Commit message (Collapse)AuthorAgeFilesLines
* Suite B: Add AKM 00-0F-AC:11Jouni Malinen2014-11-1617-8/+82
| | | | | | | | This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The functionality itself is not yet complete, i.e., this commit only includes parts to negotiate the new AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Clear ignore_old_scan_res settingJouni Malinen2014-11-151-0/+1
| | | | | | | | | | This parameter was used in some of the NFC test cases to make scanning more robust in case of changing AP configuration. However, the parameter was not cleared anywhere, so it could have been left in use for other test cases as well. To get more consistent behavior, clear the value back to its default between test cases. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Allow TLS v1.1 and v1.2 to be negotiated by defaultJouni Malinen2014-11-151-1/+4
| | | | | | | | | Use SSLv23_method() to enable TLS version negotiation for any version equal to or newer than 1.0. If the old behavior is needed as a workaround for some broken authentication servers, it can be configured with phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1". Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-IKEv2: Fix compilation warningAndrei Otcheretianski2014-11-151-1/+1
| | | | | | | Fix signed/unsigned comparison compilation warning introduced in 08ef442 "EAP-IKEv2: Fix the payload parser". Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* Add CTRL-EVENT-SCAN-FAILED notification in case of scan failureDmitry Shmidt2014-11-152-0/+4
| | | | | | | | This is needed since the SCAN command with radio work returns before the actual driver operation to trigger a scan has been executed and as such, cannot return result of that operation. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* Work around AP misbehavior on EAPOL-Key descriptor versionJouni Malinen2014-11-141-0/+3
| | | | | | | | | | | | | | | | | | | It looks like some APs are incorrectly selecting descriptor version 3 (AES-128-CMAC) for EAPOL-Key frames when version 2 (HMAC-SHA1) was expected to be used. This is likely triggered by an attempt to negotiate PMF with SHA1-based AKM. Since AES-128-CMAC is considered stronger than HMAC-SHA1, allow the incorrect, but stronger, option to be used in these cases to avoid interoperability issues with deployed APs. This issue shows up with "WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2" in debug log. With the new workaround, this issue is ignored and "WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used" is written to the log. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: PMF required with SHA1-based AKMJouni Malinen2014-11-141-0/+19
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Change drv_flags from unsigned int to u64Yanbo Li2014-11-141-1/+1
| | | | | | | | Some flag already using a bit larger than 32, so extend the hostapd drv_flags type similarly to the earlier wpa_supplicant change to get the full flag content. Signed-off-by: Yanbo Li <yanbol@qti.qualcomm.com>
* Assign QCA vendor specific nl80211 command id 52 for APFINDJouni Malinen2014-11-131-0/+1
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: DFS with chanlistJouni Malinen2014-11-011-1/+113
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove unused EVENT_MLME_RXJouni Malinen2014-11-012-19/+0
| | | | | | | This was used in driver_test.c, but that driver wrapper has been removed and there are no remaining or expected users for EVENT_MLME_RX. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove unused EVENT_FT_RRB_RXJouni Malinen2014-11-013-21/+0
| | | | | | | | This was used in hostapd driver_test.c, but that driver wrapper has been removed and there are no remaining or expected users for EVENT_FT_RRB_RX. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Make vm-run.sh arguments non-positionalIlan Peer2014-11-011-18/+26
| | | | | | | | This was currently breaking parallel-run.*, as it was passing --split num/num parameters (intended for rnu-tests.py) to vm-run.sh which broke the --codecov and --timewrap options. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* tests: Update vm READMEIlan Peer2014-11-011-1/+1
| | | | | | | Update the code coverage documentation to also specify the source base directory for the code coverage generation. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* tests: Add usage() to run-all.shIlan Peer2014-11-011-0/+11
| | | | | | | The -h or --help command line arguments can now be used to request usage information for run-all.sh. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* tests: Add option to build before running all testsIlan Peer2014-11-011-1/+39
| | | | | | | | Add an option --build to run-all.sh to build before starting to run all the tests. In addition, add an option --codecov to extract the code coverage data at the end of the run. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* tests: Make run-all.sh arguments non-positionalIlan Peer2014-11-011-20/+37
| | | | Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* Remove completed to-do itemsJouni Malinen2014-11-011-9/+3
| | | | | | | While this file has not really been updated in years, some of the completed items can easily be removed. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove references to madwifi from various filesJouni Malinen2014-11-019-29/+13
| | | | | | | | Number of documentation and configuration files had references to the madwifi driver interface that was removed in the previous commit. Remove these references as well. Signed-off-by: Jouni Malinen <j@w1.fi>
* madwifi: Remove obsolete madwifi driver interfaceJouni Malinen2014-11-014-1333/+0
| | | | | | | | The MadWifi project is not active anymore and the last release happened in early 2008. As such, there is no remaining justification for maintaining the madwifi-specific driver interface for hostapd either. Signed-off-by: Jouni Malinen <j@w1.fi>
* dbus: Fix memory leak in wpas_dbus_getter_bss_wpsSlava Monich2014-11-011-0/+2
