Allow the first Tunnel-Password RADIUS entry to be used for SAE in
addition to the sae_password entries and wpa_passphrase parameters from
the static configuration file.
Signed-off-by: Mario Hros <git@reversity.org>
Report background radar/CAC detection capability if supported
by the underlying driver/hardware.
Tested-by: Owen Peng <owen.peng@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Introduce type parameter to dfs_get_valid_channel() routine to allow
selection of a radar-only channel where the CAC detection has not been
performed yet. This is a preliminary patch to enable background
radar/CAC detection.
Tested-by: Owen Peng <owen.peng@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
This is a preliminary change to introduce radar/CAC background detection
support.
Tested-by: Owen Peng <owen.peng@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Commit a41a29192e ("build: Pull common fragments into a build.rules
file") introduced a regression into wpa_supplicant build process. The
build target libwpa_client.so is not built regardless of whether the
option CONFIG_BUILD_WPA_CLIENT_SO is set or not. This happens because
this config option is used before it is imported from the configuration
file. Moving its use after including build.rules does not help: the
variable ALL is processed by build.rules and further changes are not
applied. Similarly, option CONFIG_NO_WPA_PASSPHRASE also does not work
as expected: wpa_passphrase is always built regardless of whether the
option is set or not.
Re-enable these options by adding both build targets to _all
dependencies.
Fixes: a41a29192e ("build: Pull common fragments into a build.rules file")
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Do not use the first octet of the PPE Thresholds field without
explicitly confirming that that octet was included in the element.
Furthermore, allow the received element to have additional octets in the
end since IEEE Std 802.11ax-2021 defines this to be an extensible
element and new fields could be added to the end of it in the future.
Fixes: 0497e41481 ("HE: Fix HE Capabilities element size")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The previously used calculation was not correct for the cases where the
extra padding field was needed. Fix this by properly calculating the
number of full octets in the field.
Fixes: 0497e41481 ("HE: Fix HE Capabilities element size")
Signed-off-by: Shiva Sankar Gajula <quic_sgajula@quicinc.com>
Do not leave a large number of network added/removed events remaining
for the following test case to handle. This removes some possible
failure test case sequences like the following one:
wpas_ctrl_many_networks dbus_ap_scan_2_ap_mode_scan
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Couple of the WPS/P2P/RADIUS-PSK cases were freeing heap memory
allocations without explicitly clearing the PSK value. Add such clearing
for these to avoid leaving the PSK in memory after it is not needed
anymore.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Unlike the other keys that were cleared here, the PMK is available
without FT support built into hostapd and as such, should be cleared in
all cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This makes it easier to scan process memory for key information that is
not supposed to remain there after the last use.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The current operating frequency information was already cleared when
stopping other modes, but the cases for stopping AP mode were not
covered. Clear bss->freq in wpa_driver_nl80211_del_beacon() to cover
these cases. In addition, move clearing of bss->beacon_set there to
avoid having to clear that in all callers separately.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This test cases can fail if previously executed tests leave older scan
results in cfg80211 scan table. Clear that scan table explicitly to
avoid such issues.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a NAN NDP attribute QCA_WLAN_VENDOR_ATTR_NDP_SERVICE_ID which
indicates service id with 6 bytes of length and it's derived from the
SHA-256 hash of the NAN service name. As per Wi-Fi Aware Specfication
version 3.2, this service ID is used to calculate the NAN PMK.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is needed to avoid pri/sec channel switching based on potential
scan results from the previous test cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is needed to avoid leaving wpa_state to SCANNING if network
introduction fails and a new association is not started.
