Jouni Malinen [Sat, 14 Mar 2015 11:50:12 +0000 (13:50 +0200)]
Fix bitfield_get_first_zero() to not read beyond buffer
It was possible for bitfield_get_first_zero() to read one octet beyond
the allocated bit buffer in case the first zero bit was not within
size-1 first octets.
Jouni Malinen [Sat, 14 Mar 2015 08:12:33 +0000 (10:12 +0200)]
Indicate AP-DISABLED on main AP mode deinit path
This event was previously used only when disabling AP mode operation
through hostapd control interface. Make this more consistent by
providing same indication when disabling hostapd interface through the
interface deinit path. This adds the event to the case where a full
hostapd radio instance is removed which also applies for the
wpa_supplicant AP mode operations.
Jouni Malinen [Sat, 14 Mar 2015 08:05:05 +0000 (10:05 +0200)]
Send CTRL-EVENT-DISCONNECTED on wpa_supplicant AP deinit
This makes the AP mode more consistent with other modes by providing a
matching pair of CTRL-EVENT-CONNECTED and CTRL-EVENT-DISCONNECTED event
messages.
Jouni Malinen [Sat, 7 Mar 2015 14:23:48 +0000 (16:23 +0200)]
tests: Make ap_acs_40mhz more robust
Explicitly clear cached scan results on the AP interface before starting
ACS. This avoids issues where conflicting BSS entries from previously
executed test cases could affect channel selection.
Jouni Malinen [Sat, 7 Mar 2015 13:34:17 +0000 (15:34 +0200)]
Make rate-not-supported debug print more useful
It looks like "hardware does not support required rate 1.0 Mbps" has
started showing up in some hwsim test cases as a reason for failure.
This should not really occur with mac80211_hwsim, so add more details to
the debug print to make it easier to figure out what exactly happened.
Jouni Malinen [Sat, 7 Mar 2015 10:58:19 +0000 (12:58 +0200)]
Reject Group Key message 1/2 prior to completion of 4-way handshake
Previously, it would have been possible to complete RSN connection by
skipping the msg 3/4 and 4/4 completely. This would have resulted in
pairwise key not being configured. This is obviously not supposed to
happen in practice and could result in unexpected behavior, so reject
group key message before the initial 4-way handshake has been completed.
Jouni Malinen [Fri, 6 Mar 2015 21:47:34 +0000 (23:47 +0200)]
tests: Add --short option for parallel-vm.py
This can be used to filter out test cases that take significantly longer
time to execute (15 seconds or longer). While this reduces testing
coverage, this can be useful to get a pretty quick coverage in
significantly faster time.
Johannes Berg [Tue, 3 Mar 2015 22:08:41 +0000 (23:08 +0100)]
tests: Allow running with arbitrary working directory
It's somewhat annoying that you can only run parallel-vm.py as
./parallel-vm.py, not from elsewhere by giving the full path,
so fix that by resolving the paths correctly in the scripts where
needed.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Fri, 6 Mar 2015 21:22:53 +0000 (23:22 +0200)]
tests: Make ap_remove_during_acs* more robust
These test cases need to use the previous-AP-on-correct-band workaround
similarly to test_ap_acs.py test cases for now to work with
mac80211_hwsim limitations on channel survey.
Jouni Malinen [Fri, 6 Mar 2015 21:17:12 +0000 (23:17 +0200)]
tests: More thorough cache clearing in ap_hs20_hidden_ssid_in_scan_res
It looked like cfg80211 BSS entry for the zero-length SSID could remain
after this test case. Stop the AP and scan twice with flush-cache option
to make this less likely to occur and cause issues to following test
cases.
Sunil Dutt [Fri, 6 Mar 2015 14:47:54 +0000 (20:17 +0530)]
nl80211: Extend NL80211_CMD_TDLS_OPER to support discovery
ML80211_ATTR_TDLS_OPERATION can now set to NL80211_TDLS_DISCOVERY_REQ to
allow the driver to request wpa_supplicant to initiate TDLS Discovery
Request.
Sunil Dutt [Fri, 6 Mar 2015 14:47:29 +0000 (20:17 +0530)]
TDLS: Allow driver to request TDLS Discovery Request initiation
This extends the TDLS operation request mechanism to allow TDLS
Discovery Request to be initiated by the driver similarly to the
existing Setup and Teardown requests.
