Commit graph

11062 commits

Author SHA1 Message Date
Jouni Malinen
c3dc68e844 Do not invalidate EAP session cache on all network block parameter changes
The bssid and priority parameters in a network block do not have any
effect on the validity of an EAP session entry, so avoid flushing the
cached session when only these parameters are changed. This is mainly to
allow forced roaming or network selection changes without causing fast
reauthentication to be disabled if the changes are done during RSN
association that used EAP.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-16 19:44:32 +02:00
Jouni Malinen
9231c2476f wlantest: Fix bip_protect() memory allocation
The addition operator is of higher precedence than the ternary
conditional and the construction here needs to use parentheses to
calculate the buffer length properly when generating test frames with
BIP protection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-14 18:42:46 +02:00
Jouni Malinen
c6c29be1bd Interworking: Add credential realm to EAP-TLS identity
If the configured credential includes a username without '@' (i.e., no
realm) in it and a realm, combine these to form the EAP-Request/Identity
value as "<username>@<realm>" for EAP-TLS. This was already done for
EAP-TTLS as part of the anonymous NAI conversion, but EAP-TLS could have
ended up using a username without any realm information which would be
unlikely to work properly with roaming cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-11 21:06:15 +02:00
Jouni Malinen
8b29661192 tests: Accept "user@example.com" as user identity similarly to "user"
This is needed to allow updated Interworking behavior that adds the
realm to the EAP-Response/Identity value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-11 21:06:15 +02:00
Dedy Lansky
f2d6c17aa0 nl80211: Support network hierarchy of a master interface under bridge
Since commit cb05808c46 ('nl80211: Generic
Linux master interface support for hostapd'), hostapd is listening for
EAPOL frames on any master which the interface is enslaved under.

This commit allows hostapd to support network hierarchy in which the
interface is enslaved under some master which in turn is enslaved under
a bridge.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2016-03-09 21:03:41 +02:00
Jouni Malinen
71fd685fb8 tests: Set ocsp_stapling_response_multi in as2.conf
This keeps the as.conf and as2.conf more consistent.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-09 19:49:24 +02:00
Jouni Malinen
40ae4a2ff2 tests: Fix root_ocsp() for multi-OCSP test cases
Incorrect path and file name was used in the openssl command to generate
one of the OCSP responses. Also fix
ap_wpa2_eap_tls_intermediate_ca_ocsp_multi to expect success rather than
failure due to OCSP response. Based on the test description, this was
supposed to succeed, but apparently that root_ocsp() bug prevented this
from happening.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-09 19:48:35 +02:00
Jouni Malinen
f85399f396 Reserve QCA vendor specific nl80211 commands 116..118
These are reserved for QCA use.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-08 23:08:45 +02:00
Zefir Kurtisi
3bd58861ae hostapd: Handle running out of DFS channels
In scenarios where only DFS channels are available (e.g., outdoor,
special country codes), hostapd must be able to handle situations
where all are unavailable.

The two possibilities to get there are
1) while operating on the last available DFS channel a radar is
   detected
2) hostapd is started while all channels are unavailable

In both cases, hostapd instead of terminating should better
wait for the NOPs to pass and re-try operation after the CAC.

This patch provides that feature by using the condition
(iface->state == HAPD_IFACE_DFS && !iface->cac_started)
as NOP mode signature to retry operation from within
hostapd_dfs_nop_finished().

Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
2016-03-08 12:16:37 +02:00
Dedy Lansky
cc1af6faed FST: Fix session setup failure with peer without MB IE
Upon receiving FST setup request on old band, the peer is searched on
new band. The assumption is that MB IE from this peer on new band
previously received either in assoc event or in FST setup request.

There are cases in which above assumption doesn't work, peer is not
found and session setup fails. For example:
- STA connects over 11ac. Due to driver limitation, MB IE is not included
in assoc event
- STA connects over 11ad. MB IE included in assoc event.
- FST session established on 11ac band, with AP as initiator. i.e. FST
setup request sent in AP=>STA direction. STA searches for peer's (AP)
MB IE on 11ad band which exists.
- FST switch occur
- FST session established on 11ad band, with STA as initiator. i.e. FST
setup request sent in STA=>AP direction. AP searches for peer's (STA)
MB IE on 11ac band which are absent.

