Commit graph

11974 commits

Author SHA1 Message Date
Roy Marples
7f46ad9ee5 BSD: Only down the interface once we are sure we can work with it
Signed-off-by: Roy Marples <roy@marples.name>
2016-03-20 11:24:30 +02:00
Daisuke Niwa
192964ddc3 Handle OSEN IE in Assoc Request info if req_ies exists
The 4-way handshake fails with the error "WPA: No wpa_ie set - cannot
generate msg 2/4" while connecting to OSEN network with drivers that
indicate used Association Request frame elements because OSEN IE is not
handled in wpa_supplicant_event_associnfo() if data->assoc_info.req_ies
is not NULL.

Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
2016-03-20 11:17:39 +02:00
Jouni Malinen
2b5488a4e1 tests: Return result from WpaSupplicant::global_request() in all cases
The no self.global_iface case was not returning the result from the
self.request() case. While this is not really a path that is supposed to
be used, make it return the response since it is at least theoretically
possible to get here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-20 11:08:12 +02:00
Jouni Malinen
29eddc3d8c nl80211: Fix error path in if_indices_reason reallocation
Commit 732b1d20ec ('nl80211: Clean up
ifidx properly if interface in a bridge is removed') added
drv->if_indices_reason array similarly to the previously used
drv->if_indices. However, it had a copy-paste error here on the error
path where a reallocation failure after at least one successful
reallocation would result in the drv->if_indices being overridden
instead of restoring drv->if_indices_reason to the old value. Fix this
by setting the correct variable on the error path. (CID 138514)

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-18 16:25:35 +02:00
Jouni Malinen
8c9aa2bc8d tests: wpa_supplicant AP mode - open network and HT disabled
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-18 16:18:32 +02:00
Jouni Malinen
ee298f1b1f nl80211: Do not add NL80211_ATTR_SMPS_MODE attribute if HT is disabled
SMPS mode is applicable only for HT and including an attribute to
configure it when HT is disabled could result in the AP start operation
failing. Fix this by adding the attribute only in cases where HT is
enabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-18 16:16:40 +02:00
Sunil Dutt
4ca16b5fd7 Assign QCA vendor command and attribute for Tx/Rx aggregation
Assign nl80211 vendor command
QCA_NL80211_VENDOR_SUBCMD_SET_TXRX_AGGREGATION and corresponding
attributes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-17 20:53:25 +02:00
Jouni Malinen
64ce5905f8 libxml2: Check for xmlDocDumpFormatMemory() error case
Since this function needs to allocate memory, it might fail. Check that
the returned memory pointer is not NULL before trying to parse the
output.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-16 21:49:28 +02:00
Jouni Malinen
8b827c342f BoringSSL: Keep static analyzers happier with X509_get0_pubkey_bitstr()
While this function could return NULL if the parameter issued to it were
NULL, that does not really happen here. Anyway, since this can result in
a warning from a static analyzer that does can see the return NULL
without fully understanding what it means here, check the return value
explicitly against NULL to avoid false warnings.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-16 21:34:01 +02:00
Jouni Malinen
42a95533a8 hs20-osu-client: Fix pol_upd command line parsing
This command was documented as having the Server URL parameter as
optional, but the implementation did not match that. Allow this
parameter to be left out.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-16 21:25:11 +02:00
Jouni Malinen
ec1eae849e hs20-osu-client: Remove dead code from sub_rem command line parsing
The error print could not have been reached since the exact same
condition was verified above and exit(0) is called if the command line
is invalid.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-16 21:19:19 +02:00
Jouni Malinen
6c7fed4683 tests: EAP-SIM and check fast reauth with bssid change
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-16 19:46:27 +02:00
Jouni Malinen
c3dc68e844 Do not invalidate EAP session cache on all network block parameter changes
The bssid and priority parameters in a network block do not have any
effect on the validity of an EAP session entry, so avoid flushing the
cached session when only these parameters are changed. This is mainly to
allow forced roaming or network selection changes without causing fast
reauthentication to be disabled if the changes are done during RSN
association that used EAP.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-16 19:44:32 +02:00
Jouni Malinen
9231c2476f wlantest: Fix bip_protect() memory allocation
The addition operator is of higher precedence than the ternary
conditional and the construction here needs to use parentheses to
calculate the buffer length properly when generating test frames with
BIP protection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-14 18:42:46 +02:00
Jouni Malinen
c6c29be1bd Interworking: Add credential realm to EAP-TLS identity
If the configured credential includes a username without '@' (i.e., no
realm) in it and a realm, combine these to form the EAP-Request/Identity
value as "<username>@<realm>" for EAP-TLS. This was already done for
EAP-TTLS as part of the anonymous NAI conversion, but EAP-TLS could have
ended up using a username without any realm information which would be
unlikely to work properly with roaming cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-11 21:06:15 +02:00
Jouni Malinen
8b29661192 tests: Accept "user@example.com" as user identity similarly to "user"
This is needed to allow updated Interworking behavior that adds the
realm to the EAP-Response/Identity value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-11 21:06:15 +02:00
Dedy Lansky
f2d6c17aa0 nl80211: Support network hierarchy of a master interface under bridge
Since commit cb05808c46 ('nl80211: Generic
Linux master interface support for hostapd'), hostapd is listening for
EAPOL frames on any master which the interface is enslaved under.

