Jouni Malinen [Sat, 14 Jan 2017 11:56:18 +0000 (13:56 +0200)]
RSN IBSS: Fix TK clearing on Authentication frame RX
When wpa_supplicant was processing a received Authentication frame (seq
1) from a peer STA for which there was already a TK configured to the
driver, debug log claimed that the PTK gets cleared, but the actual
call to clear the key was actually dropped due to AUTH vs. SUPP set_key
selection. Fix this by explicitly clearing the TK in case it was set
and an Authentication frame (seq 1) is received.
This fixes some cases where EAPOL-Key frames were sent encrypted using
the old key when a peer STA restarted itself and lost the key and had to
re-join the IBSS. Previously, that state required timing out the 4-way
handshake and Deauthentication frame exchange to recover.
Jouni Malinen [Sat, 14 Jan 2017 11:54:02 +0000 (13:54 +0200)]
tests: Disable HT in ibss_rsn to avoid a strange issue with mac80211
When fixing the TK clearing on Authentication frame RX, an issue in
getting unicast frames through after re-joining the IBSS was hit. It is
not exactly clear why this happens, but the unicast frame from the STA
that re-joined the network gets lost in the frame reorder buffer of the
STA that remains in the network.
For now, this disables HT to avoid a strange issue with mac80211
frame reordering during the final test_connectivity() call. Once that is
figured out, these disable_ht=1 calls should be removed from the test
case.
Relational operators (==) have higher precedence than the ternary
conditional in C. The last_subtype check for association/reassociation
was broken due to incorrect assumption about the precedence. Fix this by
adding parenthesis around the ternary conditional.
The previous implementation worked for Association Request frames by
accident since WLAN_FC_STYPE_ASSOC_REQ happens to have value 0 and when
the last receive frame was an Association Request frame, the
sta->last_subtype == reassoc check was true and non-zero
WLAN_FC_STYPE_REASSOC_REQ was interpreted as true. However, this was
broken for Reassociation Request frame. reassoc == 1 in that case could
have matched received Association Response frame (subtype == 1), but
those are not received in AP mode and as such, this did not break other
behavior apart from not being able to drop duplicated Reassociation
Request frames.
Jouni Malinen [Fri, 13 Jan 2017 22:05:47 +0000 (00:05 +0200)]
tests: Fix peerkey_sniffer_check with tshark 1.10.6
It looks like the previous mechanism for catching older tshark versions
for EAPOL-Key key info field was not sufficient. Fix that to cover the
version used in Ubuntu 14.04.
Jouni Malinen [Fri, 13 Jan 2017 19:06:21 +0000 (21:06 +0200)]
FILS: Fix PMK and PMKID derivation from ERP
This adds helper functions for deriving PMK and PMKID from ERP exchange
in FILS shared key authentication as defined in IEEE Std 802.11ai-2016,
12.12.2.5.2 (PMKSA key derivation with FILS authentication). These
functions is used to fix PMK and PMKID derivation which were previously
using the rMSK directly as PMK instead of following the FILS protocol to
derive PMK with HMAC from nonces and rMSK.
Dedy Lansky [Tue, 27 Dec 2016 09:25:00 +0000 (11:25 +0200)]
nl80211: Don't register for Beacon frames for IEEE 802.11ad AP
Beacon frames are not supported in IEEE 802.11ad network (DMG-beacons
used instead). To allow hostapd to manage IEEE 802.11ad AP with
device_ap_sme disabled, skip nl80211_register_beacons() for IEEE
802.11ad AP.
Jouni Malinen [Mon, 9 Jan 2017 15:56:46 +0000 (17:56 +0200)]
Assign additional vendor specific elements for early HE testing
These elements can be used for pre-standard publication testing of HE
before P802.11ax draft assigns the element ID extension. The payload of
these vendor specific elements is defined by the latest P802.11ax draft.
Please note that the draft is still work in progress and the element
payload is subject to change.
Johannes Berg [Wed, 11 Jan 2017 08:44:07 +0000 (09:44 +0100)]
tests: Add a test for mesh forwarding
Add a new test that tests connectivity between two stations that
can't reach each other directly in the mesh, but need forwarding
on another station to talk to each other.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Fri, 13 Jan 2017 10:01:20 +0000 (12:01 +0200)]
nl80211: Set NL80211_ATTR_IFACE_SOCKET_OWNER for connect and associate
This allows kernel to force disconnection if something kills the
wpa_supplicant process in a manner that does not allow proper cleanup to
be performed. The association is not supposed to be allowed to continue
after process has ended since there are number of operations that
wpa_supplicant may need to do during the association.
Jouni Malinen [Thu, 12 Jan 2017 10:24:08 +0000 (12:24 +0200)]
Fix country code in wpa_supplicant AP mode Country element
country[2] needs to be set to ' ' instead of left to '\0' for the case
where wpa_supplicant sets up AP mode operations and includes the Country
element. Currently, this would be only for DFS channels. Without this,
the Beacon frames would go out with incorrect third octet in the country
code.
