Add a new test to check that the AP won't send frames to the client if
it tries to talk to itself.
Note that this fails until the relevant mac80211 patch is merged.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
These test cases seemed to have copy-paste errors where
wait_enabled=False was forgotten even though there was no additional
steps checking the AP mode startup results. This did not break the
tests, but could have resulted in slowing them down if the STAs did not
find the AP in the first scan.
Signed-off-by: Jouni Malinen <j@w1.fi>
The Linux kernel commit 113f3aaa81bd ("cfg80211: Prevent regulatory
restore during STA disconnect in concurrent interfaces") broke the
regulatory clearing attempt in many test cases since
cfg80211_is_all_idle() is now returning false due to the AP interface
being up and that results in the Country IE -based regulatory
information not getting cleared back to defaults.
Work around this by stopping the AP interface first so that when the
station interface receives the disconnection, there are no other active
interfaces in the system. In addition, wait for REGDOM event for the
Country IE hint after association to avoid disconnection before the
regulatory events have been fully processed.
Signed-off-by: Jouni Malinen <j@w1.fi>
The Linux kernel commit 113f3aaa81bd ("cfg80211: Prevent regulatory
restore during STA disconnect in concurrent interfaces") broke the
regulatory clearing attempt in this test case since
cfg80211_is_all_idle() is now returning false due to the AP interface
being up and that results in the Country IE -based regulatory
information not getting cleared back to defaults.
Work around this by stopping the AP interface first so that when the
station interface receives the disconnection, there are no other active
interfaces in the system. In addition, wait for REGDOM event for the
Country IE hint after association to avoid disconnection before the
regulatory events have been fully processed.
Signed-off-by: Jouni Malinen <j@w1.fi>
cfg80211 regulatory code gets into pretty inconvenient state if it needs
to intersect regulatory domain information from multiple regulations
(country=98). The existing mechanisms in the hwsim test cases are not
able to clear that up for the following test case and this can result in
large number of failures.
It looks like country=98 case is hit frequently in WNM test cases where
a station associates with an AP that advertises a specific country code
and that station is then asked to disconnect before the REGDOM events
have been received. Avoid this by waiting for the REGDOM events for the
init=COUNTRY_IE case before disconnecting.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This adds some minimal testing for Multi-BSS connection attempts. The
part for nontransmitted BSS is limited since hostapd/mac80211 does not
yet have sufficient support for Multi-BSS in AP mode.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Perform detailed tests with OCV enabled, for both the 4-way and group
key handshakes. These tests include establishing a working connection
with OCV enabled, assuring that a STA without OCV enabled can still
connect to a STA with OCV enabled (and vice versa), verifying that
invalid OCI elements get silently ignored, verifying that missing OCI
elements are reported, and so on.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
parallel-vm.py has obsoleted this a long time ago and there is no need
to maintain two scripts for doing more or less the same thing.
Signed-off-by: Jouni Malinen <j@w1.fi>
Now that hostapd starts mandating PMF for Hotspot 2.0 Release 2
association, this test case needs some more tweaks to work. Hardcode
Hotspot 2.0 Release 1 to be used and disable PMF explicitly.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The Beacon loss event was not reported anymore, so remove that as an
unnecessary step in the test case. In addition, check the key_mgmt
values explicitly.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is needed to meet the Hotspot 2.0 Release 2 requirement for the
third station that is actually using RSN.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Match the implementation change to fix the test cases that verified a
specific Hotspot 2.0 release number indication.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is a regression test case for a potential NULL pointer
dereferencing fixed in the previous commit.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This verifies that radio measurement capabilities are negotiated
correctly for the reassociation cases with and without FT.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no point in building this tarball in /tmp that is on the
ramdisk of the VM since it will go away when the VM exits.
Signed-off-by: Jouni Malinen <j@w1.fi>
The call to remove_group() may fail, in which case all following
cleanup is skipped. This may result in failing many tests since
cleanup did not complete successfully.
