Jouni Malinen [Thu, 12 Feb 2015 13:50:52 +0000 (15:50 +0200)]
tests: Make wpas_mesh_password_mismatch more robust
It seems to be possible for dev2 (the one with incorrect password) to
stop retries before either dev0 or dev1 reports the authentication
failure event. For now, allow the test case pass if either dev0 or dev1
reports the event rather than requiring both to report this. The
expected behavior can be fine-tuned in the future if the reporting
behavior is modified to be more consistent.
Ahmad Kholaif [Wed, 11 Feb 2015 02:48:39 +0000 (18:48 -0800)]
nl80211: Allocate QCA vendor subcmds for DFS radar detected and CAC events
When DFS offloading capability is supported by the driver, the driver
should use these events to indicate when a radar pattern has been
detected, channel availability check (CAC) has been completed, aborted
or finished after the non-occupancy period is over on a DFS channel.
Also, add a new driver.h event to be used by NL80211 to indicate CAC
Started event on a DFS channel.
Due to a copy-paste error, these test cases left 4addr mode enabled on
wlan5. This resulted in number of connect_cmd_* test cases failing if
executed after the wpas_in_bridge tests.
Jouni Malinen [Wed, 11 Feb 2015 12:57:30 +0000 (14:57 +0200)]
tests: Remove temporary config file in wpas_config_file
The new wpa_supplicant configuration file writing style leaves behind
the temporary file (<filename>.tmp) if renaming fails. Clean that up in
the test case execution.
Jouni Malinen [Wed, 11 Feb 2015 08:26:26 +0000 (10:26 +0200)]
nl80211: Indicate interface-down event only for the main netdev
RTM_NEWLINK event without IFF_UP were processed for all related
interfaces (including VLANs and bridge). While these events may need to
be processed for other purposes, they should not end up claiming that
the main interface has been disabled, so indicate
EVENT_INTERFACE_DISABLED only if the ifname matches the first BSS ifname
for the interface. In addition, fix some of the ifup/down checks from
if_indextoname() cases to actually use the resolved ifname (namebuf)
rather than hardcoding the first configured ifname to be used.
Peter Oh [Mon, 9 Feb 2015 21:23:53 +0000 (13:23 -0800)]
hostapd: Avoid sending client probe on removed client
Sending client probe on already removed client from kernel driver does
not have any benefit and may lead unintended behavior among variable
drivers (mac80211 has a WARN_ON() that could have been triggered after
ifconfig down+up earlier when hostapd did not re-enable beaconing on
ifup). Skip this step in discussion when the kernel driver reports that
client entry is removed.
Jouni Malinen [Tue, 10 Feb 2015 16:13:04 +0000 (18:13 +0200)]
Re-enable beaconing on interface disable+enable
This is a step towards enabling hostapd to restart AP mode functionality
if the interface is disabled and re-enabled, e.g., with ifconfig down
and up. This commit takes care of beaconining only which may be
sufficient for open mode connection, but not for WPA2 cases.
Jouni Malinen [Tue, 10 Feb 2015 10:09:07 +0000 (12:09 +0200)]
tests: Make autogo_join_auto_go_neg more robust
This test cases used to fail if dev1 had seen dev0 as a GO in an earlier
test case, e.g., when running it after autogo_fail. Fix this by clearing
scan results on dev1 at the beginning of the test case.
Jouni Malinen [Mon, 9 Feb 2015 22:41:27 +0000 (00:41 +0200)]
P2P: Fix send_action_in_progress clearing in corner cases
It is possible for an Action frame TX operation to be stopped in a way
that results in the TX status callback function not being called. This
could happen, e.g., when P2P_STOP_FIND was issued while waiting for PD
Response TX status. This specific case ended in leaving
p2p->send_action_in_progress set to 1 and that ending up stopping a
future TX operation when p2p_send_action_cb() gets called with
p2p->pending_action_state == P2P_NO_PENDING_ACTION.
