Jouni Malinen [Tue, 2 Apr 2013 15:29:23 +0000 (18:29 +0300)]
WPS: Preparations for allowing SSID filtering for provisioning step
If the SSID of the WPS AP is known, it should be possible to limit AP
selection based on this when searching for an active WPS AP. This commit
adds a mechanism to specify SSID for this type of uses.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 15 Feb 2013 19:29:22 +0000 (21:29 +0200)]
WPS NFC: Validate peer public key hash on Enrollee
Since the Enrollee can now get the public key hash from the Registrar,
there is need to validate this during the WPS protocol run.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sat, 13 Apr 2013 18:15:36 +0000 (11:15 -0700)]
WPS NFC: Send M2D with config error 20 on pkhash mismatch
Instead of terminating the WPS protocol immediately, go through an M2D
exchange to notify Enrollee of the public key hash mismatch.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 4 Apr 2013 07:03:17 +0000 (10:03 +0300)]
WPS: Remove Version attribute from NFC messages
This old Version attribute is not really needed anymore for these use
cases with the assumption that there are no existing WPS+NFC
deployments. It was removed from the WSC specification, so make the
implementation match that change.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sat, 27 Apr 2013 17:43:35 +0000 (20:43 +0300)]
WPS: Add builder functions for AP Channel and RF Bands attributes
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sat, 16 Mar 2013 18:45:21 +0000 (20:45 +0200)]
P2P: Make group operating channel available
Provide local GO channel to the P2P module so that it can be used in
messages that indicate the current operating channel.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 15 Feb 2013 15:07:28 +0000 (17:07 +0200)]
P2P: Split add-group-info into a helper function
This functionality is needed for other messages, too, so split the group
info building code into a separate helper function.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Arif Hussain [Fri, 24 Jan 2014 14:14:29 +0000 (16:14 +0200)]
P2P: Apply unsafe frequency rules to available channels
This adds a QCA vendor specific nl80211 event to allow the driver to
indicate a list of frequency ranges that should be avoided due to
interference or possible known co-existance constraints. Such
frequencies are marked as not allowed for P2P use to force groups to be
formed on different channels.
If a P2P GO is operating on a channel that the driver recommended not to
use, a notification about this is sent on the control interface and
upper layer code may decide to tear down the group and optionally
restart it on another channel. As a TODO item, this could also be changed
to use CSA to avoid removing the group.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 24 Jan 2014 13:58:00 +0000 (15:58 +0200)]
Add a header file defining QCA OUI and vendor extensions
This file is used as a registry of identifier assignments from the
Qualcomm Atheros OUI 00:13:74 for purposes other than MAC address
assignment. One of the first uses will be for nl80211 vendor
commands/events which is reason for the preparation change in
driver_nl80211.c
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 23 Jan 2014 14:57:15 +0000 (16:57 +0200)]
Increase global ctrl_iface buffer to same size as per-interface
Since the global ctrl_iface can be used with IFNAME= prefix to send
commands to be processed by per-interface code, it should have the same
(well, close to same since the prefix takes some space) limits on
command length as the per-interface ctrl_iface. Increase the buffer from
256 to 4096 to achieve this.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 23 Jan 2014 08:28:04 +0000 (10:28 +0200)]
tests: Verify GAS/ANQP use during PMF association
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 23 Jan 2014 09:18:20 +0000 (11:18 +0200)]
GAS client: Use Protected Dual of Public Action frames with PMF
When GAS is used with PMF negotiated, Protected Dual of Public Action
frames are expected to be used instead of Public Action frames, i.e.,
the GAS/ANQP frames are expected to be encrypted. Conver Public Action
GAS queries to use Dual of Public Action frame if PMF has been
negotiated with the AP to which the frame is being sent.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 23 Jan 2014 09:15:28 +0000 (11:15 +0200)]
GAS server: Add support for Protected Dual of Public Action frames
When GAS is used with PMF negotiated, Protected Dual of Public Action
frames are expected to be used instead of Public Action frames, i.e.,
the GAS/ANQP frames are expected to be encrypted. Add support for this
different category of Action frames being used for GAS. The payload
after the Category field is identical, so the only change is in using
the Category field based on what was received in the request frames. For
backwards compatibility, do not enforce protected dual to be used on the
AP side, i.e., follow what the station does.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 23 Jan 2014 09:12:27 +0000 (11:12 +0200)]
Add definitions for Protected Dual of Public Action frames
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 23 Jan 2014 08:24:21 +0000 (10:24 +0200)]
hostapd: Fix PMF robust Action frame processing rules
Due to misplaced parenthesis, unprotected not-Robust Action frames
(e.g., Public Action frames) were dropped in handle_assoc() when such
frames were received during an association that had negotiated use of
PMF. This is not correct since only unprotected Robust Action frames
were supposed to be handled in this way.