Fix this by calling remove_group() after other cleanup is done so
even it fails it will not affect the following tests.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Implement ECDSA signing functionality in the Python test script for
generating a valid signedConnector. This allows coverage of DPP config
object testing to be increased more easily.
Signed-off-by: Jouni Malinen <j@w1.fi>
Based on Jouni Malinen's [76055b4c6 "tests: D-Bus Get/Set Pmf"], modified
to use the correct "s" signature for the "Pmf" property.
Removed the negative test cases, because the synthesized property doens't
seem to do error checking upon being set.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
The hwsim's start.sh script spawns hostapd process using "sudo".
Since sudo forks a child process, $! holds the pid of sudo itself.
Fix that by storing the PID of the child process instead.
Since in VM "sudo" is replaced with a dummy script, pass an additional
argument to run-all.sh and start.sh scripts to indicate that they are
running inside a VM.
This is needed to fix ap_config_reload and ap_config_reload_file test
cases on some platforms where sudo is apparently not relaying the
signals properly.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In ap_acl_deny test, the AP doesn't send probe responses during scan due
to ACL reject. As the result, dev[0] might miss the AP's Beacon frame
because the dwell time is too short. Make the test more robust and
trigger passive scan, and by that increase the probability of hearing
the AP.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
The OSU Providers List includes two providers, so there should be two
OSU_METHOD values listed just like there was two OSU_SERVER_URI URLs.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is needed to allow sigma_dut to enable ap_isolate=1. In addition,
verify that the two associated STAs with RSN(EAP) and OSEN cannot
exchange frames between them.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
P2P related configuration should be done on a global control interface.
This way this test can be reused also when a dedicated P2P device
interface is used.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
It looks like tshark parser was broken at some point for
wlan.mesh.config.cap which is now (tshark 2.6.3) pointing to incorrect
field (same as wlan.mesh.config.ps_protocol). This used to work with
tshark 2.2.6.
For now, assume the capability field ends up being the last octet of the
frame.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It looks like at least tshark 2.6.3 uses a different error message for
unknown display filter fields:
tshark: Neither "wlan_mgt.fixed.category_code" nor "4" are field or protocol names.
and a different status exit code (2 instead of 1).
Add a new handler for this combination to allow automatic wlan_mgt to
wlan conversion to happen.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test starts two identical APs and assumes a connection to the first
one, though it is not necessary true. Fix that by starting the second AP
only after the connection is established.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This test case had an error that hit an unexpected disconnection. Add an
explicit check to verify that this does not happen anymore.
Signed-off-by: Jouni Malinen <j@w1.fi>
The channel configuration in CHAN_SWITCH command was incorrect. This
resulted in switching to HT40+ channel, while announcing HT40- in the
secondary channel IE. This caused a disconnection after the channel
switch. Fix that.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Verify that PMF does not end up reporting unexpected status code 30
(temporary rejection; SA Query).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This verifies that wpa_supplicant and hostapd behave consistently with
PMKSA caching when Suite B AKMs end up deriving a new PMKID from each
4-way handshake.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is a regression test case for a memory leak on DPP_CONFIGURATOR_ADD
error path in dpp_keygen_configurator() when an unsupported curve is
specified.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify that the automatically generated network profile is able to
connect to a non-FT network automatically after having used FT for the
first connection.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify that EAP-AKA' client rejects Challenge with an appended AT_KDF
and a modified AT_KDF value during KDF negotiation.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Check that the @1@ macro gets replaced correctly both when in the middle
and when in the end of the URL template.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is needed with the modified hostapd implementation to fix the
ap_hs20_terms_and_conditions* test cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It is easier to understand the hostapd debug log here if each step is
noted there before starting the wpa_supplicant operation. In addition,
it looks safer to process all pending event messages between each step
to avoid running out of any buffer limits.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This test case verifies that wpa_supplicant is able to perform CSA to a
VHT80 channel when having to move the GO due to an avoid-frequencies
driver event.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The implementation changes in hostapd FT error path handling in the
follow commit would result in ap_ft_ap_oom7 test case failing. This is
triggered partially by PMF protections and SA Query attempts, so it
looks like it is easier to split each failure case into a separate test
case.
