Commit message (Collapse)AuthorAgeFilesLines
* Make debug print clearer for AP/mesh mode secondary channel issuesJouni Malinen2016-12-131-0/+2
| | | | | | | | | If the secondary channel was not found at all, no debug print was shown to indicate that the channel was rejected due to that problem. Print a clearer message indicating which channel was behind the reason to reject channel configuration as unsuitable for AP mode. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Remove pmk_r1_push parameter from ap_ft_local_key_genJouni Malinen2016-12-131-0/+2
| | | | | | | | | Local key generation for FT-PSK does not use the AP-to-AP protocol and as such, setting pmk_r1_push=1 is a bit confusing here since it gets ignored in practice. Remove it to keep the test case easier to understand. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Clear scan cache at the end of ap_wps_per_station_psk_failureJouni Malinen2016-12-131-0/+7
| | | | | | | | | | | | It was possible for ap_wps_per_station_psk_failure to leave behind scan entries with active PBC mode if cfg80211 BSS table. This could result in a following test case failing due PBC overlap. Fix this by clearing the cfg80211 BSS table explicitly. This was found with the following test case sequence: ap_wps_per_station_psk_failure autogo_pbc Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: PMKSA cache control interface for external managementJouni Malinen2016-12-122-0/+57
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* External persistent storage for PMKSA cache entriesJouni Malinen2016-12-129-8/+222
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds new wpa_supplicant control interface commands PMKSA_GET and PMKSA_ADD that can be used to store PMKSA cache entries in an external persistent storage when terminating a wpa_supplicant process and then restore those entries when starting a new process. The previously added PMKSA-CACHE-ADDED/REMOVED events can be used to help in synchronizing the external storage with the memory-only volatile storage within wpa_supplicant. "PMKSA_GET <network_id>" fetches all stored PMKSA cache entries bound to a specific network profile. The network_id of the current profile is available with the STATUS command (id=<network_id). In addition, the network_id is included in the PMKSA-CACHE-ADDED/REMOVED events. The output of the PMKSA_GET command uses the following format: <BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration in seconds> <akmp> <opportunistic> For example: 02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30240 43200 1 0 02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30240 43200 1 0 The PMKSA_GET command uses the following format: <network_id> <BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration in seconds> <akmp> <opportunistic> (i.e., "PMKSA_ADD <network_id> " prefix followed by a line of PMKSA_GET output data; however, the reauth_time and expiration values need to be updated by decrementing them by number of seconds between the PMKSA_GET and PMKSA_ADD commands) For example: PMKSA_ADD 0 02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30140 43100 1 0 PMKSA_ADD 0 02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30140 43100 1 0 This functionality is disabled be default and can be enabled with CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option. It should be noted that this allows any process that has access to the wpa_supplicant control interface to use PMKSA_ADD command to fetch keying material (PMK), so this is for environments in which the control interface access is restricted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: PMKSA cache control interface eventsJouni Malinen2016-12-121-0/+33
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add PMKSA-CACHE-ADDED/REMOVED events to wpa_supplicantJouni Malinen2016-12-126-13/+49
| | | | | | | These allow external program to monitor PMKSA cache updates in preparation to enable external persistent storage of PMKSA cache. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Send "TERMINATING" event from hostapdDaisuke Niwa2016-12-121-1/+3
| | | | | | | | | hostapd didn't send "TERMINATING" event when stopped by SIGTERM. Android handles this event to stop monitor thread. This commit adds "TERMINATING" event same as with wpa_supplicant. Signed-off-by: Tomoharu Hatano <tomoharu.hatano@sonymobile.com>
* P2P: Set p2p_persistent_group=1 at the time of reading disabled=2Avichal Agarwal2016-12-121-0/+3
| | | | | | | | | | Configuration file network block with disabled=2 is used for storing information about a persistent group, so p2p_persitent_group should be updated according to this when creating a struct wpa_ssid instance. This will end up using D-Bus persistent network object path for the network. Signed-off-by: Avichal Agarwal <avichal.a@samsung.com> Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com>
