Commit graph

12831 commits

Author SHA1 Message Date
Sunil Dutt
dd5c155e2e eap_proxy: Callback to notify any updates from eap_proxy
This commit introduces a callback to notify any configuration updates
from the eap_proxy layer. This is used to trigger re-reading of IMSI and
MNC length.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-02 12:47:20 +02:00
Vivek Natarajan
9a05d98bf9 atheros: Add a new flag for OSEN support
Signed-off-by: Vivek Natarajan <nataraja@qti.qualcomm.com>
2015-03-02 12:40:41 +02:00
Jouni Malinen
9feadba141 Remove unnecessary NULL check to make function more consistent
Static analyzers may warn about dereference before NULL check in
wpas_network_disabled() due to the new code added to check
wpa_s->p2p_mgmt. wpa_s cannot be NULL here, so remove the unneeded check
for it later in the function. (CID 106124)

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 22:36:53 +02:00
Jouni Malinen
bfc048b48f tests: P2P autonomous GO with large number of GO instances
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 22:36:53 +02:00
Jouni Malinen
1772d348ea P2P: Fix interface deinit for failed group interface initialization
wpa_supplicant_deinit_iface() ends up removing all P2P groups if the
removed interface is the parent interface. This is correct behavior in
general, but this resulted in issues in the new group interface
initialization error path since wpa_s->parent was not assigned before
hitting this check. Fix this by assigning wpa_s->parent as part of
wpa_supplicant_add_iface().

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 22:36:53 +02:00
Jouni Malinen
3f9ebc439c P2P: Allow AP/GO interface to be started while P2P-in-progress
Do not delay the "station mode scan" that is not really a scan, but a
request to start AP/GO mode operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 22:36:52 +02:00
Jouni Malinen
58980654af tests: RADIUS server failure cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 22:36:52 +02:00
Jouni Malinen
5d695df5d1 tests: hostapd and get_station in multi-BSS configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 22:36:52 +02:00
Jouni Malinen
5ff53fd6dd tests: RADIUS failover and failed attempt to return to primary server
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 22:36:52 +02:00
Jouni Malinen
b4a9292cfb RADIUS client: Fix server failover on return-to-primary on error case
If a connection with the primary server cannot be established, restore
connection to the previously used server.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 22:36:52 +02:00
Jouni Malinen
7c5658c661 tests: RADIUS client address specified
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 22:36:52 +02:00
Jouni Malinen
9836cb5387 Add option to force a specific RADIUS client address to be used
The new hostapd.conf parameter radius_client_addr can now be used to
select a specific local IP address to be used as the RADIUS client
address.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 22:36:52 +02:00
Jouni Malinen
1b5664f0fb tests: RADIUS Accounting server unreachable and multiple STAs
This verifies behavior on reaching RADIUS_CLIENT_MAX_ENTRIES.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 22:36:52 +02:00
Jouni Malinen
48d9065f7d tests: RADIUS Accounting server initially unreachable, but then available
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 22:36:52 +02:00
Jouni Malinen
1a7ed38670 RADIUS client: Fix a copy-paste error in accounting server failover
Commit 347c55e216 ('RADIUS client: Re-try
connection if socket is closed on retransmit') added a new option for
initialing RADIUS server failover from radius_client_retransmit(), but
ended up trying to change authentication servers when accounting server
was supposed to be changed due to a copy-paste issue.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 22:36:52 +02:00
Jouni Malinen
ec1c483de0 tests: Not ready for GO Negotiation (listen/search)
These test cases verify that P2P_FIND and P2P_LISTEN operation continues
after having replied to GO Negotiation Request frame for which we are
not yet ready (i.e., GO Negotiation Response with status=1).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 22:36:52 +02:00
Jouni Malinen
de7c06ee17 P2P: Continue find in GO-Neg-Resp-fail status corner cases
It was possible for the GO Negotiation Response (failure) TX status to
be processed at a point where there is no P2P timeout to continue
search. Avoid stopping the ongoing search operation by explicitly
restarting it from this callback.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 22:36:52 +02:00
Jouni Malinen
7041c16d5a tests: Open mode connection and SELECT_NETWORK to change network
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 15:56:11 +02:00
Jouni Malinen
c28059091a Do not add blacklist entries based on normal disconnect request cases
There are number of cases where wpa_supplicant requests the current
connection to be disconnected before starting a new operation. Such
cases do not really indicate that there was an error in connecting or a
disconnection initiated by the AP, so do not add a temporary blacklist
entry in such sequences.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 15:54:24 +02:00
Jouni Malinen
6acca70536 tests: cfg80211 P2P Device and P2P_* command on incorrect interface
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 12:07:23 +02:00
Jouni Malinen
bdf0518bb9 P2P: Direct P2P_CONNECT command to proper interface
It is possible for the P2P_CONNECT control interface command to be
issued on an incorrect interface. While the upper layer component should
really use global control interface for this, make this work by
redirecting the command to the correct context if needed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 11:54:39 +02:00
Jouni Malinen
5de945fcc0 tests: cfg80211 P2P Device misuses
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 11:24:41 +02:00
Jouni Malinen
44b9ea5bb2 P2P: Do not allow scan or normal association on cfg80211 P2P Device
The dedicated P2P management instance (wpas->p2p_mgmt == 1) using
cfg80211 P2P Device cannot be used for non-P2P uses or connection (there
is no netdev). Reject or ignore such operations to avoid unexpected
operations if enabled network blocks are configured in the
wpa_supplicant instance used to control this interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 11:23:09 +02:00
Jouni Malinen
6d0b447464 tests: P2P_FIND with freq parameter to scan a single channel
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-28 22:06:24 +02:00
Jouni Malinen
9542f21f3a Clean up p2p_find command parsing and execution
There is no need to maintain three almost identical copies of the
wpas_p2p_find() call.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-28 21:58:38 +02:00
Daisuke Niwa
fa9f381f20 P2P: Allow a specific channel to be specified in P2P_FIND
The optional freq=<MHz> can now be used with the P2P_FIND command to
specify a single channel to scan during the first round of P2P search.
For example, this can be used to replace the full initial scan with a
single channel scan of a known operation channel.

Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
2015-02-28 21:52:56 +02:00
Daichi Ueura
eb78a8d5e3 P2P: Restore P2P_SCAN_SPECIFIC
This reverts commit 3df2f4fe99 ('P2P:
Remove unused P2P_SCAN_SPECIFIC') with a modification to fit the current
code base.

Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
2015-02-28 21:41:38 +02:00
Rajkumar Manoharan
d988ff76bf hostapd: Disable VHT caps for STAs when no valid VHT MCS found
Disable VHT caps for STAs for which there is not even a single
allowed MCS in any supported number of streams. i.e STA is
advertising 3 (not supported) as VHT MCS rates for all supported
streams.

Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
2015-02-28 21:00:00 +02:00
Jouni Malinen
70fd8287eb RADIUS client: Fix previous failover change
Commit 347c55e216 ('RADIUS client: Re-try
connection if socket is closed on retransmit') added a possibility of
executing RADIUS server failover change within
radius_client_retransmit() without taking into account that this
operation may end up freeing the pending message that is being
processed. This could result in use of freed memory. Avoid this by
checking whether any pending messages have been removed and if so, do
not try to retransmit the potentially freed message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-28 20:52:08 +02:00
Jouni Malinen
dcd378ed2e tests: Make grpform_no_wsc_done more robust
It was possible for this test case to start a new group formation on
dev[1] while the first round was still going through the process of
processing group termination indication. That could result in the second
round failing unexpectedly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-28 16:57:03 +02:00
Janusz Dziedzic
c3dabf5a00 Fix merge issue with IBSS VHT support
Commit 563ee1832b ('IBSS: Add support for
VHT80 configuration') got merged in incorrectly with one i/j swap
missed.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-02-28 16:48:22 +02:00
Jouni Malinen
8b2b718da9 Fix minor issue in HT40 max rate determination
Commit a1b790eb9d ('Select AP based on
estimated maximum throughput') had a copy-paste bug than ended up
leaving one of the max_ht40_rate() cases unreachable. (CID 106087)

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-28 16:40:58 +02:00
Jouni Malinen
347c55e216 RADIUS client: Re-try connection if socket is closed on retransmit
Previously, send() was called with invalid fd = -1 in some error cases
for retransmission and this could even result in a loop of multiple such
attempts. This is obviously not going to work, so drop such attempts and
instead, try to reconnect a socket to the server if the current socket
is not valid.

In addition, initiate server failover immediately if the current socket
is not valid instead of waiting for a timeout.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-28 16:40:58 +02:00
Jouni Malinen
abeea374a4 tests: RADIUS server connect() failing during startup
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-28 15:45:17 +02:00
Jouni Malinen
94b39e5927 RADIUS client: Fix server connection recovery after initial failure
If the initial attempt at opening the socket connection to the RADIUS
server failed due to missing IP connectivity during startup, e.g., with
"connect[radius]: Network is unreachable", hostapd did not try to
reconnect when RADIUS messages were sent. Instead, it only reported "No
authentication server configured" even if the configuration did have a
server entry.

