Using D-Bus it is possible to trigger a valid UPnP SD request where
"tlv" is specified: in this case "tlv" is allocated, and then not used
nor freed. Valgrind complains as follows:
72 bytes in 2 blocks are definitely lost in loss record 46 of 68
at 0x484C214: calloc (vg_replace_malloc.c:1675)
by 0x41C673: wpabuf_alloc (wpabuf.c:124)
by 0x41C673: wpabuf_alloc_copy (wpabuf.c:162)
by 0x54F8B5: wpas_dbus_handler_p2p_service_sd_req (dbus_new_handlers_p2p.c:2928)
by 0x53B9A2: msg_method_handler (dbus_new_helpers.c:356)
by 0x53B9A2: message_handler (dbus_new_helpers.c:412)
by 0x4EAB4B8: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.19.13)
by 0x5495DF: dispatch_data (dbus_common.c:37)
by 0x5495DF: process_watch (dbus_common.c:73)
by 0x5495DF: process_watch_read (dbus_common.c:89)
by 0x41EE8E: eloop_sock_table_dispatch.part.0 (eloop.c:603)
by 0x41FA46: eloop_sock_table_dispatch (eloop.c:597)
by 0x41FA46: eloop_run (eloop.c:1233)
by 0x56A3CE: wpa_supplicant_run (wpa_supplicant.c:8074)
by 0x40DB06: main (main.c:393)
Fix it ensuring that "tlv" is freed, both in the error and non-error
path of wpas_dbus_handler_p2p_service_sd_req(). Also, add a test case in
test_dbus.py to verify correct behavior.
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
Currently color change test is supported only on the first link of the
AP MLD. Extend the support to test on non-first link as well.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Add the eht_mlo_color_change test case to perform color change on the
first link of an AP MLD. Performing on non-first link will be done
later.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Add the he_bss_color_change test case which brings up an HE AP and
performs color change operations and validates the result.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Add a test case 'eht_mld_cohosted_connectivity' which creates two 2 link
AP MLDs and connect a 2 link MLD client to each one of them and test
data traffic.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Add test cases to test basic cohosted MLDs functionality. Add helper
functions to create the configuration file, start hostapd instance.
Client connectivity test case will be added via a subsequent commit.
eht_mld_cohosted_discovery: 2 co-hosted MLDs without non-MLD RNR. Basic
bring up and beacon, MLD RNR, scan validation.
eht_mld_cohosted_discovery_with_rnr: Same like eht_mld_cohosted_discovery
but additionally non-MLD RNR (rnr=1) is also enabled. Validate the non-MLD
RNR as well.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
This is needed to match the implementation change to map the 5 GHz
channels 149-175 to the global operating class 125 instead of 124.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Wait for both peers to be connected before checking MESH_LINK_PROBE
behavior. Without this, it was possible for a MESH_LINK_PROBE command to
be issues before the specific peer had been added and that would result
in the nl80211 command failing.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This test case ended up dropping HT capability on channel switch which
is now resulting in mac80211 disconnecting. Avoid this by leaving HT
enabled. In addition, check the P2P Client events explicitly.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When a BSS is removed, the flow continues without actually
waiting for the AP to be stopped. This is racy in flows that
actually expect the AP to be stopped, e.g., test_ap_bss_add_remove().
Try to mitigate such cases by adding a short sleep after the
AP is removed.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This is needed to avoid unexpected behavior if a previously executed
test case has left a BSS entry with Interworking emabled into the case.
