Commit graph

16905 commits

Author SHA1 Message Date
Jouni Malinen
e6ac269433 radiotap: Update radiotap parser
Update the radiotap parser to the latest version of the
http://git.sipsolutions.net/radiotap.git/ library.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-07 13:25:13 +02:00
Jouni Malinen
136bbf15c3 wlantest: Add more details about protected FTM frames
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-07 13:11:34 +02:00
Jouni Malinen
b9fd8191a5 wlantest: Recognize the FTM bit in the CCMP Key ID octet
This previously reserved bit is now used in FTM to help select the
appropriate replay counter. Silence the warning about use of a reserved
bit for this. wlantest does not yet support the actual replay counter
processing for FTM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-07 12:30:03 +02:00
Jouni Malinen
f56eec7c1a wlantest: Process Action No Ack frames like Action frames
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-07 12:00:12 +02:00
Jouni Malinen
56a04ae1a1 wlantest: Support TK list for Management frame decryption
Use the TKs from the PTK file (-T command line argument) to try to
decrypt encrypted Management frames if no BSS/STA key can be found based
on addresses.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-07 11:37:58 +02:00
Janusz Dziedzic
fce6fb0ec2 tests: DFS pre CAC tests
Add test cases that check preCAC, which is available for EU regulatory
domain. Also confirm that preCAC is not used for US.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2021-02-07 10:34:02 +02:00
Janusz Dziedzic
ef26fc19fa DFS: Allow switch to an available channel
For EU, where preCAC is allowed, we should allow switch to DFS available
channels, instead of restarting BSS.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2021-02-07 10:30:09 +02:00
Jouni Malinen
045a24273e tests: MAC ACL accept list changes
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-07 10:23:45 +02:00
Masafumi Utsugi
f98fe2fd00 hostapd: Report errors ACCEPT_ACL/DENY_ACL control interface commands
Return FAIL for couple of the operations that were previously ignoring
invalid addresses without reporting errors.

Signed-off-by: Masafumi Utsugi <mutsugi@allied-telesis.co.jp>
2021-02-07 10:20:58 +02:00
Masafumi Utsugi
15251c6584 hostapd: Fix dynamic ACCEPT_ACL management over control interface
hostapd_disassoc_accept_mac() was called after a new accept MAC address
was added (ACCEPT_ACL ADD_MAC), but this function should have been
called after an accept MAC address was removed and accept MAC list was
cleared to disconnect a STA which is not listed in the update accept MAC
address list. Fix this by moving the call to places where a connected
STA can actually end up losing its previously present accept entry.

Signed-off-by: Masafumi Utsugi <mutsugi@allied-telesis.co.jp>
2021-02-07 10:17:57 +02:00
Janusz Dziedzic
0f8994b11d tests: Extend Multi AP tests
Add option to:
 - add a new AP on the same phy that the backhaul-sta uses
 - run CSA from the parent

Adding a new AP (backhaul/fronthaul) on the same phy we have for
backhaul-sta is closer to the real repeater implementation.

Add a test case for that and run CSA.

This is a common problem when we have on the same phy:
 - connected backhaul STA
 - we started fronthaul/backhaul AP
 - we receive (from parent) CSA on the STA interface

This is multi_ap_wps_shared_apdev_csa test case, which fails today with
both mac80211_hwsim and ath9k. To avoid always failing test cases,
ignore this failure for now. Full validation can be enabled once the
issue behind this is fixed.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2021-02-06 18:05:50 +02:00
Janusz Dziedzic
e663221727 tests: Pass ful params_backhaul in Multi AP test cases
Pass the backhaul parameters as a parameter. This is in preparation for
channel switch test for Multi AP.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2021-02-06 18:03:58 +02:00
Raphaël Mélotte
871d6648f5 hostapd: Add multi_ap settings to get_config() output
Since a running hostapd is not necessarily using the settings that are
in the configuration file (if they were changed at runtime, or the file
was changed but not reloaded, etc.), being able to get their value at
runtime can be useful (to know if they have to be updated for example).

If multi_ap is set, also print the SSID and passphrase (or PSK).

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-02-06 18:03:58 +02:00
Raphaël Mélotte
3a3ea68a36 tests: Add WPS test with dynamic update
This test first configure hostapd with an initial SSID
('test-wpa2-psk-start'). Then a new SSID is configured
('test-wpa2-psk-new') using SET and RELOAD. Next, a station is
associated using WPS, and the test verifies that the new SSID was served
to the station.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-02-06 18:03:41 +02:00
Raphaël Mélotte
f95ccc102a WPS: Reconfigure credentials on hostapd config reload
When new credentials are configured and hostapd is reconfigured using
SIGHUP (or RELOAD on the ctrl_iface), also update the WPS credentials.