This was broken by commit 9ed4076673
('RADIUS client: Do not try to send message without socket') for the
initial case and the more recent fixes in RADIUS server failover cases
did not cover the initial failure case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-28 15:45:17 +02:00
Jouni Malinen
bbee36e316 Allow RADIUS server address to be replaced
The new hostapd parameters auth_server_addr_replace and
acct_server_addr_replace can now be used to replace the configured IP
address instead of adding a new RADIUS server. This is mainly useful for
testing purposes where the address can be changed over control interface
during AP operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-28 15:45:16 +02:00
Jouni Malinen
efb40081ab TLS: Remove placeholders for SIGN_ALG_DSA support
It does not look likely that the old DSA design would be added into the
internal TLS implement, so remove this otherwise dead code.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-28 15:45:16 +02:00
Jouni Malinen
2eb64ea437 tests: Module tests for common.c
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-28 12:20:56 +02:00
Jouni Malinen
56a1180153 tests: Increase bitfield module test coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-28 11:46:29 +02:00
Jouni Malinen
38ff21931d tests: Add module tests for base64
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-28 11:39:41 +02:00
Jouni Malinen
8412dd52d1 tests: Increase default VM memory from 128M to 192M
It looks like the 128M default memory size for the hwsim test setup was
not large enough to cover all the needs anymore. Some of the test cases
using tshark could hit OOM with that size. Increase the default
allocation to 192M to avoid this type of issues.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-25 19:02:43 +02:00
Jouni Malinen
0f74bd41c5 tests: 4-way handshake and the first msg 4/4 getting lost
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-23 15:36:49 +02:00
Jouni Malinen
f51f54a007 nl80211: Resubscribe to nl80211 events on global nl_event socket
This allows wpa_supplicant to recover from some of the cases where
cfg80211 is unloaded and reloaded without restarting wpa_supplicant. The
netlink socket used for nl80211 events (global->nl_event) seemed to end
up in otherwise functionality state, but with all the event memberships
lost when cfg80211 gets reloaded.

There does not seem to be any clear way of determining when this has
happened, so it looks simplest to just try to re-subscribe to all the
events whenever an interface is re-enabled or added.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-22 18:03:42 +02:00
Jouni Malinen
52352802ee tests: Linux packet socket workaround and EAPOL RX in operational state
This verifies that the packet socket workaround does not get disabled if
EAPOL frames are processed during operation state (i.e., when processing
reauthentication/rekeying on a functional association).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-22 16:06:23 +02:00
Jouni Malinen
48ec6942cb Fix Linux packet socket workaround to not close the socket too easily
Commit e6dd8196e5 ('Work around Linux
packet socket regression') closed the workaround socket on the first
received EAPOL frame from the main packet socket. This can result in
closing the socket in cases where the kernel does not really work in the
expected way during the following initial association since
reauthentication/rekeying using EAPOL frames happens while operstate is
not dormant and as such, the frames can get delivered through the main
packet socket.

Fix this by closing the workaround socket only in case the first EAPOL
frame is received through the main packet socket. This case happens
while the interface is in dormant state and as such, is more likely to
show the more restricted case of kernel functionality.

In order to avoid processing the received EAPOL frames twice, verify a
checksum of the frame contents when receiving frames alternatively from
the main packet socket and the workaround socket.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-22 16:06:13 +02:00
Jouni Malinen
528a7d22d0 tests: VHT/HT preference in BSS selection
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-22 11:47:28 +02:00
Jouni Malinen
0d2030ee20 Use estimated throughput to improve roaming selection
Previously, within-ESS roaming was skipped if the selected BSS did not
have a higher signal strength than the current BSS regardless of AP
capabilities. This could result in not moving to a BSS that would
provide higher throughput, e.g., due to larger channel bandwidth or
higher rates (HT/VHT MCS).

Use estimated throughput information from scan result processing to
allow within-ESS roaming if the selected BSS is likely to provide better
throughput even if the current BSS has larger RSSI.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-22 11:45:45 +02:00
Jouni Malinen
1d747e2a98 Add snr and est_throughput to the BSS entries
These values were previously used only for sorting the scan results, but
it may be useful to provide access to the used values through the BSS
entries.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-22 11:09:54 +02:00
Jouni Malinen
a1b790eb9d Select AP based on estimated maximum throughput
This modifies the BSS selection routines to calculate SNR and estimated
throughput for each scan result and then use the estimated throughput as
a criteria for sorting the results. This extends the earlier design by
taking into account higher throughput rates if both the AP and local
device supports HT20, HT40, or VHT80. In addition, the maximum rate is
restricted based on SNR.

In practice, this gives significantly higher probability of selecting
HT/VHT APs when there are multiple BSSes in the same ESS and SNR is not
low enough to prevent higher MCS use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-22 11:09:54 +02:00
Jouni Malinen
ab647ffea7 Add wpa_supplicant Makefile target libwpa_ctrl.a
"make -C wpa_supplicant libwpa_ctrl.a" can now be used to build a static
library that can be linked with external programs using wpa_ctrl.h. This
makes it easier to create a separate library package that does not
depend in any other hostap.git file other than src/common/wpa_ctrl.h and
the libwpa_ctrl.a built with this new make target.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-21 17:48:10 +02:00