Commit message (Collapse)AuthorAgeFilesLines
* mesh: Make inactivity timer configurableMasashi Honma2015-01-197-0/+40
| | | | | | | | | | | Current mesh code uses ap_max_inactivity as inactivity timer. This patch makes it configurable. There is another mesh inactivity timer in mac80211. The timer works even if user_mpm=1. So this patch sets the max value to the timer for workaround. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* AP: Expire STA without entry in kernelMasashi Honma2015-01-192-0/+9
| | | | | | | If the inactivity check returns that there is no entry remaining for the STA in the kernel, drop the STA in hostapd as well. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* AP: Remove redundant condition for STA expirationMasashi Honma2015-01-191-2/+1
| | | | | | This condition is always true because of surrounding if. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* tests: Increase hostapd out-of-memory loop coverageJouni Malinen2015-01-191-0/+4
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix RADIUS client with out-of-memory and missing shared secretJouni Malinen2015-01-191-2/+4
| | | | | | | It was possible for an out-of-memory code path to trigger NULL pointer dereference when preparing a RADIUS accounting report. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: WPA + WEP configuration getting rejectedJouni Malinen2015-01-181-0/+12
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Add step-by-step guide for setting up test frameworkJouni Malinen2015-01-182-0/+180
| | | | | | | | | | This set of notes provides information on how virtual guess OS can be used to run the mac80211_hwsim test cases under any host OS. The specific example here uses Ubuntu 14.04.1 server as the starting point and lists the additional packages that need to be installed and commands that can be used to fetch and build the test programs. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Close wlan5 control interface monitor more explicitlyJouni Malinen2015-01-183-2/+16
| | | | | | | | | | | There were couple of common cases where the control interface for the dynamic wpa_supplicant instance could have been left in attached state until Python ends up cleaning up the instance. This could result in issues if many monitor interface events were queued for that attached socket. Make this less likely to cause issues by explicitly detaching and closing control interfaces before moving to the next test case. Signed-off-by: Jouni Malinen <j@w1.fi>
* Print in debug log whether attached monitor is for global interfaceJouni Malinen2015-01-181-5/+7
| | | | | | | | | It is easier to debug issues related to the wpa_supplicant control interfaces being left behind in attached state when the debug log file can be used to determine whether a specific monitor socket was a global or per-interface one. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Make WNM Sleep Mode tests more robustJouni Malinen2015-01-181-6/+27
| | | | | | | | | | | | | It was possible for the Action frame used for entring WNM Sleep Mode to get dropped on the AP side due to it arriving prior to having processed EAPOL-Key message 4/4 due to a race condition between Data and Management frame processing paths. Avoid this by waiting for AP-STA-CONNECTED event from hostapd prior to trying to enter WNM Sleep Mode. In addition, make the check for the STA flag change more robust by allowing the wait to be a bit longer with a loop that terminates as soon as the flag has changed. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Make PMKSA caching tests more robustJouni Malinen2015-01-182-2/+17
| | | | | | | | | | | | | | | | When the STA is forced to disconnect immediately after completion of 4-way handshake, there is a race condition on the AP side between the reception of EAPOL-Key msg 4/4 and the following Deauthentication frame. It is possible for the deauthentication notification to be processed first since that message uses different path from kernel to user space. If hostapd does not receive EAPOL-Key msg 4/4 prior to deauthentication, no PMKSA cache entry is added. This race condition was making the test cases expecting PMKSA caching to work to fail every now and then. Avoid this issue by waiting for AP-STA-CONNECTED event from hostapd. This makes sure the PMKSA cache entry gets added on the AP side. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Add some more time for olbc_ht update in olbc_5ghzJouni Malinen2015-01-181-3/+9
| | | | | | | | It looks like this test case is failing every now and then, so add some more time for the olbc_ht value to get updated before reporting a failure. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Import gobject in a way that allows failuresJouni Malinen2015-01-182-2/+2
| | | | | | | | | It looks like the gobject module does not get installed by default for Python at least on Ubuntu server, so modify the D-Bus test case files to import this in a way that allows other test cases to be run even without gobject module being installed. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Make ap_anqp_sharing more robustJouni Malinen2015-01-181-0/+7
| | | | | | | | | | | This test case uses get_bss() with a BSSID to find a BSS entry. That can result in failures if there are multiple BSS entries in wpa_supplicant BSS table for the same BSSID, e.g., due to an earlier hidden SSID test case. Explicitly clear the cfg80211 and wpa_supplicant scan caches at the beginning of this test case to make it less likely for earlier test cases to trigger a failure here. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Make ap_mixed_security more robustJouni Malinen2015-01-181-0/+1
