The ap_ciphers tests used to do file operations locally in python. Start
using the cmd_execute() general function for file operations so that
this would also work on remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Add the feature to execute shell commands on each wpa_supplicant/hostapd
interface host. When executing remote tests the interfaces are not all
on a single host so when executing shell commands the test needs to
execute the command on the host which the interface relevant for the
command is on. This patch enables tests to execute the command on the
relevant host.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The next commit modifies the BSS command behavior to report partial
results for a BSS, so mesh_scan_oom needs to allow a BSS entry to be
returned as long as it does not include the mesh information.
Signed-off-by: Jouni Malinen <j@w1.fi>
Check for MESH-PEER-CONNECTED from dev[1] before reporting MGMT-RX
timeout errors from dev[0]. This avoids false failures in case the short
0.01 s timeout at the end of the loop was not long enough to catch the
message.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that the Accepting Additional Mesh Peerings field is being
cleared properly when the maximum peer links count is reached.
Signed-off-by: Jouni Malinen <j@w1.fi>
Start using the wpa_supplicant remote UDP interface for the control and
monitor sockets for P2P group interfaces so that P2P tests would work on
real hardware. Also have the group requests and events show in the test
log with the hostname and the interface name of the group interface.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Use a monitor interface given in the command line that is not also a
station or an AP as a monitor running wlantest on the channel used by
the test. This makes all the tests that use wlantest available for
execution on real hardware on remote hosts.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Instead of accessing the logs list member of the remote host directly,
use a function to add logs to the remote host to be collected after the
test. This enables us to later have different implementation of remote
hosts or logs collection without requiring to have this list as the
implementation.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The regular hwsim tests use both unicast and broadcast frames to test
the connectivity between 2 interfaces. For real hardware (remote hwsim
tests) the broadcast frames will sometimes not be seen by all connected
stations since they can be in low power mode during DTIM or because
broadcast frames are not ACKed. Use 10 retries for broadcast
connectivity tests for real hardware so that the test will pass if we
successfully received at least one of them.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
This is needed to work with the tls_openssl.c changes that renamed the
function that is used for deriving the EAP-FAST keys.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit afb2e8b891 ('tests: Store P2P
Device ifname in class WpaSupplicant') did not take into account the
possibility of capa.flags not existing in get_driver_status() and broke
WEXT test cases. Fix this by checking that capa.flags is present before
looking at its value.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add monitor support. This supports monitors added to the current
interfaces. This also support standalone monitor with multi interfaces
support. This allows to get logs from different channels at the same
time to one pcap file.
Example of t3-monitor added to config.py file.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This is a regression test case to verify that MTK is calculated properly
also in this unexpected sequence.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that pmf=2 is ignored for a non-RSN network while a
network profile specific ieee80211w=2 is enforced.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that a WPA2PSK passphrase with control characters gets
rejected in a WPS Credential and that control characters in SSID get
written as a hexdump.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When a dedicated P2P Device interface is used, its configuration should
be cloned to the group interface. Add a test that covers this both when
a separate group interface is used and not.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Use the global control interface to remove P2P network blocks, to
support cases when a dedicated P2P Device interface is used.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Some environments define default system wide HTTP proxy. Using default
system configuration may result in a failure to open some HTTP URLs. Fix
this by ensuring that no proxies are used.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In p2p_channel_vht80_autogo and p2p_channel_vht80p80_autogo, parse the
P2P-GROUP-STARTED event prior to calling the group_request() method, as
otherwise the group ifname is not set.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Support configurations that use a dedicated P2P Device interface by
using the global control interface and specifying the interface name for
the GET commands fetching the ip_addr_go parameter.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Modify the persistent_group_profile_add test to support configurations
that use a dedicated P2P Device interface by sending the ADD_NETWORK and
SET_NETWORK commands on the global control interface and specifying the
P2P Device interface name.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add an attribute to class WpaSupplicant with the name of the
P2P Device interface. If a separate interface is not used for
P2P Device, this attribute will hold the name of the only used
interface (with functions also as the P2P Device management
interface).
This attribute will be used to direct P2P related commands to the
P2P Device interface, which is needed for configurations that use
a separate interface for the P2P Device.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Waiting for the P2P-DEVICE-FOUND event should be done on the global
control interface to support configurations that use a dedicated P2P
Device interface.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Support configurations that use a dedicated P2P Device interface by
sending the P2P_CONNECT command on the global control interface.
In addition, when a dedicated P2P Device interface is used, there is no
need to manually respond to the Provision Discovery Request since the
request is processed by the P2P Device interface and this interface was
not set for external RX management frames handling.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This fixes commit 2f0f69a9ec ('tests: Use
p2ps_provision() and p2ps_connect_pd() in p2ps_connect_p2ps_method()').
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
1. Fail roaming to an AP which exceeded its number of allowed stations.
2. Fail roaming due to passphrase mismatch.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
It is better to use a list of command line arguments for the local
execution case and convert that to a space-separated string for the
remote case.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes the DFS test cases that use start_dfs_ap() more usable for
testing with remote hosts.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass apdev to instead of HostapdGlobal() to invalid_ap() to make the
dynamic AP test cases more useful for testing with remove hosts.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Use hostapd.add_ap() and hostapd.remove_bss() to avoid direct
HostapdGlobal() use in some of the dynamic AP test cases to make them
more usable for testing with remote hosts.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass apdev param to hostapd.add_bss(). Kill hardcoded phy param and get
phy base on apdev. These are needed to support operation with a remote
test host.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
We need this for remote host support. From apdev we can get
apdev['hostname'] and apdev['port'].
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
1. Add tests for hostapd neighbor database and neighbor report and
request. Remove the partial neighbor report request test from
test_wpas_ctrl.py since they are now covered more completely in
test_rrm.py.
2. Add LCI request test.
3. Add FTM range request signaling test. This covers only the control
interface commands and measurement request/response exchange for now.
Full end-to-end functionality requires support of station reporting
RRM capability.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Use quotation marks to match the new SSID encoding format in the
NEIGHBOR_REP_REQUEST command. In this specific test case, the exact SSID
value did not make any difference for behavior. The previous version
ended up getting decoded as a hexstring after the NEIGHBOR_REP_REQUEST
format change. The new version goes back to the ASCII string version of
"abcdef".
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Modify the test cases to tests the Hotspot 2.0 filtering functionality
in wpa_supplicant, instead of testing only the kernel interface.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The new persistent_group_peer_dropped3 test case is similar to
persistent_group_peer_dropped with the difference being in the
responding device (the one from which the persistent group information
is dropped) is not issued a separate P2P_LISTEN command and instead, a
single P2P_FIND is used through the exchange to verify that this
operation does not get stopped unexpectedly. This is a regression test
case to verify that P2P_PENDING_INVITATION_RESPONSE case ends up calling
p2p_check_after_scan_tx_continuation() in non-success case. It should be
noted that this is dependent on timing: Action frame TX request needs to
occur during the P2P_FIND Search phase (scan). As such, not every
execution of this test case will hit the previous issue sequence, but
that should be hit every now and then.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (7) converts the cases where a local variable is used to store
apdev[#]['ifname'] before passing it as the argument to hostapd.add_ap().
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (6) converts the cases where apdevs[#]['ifname'] was used as
the argument to hostapd.add_ap().
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (5) converts the cases that use the start_ap_wpa2_psk() helper
function.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (4) converts the cases that call hostapd.add_ap() from a
helper function that got apdev[i] as an argument.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (3) converts the cases that use the start_ap() helper
function.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (2) converts the cases that use the add_ssdp_ap() helper
function.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (1) converts the cases where apdev[#]['ifname'] was used as
the argument to hostapd.add_ap().
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This allows the full apdev dict to be passed to the add_ap() function
instead of just ifname. This allows us to handle also remote hosts while
we can check apdev['hostname'], apdev['port']. The old style ifname
argument is still accepted to avoid having to convert all callers in a
single commit.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
The test cases fst_ap_start_session_oom and fst_setup_mbie_diff did not
clean up FST sessions properly in case alloc_fail failed due to missing
support for it in the build. This could result in abandoning attached
hostapd global control interface monitors and test case failures due to
the global control interface socket running out of output buffer.
Fix this by going through the cleanup steps even if alloc_fail raises
HwsimSkip exception.
Signed-off-by: Jouni Malinen <j@w1.fi>
For now, this is not enforcing cfg80211 reassociation since the needed
changes do not yet exist in the upstream kernel. Once those changes are
accepted, the TODO note in the test case can be addressed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This needs to be allowed with OpenSSL 1.1.0 since the RC4-based cipher
has been disabled by default.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This class allows execution of commands on a remote hosts/machine. This
is based on ssh with authorized keys, so you should be able to execute
such commands without any password:
ssh <user>@<hostname> id
By default user is root.