This commit allows hostapd to support network hierarchy in which the
interface is enslaved under some master which in turn is enslaved under
a bridge.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2016-03-09 21:03:41 +02:00
Jouni Malinen
71fd685fb8 tests: Set ocsp_stapling_response_multi in as2.conf
This keeps the as.conf and as2.conf more consistent.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-09 19:49:24 +02:00
Jouni Malinen
40ae4a2ff2 tests: Fix root_ocsp() for multi-OCSP test cases
Incorrect path and file name was used in the openssl command to generate
one of the OCSP responses. Also fix
ap_wpa2_eap_tls_intermediate_ca_ocsp_multi to expect success rather than
failure due to OCSP response. Based on the test description, this was
supposed to succeed, but apparently that root_ocsp() bug prevented this
from happening.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-09 19:48:35 +02:00
Jouni Malinen
f85399f396 Reserve QCA vendor specific nl80211 commands 116..118
These are reserved for QCA use.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-08 23:08:45 +02:00
Zefir Kurtisi
3bd58861ae hostapd: Handle running out of DFS channels
In scenarios where only DFS channels are available (e.g., outdoor,
special country codes), hostapd must be able to handle situations
where all are unavailable.

The two possibilities to get there are
1) while operating on the last available DFS channel a radar is
   detected
2) hostapd is started while all channels are unavailable

In both cases, hostapd instead of terminating should better
wait for the NOPs to pass and re-try operation after the CAC.

This patch provides that feature by using the condition
(iface->state == HAPD_IFACE_DFS && !iface->cac_started)
as NOP mode signature to retry operation from within
hostapd_dfs_nop_finished().

Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
2016-03-08 12:16:37 +02:00
Dedy Lansky
cc1af6faed FST: Fix session setup failure with peer without MB IE
Upon receiving FST setup request on old band, the peer is searched on
new band. The assumption is that MB IE from this peer on new band
previously received either in assoc event or in FST setup request.

There are cases in which above assumption doesn't work, peer is not
found and session setup fails. For example:
- STA connects over 11ac. Due to driver limitation, MB IE is not included
in assoc event
- STA connects over 11ad. MB IE included in assoc event.
- FST session established on 11ac band, with AP as initiator. i.e. FST
setup request sent in AP=>STA direction. STA searches for peer's (AP)
MB IE on 11ad band which exists.
- FST switch occur
- FST session established on 11ad band, with STA as initiator. i.e. FST
setup request sent in STA=>AP direction. AP searches for peer's (STA)
MB IE on 11ac band which are absent.