This could result in reception of a fragmented service discovery
response failing due to the GAS sequence getting stopped when receiving
TX callback for the first GAS comeback request. That sequence could be
hit in mac80211_hwsim tests when p2p_listen_and_offchannel_tx was
followed by p2p_service_discovery_fragmentation (even after a long time
since this was on dev1 and there could be even 10 minutes between these
test cases).
Fix this issue by clearing send_action_in_progress whenever stopping
pending P2P operation with p2p_stop_find (or P2P_FLUSH for that matter).
Jouni Malinen [Mon, 9 Feb 2015 17:56:32 +0000 (19:56 +0200)]
Add hostapd UPDATE_BEACON ctrl_iface command
This can be used to ask Beacon frames to be updated explicitly, e.g.,
after a dynamic configuration parameter change. This can also be used to
start beaconing on an interface that was started with start_disabled=1.
Ahmad Kholaif [Thu, 5 Feb 2015 21:13:48 +0000 (13:13 -0800)]
nl80211: Allocate QCA vendor subcmd for DFS CAC Start event
When DFS offloading capability is supported by the driver, the driver
should use this event to indicate when channel availability check (CAC)
is started on a DFS channel.
Jouni Malinen [Mon, 9 Feb 2015 15:26:54 +0000 (17:26 +0200)]
nl80211: Test vendor command and event
This adds testing code (for CONFIG_TESTING_OPTIONS=y builds only) to
send an nl80211 vendor command and report a test vendor event in case
the driver supports this.
Jouni Malinen [Sun, 8 Feb 2015 14:56:04 +0000 (16:56 +0200)]
Add INTERWORKING_ADD_NETWORK command
This can be used to provide more control to upper layers on network
blocks generated as part of Interworking network selection.
INTERWORKING_ADD_NETWORK behaves otherwise identically to
INTERWORKING_CONNECT, but it does not request a new connection after
having added the network block and it returns the network id of the
added network.
INTERWORKING_ADD_NETWORK followed by REASSOCIATE would behave more or
less identically to INTERWORKING_CONNECT, but this allows the created
network profile to be modified, if desired, and/or stored externally.
SELECT_NETWORK can also be used with the network id returned from
INTERWORKING_ADD_NETWORK to enforce that specific network profile to be
used for the next connection (though, it should be noted that this
behavior may not meet all Hotspot 2.0 requirements if there were other
enabled networks that could have higher priority).
Ilan Peer [Fri, 6 Feb 2015 01:37:04 +0000 (20:37 -0500)]
AP: Do not reply to Probe Request frames with DS Params mismatch
Do not reply to a Probe Request frame with a DSSS Parameter Set element
in which the channel is different than the operating channel of the AP,
as the sending station is not found on the AP's operating channel.
IEEE Std 802.11-2012 describes this as a requirement for an AP with
dot11RadioMeasurementActivated set to true, but strictly speaking does
not allow such ignoring of Probe Request frames if
dot11RadioMeasurementActivated is false. Anyway, this can help reduce
number of unnecessary Probe Response frames for cases where the STA is
less likely to see them (Probe Request frame sent on a neighboring, but
partially overlapping, channel).
Jouni Malinen [Sun, 8 Feb 2015 10:24:37 +0000 (12:24 +0200)]
P2P: Document P2P_CONNECT-auto
Commit b31be3a0fd58b38e669d804aa082b1039408566f ('P2P: Add automatic GO
Negotiation vs. join-a-group selection') added this P2P_CONNECT 'auto'
parameter, but did not update any documentation on it.
Jouni Malinen [Sun, 8 Feb 2015 10:18:03 +0000 (12:18 +0200)]
tests: P2P_CONNECT-auto not finding GO
This is a regression test for an earlier bug that resulted in using
freed memory after a P2P group interface was removed as part of
fallback-to-GO-Negotiation in P2P_CONNECT-auto.
