Jouni Malinen [Tue, 27 Dec 2016 10:14:48 +0000 (12:14 +0200)]
RADIUS server: Increase maximum number of sessions
It was possible to hit the previously used maximum of 100 active session
in some hwsim test case sequences like this one: eap_proto_pwd_errors
eap_proto_ikev2_errors eap_proto_sim_errors. This happened due to the
large number of RADIUS authentication iterations in short period of
time, i.e., within the 10 second timeout for expiring completed
sessions.
Increase RADIUS_MAX_SESSION from 100 to 1000 and also reduce the timeout
on expiring completed sessions from 10 to 5 seconds.
Jouni Malinen [Mon, 26 Dec 2016 22:55:32 +0000 (00:55 +0200)]
Fix hostapd SIGHUP processing before interface is enabled
It was possible to try to do driver operations before the driver
interface had been initialized when processing a SIGHUP signal. This
would result in NULL pointer dereference. Fix this by skipping the steps
when SIGHUP is issued before the interface is enabled.
Jouni Malinen [Mon, 26 Dec 2016 15:53:07 +0000 (17:53 +0200)]
tests: Make hostapd_oom_wpa2_psk catch cases more robustly
For some reason, a potential OOM in hostapd_config_read_wpa_psk() and
hostapd_derive_psk() were missed in --codecov runs during the main
iteration loop. Cover these specific cases with separate instances to
avoid missing coverage.
Jouni Malinen [Mon, 26 Dec 2016 10:09:53 +0000 (12:09 +0200)]
tests: Remove src/common/cli.c from code coverage report
This file is used only by hostapd_cli and wpa_cli and neither of those
are currently included in code coverage reporting. Avoid dropping the
coverage numbers by code that cannot be reached due to not being
included in the programs that are covered.
Jouni Malinen [Sat, 24 Dec 2016 23:09:06 +0000 (01:09 +0200)]
tests: Fix p2p_autogo_pref_chan_not_in_regulatory with new regdb
5745 MHz was added as an allowed short range device range in
wireless-regdb for DE which made this test case fail. Fix it for now by
using SE instead of DE for the second part of the test case.
Jouni Malinen [Sat, 24 Dec 2016 22:47:01 +0000 (00:47 +0200)]
tests: Fix mesh_open_vht_160 skipping
It is possible for wireless-regdb to include a 160 MHz channel, but with
DFS required. This test case need the regulatory information to allow
160 MHz channel without DFS. Fix false failures by skipping the test if
this exact combination is not found.
Jouni Malinen [Sat, 24 Dec 2016 22:38:52 +0000 (00:38 +0200)]
tests: Fix peerkey_sniffer_check with newer Wireshark version
Wireshark renamed eapol.keydes.key_info to
wlan_rsna_eapol.keydes.key_info and that broke this test case when
upgrading Wireshark. Fix this by trying to use both the new and the old
name.
Jouni Malinen [Sat, 24 Dec 2016 22:15:58 +0000 (00:15 +0200)]
tests: Fix eap_fast_tlv_nak_oom and eap_fast_proto_phase2
Something broke eap_fast_tlv_nak_oom when moving from Ubuntu 14.04 to
16.04. OpenSSL.SSL.Connection() state_string() returns None in these
cases and the debug log prints for that were causing the case to fail.
For now, work around this by checking whether the state string is None
before trying to print it.
Sunil Dutt [Fri, 16 Dec 2016 12:50:15 +0000 (18:20 +0530)]
mesh: Show [MESH] flag in print_bss_info()
This was previously done for SCAN_RESULTS, but the BSS control interface
command did not show a similar flag. In addition, change "WPA2" to "RSN"
for mesh BSS to be consistent with the SCAN_RESULTS output.
