Jouni Malinen [Wed, 14 May 2014 22:02:03 +0000 (01:02 +0300)]
tests: Make WPS test cases more robust
Scan explicitly for the AP that may be started during the test case
execution. This is needed to work around issues where under heavy CPU
load, the single active scan round may miss the delayed Probe Response
from the second AP.
Jouni Malinen [Wed, 14 May 2014 21:31:30 +0000 (00:31 +0300)]
tests: Make ap_wpa2_eap_ttls_server_cert_hash_invalid more robust
Instead of checking for multiple EAP starts (which can occur if
EAPOL-Start from supplicant goes out quickly enough, e.g., due to CPU
load), look for the explicit message indicating that TTLS method
initialization failed.
Jouni Malinen [Wed, 14 May 2014 14:02:32 +0000 (17:02 +0300)]
tests: Make FT test cases more robust
Scan explicitly for the AP that may be started during the test case
execution. This is needed to work around issues where under heavy CPU
load, the single active scan round may miss the delayed Probe Response
from the second AP. In addition, check for ROAM/FT_DS failures to be
able to report errors more clearly.
Jouni Malinen [Wed, 14 May 2014 10:35:32 +0000 (13:35 +0300)]
tests: Make HS 2.0 test cases more robust
Scan explicitly for the AP that may be started during the test case
execution. This is needed to work around issues where under heavy CPU
load, the single active scan round may miss the delayed Probe Response
from the second AP.
Jouni Malinen [Wed, 14 May 2014 09:54:13 +0000 (12:54 +0300)]
tests: Make scan and scan_only more robust
These can fail during heavy CPU load due to active scan dwell time not
being long enough to catch the delayed Probe Response frame from the AP.
Work around this by allowing multiple scan attempts to see the response.
Jouni Malinen [Tue, 13 May 2014 23:31:55 +0000 (02:31 +0300)]
tests: Verify P2P GO start when scan_req = MANUAL_SCAN_REQ
There was a bug in this code path that resulted in the
skip-scan-to-start-GO case to not actually skip the scan. It looks like
this could be hit at least when autoscan was enabled, but it is possible
that some other sequences could hit this as well.
Jouni Malinen [Tue, 13 May 2014 23:13:18 +0000 (02:13 +0300)]
P2P: Make sure GO start does not miss connect_without_scan
It looks like there was a possible sequence for wpa_s->scan_req to be
MANUAL_SCAN_REQ at the moment a GO is to be started. This could result
in the "Request scan (that will be skipped) to start GO" to actually not
skip the scan and end up stuck waiting for something external to trigger
a scan before the GO could be started. Fix this by clearing
wpa_s->scan_req when deciding to start the GO.
This issue could be hit at least by first enabling autoscan and then
issuing P2P_GROUP_ADD. Other sequences that set wpa_s->scan_req to
MANUAL_SCAN_REQ without going through wpa_supplicant_scan() to clear it
immediately could also have similar effect (and there is even a small
window for the wpa_supplicant_scan() call to happen only after the
P2P_GROUP_ADD command is processed, so this could potentially have
happened even with SCAN + P2P_GROUP_ADD).
Jouni Malinen [Tue, 13 May 2014 22:29:55 +0000 (01:29 +0300)]
tests: Work around grpform_pbc_overlap robustness issues
Since P2P Client scan case is now optimzied to use a specific SSID, the
WPS AP will not reply to that and the scan after GO Negotiation can
quite likely miss the AP due to dwell time being short enoguh to miss
the Beaco frame. This has made the test case somewhat pointless, but
keep it here for now with an additional scan to confirm that PBC
detection works if there is a BSS entry for a overlapping AP.
Jouni Malinen [Tue, 13 May 2014 21:47:42 +0000 (00:47 +0300)]
nl80211: Fix send_frame freq for IBSS
bss->freq was not updated for IBSS, so whatever old value was stored
from a previous AP mode operation could end up having been used as the
channel when trying to send Authentication frames in an RSN IBSS. This
resulted in the frame not sent (cfg80211 rejects it) and potentially not
being able to re-establish connection due to 4-way handshake failing
with replay counter mismatches. Fix this by learning the operating
channel of the IBSS both when join event is received and when a
management frame is being transmitted since the IBSS may have changed
channels due to merges.
Jouni Malinen [Tue, 13 May 2014 21:12:40 +0000 (00:12 +0300)]
tests: Make pmksa_cache_on_roam_back more robust
The single channel scan while associated to another AP and immediately
after starting the second AP can miss the Probe Response frame
especially under heavy CPU load. Avoid false error reports by allowing
multiple scan rounds to be performed. wpas_ctrl_bssid_filter is also
modified to take into account different get_bss() behavior.
Rashmi Ramanna [Tue, 13 May 2014 10:44:18 +0000 (16:14 +0530)]
P2P: Fix scan optimization for GO during persistent group invocation
Commit 41d5ce9e0b7b37dd84fbf3c1aa5ed571c32321d4 was intended to scan for
GO on the negotiated channel for few iterations, but it did not work
correctly due to incorrect operator being used. Fix this by requiring
both conditions to be met for the single channel scan.