This would have broken any Public Action frame use during PMF
association, but such frames were not really supposed to be used
currently (ANQP as the only possible use case should really use
protected dual option in such case).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 23 Jan 2014 08:21:49 +0000 (10:21 +0200)]
Clear more configuration parameters to default on FLUSH
This makes it more convenient for test scripts to change parameters for
a specific test case without having to separately clear them between
each test case.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Raja Mani [Wed, 22 Jan 2014 14:15:23 +0000 (19:45 +0530)]
wpa_supplicant: Schedule PNO on completion of ongoing sched_scan
When start PNO request comes from control interface, wpa_supplicant
should wait until ongoing sched_scan (triggered by wpa_supplicant)
gets cancelled. Issuing cancel sched_scan and start PNO scan
one after another from pno_start() would lead wpa_supplicant to clear
wps->sched_scanning flag while getting sched_scan stopped event
from driver for cancel sched_scan request. In fact, PNO scan will
be in progress in driver and wpa_s->sched_scanning will not be set
in such cases.
In addition to this change, RSSI threshold limit is passed as part of
start sched_scan request. This was previously set only in pno_start(),
but the same parameter should be available for generic sched_scan calls
as well and this can now be reached through the new PNO start sequence.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Max Stepanov [Wed, 22 Jan 2014 14:05:47 +0000 (16:05 +0200)]
nl80211: Fix sizeof check in vendor command/event handling
Fix sizeof in a validity comparison of nl80211_vendor_cmd_info size. The
incorrect version happened to work on 64-bit builds due the structure
being eight octets, but this was incorrect and would not used with
32-bit builds.
Signed-hostap: Max Stepanov <Max.Stepanov@intel.com>
Ilan Peer [Wed, 22 Jan 2014 14:05:46 +0000 (16:05 +0200)]
hostapd: Fix segmentation fault when calling hostapd_cli all_sta
While iterating over the stations hostapd_ctrl_iface_sta_mib()
might be called with sta == NULL. Fix this.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
Max Stepanov [Wed, 22 Jan 2014 14:05:45 +0000 (16:05 +0200)]
wpa_supplicant: Fix seg fault in wpas_ctrl_radio_work_flush() in error case
Verify wpa_s->radio pointer before accessing it. If interface addition
fails, this could get called before wpa_s->radio has been set.
The segmentation fault details:
Program received signal SIGSEGV, Segmentation fault.