* tests: Fix wpas_ap_acs after 5 GHz useJouni Malinen2016-12-111-0/+13
| | | | | | | | | Work around the mac80211_hwsim limitation on channel survey by forcing the last connection to be on 2.4 GHz band. Without this, wpas_ap_acs would have failed to start the AP if the previous test case used the 5 GHz band. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove MBO dependency from Supported Operating Classes elementvamsi krishna2016-12-117-331/+325
| | | | | | | | Supported Operating Classes element and its use is define in the IEEE 802.11 standard and can be sent even when MBO is disabled in the build. As such, move this functionality out from the CONFIG_MBO=y only mbo.c. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Specify the BSSID in the QCA vendor scanSunil Dutt2016-12-111-0/+8
| | | | | | | This allows the vendor scan to be optimized when a response is needed only from a single, known BSS. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Define an attribute to do a specific BSSID QCA vendor scanSunil Dutt2016-12-111-10/+13
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add QCA vendor command definitions for IDs 61-73Sunil Dutt2016-12-111-1/+567
| | | | | | | | This commit documents the QCA vendor commands 61-73 and the corresponding definitions of the attributes. This set of commands were previously reserved for QCA without documentation here. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Define QCA Beacon miss threshold attributes for 2.4 and 5 GHz bandsSunil Dutt2016-12-111-0/+4
| | | | | | | These thresholds values indicate how many Beacon frames can be missed before before disconnecting from the AP. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix QCA vendor command values for SAR power limitsJouni Malinen2016-12-111-5/+5
| | | | | | | | | | | | Commit c79238b6a460ab6bc6ebc5e2453fd94716393105 ('Define a QCA vendor command to configure SAR Power limits') had a mismatch between the enum qca_vendor_attr_sar_limits_selections documentations and actual values. The BDF SAR profiles are 0-based, so rename the enum values and reorder the values keep the actual values more convenient. While this changes values over the interface, this is justifiable since the new command was introduced only recently and it had not been released in any driver. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Increase timeout in wpas_mesh_password_mismatchJouni Malinen2016-12-111-2/+5
| | | | | | | | | | There has been number of failures from this test case due to the MESH-SAE-AUTH-FAILURE event from dev[0] and dev[1] arriving couple of seconds after the one second timeout after the dev[2] events. This does not look like a real issue, so increase the timeout to five seconds to make this less likely to show false failures during testing. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Verify wpa_state after INTERWORKING_SELECTJouni Malinen2016-12-111-0/+3
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Make scan_trigger_failure more informativeJouni Malinen2016-12-111-0/+3
| | | | | | | | | | If wpa_state is left to SCANNING by a previously executed test case, scan_trigger_failure will fail. Instead of waiting for that failure, check for wpa_state at the beginning of the test case and report a more helpful error message if the test case would fail due to a previously executed test case. Signed-off-by: Jouni Malinen <j@w1.fi>
* Interworking: Clear SCANNING state if no network selectedJouni Malinen2016-12-111-1/+2
| | | | | | | | | | | | | | | Commit 192ad3d7307473f14c049c1ea724e292a3f8ae24 ('Interworking: Clear SCANNING state if no match found') did this for the case where no network matched credentials, but left the SCANNING state in place if there were a match, but automatic connection was not enabled. Extend this to cover the case where INTERWORKING_SELECT is not followed by a connection attempt so that wpa_state is not left indefinitely to SCANNING. This fixes a hwsim test case failure in the following sequence: ap_anqp_sharing scan_trigger_failure Signed-off-by: Jouni Malinen <j@w1.fi>
* SME: Fix IBSS setup after shared key/FT/FILS associationJouni Malinen2016-12-111-0/+7
| | | | | | | | | | | | | wpa_s->sme.auth_alg could have been left to a previously value other than WPA_AUTH_ALG_OPEN if IBSS network is used after an association that used shared key, FT, or FILS authentication algorithm. This could result in the IBSS setup failing due to incorrect authentication processing steps. Fix this by setting wpa_s->sme.auth_alg = WPA_AUTH_ALG_OPEN whenever starting an IBSS (or mesh, for that matter) network. Signed-off-by: Jouni Malinen <j@w1.fi>