Jouni Malinen [Sun, 8 Feb 2015 09:38:56 +0000 (11:38 +0200)]
P2P: Fix P2P_CONNECT-auto fallback to GO Neg with group interface
If a separate P2P group interface was used, P2P_CONNECT-auto fallback to
GO Negotiation could result in use of freed memory and segmentation
fault. This happened in cases where the peer GO was found in some old
scans, but not in the first scan triggered by the P2P_CONNECT-auto
command ("P2P: Peer was found running GO in older scan -> try to join
the group" shows up in the debug log). In addition, the GO would still
need to reply to PD Request to allow this code path to be triggered.
When five scans for the GO were completed in this sequence, the P2P
group interface was removed as part of falling back to GO Negotiation.
However, that ended up dereferencing the freed wpa_s instance at the end
of scan event processing. Fix this by reordering code a bit and breaking
out from EVENT_SCAN_RESULTS processing if the interface could have been
removed.
Jouni Malinen [Sat, 7 Feb 2015 20:38:21 +0000 (22:38 +0200)]
tests: Make wpas_ctrl_many_networks more robust under valgrind
It is possible for a low powered CPU to take excessively long time to
delete 1000 network blocks when running under valgrind. This would have
resulted in the test case failing and the following reset operation
timing out which would then stop the test sequence completely.
Masashi Honma [Thu, 5 Feb 2015 14:00:01 +0000 (23:00 +0900)]
mesh: Fix remaining BLOCKED state after SAE auth failure
When SAE authentication fails, wpa_supplicant retries four times. If all
the retries result in failure, SAE state machine enters BLOCKED state.
Once it enters this state, wpa_supplicant doesn't retry connection. This
commit allow connection retries even if the state machine entered
BLOCKED state.
There could be an opinion "Is this patch needed? User could know the SAE
state machine is in the BLOCKED mode by MESH-SAE-AUTH-BLOCKED event.
Then user can retry connection. By user action, SAE state machine can
change the state from BLOCKED to another.". Yes, this is a true at the
joining mesh STA. However, a STA that is already a member of existing
mesh BSS should not retry connection because if the joining mesh STA
used wrong password, all the existing STA should do something from UI to
retry connection.
Masashi Honma [Thu, 5 Feb 2015 14:00:00 +0000 (23:00 +0900)]
mesh: Add a monitor event on SAE authentication getting blocked
Send MESH-SAE-AUTH-BLOCKED event if SAE authentication is blocked. The
BLOCK state will finish when a new peer notification event is sent for
the same MAC address.
Masashi Honma [Thu, 5 Feb 2015 13:59:59 +0000 (22:59 +0900)]
mesh: Add a monitor event for SAE authentication failure
SAE authentication fails likely with wrong password. This commit adds a
notification of the failure to the upper application (UI) so that the
application can notify suspection of a wrong password to the user. The
control interface monitor even for this is "MESH-SAE-AUTH-FAILURE
addr=<peer>".
Masashi Honma [Wed, 4 Feb 2015 02:26:51 +0000 (11:26 +0900)]
mesh: Fix inactivity timer for 32 bit system
Commit 5a2a6de6a5fec58dcfdb4320e4ec2b69d183a4c1 ('mesh: Make inactivity
timer configurable') has a problem on 32 bit systems. Setting
NL80211_MESHCONF_PLINK_TIMEOUT to 0xffffffff causes expiration of STA in
a minute by NL80211_CMD_DEL_STATION event. this is the kernel rule for
STA expiration:
On a 32 bit system, the right side could overflow and be unexpected
small value if NL80211_MESHCONF_PLINK_TIMEOUT is sufficiently large. STA
expiration occurs by this reason.
This patch solves the problem by disabling the STA expiration
functionality in mac80211. However, old kernel does not support
disabling it. If so, this patch sets mac80211 inactivity timer 60
seconds into future from the wpa_supplicant inactivity timer.
And I mis-understood that mesh_max_inactivity=0 disables inactivity
timer in wpa_supplicant. This commit fixes it also.