Signed-off-by: Jouni Malinen <j@w1.fi>
Couple of "invalid value" tests started to fail now that mac80211_hwsim
actually accepts power save configuration. Fix these by running the same
command for more code coverage, but in a way that ignores the result of
the operation (succeeds with older kernel versions and fails with
newer).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
For testing purposes, enable TLS v1.3 in the authentication server so
that the protocol version can be controlled from wpa_supplicant side
more easily.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like OpenSSL 1.1.1 accepted the openssl_ciphers=FOO test
configuration or well, at least does not reject it like previous
versions did. For now, ignore this failure.
Signed-off-by: Jouni Malinen <j@w1.fi>
RC4-SHA cipher case ended up allowing the handshake to be started just
to fail with "no ciphers available" when trying to generate ClientHello.
Fix this by handling an EAP failure case for the RC4-SHA test step with
OpenSSL 1.1.*.
Signed-off-by: Jouni Malinen <j@w1.fi>
Verify that the AP initialization failure is reported back to
wpa_supplicant also when the initialization is complete in a callback.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
time.sleep() in run_roams() is required because the target AP sets the
key once the station was associated. There are races, when the station
processes the (Re)Association Response frame AND the test suite starts
FT_DS before the AP processes its local confirmation and thus
wpa_auth_sm_event(ASSOC_FT). Therefore, the ActionFrame will be lost, as
the AP driver is missing the key.
Since this is this speed is highly synthetic, wait a few milliseconds
before roaming back.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This is a regression test for a sequence where wpa_supplicant interface
MAC address is changed externally and the ifdown-ifup sequence is
processed only after the interface has already been set UP.
Signed-off-by: Jouni Malinen <j@w1.fi>
Test the hostapd venue_url configuration parameter. In addition, fix the
previous defined gas_anqp_venue_url test case to use correct encoding of
the Venue URL ANQP-element payload (URLs were missing and Venue Number
was off-by-one).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This test case uses EAP-MSCHAPv2 within the PEAP tunnel, so verify that
the build includes support for that before running the test.
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
Enable appropriate Suite B test cases with BoringSSL. Currently, this
means enabling only the 192-bit level ECDSA and ECDHE-RSA since
BoringSSL has removed support for DHE and there is no need to support
128-bit level ECDSA anymore.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
On Fedora 26, start.sh fails with these error messages.
Failed to connect to wpa_supplicant global interface: /tmp/wpas-wlan0 error: Permission denied
Failed to connect to wpa_supplicant global interface: /tmp/wpas-wlan0 error: Permission denied
...
This is because Fedora 26 uses "wheel" group as administrative group.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This is used in the tests, too, and was already covered by the build.sh
script, but not this README file.
Signed-off-by: Vasyl Vavrychuk <vvavrychuk@gmail.com>
Clear the model_name parameter back to the default (empty string) at the
beginning and the end of dbus_set_global_properties to avoid failures if
the test case is run multiple times.
Signed-off-by: Jouni Malinen <j@w1.fi>
Ignore any unexpected deviceLost event before the peer devices has been
discovered. This works around issues where the previous test case
terminates before the D-Bus events have been fully delivered. This could
happen, e.g., when running dbus_p2p_discovery twice in a row.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for the configuration exchange to complete before issuing the
DPP_STOP_LISTEN command to avoid confusing sequence of operation between
the ongoing and immediately following DPP exchanges.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Fix bssid2 value to make scanning more reliable for the second OWE BSS.
In addition, reorder the STA status checks to happen before the data
connectivity check to get more accurate failure reason into the log if
the test case fails.
Signed-off-by: Jouni Malinen <j@w1.fi>
Linux kernel commit c9491367b759 ("mac80211: always update the PM state
of a peer on MGMT / DATA frames") enforces the AP to check only
mgmt/data frames PM bit, and to update station's power save accordingly.