Jouni Malinen [Sun, 8 Jan 2017 16:28:47 +0000 (18:28 +0200)]
tests: Add DRIVER_EVENT SCAN_RES for scan result testing
This control interface command can be used to inject scan results from
test scripts to make it easier to test various scan result processing
operations.
Jouni Malinen [Sun, 8 Jan 2017 10:17:58 +0000 (12:17 +0200)]
bgscan: Deliver beacon loss event to bgscan modules
This adds a call to the notify_beacon_loss() callback functions when
beacon loss is detected. In addition, a new CTRL-EVENT-BEACON-LOSS event
is made available through the wpa_supplicant control interface.
Jouni Malinen [Sun, 8 Jan 2017 10:08:04 +0000 (12:08 +0200)]
nl80211: More complete processing of connection quality monitor events
This adds processing of beacon loss events and generation of an internal
EVENT_BEACON_LOSS event based on them for wpa_supplicant processing. In
addition, number of consecutively lost (not acknowledged) packets is now
reported and TXE events are noted in the debug log.
Jouni Malinen [Sat, 7 Jan 2017 21:44:09 +0000 (23:44 +0200)]
Make "SET" behavior more consistent for dot11RSNA parameters
These parameters are global configuration parameters for wpa_supplicant
and the special control interface SET command handlers for them were
preventing the configuration update. Make this more consistent by
updating the configuration parameter as well since that is what all the
other SET <global config param> commands do.
Jouni Malinen [Sat, 7 Jan 2017 21:35:48 +0000 (23:35 +0200)]
Make "SET non_pref_chan .." behavior more consistent
non_pref_chan is a global configuration parameter for wpa_supplicant and
the special control interface SET command handler for it was preventing
the configuration update. Make this more consistent by updating the
configuration parameter as well since that is what all the other SET
<global config param> commands do.
Jouni Malinen [Sat, 7 Jan 2017 21:20:35 +0000 (23:20 +0200)]
Fix cert_in_cb parsing in wpa_supplicant.conf
Commit 483dd6a5e0069d0646505c26a5194eda15472858 ('Include peer
certificate always in EAP events') added this wpa_supplicant global
configuration parameter, but forgot to add the actual parsing of it, so
there was no way of setting the value.
Jouni Malinen [Sat, 7 Jan 2017 20:23:13 +0000 (22:23 +0200)]
Send BEACON-REQ-TX-STATUS event only for beacon reports
Check the action TX status callback contents more thoroughly and report
the BEACON-REQ-TX-STATUS event only if the Measurement Type indicates
beacon report.
Jouni Malinen [Sat, 7 Jan 2017 16:17:59 +0000 (18:17 +0200)]
RRM: Document Link Measurement Report frame construction steps
Add a comment to note which fields are expected to be updated by the
driver. In addition, reorder subfield writing to match the order in
which the fields are in the frame.
Jouni Malinen [Sat, 7 Jan 2017 15:47:12 +0000 (17:47 +0200)]
tests: Fix rrm_beacon_req_passive_ap_channels to use passive scan
The request from the AP was encoded incorrectly for this test case and
an active scan was requested instead of the passive one that was
supposed to be used here.
ieee80211_chan_to_freq() is not really meant for conversion of 20 MHz
primary channel numbers for wider VHT channels, so handle those as
special cases here for now.
Jouni Malinen [Sat, 7 Jan 2017 10:04:43 +0000 (12:04 +0200)]
RRM: Move wpabuf_resize() call into wpas_rrm_report_elem()
wpabuf_resize() can handle the initial allocation of a wpabuf and all
the other callers of wpas_rrm_report_elem() were already using a pointer
to a pointer and a wpabuf_resize() call. Simplify this by resizing the
wpabuf (if needed) within wpas_rrm_report_elem() instead of having to
calculate the needed size in all the callers. Thsi is also fixing one of
the allocation sizes to use the correct size instead of a size of a
struct that has nothing to do with the allocation (but is larger than
the needed five octets, so does not break anything).
Jouni Malinen [Sat, 7 Jan 2017 10:12:22 +0000 (12:12 +0200)]
tests: Prepare rrm_beacon_req_passive_no_match_oom for code change
Replace the TEST_ALLOC function wpas_beacon_rep_no_results with an
earlier function in the backtrace and wpabuf_resize() in preparation to
a code change that allows the compiler to optimize out
wpas_beacon_rep_no_results().
Jouni Malinen [Sat, 7 Jan 2017 09:52:18 +0000 (11:52 +0200)]
RRM: Remove unnecessary cb check
There is only a single caller for wpas_rrm_send_neighbor_rep_request()
and it unconditionally uses a callback function, so cb cannot be NULL
here and there is no need for additional complexity and extra code size
to check for it explicitly.
Dedy Lansky [Mon, 26 Dec 2016 19:00:51 +0000 (21:00 +0200)]
AP: Skip authentication/deauthentication phase for DMG/IEEE 802.11ad
Authentication and Deauthentication frames are not used in DMG/IEEE
802.11ad networks. For DMG/IEEE 802.11ad the following was implemented:
Upon receiving association request, allocate the sta object and
initialize it as if authentication took place. Upon receiving
disassociation, deallocate the sta object.
ap_sta_disassociate/ap_sta_deauthenticate/ap_sta_disconnect all use
disassociation instead of deauthentication. In driver_nl80211,
i802_sta_deauth() is routed to i802_sta_disassoc().
