David Spinadel [Wed, 6 Apr 2016 16:42:01 +0000 (19:42 +0300)]
hostapd: Set LCI and Location Civic information in configuration
Enable configuration of LCI and location civic information in
hostapd.conf.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Jouni Malinen [Fri, 8 Apr 2016 16:38:52 +0000 (19:38 +0300)]
tests: AP with open mode and STA poll
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 8 Apr 2016 16:37:08 +0000 (19:37 +0300)]
Add POLL_STA command to check connectivity in AP mode
The hostapd "POLL_STA <addr>" control interface command can be used to
check whether an associated station ACKs a QoS Data frame. The received
ACK for such a frame is reported as an event message ("AP-STA-POLL-OK
<addr>").
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 8 Apr 2016 16:20:07 +0000 (19:20 +0300)]
tests: hostapd disconnecting STA without transmitting Deauth/Disassoc
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 8 Apr 2016 16:18:33 +0000 (19:18 +0300)]
Allow AP to disconnect STA without sending Deauth/Disassoc frame
The optional tx=0 parameter can be added to the hostapd
DEAUTHENTICATE/DISASSOCIATE command to request disconnection without
transmitting the Deauthentication/Disassociation frame to the STA.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 8 Apr 2016 15:39:41 +0000 (18:39 +0300)]
tests: AP with open mode and STA statistics
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 8 Apr 2016 15:38:50 +0000 (18:38 +0300)]
Add inactive_msec into STA output
This allows external programs to fetch the driver inactivity value for a
specific STA ("STA <addr>" hostapd control interface command).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 8 Apr 2016 14:28:24 +0000 (17:28 +0300)]
tests: VENDOR_ELEM 14 to add an IE into Probe Request frame
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 8 Apr 2016 14:28:23 +0000 (17:28 +0300)]
Extend VENDOR_ELEM parameters to cover non-P2P Probe Request frame
The new VENDOR_ELEM value 14 can now be used to add a vendor element
into Probe Request frames used by non-P2P active scans.
For example:
VENDOR_ELEM_ADD 14
dd05001122330a
and to clear that:
VENDOR_ELEM_REMOVE 14 *
Signed-off-by: Jouni Malinen <j@w1.fi>
Ilan Peer [Wed, 6 Apr 2016 14:14:43 +0000 (17:14 +0300)]
tests: Modify test_hs20_filter
Modify the test cases to tests the Hotspot 2.0 filtering functionality
in wpa_supplicant, instead of testing only the kernel interface.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Ilan Peer [Wed, 6 Apr 2016 14:14:42 +0000 (17:14 +0300)]
nl80211: Implement configure_data_frame_filters() callback
Implement configure_data_frame_filters() callback by using
the net-sysfs interfaces (if these are available).
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Matti Gottlieb [Wed, 6 Apr 2016 14:14:41 +0000 (17:14 +0300)]
HS 2.0: Add support for configuring frame filters
When a station starts an association to a Hotspot 2.0 network, request
the driver to do the following, based on the BSS capabilities:
1. Enable gratuitous ARP filtering
2. Enable unsolicited Neighbor Advertisement filtering
3. Enable unicast IP packet encrypted with GTK filtering if
DGAF disabled bit is zero
Clear the filter configuration when the station interface is
disassociated.
Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
Matti Gottlieb [Wed, 6 Apr 2016 14:14:40 +0000 (17:14 +0300)]
driver: Add a packet filtering function declaration
Add a new function declaration that will allow wpa_supplicant to request
the driver to configure data frame filters for specific cases.
Add definitions that will allow frame filtering for stations as
required by Hotspot 2.0:
1. Gratuitous ARP
2. Unsolicited NA
3. Unicast IP packets encrypted with GTK
Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
Ayala Beker [Thu, 7 Apr 2016 10:31:01 +0000 (13:31 +0300)]
AP: Pass station P2P PS capabilities info during station add/set
If a legacy client with no P2P PS support is trying to connect to
a P2P GO, the driver should know that, and change its PS behavior
accordingly.
Add a parameter to hostapd_sta_add_params() indicating if P2P PS is
supported by the station and pass this parameter to kernel with nl80211
driver when the station is added/set.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Jouni Malinen [Fri, 8 Apr 2016 10:01:49 +0000 (13:01 +0300)]
Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2016-04-06.