Jouni Malinen [Fri, 6 Mar 2015 18:58:56 +0000 (20:58 +0200)]
mesh: Leave mesh in driver setup if initialization fails
It was possible to leave the driver in mesh point state if upper layer
mesh initialization failed in wpa_supplicant_mesh_init(). With nl80211,
this results in the vif being left in mesh point mode instead of
restoring it to station mode. That seems to break normal functionality,
e.g., for Public Action frame TX/RX. Fix this by restoring station mode
on mesh failure path.
This error could be triggered, e.g., with the following hwsim test case
sequence: wpas_mesh_secure_sae_missing_password
nfc_p2p_static_handover_tagdev_go_forced_freq
Jouni Malinen [Fri, 6 Mar 2015 16:40:28 +0000 (18:40 +0200)]
Clear RSN timers for preauth and PTK rekeying on disassociation
Previously, it was possible for the wpa_sm_start_preauth() and
wpa_sm_rekey_ptk() eloop callbacks to remain active after disconnection
and potentially continue to be used for the next association. This is
not correct behavior, so explicitly cancel these timeouts to avoid
unexpected attempts to complete RSN preauthentication or to request PTK
to be rekeyed.
It was possible to trigger this issue, e.g., by running the following
hwsim test case sequence: ap_wpa2_ptk_rekey ap_ft_sae_over_ds
Jouni Malinen [Fri, 6 Mar 2015 15:03:06 +0000 (17:03 +0200)]
tests: Make offchannel_tx_roc_gas more robust
It was possible for this test case to fail if cfg80211 BSS cache
included an entry for the same BSSID on another channel from an earlier
test case. Fix this by epxlicitly flushing the cache. In addition, use
scan_for_bss() to make the test less likely to fail in case of heavy CPU
load.
Jouni Malinen [Wed, 4 Mar 2015 21:09:44 +0000 (23:09 +0200)]
nl80211: Use the new bridge port option proxyarp_wifi
The initial IEEE 802.11 ProxyARP functionality in the kernel needed
changes in behavior and that ended up requiring an independent
configuration parameter to be used. Update hostapd to use that new
proxyarp_wifi parameter instead of the earlier proxyarp.
Ahmad Kholaif [Thu, 5 Mar 2015 02:03:39 +0000 (18:03 -0800)]
DFS: wpa_supplicant event processing
Add radar event processing logic for AP/P2P GO. The DFS processing
functions from hostapd are now used for these wpa_supplicant cases as
well for both offloaded and non-offloaded DFS.
Ahmad Kholaif [Thu, 5 Mar 2015 01:24:36 +0000 (17:24 -0800)]
DFS offload: Add main DFS handler for offloaded case
Add handling logic for DFS offloaded case, and add a helper function
that takes the frequency (MHz) as a param and returns 1 if given channel
requires DFS, or 0 otherwise.
Ahmad Kholaif [Thu, 5 Mar 2015 00:56:44 +0000 (16:56 -0800)]
DFS offload: Skip user space processing for CAC operations
If DFS is offloaded to the driver, hostapd should not be performing
these operations. Send the relevant control interface events to provide
information to upper layer software that may use such events to track
DFS/CAC state. This makes the offloaded DFS implementation more
consistent with the DFS-in-hostapd behavior.
Jouni Malinen [Tue, 3 Mar 2015 15:03:25 +0000 (17:03 +0200)]
Interworking: Clear SCANNING state if no match found
Previously, it was possible for wpa_state to be left at SCANNING if
INTERWORKING_SELECT command failed to find any match. Now the state is
set to DISCONNECTED if the operation terminates because of no matching
networks.
Jouni Malinen [Tue, 3 Mar 2015 14:01:52 +0000 (16:01 +0200)]
tests: Fix workaround for limited channel survey in mac80211_hwsim
The way the current channel survey is implemented in mac80211_hwsim
requires for the ACS test cases to be run immediately after the same
radio has been on the expected operating band. This was worked around in
one of the test cases and errors ignored in couple. Extend this
workaround to cover all the test cases.
Krishna Vamsi [Tue, 24 Feb 2015 06:43:33 +0000 (12:13 +0530)]
P2P: Consider 5 GHz channels also for auto GO
When there is no channel preference mentioned by user, auto GO
can be started on any of the 5 GHz channels supported for P2P.