P2P: Validate GO operating channel on channel list changes
On receiving CHANNEL_LIST_CHANGED event from driver, verify that local
GO (if any) is operating in valid frequency. If not, we should remove
the group and reform on valid frequency. Indicate this similarly to the
avoid-frequency notification (i.e., a control interface message for
upper layers to react to this for now; potentially CSA later).
This command allows to copy network variable from one network to
another, e.g., to clone the psk field without having to extract it from
wpa_supplicant.
Hannu Mallat [Mon, 12 May 2014 11:33:12 +0000 (14:33 +0300)]
dbus: Reorder deauthentication and cleanup calls when removing a network
Valgrind indicates reference to already freed memory if function
wpa_config_remove_network() is called prior to calling
wpa_supplicant_deauthenticate(), and this can lead to a crash.
Inverting the call order fixes the problem.
Signed-off-by: Hannu Mallat <hannu.mallat@jollamobile.com>
Jouni Malinen [Sun, 11 May 2014 17:42:18 +0000 (20:42 +0300)]
tests: EAP-IKEv2 fragmentation
This adds a test case for the server fragmenting an EAP-IKEv2 message.
In addition, the fragmentation threshold is made shorter to trigger
fragmentation for all messages.
Jouni Malinen [Sun, 11 May 2014 17:40:44 +0000 (20:40 +0300)]
EAP-IKEv2: Allow frag ack without integrity checksum
RFC 5106 is not exactly clear on the requirements for the "no data"
packet that is used to acknowledge a fragmented message. Allow it to be
processed without the integrity checksum data field since it is possible
to interpret the RFC as this not being included. This fixes reassembly
of fragmented frames after keys have been derived.
Jouni Malinen [Sun, 11 May 2014 15:38:07 +0000 (18:38 +0300)]
EAP-pwd: Fix processing of group setup failure
If invalid group was negotiated, compute_password_element() left some of
the data->grp pointer uninitialized and this could result in
segmentation fault when deinitializing the EAP method. Fix this by
explicitly clearing all the pointer with eap_zalloc(). In addition,
speed up EAP failure reporting in this type of error case by indicating
that the EAP method execution cannot continue anymore on the peer side
instead of waiting for a timeout.
Jouni Malinen [Sun, 11 May 2014 15:18:58 +0000 (18:18 +0300)]
tests: Fix scan_bss_operations
The BSS id numbers were assumed to start from 0 at the beginning of this
test case, but that is only the case if this is run as the first test
after starting wpa_supplicant. Fix the test case to figure out the id
values dynamically to avoid false errors.
Jouni Malinen [Sun, 11 May 2014 09:43:09 +0000 (12:43 +0300)]
eapol_test: Check EAP-Key-Name
The new command line argument -e can be used to request the server to
send EAP-Key-Name in Access-Accept. If both the local EAP peer
implementation and server provide the EAP Session-Id, compare those
values and indicate in debug log whether a match was seen.
Jouni Malinen [Sat, 10 May 2014 22:06:00 +0000 (01:06 +0300)]
tests: EAP-SIM/AKA/AKA' with SQLite
Extend EAP-SIM/AKA/AKA' test coverage by setting up another
authentication server instance to store dynamic SIM/AKA/AKA' information
into an SQLite database. This allows the stored reauth/pseudonym data to
be modified on the server side and by doing so, allows testing fallback
from reauth to pseudonym/permanent identity.
Jouni Malinen [Sun, 11 May 2014 14:54:59 +0000 (17:54 +0300)]
EAP-SIM peer: Fix counter-too-small message building
The extra data (nonce_s) used in this message was pointing to the
parsed, decrypted data and that buffer was previously freed just before
building the new message. This resulted in use of freed data and
possibly incorrect extra data value that caused the authentication
attempt to fail. Fix this by reordering the code to free the decrypted
data only after the new message has been generated. This was already the
case for EAP-AKA/AKA', but somehow missing from EAP-SIM.
Jouni Malinen [Sat, 10 May 2014 13:15:20 +0000 (16:15 +0300)]
Interworking: Allow FT to be used for connection
This extends Interworking network selection to enable FT-EAP as an
optional key_mgmt value to allow FT to be used instead of hardcoding
WPA2-Enterprise without FT.
Sunil Dutt [Tue, 6 May 2014 16:34:37 +0000 (22:04 +0530)]
P2P: Refrain from performing extended listen during P2P connection
Do not perform extended listen period operations when either a P2P
connection is in progress. This makes the connection more robust should
an extended listen timer trigger during such an operation.
nl80211: Use max associated STAs information in AP mode
Propagate max associated STAs in AP mode advertised by the driver to
core wpa_supplicant implemantion. This allows wpa_supplicant to update
the P2P GO group limit information automatically without having to
configure this limit manually. The information (if available) is also
used in the generic AP implementation to control maximum number of STA
entries.