When sending only a PS-Poll (control frame) the AP will ignore the PM
bit. As the result, the partial virtual bitmap will not be updated, and
the test ap_open_disconnect_in_ps will fail on tshark check. Since the
test needs only the TIM to be updated, setting PS enabled will send NDP
that will signal that the station is sleeping. Sending PS-Poll to enable
power save is not correct, according to the following standard
statement: "A PS-Poll frame exchange does not necessarily result in an
Ack frame from the AP, so a non-AP STA cannot change power management
mode using a PS-Poll frame."
Signed-off-by: Adiel Aloni <adiel.aloni@intel.com>
This does not really work with mac80211_hwsim due to missing offload
support, but at least some minimal extra code coverage can be achieved.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This makes it a bit clearer to see which parameters need to be modified
if the test vector needs to be recreated based on new values.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify that PMF can be marked required OWE networks and verify that a
station in transition mode can connect to an open network.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify that unexpected 2048-bit RSA client certificate gets rejected by
the RADIUS server if the server is configured to use Suite B at 192-bit
level.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify that unexpected p256 client certificate gets rejected if the
server is configured to use Suite B at 192-bit level.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
PMF is supposed to be enabled automatically in sigma_dut, so remove
the explicit argument to do so from the commands.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
All SAE and OWE associations are expected to require PMF to be
negotiated, so enable or require PMF in AP and STA configurations
accordingly to match the new sigma_dut behavior.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
GnuTLS seems to require the intermediate CA certificate to be included
both in the ca_cert and client_cert file for the cases of server and
client certificates using different intermediate CA certificates. Use
the user_and_ica.pem file with GnuTLS builds and reorder the
certificates in that file to make this work with GnuTLS.
Signed-off-by: Jouni Malinen <j@w1.fi>
Check for unexpected connection to avoid timeout on TLS alert event if
the implementation does not check DH key size at all.
Signed-off-by: Jouni Malinen <j@w1.fi>
Need to ignore missing RX-ANQP event for the FILS Realm Info if
wpa_supplicant build does not include FILS support.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for test/allocation failure for longer than the wait_fail_trigger()
default two seconds to allow DPP (in particular, PKEX) retransmission to
occur. This removes some issues where the previous wait was more or less
exactly the same duration as the retransmission interval and the first
Listen operation not always starting quickly enough to receive the first
frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
When executing ./start.sh with OpenSSL 1.1.0f, an OCSP operation fails.
Put "-sha256" ahead of "-serial" to fix this.
~# openssl version
OpenSSL 1.1.0f 25 May 2017
~# openssl ocsp -reqout /lkp/benchmarks/hwsim/tests/hwsim/logs/current/ocsp-req.der -issuer /lkp/benchmarks/hwsim/tests/hwsim/auth_serv/ca.pem -serial 0xD8D3E3A6CBE3CD12 -no_nonce -sha256
ocsp: Digest must be before -cert or -serial
ocsp: Use -help for summary.
~# openssl ocsp -reqout /lkp/benchmarks/hwsim/tests/hwsim/logs/current/ocsp-req.der -issuer /lkp/benchmarks/hwsim/tests/hwsim/auth_serv/ca.pem -sha256 -serial 0xD8D3E3A6CBE3CD12 -no_nonce
Signed-off-by: leishaoting <leist.fnst@cn.fujitsu.com>
Do not include this argument in normal case, but add a test case to
cover the special extra check case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This test case is not really realistic and the second connection attempt
would fail if additional AES-based ciphers get provisioned. Work this
around by dropping to CCMP only if other ciphers are present.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed to avoid false errors with GCMP-256 and CCMP-256 to be
added in the implementation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The kernel started enforcing attribute lengths, and nl80211.py had been
doing it all wrong - the padding must be present, but not part of the
length.