For fixing the above, consider also peers without MB IE as candidates in
the search algorithm.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2016-03-07 18:04:47 +02:00
Lior David
dfe0745c9a P2P: Add optional op_class argument to P2P_SET listen_channel
The existing implementation in p2p_ctrl_set used a hard-coded operating
class 81 which is only suitable for the social channels in the 2.4 GHz
band, and will not work for the social channel in the 60 GHz band.
Extend this by adding an optional op_class argument to P2P_SET
listen_channel. If not specified, use the default value of 81 to match
existing behavior.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-03-07 13:51:01 +02:00
Lior David
e4a1469cec P2P: Adjust service discovery maximum fragment size for 60 GHz
In the 60 GHz band, service discovery management frames are sent over
the control PHY and have a smaller maximum frame size (IEEE Std
802.11ad-2012, 21.4.3.2). Fix the code to use sufficiently small
fragment size when operating in the 60 GHz band.

The 60 GHz fragment size (928) is derived from the maximum frame size
for control PHY (1023) and subtracting 48 bytes of header size, and some
spare so we do not reach frames with the absolute maximum size.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-03-07 13:47:01 +02:00
Johannes Berg
890fd60f7d tests: Add tests for HS 2.0 frame filtering
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2016-03-07 11:07:58 +02:00
Bob Copeland
fa7f9570f2 tests: Add a test for mesh gate forwarding
This test checks that mesh nodes forward frames for unknown
destinations to the mesh gates.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
2016-03-07 11:05:22 +02:00
Jouni Malinen
dbd183c717 tests: D-Bus AssocStatusCode
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-06 20:54:16 +02:00
Naveen Singh
c7fb678f31 D-Bus: Add association response status code property for failure cases
(Re)Association Response frame with status code other than 0 is now
notified over DBUS as a part of PropertiesChanged signal. This can be
used by application in case AP is denying association with status code
17 (band steering) so that it does not interfere in the BSSID selection
logic of wpa_supplicant.

Signed-off-by: Naveen Singh <nasingh@google.com>
2016-03-06 20:44:51 +02:00
Eliad Peller
2940bf669a hostapd: Use ifname of the current context in debug messages
In case of multiple BSS configuration, return the current interface
name, instead of the first one.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-06 20:01:15 +02:00
Eliad Peller
6448e06415 hostapd: Allow use of driver-generated interface addresses
Add a new 'use_driver_iface_addr' configuration parameter to allow use
of the default interface address generated by the driver on interface
creation. This can be useful when specific MAC addresses were allocated
to the device and we want to use them for multi-BSS operation.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-06 20:00:40 +02:00
Eliad Peller
f2accfe708 AP: Save EAPOL received before Association Response ACK
There is a race condition in which AP might receive the EAPOL-Start
frame (from the just-associated station) before the TX completion of the
Association Response frame. This in turn will cause the EAPOL-Start
frame to get dropped, and potentially failing the connection.

Solve this by saving EAPOL frames from authenticated-but-not-associated
stations, and handling them during the Association Response frame TX
completion processing.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-06 17:08:12 +02:00
Janusz Dziedzic
c0ca24fc30 tests: Add hostapd.py helpers for various radio parameters
Add support for generating hostapd parameters for
b_only/g_only/a_only/HT20/HT40/VHT80.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:51 +02:00
Janusz Dziedzic
e3b36d420e tests: Add terminate support for hostapd/wpa_supplicant
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:51 +02:00
Janusz Dziedzic
13073011b9 wpaspy: Add support for TERMINATE command
This can be used to terminate the wpa_supplicant/hostapd process.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:51 +02:00
Janusz Dziedzic
4d48d44ca2 tests: Add HostapdGlobal.get_ctrl_iface_port()
This adds a method to get the UDP port for an interface.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:51 +02:00
Janusz Dziedzic
cb73f7e84d tests: Add UDP ctrl_iface support to hostapd.py
Allow use of a remote host using wpaspy.Ctrl with UDP ctrl_iface
support.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:51 +02:00
Janusz Dziedzic
0fd4792b48 tests: Add UDP ctrl_iface support to wpasupplicant.py
Allow use of a remote host using wpaspy.Ctrl with UDP ctrl_iface
support.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:51 +02:00
Janusz Dziedzic
a2c88a8025 wpaspy: Add support for UDP connection
hostname and port can now be specified when using wpaspy.Ctrl, so we can
connect to remote clients now.