| | | | Signed-off-by: Slava Monich <slava.monich@jolla.com>
* wpa_gui: Use dialog window typeMartin Kletzander2014-11-011-0/+1
| | | | | | | | This helps window managers treat the window properly. Mostly tiling WMs are affected by this. All other windows inherit this option from QDialog already. Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
* tests: Concurrent station mode scan and p2p_find with P2P DeviceJouni Malinen2014-10-301-0/+12
| | | | | | | This verifies that station mode interface SCAN command gets executed if P2P Device instance is running p2p_find. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: P2P_STOP_FIND/P2P_FLUSH to ignore new resultsJouni Malinen2014-10-301-0/+31
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Do not consider the p2p_scan results after p2p_stop_findSunil Dutt2014-10-302-0/+29
| | | | | | | | | | If p2p_stop_find is issued after the p2p_scan request is triggered to the host driver, the obtained scan results are also considered to update the P2P peer entries. This is not always desired behavior, i.e., it can be clearer if no P2P-DEVICE-FOUND events are generated based of that final pending scan. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Document p2p_in_progress() return value 2Jouni Malinen2014-10-301-1/+2
| | | | | | Function documentation was not in sync with the implementation. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Delay scan operation only when P2P is not in search stateSunil Dutt2014-10-301-2/+3
| | | | | | | | | | With the radio work interface in place, station interface SCAN command was not scheduled (i.e., it got continously delayed with "Delay station mode scan while P2P operation is in progress") when a p2p_find was operational. Fix this be delaying station mode scan only when a P2P operation is in progress, but not in search state. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Set p2p_scan_running based on driver scan request resultSunil Dutt2014-10-303-15/+28
| | | | | | | | | | | With the radio work interface, the actual request to start p2p_scan operation is scheduled from a radio work and hence the initial return value cannot provide the real result of the driver operation to trigger a scan. Introduce a new notification API to indicate the scan trigger status based on which the p2p_scan_running instance can be set using the real return value from the driver operation. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* MACsec: Fix policy configurationJouni Malinen2014-10-301-2/+2
| | | | | | | | | | | macsec_validate variable was set incorrectly to FALSE(0) or TRUE(1) instead of the enum validate_frames values (Disabled(0), Checked(1), Strict(2). This ended up policy == SHOULD_SECURE to be mapped to macsec_validate == Checked instead of Strict. This could have resulted in unintended SecY forwarding of invalid packets rather than dropping them. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Clean up p2p_go_neg_failed() callsJouni Malinen2014-10-293-33/+28
| | | | | | | | | | This function is always called with the peer argument equal to p2p->go_neg_peer, so there is no need for that argument to be there. In addition, p2p->go_neg_peer is not NULL in cases where there is an ongoing GO Negotiation, so the function can be simplified to just check once whether the peer pointer is set and if not, skip all processing. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: GO Negotiation and timeout while waiting for peerJouni Malinen2014-10-291-0/+26
| | | | | | | | grpform_cred_ready_timeout2 is similar to the grpform_cred_ready_timeout test case with the difference being in initiating a P2P_FIND operation during the wait. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Use timer to fail GO Negotation while waiting for peerRashmi Ramanna2014-10-293-11/+27
| | | | | | | | | | | | | | The timeout check while waiting for the peer to accept the GO Negotiation depended on the WAIT_PEER_IDLE or WAIT_PEER_CONNECT states being in use. Any P2P command to alter such states would have resulted in the failure to time out GO Negotiation and thus ended up in not indicating GO Negotiation failure or left the selected peer available for new GO negotiation after the expected two minute timeout. Fix this by using a separate timer to time out GO Negotiation irrespective of the P2P state. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Remove ap_ht40_csa and ap_ht40_csa3 workaroundsJouni Malinen2014-10-281-20/+4
| | | | | | | | The issue in mac80211 was identified and proposed fix is now available, so remove the workaround here and start reporting failures from unexpected disconnection during CSA. Signed-off-by: Jouni Malinen <j@w1.fi>
* P2P: Do not call wpas_p2p_disconnect_safely() if no match is foundJouni Malinen2014-10-271-1/+1
| | | | | | | | | In theory, wpas_p2p_disconnect_safely() could have dereferenced the wpa_s == NULL argument, but in practice, it won't due to the calling_wpa_s == wpa_s check and wpas_p2p_disconnect() accepting NULL. Anyway, it is cleaner to add an explicit check for this. (CID 74492) Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Fix a copy-paste error in key offload managementJouni Malinen2014-10-271-1/+1
| | | | | | | | | | | Commit b41f26845aaa7cf8aed6e4889e7041debc476ef9 ('Add support for offloading key management operations to the driver') used incorrect variable for determining the KCK length. This does not get triggered in normal use cases since KCK and KEK are always included and of the same length (in currently supported key management cases). Anyway, this needs to be fixed to check the correct attribute. (CID 74491) Signed-off-by: Jouni Malinen <j@w1.fi>
* AP: Add support for Proxy ARP, DHCP snooping mechanismKyeyoon Park2014-10-2712-0/+265