Signed-off-by: Jouni Malinen <j@w1.fi>
Lior David [Mon, 4 Apr 2016 16:19:25 +0000 (19:19 +0300)]
wpa_supplicant: "don't care" value for pbss in ssid structure
Add a new value 2 to the pbss parameter of wpa_ssid structure, which
means "don't care". This value is used in infrastructure mode to request
connection to either AP or PCP, whichever is available in the scan
results. The value is also used in regular WPS (not P2P group formation)
to make WPS work with devices running as either AP or PCP.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Jouni Malinen [Fri, 8 Apr 2016 08:41:08 +0000 (11:41 +0300)]
tests: RADIUS failure when adding MPPE keys
This is a regression test case for a radius_msg_add_mppe_keys() memory
leak on an error path.
Signed-off-by: Jouni Malinen <j@w1.fi>
Ayala Beker [Thu, 7 Apr 2016 10:31:00 +0000 (13:31 +0300)]
RADIUS: Fix a possible memory leak on an error path
Fix a possible memory leak in radius_msg_add_mppe_keys() if
os_get_random() fails.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Jouni Malinen [Fri, 8 Apr 2016 08:28:45 +0000 (11:28 +0300)]
tests: WPA2 with invalid PSK from RADIUS
This is a regression test case for a memory leak on a
decode_tunnel_passwords() error path.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 8 Apr 2016 08:28:19 +0000 (11:28 +0300)]
tests: Fix pyrad exception name in RADIUS test cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Ayala Beker [Thu, 7 Apr 2016 10:30:59 +0000 (13:30 +0300)]
RADIUS: Fix possible memory leak when parsing per-STA passphrase
Fix a possible memory leak in decode_tunnel_passwords() if an invalid
passphrase is received from the RADIUS server.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Jouni Malinen [Thu, 7 Apr 2016 18:10:10 +0000 (21:10 +0300)]
tests: Add P2P invitation coverage during p2p_find
The new persistent_group_peer_dropped3 test case is similar to
persistent_group_peer_dropped with the difference being in the
responding device (the one from which the persistent group information
is dropped) is not issued a separate P2P_LISTEN command and instead, a
single P2P_FIND is used through the exchange to verify that this
operation does not get stopped unexpectedly. This is a regression test
case to verify that P2P_PENDING_INVITATION_RESPONSE case ends up calling
p2p_check_after_scan_tx_continuation() in non-success case. It should be
noted that this is dependent on timing: Action frame TX request needs to
occur during the P2P_FIND Search phase (scan). As such, not every
execution of this test case will hit the previous issue sequence, but
that should be hit every now and then.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 7 Apr 2016 18:05:28 +0000 (21:05 +0300)]
P2P: Continue p2p_find after sending non-success Invitation Response
This was previously handled for the case where the non-success
Invitation Response frame was sent out during the Listen phase. However,
in the case the Action frame TX ended up getting scheduled when the
Search phase scan had already started (e.g., due to the driver reporting
Invitation Request RX late enough for the Listen-to-Search transition
having already started), the postponed Action frame TX status processing
did not cover the specific case of non-success Invitation Response. This
could result in the p2p_find operation getting stopped (stuck in SEARCH
state) unexpectedly.
Fix this by calling p2p_check_after_scan_tx_continuation() from
Invitation Response TX callback handler if the invitation was rejected.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 7 Apr 2016 08:45:01 +0000 (11:45 +0300)]
Mark wpa_supplicant_{start,stop}_sched_scan() static
With the only callers in wpas_{start,stop}_pno() moved into scan.c,
there is no need to call these helper functions from outside scan.c
anymore.
Signed-off-by: Jouni Malinen <j@w1.fi>
Hu Wang [Wed, 6 Apr 2016 08:14:34 +0000 (11:14 +0300)]
Fix race condition with PNO stop followed immediately by PNO start
Commit
dd271857a5b501cd88143efe8ca0f0dce4519a91 ('Skip normal scan when
PNO is already in progress') fixed issues with normal scans getting
rejected by the driver when PNO scan is already running. The part about
skipping such a scan request is fine, but the part about clearing
wpa_s->pno back to 0 in EVENT_SCHED_SCAN_STOPPED handler is problematic.