Support for sync and async calls is included.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This is needed for ap_vlan_tagged_wpa2_radius_id_change to pass. The
ioctl-based vlan_add() function does not use the vlan_if_name parameter
at all.
Signed-off-by: Jouni Malinen <j@w1.fi>
The no self.global_iface case was not returning the result from the
self.request() case. While this is not really a path that is supposed to
be used, make it return the response since it is at least theoretically
possible to get here.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to allow updated Interworking behavior that adds the
realm to the EAP-Response/Identity value.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Incorrect path and file name was used in the openssl command to generate
one of the OCSP responses. Also fix
ap_wpa2_eap_tls_intermediate_ca_ocsp_multi to expect success rather than
failure due to OCSP response. Based on the test description, this was
supposed to succeed, but apparently that root_ocsp() bug prevented this
from happening.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Test different delay intervals between the INTERFACE_DISABLED event
and the INTERFACE_ENABLED event for discovery_and_interface_disabled.
Previously, only a delay of 1 second was used, in which case the
scan results for the P2P_FIND operation were received after the
interface was enabled again, and the case the scan results were
received while the interface was disabled was not covered.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
A malicious station could try to do FT-over-DS with a non WPA-enabled
BSS. When this BSS is located in the same hostapd instance, internal RRB
delivery will be used and thus the FT Action Frame will be processed by
a non-WPA enabled BSS. This processing used to crash hostapd as
hapd->wpa_auth is NULL.
This test implements such a malicious request for regression testing.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This adds new tests to verify pmksa_cache_preauth when
used with per_sta_vif and possibly vlans.
While at it it refactors the code such that the tests
pmksa_cache_preauth
pmksa_cache_preauth_vlan_enabled
pmksa_cache_preauth_vlan_used
pmksa_cache_preauth_per_sta_vif
pmksa_cache_preauth_vlan_enabled_per_sta_vif
pmksa_cache_preauth_vlan_used_per_sta_vif
share code where possible.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This adds a test case ap_vlan_reconnect. It connects, disconnects, and
reconnects a station in a VLAN. This tests for a regression with
wpa_group entering the FATAL_FAILURE state as the AP_VLAN interface is
removed before the group was stopped.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This extends the P2P Device testing coverage to include the newly
enabled option of using the primary interface (e.g., wlan0) for P2P
group operation instead of always forcing a separate group interface to
be created dynamically.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This tests BSS Transition Management Query frame generation with
candidate list and transmission of the following request and response
frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a test that verifies that no Association Request frame is sent to
APs that include the MBO IE with association disallowed attribute in
Beacon and Probe Response frames.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add tests to verify that MBO IE in BSS Transition Management Request
frame is parsed correctly:
1. The MBO transition reason code is received by the MBO station.
2. The MBO cellular data connection preference is received by the
MBO station.
3. The MBO station does not try to connect to the AP until the retry
delay is over.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This is needed to avoid reporting failures after a change to remove the
fallback path in PIN generation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This enhances the test pmksa_cache_preauth_vlan_used to check
connectivity in the correct VLAN bridge.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
The use of the newer OpenSSL API in openssl_hmac_vector() removes one of
the memory allocations, so the TEST_ALLOC_FAIL here could not trigger.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that num_plinks is decremented properly if a peer mesh STA
reconnects without closing the link explicitly.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case for enforcing that AP setup fails in case there is need
to fall back to 20 MHz channel due to invalid 40 MHz configuration.
Modify this to allow successful AP startup as long as 40 MHz channel
does not get enabled.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that the persistent group information gets dropped based
on peer response (unknown group) and that a new group formation can be
completed after such invitation failure.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previous version expired in January. The new ones are from running
ec-generate.sh and ec2-generate.sh again.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is a regression test case for hostapd bug where the
disconnection/deauthentication TX status callback timeout could be
forgotten after new association if no ACK frame was received and the STA
managed to reconnect within two seconds.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The OpenSSL memory allocation changes broke this test case. Fix this by
removing the cases that do not get triggered anymore and add a separate
wpas_ctrl_error test case to cover the fail_test() versions of errors.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use helper variable to indicate end of the test case instead of having
to use a fixed length of the loop.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed to fix ap_wpa2_eap_psk_oom, ap_wpa2_eap_sim_oom,
eap_proto_psk_errors, and ap_ft_oom with the new OpenSSL dynamic memory
allocation design.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These need to be run without realm in the identity value to allow the
realm from the anonymous_identity to be used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These test cases verify that EAP-SIM with external GSM auth supports the
use case of replacing the SIM. The first test case does this incorrectly
by not clearing the pseudonym identity (anonymous_identity in the
network profile) while the second one clears that and shows successful
connection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible to hit an error case in ap_wpa2_eap_in_bridge where the
selectedMethod STATUS field was not available. This resulted in not very
helpful "'selectedMethod'" message in the test log file. Make this
clearer by dumping all received STATUS fields and a clearer exception
message indicating that selectedMethod was missing.
Signed-off-by: Jouni Malinen <j@w1.fi>
The test cases discovery_ctrl_char_in_devname and discovery_group_client
tried to allow three P2P_FIND instances to be used before reporting an
error. However, this did not really work properly since the second and
third attempts would likely fail to start the initial special P2P_FIND
scan due to an already ongoing p2p_scan operation. Fix this by stopping
the previous P2P_FIND and waiting for the scan to complete if a retry is
needed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that there is no NULL pointer dereference when the AP code
processes Probe Request and (Re)Association Request frames with a P2P IE
in case P2P support is explicitly disabled on the AP mode interface.
This is a regression test case for the fixes in the previous commit.
Signed-off-by: Jouni Malinen <j@w1.fi>
Couple of waits for this event used the "GO-NEG-FAILURE" string instead
of the full event prefix. While this worked in the tests due to a
substring matching, it is better to use the full event prefix here.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for the dump_monitor() call to drop a P2P-GO-NEG-FAILURE
event that was indicated quickly after the P2P_CONNECT command was
issued. This could result in grpform_reject test case failing to see the
expected event and fail the test due to "Rejection not reported".
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
rsn_ie_proto_eap_sta followed by eap_ttls_mschapv2_session_resumption
showed a failure case where the special RSNE from rsn_ie_proto_eap_sta
ended up remaining in a wpa_supplicant BSS entry and the SELECT_NETWORK
command used the previous scan results without checking for changed AP
configuration. This resulted in test failure due to RSN IE being claimed
to be different in EAPOL-Key msg 3/4. This is not really a real world
issue, but try to avoid false failure reports by explicitly clearing the
BSS table at the end of rsn_ie_proto_eap_sta.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that the previous commit works correctly by forcing a
P2P_LISTEN command execution to be interupted by a P2P_FIND command
timed in a manner that forces it to show up before the kernel ROC has
started for the Listen.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that P2P_STOP_FIND stops a pending offchannel TX wait in
the kernel by checking that a listen operation can be started in less
than a second after stopping a pending Action frame TX. This verifies
that the optimization introduced in the previous commit works properly.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This reverts commit be9fe3d8af. While I
did manage to complete multiple test runs without failures, it looks
like this change increases full test run duration by about 30 seconds
when using seven VMs. The most visible reason for that seems to be in
"breaking" active scanning quite frequently with the Probe Response
frame coming out about 40 ms (or more) after the Probe Request frame
which is long enough for the station to already have left the channel.
Since this logging change is not critical, it is simplest to revert it
for now rather than make changes to huge number of test cases to allow
more scan attempts to be performed before timing out.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previously used 10 second timeout allowed only two scan attempts
(five seconds between scans) and it was possible to hit a failure every
now and then when running under heavy load and the Probe Response frame
got delayed by 40 ms or so twice in a row. Add more time for one more
scan attempt to reduce the likelihood of this happening.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These test caases depended on a single active scan round finding the AP.
It is possible for the Probe Response frame to get delayed sufficiently
to miss the response especially when testing under heavy load with
multiple parallel VMs. Allow couple of scan retries to avoid reporting
failures from these test cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use the group SSID (if known) when requesting a join operation. This
makes some of the P2PS test cases more robust in cases where previously
executed tests have added older groups into the cached scan results with
the same MAC addresses and an incorrect BSS could have been picked
previously.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it less likely to hit issues with running out of control
interface TX queue when running multiple FST test in a row. Number of
the FST operation sequences seemed to leave quite a few event messages
pending in one of the attached control interface sockets for wlan5 which
could result in test failure if the buffer space ran out and some of the
wpa_supplicant events were not delivered.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It is better to get these messages into the actual debug log instead of
hoping they will be noticed from stdout.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This test case used to leave the dynamically added wlan5 interface in a
state where it was still trying to reconnect to a network. This could
result in the following test cases being unable to clear the cfg80211
scan cache. Avoid this type of issues by explicitly stopping the
connection attempt and making sure that there are no scan results in the
cache at the end of connect_cmd_disconnect_event.