0x00000000004b9591 in wpas_ctrl_radio_work_flush (wpa_s=0x77fff0) at ctrl_iface.c:5754
5754 dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,
Call stack:
0 wpas_ctrl_radio_work_flush (wpa_s=0x77fff0) at ctrl_iface.c:5754
1 wpa_supplicant_deinit_iface (wpa_s=0x77fff0, notify=0, terminate=0) at wpa_supplicant.c:3619
2 wpa_supplicant_add_iface (global=0x75db10, iface=0x7fffffffe270) at wpa_supplicant.c:3691
3 wpas_p2p_add_p2pdev_interface (wpa_s=0x75dd20) at p2p_supplicant.c:3700
4 main (argc=<optimized out>, argv=<optimized out>) at main.c:317
Function:
5750 void wpas_ctrl_radio_work_flush(struct wpa_supplicant *wpa_s)
5751 {
5752 struct wpa_radio_work *work, *tmp;
5753
5754 dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,
5755 struct wpa_radio_work, list) {
5756 struct wpa_external_work *ework;
5757
5758 if (os_strncmp(work->type, "ext:", 4) != 0)
Root cause:
(gdb) p wpa_s->radio
$1 = (struct wpa_radio *) 0x0
Signed-hostap: Max Stepanov <Max.Stepanov@intel.com>
David Spinadel [Wed, 22 Jan 2014 14:05:44 +0000 (16:05 +0200)]
P2P: Clone dtim_period to a new interface
Cloning dtim_period is needed for P2P GO.
Signed-hostap: David Spinadel <david.spinadel@intel.com>
Jouni Malinen [Tue, 21 Jan 2014 14:33:25 +0000 (16:33 +0200)]
Update copyright years in the manpages
Signed-hostap: Jouni Malinen <j@w1.fi>
Dan Winship [Mon, 20 Jan 2014 23:11:31 +0000 (17:11 -0600)]
Sync manpages and command-line options
Signed-hostap: Dan Williams <dcbw@redhat.com>
Dan Williams [Mon, 20 Jan 2014 23:04:03 +0000 (17:04 -0600)]
Add manpage for eapol_test
Signed-hostap: Dan Williams <dcbw@redhat.com>
Dan Williams [Mon, 20 Jan 2014 23:03:15 +0000 (17:03 -0600)]
wpa_supplicant: Fix usage text based on build options
Signed-hostap: Dan Williams <dcbw@redhat.com>
Dmitry Shmidt [Fri, 17 Jan 2014 18:58:50 +0000 (10:58 -0800)]
P2P: Reduce peer expiration age to 60 sec and allow customization
The new default value (from 300 to 60 seconds) makes the internal P2P
peer list somewhat faster to react to peers becoming unreachable while
still maintaining entries for some time to avoid them disappearing
during user interaction (e.g., selecting a peer for a connection or
entering a PIN).
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Raja Mani [Sat, 18 Jan 2014 14:46:24 +0000 (20:16 +0530)]
Skip normal scan when PNO is already in progress
Scan request failures are observed in wpa_supplicant debug log when
Android framework starts PNO scan in driver via ctrl interface command
'set pno 1' and wpa_supplicant also tries to issue a scan request after
PNO has started in the driver.
Some drivers may reject a normal scan request when PNO is already in
progress. wpa_supplicant should consider PNO status before issuing start
scan request to the driver. Otherwise, wpa_supplicant will get failures
from driver for the scan request and it will end up rescheduling scan
request in periodic interval and get a start scan request failure for
each attempt.
In order to avoid unnecessary scan attempt when PNO scan is already
running, PNO status is checked before issuing scan request to driver.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Rashmi Ramanna [Mon, 20 Jan 2014 20:55:09 +0000 (22:55 +0200)]
P2P: Extend the listen time based on the active concurrent session
A P2P Device while in the Listen state waiting to respond for the
obtained group negotiation request shall give a fair chance for other
concurrent sessions to use the shared radio by inducing an idle time
between the successive listen states. However, if there are no
concurrent operations, this idle time can be reduced.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 17 Jan 2014 17:38:02 +0000 (19:38 +0200)]
tests: Verify peer discovery in no-Probe Request case
Verify that PD Request followed by GO Negotiation Request is enough to
learn the Listen frequency of the peer.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Po-Lun Lai [Fri, 17 Jan 2014 17:35:03 +0000 (19:35 +0200)]
P2P: Allow GO Negotiation Request to update peer entry after PD
Previously, GO Negotiation Request frame was used to update a peer entry
if only a Probe Request from that peer had been received. However, it
would be possible, even if unlikely, for a peer to be discovered based
on receiving Provision Discovery Request frame from it and no Probe
Request frame. In such a case, the Listen frequency of the peer would
not be known and group formation could not be (re-)initialized with that
peer. Fix this by allowing the GO Negotiation Request frame to update
peer entry if the current peer entry does not include Listen or
Operating frequency.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Johannes Berg [Wed, 15 Jan 2014 19:58:39 +0000 (20:58 +0100)]
hwsim tests: vm: add optional time-warp
To test the code under the influence of time jumps, add the option
(--timewarp) to the VM tests to reset the clock all the time, which
makes the wall clock time jump speed up 20x, causing gettimeofday()
to be unreliable for timeout calculations.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Dmitry Shmidt [Wed, 15 Jan 2014 18:27:19 +0000 (10:27 -0800)]
P2P: Add missing direct global ctrl_iface commands for P2P
It should be noted that these commands are not exclusively used for P2P
or in the global context, so use of these commands through the global
control interface for operations that are specific to a single interface
have undefined behavior and that behavior may change in the future. As
such, these are recommend only for operations that are in the global
context (e.g., for P2P management).
