Commit graph

12061 commits

Author SHA1 Message Date
Jouni Malinen
0c52ad116d tests: WNM BSS Transition Management OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-12 17:47:58 +02:00
Jouni Malinen
885bbd4de3 WNM: Remove unused code from BSS TM Req generation
The url argument to ieee802_11_send_bss_trans_mgmt_request() was
hardcoded to NULL in the only caller, so this code cannot be reached.
wnm_send_bss_tm_req() construct the same frame with more generic
parameters, including option for including the URL, so
ieee802_11_send_bss_trans_mgmt_request() can be simplified.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-12 17:44:56 +02:00
Jouni Malinen
e7ddd86a98 WNM: Use a common error path in ieee802_11_send_wnmsleep_resp()
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-12 17:44:56 +02:00
Jouni Malinen
5fcc8c5cdf tests: WNM Sleep Mode - protocol testing
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-12 17:44:56 +02:00
Jouni Malinen
d6d5970e23 WNM: Fix WNM-Sleep Mode Request parsing for WNM-Sleep element
The length of the WNM-Sleep element was not verified before using it.
This could result in reading the subfields in this element (total of
four octets) beyond the end of the buffer. Fix this by ignoring the
element if it is not long enough to contain all the subfields.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-12 17:44:56 +02:00
Jouni Malinen
ea8d18a061 tests: RSN AP deinit during PeerKey negotiation
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-12 11:18:03 +02:00
Jouni Malinen
8492cc79c0 PeerKey: Remove dead code related to STSL negotiation state
The struct wpa_stsl_negotiation seemed to have been for some kind of
tracking of state of PeerKey negotiations within hostapd. However,
nothing is actually adding any entries to wpa_auth->stsl_negotiations or
using this state. Since PeerKey does not look like something that would
be deployed in practice, there is no justification to spend time on
making this any more complete. Remove the dead code now instead of
trying to figure out what it might be used for.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-12 11:15:49 +02:00
Masashi Honma
e37c0aa5d1 OSU server: Remove invalid options from documentation
Remove -d and -I options which causes "Illegal option" error.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-02-11 12:55:19 +02:00
Jouni Malinen
f603c320d3 tests: Additional WMM AP parsing coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-11 12:12:41 +02:00
Jouni Malinen
0d60567030 WMM: Fix estimated medium time calculation for some corner cases
It was possible for the int medium_time variable to overflow, so use a
64-bit unsigned integer to get a large enough value for the
multiplication.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-11 12:12:28 +02:00
Jouni Malinen
ae26d30213 Fix "IEEE 802.11: Ignored Action frame" debug message
The arguments to printf were in incorrect order which resulted in
incorrect STA address in the debug message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-11 12:08:12 +02:00
Jouni Malinen
4ead4c7ecd WMM: Remove obsolete TODO comments
These are more about kernel behavior than anything that hostapd would
implement.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-11 10:29:18 +02:00
Jouni Malinen
577e794eba Sync android.config with wpa_supplicant defconfig changes
This adds new edits from defconfig to android.config. No new build
options are enabled, i.e., this is only bringing in comment updates and
new parameters in commented out form.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-11 10:21:56 +02:00
Jouni Malinen
784710b7ff Add bgscan options to wpa_supplicant defconfig
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-11 10:21:24 +02:00
Jouni Malinen
212a8f487f Fix wpa_supplicant defconfig copy-paste description
This is obviously for the wpa_supplicant binary, not hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-11 10:12:16 +02:00
Jouni Malinen
065c3cb8d1 tests: wpa_supplicant SET relative RSSI
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
vamsi krishna
57c3a605ce Add support to sched scan to report relatively better BSSs
Add support to set sched scan relative RSSI parameters so that the
drivers can report BSSs after relative comparision with the current
connected BSS. This feature is applicable only when in connected mode.

The below commands can be used to configure relative RSSI parameters
SET relative_rssi <disable|rssi_value>
	disable - to disable the feature
	rssi_value - amount of relative RSSI in dB
SET relative_band_adjust <band:adjust_value>
	band - "2G" or "5G" for 2.4 GHz or 5 GHz respectively
	adjust_value - amount of RSSI to be adjusted in dB

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
vamsi krishna
20c846d9ee nl80211: sched_scan relative RSSI parameters
Add driver interface support to set sched_scan relative RSSI parameters
and to indicate driver support for this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Badrish Adiga H R
37e9f511eb mka: Send MKPDUs forever if mode is PSK
Issue: When 2 peers are running MACsec in PSK mode with CA
established, if the interface goes down and comes up after
time > 10 seconds, CA does not get re-established.

Root cause: This is because retry_count of both the peers
would have reached MAX_RETRY_CNT and stays idle for other to
respond. This is clear deadlock situation where peer A waits
for MKA packets from peer B to wake up and vice-versa.