Consider operating classes 115 and 124 which do not require DFS.
Jouni Malinen [Mon, 2 Mar 2015 14:45:51 +0000 (16:45 +0200)]
P2P: Fix regression in start-GO/AP through a "fake" scan
Commit 3f9ebc439c9468bf51219c931a05028aa8a3d3a7 ('P2P: Allow AP/GO
interface to be started while P2P-in-progress') moved the
wpa_s->connect_without_scan and wpa_s->last_scan_req checks to an
earlier place within the wpa_supplicant_scan() function without
adjusting wpa_s->last_scan_req. This variable was set between the old
and new location, so the new location needs to use wpa_s->scan_req.
This fixes an issue where AP/GO operations were not properly started in
some operation sequence. Instead, a station mode scan was executed. This
issue could be triggered, e.g., by running the no_go_freq test case
followed by autogo_random_channel.
Jouni Malinen [Mon, 2 Mar 2015 14:30:13 +0000 (16:30 +0200)]
tests: Skip radius_acct_unreachable3 when not running under VM
It looks like the IP routing table changes used here to trigger
unreachability and following reachability of the server do not work very
well with full IP routing configuration, so run this test case only when
executed under vm-run.sh.
Sunil Dutt [Thu, 26 Feb 2015 10:24:37 +0000 (15:54 +0530)]
eap_proxy: Callback to notify any updates from eap_proxy
This commit introduces a callback to notify any configuration updates
from the eap_proxy layer. This is used to trigger re-reading of IMSI and
MNC length.
Jouni Malinen [Sun, 1 Mar 2015 20:15:44 +0000 (22:15 +0200)]
Remove unnecessary NULL check to make function more consistent
Static analyzers may warn about dereference before NULL check in
wpas_network_disabled() due to the new code added to check
wpa_s->p2p_mgmt. wpa_s cannot be NULL here, so remove the unneeded check
for it later in the function. (CID 106124)
Jouni Malinen [Sun, 1 Mar 2015 19:50:34 +0000 (21:50 +0200)]
P2P: Fix interface deinit for failed group interface initialization
wpa_supplicant_deinit_iface() ends up removing all P2P groups if the
removed interface is the parent interface. This is correct behavior in
general, but this resulted in issues in the new group interface
initialization error path since wpa_s->parent was not assigned before
hitting this check. Fix this by assigning wpa_s->parent as part of
wpa_supplicant_add_iface().
Jouni Malinen [Sun, 1 Mar 2015 15:19:23 +0000 (17:19 +0200)]
RADIUS client: Fix a copy-paste error in accounting server failover
Commit 347c55e216f22002246e378097a16ecb24b7c106 ('RADIUS client: Re-try
connection if socket is closed on retransmit') added a new option for
initialing RADIUS server failover from radius_client_retransmit(), but
ended up trying to change authentication servers when accounting server
was supposed to be changed due to a copy-paste issue.
Jouni Malinen [Sun, 1 Mar 2015 14:30:51 +0000 (16:30 +0200)]
tests: Not ready for GO Negotiation (listen/search)
These test cases verify that P2P_FIND and P2P_LISTEN operation continues
after having replied to GO Negotiation Request frame for which we are
not yet ready (i.e., GO Negotiation Response with status=1).
Jouni Malinen [Sun, 1 Mar 2015 20:35:21 +0000 (22:35 +0200)]
P2P: Continue find in GO-Neg-Resp-fail status corner cases
It was possible for the GO Negotiation Response (failure) TX status to
be processed at a point where there is no P2P timeout to continue
search. Avoid stopping the ongoing search operation by explicitly
restarting it from this callback.
Jouni Malinen [Sun, 1 Mar 2015 13:54:24 +0000 (15:54 +0200)]
Do not add blacklist entries based on normal disconnect request cases
There are number of cases where wpa_supplicant requests the current
connection to be disconnected before starting a new operation. Such
cases do not really indicate that there was an error in connecting or a
disconnection initiated by the AP, so do not add a temporary blacklist
entry in such sequences.
Jouni Malinen [Sun, 1 Mar 2015 09:54:39 +0000 (11:54 +0200)]
P2P: Direct P2P_CONNECT command to proper interface
It is possible for the P2P_CONNECT control interface command to be
issued on an incorrect interface. While the upper layer component should
really use global control interface for this, make this work by
redirecting the command to the correct context if needed.