If PNO is stopped ("SET pno 0") and then restarted ("SET pno 1")
immediately, it is possible for the EVENT_SCHED_SCAN_STOPPED event from
the stopping part to be received only after the new PNO instance has
been started. This would have resulted in clearing wpa_s->pno and the
driver and wpa_supplicant getting out of sync. This would then prevent
PNO from being stopped with "SET pno 0" (that fails if wpa_s->pno == 0).
Fix this race condition by reverting the wpa_s->pno = 0 addition from
the EVENT_SCHED_SCAN_STOPPED handler.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Manikandan Mohan [Thu, 17 Mar 2016 18:50:23 +0000 (20:50 +0200)]
Add QCA nl80211 vendor commands for TSF and WISA Feature
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 5 Apr 2016 15:36:28 +0000 (18:36 +0300)]
RSN: Set EAPOL-Key Request Secure bit to 1 if PTK is set
The Secure bit in the Key Information field of EAPOL-Key frames is
supposed to be set to 1 when there is a security association. This was
done for other frames, but not for the EAPOL-Key Request frame where
supplicant is requesting a new PTK to be derived (either due to Michael
MIC failure report Error=1 or for other reasons with Error=0). In
practice, EAPOL-Key Request frame is only sent when there is a PTK in
place, so all such frames should have Secure=1.
Signed-off-by: Jouni Malinen <j@w1.fi>
Janusz Dziedzic [Wed, 30 Mar 2016 08:55:56 +0000 (10:55 +0200)]
tests: Pass full apdev to add_ap() function (7)
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (7) converts the cases where a local variable is used to store
apdev[#]['ifname'] before passing it as the argument to hostapd.add_ap().
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Wed, 30 Mar 2016 08:55:56 +0000 (10:55 +0200)]
tests: Pass full apdev to add_ap() function (6)
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (6) converts the cases where apdevs[#]['ifname'] was used as
the argument to hostapd.add_ap().
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Wed, 30 Mar 2016 08:55:56 +0000 (10:55 +0200)]
tests: Pass full apdev to add_ap() function (5)
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (5) converts the cases that use the start_ap_wpa2_psk() helper
function.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Wed, 30 Mar 2016 08:55:56 +0000 (10:55 +0200)]
tests: Pass full apdev to add_ap() function (4)
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (4) converts the cases that call hostapd.add_ap() from a
helper function that got apdev[i] as an argument.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Wed, 30 Mar 2016 08:55:56 +0000 (10:55 +0200)]
tests: Pass full apdev to add_ap() function (3)
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (3) converts the cases that use the start_ap() helper
function.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Wed, 30 Mar 2016 08:55:56 +0000 (10:55 +0200)]
tests: Pass full apdev to add_ap() function (2)
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (2) converts the cases that use the add_ssdp_ap() helper
function.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Wed, 30 Mar 2016 08:55:56 +0000 (10:55 +0200)]
tests: Pass full apdev to add_ap() function (1)
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (1) converts the cases where apdev[#]['ifname'] was used as
the argument to hostapd.add_ap().
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Wed, 30 Mar 2016 08:55:56 +0000 (10:55 +0200)]
tests: Allow full apdev to be passed to add_ap() function
This allows the full apdev dict to be passed to the add_ap() function
instead of just ifname. This allows us to handle also remote hosts while
we can check apdev['hostname'], apdev['port']. The old style ifname
argument is still accepted to avoid having to convert all callers in a
single commit.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Dmitry Shmidt [Mon, 28 Mar 2016 17:58:53 +0000 (10:58 -0700)]
Android: Fix max number of sched scan SSIDs based on driver capability
This adds use of the driver capability (instead of hardcoded
WPAS_MAX_SCAN_SSIDS) in wpas_start_pno() similarly to what was already
done in wpa_supplicant_req_sched_scan().
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Roshan Pius [Wed, 17 Feb 2016 00:40:06 +0000 (16:40 -0800)]
binder: Implement interface add/remove methods
This commit implements the methods defined in Supplicant service:
1. CreateInterface
2. RemoveInterface
3. GetInterface
The binder service returns the corresponding iface binder object
references which can be used by clients to control a specific
interface.