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Jithu Jance [Wed, 15 Jan 2014 13:47:19 +0000 (19:17 +0530)]
P2P: Use GO's operating channel to optimize scan during join
Use P2P GO's operating channel information, if known, to do a single
channel scan during the join operation.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
Jithu Jance [Wed, 15 Jan 2014 10:22:51 +0000 (15:52 +0530)]
P2P: Don't expire the peer, if GO Negotiation is in progress
This adds one more case of active P2P peer detection so that
p2p_expire_peers() cannot hit a case where a GO Negotiation peer would
be removed.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
Arend van Spriel [Wed, 15 Jan 2014 09:11:33 +0000 (10:11 +0100)]
Use minimal scan delay upon EVENT_INTERFACE_ADDED
This patch resets the static interface_count to zero in case of
wpa_supplicant_driver_init() call for wpa_s which is in
INTERFACE_DISABLED state. This interface_count is used for the delay of
the scan which is now minimal for dynamically added interfaces. This may
collide with a scan for another interface, but the same is true for any
chosen delay in this scenario. Also the state change to DISCONNECTED is
moved to wpa_supplicant_driver_init() so it will move from
INTERFACE_DISABLED to INACTIVE when there are no enabled networks.
Tested-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Arend van Spriel [Wed, 15 Jan 2014 09:11:32 +0000 (10:11 +0100)]
Reset normal_scans counter upon entering INTERFACE_DISABLED state
Depending on the implementation, the scheduled scan may not give results
quickly when in DISCONNECTED state. This patch resets
wpa_s::normal_scans upon entering to the INTERFACE_DISABLED state so a
normal scan is assured upon going to DISCONNECTED state after the
interface has been re-enabled. This mainly solves a long reconnect time
observed upon repeated kernel driver reloads, i.e., third reload
resulted in a scheduled scan.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Signed-hostap: Arend van Spriel <arend@broadcom.com>
Jouni Malinen [Tue, 14 Jan 2014 21:31:23 +0000 (23:31 +0200)]
tests: Add some delay before wlantest operations
Since wlantest is a separate process that is not synchronized with rest
of the test components, there can be some latency in it having the STA
entries and counters updated. There is a race condition between this
happening and then test script clearing or fetching data. Make this race
condition less likely to cause bogus test failures by adding some wait
between these operations.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 14 Jan 2014 21:37:15 +0000 (23:37 +0200)]
tests: Run dump_monitor() again if scan was pending
In addition to running the FLUSH command again, the pending monitor
interface events need be cleared in case the driver was running a scan
when reset() is called. This avoids issues, e.g., with discovery_dev_id
failing due to an unexpected P2P-DEVICE-FOUND event that was generated
by the pending scan operation that had not yet complete when the first
dump_monitor() call in reset() happened.
