If vendor_scan_cookie is set to 0 after the scan_abort due to the scan
timeout ends in a cookie mismatch when processing the following
QCA_NL80211_VENDOR_SUBCMD_SCAN_DONE indication. This ends up considering
the scan results as being for an external scan and thus the current
ongoing scan is not removed from the radio_work. Hence, do not reset
this vendor_scan_cookie after the scan abort so that the scan completion
event gets processed properly and vendor_scan_cookie gets cleared at
that point.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If the keychain holds additional certificates other than the end
certificate, read them into the certificate chain.
Signed-off-by: Paul Stewart <pstew@google.com>
We can only send module specific messages to syslog and not debug
messages printed with wpa_printf. Add an extra command line parameter
'-s' to allow it. The feature is enabled with compile flag
CONFIG_DEBUG_SYSLOG as for wpa_supplicant and behaves in the same manner
as the wpa_supplicant -s command line argument.
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@neratec.com>
It was possible to hit this WPA_ASSERT when FST-MANAGER SESSION_REMOVE
command is exececuted when in not-associated state. In
CONFIG_EAPOL_TEST=y builds, this would result in the wpa_supplicant
process being terminated. Convert this WPA_ASSERT to a check that does
not terminate the process, but only rejects the command if wpa_s->bssid
does not match the da argument.
Signed-off-by: Jouni Malinen <j@w1.fi>
Increase the EAPOL RX frame timeout from 100 to 200 ms. This fixes lack
of optimization (i.e., first EAPOL frame dropped) in occasional roaming
and authentication cases on EAP networks if the kernel events can be
reordered and delayed a bit longer.
Signed-off-by: Tomoharu Hatano <tomoharu.hatano@sonymobile.com>
Instead of copying the struct wpa_auth_callbacks, just keep a pointer to
it, keep the context pointer separate, and let the user just provide a
static const structure. This reduces the attack surface of heap
overwrites, since the function pointers move elsewhere.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If the VHT capability override vht_disabled=1 is used in the network
profile, skip VHT configuration of the local channel.
Signed-off-by: Jouni Malinen <j@w1.fi>
The remote mesh STA which had configuration disable_ht40=1 could have HT
Capabilities element which includes Supported Channel Width Set = 1
(both 20 MHz and 40 MHz operation is supported) even though it had HT
Operation element which includes STA Channel Width = 0 (20 MHz channel
width only). Previously, local peer recognized such a remote peer as 40
MHz band width enabled STA because local peer only checked HT
Capabilities element. This could cause disconnection between
disable_ht40=1 mesh STA and disable_ht40=0 mesh STA. They could
establish a mesh BSS but could not ping with ath9k_htc device. This
commit fixes the issue by refering HT Operation element.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This functionality can be used outside wpa_set_disable_ht40(), so move
the generic part to a helper function.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This is a regression test case for SIGSEGV in
wpa_supplicant_remove_iface() if the main interface is removed while a
separate mesh interface is in use.
Signed-off-by: Jouni Malinen <j@w1.fi>
The flush_scan_cache() operations in the finally part of these test
cases ended up getting called when the mesh group was still operating.
This could result in unexpected behavior due to offchannel scan being
performed before the device becomes idle. Clean this up by explicitly
removing the mesh group before cleaning up.
Signed-off-by: Jouni Malinen <j@w1.fi>
This kernel debugging option adds multiple seconds of extra latency to
interface removal operations. While this can be worked around by
increasing timeouts in number of test cases, there does not seem to be
any clean way of working around this for PMKSA cacheching test with
per-STA VIFs (e.g., pmksa_cache_preauth_vlan_used_per_sta_vif).
To avoid unnecessary test failures, remove CONFIG_DEBUG_KOBJECT_RELEASE
from the default config. If someone wants to test with this kernel debug
option, it can be enabled for custom kernel builds while understanding
that it can result in false failure reports and significantly extended
time needed to complete full testing run.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the kernel is built with CONFIG_DEBUG_KOBJECT_RELEASE=y, the cleanup
steps were taking so long that these test cases could fail.
Fix this by increasing the timeout to avoid reporting failures.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds parsing of received FILS HLP requests from (Re)Association
Request frames. The reassembled requests are verified to be in valid
format and are printed in debug output. However, actual processing or
forwarding of the packets is not yet implemented, i.e., the vendor
specific frame filtering logic is for now practically dropping all HLP
requests.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_supplicant control interface commands FILS_HLP_REQ_FLUSH and
FILS_HLP_REQ_ADD can now be used to request FILS HLP requests to be
added to the (Re)Association Request frame whenever FILS authentication
is used.