Mikael Kanstrup [Wed, 21 Dec 2016 10:27:16 +0000 (11:27 +0100)]
hostapd_cli: Add missing command help descriptions
Some commands are missing help description making them not show up in
the list of supported commands. Add command help description for all
missing commands.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Joel Cunningham [Mon, 19 Dec 2016 22:34:24 +0000 (16:34 -0600)]
Fix wpa_cipher_to_alg() return type
wpa_cipher_to_alg() returns enumerated values from enum wpa_alg and all
uses of the return value treat it as enum wpa_alg (by either assigning
it to a variable of type enum wpa_alg or passing to a function that
expects enum wpa_alg).
This commit updates the return value to match the expected usage
(enum wpa_alg) rather than int. This ensures the return value is
of the proper type and eliminates the following compiler warnings:
ARM RVCT (2.2):
'Warning: #188-D: enumerated type mixed with another type'
Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
Joel Cunningham [Mon, 19 Dec 2016 20:22:53 +0000 (14:22 -0600)]
wpa_supplicant: Add BSS CURRENT control interface command
This commit extends the BSS commands to include "BSS CURRENT" as a way
to get the current BSS without having to walk the BSS list matching
against BSSID+SSID returned from the STATUS command.
This returns the BSS stored in wpa_s->current_bss.
Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
Jouni Malinen [Wed, 21 Dec 2016 10:23:15 +0000 (12:23 +0200)]
OpenSSL: Make sure local certificate auto chaining is enabled
Number of deployed use cases assume the default OpenSSL behavior of auto
chaining the local certificate is in use. BoringSSL removed this
functionality by default, so we need to restore it here to avoid
breaking existing use cases.
Jouni Malinen [Wed, 21 Dec 2016 10:06:21 +0000 (12:06 +0200)]
OpenSSL: Remove SSL_{CTX_,}_clear_options ifdefs
This simplifies the implementation since the SSL_clear_options() and
SSL_CTX_clear_options() are available in all supported versions of
OpenSSL. These were previously needed with older (now obsolete) versions
of OpenSSL, but the ifdefs were missed when removing the more explicit
version macro based backwards compatibility sections.
Jouni Malinen [Tue, 20 Dec 2016 22:18:03 +0000 (00:18 +0200)]
P2P: Do not use wait_time for SD Response TX without fragmentation
The full SD Response frame is not going to be followed by another Action
frame from the peer, so remove the 200 ms wait time from the offchannel
TX command in that case. This avoids leaving a 200 ms lock on the radio
to remain on the channel unnecessarily.
Jouni Malinen [Mon, 19 Dec 2016 23:30:09 +0000 (01:30 +0200)]
Fix race condition between AssocResp callback and 4addr event
It is apparently possible for the NL80211_CMD_UNEXPECTED_4ADDR_FRAME
event to be delivered to hostapd before the NL80211_CMD_FRAME_TX_STATUS
event for (Re)Association Response frame. This resulted in the 4-address
WDS mode not getting enabled for a STA. This could occur in particular
when operating under heavy load and the STA is reconnecting to the same
AP in a sequence where Deauthentication frame is followed immediately by
Authentication frame and the driver event processing gets delayed due to
removal of the previous netdev taking time in the middle of this
sequence.
Fix this by recording a pending item for 4-address WDS enabling if the
NL80211_CMD_UNEXPECTED_4ADDR_FRAME event would have been dropped due to
incompleted association and then process this pending item if the TX
status for the (Re)Association Response frame is received and it shows
that the frame was acknowledged.
Jouni Malinen [Mon, 19 Dec 2016 20:47:07 +0000 (22:47 +0200)]
tests: Disable HT in ap_wds_sta_wep
HT cannot be used with WEP-only network, so don't try to do that here.
This get rids of some unnecessary Beacon frame updates during
disassociation/association and can make the test case a bit more robust.
eap_proxy: Add support for SIM state change indication from eap_proxy
This registers a new callback to indicate change in SIM state. This
helps to do some clean up (more specifically pmksa_flush) based on the
state change of the SIM. Without this, the reconnection using the cached
PMKSA could happen though the SIM is changed.
Currently eap_proxy_sim_state corresponds to only SIM_STATE_ERROR. This
can be further extended.