Signed-off-by: Roshan Pius <rpius@google.com>
Roshan Pius [Wed, 17 Feb 2016 00:39:28 +0000 (16:39 -0800)]
binder: Add binder skeletal code for Android
Create the skeletal binder interface for wpa_supplicant. The interface
hierarchy is based off the existing dbus
interface(https://w1.fi/wpa_supplicant/devel/dbus.html).
Since we use libbinder, the binder interface codebase needs to be
written in C++ and can only be compiled on Android platform for now.
The aidl files define binder RPC interfaces. The Android build system
generates the corresponding C++ interface classes which needs to be
implemented by the server process.
The clients can obtain a reference to the binder service (root object)
using:
android::String16 service_name("fi.w1.wpa_supplicant");
android::sp<android::IBinder> binder =
android::defaultServiceManager()->getService(service_name);
Once a reference to the root object is retrieved, the clients can
obtain references to other RPC objects using that root object methods.
Signed-off-by: Roshan Pius <rpius@google.com>
Jouni Malinen [Sat, 2 Apr 2016 13:53:04 +0000 (16:53 +0300)]
Remove struct ieee80211_mgmt::u.probe_req
This struct in the union is empty, but the design of using a zero-length
u8 array here is not fully compatible with C++ and can result in
undesired compiler warnings. This struct is not used anymore, so it can
be removed from the struct ieee80211_mgmt definition to complete the
changes started in commit
d447cd596f0a9f73850229e7fa2bdd35755dc750
('Updates for stricter automatic memcpy bounds checking').
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 2 Apr 2016 13:52:43 +0000 (16:52 +0300)]
atheros: Do not use struct ieee80211_mgmt::u.probe_req
This struct in the union is empty, but the design of using a zero-length
u8 array here is not fully compatible with C++ and can result in
undesired compiler warnings. Since there are no non-IE fields in the
Probe Request frames, get the location of the variable length IEs simply
by using the pointer to the frame header and the known header length.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 2 Apr 2016 13:52:02 +0000 (16:52 +0300)]
wpa_supplicant: Do not use struct ieee80211_mgmt::u.probe_req
This struct in the union is empty, but the design of using a zero-length
u8 array here is not fully compatible with C++ and can result in
undesired compiler warnings. Since there are no non-IE fields in the
Probe Request frames, get the location of the variable length IEs simply
by using the pointer to the frame header and the known header length.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 2 Apr 2016 13:49:50 +0000 (16:49 +0300)]
AP: Do not use struct ieee80211_mgmt::u.probe_req
This struct in the union is empty, but the design of using a zero-length
u8 array here is not fully compatible with C++ and can result in
undesired compiler warnings. Since there are no non-IE fields in the
Probe Request frames, get the location of the variable length IEs simply
by using the pointer to the frame header and the known header length.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 31 Mar 2016 14:19:12 +0000 (17:19 +0300)]
tests: EAP-SIM fast reauth with no-change SET_NETWORK
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Bala Krishna Bhamidipati [Wed, 30 Mar 2016 15:09:39 +0000 (20:39 +0530)]
Do not clear PMKSA entry or EAP session cache if config does not change
This avoids unnecessary flushing of the PMKSA cache entry and EAP
session data when processing SET_NETWORK commands that set a network
profile parameter to the same value that the parameter already has.
Introduce a new wpa_config_set() and wpa_config_set_quoted() return
value (==1) signifying that the new value being set for the
corresponding field equals to the already configured one so that the
caller can determine that nothing changed in the profile.
For now, this does not cover all the network profile parameters, but
number of the most commonly used parameters are included to cover the
Android use cases where the framework may have issued SET_NETWORK
commands that would have unnecessarily prevented use of PMKSA caching or
EAP fast reauthentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Sunil Dutt [Tue, 22 Mar 2016 12:46:22 +0000 (18:16 +0530)]
Revert "Assign QCA vendor command and attribute for Tx/Rx aggregation"
This reverts commit
4ca16b5fd71833d7d200167ba10b471cab7d049f.