| | | | | | | | | | | This test case uses get_bss() with a BSSID to find a BSS entry. That can result in failures if there are multiple BSS entries in wpa_supplicant BSS table for the same BSSID, e.g., due to an earlier hidden SSID test case. Explicitly clear the cfg80211 and wpa_supplicant scan caches at the beginning of this test case to make it less likely for earlier test cases to trigger a failure here. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Hotspot 2.0 ANQP fetch with hidden SSID BSS entryJouni Malinen2015-01-181-0/+48
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* HS 2.0: Try to use same BSS entry for storing GAS resultsJouni Malinen2015-01-173-5/+6
| | | | | | | | | | | | | | Commit 17b8995cf5813d7c027cd7a6884700e791d72392 ('Interworking: Try to use same BSS entry for storing GAS results') added a mechanism to try to pair GAS request and response to a single BSS entry to cover cases where multiple BSS entries may exists for the same BSSID. However, that commit did not cover the Hotspot 2.0 ANQP elements. Extend this mechanism to all ANQP elements. This can help in cases where information in the Hotspot 2.0 specific ANQP elements got lost if a hidden SSID or some other reason of duplicated BSS entries was present while doing ANQP fetches. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Write BSS table to debug log in ap_mixed_securityJouni Malinen2015-01-171-0/+2
| | | | | | This makes it easier to debug test failures in BSS entry flags field. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Mark proxyarp_open as skip if traffic test failsJouni Malinen2015-01-171-1/+5
| | | | | | | This step requires kernel changes that are not yet in upstream Linux tree, so mark this as skip rather than failure for now. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Clean up ap_wpa2_eap_aka_extJouni Malinen2015-01-171-118/+24
| | | | | | | Use a loop over set of test values instead of duplicated functionality implemented separately for each case. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Make ap_wpa2_eap_aka_ext faster and more robustJouni Malinen2015-01-171-1/+11
| | | | | | | | | | Use SELECT_NETWORK instead of REASSOCIATE for the first reconnection to avoid unnecessary long wait for temporary network disabling to be cleared. In addition, wait for the disconnect event after issuing the DISCONNECT commands to avoid issues due to any pending events during the immediately following reconnection attempt. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: ap_hs20_fetch_osu: Print osu-providers.txt in debug logJouni Malinen2015-01-171-2/+3
| | | | | | | This makes it easier to figure out what happened if the test case fails due to not finding all the needed OSU-PROVIDER information. Signed-off-by: Jouni Malinen <j@w1.fi>
* Make wpa_supplicant FLUSH command more likely to clear all BSS entriesJouni Malinen2015-01-171-2/+10
| | | | | | | | | Move the wpa_bss_flush() call to the end of the function to allow any pending user of a BSS entry to be cleared before removing the unused entries. There were number of cases where BSS entries could have been left in the list and this resulted in some hwsim test failures. Signed-off-by: Jouni Malinen <j@w1.fi>
* Write reason for scan only_new_results into debug logJouni Malinen2015-01-171-2/+8
| | | | | | | This can be helpful in figuring out why the driver was requested to flush its scan results prior to starting a new scan. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Skip some scan tests if iw does not support scan flushJouni Malinen2015-01-171-6/+15
| | | | | | | | | The external cfg80211 scan flushing operation requires a relatively recent iw version and not all distributions include that. Avoid false failure reports by marking these test cases skipped if the iw command fails. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Fix test skipping for some DFS/VHT casesJouni Malinen2015-01-172-2/+12
| | | | | | | | | Due to a typo and missing hapd variable initialization, some of the DFS and VHT test cases were marked as failures even though they were supposed to be marked as skipped in case the kernel and wireless-regdb did not have sufficient support for these modes. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Fix dbus_probe_req_reporting_oom if already registeredJouni Malinen2015-01-171-0/+15
| | | | | | | | If dbus_probe_req_reporting was run before dbus_probe_req_reporting_oom, the SubscribeProbeReq() method succeeded since the memory allocation that was supposed to fail in the OOM test case was not even tried. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: EAP-TNC fragmentationJouni Malinen2015-01-171-0/+19
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: EAP-MD5 server error casesJouni Malinen2015-01-171-1/+34
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Add optional -1 argument to parallel-vm.pyJouni Malinen2015-01-171-5/+17
| | | | | | | This can be used to skip rerunning of failed test cases (e.g., with "./parallel-vm.py 1 -1 <test case>"). Signed-off-by: Jouni Malinen <j@w1.fi>
* eapol_test: Fix cert_cb() function argumentsJouni Malinen2015-01-171-0/+9
| | | | | | | altsubject[] was added here, but the callback implementation in eapol_test.c was forgotten from the commit. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Interworking auto_interworking=1 with mismatching BSSJouni Malinen2015-01-161-0/+39
| | | | | | | | | This is a regression test case to detect a failure that resulted in an up to five second busy loop through wpa_supplicant_fast_associate() when interworking_find_network_match() and wpa_supplicant_select_bss() get different matching results. Signed-off-by: Jouni Malinen <j@w1.fi>
* Interworking: Avoid busy loop in scan result mismatch corner casesJouni Malinen2015-01-163-1/+10