Before these changes, when WPS is triggered the Registar always serves
the credentials that were configured when hostapd started.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-02-06 17:15:31 +02:00
Raphaël Mélotte
2fd90eb095 WPS: Use helper variables to clean up code
This is in preparation of larger changes in hostapd_update_wps() to keep
the commits more readable.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-02-06 17:12:24 +02:00
Mikael Kanstrup
f7bbad5768 wpa_supplicant: Configurable fast-associate timer threshold
For Android the default value of 5 seconds is usually too short for
scan results from last scan initiated from settings app to be
considered for fast-associate. Make the fast-associate timer value
configurable so that a suitable value can be set based on a systems
regular scan interval.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
2021-02-06 16:56:30 +02:00
Arowa Suliman
b829b7003a wpa_supplicant: Notify freq change on CH_SWITCH
wpa_supplicant does not send a D-Bus notification of the BSS frequency
change when a CSA happens. Sending a PropertyChanged signal with the
updated frequency will notify the network manager quickly, instead of
waiting for the next scan results.

Signed-off-by: Arowa Suliman <arowa@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
2021-02-06 16:50:19 +02:00
Andrei Otcheretianski
a033e886b2 tests: Fix regdom cleanup in some p2p_channel tests
cfg80211 may ignore user hints while there are active COUNTRY_IE hints,
thus at some timings it may ignore the country setting back to world
domain. Fix it by making sure the country is set only after all the
interfaces are stopped. In addition, call a more robust
clear_regdom_dev() function.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-02-06 16:18:40 +02:00
Michal Kazior
3a00a86bb9 hostapd: Fix dpp_listen in DPP responder scenario
Some time ago it was found some drivers are setting their hw/ucode RX
filters restrictively enough to prevent broadcast DPP Action frames from
being received at upper layers in the stack.

A set of patches was introduced to the kernel and
ath9k driver as well as wpa_supplicant, e.g.,

  a39e9af90 ("nl80211: DPP listen mode callback")
  4d2ec436e ("DPP: Add driver operation for enabling/disabling listen mode")

However, the hostapd code itself was not calling the new multicast
registration. As such the AP side of things wasn't working as expected
in some scenarios. I've found this while trying to get ath9k working as
an AP Responder/Configurator.

The problem wasn't seen on, e.g., mac80211 hwsim driver.

Extend the wpa_supplicant mechanism to work with hostapd as well.

Signed-off-by: Michal Kazior <michal@plume.com>
2021-02-06 16:06:15 +02:00
Raphaël Mélotte
9ec28b657e tests: Add ap_notify_mgmt_frames
Test that if notify_mgmt_frames is enabled and a station connects we do
get AP-MGMT-FRAME-RECEIVED, and that it includes an Authentication
frame.

Also test that if notify_mgmt_frames is disabled, no Management frame is
sent on ctrl_iface when a station connects.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-02-06 13:58:02 +02:00
Raphaël Mélotte
4a7e0ac268 hostapd: Add an option to notify management frames on ctrl_iface
In some contexts (e.g., Multi-AP) it can be useful to have access to
some of the management frames in upper layers (e.g., to be able to
process the content of association requests externally).

Add 'notify_mgmt_frames'. When enabled, it will notify the ctrl_iface
when a management frame arrives using the AP-MGMT-FRAME-RECEIVED event
message.

Note that to avoid completely flooding the ctrl_iface, not all
management frames are included (e.g., Beacon and Probe Request frames
are excluded).

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-02-06 13:56:18 +02:00
Ircama
e79febb3f5 P2P: Adding option to manage device drivers creating random MAC addresses
Add option 2 to the p2p_device_random_mac_addr configuration option to
support device drivers which use by default random MAC adresses when
creating a new P2P Device interface (for instance, the BCM2711 80211
wireless device driver included in Raspberry Pi 4 Model B). In such
case, this option allows to create the P2P Device interface correctly
when using P2P permanent groups, enabling wpa_supplicant to reuse the
same MAC address when re-invoking a P2P permanent group.

update_config=1 is required.

Signed-off-by: Ircama <amacri@tiscali.it>
2021-02-06 13:40:29 +02:00
Roy Marples
a579642bc3 BSD: If route socket overflows, sync drivers to system interfaces
Messages such as RTM_IFNFO or RTM_IFANNOUNCE could have been lost.
As such, sync the state of our internal driver to the state of the
system interfaces as reports by getifaddrs(2).