Configuration for this will be done using a previously assigned more
generic command. This new command
QCA_NL80211_VENDOR_SUBCMD_SET_TXRX_AGGREGATION has not been used in any
driver version and won't be used, so the assigned command id can be
freed for future use.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 27 Mar 2016 22:05:16 +0000 (01:05 +0300)]
tests: SAE and bignum failures
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Mar 2016 22:04:39 +0000 (01:04 +0300)]
tests: Add TEST_FAIL() calls into OpenSSL bignum operations
This makes it easier to test error paths in bignum operations in SAE.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Mar 2016 21:17:45 +0000 (00:17 +0300)]
Comment out UDP/UNIX socket code from common ctrl_iface based on build
These were unreachable cases in the switch statements based on how the
build was configured.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Mar 2016 21:14:46 +0000 (00:14 +0300)]
Fix CONFIG_CTRL_IFACE=udp6/udp6-remote builds
wpa_supplicant_global_ctrl_iface_receive() did not handle the from
address properly for the IPv6 case. This was broken by commit
d60886cdafbf839be05ca5f7d4877565d4958a44 ('wpa_supplicant: Add monitor
support for global UDP ctrl_iface').
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Mar 2016 18:45:11 +0000 (21:45 +0300)]
tests: SAE and pwe failure
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Mar 2016 18:43:24 +0000 (21:43 +0300)]
SAE: Check SHA256-PRF operation result
While this is mostly theoretical, check explicitly that SHA256
operations in sha256_prf*() succeed.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Mar 2016 18:28:45 +0000 (21:28 +0300)]
SAE: Remove dead code in FFC pwd-value derivation
The local bits variable is set to prime_len * 8 and consequently bits %
8 cannot be anything else than 0.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Mar 2016 18:26:19 +0000 (21:26 +0300)]
tests: RADIUS accounting with various security cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Mar 2016 18:08:56 +0000 (21:08 +0300)]
tests: Suite B error cases for PMKID and MIC derivation
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Mar 2016 17:57:32 +0000 (20:57 +0300)]
tests: WNM BSS transition management with various PHY types
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Mar 2016 17:30:40 +0000 (20:30 +0300)]
tests: DFS CAC functionality on channel 104 HT40-
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Mar 2016 17:41:24 +0000 (19:41 +0200)]
tests: AP Channel Switch - invalid channel
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Mar 2016 17:22:44 +0000 (19:22 +0200)]
tests: Information element parsing OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Mar 2016 17:16:39 +0000 (19:16 +0200)]
tests: Information element parsing - extra coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Mar 2016 17:07:49 +0000 (19:07 +0200)]
tests: QCA vendor element parsing
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Mar 2016 16:58:52 +0000 (18:58 +0200)]
tests: Invalid VHT 80 and 80+80 MHz configuration (seg0/seg1)
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Mar 2016 15:50:50 +0000 (17:50 +0200)]
tests: HT40 co-ex scan and broken legacy/HT AP
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Mar 2016 15:38:31 +0000 (17:38 +0200)]
tests: HT40 on 5 GHz with disabled secondary channel
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Mar 2016 20:51:32 +0000 (22:51 +0200)]
tests: Fix FST cleanup if alloc_fail is not supported
The test cases fst_ap_start_session_oom and fst_setup_mbie_diff did not
clean up FST sessions properly in case alloc_fail failed due to missing
support for it in the build. This could result in abandoning attached
hostapd global control interface monitors and test case failures due to
the global control interface socket running out of output buffer.