Signed-hostap: Jouni Malinen <j@w1.fi>
Sunil Dutt [Mon, 6 Jan 2014 13:01:58 +0000 (18:31 +0530)]
nl80211: Pass station supported channel and oper class info
Pass station supported channel and operating class information to kernel
for TDLS peers.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>x
Sunil Dutt [Mon, 6 Jan 2014 13:06:13 +0000 (18:36 +0530)]
TDLS: Pass peer's Supported channel and oper class info during sta_add
The information of the peer's supported channel and operating class
is required for the driver to do TDLS off channel operations with a
compatible peer. Pass this information to the driver when the peer
station is getting added.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Janusz Dziedzic [Wed, 8 Jan 2014 11:24:11 +0000 (12:24 +0100)]
hostapd: DFS setup seg0 correctly for HT40-
Fix seg0 calculation for HT40+/HT40-.
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Wed, 8 Jan 2014 10:27:47 +0000 (11:27 +0100)]
hostapd: DFS/CSA check if CSA in progress
Check if CSA is already in progress, before triggering a new channel
switch.
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Dmitry Shmidt [Thu, 9 Jan 2014 23:19:36 +0000 (15:19 -0800)]
Android: Remove hostapd dump_file functionality
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Johannes Berg [Tue, 14 Jan 2014 09:38:33 +0000 (10:38 +0100)]
hwsim tests: vm: read a config file from $HOME
The vm-config in the subdirectory is less useful as it
will get removed by "git clean" and similar, so read a
config file from ~/.wpas-vm-config in addition.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Fri, 10 Jan 2014 13:19:50 +0000 (14:19 +0100)]
hwsim tests: add a hwsim controller module
The controller module allows adding/destroying radios on the fly
with the recent hwsim changes.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Mon, 13 Jan 2014 19:39:06 +0000 (21:39 +0200)]
P2P: Limit join-a-group scans based on SSID from invitation
If we already know the SSID of the P2P group we are trying to join, use
that SSID to limit scan responses and BSS selection since we do not
really look for any other network in this case. In addition, this can
fix cases where the peer has just changed its SSID (e.g., started a new
group) and there may be multiple BSS entries for the same BSSID.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 13 Jan 2014 18:47:01 +0000 (20:47 +0200)]
tests: Double the connection timeout for EAP cases
It looks like slow virtual machines may have issues to complete some EAP
authentication cases (e.g., EAP-EKE in ap_ft_eap) within the 10 second
timeout under load. Double the timeout to avoid incorrect test failures.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 13 Jan 2014 18:26:22 +0000 (20:26 +0200)]
tests: Clear data from ongoing scan on reset()
It was possible for the previous test case to leave unexpected BSS or
P2P peer table entries if a scan was in progress when the FLUSH command
was used. This could result in test failures, e.g., when running
discovery_dev_type_go followed by discovery_group_client where a P2P
peer was discovered on another channel at the end of the former test
case from a scan that was running durign the FLUSH operation that was
supposed to remove all P2P peers. This could result in
discovery_group_client failing due to dev[2] trying to send the
discoverability frame on incorrect channel (the one learned in the
previous test case) since discover_peer() skipped a new device
discovery. Fix this by running FLUSH operation again if a pending scan
operation is detected during the first FLUSH operation.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 8 Jan 2014 20:27:30 +0000 (22:27 +0200)]
Flush secondary device types on FLUSH command
This makes it possible to clear previously configured secondary device
types.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 8 Jan 2014 20:25:58 +0000 (22:25 +0200)]
tests: P2P device discovery filtering on Device ID and Device Type
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 8 Jan 2014 18:01:19 +0000 (20:01 +0200)]
P2P: Allow requested device type to be specified with p2p_find
This allows filtering of P2P peers that reply to the device discovery
Probe Request frames.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 8 Jan 2014 15:45:56 +0000 (17:45 +0200)]
tests: EAP-TLS with OCSP
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 8 Jan 2014 15:18:22 +0000 (17:18 +0200)]
tests: PKCS#12 use for EAP-TLS
