Add monitor support. This supports monitors added to the current
interfaces. This also support standalone monitor with multi interfaces
support. This allows to get logs from different channels at the same
time to one pcap file.
Example of t3-monitor added to config.py file.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This is a regression test case to verify that MTK is calculated properly
also in this unexpected sequence.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that pmf=2 is ignored for a non-RSN network while a
network profile specific ieee80211w=2 is enforced.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that a WPA2PSK passphrase with control characters gets
rejected in a WPS Credential and that control characters in SSID get
written as a hexdump.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When a dedicated P2P Device interface is used, its configuration should
be cloned to the group interface. Add a test that covers this both when
a separate group interface is used and not.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Use the global control interface to remove P2P network blocks, to
support cases when a dedicated P2P Device interface is used.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Some environments define default system wide HTTP proxy. Using default
system configuration may result in a failure to open some HTTP URLs. Fix
this by ensuring that no proxies are used.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In p2p_channel_vht80_autogo and p2p_channel_vht80p80_autogo, parse the
P2P-GROUP-STARTED event prior to calling the group_request() method, as
otherwise the group ifname is not set.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Support configurations that use a dedicated P2P Device interface by
using the global control interface and specifying the interface name for
the GET commands fetching the ip_addr_go parameter.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Modify the persistent_group_profile_add test to support configurations
that use a dedicated P2P Device interface by sending the ADD_NETWORK and
SET_NETWORK commands on the global control interface and specifying the
P2P Device interface name.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add an attribute to class WpaSupplicant with the name of the
P2P Device interface. If a separate interface is not used for
P2P Device, this attribute will hold the name of the only used
interface (with functions also as the P2P Device management
interface).
This attribute will be used to direct P2P related commands to the
P2P Device interface, which is needed for configurations that use
a separate interface for the P2P Device.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Waiting for the P2P-DEVICE-FOUND event should be done on the global
control interface to support configurations that use a dedicated P2P
Device interface.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Support configurations that use a dedicated P2P Device interface by
sending the P2P_CONNECT command on the global control interface.
In addition, when a dedicated P2P Device interface is used, there is no
need to manually respond to the Provision Discovery Request since the
request is processed by the P2P Device interface and this interface was
not set for external RX management frames handling.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This fixes commit 2f0f69a9ec ('tests: Use
p2ps_provision() and p2ps_connect_pd() in p2ps_connect_p2ps_method()').
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
1. Fail roaming to an AP which exceeded its number of allowed stations.
2. Fail roaming due to passphrase mismatch.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
It is better to use a list of command line arguments for the local
execution case and convert that to a space-separated string for the
remote case.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes the DFS test cases that use start_dfs_ap() more usable for
testing with remote hosts.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass apdev to instead of HostapdGlobal() to invalid_ap() to make the
dynamic AP test cases more useful for testing with remove hosts.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Use hostapd.add_ap() and hostapd.remove_bss() to avoid direct
HostapdGlobal() use in some of the dynamic AP test cases to make them
more usable for testing with remote hosts.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass apdev param to hostapd.add_bss(). Kill hardcoded phy param and get
phy base on apdev. These are needed to support operation with a remote
test host.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
We need this for remote host support. From apdev we can get
apdev['hostname'] and apdev['port'].
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
1. Add tests for hostapd neighbor database and neighbor report and
request. Remove the partial neighbor report request test from
test_wpas_ctrl.py since they are now covered more completely in
test_rrm.py.
2. Add LCI request test.
3. Add FTM range request signaling test. This covers only the control
interface commands and measurement request/response exchange for now.
Full end-to-end functionality requires support of station reporting
RRM capability.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Use quotation marks to match the new SSID encoding format in the
NEIGHBOR_REP_REQUEST command. In this specific test case, the exact SSID
value did not make any difference for behavior. The previous version
ended up getting decoded as a hexstring after the NEIGHBOR_REP_REQUEST
format change. The new version goes back to the ASCII string version of
"abcdef".
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Modify the test cases to tests the Hotspot 2.0 filtering functionality
in wpa_supplicant, instead of testing only the kernel interface.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The new persistent_group_peer_dropped3 test case is similar to
persistent_group_peer_dropped with the difference being in the
responding device (the one from which the persistent group information
is dropped) is not issued a separate P2P_LISTEN command and instead, a
single P2P_FIND is used through the exchange to verify that this
operation does not get stopped unexpectedly. This is a regression test
case to verify that P2P_PENDING_INVITATION_RESPONSE case ends up calling
p2p_check_after_scan_tx_continuation() in non-success case. It should be
noted that this is dependent on timing: Action frame TX request needs to
occur during the P2P_FIND Search phase (scan). As such, not every
execution of this test case will hit the previous issue sequence, but
that should be hit every now and then.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (7) converts the cases where a local variable is used to store
apdev[#]['ifname'] before passing it as the argument to hostapd.add_ap().