Fix this by going through the cleanup steps even if alloc_fail raises
HwsimSkip exception.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Mar 2016 10:00:34 +0000 (12:00 +0200)]
nl80211: Fix libnl-tiny build with CONFIG_LIBNL20=y
libnl-tiny does not use the separate nl-genl library.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Mar 2016 09:40:35 +0000 (11:40 +0200)]
Use TIOCOUTQ instead of SIOCOUTQ to avoid need for linux/sockios.h
All that the kernel header was doing here is defining SIOCOUTQ to be
TIOCOUTQ. Instead of pulling in the header, we might as well use
TIOCOUTQ directly.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Mar 2016 09:35:30 +0000 (11:35 +0200)]
wlantest: Use local ETH_P_IP define instead of linux/if_ether.h
There is no strong need for pulling in linux/if_ether.h here since all
that is needed if ETH_P_IP and we already cover multiple other ETH_P_*
values in utils/common.h.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Mar 2016 09:29:53 +0000 (11:29 +0200)]
Drop USE_KERNEL_HEADERS define
This was only used for providing an option to use linux/if_packet.h
instgead of netpacket/packet.h in src/ap/iapp.c. However,
netpacket/packet.h is nowadays commonly available and hostapd already
depends on it through src/l2_packet/l2_packet_linux.c, so there is no
need to continue to provide this option for the kernel header.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Mar 2016 09:27:18 +0000 (11:27 +0200)]
Use a separate header file for Linux bridge interface definitions
This moves the BRCTL_* defines from vlan_full.c to linux_bridge.h to
clean up header inclusion.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 26 Mar 2016 09:19:49 +0000 (11:19 +0200)]
Use own header file for defining Linux VLAN kernel interface
This gets rid of need to include linux/if_vlan.h and additional defines
in vlan_ioctl.c to avoid issues with missing definitions in libc
headers.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jörg Krause [Tue, 8 Mar 2016 20:42:30 +0000 (21:42 +0100)]
vlan: Fix musl libc conflict with Linux kernel headers
Due to both <netinet/in.h> (in "utils/includes.h") and <linux/in6.h> (in
<linux/if_bridge.h>) being included, the in6_addr is being redefined:
once from the C library headers and once from the Linux kernel headers.
This causes some build failures with for example the musl C library:
In file included from /usr/include/linux/if_bridge.h:18,
from ../src/ap/vlan_init.c:17:
/usr/include/linux/in6.h:32: error: redefinition of 'struct in6_addr'
/usr/include/linux/in6.h:49: error: redefinition of 'struct sockaddr_in6'
/usr/include/linux/in6.h:59: error: redefinition of 'struct ipv6_mreq'
Mixing C library and Linux kernel headers is a bit problematic [1] and
should be avoided if possible [2]. In order to fix this, define just the
macros needed from <linux/if_bridge.h> as done in Busybox for the brctl
applet [3].
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=15850
[2] http://www.openwall.com/lists/musl/2015/10/06/1
[3] https://git.busybox.net/busybox/commit/?id=
5fa6d1a632505789409a2ba6cf8e112529f9db18
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Lior David [Wed, 23 Mar 2016 16:44:10 +0000 (18:44 +0200)]
P2P: Fix persistent group for 60 GHz networks
Fix two problems with storage of 60 GHz P2P persistent groups:
1. pbss flag was not stored in the network block.
2. When recreating the persistent group from storage,
in addition to the missing pbss flag, the pairwise_cipher and
group_cipher were initialized to CCMP which does not work
in 60 GHz since the default in 60 GHz should be GCMP.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Jouni Malinen [Fri, 25 Mar 2016 16:00:44 +0000 (18:00 +0200)]
vlan: Move if_nametoindex() use out of vlan_init.c
With this, vlan_init.c does not need any special header files anymore
and vlan_ifconfig.c does not need hostapd-specific header files that
might conflict with net/if.h on NetBSD.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 25 Mar 2016 15:56:07 +0000 (17:56 +0200)]
vlan: Move ifconfig helpers to a separate file
This removes final ioctl() use within vlan_init.c.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 25 Mar 2016 15:43:27 +0000 (17:43 +0200)]
vlan: Move CONFIG_FULL_DYNAMIC_VLAN functionality into a separate file
This cleans up vlan_init.c by removing number of C pre-processor
dependencies.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 25 Mar 2016 15:27:16 +0000 (17:27 +0200)]
vlan: Remove unnecessary header includes from netlink implementation
The implementation in vlan_util.c does not use many of the header files
that were pulled in.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 25 Mar 2016 15:21:41 +0000 (17:21 +0200)]
vlan: Clean up netlink vs. ioctl API implementation
Move the ioctl-based VLAN implementation to a separate file to avoid
need for conditional blocks within vlan_ioctl.c. This removes the
internal CONFIG_VLAN_NETLINK define, i.e., this is now used only in
build configuration (.config) to select whether to include the
vlan_util.c (netlink) or vlan_ioctl.c (ioctl) implementation of the
functions.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jörg Krause [Tue, 8 Mar 2016 11:05:01 +0000 (12:05 +0100)]
vlan: Fix musl build error
caddr_t is legacy BSD and should be avoided [1]. While glibc may still
use __caddr_t as the type, Linux kernel does not (it is "void __user *
ifru_data").