* P2P: Fix a theoretical out of bounds read in wpas_p2p_select_go_freq()Amit Purwar2016-12-111-3/+3
| | | | | | | | | | | | | | | | | | | | | | Commit 8e84921efe652233703588852bc43c36ccb241df ('P2P: Support driver preferred freq list for Autonomous GO case') introduced this loop to go through preferred channel list from the driver. The loop does bounds checking of the index only after having read a value from the array. That could in theory read one entry beyond the end of the stack buffer. Fix this by moving the index variable check to be done before using it to fetch a value from the array. This code is used only if wpa_supplicant is build with CONFIG_DRIVER_NL80211_QCA=y and if the driver supports the vendor extension (get_pref_freq_list() driver op). In addition, the driver would need to return more than P2P_MAX_PREF_CHANNELS (= 100) preferred channels for this to actually be able to read beyond the buffer. No driver is known to return that many preferred channels, so this does not seem to be reachable in practice. Signed-off-by: Amit Purwar <amit.purwar@samsung.com> Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
* P2P: Fix a theoretical out of bounds read in wpas_p2p_setup_freqs()Amit Purwar2016-12-111-3/+3
| | | | | | | | | | | | | | | | | | | | | | Commit 370017d968e071522357ea88c0c6aaed02853222 ('P2P: Use preferred frequency list from the local driver') introduced this loop to go through preferred channel list from the driver. The loop does bounds checking of the index only after having read a value from the array. That could in theory read one entry beyond the end of the stack buffer. Fix this by moving the index variable check to be done before using it to fetch a value from the array. This code is used only if wpa_supplicant is build with CONFIG_DRIVER_NL80211_QCA=y and if the driver supports the vendor extension (get_pref_freq_list() driver op). In addition, the driver would need to return more than P2P_MAX_PREF_CHANNELS (= 100) preferred channels for this to actually be able to read beyond the buffer. No driver is known to return that many preferred channels, so this does not seem to be reachable in practice. Signed-off-by: Amit Purwar <amit.purwar@samsung.com> Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
* tests: Add kernel BSS leak testsJohannes Berg2016-12-111-0/+57
| | | | | | | | | | Add two tests that check if the kernel BSS leak (when we get a deauth or otherwise abandon an association attempt) is present in the kernel. This is for a long-standing cfg80211/mac80211 issue that got fixed with the kernel commit 'cfg80211/mac80211: fix BSS leaks when abandoning assoc attempts'. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* tests: P2P device discovery and peer changing device nameJouni Malinen2016-12-111-0/+28
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* P2P: Send P2P-DEVICE-FOUND event on peer changing device nameMayank Haarit2016-12-111-0/+5
| | | | | | | | | | This is to handle the case when peer changes device name and same needs to be updated to upper layers by P2P-DEVICE-FOUND event. It is similar to the case when a peer changes wfd_subelems and P2P-DEVICE-FOUND event goes to upper layers. Signed-off-by: Mayank Haarit <mayank.h@samsung.com> Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
* tests: Peer disabling Wi-Fi Display advertisementJouni Malinen2016-12-111-0/+31
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* WFD: Clear wfd_subelems when P2P peer stops sending themMayank Haarit2016-12-111-2/+5
| | | | | | | | | | | | | | | | When a peer device stops sending wfd_subelems, wpa_supplicant should remove dev->info.wfd_subelems from peer's properties. Previously, wpa_supplicant left the previously learned dev->info.wfd_subelems in place whenever the new message did not include wfd_subelems. In addition to fixing the clearing of the old wfd_subelems, this resolves another issue. As "wfd_changed" variable becomes true even when peer stops sending wfd_subelems and dev->info.wfd_subelems has an old value, a new P2P-DEVICE-FOUND event notification was sent again and again to upper layers whenever a new discovery response was received from the peer that previously advertised WFD subelements. Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
* tests: Ongoing scan and FLUSHJouni Malinen2016-12-111-0/+19
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Ignore scan results from ongoing scan when FLUSH command is issuedJouni Malinen2016-12-114-1/+17
