Commit graph

6267 commits

Author SHA1 Message Date
Jouni Malinen
7ef6947993 HS 2.0R2: Add STA support for Deauthentication Request notification
If requested, disable the network based on the HS 2.0 deauthentication
request.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
95a3ea9426 HS 2.0R2: Add WNM-Notification Request for Subscription Remediation
Subscription remediation notification WNM-Notification Request is now
shown in the following way in wpa_supplicant control interface:
<3>HS20-SUBSCRIPTION-REMEDIATION http://example.com/foo/

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
f9cd147d6b HS 2.0R2: Update Indication element to Release 2
The HS 2.0 Indication element from wpa_supplicant now includes the
release number field and wpa_supplicant shows the release number of the
AP in STATUS command (hs20=1 replaced with hs20=<release>).

The new update_identifier field in the cred block can now be used to
configure the PPS MO ID so that wpa_supplicant adds it to the Indication
element in Association Request frames.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:22 +02:00
Jouni Malinen
bc00053c9d Interworking: Allow roaming partner configuration
The new roaming_partner parameter within a cred block can be used to
configure priorities for roaming partners.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:22 +02:00
Jouni Malinen
ae6f927258 nl80211: Add driver capability for GTK_NOT_USED
Many drivers support operation without GTK configured, but most (if any)
today do not advertise this. Handle this by skipping GTK cipher suite
configuration if the driver did not advertise support in order to work
around cfg80211 validation steps.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:22 +02:00
Jouni Malinen
2c49d04cdb Do not clear global pmf setting on FLUSH
This parameter was actually used in some testing cases in a way that did
not really work well with the FLUSH command ending up disabling PMF.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:22 +02:00
Jouni Malinen
d369bdcad9 tests: Clear pmf parameter on reset()
This is in preparation of removing pmf parameter reset on the FLUSH
command.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-26 01:24:22 +02:00
Jouni Malinen
eef7235da1 Only try fast reconnect if network is not disabled
Previously, it would have been possible for the network to be marked
disabled and that marking to be ignored if a recoverable disconnection
reason event were processed. Avoid this by verifying network status
before trying to reconenct back to the same BSS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 23:52:09 +02:00
Jouni Malinen
12c587a517 tests: Verify domain_suffix_match in a cred block
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 23:40:29 +02:00
Jouni Malinen
4b572e3ac1 tests: Verify Interworking network selection with no auth params
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 23:16:54 +02:00
Jouni Malinen
d405893439 tests: Verify Interworking network selection reconnection
This verifies that 'INTERWORKING_SELECT auto' is able to roam to a
higher priority network when executed while connected to a lower
priority network.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-25 22:41:03 +02:00
Jouni Malinen
3d910ef497 Interworking: Prefer last added network during network selection
Previously, any network block could be used to select the BSS to connect
to when processing scan results after Interworking network selection.
This can result in somewhat unexpected network selection in cases where
credential preferences indicated that a specific network was selected,
but another network ended up getting used for the connection. While the
older networks continue to be valid, add special processing for this
initial post-interworking-connect case to get more consistent network
selection to match with the Interworking network selection result.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 22:37:57 +02:00
Jouni Malinen
da60d9c1ca tests: Add module tests for blacklist to complete coverage
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 20:16:28 +02:00
Jouni Malinen
2a33687ec7 P2P: Remove unnecessary ifdef CONFIG_NO_CONFIG_WRITE
wpa_config_write() is defined as a dummy function even if actual
operation to write the configuration file are commented out from the
build. This cleans up the code a bit and removed a compiler warning on
set-only variable.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 19:31:16 +02:00
Purushottam Kushwaha
050d8b5cc7 Fix documentation for wpa_supplicant_global_ctrl_iface_process()
This fixes a copy-paste error in the function name in
wpa_supplicant_global_ctrl_iface_process() documentation.

Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
2014-02-25 16:53:57 +02:00
Luciano Coelho
be32ace48b hwsim tests: Add support for the chanctx flag when creating radios
Add a new option to set the use_chanctx flag when creating a radio.
While at it, refactor the arguments parsing code to use argparse.

Signed-hostap: Luciano Coelho <luciano.coelho@intel.com>
2014-02-25 16:53:40 +02:00
Jouni Malinen
8c9cb81fb7 DFS: Fix coding style (missing whitespace)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 16:47:22 +02:00
Janusz Dziedzic
4f1e01b8e3 DFS: Add VHT160 available channels
Add VHT160 available channels we can choose from when having detected a
radar event.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-02-25 16:46:17 +02:00
Janusz Dziedzic
b8058a69b0 hostapd: DFS allow mixed channels
Allow mixed DFS and non-DFS channels, e.g., VHT160 on channels 36-64.
This is useful for testing VHT160 with mac80211_hwsim.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-02-25 16:45:11 +02:00
Janusz Dziedzic
4db216fcf7 wpa_supplicant: Add support for IPv6 with UDP ctrl_iface
Add IPv6 support when using udp/udp-remote control interface using the
following new build configuration options:

CONFIG_CTRL_IFACE=udp6
CONFIG_CTRL_IFACE=udp6-remote

This is useful for testing, while we don't need to assign IPv4 address
(static or using DHCP) and can just use auto configured IPv6 addresses
(link local, which is based on the MAC address). Also add scope id
support for link local case.