The following test case sequence triggered a failure due to the
remaining BSS table entry:
connect_cmd_disconnect_event connect_cmd_wep ap_hs20_random_mac_addr
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This parameter is used only in couple of test cases and there is no need
to maintain the code to reset it in WpaSupplicant::reset().
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This parameter is used only in couple of test cases and there is no need
to maintain the code to reset it in WpaSupplicant::reset().
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This parameter is used only in couple of test cases and there is no need
to maintain the code to reset it in WpaSupplicant::reset().
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This parameter is used only in couple of test cases and there is no need
to maintain the code to reset it in WpaSupplicant::reset().
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This parameter is used only in couple of test cases and there is no need
to maintain the code to reset it in WpaSupplicant::reset().
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible to hit a race condition between WPS_CANCEL and
immediately following WPS_PIN command. Wait for a disconnection event to
avoid that. This was seen with the following test case sequence:
ap_wpa2_psk_supp_proto_wrong_group_key_len ap_wps_probe_req_ie_oom
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When running tests, make printk put all messages, including debug
messages, onto the serial console to go into the console file.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Wait for the AP-DISABLED and AP-ENABLED group events before reading the
current group operation frequency after P2P-REMOVE-AND-REFORM-GROUP.
This reduces a possibility of a race condition making a test case fail
with the returned frequency being 0 when reading this before the
reformed group is fully up. This may help avoid false error reports for
the following test cases: p2p_go_move_reg_change p2p_go_move_scm
p2p_go_move_scm_peer_supports p2p_go_move_scm_multi.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed for number of EAP test cases at least when using the
internal TLS server implementation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Since wpa_supplicant is now retrying GAS comeback failures once, the
gas_anqp_oom_hapd test case started failing. Fix this by updating the
test case to expect success (on the retry).
Signed-off-by: Jouni Malinen <j@w1.fi>
This is in preparation of a wpa_supplicant change to allow GAS retries
which can result in the previous test case design showing failures due
to "unexpected" management frames (GAS Initial Request from the retry).
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds some more test coverage for phase1 parameters that had not
previously been included in any of the test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
These test cases were supposed to clear the cfg80211 and wpa_supplicant
scan caches in the end to avoid causing issues to the following test
cases. This did not work properly after introduction of the support for
aborting a pending scan. Fix this by using the flush_scan_cache()
function and waiting within the test case until the final scan operation
completes.
This issue was triggered by ssid_hidden/ssid_hidden2 followed by
ext_password_interworking (though, not every time).
Signed-off-by: Jouni Malinen <j@w1.fi>
The rfkill initialization will be moved out from
wpa_driver_nl80211_drv_init() which would break one step in this OOM
test case due to the memory allocation not existing anymore. Fix this by
skipping that OOM step to avoid causing false failures with the
following commits.
Signed-off-by: Jouni Malinen <j@w1.fi>
This speeds up and clarifies error reporting for cases where the GO
fails to start in invitation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is useful for testing CRDA since it means you can use EPATH to
redirect the test scripts to a different crda binary.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This adds more coverage for TDLS testing for a case where the direct
link should use various VHT channel bandwidths.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The decrypted copy of a GTK from EAPOL-Key is cleared from memory only
after having sent out CTRL-EVENT-CONNECTED. As such, there was a race
condition on the test case reading the wpa_supplicant process memory
after the connection. This was unlikely to occur due to the one second
sleep, but even with that, it would be at least theorically possible to
hit this race under heavy load (e.g., when using large number of VMs to
run parallel testing). Avoid this by running a PING command to make sure
wpa_supplicant has returned to eloop before reading the process memory.
This should make it less likely to report false positives on GTK being
found in memory.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it easier to see where in memory the key was found and what
there is in memory around that location.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
init=CORE was previously used due to invalid db.txt data for 00. For
now, allow both it and the new init=USER after fixed db.txt.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case could fail if the cfg80211 scan cache brought in a BSS
entry from an earlier test case and a new scan did not get executed
prior to the ROAM command. Fix this by forcing the scan to go through
prior to roaming to AP2
This issue showed up with the following test case sequence:
connect_cmd_roam pmksa_cache_opportunistic_connect
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like it is possible for the GTK to be found from memory every
now and then. This makes these test cases fail. Write the memory
addresses in which the GTK was found to the log to make it somewhat
easier to try to figure out where the key can be left in memory.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for the BSSs object property change signal to be
generated during the OOM test case for Get(). If that happened, the
signal was not sent out, but the following Get(BSSs) operation succeeded
unexpectedly which resulted in a test failure. Make this less likely to
happen by waiting 50 ms between the scan and Get(BSSs) operation. This
should be sufficient to cover most cases since wpa_supplicant uses 5 ms
timeout for D-Bus property changed updates.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for the AP's Beacon frame to be seen by dev[0] when
running a scan. This is not an error case. Make this test case more
robust by verifying with a sniffer whether a Probe Response frame was
sent to unexpected STA.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies client private key use in encrypted PKCS #8 format with
PKCS #5 v1.5 format using pbeWithMD5AndDES-CBC and PKCS #5 v2.0 format
using PBES2 with des-ede3-cbc.
Signed-off-by: Jouni Malinen <j@w1.fi>
Verify that P2P_CANCEL gets rejected on fully re-invoked persistent
group. This did not work properly before the last couple of commits and
before this week, the P2P_CANCEL on a separate group interface in P2p
Client role could result in use of freed memory and process termination.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for a cached scan entry in cfg80211 from an earlier test
case to show up while verifying that the disabled AP does not show up in
scan results. This could result in invalid test failures, e.g., when
running test cases "ap_require_ht ap_multi_bss_config" multiple times
(depends a bit on timing). Make this less likely to occur by explicitly
clearing the scan cache and by stopping wlan1 from trying to associate
before stopping ap_required_ht* test cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Only one of the ERs was stopped at the end of the test case and this
could result in the following test case failing, e.g., when executing
this test case sequence: ap_wps_er_multi_add_enrollee ap_wps_upnp.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for this test case to fail if the single attempt of
discovering the peer as part of the scan for join failed. This test case
was useful in combination with another test case:
ap_hs20_fetch_osu autogo_join_auto_go_neg
However, there is now an explicit test case (discovery_after_gas) for
this, so autogo_join_auto_go_neg can be made more robust without losing
testing coverage.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The P2P channel list on dev[1] at the end of
p2p_go_move_scm_peer_does_not_support was empty because all of the 2.4
GHz band got disabled by the simulated avoid frequencies driver event.
That channel list needs to be cleared prior to resetting regulatory
domain back to world roaming to get the P2P channel list updated
properly for the following test cases.
This was triggered by the following test case sequence:
p2p_go_move_scm_peer_does_not_support persistent_group_and_role_change
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Verify that both the GO and P2P Client processing of P2P group formation
timeout removes the correct group.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This reverts commit 78fdab307e. This test
case needs MCC support on two stations, so the earlier attempt to handle
this with one dynamic interface is not sufficient.
Signed-off-by: Jouni Malinen <j@w1.fi>
Now that vm-run.sh supports a long list of test cases without crashing
the VM kernel, there is no need to use the "parallel-vm.py -1 1 <tests>"
workaround. Print the re-run example commands with vm-run.sh instead. In
addition, add the --long argument if it was specified for the test run
to avoid skipping test cases in the re-run case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it more likely for the two ERs to go through WPS UPnP
exchange in parallel. This was already happening every now and then and
resulted in failures. However, now that there is support for multiple
concurrent exchanges, it is useful to have this test case hit that
possibility more frequently.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The script is currently limited by the maximum kernel command line
length and if that's exceeded the kernel panics at boot. Fix this by
writing the arguments to a file and reading it in the VM.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This test case fails with the current internal TLS client implementation
since the needed altsubject_match parameter is not yet supported.
Signed-off-by: Jouni Malinen <j@w1.fi>
The internal TLS implementation in wpa_supplicant supports TLS v1.2, so
verify that this version can be disabled.
Signed-off-by: Jouni Malinen <j@w1.fi>
Since the internal TLS client implementation in wpa_supplicant now has
sufficient support for this functionality, allow the test case to be
executed.
Signed-off-by: Jouni Malinen <j@w1.fi>
gcc 4.8 vs 5.2 seem to compile eloop_register_sock() differently. With
5.2, that function name does not show up in the backtrace since
eloop_sock_table_add_sock() is used without a separate function call.
This broke the memory allocation failure checking in this test case. Fix
this by matching against the eloop_sock_table_add_sock() function which
shows up in the backtrace for both gcc versions.
Signed-off-by: Jouni Malinen <j@w1.fi>
If hostapd AP started unexpectedly, this test case would fail with
NameError due to incorrect variable name being used to construct the
exception text.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed for proper test execution. The recently added VHT 80+80
test cases started verifying channel bandwidth on the station side and
those checks fail if wpa_supplicant is built without
CONFIG_IEEE80211AC=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
If /tmp has a relatively small size limit, or multiple people run the
tests on the same machine, using the same output directory can easily
cause problems.