This fixes compile errors with the musl libc:
../src/ap/vlan_init.c: In function 'br_delif':
../src/ap/vlan_init.c:218:18: error: '__caddr_t' undeclared (first use in this function)
ifr.ifr_data = (__caddr_t) args;
[1] http://stackoverflow.com/questions/6381526/what-is-the-significance-of-caddr-t-and-when-is-it-used
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Jouni Malinen [Fri, 25 Mar 2016 09:53:59 +0000 (11:53 +0200)]
Make it a bit easier to roam from 2.4 GHz to 5 GHz within ESS
The initial connection to an ESS was already explicitly increasing the
likelihood of picking a 5 GHz BSS. While the throughput estimation is
likely to do same for the roaming decision, it might be possible that
that does not cover all cases. Add couple of dB extra preference for 5
GHz in case the roaming decision falls back to comparing signal levels.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 25 Mar 2016 09:39:31 +0000 (11:39 +0200)]
Fix a typo in a comment
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 24 Mar 2016 10:17:46 +0000 (12:17 +0200)]
tests: WNM BSS Transition Management and cfg80211 connect command
For now, this is not enforcing cfg80211 reassociation since the needed
changes do not yet exist in the upstream kernel. Once those changes are
accepted, the TODO note in the test case can be addressed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 24 Mar 2016 10:12:59 +0000 (12:12 +0200)]
tests: WNM BSS Transition Management and security mismatch
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 24 Mar 2016 20:33:48 +0000 (22:33 +0200)]
nl80211: Ignore deauth/disassoc event during Connect reassociation
cfg80211 reports a deauth/disassoc event when internally clearing
connection with the previous BSS. Ignore that event to allow the new
connect command to complete.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 24 Mar 2016 10:35:05 +0000 (12:35 +0200)]
Include previous BSSID in connection request to indicate reassociation
This allows the SME-in-the-driver case to get similar information about
reassociation that was already available for the SME-in-wpa_supplicant
case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 24 Mar 2016 10:33:40 +0000 (12:33 +0200)]
nl80211: Add NL80211_ATTR_PREV_BSSID with Connect command
This makes it easier for drivers that use the Connect command instead of
separate Auth+Assoc commands to determine when to use reassociation
instead of association. Matching changes are still needed in cfg80211 to
allow this parameter to be used, but it is safe for wpa_supplicant to
start including this attribute now since it will be ignored by older
cfg80211 versions.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 24 Mar 2016 10:11:55 +0000 (12:11 +0200)]
WNM: Verify BSS TM target match against the current network profile
Reject a BSS transition management candidate if it does not match the
current network profile, e.g., due to incompatible security parameters.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 22 Mar 2016 18:37:46 +0000 (20:37 +0200)]
mesh: Simplify wpa_auth_pmksa_set_to_sm()
pmksa->pmk or pmksa->pmkid cannot be NULL since they are arrays. Remove
the unnecessary NULL checks and use the provided pmksa pointer directly
to simplify the implementation. (CID 138519)
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 22 Mar 2016 09:31:30 +0000 (11:31 +0200)]
privsep: Fix a compiler warning on unsigned/signed comparison
Signed-off-by: Jouni Malinen <j@w1.fi>
Roy Marples [Tue, 15 Mar 2016 13:40:14 +0000 (13:40 +0000)]
Add interface matching support with -M, guarded by CONFIG_MATCH_IFACE
The new wpa_supplicant command line argument -M can be used to describe
matching rules with a wildcard interface name (e.g., "wlan*").
This is very useful for systems without udev (Linux) or devd (FreeBSD).
Signed-off-by: Roy Marples <roy@marples.name>
Roy Marples [Tue, 15 Mar 2016 13:02:08 +0000 (13:02 +0000)]
Find correct driver for interface additions/removals
Interface additions/removals are not guaranteed to be for the driver
listening to the kernel events. As such, send the events to
wpa_supplicant_event_global() which can then pick the correct interface
registered with wpa_supplicant to send the event to.