This change requires the routing socket be placed in non-blocking
mode. While here, set the routing and inet sockets to close on exec.

BSDs that support SO_RERROR include NetBSD and DragonFly.
There is a review underway to add this to FreeBSD.

Signed-off-by: Roy Marples <roy@marples.name>
2021-02-06 13:27:24 +02:00
Andrei Otcheretianski
ba7542f62d tests: Add mixed SAE/WPA-PSK AP test
Verify WPA-PSK/TKIP connection on SAE configured AP.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-02-06 12:09:30 +02:00
Andrei Otcheretianski
fa859ebb19 RSN+WPA: Fix RSNE removing in EAPOL-Key msg 3/4 when RSNXE is included
When the AP advertised RSNE, RSNXE, and WPA IE, hostapd incorrectly
removed the RSNE in the EAPOL-Key msg 3/4 if the STA associates with
WPA, leaving only RSNXE instead of WPA IE. WPA STA fails to connect to
such AP as the WPA IE is missing.

Since RSNXE is not really used in non-RSN connection, just remove it
here with RSNE.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-02-06 12:09:30 +02:00
Jouni Malinen
dc19779592 RSN: Validate RSNXE match in EAPOL-Key msg 3/4 only when RSN is used
This is needed to avoid the corner case of local RSNXE aware station
being configured to behave as WPA(v1)-only STA when the AP might not
include RSNXE in EAPOL-Key msg 3/4.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-06 12:09:30 +02:00
Andrei Otcheretianski
5acc20e8f4 tests: Fix sporadic failures in p2p_channel_avoid3
The P2P group may be originally formed on UNII-3, so disabling UNII-1
and UNII-2 will not result in a channel switch failing the test.
Fix this by setting 44 as a preferred channel.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-02-06 12:09:30 +02:00
Andrei Otcheretianski
7546a70fbb tests: Fix ap_ft_r0_key_expiration test
The test configures ft_r0_key_lifetime parameter, however ft_params
already contain the r0_key_lifetime. Since both options are accepted by
hostapd and set the same field, one of them gets overwritten.
As the dictionary enumeration order is not guaranteed in python, the
test may sporadically fail.
Fix that by explicitely removing the unneeded parameter.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-02-06 12:09:30 +02:00
Andrei Otcheretianski
0b7895750b DPP: Silence compiler warning about signed/unsigned comparison
Old gcc versions complain about signed/unsigned comparison in
dpp_rx_gas_resp(). Hide it.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-02-06 12:09:30 +02:00
Jouni Malinen
8f557d2047 Make wpa_bss_ext_capab() handle NULL bss argument
This simplifies the callers that use wpa_s->current_bss (which could be
NULL).

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-06 12:09:30 +02:00
Johannes Berg
2cadb60abd robust_av: Use wpa_bss_ext_capab() helper
Use the helper instead of open-coding the check. Since the
helper doesn't handle a NULL BSS, keep that extra check.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2021-02-06 12:09:30 +02:00
Jouni Malinen
32cb91549e tests: he_tkip to match implementation change
HE is now getting disabled just like HT and VHT when only TKIP is
enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-06 12:09:30 +02:00
Shay Bar
a287c20789 Disable HE capabilities when using unacceptable security config
Add HE configuration check similar to HT/VHT.

Signed-off-by: Shay Bar <shay.bar@celeno.com>
2021-02-06 11:41:09 +02:00
Johannes Berg
56c192c5ee nl80211: Skip frame filter config for P2P-Device
There's no point in attempting to configure frame filters on
a P2P-Devices that doesn't even have a netdev (nor passes any
data traffic), that just results in error messages. Skip it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2021-02-06 11:41:09 +02:00
Brad Kemp
2b916c9fd5 dbus: Fix IEs getter to use wpa_bss_ie_ptr()
The wpa_bss structure's last element is an empty array. The forgotten
code here assumed that the array of IEs was contiguous to the wpa_bss
structure. This is not always the case anymore. Update this missed case
to use the new wpa_bss_ie_ptr() wrapper to send the correct array of IEs
over DBus.

Fixes: be7ee264f6 ("BSS: Use wrapper function for getting a pointer to the IE buffer")
Signed-off-by: Brad Kemp <brad at beechwoods.com>
2021-02-06 11:41:09 +02:00
Muna Sinada
9416b5f323 Add HE in ieee80211_freq_to_channel_ext() documentation
This function covers HE cases, so include that in the comment.