| | | | | | | | | | | | | This makes wpa_supplicant behavior more consistent with FLUSH command to clear all state. Previously, it was possible for an ongoing scan to be aborted when the FLUSH command is issued and the scan results from that aborted scan would still be processed and that would update the BSS table which was supposed to cleared by the FLUSH command. This could result in hwsim test case failures due to unexpected BSS table entries being present after the FLUSH command. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Scan and only_new=1 multiple timesJouni Malinen2016-12-102-0/+38
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Make update_idx available in BSS control interface commandJouni Malinen2016-12-102-0/+9
| | | | | | This can be used to perform more accurate tests on BSS entry updates. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Make p2ps_wildcard_p2ps more robustJouni Malinen2016-12-091-0/+2
| | | | | | | | | | | | | | | | The final check in this test case was issuing a new P2P_FIND command immediately after the P2P_SERVICE_DEL command on the peer. It looked like it was possible for the scan timing to go in a sequence that made the new P2P_FIND operation eventually accept a cfg80211 BSS entry from the very end of the previous P2P_FIND. This resulted in unexpected P2P-DEVICE-FOUND event even though there was no new Probe Response frame from the peer at that point in time. Make this less likely to show unrelated failures by waiting a bit before starting a new P2P_FIND operation after having changes peer configuration. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Clear PEER_WAITING_RESPONSE on GO Negotiation successJouni Malinen2016-12-091-0/+1
| | | | | | | | | | | | | | | | | Previously, this flag was cleared only in case of failed GO Negotiation. That could leave the flag set for a peer and if a new group formation was performed with the same peer before the entry expired, there was increased risk of getting stuck in a state where neither peer replied to a GO Negotiation Request frame if a GO Negotiation Response frame with Status 1 was dropped. The error sequence could happen in the go_neg_with_bss_connected test case when timing was suitable to make the second GO negotiation drop a pending TX Action frame if the GO Negotiation Response with Status 1 was scheduled for transmission during a P2P scan and P2P_CONNECT was issued before that scan got aborted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Define a QCA vendor command to configure SAR Power limitsJeff Johnson2016-12-081-0/+125
| | | | | | | | | | There is a regulatory requirement for Specific Absorption Rate (SAR) whereby the device transmit power is reduced when it is determined that the device is in close proximity to the body. Implement a vendor command interface to allow a userspace entity to dynamically control the SAR power limits. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Use eloop timeout for post-EAP-Failure wait before disconnectionJouni Malinen2016-12-083-11/+69
| | | | | | | | | | | | | | | | | | | | | Previously, os_sleep() was used to block the hostapd (or wpa_supplicant AP/P2P GO mode) processing between sending out EAP-Failure and disconnecting the STA. This is not ideal for couple of reasons: it blocks all other parallel operations in the process and it leaves a window during which the station might deauthenticate and the AP would have no option for reacting to that before forcing out its own Deauthentication frame which could go out after the STA has already started new connection attempt. Improve this design by scheduling an eloop timeout of 10 ms instead of the os_sleep() call and perform the delayed operations from the eloop callback function. This eloop timeout is cancelled if the STA disconnects or initiates a new connection attempt before the 10 ms time is reached. This gets rid of the confusing extra Deauthentication frame in cases where the STA reacts to EAP-Failure by an immediate deauthentication. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: WEP to WPA2-PSK configuration change in hostapdJouni Malinen2016-12-051-0/+23
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Allow hostapd wep_key# parameters to be clearedJouni Malinen2016-12-051-1/+19
| | | | | | | | Setting wep_key# to an empty string will now clear a previously configured key. This is needed to be able to change WEP configured AP to using WPA/WPA2 through the hostapd control interface SET commands. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: P2P group formation with VHT 80 MHzJouni Malinen2016-12-051-0/+24
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Check data connectivity after supplicant triggered EAP reauthJouni Malinen2016-12-051-1/+2
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_passphrase: Reject invalid passphraseJouni Malinen2016-12-051-1/+7