Jouni Malinen [Mon, 19 Dec 2016 20:14:07 +0000 (22:14 +0200)]
eap_proxy: Fix eap_proxy_init() prototype to use const eapol_cb
The eapol_cb structure was made const and that change resulted in a
compilation warning/error if CONFIG_EAP_PROXY=<name> is enabled in the
wpa_supplicant build configuration. Fix this by updating the function
prototype to match the change.
Note: This results in a change needed to external eap_proxy_*.c
implementations to match the change.
Amit Purwar [Mon, 19 Dec 2016 10:12:30 +0000 (15:42 +0530)]
D-Bus: Add 'freq' option to P2P Find method to specify starting channel
This allows user to start P2P Find/Scan on a particular frequency and
then move to scanning social channels. This support is already present
on control socket.
Signed-off-by: Amit Purwar <amit.purwar@samsung.com>
Jouni Malinen [Sun, 18 Dec 2016 18:28:10 +0000 (20:28 +0200)]
tests: RSN AP and PeerKey between two STAs with sniffer check
The previous PeerKey test cases did not actually verify in any way that
the SMK and STK exchanges were completed since mac80211 does not support
setting the key from STK. Use a sniffer check to confirm that the
exchanges complete to avoid PeerKey regressions like the ones fixed in
the last couple of commits.
Jouni Malinen [Sun, 18 Dec 2016 17:56:05 +0000 (19:56 +0200)]
PeerKey: Fix STK 4-way handshake regression
Commit c93b7e18885b07bf198e230019185b50ed622d9f ('RSN: Check result of
EAPOL-Key frame send request') forgot to update two PeerKey users of
EAPOL-Key TX functions. That resulted in STK handshake failing since
message 2/4 and 4/4 TX calls were assumed to have failed when the return
value was changed from 0 to a positive value for success case. This
resulted in not updating nonce information properly and hitting
following error when processing STK 4-way handshake message 3/4:
RSN: INonce from message 1 of STK 4-Way Handshake differs from 3 of STK
4-Way Handshake - drop packet (src=<addr>)
Jouni Malinen [Sun, 18 Dec 2016 17:07:29 +0000 (19:07 +0200)]
PeerKey: Fix EAPOL-Key processing
Commit 6d014ffc6e654e7e802263c55ce568df153a1e1c ('Make struct
wpa_eapol_key easier to use with variable length MIC') forgot to update
number of EAPOL-Key processing steps for SMK and STK exchanges and broke
PeerKey. Fix this by updating the Key Data field pointers to match the
new style with variable length Key MIC field.
Mikael Kanstrup [Tue, 6 Dec 2016 07:26:50 +0000 (16:26 +0900)]
Android: Add p2p_add_cli_chan=1 option
Add p2p_add_cli_chan=1 option to p2p_supplicant.conf to allow Wi-Fi P2P
operating as P2P client on passive scan channels.
In addition, add p2p_add_cli_chan=1 option to wpa_supplicant.conf to
have consistency in P2P channel list. There is a case where P2P channel
list is updated with different channels from p2p0 and wlan0.
Jouni Malinen [Sat, 17 Dec 2016 15:19:34 +0000 (17:19 +0200)]
FILS: Separate FILS realm configuration from ERP domain
The new hostapd configuration parameter fils_realm=<realm> can now be
used to configure one or more FILS realms to advertise for ERP domains
when using FILS. This replaces the use of erp_domain=<domain> parameter
for the FILS use case.
Jouni Malinen [Sat, 17 Dec 2016 10:27:49 +0000 (12:27 +0200)]
Update various definitions based on IEEE Std 802.11-2016
This updates definitions for Status Codes, Reason Codes,
Information Element IDs, Action frame categories, Public Action
codes, Protected Dual of Public Action codes, Advertisement
Protocol ID, and ANQP info IDs based on IEEE Std 802.11-2016.
projects / thirdparty / hostap.git / log
