The implementation changes in hostapd FT error path handling in the
follow commit would result in ap_ft_ap_oom7 test case failing. This is
triggered partially by PMF protections and SA Query attempts, so it
looks like it is easier to split each failure case into a separate test
case.
Signed-off-by: Jouni Malinen <j@w1.fi>
Couple of "invalid value" tests started to fail now that mac80211_hwsim
actually accepts power save configuration. Fix these by running the same
command for more code coverage, but in a way that ignores the result of
the operation (succeeds with older kernel versions and fails with
newer).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
For testing purposes, enable TLS v1.3 in the authentication server so
that the protocol version can be controlled from wpa_supplicant side
more easily.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like OpenSSL 1.1.1 accepted the openssl_ciphers=FOO test
configuration or well, at least does not reject it like previous
versions did. For now, ignore this failure.
Signed-off-by: Jouni Malinen <j@w1.fi>
RC4-SHA cipher case ended up allowing the handshake to be started just
to fail with "no ciphers available" when trying to generate ClientHello.
Fix this by handling an EAP failure case for the RC4-SHA test step with
OpenSSL 1.1.*.
Signed-off-by: Jouni Malinen <j@w1.fi>
Verify that the AP initialization failure is reported back to
wpa_supplicant also when the initialization is complete in a callback.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
time.sleep() in run_roams() is required because the target AP sets the
key once the station was associated. There are races, when the station
processes the (Re)Association Response frame AND the test suite starts
FT_DS before the AP processes its local confirmation and thus
wpa_auth_sm_event(ASSOC_FT). Therefore, the ActionFrame will be lost, as
the AP driver is missing the key.
Since this is this speed is highly synthetic, wait a few milliseconds
before roaming back.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This is a regression test for a sequence where wpa_supplicant interface
MAC address is changed externally and the ifdown-ifup sequence is
processed only after the interface has already been set UP.
Signed-off-by: Jouni Malinen <j@w1.fi>
Test the hostapd venue_url configuration parameter. In addition, fix the
previous defined gas_anqp_venue_url test case to use correct encoding of
the Venue URL ANQP-element payload (URLs were missing and Venue Number
was off-by-one).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This test case uses EAP-MSCHAPv2 within the PEAP tunnel, so verify that
the build includes support for that before running the test.
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
Enable appropriate Suite B test cases with BoringSSL. Currently, this
means enabling only the 192-bit level ECDSA and ECDHE-RSA since
BoringSSL has removed support for DHE and there is no need to support
128-bit level ECDSA anymore.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
On Fedora 26, start.sh fails with these error messages.
Failed to connect to wpa_supplicant global interface: /tmp/wpas-wlan0 error: Permission denied
Failed to connect to wpa_supplicant global interface: /tmp/wpas-wlan0 error: Permission denied
...
This is because Fedora 26 uses "wheel" group as administrative group.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This is used in the tests, too, and was already covered by the build.sh
script, but not this README file.
Signed-off-by: Vasyl Vavrychuk <vvavrychuk@gmail.com>
Clear the model_name parameter back to the default (empty string) at the
beginning and the end of dbus_set_global_properties to avoid failures if
the test case is run multiple times.
Signed-off-by: Jouni Malinen <j@w1.fi>
Ignore any unexpected deviceLost event before the peer devices has been
discovered. This works around issues where the previous test case
terminates before the D-Bus events have been fully delivered. This could
happen, e.g., when running dbus_p2p_discovery twice in a row.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for the configuration exchange to complete before issuing the
DPP_STOP_LISTEN command to avoid confusing sequence of operation between
the ongoing and immediately following DPP exchanges.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Fix bssid2 value to make scanning more reliable for the second OWE BSS.
In addition, reorder the STA status checks to happen before the data
connectivity check to get more accurate failure reason into the log if
the test case fails.
Signed-off-by: Jouni Malinen <j@w1.fi>
Linux kernel commit c9491367b759 ("mac80211: always update the PM state
of a peer on MGMT / DATA frames") enforces the AP to check only
mgmt/data frames PM bit, and to update station's power save accordingly.
When sending only a PS-Poll (control frame) the AP will ignore the PM
bit. As the result, the partial virtual bitmap will not be updated, and
the test ap_open_disconnect_in_ps will fail on tshark check. Since the
test needs only the TIM to be updated, setting PS enabled will send NDP
that will signal that the station is sleeping. Sending PS-Poll to enable
power save is not correct, according to the following standard
statement: "A PS-Poll frame exchange does not necessarily result in an
Ack frame from the AP, so a non-AP STA cannot change power management
mode using a PS-Poll frame."
Signed-off-by: Adiel Aloni <adiel.aloni@intel.com>
This does not really work with mac80211_hwsim due to missing offload
support, but at least some minimal extra code coverage can be achieved.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This makes it a bit clearer to see which parameters need to be modified
if the test vector needs to be recreated based on new values.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify that PMF can be marked required OWE networks and verify that a
station in transition mode can connect to an open network.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify that unexpected 2048-bit RSA client certificate gets rejected by
the RADIUS server if the server is configured to use Suite B at 192-bit
level.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify that unexpected p256 client certificate gets rejected if the
server is configured to use Suite B at 192-bit level.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
PMF is supposed to be enabled automatically in sigma_dut, so remove
the explicit argument to do so from the commands.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
All SAE and OWE associations are expected to require PMF to be
negotiated, so enable or require PMF in AP and STA configurations
accordingly to match the new sigma_dut behavior.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
GnuTLS seems to require the intermediate CA certificate to be included
both in the ca_cert and client_cert file for the cases of server and
client certificates using different intermediate CA certificates. Use
the user_and_ica.pem file with GnuTLS builds and reorder the
certificates in that file to make this work with GnuTLS.
Signed-off-by: Jouni Malinen <j@w1.fi>
Check for unexpected connection to avoid timeout on TLS alert event if
the implementation does not check DH key size at all.
Signed-off-by: Jouni Malinen <j@w1.fi>
Need to ignore missing RX-ANQP event for the FILS Realm Info if
wpa_supplicant build does not include FILS support.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for test/allocation failure for longer than the wait_fail_trigger()
default two seconds to allow DPP (in particular, PKEX) retransmission to
occur. This removes some issues where the previous wait was more or less
exactly the same duration as the retransmission interval and the first
Listen operation not always starting quickly enough to receive the first
frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
When executing ./start.sh with OpenSSL 1.1.0f, an OCSP operation fails.