Signed-off-by: Jouni Malinen <j@w1.fi>
At least some of the previous versions have expired, so need to re-sign
these to avoid EAP test case failures. This contains updates from
running tests/hwsim/auth_server/update.sh.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a test behaving like an Asus RT-AC53 with firmware
3.0.0.4.380_10760-g21a5898, which (in some cases?) can have an ECSA
element stuck in the probe response, when the channel switch is long
finished.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add a few tests to validate what happens with connections
while an AP is doing CSA:
- quiet to diff channel (shouldn't connect)
- quiet to same channel (shouldn't connect)
- non-quiet to diff channel (shouldn't connect)
- non-quiet to same channel (should connect)
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
PMKSA cache API is included in libpasn.so used by external modules,
e.g., Wi-Fi Aware. To avoid dependency on IEEE8021X_EAPOL define for the
external modules at compile time, remove PMKSA cache static inline
functions from the header file and add wrapper function stubs.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Verify that the Extended Capabilities element for the TX BSS shows
beacon protection disabled and the Extended Capabilities element for the
non-TX BSS (within the Multiple BSSID element) shows it enabled.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
These can cause unexpected test failures, so dump the pending monitor
socket events more frequently in some cases where event throttling is
seen.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This test could have failed if scan results from a previously executed
test case were still the in the driver cache.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is needed to avoid failures due to previous test cases having left
sae_groups set to something else than the default.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This cleans up the implementation and makes stopping of sigma_dut (and
cleanup after some parameters it might leave behind) more robust.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for this test case to fail if a previously executed test
case left another BSS entry for the BSSID used by the second AP here.
That could have skipped the needed scan with scan_for_bss(bssid2). Force
this command to run a new scan to discover the second AP correctly.
Signed-off-by: Jouni Malinen <j@w1.fi>
These test cases check the BSS entry information and if the kernel scan
cache maintains an old BSS entry for a previous test case for the same
BSSID this can result in a false failure.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This makes the test care less likely to fail due to another STA
happening to be listening for Public Action frames and replying to the
P2P GO Negotiation Request.
Signed-off-by: Jouni Malinen <j@w1.fi>
Check that each test case function includes a title in __doc__ and also
verify that the same test case is not added multiple times from
different files.
Signed-off-by: Jouni Malinen <j@w1.fi>
Do not disable HT support on the GO and wait for the channel switch
event on the P2P Client before proceeding with connectivity test.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add ANQP fields to the BSS properties to allow DBus clients to be
notified and obtain the values when it changes.
Signed-off-by: Damien Dejean <damiendejean@chromium.org>
Add a D-Bus method to perform ANQP get requests. The new method is
equivalent to the "anqp_get" command available in wpa_cli.
Signed-off-by: Damien Dejean <damiendejean@chromium.org>
This wait for a specific event is needed to allow a new DPP-PB-STATUS
event to be added at the start of the PB operation.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Verify that CSA can be performed on the first link of an AP MLD and
further check that traffic still continues even after channel switch.
Finally, check again that a subsequent CSA can be performed without
affecting the data traffic.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
When puncturing is used on EHT, the HT/VHT/HE channel configuration must
not encompass the punctured subchannel, so must use a lower bandwidth.
Change the puncturing tests accordingly.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This reverts commit eecaceed8f. This test
case can now be restored since hostapd is modified to allow test cases
changes to be done to cover the special impact from EHT puncturing to
available HT/VHT/HE channel bandwidth in this particular case.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
mac80211 has been modified to reject the configuration that is used in
this test case. For now, remove this until the puncturing of the second
20 MHz segment can be handled in a manner that allows mac80211 STA to
use EHT.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Leave the HT capability of the AP as-is when running channel switch test
cases that started failing with a recent kernel change that disconnects
on such "unexpected" change in AP capabilities.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Processing of WNM frames can results in a lookup of the current BSS
table. As such, the testing tool needs to initialize the BSS table to
avoid NULL pointer dereferences. This is not an issue that would show up
with real production uses with wpa_supplicant since wpa_bss_init() is
called there.
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67244
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The commit that renamed the WNM BTM deallocation function forgot to
update the fuzz tester tool.