Fix it to do it the right way.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
These test cases were failing when run immediately after
dpp_pkex_test_fail. It looks like timing of the TX status and the short
eloop wait were getting reordered in this cases. This ended up with some
of the DPP-TX-STATUS event messages missing. Instead of explicitly
checking for those message, simply count the number of DPP-TX messages
to verify that the correct number of retries are being sent.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Fix problem when running ap_ft test cases with real HW using remote
tests and hwsim wrapper by using the newer hostapd.app_ap() API.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
These VHT160 with DFS cases were in a single test case to optimize test
execution time with parallel wait for the 60 second CAC. However, this
design has become difficult to support with the kernel changes that
allow radar events to be shared between interfaces. To avoid need for
more workarounds here just for testing purposes, split this into two
test cases so that conflicting events from another interface do not
cause the test case to fail.
Signed-off-by: Jouni Malinen <j@w1.fi>
These DFS radar detection cases were in a single test case to optimize
test execution time with parallel wait for the 60 second CAC. However,
this design has become difficult to support with the kernel changes that
allow radar events to be shared between interfaces. To avoid need for
more workarounds here just for testing purposes, split this into two
test cases so that conflicting events from another interface do not
cause the test case to fail.
Signed-off-by: Jouni Malinen <j@w1.fi>
mac80211_hwsim module typically dumps a lot of details into the kernel
message buffer. While it's probably okay in a dedicated VM, it's way too
chatty in other setups.
The kernel allows fine-tuning logging via the dynamic debugging
facility. Let's enable all logging locations in the mac80211_hwsim
module so that we don't loose debugging output when the kernel adopts
the dynamic debug mechanism for the driver.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
hostapd implementation was changed to use a valid Status Code when
rejecting the connection. This test case was forgotten at the time, but
it needs a matching change to allow the new value (1 instead of 14).
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows mesh_sae_groups_invalid and
wpas_mesh_secure_sae_group_negotiation to be run with BoringSSL (group
25 not available anymore).
Signed-off-by: Jouni Malinen <j@w1.fi>
Use absolute path name for configuration file to ensure the file can be
succesfully reloaded and read on SIGHUP signal. This is needed when
running the test case on host (i.e., not using a VM).
Signed-off-by: Sriram R <srirrama@qti.qualcomm.com>
Change the test condition from "is OpenSSL 1.0.2" to "is not OpenSSL
1.0.1", so that the TLSv1.2 test step gets executed with OpenSSL 1.0.2
and 1.1 (and newer).
Signed-off-by: Jouni Malinen <j@w1.fi>
Recent versions of tshark/wireshark renamed these fields, deal
with that in the tshark wrapper code.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Beacon more frequently since Probe Request frames are practically ignored
in this test setup (ext_mgmt_frame_handled=1 on hostapd side) and
wpa_supplicant scans may end up getting ignored if no new results are
available due to the missing Probe Response frames.
Signed-off-by: Jouni Malinen <j@w1.fi>
I find myself writing a version of this script every now and
then, but there's little point in that - just add one to the
tree so we can use it again.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
These test cases do not really verify any specific DUT behavior
automatically, i.e., these are here to generate sniffer captures for
manual analysis.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previous designed worked since wpa_supplicant did not track pending
request state. With such tracking added, this test case needs to make
sure there is a pending operation when injecting the invalid response.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. In addition, add a shell script (update.sh) and the
needed CA files to automate this full update process.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new wpa_supplicant network parameter group_mgmt can be used to
specify which group management ciphers (AES-128-CMAC, BIP-GMAC-128,
BIP-GMAC-256, BIP-CMAC-256) are allowed for the network. If not
specified, the current behavior is maintained (i.e., follow what the AP
advertises). The parameter can list multiple space separate ciphers.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There was a race condition on the sequence where iface.AbortScan() is
immediately followed by iface.Scan(). If the driver event
(NL80211_CMD_SCAN_ABORTED) arrived after the following new scan request,
the D-Bus operation failed. This is not what this test case is trying to
check, so wait for an indication of the previous scan having terminated
properly before issuing the next scan.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The STA can get disconnected event before the AP processed the
deauthentication frame, resulting in GET_FAIL command being sent too
early. Fix this by waiting for AP-STA-DISCONNECTED on AP side, too.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Import vht_supported from test_ap_vht to fix the following issue:
rrm_beacon_req_table_vht run failed: global name 'vht_supported' is not defined
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
This makes it easier to post-process frame capture files if frames need
to be decrypted in test cases that do not configure wlantest with the
PMK directly (i.e., mainly the cases when a RADIUS server is used).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Wait for the configuration step to complete before forcefully
terminating DPP listen. Previous version was causing failures for this
test case sequence:
dpp_qr_code_auth_initiator_enrollee dpp_pkex_config2
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
On slow machines or inside VM it may take some time for "DISCONNECTED"
event to arrive. Since the retry delay counter is started already, it
may result in less than 5 seconds time between "DISCONNECTED" and
"CONNECTED" events.