Fix: If MACsec is running in PSK mode, we should send MKPDUs
forever for every 2 seconds.

Signed-off-by: Badrish Adiga H R <badrish.adigahr@gmail.com>
2017-02-10 19:48:12 +02:00
Jouni Malinen
8a303f09a2 tests: EAP-AKA within EAP-TTLS/PEAP/FAST tunnel and reauth
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Jouni Malinen
76aa318381 EAP: Call deinit_for_reauth() for Phase 2 EAP methods
EAP-TTLS/PEAP/FAST were previously doing this for init_for_reauth(), but
not for deinit_for_reauth(). Add the deinit_for_reauth() call as well to
cover cases like EAP-AKA cleaup of AT_CHECKCODE data.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Jouni Malinen
02156b98b7 EAP-AKA: Don't use anonymous identity in phase2
This adds the same changes to EAP-AKA that were previous done for
EAP-SIM to allow functionality within an EAP-TTLS/PEAP/FAST tunnel
without causing issues to the phase 1 identity string.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Jouni Malinen
f22bc11846 tests: EAP-SIM tunneled within EAP-TTLS/PEAP/FAST
This verifies both the internal and external GSM authentication
operation when EAP-SIM is tunneled within EAP-TTLS/PEAP/FAST.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Paul Stewart
9e2afe10e6 EAP-SIM: Don't use anonymous identity in phase2
The "anonymous_identity" configuration field has more than one
semantic meaning. For tunneled EAP methods, this refers to the
outer EAP identity. For EAP-SIM, this refers to the pseudonym
identity. Also, interestingly, EAP-SIM can overwrite the
"anonymous_identity" field if one is provided to it by the
authenticator.

When EAP-SIM is tunneled within an outer method, it makes sense
to only use this value for the outer method, since it's unlikely
that this will also be valid as an identity for the inner EAP-SIM
method. Also, presumably since the outer method protects the
EAP-SIM transaction, there is no need for a pseudonym in this
usage.

Similarly, if EAP-SIM is being used as an inner method, it must
not push the pseudonym identity using eap_set_anon_id() since it
could overwrite the identity for the outer EAP method.

Signed-off-by: Paul Stewart <pstew@google.com>
2017-02-10 19:48:12 +02:00
Paul Stewart
ed9b1c16d5 EAP peer: Cache decrypted requests for EAP-SIM/AKA/AKA'
Add an internal flag which indicates to tunneled EAP methods (FAST,
PEAP, TTLS) that they should cache decrypted EAP-SIM/AKA/AKA' requests.
This allows EAP-SIM/AKA/AKA' to be tunneled within these outer methods
while using an external SIM authenticator over the control interface.

Signed-off-by: Paul Stewart <pstew@google.com>
2017-02-10 19:48:12 +02:00
Jouni Malinen
c299dea558 tests: WPA-PSK/TKIP countermeasures (detected by two STAs)
This includes check for hostapd ending TKIP countermeasures.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Jouni Malinen
5f11880f6a SME: Remove null ie param from CTRL-EVENT-AUTH-REJECT
Clean up the event message by removing the ie=<value> parameter when the
IEs are not available instead of printing out "ie=(null)".

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Jouni Malinen
6dbfefb9b4 tests: Additional RRM testing coverage for hostapd
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Jouni Malinen
4d70b2a4e5 RRM: Fix a memory leak in beacon request handling
Free the pending frequency list if a second beacon request is received
before the scan for the previous one has been completed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:04 +02:00
Jouni Malinen
401243b73e RRM: Fix range request overriding
This was supposed to cancel the existing eloop timeout instead of
registering another one.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-09 13:26:06 +02:00
Jouni Malinen
fb81c0a3d1 RRM: Merge similar error returns to a single one
There is no need to maintain different return paths for STA being
completely not present and not authorized, so merge these into a single
case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-09 13:26:06 +02:00
Jouni Malinen
13b30052d9 RRM: Fix Range Request max age parsing
This 16-bit field uses little endian encoding and it must be read with
WPA_GET_LE16() instead of assuming host byte order is little endian. In
addition, this could be misaligned, so using a u16 pointer here was not
appropriate.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-09 13:26:06 +02:00
Jouni Malinen
360440db2d tests: More WPA2 PSK from RADIUS Tunnel-Password coverage
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-08 23:48:20 +02:00
Jouni Malinen
77376f3057 tests: RADIUS MAC ACL and server unreachable
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-08 23:48:20 +02:00
Jouni Malinen
bd6ec7f7ca Fix MAC ACL query freeing on deinit
hapd->acl_cache and hapd->acl_queries were not reset back to NULL in
hostapd_acl_deinit() when cached results and pending ACL queries were
freed. This left stale pointers to freed memory in hapd. While this was
normally followed by freeing of the hapd data, it is possible to re-use
that hapd when disabling and re-enabling an interface. That sequence
could result in use of freed memory if done while there were cached
results or pending ACL operations with a RADIUS server (especially, if
that server did not reply).