This was found with the following test case sequence:
dpp_conn_status_connector_mismatch scan_trigger_failure
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
A previously set netrole (e.g., from DPP_LISTEN or DPP_AUTH_INIT) could
have been used in a following DPP_CHIRP or DPP_RECONFIG operation. This
could result in trying to request incorrect configuration and likely
rejection from the Configurator. Fix this by clearing the netrole when
starting these operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for at least the wpa_s->last_ssid to be left pointing to
a removed network which could result in processing the following
association as a reassociation-within-an-ESS even when it was moving to
a different ESS. This could result in unexpected behavior. This was
found with the following test case sequence:
sigma_dut_ap_psk_sae_ft sae_h2e_password_id ap_wps_pk_oom sigma_dut_client_privacy
Move clearing of wpa_s->last_ssid and wpa_s->current_ssid into
wpas_notify_network_removed() to catch all cases similarily to the way
wpa_s->next_ssid was already cleared.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
min-seq.py can be used to find a minimal test sequence that can be used
to reproduce test failures. This is meant for being able to process the
recently added "Failure sequence:" entries from parallel-vm.log to
reduce manual work needed to debug commonly failing test case sequences.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is needed to avoid test failures when a previous test case might
have restricted the set of allowed SAE groups.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The offchannel frame TX wait was stopped whenever processing
DPP_STOP_LISTEN in most cases. However, there was a corner case on the
Responder side where this operation was skipped after PKEX was completed
successful and the Authentication Request frame had not yet been
received from the Initiator.
While this does not normally cause any significant issue, this could
result in unexpected behavior especially in test cases that run multiple
DPP PKEX operations in a row since the start of a new TX operation might
get delayed while waiting for the previous TX-wait to complete.
This was found with the following test case sequence:
dpp_reconfig_retries dpp_pkex_alloc_fail
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Flush scan results to avoid unexpected behavior due to scan results
remaining available from previous test cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Flush scan results to avoid unexpected behavior due to scan results
remaining available from previous test cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The test case name ap_ft_pmf_over_ds was used for two different test
cases which resulted in only one of those being used. Fix this by using
unique test case names.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Clear scan cache to avoid issues with old scan results from earlier test
cases. This caused issues like the following test case sequence failing:
rrm_beacon_req_active_ap_channels ap_ft_eap_dis_over_ds
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Clear scan results to avoid issues with get_bss() finding an entry from
an earlier test case when checking for mesh information.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Set the cipher suite for the link. Unlike the other parameters, this
needs to be done with the first rtnl_link_add() call (NLM_F_CREATE))
instead of the update in try_commit() since the kernel is rejecting
changes to the cipher suite after the link is first added.
Signed-off-by: leiwei <quic_leiwei@quicinc.com>
Allow macsec_csindex to be configured and select the cipher suite when
the participant acts as a key server.
Signed-off-by: leiwei <quic_leiwei@quicinc.com>
Clear the scan cache on the AP before running this test since the HT40
operation on the 2.4 GHz band might get disallowed based on scan results
from earlier test cases. This was found with the following hwsim test
case sequence failing:
ap_acs_with_fallback_to_20 wpa2_ocv_ap_ht_mismatch
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
If the TX frame operation does not request any wait time, there is not
going to be any pending wait that could be cancelled later. As such,
there is no need to store the cookie value for these cases. This removes
unnecessary cancel-TX-wait operations that would result in some extra
latency and confusing debug log entries.
This was found with the following hwsim test case sequence where the
second test was failing due to the extra latency and this commit gets
rid of that failure:
rrm_ftm_range_req_timeout dpp_qr_code_auth_neg_chan
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Flush the scan table explicitly to avoid issues with the ROAM command if
the new AP is not found and an entry from a previous test case is used
instead. This was happening in a number of cases where a SAE test case
was run after sigma_dut_ap_cipher_gcmp_256 which used the second AP
instance and allowed that to show up in the scan results in the next
text case.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
There is no need to maintain the DPP authentication state if config
request processing fails, so clear state also in the GAS server request
handler similarly to the other failure cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
drv->send_frame_cookies[] was already cleared, but
dev->send_frame_cookie was not. This resulted in unnecessary attempts of
canceling the TX wait for a wait that had already expired. While this
does not really result in real issues, it is cleaner to get rid of the
error messages from the debug log by skipping the unnecessary
operations.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
These can fail if the scan results from the previous test case remain,
e.g., when run immediately after scan_bss_limit.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a couple of more channel configuration cases and log the channel
parameters with more details in the test log.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
A number of test cases using 40 MHz or wider channels with the primary
channel 36 were failing when executed after dpp_chirp_ap_5g since that
test case was running an AP on the channel 40 and resulting in need to
swap the primary and the secondary channels in the following test case.
Fix this by clearing the AP scan cache explicitly for such cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>