Fix the test by taking more accurate timestamps between the events.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Previously p2p_channel_drv_pref_* tests would fail
if dedicated P2P device is used, since the SET commands
were sent to incorrect interface.
Fix this by using a global control interface instead.
Signed-off-by: Adiel Aloni <adiel.aloni@intel.com>
We capture the dmesg that contains everything, but if a test
causes a kernel crash we will miss all logging at higher levels
like debug. Change the printk level to catch all of that too.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Lockdep no longer prints "INFO:" but now prints "WARNING:".
Also add the "*** DEADLOCK ***" string it usually prints so
if it changes again we can keep finding that string.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This test case verifies that both wpa_supplicant and hostapd are adding
a PMKSA cache entry based on FILS shared key authentication using ERP.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
sigma_dut can end up setting ignore_old_scan_res=1 and that can result
in some of the consecutive test cases failing. Fix this by explicitly
clearing ignore_old_scan_res after sigma_dut cases that may have ended
up setting the parameter.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is now needed from the control interface since the hardcoded
default value has been removed from the implementation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Introduction of the new base64 helper function changed the backtraces
for these OOM test cases and resulted in test failures. Update the test
scripts to work with the new implementation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for the BTM Request with no matching BSSIDs to cause
wpa_supplicant-initated roam to a better BSS (5 GHz band preferred) when
finding the second AP in a scan started by that BTM Request. This could
make the following step in the test case fail. Fix this by asking
another channel to be scanned to postpone discovery of the other AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it easier to synchronize log entries in the kernel log
(seconds from boot) and wpa_supplicant/hostapd (UNIX timestamp).
Signed-off-by: Jouni Malinen <j@w1.fi>
These test cases depend on ERP processing to reach the get_emsk handler
function. Since ERP really needs the realm to derive a proper
keyName-NAI, modify these test cases to pass the realm part in the
identity to allow error checking to be introduced for rejecting ERP
cases where the realm is not available.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previous fix to the OCSP request construction ended up finally
moving from SHA-1 -based hash to SHA-256 for OCSP test cases. To
maintain coverage for SHA-1, add cloned versions of the two test cases
so that both SHA-256 and SHA-1 cases get covered.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Fix the openssl ocsp command line and check if it returns an error - so
that instead of having something unusable later we error out
immediately. Moving the -sha256 argument earlier fixes hash function use
for the OCSP request generation (the old version used SHA-1).
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This updates the AP-to-AP keys to the longer form and OOM test case
functions to match the new implementation.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
The cfg80211 connect command extension to allow roaming request from
user space while connect was added to the kernel, so uncomment the
previously commented out TODO item to verify this behavior.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was apparently possible for the P2P_FIND operation to terminate
before the peer device was found. Increase the timeout to avoid this.
Signed-off-by: Jouni Malinen <j@w1.fi>
This function got renamed, so need to update the OOM test case to use
the new function name when matching backtrace information.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for the cfg80211 regulatory code to get confused if the
disconnection and user hint to set country code to 00 happened
immediately after the BTM-initiated roam. The country IE update seemed
to be performed just before the 00 user hint and that resulted in
cfg80211 intersecting the regulatory domains instead of clearing to 00.