| | | | | | | | Reject a passphrase with control characters instead of trying to write out an example network configuration block with such control characters included. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: AP with open mode and external associationJouni Malinen2016-12-051-0/+24
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Update drv->ssid on connect/associate event based on BSS dataNingyuan Wang2016-12-053-1/+66
| | | | | | | | | | | | | | On a connect nl80211 event, wpa_supplicant uses wpa_driver_nl80211_get_ssid() to fetch the current associated SSID to compare to existing configurations. However, wpa_driver_nl80211_get_ssid() uses drv->ssid, which is a cached value. It is set when we explicitly initial a connect request using wpa_supplicant. If the association was initiated outside of wpa_supplicant, we need another way to populate drv->ssid. This commit sets drv->ssid based on cfg80211 BSS information on connect/associate nl80211 events. Signed-off-by: Ningyuan Wang <nywang@google.com>
* nl80211: Fix scan_state update in no pending scan stateJouni Malinen2016-12-051-2/+4
| | | | | | | | | | | | | | | | | Commit adcd7c4b0bd02bead77f884f52782a813f5243bb ('nl80211: Support vendor scan together with normal scan') made the drv->scan_state updates for NL80211_CMD_NEW_SCAN_RESULTS and NL80211_CMD_SCAN_ABORTED conditional on drv->last_scan_cmd being NL80211_CMD_TRIGGER_SCAN. This missed the part about the possibility of last_scan_cmd == 0 and an externally started cfg80211 scan is ending. This could leave drv->scan_state into SCAN_STARTED state even after the scan was completed. Consequently, hwsim test cases could get stuck in reset() handler waiting for scan to terminate. Fix this by updating drv->scan_state also in drv->last_scan_cmd == 0 case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Verify multicast_to_unicast operationMichael Braun2016-12-042-5/+37
| | | | Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
* Add multicast to unicast supportMichael Braun2016-12-046-0/+90
| | | | | | | | | | | | | | | | | | | | This adds support for nl80211 NL80211_CMD_SET_MULTICAST_TO_UNICAST command. By setting the new hostapd configuration option multicast_to_unicast=1, hostapd configures this AP to perform multicast to unicast conversion. When enabled, all multicast packets with ethertype ARP, IPv4, or IPv6 (possibly within an 802.1Q header) will be sent out to each station once with the destination (multicast) MAC address replaced by the station's MAC address. Note that this may break certain expectations of the receiver, e.g., the ability to drop unicast IP packets encapsulated in multicast L2 frames, or the ability to not send destination unreachable messages in such cases. This also does not implement Directed Multicast Service (DMS). Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
* Sync with mac80211-next.git include/uapi/linux/nl80211.hJouni Malinen2016-12-041-0/+29
| | | | | | This brings in nl80211 definitions as of 2016-12-02. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove inactivity timeout for wired interfacesSam Tannous2016-12-041-1/+10
| | | | | | | | | | | | | | | | | | | | | We should unconditionally remove inactivity timers for wired network cases. This commit checks for this after a new station association: hapd->iface->drv_flags & WPA_DRIVER_FLAGS_WIRED and then cancels the timeout and does not register a new one. It prints out a debug message like this: 1476740180.276286: IEEE 802.1X: 00:02:00:00:00:07 CTRL_DIR entering state FORCE_BOTH 1476740180.276295: hostapd_new_assoc_sta: canceled wired ap_handle_timer timeout for 00:02:00:00:00:07 This was tested on a debian jessie amd64 system with a configured 120 second inactivity timer and the session did not timeout. Signed-off-by: Sam Tannous <stannous@cumulusnetworks.com>
* Defer scans while PNO is in progress instead of skipping themArik Nemtsov2016-12-041-5/+15
| | | | | | | | Skipping the scan altogether will hurt auto-reconnect. Also move the PNO check down since the scan might be canceled for other reasons before we defer it. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
* nl80211: Optimize memory use in nl80211_get_assoc_freq()Jouni Malinen2016-12-033-42/+65
| | | | | | | | | | | | | | Do not use the generic bss_info_handler() design to fetch all scan results into temporary memory buffer. Instead, use a separate BSS info handler that fetches the requested information without fully parsing the BSS entries and without allocating any memory for collecting all the results. This is also simplifying bss_info_handler() and nl80211_parse_bss_info() design by getting rid of the special case that was used only for nl80211_get_assoc_freq() and not normal scan result fetching. Signed-off-by: Jouni Malinen <j@w1.fi>