FILS_HLP_REQ_ADD parameters use the following format:
<destination MAC address> <hexdump of payload starting from ethertype>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If the kernel is built with CONFIG_DEBUG_KOBJECT_RELEASE=y, the hostapd
termination event for the wlan3 interface may be delayed beyond the
previous five second timeout. This could result in the test case failing
and the following test case failing as well due to the separate hostapd
process being still in the process of cleaning up.
Fix this by increasing the timeout to avoid forcing test termination in
such cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is useful for now since the IPv6 support for proxyarp is not yet
included in the upstream kernel. This allows the IPv4 test cases to pass
with the current upstream kernel while allowing the IPv6 test cases to
report SKIP instead of FAIL.
Signed-off-by: Jouni Malinen <j@w1.fi>
This describes example steps on how to get the VM testing setup with
parallel VMs configured with Ubuntu Server 16.04.1.
Signed-off-by: Jouni Malinen <j@w1.fi>
rrm_link_measurement and rrm_link_measurement_oom test cases were
causing incorrect failures when executed with a kernel version that does
not modify mac80211_hwsim to support TX power insertion. Fix this by
checking for that capability and skipping the test cases if the kernel
does not support this.
Signed-off-by: Jouni Malinen <j@w1.fi>
This gets rid of an unnecessary duplication of the definitions since all
the code has now been moved to using the earlier RSN_CIPHER_SUITE_*
definitions.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds the cipher suite selector values for ciphers that are not
really used with RSN, but are needed to be able to replace
WLAN_CIPHER_SUITE_* definitions with RSN_CIPHER_SUITE_*.
Signed-off-by: Jouni Malinen <j@w1.fi>
This gets rid of an unnecessary duplication of the definitions since all
the code has now been moved to using the earlier RSN_AUTH_KEY_MGMT_*
definitions.
Signed-off-by: Jouni Malinen <j@w1.fi>
IEEE 802.11 standard defines the suite selectors in <OUI>:<subtype>
format where OUI uses hexadecimal format and subtype decimal format.
These WLAN_AKM_SUITE_* definitions ended up getting written incorrectly
by interpretting the decimal part as hexadecimal and as such, by having
an incorrect value. However, the older RSN_AUTH_KEY_MGMT_* values were
defined with correct values and those definitions were used in most
locations.
This commit fixes the AKM suite selector values in RADIUS WLAN-AKM-Suite
attribute for FILS and Suite B. In addition, the AKM values used in
nl80211 driver configuration (NL80211_ATTR_AKM_SUITES) are fixed for the
Suite B cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit defines a QCA vendor command
QCA_NL80211_VENDOR_SUBCMD_CHIP_PWRSAVE_FAILURE that carries required
information leading to the power save failure. This will be an event
from the host driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is a regression test for comeback delay values larger than
GAS_QUERY_TIMEOUT_PERIOD causing timeouts for the query.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When AP responds with comeback delay for initial GAS query sent by STA,
gas_query_timeout should be cancelled to avoid GAS failures when
comeback delay is more than GAS_QUERY_TIMEOUT_PERIOD. The
gas_query_timeout is getting registered again when tx_status is received
for GAS comeback request.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit introduces the QCA vendor command and the attributes which
facilitate the host driver to use an external user space entity for
performing automatic channel selection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These commnds are mesh version of PMKSA_GET/ADD commands. So the usage
and security risk is similar to them. Refer to
commit 3459381dd2 ('External persistent
storage for PMKSA cache entries') also.
The MESH_PMKSA_GET command requires peer MAC address or "any" as an
argument and outputs appropriate stored PMKSA cache. And the
MESH_PMKSA_ADD command receives an output of MESH_PMKSA_GET and re-store
the PMKSA cache into wpa_supplicant. By using re-stored PMKSA cache,
wpa_supplicant can skip commit message creation which can use
significant CPU resources.
The output of the MESH_PMKSA_GET command uses the following format:
<BSSID> <PMKID> <PMK> <expiration in seconds>
The example of MESH_PMKSA_ADD command is this.
MESH_PMKSA_ADD 02:00:00:00:03:00 231dc1c9fa2eed0354ea49e8ff2cc2dc cb0f6c9cab358a8146488566ca155421ab4f3ea4a6de2120050c149b797018fe 42930
MESH_PMKSA_ADD 02:00:00:00:04:00 d7e595916611640d3e4e8eac02909c3c eb414a33c74831275f25c2357b3c12e3d8bd2f2aab6cf781d6ade706be71321a 43180
This functionality is disabled by default and can be enabled with
CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This can be used to determine whether the driver supports PMF and if so,
with which group management cipher suites. In addition, add the missing
pairwise and group cipher suite values to the documentation while adding
this new entry there as well.
Signed-off-by: Jouni Malinen <j@w1.fi>