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 8 Jan 2014 15:06:36 +0000 (17:06 +0200)]
tests: CA certificate in DER format
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 8 Jan 2014 14:52:21 +0000 (16:52 +0200)]
tests: Server certificate trust based on hash value
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 8 Jan 2014 14:31:22 +0000 (16:31 +0200)]
tests: subject_match and altsubject_match
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 8 Jan 2014 14:14:30 +0000 (16:14 +0200)]
Clear configuration blobs on FLUSH command
All te network blocks and credentials were already cleared, but
configurations blobs should also be cleared here, e.g., to get
more consistent behavior test cases using EAP-FAST PACs.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 8 Jan 2014 08:21:37 +0000 (10:21 +0200)]
tests: EAP-FAST
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 8 Jan 2014 08:24:05 +0000 (10:24 +0200)]
Skip network disabling on expected EAP failure
Some EAP methods can go through a step that is expected to fail and as
such, should not trigger temporary network disabling when processing
EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as
a special case, but similar behavior is needed for EAP-FAST with
unauthenticated provisioning.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 8 Jan 2014 08:22:51 +0000 (10:22 +0200)]
EAP-FAST peer: Make debug clearer on missing pac_file configuration
EAP-FAST requires pac_file to be configured, so make it clearer from the
debug output if missing configuration parameter was the reason for
EAP-FAST initialization failing.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 8 Jan 2014 07:08:54 +0000 (09:08 +0200)]
tests: Verify all implemented EAP-pwd groups
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Jan 2014 21:37:13 +0000 (23:37 +0200)]
tests: Include vendor extension in WPS M1
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Jan 2014 21:22:45 +0000 (23:22 +0200)]
tests: WPS AP using fragmented WPS IE
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Jan 2014 21:08:26 +0000 (23:08 +0200)]
tests: WPS 2.0 AP rejecting WEP configuration
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Jan 2014 18:44:41 +0000 (20:44 +0200)]
tests: External password storage
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Jan 2014 20:30:25 +0000 (22:30 +0200)]
EXT PW: Fix hash return in password fetching
The hash return buffer was previously left uninitialized in case
externally stored password ("password=ext:...") was used. This could
result in MSCHAPv2 failure if that uninitialized memory happened to be
something else than zero.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Jan 2014 18:14:53 +0000 (20:14 +0200)]
hostapd: Skip full AP configuration validation on SET command
It is possible for the configuration to be temporarily invalid when
adding a new AP through SET commands followed by ENABLE. Avoid this
issue by using less strict validation on SET commands and perform full
configuration validation only on ENABLE. Use cases with configuration
file maintain their previous behavior, i.e., full validation after the
file has been read.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 7 Jan 2014 18:02:04 +0000 (20:02 +0200)]
tests: Hidden SSID
In addition, add the earlier tests in the new test_ssid.py file that was
forgotten from the previous commit
d78f33030d9b3ecc7ad73ba3f544fc84b08d06ea.
Signed-hostap: Jouni Malinen <j@w1.fi>
Arik Nemtsov [Tue, 7 Jan 2014 14:15:27 +0000 (16:15 +0200)]
P2P: Wait on GO Negotiation Confirm transmit
This reverts commit
792c8877c3e9558a6def558c6d35833a00571683
('P2P: Send GO Negotiation Confirm without wait').
Some drivers rely on the wait period for sending packets on the
off-channel. If the wait value is small, there's a race condition where
the driver ROC might complete before the packet was sent out. This
doesn't impede other drivers, as the wait is cancelled when a
Tx-completion arrives from the remote peer.
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Eyal Shapira [Thu, 19 Dec 2013 10:03:29 +0000 (12:03 +0200)]
P2P: Cancel action frame offchan wait after recv GO Neg Conf
The missing call to scan_action_done() may keep us off-channel for 250
ms following sending GO Negotiation Response. In case the operating
channel is different from this channel and we're GO, a race could lead
to start beaconing while off-channel. This could potentially cause the
Beacon frames to go out on incorrect channel with some drivers.