Dedy Lansky [Tue, 20 Dec 2016 15:04:43 +0000 (17:04 +0200)]
AP: Do not look for supported rates in DMG/IEEE 802.11ad
Supported Rates element is not present in DMG/IEEE 802.11ad frames. Make
copy_supp_rates() immediately return with success if hardware mode is
IEEE 802.11ad.
nl80211: Zero num_modes if nl80211_get_hw_feature_data() fails
It was possible that nl80211_get_hw_feature_data() function would return
NULL when num_modes is not set to zero. This might result in a later crash
when accessing hw.modes. This may be reproduced with hwsim oom tests, for
example, dbus_connect_oom.
Fix that by zeroing num_modes if NULL is returned.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Avraham Stern [Thu, 29 Dec 2016 09:37:58 +0000 (11:37 +0200)]
tests: Use group control interface for GO commands in autogo_chan_switch
The channel switch command is intended for the GO interface, but
it was not sent on the group control interface. For configurations
that use a separate interface for P2P groups, this will fail the test.
Fix this by sending the channel switch command on the group control
interface and waiting for the channel switch event on the group
control interface.
eap_proxy: On SIM error flush PMKSAs only for SIM/AKA/AKA' networks
Previously, SIM state change with SIM_STATE_ERROR cleared all PMKSA
entries (including non-SIM networks). Limit this to networks which use
SIM-based authentication methods to avoid unnecessarily removal of PMKSA
entries.
Jouni Malinen [Tue, 3 Jan 2017 15:31:32 +0000 (17:31 +0200)]
Fix OOM handling in neighbor report response handling
The pending neighbor report state needs to be cleared on error path here
to avoid getting stuck with being unable to perform any additional
neighbor reports during the association.
Jouni Malinen [Mon, 2 Jan 2017 21:04:02 +0000 (23:04 +0200)]
RRM: Enable beacon report with active/passive scan for all drivers
The requested behavior can be approximated for most use cases even if
the driver does not support reporting exact TSF values for frames.
Enable this capability for all drivers to make beacon report processing
more useful for a common use case.
Jouni Malinen [Sun, 1 Jan 2017 23:08:01 +0000 (01:08 +0200)]
Report received beacon report with BEACON-RESP-RX event
The new hostapd control interface event "BEACON-RESP-RX <STA address>
<dialog token> <report mode> <beacon report>" is now used to report
received beacon reports as a reponse to the REQ_BEACON operation.
Jouni Malinen [Sun, 1 Jan 2017 22:54:44 +0000 (00:54 +0200)]
Report beacon request TX status as control interface event
The new BEACON-REQ-TX-STATUS control interface event is now used to
report whether a beacon request (from REQ_BEACON command) was delivered
successfully. This event has the following parameters: <STA address>
<dialog token> <ack=0/1>.
Jouni Malinen [Sun, 1 Jan 2017 22:31:11 +0000 (00:31 +0200)]
Beacon request through hostapd control interface
The new control interface command "REQ_BEACON <STA addr>
[req_mode=<mode>] <beacon request>" can now be used to request hostapd
to transmit a measurement request to request a beacon report from an
associated STA. This command returns the assigned dialog token (1-255)
or FAIL on failure.
rrm_beacon_report=1 can now be used to make hostapd advertise capability
for beacon reports (passive, active, table). Actual mechanism for
sending out beacon requests will be added in separate commits.
Jouni Malinen [Sun, 1 Jan 2017 22:27:58 +0000 (00:27 +0200)]
Enable Beacon Report using beacon table for all drivers
The special parameters for beacon report scan are not needed for the
beacon report when using the beacon table measurement mode. Advertise
support for this case regardless of whether the driver supports the scan
parameters.
Jouni Malinen [Mon, 2 Jan 2017 22:15:59 +0000 (00:15 +0200)]
FILS: Fix FILS Realm Information ANQP-element construction
The loop to add hash values was supposed to be limited to at most 10000
values, but the count variable was not being decremented in the loop.
Fix this by decrementing counting for each iteration. This fixes
ANQP-element format in the unlikely case of there being more than 10000
configuration realms.
Avraham Stern [Wed, 28 Dec 2016 13:06:47 +0000 (15:06 +0200)]
wpa_supplicant: Add support for Beacon Report Radio Measurement
Beacon Report Radio Measurement is defined in IEEE Std 802.11-2016,
11.11.9.1. Beacon Report is implemented by triggering a scan on the
requested channels with the requested parameters.
Avraham Stern [Wed, 28 Dec 2016 13:06:44 +0000 (15:06 +0200)]
wpa_supplicant: Extend verify_channel() and make it global
Extend verify_channel() to return whether IR is allowed on the channel
or not, and make it a global function so it can be used in other files,
too. This makes this function useful for checking not only if a channel
is supported but also if it is allowed for active and passive scan.
projects / thirdparty / hostap.git / log