This resulted in the following test cases being unable to set the
country code.
This happened with the following test case sequence:
wnm_bss_tm_scan_needed_e4 wnm_bss_tm_scan_not_needed
Signed-off-by: Jouni Malinen <j@w1.fi>
This is a test for a RANN functionality defined in IEEE Std 802.11-2016
14.10.12 Root announcement (RANN) mechanism.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
If wmediumd changes its SNR model, these tests need to be modified (ex.
previously SNR = 0 means disconnection, on the new model, SNR should be
-10 for disconnection). So use error probability model not to be
influenced by SNR model change.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Some wmediumd test cases requires new wmediumd features (mdified SNR
table, location-based config, and log levels). The wmediumd 0.2 does not
have these features, so skip such test cases with versions below 0.3.1.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Add success_expected argument to test_connectivity because the function
is expected to fail in some test cases.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This test case verifies that the specified channel is included in the
consecutive p2p_find scan iterations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a test for the configuration knobs exposed in the previous
patch; more precisely, add a test that creates an 80 MHz VHT
network through wpa_supplicant (without P2P).
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Verify that the AP responds to a BSS transition management query that
includes candidates unknown to the AP.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
The cellular data preference ANQP element subtype is now 2, so
fix the command to query the MBO cellular data preference.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Use a non-existing directory in the path to avoid SQLite from being able
to create a new database file. The previous design worked in the VM case
due to the host file system being read-only, but a bit more is needed
for the case when this is running on the host.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use the new hostapd.add_ap() API (i.e., pass the ap device as a
parameter instead of the interface name) in beacon report tests to
make them remote compatible, and mark them appropriately.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Use a local variable for the STA address instead of fetching it
separately for each operation. Dump control interface monitor events
between each test message to avoid increasing the socket output queue
unnecessarily.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The second AP is not really needed in this test case that verifies
parsing of various different BSs Transition Management Request frame
payloads.
Signed-off-by: Beni Lev <beni.lev@intel.com>
wnm_bss_tm_global uses an unknown country code to use Table E-4. Extend
that with otherwise identical test case wnm_bss_tm_global4, but with the
country string explicitly indicating use of Table E-4 while using a
known country code.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
OpenSSL.SSL.Connection.state_string() was replaced with
get_state_string() in pyopenssl. Add workaround code to be able to use
either of these names.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The send_eapol() calls for delivering frames to wpa_supplicant had a
copy-paste bug from the earlier hostapd cases. These were supposed to
use the BSSID, not the address of the station, as the source address.
The local address worked for most cases since it was practically
ignored, but this could prevent the race condition workaround for
association event from working. Fix this by using the correct source
address (BSSID).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies both the internal and external GSM authentication
operation when EAP-SIM is tunneled within EAP-TTLS/PEAP/FAST.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The test step for concurrent HTTP connections seems to be failing quite
frequently when running in a virtual machine with run-tests.py (but not
that much with kvm and vm-run.sh). The failures are due to only 8 or 9
sockets getting a response from the HTTP server. This is sufficient for
testing purposes, to drop the pass criterium from 10 to 8 concurrent
connections. This avoids unnecessary test failures and also allows the
rest of the test case to be performed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes proxyarp_open_ebtables and proxyarp_open_ebtables_ipv6 return
SKIP cleanly if the ebtables binary is not installed or does not work.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Wait one more second to make the test case less likely to fail while
still being able to verify that interim updates are performed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This test case was mistakenly leaving the country code FI configured at
the end which could result in issues with the following test cases. Fix
this by explicitly clearing the country code back to world roaming 00 at
the end of wpas_config_file.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Try the initial scan on the operating channel twice before claiming a
test failure. It is possible for an active scan to fail to see the GO
especially if running the test under heavy load.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There is now one fewer direct allocation call in this function, so the
counters need to be updated to avoid test failures.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies that the temporary STA entry timeout limit does not end up
breaking comeback_delay tests with values larger than five seconds.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This test case was triggering false failures with hostapd build that did
not include TEST_* commands.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is a regression test case for SIGSEGV in
wpa_supplicant_remove_iface() if the main interface is removed while a
separate mesh interface is in use.
