1;
expression E2,E3,E4,E5,E6;
statement S1;
@@
(
E1 = os_snprintf(E2, E3, ...);
|
int E1 = os_snprintf(E2, E3, ...);
|
if (E5)
E1 = os_snprintf(E2, E3, ...);
else
E1 = os_snprintf(E2, E3, ...);
|
if (E5)
E1 = os_snprintf(E2, E3, ...);
else if (E6)
E1 = os_snprintf(E2, E3, ...);
else
E1 = 0;
|
if (E5) {
...
E1 = os_snprintf(E2, E3, ...);
} else {
...
return -1;
}
|
if (E5) {
...
E1 = os_snprintf(E2, E3, ...);
} else if (E6) {
...
E1 = os_snprintf(E2, E3, ...);
} else {
...
return -1;
}
|
if (E5) {
...
E1 = os_snprintf(E2, E3, ...);
} else {
...
E1 = os_snprintf(E2, E3, ...);
}
)
? os_free(E4);
- if (E1 < 0 || \( E1 >= E3 \| (size_t) E1 >= E3 \| (unsigned int) E1 >= E3 \| E1 >= (int) E3 \))
+ if (os_snprintf_error(E3, E1))
(
S1
|
{ ... }
)
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Dec 2014 10:15:34 +0000 (12:15 +0200)]
Check os_snprintf() result more consistently - success case
This converts os_snprintf() result validation cases to use
os_snprintf_error() in cases where success condition was used to execute
a step. These changes were done automatically with spatch using the
following semantic patch:
@@
expression E1,E2,E3;
statement S1;
@@
E1 = os_snprintf(E2, E3, ...);
- if (\( E1 >= 0 \| E1 > 0 \) && \( (size_t) E1 < E3 \| E1 < (int) E3 \| E1 < E3 \))
+ if (!os_snprintf_error(E3, E1))
S1
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 7 Dec 2014 10:11:13 +0000 (12:11 +0200)]
Check os_snprintf() result more consistently - maximum length
This adds verification of os_snprintf() result against the maximum
buffer length. These changes were done automatically with spatch
using the following semantic patch:
@@
expression E1,E2,E3;
statement S1;
@@
E1 = os_snprintf(E2, E3, ...);
- if (\( E1 < 0 \| E1 <= 0 \))
+ if (os_snprintf_error(E3, E1))
(
S1
|
{ ... }
)
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 6 Dec 2014 22:03:28 +0000 (00:03 +0200)]
Add os_snprintf_error() helper
This can be used to check os_snprintf() return value more consistently.
Signed-off-by: Jouni Malinen <j@w1.fi>