Put "-sha256" ahead of "-serial" to fix this.
~# openssl version
OpenSSL 1.1.0f 25 May 2017
~# openssl ocsp -reqout /lkp/benchmarks/hwsim/tests/hwsim/logs/current/ocsp-req.der -issuer /lkp/benchmarks/hwsim/tests/hwsim/auth_serv/ca.pem -serial 0xD8D3E3A6CBE3CD12 -no_nonce -sha256
ocsp: Digest must be before -cert or -serial
ocsp: Use -help for summary.
~# openssl ocsp -reqout /lkp/benchmarks/hwsim/tests/hwsim/logs/current/ocsp-req.der -issuer /lkp/benchmarks/hwsim/tests/hwsim/auth_serv/ca.pem -sha256 -serial 0xD8D3E3A6CBE3CD12 -no_nonce
Signed-off-by: leishaoting <leist.fnst@cn.fujitsu.com>
Do not include this argument in normal case, but add a test case to
cover the special extra check case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This test case is not really realistic and the second connection attempt
would fail if additional AES-based ciphers get provisioned. Work this
around by dropping to CCMP only if other ciphers are present.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed to avoid false errors with GCMP-256 and CCMP-256 to be
added in the implementation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The kernel started enforcing attribute lengths, and nl80211.py had been
doing it all wrong - the padding must be present, but not part of the
length.
Fix it to do it the right way.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
These test cases were failing when run immediately after
dpp_pkex_test_fail. It looks like timing of the TX status and the short
eloop wait were getting reordered in this cases. This ended up with some
of the DPP-TX-STATUS event messages missing. Instead of explicitly
checking for those message, simply count the number of DPP-TX messages
to verify that the correct number of retries are being sent.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Fix problem when running ap_ft test cases with real HW using remote
tests and hwsim wrapper by using the newer hostapd.app_ap() API.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
These VHT160 with DFS cases were in a single test case to optimize test
execution time with parallel wait for the 60 second CAC. However, this
design has become difficult to support with the kernel changes that
allow radar events to be shared between interfaces. To avoid need for
more workarounds here just for testing purposes, split this into two
test cases so that conflicting events from another interface do not
cause the test case to fail.
Signed-off-by: Jouni Malinen <j@w1.fi>
These DFS radar detection cases were in a single test case to optimize
test execution time with parallel wait for the 60 second CAC. However,
this design has become difficult to support with the kernel changes that
allow radar events to be shared between interfaces. To avoid need for
more workarounds here just for testing purposes, split this into two
test cases so that conflicting events from another interface do not
cause the test case to fail.
Signed-off-by: Jouni Malinen <j@w1.fi>
mac80211_hwsim module typically dumps a lot of details into the kernel
message buffer. While it's probably okay in a dedicated VM, it's way too
chatty in other setups.
The kernel allows fine-tuning logging via the dynamic debugging
facility. Let's enable all logging locations in the mac80211_hwsim
module so that we don't loose debugging output when the kernel adopts
the dynamic debug mechanism for the driver.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
hostapd implementation was changed to use a valid Status Code when
rejecting the connection. This test case was forgotten at the time, but
it needs a matching change to allow the new value (1 instead of 14).
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows mesh_sae_groups_invalid and
wpas_mesh_secure_sae_group_negotiation to be run with BoringSSL (group
25 not available anymore).
Signed-off-by: Jouni Malinen <j@w1.fi>
Use absolute path name for configuration file to ensure the file can be
succesfully reloaded and read on SIGHUP signal. This is needed when
running the test case on host (i.e., not using a VM).
Signed-off-by: Sriram R <srirrama@qti.qualcomm.com>
Change the test condition from "is OpenSSL 1.0.2" to "is not OpenSSL
1.0.1", so that the TLSv1.2 test step gets executed with OpenSSL 1.0.2
and 1.1 (and newer).
Signed-off-by: Jouni Malinen <j@w1.fi>
Recent versions of tshark/wireshark renamed these fields, deal
with that in the tshark wrapper code.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Beacon more frequently since Probe Request frames are practically ignored
in this test setup (ext_mgmt_frame_handled=1 on hostapd side) and
wpa_supplicant scans may end up getting ignored if no new results are
available due to the missing Probe Response frames.
Signed-off-by: Jouni Malinen <j@w1.fi>
I find myself writing a version of this script every now and
then, but there's little point in that - just add one to the
tree so we can use it again.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
These test cases do not really verify any specific DUT behavior
automatically, i.e., these are here to generate sniffer captures for
manual analysis.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previous designed worked since wpa_supplicant did not track pending
request state. With such tracking added, this test case needs to make
sure there is a pending operation when injecting the invalid response.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. In addition, add a shell script (update.sh) and the
needed CA files to automate this full update process.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new wpa_supplicant network parameter group_mgmt can be used to
specify which group management ciphers (AES-128-CMAC, BIP-GMAC-128,
BIP-GMAC-256, BIP-CMAC-256) are allowed for the network. If not
specified, the current behavior is maintained (i.e., follow what the AP
advertises). The parameter can list multiple space separate ciphers.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There was a race condition on the sequence where iface.AbortScan() is
immediately followed by iface.Scan(). If the driver event
(NL80211_CMD_SCAN_ABORTED) arrived after the following new scan request,
the D-Bus operation failed. This is not what this test case is trying to
check, so wait for an indication of the previous scan having terminated
properly before issuing the next scan.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The STA can get disconnected event before the AP processed the
deauthentication frame, resulting in GET_FAIL command being sent too
early. Fix this by waiting for AP-STA-DISCONNECTED on AP side, too.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Import vht_supported from test_ap_vht to fix the following issue:
rrm_beacon_req_table_vht run failed: global name 'vht_supported' is not defined
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
This makes it easier to post-process frame capture files if frames need
to be decrypted in test cases that do not configure wlantest with the
PMK directly (i.e., mainly the cases when a RADIUS server is used).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Wait for the configuration step to complete before forcefully
terminating DPP listen. Previous version was causing failures for this
test case sequence:
dpp_qr_code_auth_initiator_enrollee dpp_pkex_config2
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
On slow machines or inside VM it may take some time for "DISCONNECTED"
event to arrive. Since the retry delay counter is started already, it
may result in less than 5 seconds time between "DISCONNECTED" and
"CONNECTED" events.
Fix the test by taking more accurate timestamps between the events.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Previously p2p_channel_drv_pref_* tests would fail
if dedicated P2P device is used, since the SET commands
were sent to incorrect interface.