Jouni Malinen [Sat, 7 Feb 2015 14:19:53 +0000 (16:19 +0200)]
mesh: Remove duplicated no_auto_peer update
Commit 07cb45ccb2baa6e9627e3d21a285b95d744a6c77 ('mesh: Add no_auto_peer
config option') added a new struct wpa_ssid argument and added an
unnecessary parsing and setting of the value in
wpa_supplicant_ctrl_iface_update_network(). This is not needed since
wpa_config_set() takes care of parsing the parameters.
Jouni Malinen [Sat, 7 Feb 2015 14:17:11 +0000 (16:17 +0200)]
D-Bus: Fix network block type change
It is possible for a network profile to change its type from P2P
persistent group to a normal network and back. The D-Bus interface uses
different types of objects for those, so the object needs to
re-registered in case of type change. This fixes issues in leaving
behind an incorrect type of object and leaking memory when freeing such
a network block that has had its disabled parameter changed.
Jouni Malinen [Sat, 7 Feb 2015 11:02:19 +0000 (13:02 +0200)]
Fix HT40 co-ex scanning issue on hostapd error path
If HT40 co-ex scan fails due to the driver rejecting scan triggers
multiple times, it was possible for the ap_ht40_scan_retry() timeout
being left behind and it getting run after hapd->drv_priv has been
cleared. This would result in NULL pointer dereference in
driver_nl80211_scan.c. Fix this by canceling the timeout when disabling
the interface.
Jouni Malinen [Fri, 6 Feb 2015 23:13:34 +0000 (01:13 +0200)]
Fix Linux packat socket regression work around
Commit e6dd8196e5daf39e4204ef8ecd26dd50fdca6040 ('Work around Linux
packet socket regression') added a mechanism to close the workaround
bridge socket in l2_packet_receive(). However, it did not take into
account the possibility of the l2->rx_callback() closing the l2_packet
socket altogether. This could result in use of freed memory when usin
RSN pre-authentication. Fix this by reordering the calls to clear the
workaround socket before calling the rx_callback.
Jouni Malinen [Fri, 6 Feb 2015 22:10:04 +0000 (00:10 +0200)]
tests: Fix wpas_config_file after implementation change
The new wpa_supplicant configuration writing design (rename instead of
write to original file) did not fail with the symlink-to-self case, so
replace this with the config file being replaced with a directory. In
addition, get rid of unnecessary use of subprocess since run-tests.py is
running as root nowadays.
Vinit Deshpande [Thu, 5 Feb 2015 20:48:02 +0000 (12:48 -0800)]
Don't write to wpa_supplicant.conf directly
There is a chance that wpa_supplicant may get killed during
the time it is writing config file. If this happens, user
information like SSIDs and passwords can be lost forever.
This change works around that by writing config to a
temporary file and then renaming the file to the correct name.
Janusz Dziedzic [Fri, 6 Feb 2015 12:11:24 +0000 (13:11 +0100)]
IBSS: Do not enable HT with WEP or TKIP
We should not enable HT if WEP or TKIP is configured.
Without the patch and WEP configuration we will get message:
Association request to the driver failed
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Jouni Malinen [Fri, 6 Feb 2015 16:36:13 +0000 (18:36 +0200)]
ACS: Accept channel if any (rather than all) survey results are valid
Previously, a channel with even a single scan/survey result missing
information was skipped in ACS. This may not be desirable in cases when
multiple scan iterations are used (which is the case by default in
hostapd). Instead, use all channels that provided at least one complete
set of results. Calculate the average interference factor as an average
of the iterations that did provide complete values.
This seems to help with some cases, e.g., when ath9k may not be able to
report the noise floor for all channels from the first scan iteration
immediately after the driver has been loaded, but then returns it for
all other scan iterations.