This can also be tested using test.py application with
./test.py <hostname> <port>

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:51 +02:00
Janusz Dziedzic
3e67171846 hostapd: Add global TERMINATE command
This will terminate the hostapd process.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:50 +02:00
Janusz Dziedzic
618f5d01b0 hostapd: Add INTERFACES ctrl_iface command
Return a list of the available interfaces (the main BSS) and optionally
with ctrl_iface when the optional "ctrl" parameter is included. This is
useful when using UDP ctrl_iface and add interfaces using the ADD
command. After that we need to know which UDP port was assigned for the
control interface for the added interface.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:50 +02:00
Janusz Dziedzic
180e5b96c3 hostapd: Update ctrl_interface for UDP to include the selected port
Set up the real ctrl_interface for UDP after having selected the port.
This is in format: udp:<port_no>. This is needed to get accurate
interface <-> udp_port mapping.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:49 +02:00
Janusz Dziedzic
56e2fc2c31 wpa_supplicant: Add ctrl parameter to INTERFACES command
"INTERFACES ctrl" can now be used to fetch a list of network interfaces
and their control interfaces, e.g., to fetch the UDP port information
for the control interface.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:49 +02:00
Janusz Dziedzic
b9066c638a hostapd: Allow UDP ctrl_iface configuration to set the UDP port
This allows the UDP port to be set for the per-interface and global
control interfaces. The format is: udp:<port_no>

For example:
hostapd -ddt -g udp:8888

And in the configuration file:
ctrl_interface=udp:8877

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:43 +02:00
Janusz Dziedzic
56885eecf4 hostapd: Add UDP support for ctrl_iface
Add UDP support for ctrl_iface:

New config option could be set:
CONFIG_CTRL_IFACE=udp
CONFIG_CTRL_IFACE=udp-remote
CONFIG_CTRL_IFACE=udp6
CONFIG_CTRL_IFACE=udp6-remote

And hostapd_cli usage:
hostapd_cli -i localhost:8877

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:37 +02:00
Janusz Dziedzic
acf57fae76 ctrl_iface_common: Use sockaddr_storage instead of sockaddr_un
This is a step towards allowing UDP sockets to be used with the common
implementation.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:15:05 +02:00
Janusz Dziedzic
89b781bc89 hostapd: Use common functions for ctrl_iface
Use the common functions, structures when UNIX socket ctrl_iface used.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:15:05 +02:00
Janusz Dziedzic
1a2124c650 wpa_supplicant: Use common functions for ctrl_iface
Use the common functions, structures when UNIX socket ctrl_iface used.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:15:05 +02:00
Janusz Dziedzic
ca974ae53f Add common ctrl_iface files
This is preparation for sharing a single implementation for ctrl_iface
functionality in wpa_supplicant and hostapd.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:15:05 +02:00
Janusz Dziedzic
d60886cdaf wpa_supplicant: Add monitor support for global UDP ctrl_iface
Add monitor support (ATTACH/DETACH) for the global ctrl_iface when using
the UDP backend.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 10:46:13 +02:00
Janusz Dziedzic
f0e5d3b5c6 wpa_supplicant: Share attach/detach/send UDP ctrl_iface functions
Extend the previously per-interface UDP ctrl_iface functions
(attach/detach/send) to support operations on the global interface as
well.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 10:21:18 +02:00