Fix this by using a global control interface instead.
Signed-off-by: Adiel Aloni <adiel.aloni@intel.com>
We capture the dmesg that contains everything, but if a test
causes a kernel crash we will miss all logging at higher levels
like debug. Change the printk level to catch all of that too.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Lockdep no longer prints "INFO:" but now prints "WARNING:".
Also add the "*** DEADLOCK ***" string it usually prints so
if it changes again we can keep finding that string.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This test case verifies that both wpa_supplicant and hostapd are adding
a PMKSA cache entry based on FILS shared key authentication using ERP.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
sigma_dut can end up setting ignore_old_scan_res=1 and that can result
in some of the consecutive test cases failing. Fix this by explicitly
clearing ignore_old_scan_res after sigma_dut cases that may have ended
up setting the parameter.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is now needed from the control interface since the hardcoded
default value has been removed from the implementation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Introduction of the new base64 helper function changed the backtraces
for these OOM test cases and resulted in test failures. Update the test
scripts to work with the new implementation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for the BTM Request with no matching BSSIDs to cause
wpa_supplicant-initated roam to a better BSS (5 GHz band preferred) when
finding the second AP in a scan started by that BTM Request. This could
make the following step in the test case fail. Fix this by asking
another channel to be scanned to postpone discovery of the other AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it easier to synchronize log entries in the kernel log
(seconds from boot) and wpa_supplicant/hostapd (UNIX timestamp).
Signed-off-by: Jouni Malinen <j@w1.fi>
These test cases depend on ERP processing to reach the get_emsk handler
function. Since ERP really needs the realm to derive a proper
keyName-NAI, modify these test cases to pass the realm part in the
identity to allow error checking to be introduced for rejecting ERP
cases where the realm is not available.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previous fix to the OCSP request construction ended up finally
moving from SHA-1 -based hash to SHA-256 for OCSP test cases. To
maintain coverage for SHA-1, add cloned versions of the two test cases
so that both SHA-256 and SHA-1 cases get covered.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Fix the openssl ocsp command line and check if it returns an error - so
that instead of having something unusable later we error out
immediately. Moving the -sha256 argument earlier fixes hash function use
for the OCSP request generation (the old version used SHA-1).
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This updates the AP-to-AP keys to the longer form and OOM test case
functions to match the new implementation.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
The cfg80211 connect command extension to allow roaming request from
user space while connect was added to the kernel, so uncomment the
previously commented out TODO item to verify this behavior.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was apparently possible for the P2P_FIND operation to terminate
before the peer device was found. Increase the timeout to avoid this.
Signed-off-by: Jouni Malinen <j@w1.fi>
This function got renamed, so need to update the OOM test case to use
the new function name when matching backtrace information.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for the cfg80211 regulatory code to get confused if the
disconnection and user hint to set country code to 00 happened
immediately after the BTM-initiated roam. The country IE update seemed
to be performed just before the 00 user hint and that resulted in
cfg80211 intersecting the regulatory domains instead of clearing to 00.
This resulted in the following test cases being unable to set the
country code.
This happened with the following test case sequence:
wnm_bss_tm_scan_needed_e4 wnm_bss_tm_scan_not_needed
Signed-off-by: Jouni Malinen <j@w1.fi>
This is a test for a RANN functionality defined in IEEE Std 802.11-2016
14.10.12 Root announcement (RANN) mechanism.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
If wmediumd changes its SNR model, these tests need to be modified (ex.
previously SNR = 0 means disconnection, on the new model, SNR should be
-10 for disconnection). So use error probability model not to be
influenced by SNR model change.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Some wmediumd test cases requires new wmediumd features (mdified SNR
table, location-based config, and log levels). The wmediumd 0.2 does not
have these features, so skip such test cases with versions below 0.3.1.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Add success_expected argument to test_connectivity because the function
is expected to fail in some test cases.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This test case verifies that the specified channel is included in the
consecutive p2p_find scan iterations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a test for the configuration knobs exposed in the previous
patch; more precisely, add a test that creates an 80 MHz VHT
network through wpa_supplicant (without P2P).
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Verify that the AP responds to a BSS transition management query that
includes candidates unknown to the AP.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
The cellular data preference ANQP element subtype is now 2, so
fix the command to query the MBO cellular data preference.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Use a non-existing directory in the path to avoid SQLite from being able
to create a new database file. The previous design worked in the VM case
due to the host file system being read-only, but a bit more is needed
for the case when this is running on the host.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use the new hostapd.add_ap() API (i.e., pass the ap device as a
parameter instead of the interface name) in beacon report tests to
make them remote compatible, and mark them appropriately.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Use a local variable for the STA address instead of fetching it
separately for each operation. Dump control interface monitor events
between each test message to avoid increasing the socket output queue
unnecessarily.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The second AP is not really needed in this test case that verifies
parsing of various different BSs Transition Management Request frame
payloads.
Signed-off-by: Beni Lev <beni.lev@intel.com>
wnm_bss_tm_global uses an unknown country code to use Table E-4. Extend
that with otherwise identical test case wnm_bss_tm_global4, but with the
country string explicitly indicating use of Table E-4 while using a
known country code.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
OpenSSL.SSL.Connection.state_string() was replaced with
get_state_string() in pyopenssl. Add workaround code to be able to use
either of these names.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The send_eapol() calls for delivering frames to wpa_supplicant had a
copy-paste bug from the earlier hostapd cases. These were supposed to
use the BSSID, not the address of the station, as the source address.
The local address worked for most cases since it was practically
ignored, but this could prevent the race condition workaround for
association event from working. Fix this by using the correct source
address (BSSID).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies both the internal and external GSM authentication
operation when EAP-SIM is tunneled within EAP-TTLS/PEAP/FAST.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The test step for concurrent HTTP connections seems to be failing quite
frequently when running in a virtual machine with run-tests.py (but not
that much with kvm and vm-run.sh). The failures are due to only 8 or 9
sockets getting a response from the HTTP server. This is sufficient for
testing purposes, to drop the pass criterium from 10 to 8 concurrent
connections. This avoids unnecessary test failures and also allows the
rest of the test case to be performed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes proxyarp_open_ebtables and proxyarp_open_ebtables_ipv6 return
SKIP cleanly if the ebtables binary is not installed or does not work.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Wait one more second to make the test case less likely to fail while
still being able to verify that interim updates are performed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This test case was mistakenly leaving the country code FI configured at
the end which could result in issues with the following test cases. Fix
this by explicitly clearing the country code back to world roaming 00 at
the end of wpas_config_file.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Try the initial scan on the operating channel twice before claiming a
test failure. It is possible for an active scan to fail to see the GO
especially if running the test under heavy load.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There is now one fewer direct allocation call in this function, so the
counters need to be updated to avoid test failures.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies that the temporary STA entry timeout limit does not end up
breaking comeback_delay tests with values larger than five seconds.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This test case was triggering false failures with hostapd build that did
not include TEST_* commands.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is a regression test case for SIGSEGV in
wpa_supplicant_remove_iface() if the main interface is removed while a
separate mesh interface is in use.