For fixing the above, consider also peers without MB IE as candidates in
the search algorithm.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2016-03-07 18:04:47 +02:00
Lior David
dfe0745c9a P2P: Add optional op_class argument to P2P_SET listen_channel
The existing implementation in p2p_ctrl_set used a hard-coded operating
class 81 which is only suitable for the social channels in the 2.4 GHz
band, and will not work for the social channel in the 60 GHz band.
Extend this by adding an optional op_class argument to P2P_SET
listen_channel. If not specified, use the default value of 81 to match
existing behavior.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-03-07 13:51:01 +02:00
Lior David
e4a1469cec P2P: Adjust service discovery maximum fragment size for 60 GHz
In the 60 GHz band, service discovery management frames are sent over
the control PHY and have a smaller maximum frame size (IEEE Std
802.11ad-2012, 21.4.3.2). Fix the code to use sufficiently small
fragment size when operating in the 60 GHz band.

The 60 GHz fragment size (928) is derived from the maximum frame size
for control PHY (1023) and subtracting 48 bytes of header size, and some
spare so we do not reach frames with the absolute maximum size.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-03-07 13:47:01 +02:00
Johannes Berg
890fd60f7d tests: Add tests for HS 2.0 frame filtering
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2016-03-07 11:07:58 +02:00
Bob Copeland
fa7f9570f2 tests: Add a test for mesh gate forwarding
This test checks that mesh nodes forward frames for unknown
destinations to the mesh gates.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
2016-03-07 11:05:22 +02:00
Jouni Malinen
dbd183c717 tests: D-Bus AssocStatusCode
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-06 20:54:16 +02:00
Naveen Singh
c7fb678f31 D-Bus: Add association response status code property for failure cases
(Re)Association Response frame with status code other than 0 is now
notified over DBUS as a part of PropertiesChanged signal. This can be
used by application in case AP is denying association with status code
17 (band steering) so that it does not interfere in the BSSID selection
logic of wpa_supplicant.

Signed-off-by: Naveen Singh <nasingh@google.com>
2016-03-06 20:44:51 +02:00
Eliad Peller
2940bf669a hostapd: Use ifname of the current context in debug messages
In case of multiple BSS configuration, return the current interface
name, instead of the first one.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-06 20:01:15 +02:00
Eliad Peller
6448e06415 hostapd: Allow use of driver-generated interface addresses
Add a new 'use_driver_iface_addr' configuration parameter to allow use
of the default interface address generated by the driver on interface
creation. This can be useful when specific MAC addresses were allocated
to the device and we want to use them for multi-BSS operation.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-06 20:00:40 +02:00
Eliad Peller
f2accfe708 AP: Save EAPOL received before Association Response ACK
There is a race condition in which AP might receive the EAPOL-Start
frame (from the just-associated station) before the TX completion of the
Association Response frame. This in turn will cause the EAPOL-Start
frame to get dropped, and potentially failing the connection.

Solve this by saving EAPOL frames from authenticated-but-not-associated
stations, and handling them during the Association Response frame TX
completion processing.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-06 17:08:12 +02:00
Janusz Dziedzic
c0ca24fc30 tests: Add hostapd.py helpers for various radio parameters
Add support for generating hostapd parameters for
b_only/g_only/a_only/HT20/HT40/VHT80.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:51 +02:00
Janusz Dziedzic
e3b36d420e tests: Add terminate support for hostapd/wpa_supplicant
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:51 +02:00
Janusz Dziedzic
13073011b9 wpaspy: Add support for TERMINATE command
This can be used to terminate the wpa_supplicant/hostapd process.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:51 +02:00
Janusz Dziedzic
4d48d44ca2 tests: Add HostapdGlobal.get_ctrl_iface_port()
This adds a method to get the UDP port for an interface.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:51 +02:00
Janusz Dziedzic
cb73f7e84d tests: Add UDP ctrl_iface support to hostapd.py
Allow use of a remote host using wpaspy.Ctrl with UDP ctrl_iface
support.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:51 +02:00
Janusz Dziedzic
0fd4792b48 tests: Add UDP ctrl_iface support to wpasupplicant.py
Allow use of a remote host using wpaspy.Ctrl with UDP ctrl_iface
support.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:51 +02:00
Janusz Dziedzic
a2c88a8025 wpaspy: Add support for UDP connection
hostname and port can now be specified when using wpaspy.Ctrl, so we can
connect to remote clients now.