Fix this by setting hapd->acl_queries to NULL when the pending entries
are freed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-08 23:48:19 +02:00
Jouni Malinen
b3f32a24d4 tests: RADIUS MAC ACL and OOM
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-08 23:48:19 +02:00
Jouni Malinen
7745728ee8 tests: RADIUS Accounting in RSN and failure to add attributes due to OOM
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-08 23:48:19 +02:00
vamsi krishna
b4fd1f0ed7 Allow PNO scan also in connection completed state
Sched scan is supported by the kernel also in the connected state, so
allow PNO scan to be issued in the connected state from wpa_supplicant
as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-08 15:55:35 +02:00
Jouni Malinen
6f9b4de228 tests: Make ap_wps_er_http_proto less likely to fail
The test step for concurrent HTTP connections seems to be failing quite
frequently when running in a virtual machine with run-tests.py (but not
that much with kvm and vm-run.sh). The failures are due to only 8 or 9
sockets getting a response from the HTTP server. This is sufficient for
testing purposes, to drop the pass criterium from 10 to 8 concurrent
connections. This avoids unnecessary test failures and also allows the
rest of the test case to be performed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-08 13:53:11 +02:00
Jouni Malinen
02538b39b4 tests: Check for ebtables having been installed
This makes proxyarp_open_ebtables and proxyarp_open_ebtables_ipv6 return
SKIP cleanly if the ebtables binary is not installed or does not work.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-08 13:35:36 +02:00
Jouni Malinen
4c6f450cad Add radio_work_is_connect() helper
This avoids duplicated code to check for different types of connection
radio work items.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 23:58:56 +02:00
Sunil Dutt
85b6b6b6e1 Serialize scan/p2p-scan if already scheduled on the same interface
The current implementation of QCA vendor scan does not handle the
simultaneous scan/p2p-scan operations on the same interface due to
missing support for tracking multiple scan cookie values. Hence
serialize such operations on the same interface for now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 23:58:55 +02:00
Jouni Malinen
b8564c9db0 tests: Make radius_acct_interim more robust
Wait one more second to make the test case less likely to fail while
still being able to verify that interim updates are performed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 23:58:55 +02:00
Jouni Malinen
0fcaff7a70 tests: Clear country code at the end of wpas_config_file
This test case was mistakenly leaving the country code FI configured at
the end which could result in issues with the following test cases. Fix
this by explicitly clearing the country code back to world roaming 00 at
the end of wpas_config_file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 23:03:35 +02:00
Jouni Malinen
fcb303a57f P2P: Clear driver scan cache after BSS_FLUSH
The only_new_results=1 scan parameter was previously set on other scan
cases, but not on the two P2P specific scan triggers. Set this also for
those P2P cases to get consistent behavior after BSS_FLUSH.

This was showing up with number of hwsim P2P test cases maintaining
unexpected scan results from previous test cases due to the flush
operation not really working correctly since the cfg80211 BSS table was
not explicitly cleared.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 22:48:20 +02:00
Jouni Malinen
0d6dc6830c FILS: Clean up HLP resize check
The "!wpabuf_resize(...) == 0" condition does not make any sense. It
happens to work, but this is really supposed to simple check with
wpabuf_resize() returns non-zero and "wpabuf_resize(...)" is the
cleanest way of doing so.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 20:50:33 +02:00
Vamsi Krishna
16f91791da tests: Verify GAS/ANQP transmitter address randomization
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 19:54:58 +02:00
Vamsi Krishna
1d9d21f376 GAS: Add support to randomize transmitter address
Add support to send GAS requests with a randomized transmitter address
if supported by the driver. The following control interface commands
(and matching configuration file parameters) can be used to configure
different types of randomization:

"SET gas_rand_mac_addr 0" to disable randomizing TX MAC address,
"SET gas_rand_mac_addr 1" to randomize the complete TX MAC address,
"SET gas_rand_mac_addr 2" to randomize the TX MAC address except for OUI.

A new random MAC address will be generated for every
gas_rand_addr_lifetime seconds and this can be configured with
"SET gas_rand_addr_lifetime <timeout>".

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 19:41:32 +02:00
Vamsi Krishna
8331c9b316 nl80211: Add support for mgmt_tx with random TA
This adds support for specifying a random TA for management frame
transmission commands and driver capability flags for indicating whether
this is supported in not-connected and connected states.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 19:35:34 +02:00
Jouni Malinen
14fa723a9c Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2017-01-13.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-07 18:55:35 +02:00