Jouni Malinen [Fri, 6 Feb 2015 15:59:57 +0000 (17:59 +0200)]
ACS: Allow specific channels to be preferred
The new acs_chan_bias configuration parameter is a space-separated list
of <channel>:<bias> pairs. It can be used to increase (or decrease) the
likelihood of a specific channel to be selected by the ACS algorithm.
The total interference factor for each channel gets multiplied by the
specified bias value before finding the channel with the lowest value.
In other words, values between 0.0 and 1.0 can be used to make a channel
more likely to be picked while values larger than 1.0 make the specified
channel less likely to be picked. This can be used, e.g., to prefer the
commonly used 2.4 GHz band channels 1, 6, and 11 (which is the default
behavior on 2.4 GHz band if no acs_chan_bias parameter is specified).
Jouni Malinen [Thu, 5 Feb 2015 15:57:06 +0000 (17:57 +0200)]
ACS: Use weighted average for 2.4 GHz adjacent channel interference
The interference factors for adjacent 2.4 GHz channels were summed
together without doing any kind of weighted average on them. This
resulted in the channels at the band edges getting undue preference due
to only including interference factors from three channels vs. five for
the channels in the middle of the band.
While it is somewhat unclear whether the design here was supposed to
count overlapping channels together in this way or whether that is
already covered in channel survey results, it is clear that this summing
of three to five values together and then comparing the sum rather than
average of some kind gives too much preference to the channels at the
edges of the band by assuming that there is no interference whatsoever
outside the band.
Use weighted average of the interference factors rather than a sum from
different number of values. For now, the adjacent 2.4 GHz channels get
weight of 0.85 (1.0 for the main channel itself) and the neighboring
channels to those adjacent ones get 0.55 weight. Band-edge channels are
handled in a way that takes average over the channels that were actually
considered instead of assuming zero interference from neighboring bands.
Ilan Peer [Wed, 4 Feb 2015 09:30:34 +0000 (04:30 -0500)]
tests: Modify test_p2p_discovery to use global control interface
1. Modify discovery_stop to use global control interface when calling
P2P_FLUSH.
2. Modify p2p_listen_and_offchannel_tx to use the global control
interface when waiting for P2P PD event.
Ilan Peer [Wed, 4 Feb 2015 09:30:22 +0000 (04:30 -0500)]
tests: Use global_request for SET commands in test_p2p_grpform
When the 'SET' command is used to configure parameters related to P2P
operation use the global control interface and not the per interface one
as otherwise the setting will only have effect on the interface and will
work if a dedicated P2P_DEVICE is used.
Ilan Peer [Wed, 4 Feb 2015 09:30:21 +0000 (04:30 -0500)]
tests: Update group ifname in p2p_go_invite_auth
Once the connection is established need to call group_form_result() on
the invited device, as otherwise the group interface name is not updated
and the connectivity test is done with the main interface instead of the
group interface.
Jouni Malinen [Wed, 4 Feb 2015 18:47:14 +0000 (20:47 +0200)]
tests: Verify SD TX callback processing after P2P find is stopped
These are far from perfect since timing is quite difficult to match for
the case that behaved incorrectly. Anyway, it looks loke
p2p_service_discovery_peer_not_listening was able to hit the error now
and then, so this should be sufficient as a regression test case.
Krishna Vamsi [Wed, 4 Feb 2015 11:47:23 +0000 (17:17 +0530)]
P2P: Fix stopping on search after SD callback
If p2p_find_timeout triggers after starting SD but before getting TX
status for send action, unwanted search could get triggered again when
TX status arrives though p2p_find_timeout moved the state to P2P_IDLE by
then. p2p_continue_find() would then move the state to P2P_SEARCH again.
Do not trigger the find operation from this context if state is
P2P_IDLE to avoid this.
Jouni Malinen [Wed, 4 Feb 2015 00:04:35 +0000 (02:04 +0200)]
OpenSSL: Use SSL_cache_hit() when available
This is going to be required for OpenSSL 1.1.0 which makes the SSL
structure opaque. Older versions starting from OpenSSL 1.0.1 include
this function, so start using it now based on OPENSSL_VERSION_NUMBER.