Make the test framework honor the new HWSIM_TEST_LOG_DIR environment
variable to make it easier to avoid those problems.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If wmediumd is available on the path, test that it can forward
packets between two virtual nodes and that stopping it makes
the regular in-kernel datapath do the needed work again.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
There is no need to wait for the initial client timeout in this type of
test sequence since that wait can be cleared by connecting and
disconnecting a client to the group. This allows the test case to be
executed much more quickly and the dependency on --long can be removed.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to wait for the initial client timeout in this type of
test sequence since that wait can be cleared by connecting and
disconnecting a client to the group. This allows the test case to be
executed much more quickly and the dependency on --long can be removed.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to wait for the initial client timeout in this type of
test sequence since that wait can be cleared by connecting and
disconnecting a client to the group. This allows the test case to be
executed much more quickly and the dependency on --long can be removed.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use a dynamically added HWSimRadio to allow the MCC case to be covered
with a single test run with the mac80211_hwsim default radios disabling
MCC.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use a dynamically added HWSimRadio to allow the MCC case to be covered
with a single test run with the mac80211_hwsim default radios disabling
MCC.
In addition, remove dependency on --long since this test case does not
really take that long.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use a dynamically added HWSimRadio to allow the MCC case to be covered
with a single test run with the mac80211_hwsim default radios disabling
MCC.
In addition, remove dependency on --long since this test case does not
really take that long (just couple of seconds).
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to wait for the initial client timeout in this type of
test sequence since that wait can be cleared by connecting and
disconnecting a client to the group. This allows the test case to be
executed much more quickly and the dependency on --long can be removed.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use a dynamically added HWSimRadio to allow the MCC case to be covered
with a single test run with the mac80211_hwsim default radios disabling
MCC.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use a dynamically added HWSimRadio to allow the MCC case to be covered
with a single test run with the mac80211_hwsim default radios disabling
MCC.
Signed-off-by: Jouni Malinen <j@w1.fi>
Convert p2ps_channel_active_go_and_station_different_mcc to use a
dynamically added HWSimRadio to allow the MCC case to be covered with a
single test run with the mac80211_hwsim default radios disabling MCC.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes the run_tshark() operations more reliable while still
allowing to reduce the extra wait by forcing wlantest to flush the
packets to the pcapng file.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes the test log more readable by converting the values to
integers and sorting the array.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies the nl80211 behavior to abort a scan on an explicit
control interface request and on connection request.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This syncs the test cases with the implementation change in station's MB
IE creation. FST tests should expect MB IE regardless of the station
connection state and whether the current connection is FST-enabled or
not. This fixes the follow test cases that started reporting failures
with the previous commit change in src/fst/fst_group.c:
fst_disconnect_1_of_2_stas_from_non_fst_ap
fst_sta_connect_to_non_fst_ap
fst_second_sta_connect_to_non_fst_ap
fst_disconnect_2_of_2_stas_from_non_fst_ap
fst_second_sta_connect_to_fst_ap
fst_disconnect_1_of_2_stas_from_fst_ap
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a test to verify that a P2P GO does not start a CSA
once invitation signalling is done, and the P2P client is
about to connect.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This test case was failing if a PropertiesChanged signal for P2P peer
gets delivered from a previous test case. Avoid that by waiting for the
new group to be formed before processing any PropertiesChanged signals.
This failure was triggered by the following test case sequence:
dbus_p2p_two_groups dbus_p2p_group_idle_timeout
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like a previous P2P test case can cause the initial single
channel scan in ap_open_select_twice take more than five seconds in some
cases. While that is not really expected behavior, this test case should
not fail. Increase the timeout to avoid reporting false failures here.
This could be triggered with the following test case sequence:
p2p_msg_unexpected_go_neg_resp ap_open_select_twice
Signed-off-by: Jouni Malinen <j@w1.fi>
These test cases depend on the HT40 co-ex scans not swapping PRI/SEC
channels. It was possible for a test case to fail, e.g., in the
following sequence: ap_ht40_5ghz_match ap_vht80b.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies that the second SELECT_NETWORK for the same network starts
a new scan immediately if the previous connection attempt is waiting for
the next scan iteration to start.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This avoids issues with following test cases failing due to unexpected
starting state. This issue showed up with the following hwsim test case
sequence:
fst_setup_mbie_diff fst_dynamic_iface_attach
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for the WPS PBC state to get cached through to the
following test cases and that would trigger false failures. Fix this by
explicitly clearing the scan cache at the end of ap_wps_per_station_psk.
This issue was triggered with the following test case sequence:
ap_wps_per_station_psk autogo_pbc
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed since the forced OOM may have forced the cached
information to be invalid or dropped. This issue was hit with the
following hwsim test case sequence:
ap_interworking_scan_filtering fst_sta_config_llt_large dbus_connect_oom
wpas_ctrl_enable_disable_network
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for dev[2] to be left with non-default config_methods
parameter at the end of the test case and that could result issues in
following test cases. This hit a failure in the following sequence:
wpas_ctrl_set_wps_params p2ps_channel_active_go_and_station_same
Signed-off-by: Jouni Malinen <j@w1.fi>
Due to a typo in a function name, this test case ended up running
without the final cleanup. That could result in the following test cases
failing, e.g., when running this sequence:
wifi_display_parsing dbus_p2p_go_neg_auth
Signed-off-by: Jouni Malinen <j@w1.fi>
The previously used invalid values will become allowed with the
following commits, so change the test case to use values that both were
and will continue to be invalid to avoid unnecessary failures.
Signed-off-by: Jouni Malinen <j@w1.fi>
autogo_scan verifies the special case where a Probe Response frame
without P2P IE has been received from a GO (e.g., due to a non-P2P
interface requesting a scan) and P2P information from a Beacon frame
needs to be used instead to determine that the group is persistent.
Signed-off-by: Jouni Malinen <j@w1.fi>
SAVE_CONFIG command on the global control interface tries to save
the config file on all interfaces. The test disabled updating the
config file only on one interface, thus for configurations that
support a dedicated P2P Device interface, saving the config file
would still have succeeded on the P2P Device interface.
Fix the test by disabling updating the configuration file on the global
control interface (which will, in practice, disable this for the P2P
Device interface) in addition to disabling it on the main interface.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
mac80211_hwsim only supports 2 different MAC addresses.
Configurations that use a dedicated P2P Device interface already
use these 2 addresses, so adding another interface on the same
PHY results in a duplicated MAC address.
Fix this by changing the MAC address of the added interface to make
sure the new interface has a unique MAC address.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Set the bridge ageing to 1 sec to make the bridge clear unused
addresses after this interval. Otherwise the test depends on
the local configuration of brctl.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Write the main interface address to the tkip_mic_test debugfs file
to generate Michael MIC failure event (which is different than the
p2p_dev_addr when a dedicated P2P Device interface is used).
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
These test cases verify behavior with parallel scan operations while
going through GO Negotiation and duplicated GO Negotiation Request frame
RX with not-yet-ready sequence in GO Negotiation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
send_iface_detach_request() can fail and that resulted in skipping a
call to restore_reg_domain() and leaving unexpected country
configuration for following test cases. This could result in failures,
e.g., in this sequence: fst_proto wpas_mesh_open_5ghz
Fix this by ignoring exceptions from send_iface_detach_request() and
continuing to restore regulatory domain.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
I modified this test case for commit
eabf083984 ('tests: P2PS channel
handling') to use dev[2] instead of dev[0], but forgot to update the
p2ps_connect_p2ps_method() dev list to match that. Fix this to actually
use a concurrent connection.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for the dbus_interface test case to leave the P2P
channel lists with 5 GHz channels enabled due to the special driver=none
case. This could make the following P2P test case fail due to selecting
an unexpected channel. Fix this by forcing P2P channel list update at
the end of the dbus_interface test case.
This was triggering with the following hwsim test case sequence:
dbus_interface p2ps_connect_adv_go_p2ps_method_group_iface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use a dynamic HWSimRadio in p2ps_channel_sta_connected_disallow_freq_mcc
to allow MCC test case to be executed in default setting (MCC disabled
for the default radios).
Signed-off-by: Jouni Malinen <j@w1.fi>
Stop the pending P2P_LISTEN operation priot to issuing P2P_GROUP_ADD to
start a GO. This avoids excessively long wait for the previous Listen
step to complete before being able to start the GO. This makes
p2ps_connect_adv_go_persistent take significantly less time.