Signed-off-by: Jouni Malinen <j@w1.fi>
The flush_scan_cache() operations in the finally part of these test
cases ended up getting called when the mesh group was still operating.
This could result in unexpected behavior due to offchannel scan being
performed before the device becomes idle. Clean this up by explicitly
removing the mesh group before cleaning up.
Signed-off-by: Jouni Malinen <j@w1.fi>
This kernel debugging option adds multiple seconds of extra latency to
interface removal operations. While this can be worked around by
increasing timeouts in number of test cases, there does not seem to be
any clean way of working around this for PMKSA cacheching test with
per-STA VIFs (e.g., pmksa_cache_preauth_vlan_used_per_sta_vif).
To avoid unnecessary test failures, remove CONFIG_DEBUG_KOBJECT_RELEASE
from the default config. If someone wants to test with this kernel debug
option, it can be enabled for custom kernel builds while understanding
that it can result in false failure reports and significantly extended
time needed to complete full testing run.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the kernel is built with CONFIG_DEBUG_KOBJECT_RELEASE=y, the cleanup
steps were taking so long that these test cases could fail.
Fix this by increasing the timeout to avoid reporting failures.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the kernel is built with CONFIG_DEBUG_KOBJECT_RELEASE=y, the hostapd
termination event for the wlan3 interface may be delayed beyond the
previous five second timeout. This could result in the test case failing
and the following test case failing as well due to the separate hostapd
process being still in the process of cleaning up.
Fix this by increasing the timeout to avoid forcing test termination in
such cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is useful for now since the IPv6 support for proxyarp is not yet
included in the upstream kernel. This allows the IPv4 test cases to pass
with the current upstream kernel while allowing the IPv6 test cases to
report SKIP instead of FAIL.
Signed-off-by: Jouni Malinen <j@w1.fi>
This describes example steps on how to get the VM testing setup with
parallel VMs configured with Ubuntu Server 16.04.1.
Signed-off-by: Jouni Malinen <j@w1.fi>
rrm_link_measurement and rrm_link_measurement_oom test cases were
causing incorrect failures when executed with a kernel version that does
not modify mac80211_hwsim to support TX power insertion. Fix this by
checking for that capability and skipping the test cases if the kernel
does not support this.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is a regression test for comeback delay values larger than
GAS_QUERY_TIMEOUT_PERIOD causing timeouts for the query.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When fixing the TK clearing on Authentication frame RX, an issue in
getting unicast frames through after re-joining the IBSS was hit. It is
not exactly clear why this happens, but the unicast frame from the STA
that re-joined the network gets lost in the frame reorder buffer of the
STA that remains in the network.
For now, this disables HT to avoid a strange issue with mac80211
frame reordering during the final test_connectivity() call. Once that is
figured out, these disable_ht=1 calls should be removed from the test
case.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like the previous mechanism for catching older tshark versions
for EAPOL-Key key info field was not sufficient. Fix that to cover the
version used in Ubuntu 14.04.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a new test that tests connectivity between two stations that
can't reach each other directly in the mesh, but need forwarding
on another station to talk to each other.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The request from the AP was encoded incorrectly for this test case and
an active scan was requested instead of the passive one that was
supposed to be used here.
Signed-off-by: Jouni Malinen <j@w1.fi>
Replace the TEST_ALLOC function wpas_beacon_rep_no_results with an
earlier function in the backtrace and wpabuf_resize() in preparation to
a code change that allows the compiler to optimize out
wpas_beacon_rep_no_results().
Signed-off-by: Jouni Malinen <j@w1.fi>
The channel switch command is intended for the GO interface, but
it was not sent on the group control interface. For configurations
that use a separate interface for P2P groups, this will fail the test.
Fix this by sending the channel switch command on the group control
interface and waiting for the channel switch event on the group
control interface.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
For some reason, a potential OOM in hostapd_config_read_wpa_psk() and
hostapd_derive_psk() were missed in --codecov runs during the main
iteration loop. Cover these specific cases with separate instances to
avoid missing coverage.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends previous ap_vht160_no_dfs test case coverage by running the
same test case with each of the possible HT primary channel
alternatives.
Signed-off-by: Jouni Malinen <j@w1.fi>
This file is used only by hostapd_cli and wpa_cli and neither of those
are currently included in code coverage reporting. Avoid dropping the
coverage numbers by code that cannot be reached due to not being
included in the programs that are covered.
Signed-off-by: Jouni Malinen <j@w1.fi>
5745 MHz was added as an allowed short range device range in
wireless-regdb for DE which made this test case fail. Fix it for now by
using SE instead of DE for the second part of the test case.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for wireless-regdb to include a 160 MHz channel, but with
DFS required. This test case need the regulatory information to allow
160 MHz channel without DFS. Fix false failures by skipping the test if
this exact combination is not found.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wireshark renamed eapol.keydes.key_info to
wlan_rsna_eapol.keydes.key_info and that broke this test case when
upgrading Wireshark. Fix this by trying to use both the new and the old
name.
Signed-off-by: Jouni Malinen <j@w1.fi>
Something broke eap_fast_tlv_nak_oom when moving from Ubuntu 14.04 to
16.04. OpenSSL.SSL.Connection() state_string() returns None in these
cases and the debug log prints for that were causing the case to fail.
For now, work around this by checking whether the state string is None
before trying to print it.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes the debug log easier to understand and avoids leaving large
number of pending messages into the wpa_supplicant control interface
sockets.
Signed-off-by: Jouni Malinen <j@w1.fi>
It does not look like BoringSSL allows pbeWithMD5AndDES-CBC to be used
to protect the local private key, so skip this test case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This test case verifies that SD Response frame does not block the
following remain-on-channel operation unnecessarily long.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
HT cannot be used with WEP-only network, so don't try to do that here.