Jouni Malinen [Tue, 3 Feb 2015 23:58:37 +0000 (01:58 +0200)]
OpenSSL: Use library wrapper functions to access cert store
OpenSSL 0.9.8 and newer includes SSL_CTX_get_cert_store() and
SSL_CTX_set_cert_store() helper functions, so there is no need to
dereference the SSL_CTX pointer to cert ssl_ctx->cert_store. This helps
in working with the future OpenSSL 1.1.0 release that makes the SSL_CTX
structure opaque.
Jouni Malinen [Tue, 3 Feb 2015 14:43:02 +0000 (16:43 +0200)]
tests: Increase grpform_ext_listen coverage
Include actual extended listen period in the test and confirm that the
device was available on a social channel during such period by using
non-social operating channel.
Jouni Malinen [Tue, 3 Feb 2015 14:13:35 +0000 (16:13 +0200)]
P2P: Clean up Listen channel optimization debug prints
Do not claim to change the Listen channel in a debug message when
previously configured channel prevents this. In addition, fix a typo in
another related debug print.
Jouni Malinen [Tue, 3 Feb 2015 10:32:37 +0000 (12:32 +0200)]
Fix hostapd obss_interval documentation
This parameter has been available for more than just testing purposes,
i.e., OBSS scanning has already been used to enable 20-to-40 MHz channel
changes on 2.4 GHz.
Jouni Malinen [Tue, 3 Feb 2015 10:29:37 +0000 (12:29 +0200)]
Fix 20/40 MHz co-ex report processing with obss_interval=0
If OBSS scan interval is not set, the AP must not schedule a timeout to
restore 40 MHz operation immediately after having moved to a 20 MHz
channel based on an unsolicited co-ex report. Fix this by scheduling the
timeout only if obss_interval is non-zero.
Since we do not currently support AP doing OBSS scans after the initial
BSS setup, this means practically that 40-to-20 MHz transition is
allowed, but 20-to-40 MHz is not with obss_interval=0. The latter gets
enabled if obss_interval is set to a non-zero value so that associated
STAs can take care of OBSS scanning.
Jouni Malinen [Mon, 2 Feb 2015 22:33:45 +0000 (00:33 +0200)]
tests: Restore p2ps config_method in dbus_get_set_wps
This test case is modifying the list of enabled config_method values and
needs to restore "p2ps" option that is included by default. Without
this, P2PS executed after dbus_get_set_wps could fail.
Krishna Vamsi [Tue, 30 Dec 2014 12:27:38 +0000 (17:57 +0530)]
P2PS: Do not remove pending interface on p2p_stop_find
The pending interface created during provision discovery should
not be removed on stopping p2p_find. This pending interface has
to be used after completing GO negotiation. Earlier the pending
interface is created just before GO negotiation so there was no
problem.
Krishna Vamsi [Fri, 30 Jan 2015 13:36:01 +0000 (19:06 +0530)]
P2PS: Allow PD retry in SEARCH and LISTEN_ONLY also
p2p_timeout_prov_disc_req is getting triggered in P2P_IDLE,
P2P_SEARCH and P2P_LISTEN_ONLY states. Retry logic should not be
limited to only P2P_IDLE state.
Krishna Vamsi [Fri, 17 Oct 2014 11:44:48 +0000 (17:14 +0530)]
P2PS: Send P2P_FIND_STOPPED event during P2P SD also
During service discovery if P2P_FIND times out, P2P_FIND_STOPPED event
is sent to upper layers to allow follow up P2P_FIND commands. This needs
to be done also in case an SD was in progress during the find operation.
Krishna Vamsi [Wed, 10 Dec 2014 11:29:29 +0000 (16:59 +0530)]
P2PS: Callback to create pending group after sending PD Response
This introduces a P2P module callback function that will be used to
create the pending P2PS group after sending PD Response and receiving
ACK status for it.