Signed-off-by: Jouni Malinen <j@w1.fi>
The combination of starting P2P extended listen and issuing
P2P_ASP_PROVISION_RESP almost immediately after that while in P2P_LISTEN
state resulted in caes where the advertiser could end up going back to a
long listen state while trying to retransmit PD Request. This resulted
in p2ps_provision() timing out while waiting for P2PS-PROV-DONE
especially in p2ps_feature_capability_* test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Verify OCSP stapling response that is signed by the CA rather than a
separate OCSP responder. In addition, verify that invalid signer
certificate (missing OCSP delegation) gets rejected.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a test case verifying deferred P2PS provision discovery when an
advertiser sends the status 11 (Fail: reject by user) in the follow-on
PD Request.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Not doing so may result in a deferred PD flow failure (currently the
hwsim tests succeeded because seeker never stopped find, spending enough
time listening, so the follow-on PD would succeed).
Fix this by calling p2p_ext_listen when the seeker receives a deferred
PD failure event. Cancel extended listening when PD is done and also
stop find when seek is done.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Check that there are no unencrypted frames when using hostapd with VLANs
and WPA before the first station connects to the VLAN.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
These test cases left at least one of the attached monitor sockets
blocking for excessive time: ap_wpa2_eap_aka_ext,
ap_hs20_req_conn_capab_and_roaming_partner_preference,
ap_hs20_min_bandwidth_and_roaming_partner_preference, ap_wpa_ie_parsing.
Signed-off-by: Jouni Malinen <j@w1.fi>
At some point, these hostapd_oom_* test cases started to fail with
wpa_msg() allocation failure for the AP-ENABLED event. This resulted in
unnecessary long test execution (waiting 30 seconds for an event that
was dropped). Speed this up by using a shorter timeout.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case ended up hitting control socket output queue limit
unnecessarily due to the test script not reading pending event messages.
Signed-off-by: Jouni Malinen <j@w1.fi>
Number of test cases did not read all control interface socket events
from the dynamically added wlan5 interface. This could result in hitting
maximum socket TX queue length and failures in the following test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
connect_cmd_roam did not force a new scan to find the second AP. This
could result in failures due to the ROAM command getting rejected, e.g.,
in the following test case sequence: wext_pmksa_cache connect_cmd_roam.
Signed-off-by: Jouni Malinen <j@w1.fi>
Due to a serial number mismatch, the correct "revoked" status was not
used; instead "unknown" was used. While the test case would not fail for
this, incorrect code path was checked.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When the 'SET wpa 2' command is executed last, it seems to somehow
reset parts of the settings, causing hostapd to beacon with the
pairwise cipher suite selector set to 00-0F-AC:0 (none/use-group).
This is not permitted and should be rejected; wpa_supplicant also
cannot connect.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This verifies that ENABLE_NETWORK does not trigger reconnection if
already connected. The previous commit fixed a case where it was
possible for that to happen.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is a regression test case for the issue fixed by the previous
commit (hapd->num_probereq_cb not getting cleared on deinit).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed to avoid issues in some cases where 8-bit bytestrings may
be present in the otherwise text debug log.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds a Python-based minimal WSC protocol implementation to allow
more testing coverage to be reached for various error cases in protected
attributes. The wps_ext test case completes successful exchange in both
the Enrollee and Registrar roles acting in the middle of AP and STA. The
other test cases cover error cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends ap_wps_pbc_timeout to cover another long WPS timeout:
ER-initiated SetSelectedRegistrar timeout on AP. Using the same test
case for this avoids the need for another 120 second test case.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like NID_X9_62_prime192v1 is not available, so allow that group
to fail without failing the full ap_wpa2_eap_pwd_groups test case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It looks like NID_X9_62_prime192v1 is not available, so allow that group
to fail without failing the full sae_groups test case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These test cases added a new radio for the non-FST AP and while they
removed the radio itself, they did not remove the hostapd instance for
that radio. Remove that to avoid leaving behind invalid instances.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies wpa_supplicant behavior in number of cases where the
external program opening a control interface socket does not behave
properly.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
ap_open_sta_enable_disable verifies that DISABLE_NETWORK that is issued
while connect/sme-connect radio work is pending is effective, i.e.,
prevents connection to disabled network.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The number of channels was not properly passed from the
run-all.sh script to the start.sh script. Fix it.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add tests verifying a Coordination Protocol Transport exchange and
selection during P2PS provision discovery.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Reuse p2ps_provision() and p2ps_connect_pd() methods, and
remove the previous PD helper functions which are no longer used.
This fixes the previously "broken"
p2ps_connect_keypad_method_nonautoaccept and
p2ps_connect_display_method_nonautoaccept.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Re-factor p2ps_connect_p2ps_method() so it reuses generic P2PS provision
and connection flows.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
When MCC is enabled, the remain of channel scheduling might
incur additional delays, so increase the timeouts to be able
to receive delays frames.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Set peer_group_removed only if peer_group_added has already been set.
This fixes an issue where a propertiesChanged event triggered by an
earlier test case was able to get dbus_p2p_group_termination_by_go
terminated too early. This happened, e.g., with sequence
"dbus_p2p_two_groups dbus_p2p_group_termination_by_go".
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Only run peerJoined() steps once to avoid trying to use GetAll() on an
already removed group and double-removal of a group. This did not make
the test case fail, but the exception is printed out in pretty confusing
way to stdout, so better get rid of it.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Remove the duplicated -ddKt command line argument to avoid setting
hostapd debug level to EXCESSIVE.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
On recent kernels, it seems that something changed (scheduler?)
that makes hwsim send the scan done event so quickly that iw isn't
scheduled back in to listen for it, causing iw to get stuck.
Work around this by using the scan trigger command (it'll be quick
enough so that we don't really need to wait) and the scan trigger
and dump commands where the results are required (and use a small
sleep there instead of waiting for the scan results.)
I'll try to fix this separately in iw later.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This verifies P2P extended listen timing operations by confirming that a
peer is not discoverable during the provisioning step and that the peer
becomes discoverable after having removed the group during such
provisioning step. The latter case was broken until the 'P2P: Cancel
group formation when deleting a group during group formation' commit.
Signed-off-by: Jouni Malinen <j@w1.fi>
Verify that Groups list for a P2P Peer gets updated properly on group
addition and removal (three different paths).
Signed-off-by: Jouni Malinen <j@w1.fi>
omac1_aes_128() implementation within crypto_openssl.c is used in this
case and that cannot fail the memory allocation similarly to the
non-FIPS case and aes-omac1.c.
Signed-off-by: Jouni Malinen <j@w1.fi>
OpenSSL rejects the cipher string 'EXPORT' in FIPS mode in a way that
results in the locally generated error showing up before the EAP method
has been accepted.
Signed-off-by: Jouni Malinen <j@w1.fi>
In addition, replace some of the CHAP cases with PAP since that enables
more coverage without breaking the main test focus.
Signed-off-by: Jouni Malinen <j@w1.fi>
The PKCS12 file with default openssl options cannot be used with OpenSSL
1.0.1 in FIPS mode. Replace this with -descert version as a workaround.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it easier to build wpa_supplicant for OpenSSL FIPS mode
testing. wpa_supplicant/.config needs following type of configuration
for this:
CONFIG_FIPS=y
CFLAGS += -I/usr/local/ssl/include
LIBS += -L/usr/local/ssl/lib
CC=/usr/local/ssl/fips-2.0/bin/fipsld
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows driver-based preference list to override default operating
channel selection mechanism by using a non-social P2P find if needed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, this was assumed to be the case due to default channel
selection behavior. However, that may not be the case with driver-based
preference list processing. Enforce a social channel to be used as the
operating channel here since dev[2] uses social channel only device
discovery and needs to find the GO.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The openssl_ciphers="EXPORT" case may result in locally generated
disconnection event if the OpenSSL version used in the build rejects
export ciphers in default configuration (which is what OpenSSL 1.1.0
will likely do). Don't report a test case failure in such a case.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add adv_cpt and seeker_cpt parameters to p2ps_provision() function.
The seeker_cpt is used in P2P_ASP_PROVISION command by a seeker, the
adv_cpt parameter is in P2P_ASP_PROVISION_RESP by an advertiser.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add an optional parameter to p2ps_advertise() function allowing to
specify CPT priority values.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add an optional CPT parameter to asp_provision() method of
WpaSupplicant.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add p2ps_connect_pd() helper method which strictly validates the PD
results and establishes the connection between peers accordingly.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add generic provision method. This method receives a seeker and an
advertiser devices, advertisement id, method, and a flag which indicates
whether deferred flow is expected. The method returns P2PS-PROV-DONE
events and the pin (if keypad or display method is used).
This method is needed to simplify the P2PS provision flows in the tests.
This method complies to the P2PS specification regarding the expected
order of the show and display PIN events.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add asp_provision method which issues either P2PS PD Request or, if the
status is provided, continues the deferred flow by sending follow on
PD Request.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
This test case could fail if there were old BSS entries remaining in
cfg80211 scan results. That happened, e.g., when running test cases in
the following sequence: "discovery_social_plus_one discovery_auto".