This get rids of some unnecessary Beacon frame updates during
disassociation/association and can make the test case a bit more robust.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previous PeerKey test cases did not actually verify in any way that
the SMK and STK exchanges were completed since mac80211 does not support
setting the key from STK. Use a sniffer check to confirm that the
exchanges complete to avoid PeerKey regressions like the ones fixed in
the last couple of commits.
Signed-off-by: Jouni Malinen <j@w1.fi>
The FILS ANQP-element changes made couple of the generic ANQP test steps
fail. Update this to ignore the special FILS cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
The sta2.scan() calls were performing full scan of all channels and
reporting only the BSS entry that happened to be the first one in the
wpa_supplicant list. This is problematic since it is possible that the
target AP was not found and incorrect BSS was selected and used for
setting scan_freq which made the connection fail. Furthermore, there is
no need to use full scan for these test cases, so use a single channel
scan instead.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use P2P listen mode on dev[1] to speed up GO Negotiation and explicitly
wait for successfully completed GO Negotiation to make the failure cases
clearer. Previously, it was possible for the GO Negotiation to fail and
execution to go to the tshark check even when no GO Negotiation Confirm
frame was sent.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There is no need to attach the monitor interface was events when issuing
only a single INTERFACES command.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It is possible for the P2P-GROUP-STARTED event to get delayed more than
one second especially when the GO Negotiation responder becomes the P2P
Client and the system is heavily loaded. Increase the default timeout
for the expected success case from 1 to 5 seconds to avoid failing test
cases that would have succeeded if given a bit more time to complete the
exchange.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was apparently possible to get a propertiesChanged event from an
earlier test case with an empty Groups property. That ended up this case
exiting immediately before running through the steps and consequently,
failing due to missed operations. Make this less likely to happen by
accepting the Groups property emptying event only after a group has been
added for a peer first.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Check whether the unexpected BSS entry is based on having received a
Beacon frame instead of Probe Response frame. While this test case is
using a huge beacon_int value, it is still possible for mac80211_hwsim
timing to work in a way that a Beacon frame is sent. That made this test
case fail in some rare cases. Fix this by ignoring the BSS entry if it
is based on Beacon frame instead of Probe Response frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Local key generation for FT-PSK does not use the AP-to-AP protocol and
as such, setting pmk_r1_push=1 is a bit confusing here since it gets
ignored in practice. Remove it to keep the test case easier to
understand.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for ap_wps_per_station_psk_failure to leave behind scan
entries with active PBC mode if cfg80211 BSS table. This could result in
a following test case failing due PBC overlap. Fix this by clearing the
cfg80211 BSS table explicitly.
This was found with the following test case sequence:
ap_wps_per_station_psk_failure autogo_pbc
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Work around the mac80211_hwsim limitation on channel survey by forcing
the last connection to be on 2.4 GHz band. Without this, wpas_ap_acs
would have failed to start the AP if the previous test case used the 5
GHz band.
Signed-off-by: Jouni Malinen <j@w1.fi>
There has been number of failures from this test case due to the
MESH-SAE-AUTH-FAILURE event from dev[0] and dev[1] arriving couple of
seconds after the one second timeout after the dev[2] events. This does
not look like a real issue, so increase the timeout to five seconds to
make this less likely to show false failures during testing.
Signed-off-by: Jouni Malinen <j@w1.fi>
If wpa_state is left to SCANNING by a previously executed test case,
scan_trigger_failure will fail. Instead of waiting for that failure,
check for wpa_state at the beginning of the test case and report a more
helpful error message if the test case would fail due to a previously
executed test case.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add two tests that check if the kernel BSS leak (when we get a deauth or
otherwise abandon an association attempt) is present in the kernel. This
is for a long-standing cfg80211/mac80211 issue that got fixed with the
kernel commit 'cfg80211/mac80211: fix BSS leaks when abandoning assoc
attempts'.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The final check in this test case was issuing a new P2P_FIND command
immediately after the P2P_SERVICE_DEL command on the peer. It looked
like it was possible for the scan timing to go in a sequence that made
the new P2P_FIND operation eventually accept a cfg80211 BSS entry from
the very end of the previous P2P_FIND. This resulted in unexpected
P2P-DEVICE-FOUND event even though there was no new Probe Response frame
from the peer at that point in time.
Make this less likely to show unrelated failures by waiting a bit before
starting a new P2P_FIND operation after having changes peer
configuration.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These test cases verify that there is no duplicate processing of P2P
Action frames while operating in a P2P group.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends the ap_wds_sta test case to cover post-reassociation case
(both with and without Authentication frame exchange) and add similar
test cases to cover open and WEP cases in addition to this existing
WPA2-PSK test case.
These cover functionality testing for the previous fix in
reassociation-without-new-authentication case. In addition, these find a
new mac80211 issue for the WEP + 4addr combination.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Verify that AP does not break PMF-enabled connection due to injected
Authentication frame. This is a regression test for
NL80211_FEATURE_FULL_AP_CLIENT_STATE changes resulting in dropping the
key in such a case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for the first wt.clear_bss_counters(bssid) call to fail
the test if timing worked out in a way that the wlantest process had not
received any Beacon frames from the first AP. Run a directed scan for
both of the BSSs before starting the test validation steps to make sure
such a case cannot fail this test case.
Signed-off-by: Jouni Malinen <j@w1.fi>
The kernel commit 'mac80211: filter multicast data packets on AP /
AP_VLAN' started filtering out the test frame used in
ap_vlan_without_station and that resulted in false failures. For now,
ignore that "error" case to avoid claiming failures when the kernel is
doing what it is expected to do.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows the new FILS test cases to be executed automatically when a
recent enough kernel version is used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The extension of aes_128_ctr_encrypt() to allow AES-192 and AES-256 to
be used in addition to AES-128 for CTR mode encryption resulted in the
backtrace for the function calls changing. Update the test cases that
started failing due to that change.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This test case did not clear sched_scan_plans if alloc_fail() resulted
in skipping the test case. This would result in the following
autoscan_exponential and autoscan_periodic test cases failing.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In case that a dedicated P2P Device interface is used, a new interface
must be create for a P2P group. Thus, in order to send mgmt
frames, attach a new WpaSupplicant object to the newly created group
and use this object for sending the frames.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Use the global control interface to remove P2P networks in
persistent_group_peer_dropped3 to support configurations that use a
dedicated P2P Device interface.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
For configurations that use a dedicated P2P Device interface, which
mandates that a separate interface is used for the P2P group, vendor
specific IE's must be added to the VENDOR_ELEM_P2P_* frame types in
order to be used by the P2P group interface. The VENDOR_ELEM_ASSOC_REQ
(13) parameter would need to be issued on the group interface which
would be challenging to do due to timing in case a separate group
interface gets used.