For example,
./wpa_cli
./wpa_cli -i ::1,9877
./wpa_cli -i fe80::203:7fff:fe05:69%wlan0,9877

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-02-25 16:43:01 +02:00
Emanuel Taube
e2364d162a hostapd: Deauthenticate clients forbidden by maclist changes
After adding or removing a MAC address from a list, the
corresponding station was not deauthenticated as expected.

Signed-off-by: Emanuel Taube <emanuel.taube@gmail.com>
2014-02-25 16:18:48 +02:00
Emanuel Taube
1748f1da3d hostapd: Make it possible to remove addresses from maclists
It is already possible to add MAC addresses at runtime. This patch
allows also to remove some of them by using the prefix "-" in the
address file.

Signed-off-by: Emanuel Taube <emanuel.taube@gmail.com>
2014-02-25 16:10:29 +02:00
Emanuel Taube
064eb057ca Add os_remove_in_array()
This can be used to remove members from an array.

Signed-off-by: Emanuel Taube <emanuel.taube@gmail.com>
2014-02-25 16:10:29 +02:00
Jouni Malinen
c1151e47d5 Force OFDM/HT/VHT to be disabled on channel 14
The regulatory rules in Japan do not allow OFDM to be used on channel
14. While this was to some extend assumed to be enforced by drivers
(many of which apparently don't), it is safer to make hostapd enforce
this by disabling any OFDM-related functionality. This tries to avoid
backwards compatibility issues by downgrading the mode rather than
rejecting the invalid configuration.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 13:55:10 +02:00
Jouni Malinen
bfb79dde63 nl80211: Show regulatory rule flags in debug output
These can be useful in understanding why some channels are disabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 13:55:07 +02:00
Chaitanya T K
3d7ad2f681 hostapd: Configure spectrum management capability
Add configuration of Spectrum Management subfield in the Capability
Information of Beacon, Probe Response, and Association Response frames.
Spectrum Management bit is set when directly requested by new
configuration option spectrum_mgmt_required=1 or when AP is running on
DFS channels. In the future, also TPC shall require this bit to be set.

Signed-hostap: Srinivasan <srinivasanb@posedge.com>
Signed-hostap: Chaitanya T K <chaitanyatk@posedge.com>
Signed-hostap: Marek Puzyniak <marek.puzyniak@tieto.com>
2014-02-25 00:54:59 +02:00
Srinivasan B
e0392f825d hostapd: Add Power Constraint element
Add Power Constraint information element to Beacon and Probe Response
frames when hostapd is configured on 5 GHz band and Country information
element is also added. According to IEEE Std 802.11-2012 a STA shall
determine a local maximum transmit power for the current channel based
on information derived from Country and Power Constraint elements.

In order to add Power Constraint element ieee80211d option need to be
enabled and new local_pwr_constraint config option need to be set to
unsigned value in units of decibels. For now this value is statically
configured but the future goal is to implement dynamic TPC algorithm
to control local power constraint.

Signed-hostap: Srinivasan <srinivasanb@posedge.com>
Signed-hostap: Chaitanya T K <chaitanyatk@posedge.com>
Signed-hostap: Marek Puzyniak <marek.puzyniak@tieto.com>
2014-02-24 23:51:23 +02:00
Stefan Lippers-Hollmann
891330fda9 Fix spelling s/algorith/algorithm/
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2014-02-24 23:40:01 +02:00
Jouni Malinen
56d3b4d668 tests: Enable CCMP fragmentation check
This was triggering failures due to a mac80211 bug that has now been
fixed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-24 17:15:16 +02:00
Jouni Malinen
f0e30c8410 Do not start another connect work while one is pending
It was possible for the connect or sme-connect radio work to get
re-scheduled while an earlier request was still pending, e.g.,
select_network is issued at the moment a scan radio work is in progress
and the old scan results are recent enough for starting the connection.
This could result in unexpected attempt to re-associate immediately
after completing the first connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-24 15:22:35 +02:00
Jouni Malinen
47c549fd8e tests: WPS UPnP operations
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-24 13:56:43 +02:00
Jouni Malinen
44ff0400b4 tests: WPS UPnP SSDP testing
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-24 13:56:42 +02:00
Jouni Malinen
b2210bd289 tests: Stop WPS ER on station reset
This seems to be needed in some cases to avoid issues in test cases that
assume there are no other ERs running.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-24 13:56:42 +02:00
Jouni Malinen
329039869a WPS: Fix UNSUBSCRIBE error returns if NT or CALLBACK header is used
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-22 18:58:33 +02:00
Jouni Malinen
f34df28e93 WPS: Fix UNSUBSCRIBE to return 412 if no SID match found
UPnP-arch-DeviceArchitecture describe ErrorCode 412 to be used for the
case where no un-epxired subscription matches. This used to return 200
which is not strictly speaking correct even though it is unlikely to
cause any problems.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-22 18:58:33 +02:00
Jouni Malinen
80f256a568 WPS: Remove unnecessary filename NULL check
The caller of the GET parser is checking this already and the GET case
was the only one that ended up doing the duplicated validation step.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-22 14:07:23 +02:00
Jouni Malinen
29513e461a tests: Remove forgotten tcpdump references
tcpdump has not been used in the test scripts for a while, so no need
to stop it from stop.sh.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-22 10:47:49 +02:00
Jouni Malinen
8107d33361 tests: Fix the file comment to describe what this script does
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-21 20:25:25 +02:00
Roger Zanoni
040dc68e8c tests: Change the python interpreter directive
This makes the script check the environment for the current python
interpreter in use instead of assuming that the python executable points
to a python 2 interpreter.