| | | | | | | | | | | | | | | | | | | | Proxy ARP allows the AP devices to keep track of the hardware address to IP address mapping of the STA devices within the BSS. When a request for such information is made (i.e., ARP request, Neighbor Solicitation), the AP will respond on behalf of the STA device within the BSS. Such requests could originate from a device within the BSS or also from the bridge. In the process of the AP replying to the request (i.e., ARP reply, Neighbor Advertisement), the AP will drop the original request frame. The relevant STA will not even know that such information was ever requested. This feature is a requirement for Hotspot 2.0, and is defined in IEEE Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly resides in the kernel bridge code, in order to optimize the performance and simplify kernel implementation, the DHCP snooping code was added to the hostapd. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* common: Add definition for ETH_HLENKyeyoon Park2014-10-271-0/+3
| | | | Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* AP: Add support for setting bridge network parameterKyeyoon Park2014-10-273-0/+65
| | | | | | | | | | | | This allows setting a network parameter on the bridge that the BSS belongs to. This commit adds the needed functionality in driver_nl80211.c for the Linux bridge implementation. In theory, this could be shared with multiple Linux driver interfaces, but for now, only the main nl80211 interface is supported. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* AP: Add support for setting bridge port attributesKyeyoon Park2014-10-273-0/+86
| | | | | | | | | | | | This allows setting a bridge port attribute. Specifically, the bridge port in this context is the port to which the BSS belongs. This commit adds the needed functionality in driver_nl80211.c for the Linux bridge implementation. In theory, this could be shared with multiple Linux driver interfaces, but for now, only the main nl80211 interface is supported. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* AP: Add support for IPv4 neighbor entry management to the BSS bridgeKyeyoon Park2014-10-273-0/+180
| | | | | | | | | | This allows adding/deleting an IPv4 neighbor entry to/from the bridge, to which the BSS belongs. This commit adds the needed functionality in driver_nl80211.c for the Linux bridge implementation. In theory, this could be shared with multiple Linux driver interfaces, but for now, only the main nl80211 interface is supported. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* nl80211: Make br_ifindex available in i802_bssKyeyoon Park2014-10-272-3/+6
| | | | Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* l2_packet: Add support for DHCP packet filter in l2_packet_linuxKyeyoon Park2014-10-277-0/+103
| | | | Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* tests: Scan result update changing last_scan_res and connect_workJouni Malinen2014-10-271-0/+87
| | | | | | | | This verifies that last_scan_res and connect work pointers to BSS entries get updated when scan result update ends up removing or reallocating a BSS entry. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Update pending connect radio work BSS pointer on scan updateJouni Malinen2014-10-274-6/+37
| | | | | | | | | | | | | | | | | | | | | It is possible for scan result processing or BSS entry removal to occur while there is a pending connect or sme-connect radio work with a previously selected BSS entry. The BSS pointer was previously verified to be valid, i.e., still point to a BSS entry, at the time the actual connection operation is started. However, that BSS entry could have changed to point to another BSS if the old BSS entry was either removed or reallocated and a new BSS entry was added at the same location in memory. This could result in the connection attempt failing to configure parameters properly due to different BSS information (e.g., different BSSID). Fix this by updated the pending connect radio work data on BSS entry updates similarly to how the last_scan_res array was updated. If the selected BSS entry is removed, this will still result in a failed connection, but reallocated BSS entry is now followed properly and used when the connection work starts. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: WPS with ap_scan=2Jouni Malinen2014-10-271-0/+31
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Invoke connect work done for all the connection failure casesSunil Dutt2014-10-271-1/+6
| | | | | | | | This commit fixes couple of connection failure paths where wpas_connect_work_done() was not called, thus enabling the radio work interface to proceed with the other queued actions. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Fix ap_scan=2 special association caseJouni Malinen2014-10-271-1/+2
| | | | | | | | | | | Commit 22628eca3440976bf51846da0554099f7429b206 ('Support driver-based BSS selection in ap_scan=1 mode') ended up disabling the special ap_scan=2 WPS case where ap_scan=1 like scan followed by association is used to find the WPS AP using wildcard SSID. Fix this by allowing association request even with wpas_driver_bss_selection() when searching for a WPS AP. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* dbus: Redirect P2P request to the managment device if presentTomasz Bursztyka2014-10-272-11/+122
| | | | | | | In case of a P2P management device being present, it will be up to that interface to handle P2P requests. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
* notify: Do not raise any signal from a P2P management interfaceTomasz Bursztyka2014-10-271-0/+102
| | | | | | | Such interface is not registered on DBus, thus there is no need to raise any signal from it. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
* wpa_supplicant: Do not register a P2P management interface on DBusTomasz Bursztyka2014-10-271-7/+9
| | | | | | | | | DBus client should always request the proper netdev interface. This will be necessary to get a consistent behavior whatever driver is in use: iwlwifi (which requires a P2P mgmt dev), ath9/10k (which does not), etc... Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>