In case a dedicated P2P Device interface is used, don't include a test
for VENDOR_ELEM_ASSOC_REQ to avoid failing this part of the test case.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This test case could have ended with the station devices still in US
regulatory domain and that could make a following test case fail in some
sequences. For example, "ap_track_taxonomy ibss_5ghz" sequence made
ibss_5ghz fail to see the regdom change event since there was not one
due to the US country code already being in use at the beginning of the
test case. Fix this by clearing the country code at the end of
ap_track_taxonomy.
Signed-off-by: Jouni Malinen <j@w1.fi>
The reason_detail field was removed from the implementation, so the test
cases need matching changes.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add testcase to verify a failed reconnect attempt due to authentication
timeout blacklists the correct AP. Driver capabilities are forced to
non-SME and driver roaming (BSS selection) mode.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Add testcase to verify failed roaming attempt due to authentication
timeout blacklists the correct AP. Roaming attempt is performed
with the reassociate command and bssid_set=1. Driver capabilities
are forced to non-SME and driver roaming (BSS selection) mode.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Clear wpa_supplicant scan cache before starting these test cases since
the ROAM command depends on the correct BSS entry being found.
scan_for_bss() does not enforce that correct entry to be present if
there was an earlier BSS entry with the same BSSID.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This moves the wpa_supplicant debug entries from the end of a test case
using a dynamically added wlan5 interface to the correct test case,
i.e., the test case that added the interface instead of whatever test
case happens to follow this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Some tests call the check_qos_map() function more than once. Make sure
each test sets up wlantest only once before the first time the function
is called.
The wlantest setup sets the channel for the wlantest interface and
executes the wlantest executable. It is more efficient to do that only
once for each test.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Some operations take longer time on real hardware than on hwsim. This
commit increases two timeouts so that the tests will pass on real
hardware, too.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Use increased timeouts for connect and disconnect since these operations
take a longer time on real harware than they do on hwsim.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
It looks like the attempt to read the process id from a PID file can
return empty data. This resulted in kill_pid() failing to kill the
process and all the following FST test cases using the extra interface
failing. While the PID file is really supposed to have a valid PID value
when we get this far, it is better to try multiple times to avoid
failing large number of test cases.
The current os_daemonize() implementation ends up calling daemon() first
and then writing the PID file from the remaining process that is running
in the background. This leaves a short race condition where an external
process that started hostapd/wpa_supplicant could end up trying to read
the PID file before it has been written.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 2d6a526ac3 ('tests: Make
ap_wps_er_http_proto more robust') tried to work around the timeouts
here, but that was not really the best approach since the one second
timeout that was used here for connect() ended up being very close to
the limit even before the kernel change. The longer connect() time is
caused by a sequence where the listen() backlog ignores the connection
instead of accept() followed by close() within the wpa_supplicant ER
HTTP connection handling. The time to retransmit the SYN changed a bit
in the kernel from 1.0 sec to about 1.03 sec. This was enough to push
that over the one second timeout.
Fix this by using a sufficiently long timeout (10 sec) to allow SYN
retransmission to occur to recover from the listen() backlog case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It looks like connect() for a TCP socket can time out at least with a
recent kernel. Handle that case more gracefully by ignoring that socket
while allowing the test to continue.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It looks like it is possible for the separate started wpa_supplicant
process to remain running after a test case like fst_sta_config_default.
This would result in failures to run any following test case that uses
the wlan5 interface. Try to kill the process more thoroughly by waiting
for the PID file to show up and write more details into the logs to make
it easier to debug issues in this area.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use a smaller fragment_size to force the roundtrip limit to be reached
with OpenSSL 1.1.0 which seemed to result in a bit shorter TLS messages
being used and being able to complete the authentication successfully
with the previously used fragment_size value.
Signed-off-by: Jouni Malinen <j@w1.fi>
The bssid argument was missing from couple of test cases. While this is
clearly incorrect, it looks like the error did not really cause any
significant issues to the test case. Anyway, better provide the correct
set of arguments to the call.
Signed-off-by: Jouni Malinen <j@w1.fi>
After successfully passing the 525 tests on a remote setup mark the
tests as remote compatible.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Add a new function decorator for the test functions so that they can be
marked as remote compatible tests. Add a general filter to the remote
tests execution script to only execute tests that are remote compatible.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing shell commands to setup bridge so that this would also work on
remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing "iw connect ..." commands so that this would also work on
remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing "ip link set up/down" commands so that this would also work on
remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing "iw ... station get" commands so that this would also work on
remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing "ps ax" so that this would also work on remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing "ip addr add/del .." so that this would also work on remote
setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing "iw scan .." so that this would also work on remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing "iw reg set 00" so that this would also work on remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
One TDLS test case was using wlantest without doing the setup first.
This makes the test not work on real hardware. Fix the issue by adding
the wlantest setup to the test.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
hwsim_utils.set_powersace() used to do file operations locally in
python. Start using the cmd_execute() general function for file
operations so that this would also work on remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
This verifies that the channel switch is reported by the station and
replaces the fixed sleep before a traffic test by wait for the actual
switch operation to complete.
Signed-off-by: Jouni Malinen <j@w1.fi>
The generic cmd_execute() function was introduced in a manner that
converted the argument array to a string and used shell to run the
command unconditionally. This is not really desirable, so move back to
using the command array by default and use the single command string
with a shell only when really needed.