Signed-off-by: Roger Zanoni <roger.zanoni@openbossa.org>
2014-02-21 20:23:56 +02:00
Jouni Malinen
5be9dcbb86 tests: Remove unnecessary interpreter line from most python files
Only run-tests.py is actually executed, so there is no need to specify
the interpreter in all the helper files and test script files.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-21 20:21:53 +02:00
Rahul Jain
aef5047acc P2P: Fix missing eloop_cancel_timeout in invitation trigger
When a Probe Request frame from an invitation peer is received, a timer
is schedule to start invitation. However, this could have been scheduled
multiple times (once per Probe Request frame) which is undesirable since
only a single invitation should be initiated.

Signed-off-by: Rahul Jain <rahul.jain@samsung.com>
2014-02-21 13:54:09 +02:00
Jouni Malinen
3cdcb3a4b3 tests: Add module tests for WPS attribute parsing
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-21 13:41:30 +02:00
Jouni Malinen
ea449b5bfe tests: Add a module test integration to hwsim tests
CONFIG_MODULE_TESTS=y build option can now be used to build in module
tests into hostapd and wpa_supplicant binaries. These test cases will be
used to get better testing coverage for various details that are
difficult to test otherwise through the control interface control. A
single control interface command is used to executed these tests within
the hwsim test framework. This commit adds just the new mechanism, but no
module tests are yet integrated into this mechanism.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-21 13:08:08 +02:00
Jouni Malinen
da179bd0e1 WPS: Fix parsing of 0-length WFA vendor extension subelement
The previous parser would have skipped a WFA vendor extension attribute
that includes only a single zero-length subelement. No such subelement
has been defined so far, so this does not really affect any
functionality, but better make the parser address this correctly should
such an element ever be added.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-21 13:08:08 +02:00
Jouni Malinen
211d7ab3d8 P2P: Add even more debug prints for Probe Request in non-Listen state
It looks like discovery_dev_id test case can still fail and based on the
previously added debug prints, this is happening since the P2P module
believes it is not in Listen state even when a P2P_LISTEN was issued.
p2p_listen_cb() did not get called on remain-on-channel event for some
reason, so lets add more debug to find out why this can happen.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-20 16:59:29 +02:00
Roger Zanoni
848905b12a Avoid undefined references with CONFIG_WPA_TRACE_BFD=y
libdl, libiberty, and libzlib are dependencies for libbfd.

Signed-off-by: Roger Zanoni <roger.zanoni@openbossa.org>
2014-02-20 16:32:26 +02:00
Anders Kaseorg
9e38836427 wpa_debug: Remove 2048 byte message length limit
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2014-02-20 16:32:26 +02:00
Jouni Malinen
66a6331501 tests: Increase P2P SD test coverage
Verify cases both with multiple peers (one of which not advertising any
services) and with multiple SD queries.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-20 16:32:26 +02:00
Jithu Jance
f667e031c9 P2P: Address few issues seen with P2P SD
Suppose we have multiple peers and we have peers advertising SD
capability, but no services registered for advertising. In this case,
even if there are multiple broadcast queries set, we might end up
sending only the lastly added broadcast query to the same device (since
SD_INFO won't get set for the first broadcast query). Add support for
multiple wildcard queries to be tracked to enable this type of use
case.

Some times it is seen that before advancing to next device in the list,
the scan results come and update SD_SCHEDULE flag. This will result in
sending the already sent query to the same device without giving chance
to other devices. This issue again is seen with peer devices advertising
SD capability without any services registered.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2014-02-20 16:32:12 +02:00
Dmitry Shmidt
e9a6f18385 TLS: Add tls_disable_tlsv1_1 and tls_disable_tlsv1_2 phase1 params
These can be used to disable TLSv1.1 and TLSv1.2 as a workaround for AAA
servers that have issues interoperating with newer TLS versions.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-02-20 15:28:57 +02:00