Signed-hostap: Eyal Shapira <eyal@wizery.com>
Jouni Malinen [Tue, 7 Jan 2014 13:58:01 +0000 (15:58 +0200)]
bsd: Fix NULL pointer dereference on error path
The error path in bsd_init() on struct bsd_driver_data allocation was
jumping to location where drv is dereferenced. That will crash and it is
easier to just return from the function since no cleanup steps are
needed in this case.
Signed-hostap: Jouni Malinen <j@w1.fi>
Masashi Honma [Tue, 7 Jan 2014 13:56:06 +0000 (15:56 +0200)]
bsd: Prepare event buffer on init process
Currently these three steps runs for each event.
1. get buffer size via system
2. allocate a memory for event
3. free the memory
The wpa_supplicant receives 4 events from boot to be connected.
So this patch prepare the event buffer at the init process.
I have tested wpa_supplicant on NetBSD 6.1.2.
But I could not tested hostapd because I do not have AP enabled device.
Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
Ben Greear [Sat, 4 Jan 2014 00:09:22 +0000 (16:09 -0800)]
nl80211: Document how to configure for libnl 2.0 and 3.2
Reported-by: Xose Vazquez Perez <xose.vazquez@gmail.com>
Signed-hostap: Ben Greear <greearb@candelatech.com>
Jouni Malinen [Tue, 7 Jan 2014 13:20:30 +0000 (15:20 +0200)]
tests: Make ap_wps_er_add_enrollee less likely to fail
WPS-ER-AP-REMOVE event from the ER is sent before HTTP UNSUBSCRIBE has
been completed. As such, it was possible for the following scan
validation step to be started before the AP has had a chance to react to
the ER status change. Makes this less likely to fail by waiting 200 ms
before starting the last scan.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 6 Jan 2014 16:17:27 +0000 (18:17 +0200)]
tests: P2P_REJECT to reject GO Negotiation Request frames
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 6 Jan 2014 15:58:25 +0000 (17:58 +0200)]
tests: Negative test case for P2P group formation with incorrect PIN
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 6 Jan 2014 15:56:50 +0000 (17:56 +0200)]
P2P: Reject group formation on WPS provisioning failure
There is no need to wait for the 15 second group formation timeout to
clear the state if WPS failure is detected during P2P group formation.
Allow the WPS exchange steps (WSC_NACK and EAP-Failure) to be completed
and remove the group to get rid of the extra wait.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 6 Jan 2014 15:54:16 +0000 (17:54 +0200)]
Fix TX status processing during AP mode shutdown in wpa_supplicant
A TX status event could be received after the AP interface has already
been deinitialized. This needs to check for NULL pointer before trying
to indicate the event to AP functions.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 6 Jan 2014 14:17:52 +0000 (16:17 +0200)]
tests: p2p_client_list on persistent GO
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 6 Jan 2014 09:49:46 +0000 (11:49 +0200)]
nl80211: Clean up netlink parsing and debug prints
This makes the RTM_NEWLINK, RTM_DELLINK, and operstate debug messages
easier to understand.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 6 Jan 2014 05:53:37 +0000 (07:53 +0200)]
Interworking: Keep up to two pending GAS_REQUEST responses
Previously, only the last response data was kept in memory. This
increases that to hold up to two last responses to allow some more
parallel operations to be requested. In addition, the response data is
now freed as soon as the external program has fetched it.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Jan 2014 20:57:30 +0000 (22:57 +0200)]
Update copyright notices for the new year 2014
Signed-hostap: Jouni Malinen <j@w1.fi>
Andrei Otcheretianski [Wed, 1 Jan 2014 13:32:09 +0000 (15:32 +0200)]
nl80211: Move CS supported flag to wpa_driver_capa
Replace channel_switch_supported flag of the
wpa_driver_nl80211_data by WPA_DRIVER_FLAGS_AP_CSA inside
wpa_driver_capa.flags. It makes more sense and also can
be accessed by wpa_supplicant.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Jouni Malinen [Sun, 5 Jan 2014 19:54:46 +0000 (21:54 +0200)]
tests: Add get_driver_status for Hostapd
This is identical to the same command in WpaSupplicant class.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Jan 2014 19:50:34 +0000 (21:50 +0200)]