Signed-off-by: Jouni Malinen <j@w1.fi>
The ap_ht tests used to execute shell commands in the tests using the
subprocess python module. Complete the move to using the cmd_execute()
general function for executing shell commands so that this would also
work on remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The ap_ht tests used to execute shell commands in the tests using the
subprocess python module. Start using the cmd_execute() general function
for executing shell commands so that this would also work on remote
setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The ap_ht tests used to execute iw reg set command using the subprocess
python module. Start using the cmd_execute() general function for
executing shell commands so that this would also work on remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The test cases ap_ht40_5ghz_invalid_pair and ap_ht40_5ghz_disabled_sec
mixed use of apdev[0] and apdev[1] while only needing a single AP. This
works when both the devices are on the same host (e.g., with
mac80211_hwsim), but not when using separate remote hosts. Fix this by
using apdev[0] more consistently in these test cases.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Some TDLS and WPS test cases reference the hapd variable in the finally
block even if the test failed before assigning the value to this
variable. This makes the code in the finally block to fail on
referencing this variable. Assign None to the hapd variable before
starting the tests to avoid this.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The ap_ciphers tests used to do file operations locally in python. Start
using the cmd_execute() general function for file operations so that
this would also work on remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Add the feature to execute shell commands on each wpa_supplicant/hostapd
interface host. When executing remote tests the interfaces are not all
on a single host so when executing shell commands the test needs to
execute the command on the host which the interface relevant for the
command is on. This patch enables tests to execute the command on the
relevant host.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The next commit modifies the BSS command behavior to report partial
results for a BSS, so mesh_scan_oom needs to allow a BSS entry to be
returned as long as it does not include the mesh information.
Signed-off-by: Jouni Malinen <j@w1.fi>
Check for MESH-PEER-CONNECTED from dev[1] before reporting MGMT-RX
timeout errors from dev[0]. This avoids false failures in case the short
0.01 s timeout at the end of the loop was not long enough to catch the
message.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that the Accepting Additional Mesh Peerings field is being
cleared properly when the maximum peer links count is reached.
Signed-off-by: Jouni Malinen <j@w1.fi>
Start using the wpa_supplicant remote UDP interface for the control and
monitor sockets for P2P group interfaces so that P2P tests would work on
real hardware. Also have the group requests and events show in the test
log with the hostname and the interface name of the group interface.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Use a monitor interface given in the command line that is not also a
station or an AP as a monitor running wlantest on the channel used by
the test. This makes all the tests that use wlantest available for
execution on real hardware on remote hosts.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Instead of accessing the logs list member of the remote host directly,
use a function to add logs to the remote host to be collected after the
test. This enables us to later have different implementation of remote
hosts or logs collection without requiring to have this list as the
implementation.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The regular hwsim tests use both unicast and broadcast frames to test
the connectivity between 2 interfaces. For real hardware (remote hwsim
tests) the broadcast frames will sometimes not be seen by all connected
stations since they can be in low power mode during DTIM or because
broadcast frames are not ACKed. Use 10 retries for broadcast
connectivity tests for real hardware so that the test will pass if we
successfully received at least one of them.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
This is needed to work with the tls_openssl.c changes that renamed the
function that is used for deriving the EAP-FAST keys.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit afb2e8b891 ('tests: Store P2P
Device ifname in class WpaSupplicant') did not take into account the
possibility of capa.flags not existing in get_driver_status() and broke
WEXT test cases. Fix this by checking that capa.flags is present before
looking at its value.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add monitor support. This supports monitors added to the current
interfaces. This also support standalone monitor with multi interfaces
support. This allows to get logs from different channels at the same
time to one pcap file.
Example of t3-monitor added to config.py file.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This is a regression test case to verify that MTK is calculated properly
also in this unexpected sequence.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that pmf=2 is ignored for a non-RSN network while a
network profile specific ieee80211w=2 is enforced.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that a WPA2PSK passphrase with control characters gets
rejected in a WPS Credential and that control characters in SSID get
written as a hexdump.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When a dedicated P2P Device interface is used, its configuration should
be cloned to the group interface. Add a test that covers this both when
a separate group interface is used and not.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Use the global control interface to remove P2P network blocks, to
support cases when a dedicated P2P Device interface is used.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Some environments define default system wide HTTP proxy. Using default
system configuration may result in a failure to open some HTTP URLs. Fix
this by ensuring that no proxies are used.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In p2p_channel_vht80_autogo and p2p_channel_vht80p80_autogo, parse the
P2P-GROUP-STARTED event prior to calling the group_request() method, as
otherwise the group ifname is not set.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Support configurations that use a dedicated P2P Device interface by
using the global control interface and specifying the interface name for
the GET commands fetching the ip_addr_go parameter.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Modify the persistent_group_profile_add test to support configurations
that use a dedicated P2P Device interface by sending the ADD_NETWORK and
SET_NETWORK commands on the global control interface and specifying the
P2P Device interface name.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add an attribute to class WpaSupplicant with the name of the
P2P Device interface. If a separate interface is not used for
P2P Device, this attribute will hold the name of the only used
interface (with functions also as the P2P Device management
interface).
This attribute will be used to direct P2P related commands to the
P2P Device interface, which is needed for configurations that use
a separate interface for the P2P Device.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Waiting for the P2P-DEVICE-FOUND event should be done on the global
control interface to support configurations that use a dedicated P2P
Device interface.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Support configurations that use a dedicated P2P Device interface by
sending the P2P_CONNECT command on the global control interface.
In addition, when a dedicated P2P Device interface is used, there is no
need to manually respond to the Provision Discovery Request since the
request is processed by the P2P Device interface and this interface was
not set for external RX management frames handling.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This fixes commit 2f0f69a9ec ('tests: Use
p2ps_provision() and p2ps_connect_pd() in p2ps_connect_p2ps_method()').
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
1. Fail roaming to an AP which exceeded its number of allowed stations.
2. Fail roaming due to passphrase mismatch.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
It is better to use a list of command line arguments for the local
execution case and convert that to a space-separated string for the
remote case.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes the DFS test cases that use start_dfs_ap() more usable for
testing with remote hosts.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass apdev to instead of HostapdGlobal() to invalid_ap() to make the
dynamic AP test cases more useful for testing with remove hosts.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Use hostapd.add_ap() and hostapd.remove_bss() to avoid direct
HostapdGlobal() use in some of the dynamic AP test cases to make them
more usable for testing with remote hosts.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass apdev param to hostapd.add_bss(). Kill hardcoded phy param and get
phy base on apdev. These are needed to support operation with a remote
test host.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
We need this for remote host support. From apdev we can get
apdev['hostname'] and apdev['port'].
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
1. Add tests for hostapd neighbor database and neighbor report and
request. Remove the partial neighbor report request test from
test_wpas_ctrl.py since they are now covered more completely in
test_rrm.py.
2. Add LCI request test.
3. Add FTM range request signaling test. This covers only the control
interface commands and measurement request/response exchange for now.