Signed-off-by: Jouni Malinen <j@w1.fi>
This removes quite a bit of duplicated code. In addition, this starts
using different FST group names to get additional coverage.
Signed-off-by: Jouni Malinen <j@w1.fi>
Without this, the run-tests.py socket could have been left in attached
to receive all hostapd global events during a test case. This could hit
the limit of pending messages on the socket since there is nothing
clearing this socket during the execution of a test case. Fix this by
explicitly closing the socket after having completed the RELOG command.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies FST group dialog_token wrap-around and behavior with large
number of session setups and teardowns.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds a test case that goes through session initialization through
separate commands that can be modified more easily for special case. The
first such special case is using special FST Setup Request frames with
non-standard MBIE contents to hit different code paths for finding the
interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
Pass absolute path to the daemonized wpa_cli process and add read
privileges for everyone on the action script to make this test case work
better when run without a VM.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Try to use the special build for --codecov purposes, if present, instead
of hardcoding the hostapd/wpa_supplicant binary to the default location.
This is needed to collect code coverage correctly.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 53606b105c ('tests: Wait for scan
to complete on all interfaces in reset()') added option of passing
ifname to get_driver_status(). This could result in FAIL-NO-IFNAME-MATCH
returns that get printed out in "Ignore unexpected status-driver line"
messages if the interface is not found. Check for this case to avoid
that unnecessary print.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Remove unused variables and replace split(" ") with just split().
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
When WpaSupplicant executes reset() it waits until all the ongoing scans
are completed. However, it checks the status of the wlanX interface
only. If a dedicated P2P device interface is used, scan may be still
running on the P2P Device interface, e.g., due to P2P_FIND. This might
affect subsequent tests.
Fix this by waiting until the scan is done both on wlanX and P2P
Device interfaces.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
This allows hostapd and wpa_supplicant to be built for hwsim test cases
with ubsan functinality from the recent gcc/clang compiler versions.
Signed-off-by: Jouni Malinen <j@w1.fi>
This changes the sae_groups test case design to try with every group and
skip triggering test failure for the heavier ones that are likely to
fail in some VM setups under load. This provides more testing coverage
by not limiting the test based on lowest common setup.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies a case where the neighboring BSS is at the other end of
the band and has its PRI channel further away.
Signed-off-by: Jouni Malinen <j@w1.fi>
Flush the cfg80211 scan cache explicitly to avoid false failure reports
if a BSS entry from an earlier test case remain. Such a failure could be
hit, e.g., with the following test case sequence:
wpas_mesh_mode_scan p2p_channel_random_social dbus_old_wps_pbc
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like the previous timeout of 0.1 seconds could be hit under
parallel VM load, so double this to 0.2 second to avoid hitting
unnecessary test failures.
Signed-off-by: Jouni Malinen <j@w1.fi>
Get the P2P group interface name so it will be used for group removal to
support configurations that use a dedicated P2P Device interface.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Wait on the group control interface to support configurations that
use a dedicated P2P Device interface.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Use the global control interface to list the P2P Device persistent
networks. Get and parse the P2P-GROUP-STARTED events, so later the
interface names would be available for the connectivity test etc. Both
of these are required when a dedicated P2P Device interface is used.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Wait on the global control interface to support
configurations that use a dedicated P2P Device interface.
Note that the group interface cannot be used, as the group
interface name is not saved since no group was created.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Change the reset() method to use the global control interface
for resetting P2P state and also add a call to P2P_FLUSH.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This adds test coverage to p2p_procesS_nfc_connection_handover() error
paths. This is also a regression test case for a memory leak on two of
these error paths.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is a regression test case for a memory leak on a TLS PRF error
path. In addition, this provides more coverage for this error path.
Signed-off-by: Jouni Malinen <j@w1.fi>
The test sequence "scan_and_bss_entry_removed ap_wps_ap_scan_2" resulted
in failure due to an old BSS entry remaining from the first test case to
the second and the WPS_PBC operation on a forced BSSID ending up picking
the incorrect BSS entry. Make this more robust by clearing the scan
results from cfg80211.
Signed-off-by: Jouni Malinen <j@w1.fi>
Both of these test cases were leaving out BSS entries with active PBC
mode at the end of the test. This could result in the next text case
failing, e.g., in "ap_wps_pbc_overlap_2ap grpform_ext_listen" and
"ap_wps_pbc_overlap_2sta grpform_ext_listen" sequences. Fix this by
flushing the scan results more carefully at the end of the PBC overlap
test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Verify that advertiser returns 'org.wi-fi.wfds' wildcard in a Probe
Response frame if at least one P2PS advertisement is present.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
This increases testing coverage for VENDOR_ELEM mechanism by explicitly
verifying that the requested element gets added to each of the supported
frame types.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Test P2PS GO and CLI discoverability on group operating channel.
In order to implement these tests, refactor p2ps_connect_p2ps_method
and test_p2ps_connect_adv_go_pin_method to reuse the code for
connection establishment. Also change p2ps_exact_seek so it will
allow getting Probe Response frames from several peers.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
test_p2ps_connect_adv_go_pin_method() expects that
p2ps_provision_keypad_method() returns P2PS-PROV-DONE with details
needed for a connection. However, this event was overridden which
resulted in an incorrect test flow skipping the connection
establishement. The test would pass, however, without really trying to
connect. Fix this by returning the correct event.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
This adds hwsim test ap_vlan_iface_cleanup_multibss. It connects two
stations in different BSS but the same hostapd process. First both
stations are in VLAN 1, then they get reauthenticated into VLAN 2. Due
to the ordering of the stations moving around, this test checks that
bridge and tagged interface referencing counting is done globally, such
that the tagged interface is not removed too early and no bridge is
left over.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
There seem to be cases where flush_scan_cache() was unable to clear all
BSS entries due to a hidden SSID BSS (SSID length 0) showing up again
from cfg80211 BSS table. Check for this and run the flush operation
again if any entries remain.
This fixes an issue where the following hwsim test case sequence
resulted in the last test case failing due to the old BSS entry from the
first test case being in place and showing unexpected flags information:
ap_hs20_min_bandwidth_home_hidden_ssid_in_scan_res
ap_hs20_remediation_required
ap_mixed_security
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These are regression test cases for a segmentation fault issue (use of
freed memory) where interface removal happened while a gas-query item
was pending.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The standard hardcodes the MU Beamformee Capable subfield is hardcoded
to 0 when transmitting by an AP, so there is no need to provide a
configuration parameter for setting this to one.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The dev[1] <--> dev[2] data connectivity test was using incorrect
function. dev[2] is also using a P2P group and as such, can have a
different group interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
Group interface name was fetched from the results of an incorrect group
formation and because of this, group removal failed in case P2P Device
is used and dev[1] ends up getting different group ifname for the
groups.
Signed-off-by: Jouni Malinen <j@w1.fi>
The network operations need to use the global control interface to be
performed on the interface that stores the network profiles for
persistent groups.
Signed-off-by: Jouni Malinen <j@w1.fi>
After P2P-GROUP-STARTED event, use group_form_result in order to update
the group_ifname for the device. This is needed when using P2P Device
for managing P2P operations which results in a separate group interface
being used.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
In case that there is a need to list the persistent P2P networks,
the global control interface needs to be used.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
list_networks() always used the wlanX control interface to query for the
current list of networks. However, when a dedicated P2P Device is used,
the global control interface should be used when checking persistent
group network profiles.
Fix this by adding an optional parameter indicating that the P2P
networks are requested, and in such a case use the global control
interface.
In addition update test_p2p_persistent to use the argument when needed.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
This is required for cases that a dedicated P2P Device interface
is used and then the event will happen on the global interface.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Send request to set persistent_reconnect on the global control
interface so it would also work when using a dedicated P2P Device
interface.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
When testing P2P invitation flow, setting the NFC selector
should be done using the global control interface.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Some tests in test_p2ps.py test a scenario where a separate P2P
group interface is not used. However, this is not a valid case
when a dedicated P2P Device interface is used, as in such a case
a separate group interface must be used.
Handle this by skipping such tests in case a dedicated P2P Device is
used.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Call group_form_result() whenever a new group is started, so that
group_ifname gets updated and later, the group can be removed when
needed.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
When resetting a device, remove all the P2P networks to prevent
unexpected behavior in following tests. This is needed for the case
where P2P Device interface is used.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
This is required for cases where P2P Device is used and the event
happens on the global interface.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
This is required for cases that multiple interfaces are used and the
event can happen on any of them, for example when a dedicated P2P Device
interface is used.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
The tests used p2p_dev_addr that can be different from own_addr,
if a dedicated P2P Device interface is used.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Couple of the EAP-SIM/AKA protocol test cases were leaving out the
Reserved field. This was not intentional since these test cases were
targeting a specific Subtype processing instead of verifying truncated
header case (which is covered separately). Add the Reserved field to
allow the implementation to add an explicit, earlier check for this.