Fixes: e508c070c4 ("WNM: Keep BTM information until connection completes")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The wpa_supplicant implementation for building the Supported Operating
Classes element was modified to add support for 80 MHz and wider
bandwidth on the 6 GHz band, 2-octet operating classes, and freq_list on
the 6 GHz band. Update the test cases that verify exact encoding of this
information to match the implementation changes.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
It looks like this test case can fail in some cases. Add more debug info
and event wait that might help with a race condition.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like the 30 second timeout, i.e., 25 second to discover and
receive GO Negotiation Request, was not sufficient for all cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
This aligns both the wpa_supplicant and bss structures to use the same
pattern of a valid_links bitmask plus per-link entries.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Slight differences in timing might make the final data connectivity
check fail, so disable the incorrect behavior first and wait for a
successfully completed GTK rekeying at the end before the final test.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Now that run-tests.py closes the control interface sockets explicitly,
there is no need to try to avoid using dev[] within the D-Bus test
cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Close all the control interface sockets and delete the client socket
files explicitly at the end of the test loop. This removes needs for
various workarounds that tried to force WpaSupplicant and Ctrl class
__del__() to remove the sockets.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The same thing as we did previously in dbus_p2p_autogo_pbc
can evidently also happen in dbus_p2p_autogo.
The test here wants to connect and then disconnect again,
but it's driven only by the GO side, so the client may end
up (with UML time-travel) not fully connecting, and then
it all fails. Wait for the client to have connected first.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The test here wants to connect and then disconnect again, but it's
driven only by the GO side, so the client may end up (with UML
time-travel) not fully connecting, and then it all fails. Wait for the
client to have connected first.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
p2p_go_neg_init() ignored the provided timeout value and used the
default 15 second timeout in discover_peer(). This did not allow the
recently added go_neg_pbc() timeout increase for concurrent cases to be
used fully.
Signed-off-by: Jouni Malinen <j@w1.fi>
Accept any sequence and number of responses as long as the needed
Bonjour and UPnP services are found.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The full scan at the beginning of the chirping step can take over 15
seconds when 6 GHz and S1G channels are included and the timeout here is
not enough to handle that.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Explicitly flush the scan cache in wpa_supplicant and cfg80211 to avoid
test failures here. An additional BSS table entry from a scan based on a
previous test case could result in causing this test case to report
failure since each beacon response could include multiple entries and
the check for the details would fail due to the unexpected data.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Explicitly wait for the STA to complete connection or channel switch
processing before running the second connectivity check.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
It is possible for the parallel connection attempt with an AP and P2P
device discovery with P2P search on social channels to take close to the
15 second timeout and these test cases could fail because of that
instead of a real issue. Increase the timeout to make this less likely
to cause test failures. In addition, add a debug entry to the log on the
r_dev timeout to avoid confusing print from the i_dev thread reporting a
timeout even when the first timeout was on the rdev_
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Similar to other cases before, this may end up trying to
send the frame before the carrier state is ready. Ensure
it's ready before sending the frame.
To do that, rename the sync_carrier() function and make
the ifname argument optional.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Due to scheduling in UML time-travel, the test may continue
running and find that the failure didn't trigger when really
the frame just didn't make it through to the other side. Add
some time for the necessary processing.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This makes valgrind reports somewhat cleaner when external libraries
have memory leaks that are not straighforward to fix. In addition,
increase the number of functions to include backtraces since the default
was not large enough to cover some cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow the Timeout Interval Type field in the Timeout Interval element to
be overridden with a different value for testing purposes to be able to
bypass the association comeback processing in mac80211. This allows the
wpa_supplicant internal functionality to be tested.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add HS20TermsAndConditions signal to D-Bus API to allow clients to be
notified when the network requires the acceptance of terms and
conditions. The URL of the T&C page is provided as a signal parameter.
Signed-off-by: Damien Dejean <damiendejean@chromium.org>
The ps command as shipped by busybox does not support the "command"
column. Change the code to use pgrep instead which will work fine in all
environments.
In addition, raise an exception if PID was not found since the test
would just hang with pid = 0.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Avoid race conditions (especially with UML time travel) between AP
completion of 4-way handshake and traffic test.
Signed-off-by: Jouni Malinen <j@w1.fi>