Jouni Malinen [Sun, 1 Mar 2015 09:23:09 +0000 (11:23 +0200)]
P2P: Do not allow scan or normal association on cfg80211 P2P Device
The dedicated P2P management instance (wpas->p2p_mgmt == 1) using
cfg80211 P2P Device cannot be used for non-P2P uses or connection (there
is no netdev). Reject or ignore such operations to avoid unexpected
operations if enabled network blocks are configured in the
wpa_supplicant instance used to control this interface.
Daisuke Niwa [Wed, 5 Nov 2014 11:35:09 +0000 (20:35 +0900)]
P2P: Allow a specific channel to be specified in P2P_FIND
The optional freq=<MHz> can now be used with the P2P_FIND command to
specify a single channel to scan during the first round of P2P search.
For example, this can be used to replace the full initial scan with a
single channel scan of a known operation channel.
hostapd: Disable VHT caps for STAs when no valid VHT MCS found
Disable VHT caps for STAs for which there is not even a single
allowed MCS in any supported number of streams. i.e STA is
advertising 3 (not supported) as VHT MCS rates for all supported
streams.
Jouni Malinen [Sat, 28 Feb 2015 18:52:08 +0000 (20:52 +0200)]
RADIUS client: Fix previous failover change
Commit 347c55e216f22002246e378097a16ecb24b7c106 ('RADIUS client: Re-try
connection if socket is closed on retransmit') added a possibility of
executing RADIUS server failover change within
radius_client_retransmit() without taking into account that this
operation may end up freeing the pending message that is being
processed. This could result in use of freed memory. Avoid this by
checking whether any pending messages have been removed and if so, do
not try to retransmit the potentially freed message.
Jouni Malinen [Sat, 28 Feb 2015 14:57:03 +0000 (16:57 +0200)]
tests: Make grpform_no_wsc_done more robust
It was possible for this test case to start a new group formation on
dev[1] while the first round was still going through the process of
processing group termination indication. That could result in the second
round failing unexpectedly.
Jouni Malinen [Sat, 28 Feb 2015 14:35:07 +0000 (16:35 +0200)]
Fix minor issue in HT40 max rate determination
Commit a1b790eb9d7514d1a6e0582a07f695a1564caa59 ('Select AP based on
estimated maximum throughput') had a copy-paste bug than ended up
leaving one of the max_ht40_rate() cases unreachable. (CID 106087)
Jouni Malinen [Sat, 28 Feb 2015 13:43:26 +0000 (15:43 +0200)]
RADIUS client: Re-try connection if socket is closed on retransmit
Previously, send() was called with invalid fd = -1 in some error cases
for retransmission and this could even result in a loop of multiple such
attempts. This is obviously not going to work, so drop such attempts and
instead, try to reconnect a socket to the server if the current socket
is not valid.
In addition, initiate server failover immediately if the current socket
is not valid instead of waiting for a timeout.
Jouni Malinen [Sat, 28 Feb 2015 11:57:57 +0000 (13:57 +0200)]
RADIUS client: Fix server connection recovery after initial failure
If the initial attempt at opening the socket connection to the RADIUS
server failed due to missing IP connectivity during startup, e.g., with
"connect[radius]: Network is unreachable", hostapd did not try to
reconnect when RADIUS messages were sent. Instead, it only reported "No
authentication server configured" even if the configuration did have a
server entry.
This was broken by commit 9ed40766735a9628cc6c936076b175e6f66534bb
('RADIUS client: Do not try to send message without socket') for the
initial case and the more recent fixes in RADIUS server failover cases
did not cover the initial failure case.
Jouni Malinen [Sat, 28 Feb 2015 11:55:12 +0000 (13:55 +0200)]
Allow RADIUS server address to be replaced
The new hostapd parameters auth_server_addr_replace and
acct_server_addr_replace can now be used to replace the configured IP
address instead of adding a new RADIUS server. This is mainly useful for
testing purposes where the address can be changed over control interface
during AP operation.
Jouni Malinen [Wed, 25 Feb 2015 17:02:43 +0000 (19:02 +0200)]
tests: Increase default VM memory from 128M to 192M
It looks like the 128M default memory size for the hwsim test setup was
not large enough to cover all the needs anymore. Some of the test cases
using tshark could hit OOM with that size. Increase the default
allocation to 192M to avoid this type of issues.