Full end-to-end functionality requires support of station reporting
RRM capability.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Use quotation marks to match the new SSID encoding format in the
NEIGHBOR_REP_REQUEST command. In this specific test case, the exact SSID
value did not make any difference for behavior. The previous version
ended up getting decoded as a hexstring after the NEIGHBOR_REP_REQUEST
format change. The new version goes back to the ASCII string version of
"abcdef".
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Modify the test cases to tests the Hotspot 2.0 filtering functionality
in wpa_supplicant, instead of testing only the kernel interface.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The new persistent_group_peer_dropped3 test case is similar to
persistent_group_peer_dropped with the difference being in the
responding device (the one from which the persistent group information
is dropped) is not issued a separate P2P_LISTEN command and instead, a
single P2P_FIND is used through the exchange to verify that this
operation does not get stopped unexpectedly. This is a regression test
case to verify that P2P_PENDING_INVITATION_RESPONSE case ends up calling
p2p_check_after_scan_tx_continuation() in non-success case. It should be
noted that this is dependent on timing: Action frame TX request needs to
occur during the P2P_FIND Search phase (scan). As such, not every
execution of this test case will hit the previous issue sequence, but
that should be hit every now and then.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (7) converts the cases where a local variable is used to store
apdev[#]['ifname'] before passing it as the argument to hostapd.add_ap().
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (6) converts the cases where apdevs[#]['ifname'] was used as
the argument to hostapd.add_ap().
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (5) converts the cases that use the start_ap_wpa2_psk() helper
function.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (4) converts the cases that call hostapd.add_ap() from a
helper function that got apdev[i] as an argument.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (3) converts the cases that use the start_ap() helper
function.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (2) converts the cases that use the add_ssdp_ap() helper
function.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (1) converts the cases where apdev[#]['ifname'] was used as
the argument to hostapd.add_ap().
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This allows the full apdev dict to be passed to the add_ap() function
instead of just ifname. This allows us to handle also remote hosts while
we can check apdev['hostname'], apdev['port']. The old style ifname
argument is still accepted to avoid having to convert all callers in a
single commit.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
The test cases fst_ap_start_session_oom and fst_setup_mbie_diff did not
clean up FST sessions properly in case alloc_fail failed due to missing
support for it in the build. This could result in abandoning attached
hostapd global control interface monitors and test case failures due to
the global control interface socket running out of output buffer.
Fix this by going through the cleanup steps even if alloc_fail raises
HwsimSkip exception.
Signed-off-by: Jouni Malinen <j@w1.fi>
For now, this is not enforcing cfg80211 reassociation since the needed
changes do not yet exist in the upstream kernel. Once those changes are
accepted, the TODO note in the test case can be addressed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This needs to be allowed with OpenSSL 1.1.0 since the RC4-based cipher
has been disabled by default.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This class allows execution of commands on a remote hosts/machine. This
is based on ssh with authorized keys, so you should be able to execute
such commands without any password:
ssh <user>@<hostname> id
By default user is root.
Support for sync and async calls is included.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This is needed for ap_vlan_tagged_wpa2_radius_id_change to pass. The
ioctl-based vlan_add() function does not use the vlan_if_name parameter
at all.
Signed-off-by: Jouni Malinen <j@w1.fi>
The no self.global_iface case was not returning the result from the
self.request() case. While this is not really a path that is supposed to
be used, make it return the response since it is at least theoretically
possible to get here.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to allow updated Interworking behavior that adds the
realm to the EAP-Response/Identity value.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Incorrect path and file name was used in the openssl command to generate
one of the OCSP responses. Also fix
ap_wpa2_eap_tls_intermediate_ca_ocsp_multi to expect success rather than
failure due to OCSP response. Based on the test description, this was
supposed to succeed, but apparently that root_ocsp() bug prevented this
from happening.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Test different delay intervals between the INTERFACE_DISABLED event
and the INTERFACE_ENABLED event for discovery_and_interface_disabled.
Previously, only a delay of 1 second was used, in which case the
scan results for the P2P_FIND operation were received after the
interface was enabled again, and the case the scan results were
received while the interface was disabled was not covered.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
A malicious station could try to do FT-over-DS with a non WPA-enabled
BSS. When this BSS is located in the same hostapd instance, internal RRB
delivery will be used and thus the FT Action Frame will be processed by
a non-WPA enabled BSS. This processing used to crash hostapd as
hapd->wpa_auth is NULL.
This test implements such a malicious request for regression testing.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This adds new tests to verify pmksa_cache_preauth when
used with per_sta_vif and possibly vlans.
While at it it refactors the code such that the tests
pmksa_cache_preauth
pmksa_cache_preauth_vlan_enabled
pmksa_cache_preauth_vlan_used
pmksa_cache_preauth_per_sta_vif
pmksa_cache_preauth_vlan_enabled_per_sta_vif
pmksa_cache_preauth_vlan_used_per_sta_vif
share code where possible.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This adds a test case ap_vlan_reconnect. It connects, disconnects, and
reconnects a station in a VLAN. This tests for a regression with
wpa_group entering the FATAL_FAILURE state as the AP_VLAN interface is
removed before the group was stopped.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This extends the P2P Device testing coverage to include the newly
enabled option of using the primary interface (e.g., wlan0) for P2P
group operation instead of always forcing a separate group interface to
be created dynamically.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This tests BSS Transition Management Query frame generation with
candidate list and transmission of the following request and response
frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a test that verifies that no Association Request frame is sent to
APs that include the MBO IE with association disallowed attribute in
Beacon and Probe Response frames.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add tests to verify that MBO IE in BSS Transition Management Request
frame is parsed correctly:
1. The MBO transition reason code is received by the MBO station.
2. The MBO cellular data connection preference is received by the
MBO station.
3. The MBO station does not try to connect to the AP until the retry
delay is over.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This is needed to avoid reporting failures after a change to remove the
fallback path in PIN generation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This enhances the test pmksa_cache_preauth_vlan_used to check
connectivity in the correct VLAN bridge.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
The use of the newer OpenSSL API in openssl_hmac_vector() removes one of
the memory allocations, so the TEST_ALLOC_FAIL here could not trigger.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that num_plinks is decremented properly if a peer mesh STA
reconnects without closing the link explicitly.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case for enforcing that AP setup fails in case there is need
to fall back to 20 MHz channel due to invalid 40 MHz configuration.
Modify this to allow successful AP startup as long as 40 MHz channel
does not get enabled.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that the persistent group information gets dropped based
on peer response (unknown group) and that a new group formation can be
completed after such invitation failure.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>