Signed-off-by: Roy Marples <roy@marples.name>
Jouni Malinen [Mon, 21 Mar 2016 19:09:03 +0000 (21:09 +0200)]
wpa_supplicant: Fix CONFIG_IBSS_RSN=y build without CONFIG_AP=y
Commit
1889af2e0f89f9a98171761683eb1c244584daf8 ('VLAN: Separate station
grouping and uplink configuration') added an ap_sta_set_vlan() function
that gets called from pmksa_cache_auth.c. This broke CONFIG_IBSS_RSN=y
build if src/ap/sta_info.c did not get included in the build, i.e., if
CONFIG_AP=y was not set.
Fix this by making the ap_sta_set_vlan() call conditional on
CONFIG_NO_VLAN being undefined and define this for CONFIG_IBSS_RSN=y
builds. This is fine for wpa_supplicant since CONFIG_AP=y case was
already defining this. For hostapd, this function call is not needed for
CONFIG_NO_VLAN case either.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 21 Mar 2016 11:12:10 +0000 (13:12 +0200)]
tests: Allow RC4-SHA failure in ap_wpa2_eap_fast_cipher_suites
This needs to be allowed with OpenSSL 1.1.0 since the RC4-based cipher
has been disabled by default.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Janusz Dziedzic [Tue, 8 Mar 2016 13:28:05 +0000 (14:28 +0100)]
tests: Improve debug logs in hostapd/wpasupplicant with remote commands
Show more info when we are using remote wpaspy and UDP-based control
interface.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Tue, 8 Mar 2016 13:28:04 +0000 (14:28 +0100)]
tests: hostapd.py/wpasupplicant.py use Host when executing commands
Execute commands using the Host class. This enables use of remote hosts
as well.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Tue, 8 Mar 2016 13:28:03 +0000 (14:28 +0100)]
tests: Add remotehost.py and Host class
This class allows execution of commands on a remote hosts/machine. This
is based on ssh with authorized keys, so you should be able to execute
such commands without any password:
ssh <user>@<hostname> id
By default user is root.
Support for sync and async calls is included.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Tue, 8 Mar 2016 13:28:02 +0000 (14:28 +0100)]
wpa_supplicant: Fix p2p_group_add when UDP-based ctrl_iface is used
While p2p_group_add ctrl_interface name could be derived from the main
interface (simple p2p_group_add command), we failed to bind the same UDP
port. Fix this problem and also update the correct ctrl_interface name
(port decrement).
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Jouni Malinen [Sun, 20 Mar 2016 19:37:12 +0000 (21:37 +0200)]
FST: Fix a compiler warning
FST_MAX_PRIO_VALUE is unsigned (u32) and some gcc versions warning about
comparisong to long int val at least on 32-bit builds. Get rid of this
warning by type casesing val to unsigned long int after having verified
that it is positive.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Mar 2016 18:18:55 +0000 (20:18 +0200)]
Fix nfc_pw_token build with CONFIG_FST=y
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Mar 2016 17:54:57 +0000 (19:54 +0200)]
tests: Add CONFIG_VLAN_NETLINK=y to hostapd build configuration
This is needed for ap_vlan_tagged_wpa2_radius_id_change to pass. The
ioctl-based vlan_add() function does not use the vlan_if_name parameter
at all.
Signed-off-by: Jouni Malinen <j@w1.fi>
Masashi Honma [Fri, 11 Mar 2016 08:37:25 +0000 (17:37 +0900)]
mesh: Use appropriate BLOCKED state duration
Previously, BLOCKED state duration slightly increased up to 3600. Though
the BLOCKED state could be canceled by ap_handle_timer(). Because the
timer timeouts in ap_max_inactivity(default=300sec) and remove STA
objects (the object retains BLOCKED state).
This patch re-designs my commit
bf51f4f82bdb50356de5501acac53fe1b91a7b86
('mesh: Fix remaining BLOCKED state after SAE auth failure') to replace
mesh_auth_block_duration by ap_max_inactivity and remove incremental
duration.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>