Jouni Malinen [Sun, 22 Feb 2015 16:03:42 +0000 (18:03 +0200)]
nl80211: Resubscribe to nl80211 events on global nl_event socket
This allows wpa_supplicant to recover from some of the cases where
cfg80211 is unloaded and reloaded without restarting wpa_supplicant. The
netlink socket used for nl80211 events (global->nl_event) seemed to end
up in otherwise functionality state, but with all the event memberships
lost when cfg80211 gets reloaded.
There does not seem to be any clear way of determining when this has
happened, so it looks simplest to just try to re-subscribe to all the
events whenever an interface is re-enabled or added.
Jouni Malinen [Sun, 22 Feb 2015 14:06:23 +0000 (16:06 +0200)]
tests: Linux packet socket workaround and EAPOL RX in operational state
This verifies that the packet socket workaround does not get disabled if
EAPOL frames are processed during operation state (i.e., when processing
reauthentication/rekeying on a functional association).
Jouni Malinen [Sun, 22 Feb 2015 14:00:34 +0000 (16:00 +0200)]
Fix Linux packet socket workaround to not close the socket too easily
Commit e6dd8196e5daf39e4204ef8ecd26dd50fdca6040 ('Work around Linux
packet socket regression') closed the workaround socket on the first
received EAPOL frame from the main packet socket. This can result in
closing the socket in cases where the kernel does not really work in the
expected way during the following initial association since
reauthentication/rekeying using EAPOL frames happens while operstate is
not dormant and as such, the frames can get delivered through the main
packet socket.
Fix this by closing the workaround socket only in case the first EAPOL
frame is received through the main packet socket. This case happens
while the interface is in dormant state and as such, is more likely to
show the more restricted case of kernel functionality.
In order to avoid processing the received EAPOL frames twice, verify a
checksum of the frame contents when receiving frames alternatively from
the main packet socket and the workaround socket.
Jouni Malinen [Sun, 22 Feb 2015 09:28:27 +0000 (11:28 +0200)]
Use estimated throughput to improve roaming selection
Previously, within-ESS roaming was skipped if the selected BSS did not
have a higher signal strength than the current BSS regardless of AP
capabilities. This could result in not moving to a BSS that would
provide higher throughput, e.g., due to larger channel bandwidth or
higher rates (HT/VHT MCS).
Use estimated throughput information from scan result processing to
allow within-ESS roaming if the selected BSS is likely to provide better
throughput even if the current BSS has larger RSSI.
Jouni Malinen [Sun, 22 Feb 2015 08:50:55 +0000 (10:50 +0200)]
Add snr and est_throughput to the BSS entries
These values were previously used only for sorting the scan results, but
it may be useful to provide access to the used values through the BSS
entries.
Jouni Malinen [Sat, 21 Feb 2015 20:53:42 +0000 (22:53 +0200)]
Select AP based on estimated maximum throughput
This modifies the BSS selection routines to calculate SNR and estimated
throughput for each scan result and then use the estimated throughput as
a criteria for sorting the results. This extends the earlier design by
taking into account higher throughput rates if both the AP and local
device supports HT20, HT40, or VHT80. In addition, the maximum rate is
restricted based on SNR.
In practice, this gives significantly higher probability of selecting
HT/VHT APs when there are multiple BSSes in the same ESS and SNR is not
low enough to prevent higher MCS use.
Jouni Malinen [Sat, 21 Feb 2015 15:39:08 +0000 (17:39 +0200)]
Add wpa_supplicant Makefile target libwpa_ctrl.a
"make -C wpa_supplicant libwpa_ctrl.a" can now be used to build a static
library that can be linked with external programs using wpa_ctrl.h. This
makes it easier to create a separate library package that does not
depend in any other hostap.git file other than src/common/wpa_ctrl.h and
the libwpa_ctrl.a built with this new make target.
Jouni Malinen [Sat, 21 Feb 2015 15:32:47 +0000 (17:32 +0200)]
trace: Initialize alloc_list even without os_program_init() call
This makes it somewhat easier to use CONFIG_WPA_TRACE=y build with
external programs that might not be aware of the initialization
requirement, e.g., when linking wpa_ctrl.c with a program that does not
use the os_*() wrappers.