TDLS: Disable links during AP deauth in external flow
When de-authenticating from the AP, disable each TDLS link after
sending the teardown packet. Postpone the reset of the peer state
data until after the link disable request.
Ilan Peer [Thu, 24 Apr 2014 05:45:33 +0000 (08:45 +0300)]
nl80211: Take ownership of dynamically added interfaces
Indicate to cfg80211 that interfaces created by the wpa_supplicant
or hostapd are owned by them, and that in case that the socket that
created them closes, these interfaces should be removed.
TDLS: Pass peer's capability info to the driver in open mode
Commit 96ecea5eb14cc1362cb01b914ac4163324294a28 did not consider
to pass the VHT/HT/WMM capabilities of the peer for BSS with
open mode.
Address this issue by passing the capabilities irrespective of
the security mode.
tests: Verify global control interface before starting each test
This allows control interface issues to be caught in a bit more readable
way in the debug logs. In addition, dump pending monitor socket
information more frequently and within each test case in the log files
to make the output clearer and less likely to go over the socket buffer
limit.
It is possible for a scan to fail to see Probe Response or Beacon frame
under heavy load (e.g., during a parallel-vm.sh test run) since the
dwell time on a chanenl is quite short. Make the test cases using
INTERWORKING_SELECT more robust by trying again if the first attempt
does not find a matching BSS.
Check rx_mgmt::frame more consistently against NULL
If a driver wrapper misbehaves and does not indicate a frame body in the
event, core hostapd code should handle this consistently since that case
was already checked for in one location.
sta == NULL check is already done above based on category !=
WLAN_ACTION_PUBLIC, but that seems to be too complex for some static
analyzers, so avoid invalid reports by explicitly checking for this
again in the WLAN_ACTION_FT case.
Make dl_list_first() and dl_list_last() uses easier for static analyzers
The previous check for dl_list_len() or having an entry from the list is
sufficient, but some static analyzers cannot figure out that
dl_list_first() and dl_list_last() will return non-NULL in this type of
cases. Avoid invalid reports by explicitly checking for NULL.
Checking sm->pmksa is sufficient here, but that seems to be too
difficult for static analyzers to follow, so avoid false reports by
explicitly checking pmkid as well.
Remove floating constant suffix 'd' from test coee
clang scan-build does not seem to like the 'd' suffix on floating
constants and ends up reporting analyzer failures. Since this suffix
does not seem to be needed, get rid of it to clear such warnings.
Make last_scan_res update easier for static analyzers
The check based on last_scan_res_used is sufficient for making sure that
last_scan_res is allocated. However, it is a bit too complex for static
analyzers to notice, so add an explicit check to avoid bogus reports.
P2P: Verify operating channel validity for NFC connection handover
p2p_freq_to_channel() could return an error if the GO or P2P Client
operating channel is not valid. Check for this before generating the NFC
handover message.
tests: Make ap_wps_er_add_enrollee check a bit more robust
It is possible for the final step of the test case to fail under load
(e.g., when using parallel-vm.sh with large number of VMs), so run
through additional scan iterations if the WPS-AUTH flag does not get
removed immediately.
tests: HT 20/40 co-ex functionality during BSS lifetime
Verify that AP acts on 40 MHz intolerant STA association/disassociation
and on 20/40 co-ex report indicating 40 MHz intolerant AP showed up and
removed.
Retry initial 20/40 MHz co-ex scan if the driver is busy
This makes the initial OBSS scans in AP mode before starting 40 MHz BSS
more robust. In addition, HT20 can be used as a backup option if none of
the scans succeed.
Add AP mode support for HT 20/40 co-ex Action frame
If a 2.4 GHz band AP receives a 20/40 Coexistence management frame from
a connected station with 20/40 BSS Intolerant Channel Report element
containing the channel list in which any legacy AP are detected or AP
with 40 MHz intolerant bit set in HT Cap IE is detected in the affected
range of the BSS, the BSS will be moved from 40 to 20 MHz channel width.
hostapd: Extend support for HT 20/40 coexistence feature
Extend the minimal HT 20/40 co-ex support to include dynamic changes
during the lifetime of the BSS. If any STA connects to a 2.4 GHz AP with
40 MHz intolerant bit set then the AP will switch to 20 MHz operating
mode.
If for a period of time specified by OBSS delay factor and OBSS scan
interval AP does not have any information about 40 MHz intolerant STAs,
the BSS is switched from HT20 to HT40 mode.
There could be pending unsolicited event messages on the monitor socket
when the DETACH command is issued. As such, the response may be
something else then OK even if the actual detach operation succeeded.
Try to avoid this be dropping pending messages before issuing the detach
command. As an additional workaround, check the response against FAIL
instead of requiring OK so that the self.attached does not get left to
True incorrectly even if an additional event message were to be
received.
projects / thirdparty / hostap.git / log