Signed-off-by: Jouni Malinen <j@w1.fi>
Number of the P2P test cases through D-Bus commands were not prepared
for there being a separate group interface when the P2P Device concept
is used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Enhance test ap_vlan_wpa2_radius_id_change to change the VLAN-ID
back as a last step. This ensures that the wpa_group for VLAN-ID 1
did not enter FATAL_FAILURE state during the test.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
In addition, this adds some delay between the authentication and data
connectivity test through the newly added VLAN and by doing so, makes
ap_vlan_wpa2_radius_id_change a bit more robust. It was possible for the
EAPOL-Key message 4/4 not having yet been processed by hostapd at the
time the data test started.
Signed-off-by: Jouni Malinen <j@w1.fi>
dynamic_vlan=required also applies to macaddr_acl=2 (RADIUS), especially
when used with WPA-PSK.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
The time before trying to associate with an AP that does not advertise
Selected Registrar TRUE is going to be incremented, so increase the
autogo_m2d timeout to avoid reporting incorrect errors due to missing
M2D events.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This change add two new tests to verify hostapd operation when used with
VLANs. Both are based on pmksa_cache_preauth and enable dynamic VLANs,
pmksa_cache_preauth_vlan_used additionally uses a station with VID 1.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
It looks like it was possible to receive an incomplete FAIL line and
break out from test execution due to a parsing error. Handle this more
robustly and log the error.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Now that there is a kernel patch for IPv6 ProxyARP that is capable of
using the non-AP STAs MAC address as the link layer source address in
NA, validate that behavior rather than the temporary check for BSSID.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The 'params' argument was not used at all. Use it as an alternative
means for setting the list of test cases to execute.
Signed-off-by: Jouni Malinen <j@w1.fi>
Explicitly clear cached scan results on the AP interface before starting
ACS. This avoids issues where conflicting BSS entries from previously
executed test cases could affect channel selection.
Signed-off-by: Jouni Malinen <j@w1.fi>
This can be used to filter out test cases that take significantly longer
time to execute (15 seconds or longer). While this reduces testing
coverage, this can be useful to get a pretty quick coverage in
significantly faster time.
Signed-off-by: Jouni Malinen <j@w1.fi>
It's somewhat annoying that you can only run parallel-vm.py as
./parallel-vm.py, not from elsewhere by giving the full path,
so fix that by resolving the paths correctly in the scripts where
needed.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Instead of hand-writing a (positional) parser, use the argparse module.
This also gets us nice help output.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
These test cases need to use the previous-AP-on-correct-band workaround
similarly to test_ap_acs.py test cases for now to work with
mac80211_hwsim limitations on channel survey.
Signed-off-by: Jouni Malinen <j@w1.fi>
Explicitly clear the cfg80211 BSS cache at the beginning of these test
cases to avoid matching BSS flags against incorrect AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looked like cfg80211 BSS entry for the zero-length SSID could remain
after this test case. Stop the AP and scan twice with flush-cache option
to make this less likely to occur and cause issues to following test
cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for this test case to fail if cfg80211 BSS cache
included an entry for the same BSSID on another channel from an earlier
test case. Fix this by epxlicitly flushing the cache. In addition, use
scan_for_bss() to make the test less likely to fail in case of heavy CPU
load.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The way the current channel survey is implemented in mac80211_hwsim
requires for the ACS test cases to be run immediately after the same
radio has been on the expected operating band. This was worked around in
one of the test cases and errors ignored in couple. Extend this
workaround to cover all the test cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It looks like the IP routing table changes used here to trigger
unreachability and following reachability of the server do not work very
well with full IP routing configuration, so run this test case only when
executed under vm-run.sh.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These test cases verify that P2P_FIND and P2P_LISTEN operation continues
after having replied to GO Negotiation Request frame for which we are
not yet ready (i.e., GO Negotiation Response with status=1).
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for this test case to start a new group formation on
dev[1] while the first round was still going through the process of
processing group termination indication. That could result in the second
round failing unexpectedly.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like the 128M default memory size for the hwsim test setup was
not large enough to cover all the needs anymore. Some of the test cases
using tshark could hit OOM with that size. Increase the default
allocation to 192M to avoid this type of issues.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that the packet socket workaround does not get disabled if
EAPOL frames are processed during operation state (i.e., when processing
reauthentication/rekeying on a functional association).
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows multiple dmesg files to be saved if a test case is executed
multiple times similarly to the other logfiles.
Signed-off-by: Jouni Malinen <j@w1.fi>
The kernel had two bugs (one in hwsim and one more important one in
mac80211) in this area, add a test to make sure we can disconnect
without any kernel issues while in powersave.
Also make sure that the TIM bit gets set and cleared again (by checking
with tshark.)
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
It seems to be possible for dev2 (the one with incorrect password) to
stop retries before either dev0 or dev1 reports the authentication
failure event. For now, allow the test case pass if either dev0 or dev1
reports the event rather than requiring both to report this. The
expected behavior can be fine-tuned in the future if the reporting
behavior is modified to be more consistent.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Due to a copy-paste error, these test cases left 4addr mode enabled on
wlan5. This resulted in number of connect_cmd_* test cases failing if
executed after the wpas_in_bridge tests.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_supplicant configuration file writing style leaves behind
the temporary file (<filename>.tmp) if renaming fails. Clean that up in
the test case execution.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This test cases used to fail if dev1 had seen dev0 as a GO in an earlier
test case, e.g., when running it after autogo_fail. Fix this by clearing
scan results on dev1 at the beginning of the test case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is a regression test for an earlier bug that resulted in using
freed memory after a P2P group interface was removed as part of
fallback-to-GO-Negotiation in P2P_CONNECT-auto.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for a low powered CPU to take excessively long time to
delete 1000 network blocks when running under valgrind. This would have
resulted in the test case failing and the following reset operation
timing out which would then stop the test sequence completely.
Signed-off-by: Jouni Malinen <j@w1.fi>
1. Add get_group_ifname() to wpasupplicant.py
2. Use the function to get the interface name for the bridge.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
run-tests.py is running as root, so sudo does not need to be used
anymore from within each test case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There is no need to use sudo and external rm to remove files now that
run-tests.py is required to run as root.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_supplicant configuration writing design (rename instead of
write to original file) did not fail with the symlink-to-self case, so
replace this with the config file being replaced with a directory. In
addition, get rid of unnecessary use of subprocess since run-tests.py is
running as root nowadays.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
1. Modify discovery_stop to use global control interface when calling
P2P_FLUSH.
2. Modify p2p_listen_and_offchannel_tx to use the global control
interface when waiting for P2P PD event.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Some of the tests used p2p_dev_addr() that can be different from
own_addr() if a dedicated P2P Device interface is used.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Some of the tests used p2p_dev_addr() that can be different from
own_addr() if a dedicated P2P Device interface is used.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
The test used p2p_dev_addr() that can be different from own_addr()
if a dedicated P2P Device interface is used.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
The test used p2p_dev_addr() that can be different from own_addr()
if a dedicated P2P Device interface is used.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Fix the destination address that is sent in the WNM-Notification to be
the BSS address opposed to the P2P address.
Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
This is needed for cases that the group interface differs from the main
interface, i.e., when a dedicated P2P Device interface is used.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
When the 'SET' command is used to configure parameters related to P2P
operation use the global control interface and not the per interface one
as otherwise the setting will only have effect on the interface and will
work if a dedicated P2P_DEVICE is used.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Once the connection is established need to call group_form_result() on
the invited device, as otherwise the group interface name is not updated
and the connectivity test is done with the main interface instead of the
group interface.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
These are far from perfect since timing is quite difficult to match for
the case that behaved incorrectly. Anyway, it looks loke
p2p_service_discovery_peer_not_listening was able to hit the error now
and then, so this should be sufficient as a regression test case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Include actual extended listen period in the test and confirm that the
device was available on a social channel during such period by using
non-social operating channel.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This test case is modifying the list of enabled config_method values and
needs to restore "p2ps" option that is included by default. Without
this, P2PS executed after dbus_get_set_wps could fail.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for the GTK-found-in-memory case to be triggered due to
a retransmission of EAPOL-Key msg 3/4 especially when running test cases
under heavy load (i.e., timeout on hostapd due to not receiving the 4/4
response quickly enough). Make this false failure report less likely by
waiting a bit longer after the connection has been completed before
fetching the process memory.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use another AP instance as a separate bridge port in the proxyarp_open
test cases to increase testing coverage for kernel proxyarp
functionality.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 2e1d7386e2 ('tests: Refactor tshark
running') added a helper function for running tshark. However, it did
not use the filter argument correctly, added an extra -Tfields on the
command line, and failed to use global variable. In practice, this ended
up disabling all the tshark sniffer checks. Fix that by using the filter
argument from the caller and marking the _tshark_filter_arg global.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The hostapd_oom_wpa2_eap test case did not always catch these code
paths, so add a variant of that test case explicitly targeting RADIUS
functions.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This ends up using the special User-Name = STA MAC address case for
Accounting-Request. In addition, add Chargeable-User-Identity for one of
the STAs.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends the VENDOR-TEST EAP method peer implementation to allow
pending processing case to be selected at run time. The
ap_wpa2_eap_vendor_test test case is similarly extended to include this
option as the second case for full coverage.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends testing coverage of PMF group management cipher suites to
include all the cases supported by the driver (existing BIP =
AES-128-CMAC and the new BIP-GMAC-128, BIP-GMAC-256, BIP-CMAC-256).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Reorder scanning in a way that allows the ER behavior to be more
predictable. The first Probe Request report is for a previously received
frame on the AP and this new sequence avoids leaving either of the PBC
test STAs to be that one.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes testing under very heavy load or under extensive kernel
debugging options more robust by allowing number of test cases to scan
multiple times before giving up on active scans. The main reason for
many of the related test failures is in Probe Response frame from
hostapd not getting out quickly enough especially when multiple BSSes
are operating.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies that PBC session overlap detection does not get indicated
when forming the group with the same peer multiple times.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is a regression test case for a specific sequence that could result
in wpa_supplicant NULL dereference when a SD request is cancelled before
the SD Request TX status callback has been processed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This set of notes provides information on how virtual guess OS can be
used to run the mac80211_hwsim test cases under any host OS. The
specific example here uses Ubuntu 14.04.1 server as the starting point
and lists the additional packages that need to be installed and commands
that can be used to fetch and build the test programs.
Signed-off-by: Jouni Malinen <j@w1.fi>
There were couple of common cases where the control interface for the
dynamic wpa_supplicant instance could have been left in attached state
until Python ends up cleaning up the instance. This could result in
issues if many monitor interface events were queued for that attached
socket. Make this less likely to cause issues by explicitly detaching
and closing control interfaces before moving to the next test case.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for the Action frame used for entring WNM Sleep Mode to
get dropped on the AP side due to it arriving prior to having processed
EAPOL-Key message 4/4 due to a race condition between Data and
Management frame processing paths. Avoid this by waiting for
AP-STA-CONNECTED event from hostapd prior to trying to enter WNM Sleep
Mode. In addition, make the check for the STA flag change more robust by
allowing the wait to be a bit longer with a loop that terminates as soon
as the flag has changed.
Signed-off-by: Jouni Malinen <j@w1.fi>
When the STA is forced to disconnect immediately after completion of
4-way handshake, there is a race condition on the AP side between the
reception of EAPOL-Key msg 4/4 and the following Deauthentication frame.
It is possible for the deauthentication notification to be processed
first since that message uses different path from kernel to user space.
If hostapd does not receive EAPOL-Key msg 4/4 prior to deauthentication,
no PMKSA cache entry is added. This race condition was making the test
cases expecting PMKSA caching to work to fail every now and then. Avoid
this issue by waiting for AP-STA-CONNECTED event from hostapd. This
makes sure the PMKSA cache entry gets added on the AP side.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like this test case is failing every now and then, so add some
more time for the olbc_ht value to get updated before reporting a
failure.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like the gobject module does not get installed by default for
Python at least on Ubuntu server, so modify the D-Bus test case files to
import this in a way that allows other test cases to be run even without
gobject module being installed.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case uses get_bss() with a BSSID to find a BSS entry. That can
result in failures if there are multiple BSS entries in wpa_supplicant
BSS table for the same BSSID, e.g., due to an earlier hidden SSID test
case. Explicitly clear the cfg80211 and wpa_supplicant scan caches at
the beginning of this test case to make it less likely for earlier test
cases to trigger a failure here.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case uses get_bss() with a BSSID to find a BSS entry. That can
result in failures if there are multiple BSS entries in wpa_supplicant
BSS table for the same BSSID, e.g., due to an earlier hidden SSID test
case. Explicitly clear the cfg80211 and wpa_supplicant scan caches at
the beginning of this test case to make it less likely for earlier test
cases to trigger a failure here.
Signed-off-by: Jouni Malinen <j@w1.fi>
This step requires kernel changes that are not yet in upstream Linux
tree, so mark this as skip rather than failure for now.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use SELECT_NETWORK instead of REASSOCIATE for the first reconnection to
avoid unnecessary long wait for temporary network disabling to be
cleared. In addition, wait for the disconnect event after issuing the
DISCONNECT commands to avoid issues due to any pending events during the
immediately following reconnection attempt.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it easier to figure out what happened if the test case fails
due to not finding all the needed OSU-PROVIDER information.
Signed-off-by: Jouni Malinen <j@w1.fi>
The external cfg80211 scan flushing operation requires a relatively
recent iw version and not all distributions include that. Avoid false
failure reports by marking these test cases skipped if the iw command
fails.
Signed-off-by: Jouni Malinen <j@w1.fi>
Due to a typo and missing hapd variable initialization, some of the DFS
and VHT test cases were marked as failures even though they were
supposed to be marked as skipped in case the kernel and wireless-regdb
did not have sufficient support for these modes.
Signed-off-by: Jouni Malinen <j@w1.fi>
If dbus_probe_req_reporting was run before dbus_probe_req_reporting_oom,
the SubscribeProbeReq() method succeeded since the memory allocation
that was supposed to fail in the OOM test case was not even tried.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is a regression test case to detect a failure that resulted in an
up to five second busy loop through wpa_supplicant_fast_associate() when
interworking_find_network_match() and wpa_supplicant_select_bss() get
different matching results.
Signed-off-by: Jouni Malinen <j@w1.fi>
If Calling-Station-Id matches, but CUI does not, NAS is expected to
reject the request instead of accepting it. Verify that Disconnect-NAK
is returned for this.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies that wpa_supplicant reconnects if PMF is enabled,
unprotected Deauthentication/Disassociation frame is received, and the
AP does not reply to SA Query.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies that Certification signals include the expected
information on peer certificates and that dNSName constraint can be
configured based on that and is working both in matching and not
matching cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case was verifying that the first unused VENDOR_ELEM value
above the current maximum is rejected. That makes it a bit inconvenient
to add new entries, so increase the elem value to leave room for new
additions without having to continuously modify this test case.
Signed-off-by: Jouni Malinen <j@w1.fi>
This increases testing coverage for OCSP processing by confirming that
valid OCSP response showing revoked certificate status prevents
successful handshake completion. In addition, unknown certificate status
is verified to prevent connection if OCSP is required and allow
connection if OCSP is optional.
Signed-off-by: Jouni Malinen <j@w1.fi>
GnuTLS has a hardcoded three day limit on OCSP response age regardless
of the next update value in the response. To make this work in the test
scripts, try to generate a new response when starting the authentication
server. The old mechanism of a response without next update value is
used as a backup option if openssl is not available or fails to generate
the response for some reason.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is more robust than checking the driver capability because it is
also possible for the wpa_supplicant build to be configured without mesh
support regardless of whether the driver supports it.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it more convenient to run tests with wpa_supplicant builds
that do not support SAE (e.g., due to crypto library not providing
sufficient functionality for this).
Signed-off-by: Jouni Malinen <j@w1.fi>
This format as a DER encoded blob is supported by both OpenSSL and
GnuTLS while the previous OpenSSL specific format did not get accepted
by GnuTLS.
Signed-off-by: Jouni Malinen <j@w1.fi>
With GnuTLS, domain_suffix_match is currently requiring full match, so
split the test cases in a way that can be reported more cleanly as PASS
or SKIP based on TLS library behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Proper configuration should be used here to get server validation
enabled, so update the test cases to provide the ca_cert parameter. This
was included in number of existing test cases, but not all.
Signed-off-by: Jouni Malinen <j@w1.fi>
These parameters are supported only with OpenSSL, so split any test case
that used those for a successful connection into two test cases. Skip
all test cases where these are used without the selected TLS library
supporting them to avoid reporting failures incorrectly. Though, verify
that subject_match and altsubject_match get rejected properly if TLS
library does not support these.
Signed-off-by: Jouni Malinen <j@w1.fi>
Check wpa_supplicant EAP capability and skip EAP-pwd and EAP-FAST test
cases if the build did not include support for these. This is cleaner
than reporting failures for such test cases when the selected TLS
library does not support the EAP method.
Signed-off-by: Jouni Malinen <j@w1.fi>
This network profile parameter will be removed with the cleanup that
makes mesh use shared functions for setting channel parameters. That
will allow HT to be enabled automatically based on driver capabilities.
Signed-off-by: Jouni Malinen <j@w1.fi>