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (6) converts the cases where apdevs[#]['ifname'] was used as
the argument to hostapd.add_ap().
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (5) converts the cases that use the start_ap_wpa2_psk() helper
function.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (4) converts the cases that call hostapd.add_ap() from a
helper function that got apdev[i] as an argument.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (3) converts the cases that use the start_ap() helper
function.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (2) converts the cases that use the add_ssdp_ap() helper
function.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (1) converts the cases where apdev[#]['ifname'] was used as
the argument to hostapd.add_ap().
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This allows the full apdev dict to be passed to the add_ap() function
instead of just ifname. This allows us to handle also remote hosts while
we can check apdev['hostname'], apdev['port']. The old style ifname
argument is still accepted to avoid having to convert all callers in a
single commit.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
The test cases fst_ap_start_session_oom and fst_setup_mbie_diff did not
clean up FST sessions properly in case alloc_fail failed due to missing
support for it in the build. This could result in abandoning attached
hostapd global control interface monitors and test case failures due to
the global control interface socket running out of output buffer.
Fix this by going through the cleanup steps even if alloc_fail raises
HwsimSkip exception.
Signed-off-by: Jouni Malinen <j@w1.fi>
For now, this is not enforcing cfg80211 reassociation since the needed
changes do not yet exist in the upstream kernel. Once those changes are
accepted, the TODO note in the test case can be addressed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This needs to be allowed with OpenSSL 1.1.0 since the RC4-based cipher
has been disabled by default.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This class allows execution of commands on a remote hosts/machine. This
is based on ssh with authorized keys, so you should be able to execute
such commands without any password:
ssh <user>@<hostname> id
By default user is root.
Support for sync and async calls is included.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This is needed for ap_vlan_tagged_wpa2_radius_id_change to pass. The
ioctl-based vlan_add() function does not use the vlan_if_name parameter
at all.
Signed-off-by: Jouni Malinen <j@w1.fi>
The no self.global_iface case was not returning the result from the
self.request() case. While this is not really a path that is supposed to
be used, make it return the response since it is at least theoretically
possible to get here.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to allow updated Interworking behavior that adds the
realm to the EAP-Response/Identity value.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Incorrect path and file name was used in the openssl command to generate
one of the OCSP responses. Also fix
ap_wpa2_eap_tls_intermediate_ca_ocsp_multi to expect success rather than
failure due to OCSP response. Based on the test description, this was
supposed to succeed, but apparently that root_ocsp() bug prevented this
from happening.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Test different delay intervals between the INTERFACE_DISABLED event
and the INTERFACE_ENABLED event for discovery_and_interface_disabled.
Previously, only a delay of 1 second was used, in which case the
scan results for the P2P_FIND operation were received after the
interface was enabled again, and the case the scan results were
received while the interface was disabled was not covered.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
A malicious station could try to do FT-over-DS with a non WPA-enabled
BSS. When this BSS is located in the same hostapd instance, internal RRB
delivery will be used and thus the FT Action Frame will be processed by
a non-WPA enabled BSS. This processing used to crash hostapd as
hapd->wpa_auth is NULL.
This test implements such a malicious request for regression testing.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This adds new tests to verify pmksa_cache_preauth when
used with per_sta_vif and possibly vlans.
While at it it refactors the code such that the tests
pmksa_cache_preauth
pmksa_cache_preauth_vlan_enabled
pmksa_cache_preauth_vlan_used
pmksa_cache_preauth_per_sta_vif
pmksa_cache_preauth_vlan_enabled_per_sta_vif
pmksa_cache_preauth_vlan_used_per_sta_vif
share code where possible.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This adds a test case ap_vlan_reconnect. It connects, disconnects, and
reconnects a station in a VLAN. This tests for a regression with
wpa_group entering the FATAL_FAILURE state as the AP_VLAN interface is
removed before the group was stopped.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This extends the P2P Device testing coverage to include the newly
enabled option of using the primary interface (e.g., wlan0) for P2P
group operation instead of always forcing a separate group interface to
be created dynamically.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This tests BSS Transition Management Query frame generation with
candidate list and transmission of the following request and response
frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a test that verifies that no Association Request frame is sent to
APs that include the MBO IE with association disallowed attribute in
Beacon and Probe Response frames.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add tests to verify that MBO IE in BSS Transition Management Request
frame is parsed correctly:
1. The MBO transition reason code is received by the MBO station.
2. The MBO cellular data connection preference is received by the
MBO station.
