This replaces use of the external hwsim_test tool for most data
connectivity test cases. Only the cases where a special interface
(bridge/VLAN) is used are still executed through hwsim_test.
The internal DATA_TEST_* functionality makes it easier to extend the
connectivity test cases through an external device with real WLAN
hardware instead of the hwsim test setup. In addition, the error reports
from this code can be made more informative.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it easier to use instances of control interfaces in common
code without having to separately address hostapd and wpa_supplicant
behavior differences.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is now possible to run hwsim_test like data connectivity test through
wpa_supplicant/hostapd control interface if CONFIG_TESTING_OPTIONS=y is
used for the build. Test functionality is enabled/disabled at runtime
with "DATA_TEST_CONFIG <1/0>". The "DATA_TEST_TX <dst> <src> <tos>"
command can be used to request a test frame to be transmitted.
"DATA-TEST-RX <dst> <src>" event is generated when the test frame is
received.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it easier to replace data connectivity testing to use
something else than local hwsim_test binary on the controller device.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-hostap: Luciano Coelho <luciano.coelho@intel.com>
Skip CSA tests if the driver doesn't support this in AP mode.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This was forgotten when the key_mgmt parser for SAE and FT-SAE was
added.
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Create init_mesh, mesh_join, and mesh_leave actions to kernel.
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Convert the driver flags variable to u64 since there was no room for
more flags.
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Add an implementation of Synthetic Initialization Vector (SIV)
Authenticated Encryption Using the Advanced Encryption Standard (AES).
This mode of AES is used to protect peering frames when using
the authenticated mesh peering exchange.
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Patch 51e9f22809 added the option
p2p_add_cli_chan to allow P2P GC to connect on passive channels
assuming the GO should know whether allowed to send on these channels.
This patch adds missing cli_channels to invitation response messages
to allow re-connecting to a persistent group as GC on passive
channels.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
This adds a test which attempts to use the control interface for the
P2P group to remove the P2P group.
Signed-off-by: Toby Gray <toby.gray@realvnc.com>
It was possible to issue the P2P_GROUP_REMOVE command through the
per-interface control interface. This resulted in freed memory getting
accessed when trying to send the control interface response to the
operation that ended up deleting the group interface. Fix this by
postponing the removal operation until the caller has returned.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes wpa_supplicant SME create PMKSA cache entries from SAE
authentication and try to use PMKSA caching if an entry is found for the
AP. If the AP rejects the attempt, fall back to SAE authentication is
used.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes hostapd create PMKSA cache entries from SAE authentication
and allow PMKSA caching to be used with the SAE AKM.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows multiple sessions using the same PMKSA cache entry to be
combined more easily at the server side. Acct-Session-Id is still a
unique identifier for each association, while Acct-Multi-Session-Id will
maintain its value for all associations that use the same PMKSA.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 8b24861154 ('Add Acct-Session-Id
into Access-Request messages') added Acct-Session-Id building into the
helper function shared between authentication and accounting messages.
However, it forgot to remove the same code from the generation of
accounting messages and as such, ended up with Accounting-Request
messages containing two copies of this attribute. Fix this by removing
the addition of this attribute from the accounting specific function.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds definition and names for the RADIUS attributes defined in RFC
5580 (Carrying Location Objects in RADIUS and Diameter).
Signed-off-by: Jouni Malinen <j@w1.fi>
Increase EAPOL startWhen to 2 for the case where the AP/GO has
advertised it supports WPS 2.0. This is done to make it less likely for
the EAPOL-Start frame to be sent out since that is only required for WPS
1.0. Not sending it can remove one unnecessary round trip from the EAP
exchange when the AP is going to start with EAP-Request/Identity
immediately based on the Association Request frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is a more advanced version of the simple parallel-vm.sh script.
Status of each VM is printed out during the test and results are
provided in more convenient format in the end.
Signed-off-by: Jouni Malinen <j@w1.fi>
While the kernel seems to have accepted the message to set linkmode and
operstate without the final attribute getting padded to 32-bit length,
it is better to get this cleaned up to match expected format. The double
NLMSG_ALIGN() followed by RTA_LENGTH() did not make much sense here.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commands are already present in ctrl_iface.c (and parsed in
hostapd_ctrl_iface_receive() function) but not in hostapd_cli.c. This
patch updates hostapd_cli.c with matching functions.
Signed-off-by: Cedric Baudelet <cedric.baudelet@intel.com>
Commit 152cff6ba6 ('P2P: Remove
WPA_DRIVER_FLAGS_P2P_MGMT option') removed the only non-zero return from
wpas_p2p_stop_find_oper(), but did not remove the useless return value
or the return check in wpas_p2p_stop_find(). Clean these up by removing
unreachable code and useless return value.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
This is needed for number of items and it was possible to make a build
configuration that did not include ieee802_11_common.c while still
trying to use functions from there. While it would be possible to add
NEED_80211_COMMON=y to all the cases where this file is needed, the
extra complexity from this is not really justifiable anymore, so include
the file unconditionally.
Signed-off-by: Jouni Malinen <j@w1.fi>
The MACsec addition placed one of the calls outside the #ifdef
IEEE802X_EAPOL block while the variable needed for this was defined only
within the block.
Signed-off-by: Jouni Malinen <j@w1.fi>
The definition of wpa_ctrl_get_remote_ifname is conditional on
CONFIG_CTRL_IFACE_UDP. This change makes the header declaration of
this function also conditional on the same define.
Signed-off-by: Toby Gray <toby.gray@realvnc.com>
This change adds a cast to void to indicate that the path parameter is
unused when CONFIG_DEBUG_FILE is not defined. This fixes a compiler
warning about unused parameters.
Signed-off-by: Toby Gray <toby.gray@realvnc.com>
This information can be used to determine whether the event is generated
for a new peer that was added or due to an update in the information for
an existing peer.
Signed-off-by: Jouni Malinen <j@w1.fi>
When WFD IE of a P2P device changes, the field is locally updated in P2P
supplicant but upper layer is not informed about this change.
Signed-off-by: Jean Trivelly <jean.trivelly@intel.com>
Use scan_for_bss() instead of scan() to avoid errors if the active scan
fails, e.g., due to heavy load under parallel-vm.sh test run.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new openssl_cipher configuration parameter can be used to select
which TLS cipher suites are enabled for TLS-based EAP methods when
OpenSSL is used as the TLS library. This parameter can be used both as a
global parameter to set the default for all network blocks and as a
network block parameter to override the default for each network
profile.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new openssl_cipher configuration parameter can be used to select
which TLS cipher suites are enabled when hostapd is used as an EAP
server with OpenSSL as the TLS library.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends the TLS wrapper code to allow OpenSSL cipherlist string to
be configured. In addition, the default value is now set to
DEFAULT:!EXP:!LOW to ensure cipher suites with low and export encryption
algoriths (40-64 bit keys) do not get enabled in default configuration
regardless of how OpenSSL build was configured.
Signed-off-by: Jouni Malinen <j@w1.fi>
This use does not really need a strong random number, so fall back to
os_random() if a theoretical error case occurs. (CID 72682)
Signed-off-by: Jouni Malinen <j@w1.fi>