| | | | | | | | | | | | | | | | It was possible for interworking_find_network_match() to find a possible BSS match in a case where more thorough checks in wpa_supplicant_select_bss() reject network. This itself is fine, in general, but when combined with wpa_supplicant_fast_associate() optimization and auto_interworking=1, this resulted in a busy loop of up to five seconds and a possible stack overflow due to recursion in that loop. Fix this by limiting the Interworking wpa_supplicant_fast_associate() call to be used only once per scan iteration, so that new scan operations can be completed before going through the scan results again. Signed-off-by: Jouni Malinen <j@w1.fi>
* Interworking: Start ANQP fetch from eloop callbackJouni Malinen2015-01-161-1/+6
| | | | | | | | | | | | Reduce maximum stack use by starting next ANQP fetch operation from an eloop callback rather than calling interworking_next_anqp_fetch() directly from interworking_start_fetch_anqp(). This avoids issues that could potentially make the process run out of stack if long loops of ANQP operations are executed in cases where automatic Interworking network selection is used and scan results do not have a full match for a network. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Disconnect-Request with no session identification attributesJouni Malinen2015-01-161-0/+5
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Use a helper function to send and check RADIUS DAS messagesJouni Malinen2015-01-161-201/+37
| | | | | | | No need to have this same sequence of steps duplicated in multiple places. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: RADIUS DAS and Disconnect-Request removing PMKSA cache entryJouni Malinen2015-01-161-0/+93
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* RADIUS DAS: Allow PMKSA cache entry to be removed without associationJouni Malinen2015-01-165-0/+99
| | | | | | | This extends Disconnect-Request processing to check against PMKSA cache entries if no active session (STA association) match the request. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: RADIUS DAS with Acct-Multi-Session-IdJouni Malinen2015-01-162-0/+64
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* RADIUS DAS: Support Acct-Multi-Session-Id as a session identifierJouni Malinen2015-01-163-0/+47
| | | | | | | This extends Disconnect-Request support for an additiona session identification attribute. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add authMultiSessionId into hostapd STA infoJouni Malinen2015-01-161-0/+10
| | | | | | | | | dot1xAuthSessionId was previously used to make Acct-Session-Id available through the control interface. While there is no IEEE 802.1X MIB variable for Acct-Multi-Session-Id, it is useful to make this value available as well. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Disconnect-Request multi-session-matchJouni Malinen2015-01-161-0/+38
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Fix radius_das_disconnect match + non-match caseJouni Malinen2015-01-161-4/+5
| | | | | | | | If Calling-Station-Id matches, but CUI does not, NAS is expected to reject the request instead of accepting it. Verify that Disconnect-NAK is returned for this. Signed-off-by: Jouni Malinen <j@w1.fi>
* RADIUS DAS: Check for single session match for Disconnect-RequestJouni Malinen2015-01-164-20/+132
| | | | | | | | | | | Previously, the first matching STA was picked. That is not really the design in RFC 5176, so extend this matching code to go through all specified session identification attributes and verify that all of them match. In addition, check for a possible case of multiple sessions matching. If such a case is detected, return with Disconnect-NAK and Error-Code 508 (multiple session selection not supported). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: STA not getting response to SA QueryJouni Malinen2015-01-151-0/+36
| | | | | | | | This verifies that wpa_supplicant reconnects if PMF is enabled, unprotected Deauthentication/Disassociation frame is received, and the AP does not reply to SA Query. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: INTERWORKING_CONNECT after having found hidden SSID APJouni Malinen2015-01-151-0/+30
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Fix INTERWORKING_CONNECT with zero-length SSID BSS entryJouni Malinen2015-01-151-0/+21
| | | | | | | | | | | | | | | | | For Interworking connection to work, the SSID of the selected BSS needs to be known to be able to associate with the AP. It was possible for the scan results to include two BSS entries matching the BSSID when an earlier scan with that AP has shown a hidden SSID configuration (e.g., when running hwsim test cases, but at least in theory, this could happen with real use cases as well). When that happened, the incorrect BSS entry may not have included RSN configuration and as such, it would get rejected for Interworking connection. Fix this by confirming that the selected BSS entry has a real SSID. If not, try to find another BSS entry matching the same BSSID and use that, if found with an SSID. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Fix AP-scan-in-STA-mode error path behaviorJouni Malinen2015-01-141-1/+1
| | | | | | | | | | If a second scan trigger attempt fails in STA mode, the error path was supposed to restore the old mode that was in use before changing to STA mode. However, wpa_driver_nl80211_set_mode() changes drv->nlmode on success, so the recovery path needs to use the saved old_mode value instead. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: domain_match checking against server certificateJouni Malinen2015-01-142-1/+107
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Add domain_match network profile parameterJouni Malinen2015-01-1410-17/+138
| | | | | | | | This is similar with domain_suffix_match, but required a full match of the domain name rather than allowing suffix match (subdomains) or wildcard certificates. Signed-off-by: Jouni Malinen <j@w1.fi>