3. The MBO station does not try to connect to the AP until the retry
delay is over.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This is needed to avoid reporting failures after a change to remove the
fallback path in PIN generation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This enhances the test pmksa_cache_preauth_vlan_used to check
connectivity in the correct VLAN bridge.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
The use of the newer OpenSSL API in openssl_hmac_vector() removes one of
the memory allocations, so the TEST_ALLOC_FAIL here could not trigger.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that num_plinks is decremented properly if a peer mesh STA
reconnects without closing the link explicitly.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case for enforcing that AP setup fails in case there is need
to fall back to 20 MHz channel due to invalid 40 MHz configuration.
Modify this to allow successful AP startup as long as 40 MHz channel
does not get enabled.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that the persistent group information gets dropped based
on peer response (unknown group) and that a new group formation can be
completed after such invitation failure.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previous version expired in January. The new ones are from running
ec-generate.sh and ec2-generate.sh again.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is a regression test case for hostapd bug where the
disconnection/deauthentication TX status callback timeout could be
forgotten after new association if no ACK frame was received and the STA
managed to reconnect within two seconds.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The OpenSSL memory allocation changes broke this test case. Fix this by
removing the cases that do not get triggered anymore and add a separate
wpas_ctrl_error test case to cover the fail_test() versions of errors.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use helper variable to indicate end of the test case instead of having
to use a fixed length of the loop.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed to fix ap_wpa2_eap_psk_oom, ap_wpa2_eap_sim_oom,
eap_proto_psk_errors, and ap_ft_oom with the new OpenSSL dynamic memory
allocation design.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These need to be run without realm in the identity value to allow the
realm from the anonymous_identity to be used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These test cases verify that EAP-SIM with external GSM auth supports the
use case of replacing the SIM. The first test case does this incorrectly
by not clearing the pseudonym identity (anonymous_identity in the
network profile) while the second one clears that and shows successful
connection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible to hit an error case in ap_wpa2_eap_in_bridge where the
selectedMethod STATUS field was not available. This resulted in not very
helpful "'selectedMethod'" message in the test log file. Make this
clearer by dumping all received STATUS fields and a clearer exception
message indicating that selectedMethod was missing.
Signed-off-by: Jouni Malinen <j@w1.fi>
The test cases discovery_ctrl_char_in_devname and discovery_group_client
tried to allow three P2P_FIND instances to be used before reporting an
error. However, this did not really work properly since the second and
third attempts would likely fail to start the initial special P2P_FIND
scan due to an already ongoing p2p_scan operation. Fix this by stopping
the previous P2P_FIND and waiting for the scan to complete if a retry is
needed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that there is no NULL pointer dereference when the AP code
processes Probe Request and (Re)Association Request frames with a P2P IE
in case P2P support is explicitly disabled on the AP mode interface.
This is a regression test case for the fixes in the previous commit.
Signed-off-by: Jouni Malinen <j@w1.fi>
Couple of waits for this event used the "GO-NEG-FAILURE" string instead
of the full event prefix. While this worked in the tests due to a
substring matching, it is better to use the full event prefix here.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for the dump_monitor() call to drop a P2P-GO-NEG-FAILURE
event that was indicated quickly after the P2P_CONNECT command was
issued. This could result in grpform_reject test case failing to see the
expected event and fail the test due to "Rejection not reported".
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
rsn_ie_proto_eap_sta followed by eap_ttls_mschapv2_session_resumption
showed a failure case where the special RSNE from rsn_ie_proto_eap_sta
ended up remaining in a wpa_supplicant BSS entry and the SELECT_NETWORK
command used the previous scan results without checking for changed AP
configuration. This resulted in test failure due to RSN IE being claimed
to be different in EAPOL-Key msg 3/4. This is not really a real world
issue, but try to avoid false failure reports by explicitly clearing the
BSS table at the end of rsn_ie_proto_eap_sta.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that the previous commit works correctly by forcing a
P2P_LISTEN command execution to be interupted by a P2P_FIND command
timed in a manner that forces it to show up before the kernel ROC has
started for the Listen.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that P2P_STOP_FIND stops a pending offchannel TX wait in
the kernel by checking that a listen operation can be started in less
than a second after stopping a pending Action frame TX. This verifies
that the optimization introduced in the previous commit works properly.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>