Add DRIVER-STATUS command for hostapd
This is just like the same command in wpa_supplicant, i.e., "hostapd_cli
status driver" can be used to fetch information about the driver status
and capabilities.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Jan 2014 17:30:24 +0000 (19:30 +0200)]
tests: MSCHAPv2 password as hash value
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Jan 2014 17:23:29 +0000 (19:23 +0200)]
tests: Verify EAP vendor test
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Jan 2014 17:20:00 +0000 (19:20 +0200)]
tests: Verify EAP-PEAP/EAP-TLS
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Jan 2014 16:58:39 +0000 (18:58 +0200)]
tests: Negative test cases with incorrect EAP password
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Jan 2014 17:04:01 +0000 (19:04 +0200)]
EAP-IKEv2 peer: Fix a memory leak in notify round
The plaintext notification needs to be freed after encryption.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Jan 2014 16:32:24 +0000 (18:32 +0200)]
Remove PEAPv2 support
PEAPv2 implementation was not fully completed and there does not seem to
be any deployments of PEAPv2 nor any clear sign of such showing up in
the future either. As such, there is not much point in maintaining this
implementation in hostapd/wpa_supplicant.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Jan 2014 16:03:29 +0000 (18:03 +0200)]
tests: Add more EAP fragmentation tests
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Jan 2014 17:08:51 +0000 (19:08 +0200)]
EAP-pwd peer: Allow fragmentation limit to be configured
The standard fragment_size network parameter can now be used to
configure EAP-pwd fragmentation limit instead of always using the
hardcoded value of 1020.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Jan 2014 15:55:29 +0000 (17:55 +0200)]
EAP-IKEv2 peer: Allow fragmentation limit to be configured
The standard fragment_size network parameter can now be used to
configure EAP-IKEv2 fragmentation limit instead of always using the
hardcoded value of 1400.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Jan 2014 15:42:35 +0000 (17:42 +0200)]
tests: Interactive identity/password query for EAP
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Jan 2014 15:09:56 +0000 (17:09 +0200)]
WPS: Convert printf() debug print to use wpa_printf()
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Jan 2014 14:49:31 +0000 (16:49 +0200)]
tests: Allow multiple Enrollee events in ap_wps_er_add_enrollee_pbc
It was possible for the AP to report two enrollees in this test case
(i.e., both the expected wlan1 device and also the ER device on wlan0).
The previous test script would fail if the wlan0 device is reported
first. Fix this by allowed the expected target to be found in either the
first or the second WPS-ER-ENROLLEE-ADD event.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Jan 2014 14:42:48 +0000 (16:42 +0200)]
tests: Force p2p_find in p2p_service_discovery_fragmentation
It was possible for this test case to fail if P2P_FLUSH was issued
during a search scan and that scan adding back the peer. Avoid this by
forcing p2p_find to be started regardless of the current P2P peer table
contents for each round of service discovery.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Jan 2014 14:35:05 +0000 (16:35 +0200)]
tests: Make WPA2-Enterprise reauth test cases more robust
With the extra latencies removed from run-tests.py operations, it was
possible to hit race conditions in pairwise cipher configuration at the
end of the 4-way handshake. In some cases, the EAPOL-Start frame from
the station was not received by the AP and that could result in these
test cases failing. Since there are not really trying to test the race
condition, wait for the AP side to complete key configuration prior to
initiating the reauthentication sequence.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Jan 2014 14:09:43 +0000 (16:09 +0200)]
tests: Cleaner error processing for threads
When a thread is used to follow P2P group formation progress, it is
better to return a clear failure indication from the thread instead of
allowing an exception to be thrown from the thread.
Signed-hostap: Jouni Malinen <j@w1.fi>