Signed-off-by: Muna Sinada <msinada@codeaurora.org>
2021-02-06 11:41:09 +02:00
Muna Sinada
2acfd15a2a hostapd: Generalize channel switch methods to incorperated HE mode
Remove the VHT specific naming on methods that are utilized in both VHT
and HE modes.

Signed-off-by: Muna Sinada <msinada@codeaurora.org>
2021-02-06 11:41:09 +02:00
Muna Sinada
2908dc91c1 hostapd: Enable HE for channel switch commmand
Add HE as an accepted option ("he") in the CHAN_SWITCH command similarly
to the way VHT is addressed.

Signed-off-by: Muna Sinada <msinada@codeaurora.org>
2021-02-06 11:41:09 +02:00
Jouni Malinen
1c3e71d149 P2P: Add a maximum length limit for peer vendor IEs
This is mainly to help with fuzz testing that could generate overly long
test data that would not be possible in real use cases due to MMPDU size
limits. The implementation for storing vendor IEs with such
unrealisticly long IE buffers can result in huge number of memory
reallozations and analyzing those can be very heavy.

While the maximum length of the fuzzing test input could be limited, it
seems nicer to limit this IE storage limit instead to avoid timeouts
from fuzz test runs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-02-05 01:39:29 +02:00
Jouni Malinen
947272febe P2P: Fix copying of secondary device types for P2P group client
Parsing and copying of WPS secondary device types list was verifying
that the contents is not too long for the internal maximum in the case
of WPS messages, but similar validation was missing from the case of P2P
group information which encodes this information in a different
attribute. This could result in writing beyond the memory area assigned
for these entries and corrupting memory within an instance of struct
p2p_device. This could result in invalid operations and unexpected
behavior when trying to free pointers from that corrupted memory.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269
Fixes: e57ae6e19e ("P2P: Keep track of secondary device types for peers")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-02-04 00:25:40 +02:00
Jouni Malinen
25df656a8a Remove pointless defines for ext capab bits
These were copy-pasted templates that were forgotten to be removed when
defining the bits.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-02-04 00:23:14 +02:00
David Su
11355a122d Reset external_scan_running on interface deletion
Currently, the external_scan_running flag is not reset when an interface
is removed. Thus, if a connection attempt is made on another iface, it
will fail due to wpa_supplicant incorrectly assuming the radio is still
busy due to the ongoing scan.

To fix this, convert external_scan_running to a pointer to the interface
that started the scan. If this interface is removed, also reset the
pointer to NULL so that other operations may continue on this radio.

Test:
  1. Start scan on wlan0
  2. Remove wlan0
  3. Can connect to a network on wlan1

Signed-off-by: David Su <dysu@google.com>
2021-02-02 23:48:14 +02:00
Aloka Dixit
630b1fdba8 AP: Add 6 GHz security constraints
Add security constraints for the 6 GHz band as given in IEEE
P802.11ax/D8.0, 12.12.2.

Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-02-02 23:39:31 +02:00
Abinaya Kalaiselvan
df0bfe4759 mesh: Fix for leaving mesh
Avoid multiple execution of wpa_drv_leave_mesh().

Fixes: 0896c442dc ("mesh: Fix for mesh init/deinit")
Signed-off-by: Abinaya Kalaiselvan <akalaise@codeaurora.org>
2021-02-02 22:58:49 +02:00
Ilan Peer
24f0507af4 WPA: Support deriving KDK based on capabilities (Authenticator)
Derive the KDK as part of PMK to PTK derivation if forced by
configuration or in case both the local AP and the peer station declare
support for secure LTF.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 23:09:39 +02:00
Ilan Peer
dccb6cde03 WPA: Support deriving KDK based on capabilities
Derive the KDK as part of PMK to PTK derivation if forced by
configuration or in case both the local station and the AP declare
support for secure LTF.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 23:09:39 +02:00
Ilan Peer
9e7b980d65 PASN: Include RSNXE in the PASN negotiation
IEEE P802.11az/D2.6 added definitions to include RSNXE in the PASN
negotiation. Implement the new functionality in both wpa_supplicant and
hostapd.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 23:09:36 +02:00
Ilan Peer
d8cd20e37b RSN: Add RSNXE new definitions
IEEE P802.11az/D2.6 defines the following additional capabilities to
RSNXE:

- Secure LTF support
- Secure RTT support
- Protection of range negotiation and measurement management frames.

Add support for advertising the new capabilities.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 23:08:27 +02:00
Ilan Peer
b07b9387d4 tests: Add PASN tests with FT key derivation
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 17:49:04 +02:00