Signed-off-by: Jouni Malinen <j@w1.fi>
The flush_scan_cache() operations in the finally part of these test
cases ended up getting called when the mesh group was still operating.
This could result in unexpected behavior due to offchannel scan being
performed before the device becomes idle. Clean this up by explicitly
removing the mesh group before cleaning up.
Signed-off-by: Jouni Malinen <j@w1.fi>
This kernel debugging option adds multiple seconds of extra latency to
interface removal operations. While this can be worked around by
increasing timeouts in number of test cases, there does not seem to be
any clean way of working around this for PMKSA cacheching test with
per-STA VIFs (e.g., pmksa_cache_preauth_vlan_used_per_sta_vif).
To avoid unnecessary test failures, remove CONFIG_DEBUG_KOBJECT_RELEASE
from the default config. If someone wants to test with this kernel debug
option, it can be enabled for custom kernel builds while understanding
that it can result in false failure reports and significantly extended
time needed to complete full testing run.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the kernel is built with CONFIG_DEBUG_KOBJECT_RELEASE=y, the cleanup
steps were taking so long that these test cases could fail.
Fix this by increasing the timeout to avoid reporting failures.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the kernel is built with CONFIG_DEBUG_KOBJECT_RELEASE=y, the hostapd
termination event for the wlan3 interface may be delayed beyond the
previous five second timeout. This could result in the test case failing
and the following test case failing as well due to the separate hostapd
process being still in the process of cleaning up.
Fix this by increasing the timeout to avoid forcing test termination in
such cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is useful for now since the IPv6 support for proxyarp is not yet
included in the upstream kernel. This allows the IPv4 test cases to pass
with the current upstream kernel while allowing the IPv6 test cases to
report SKIP instead of FAIL.
Signed-off-by: Jouni Malinen <j@w1.fi>
This describes example steps on how to get the VM testing setup with
parallel VMs configured with Ubuntu Server 16.04.1.
Signed-off-by: Jouni Malinen <j@w1.fi>
rrm_link_measurement and rrm_link_measurement_oom test cases were
causing incorrect failures when executed with a kernel version that does
not modify mac80211_hwsim to support TX power insertion. Fix this by
checking for that capability and skipping the test cases if the kernel
does not support this.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is a regression test for comeback delay values larger than
GAS_QUERY_TIMEOUT_PERIOD causing timeouts for the query.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When fixing the TK clearing on Authentication frame RX, an issue in
getting unicast frames through after re-joining the IBSS was hit. It is
not exactly clear why this happens, but the unicast frame from the STA
that re-joined the network gets lost in the frame reorder buffer of the
STA that remains in the network.
For now, this disables HT to avoid a strange issue with mac80211
frame reordering during the final test_connectivity() call. Once that is
figured out, these disable_ht=1 calls should be removed from the test
case.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like the previous mechanism for catching older tshark versions
for EAPOL-Key key info field was not sufficient. Fix that to cover the
version used in Ubuntu 14.04.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a new test that tests connectivity between two stations that
can't reach each other directly in the mesh, but need forwarding
on another station to talk to each other.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The request from the AP was encoded incorrectly for this test case and
an active scan was requested instead of the passive one that was
supposed to be used here.
Signed-off-by: Jouni Malinen <j@w1.fi>
Replace the TEST_ALLOC function wpas_beacon_rep_no_results with an
earlier function in the backtrace and wpabuf_resize() in preparation to
a code change that allows the compiler to optimize out
wpas_beacon_rep_no_results().
Signed-off-by: Jouni Malinen <j@w1.fi>
The channel switch command is intended for the GO interface, but
it was not sent on the group control interface. For configurations
that use a separate interface for P2P groups, this will fail the test.
Fix this by sending the channel switch command on the group control
interface and waiting for the channel switch event on the group
control interface.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>