This can also be tested using test.py application with
./test.py <hostname> <port>

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:51 +02:00
Janusz Dziedzic
3e67171846 hostapd: Add global TERMINATE command
This will terminate the hostapd process.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:50 +02:00
Janusz Dziedzic
618f5d01b0 hostapd: Add INTERFACES ctrl_iface command
Return a list of the available interfaces (the main BSS) and optionally
with ctrl_iface when the optional "ctrl" parameter is included. This is
useful when using UDP ctrl_iface and add interfaces using the ADD
command. After that we need to know which UDP port was assigned for the
control interface for the added interface.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:50 +02:00
Janusz Dziedzic
180e5b96c3 hostapd: Update ctrl_interface for UDP to include the selected port
Set up the real ctrl_interface for UDP after having selected the port.
This is in format: udp:<port_no>. This is needed to get accurate
interface <-> udp_port mapping.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:49 +02:00
Janusz Dziedzic
56e2fc2c31 wpa_supplicant: Add ctrl parameter to INTERFACES command
"INTERFACES ctrl" can now be used to fetch a list of network interfaces
and their control interfaces, e.g., to fetch the UDP port information
for the control interface.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:49 +02:00
Janusz Dziedzic
b9066c638a hostapd: Allow UDP ctrl_iface configuration to set the UDP port
This allows the UDP port to be set for the per-interface and global
control interfaces. The format is: udp:<port_no>

For example:
hostapd -ddt -g udp:8888

And in the configuration file:
ctrl_interface=udp:8877

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:43 +02:00
Janusz Dziedzic
56885eecf4 hostapd: Add UDP support for ctrl_iface
Add UDP support for ctrl_iface:

New config option could be set:
CONFIG_CTRL_IFACE=udp
CONFIG_CTRL_IFACE=udp-remote
CONFIG_CTRL_IFACE=udp6
CONFIG_CTRL_IFACE=udp6-remote

And hostapd_cli usage:
hostapd_cli -i localhost:8877

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:37 +02:00
Janusz Dziedzic
acf57fae76 ctrl_iface_common: Use sockaddr_storage instead of sockaddr_un
This is a step towards allowing UDP sockets to be used with the common
implementation.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:15:05 +02:00
Janusz Dziedzic
89b781bc89 hostapd: Use common functions for ctrl_iface
Use the common functions, structures when UNIX socket ctrl_iface used.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:15:05 +02:00
Janusz Dziedzic
1a2124c650 wpa_supplicant: Use common functions for ctrl_iface
Use the common functions, structures when UNIX socket ctrl_iface used.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:15:05 +02:00
Janusz Dziedzic
ca974ae53f Add common ctrl_iface files
This is preparation for sharing a single implementation for ctrl_iface
functionality in wpa_supplicant and hostapd.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:15:05 +02:00
Janusz Dziedzic
d60886cdaf wpa_supplicant: Add monitor support for global UDP ctrl_iface
Add monitor support (ATTACH/DETACH) for the global ctrl_iface when using
the UDP backend.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 10:46:13 +02:00
Janusz Dziedzic
f0e5d3b5c6 wpa_supplicant: Share attach/detach/send UDP ctrl_iface functions
Extend the previously per-interface UDP ctrl_iface functions
(attach/detach/send) to support operations on the global interface as
well.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 10:21:18 +02:00
Janusz Dziedzic
db7fb435f3 wpa_supplicant: Allow UDP ctrl_iface configuration to set the UDP port
This allows the UDP port to be set for the per-interface and global
control interfaces. The format is: udp:<port_no>

For example:
wpa_supplicant -Dnl80211 -ddt -g udp:9888

And in the configuration file:
ctrl_interface=udp:9877

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 10:15:57 +02:00
Avichal Agarwal
35986959d9 P2P: Update peer WFD IE from PD Response and GO Negotiation Response
Update the peer WFD IE information based on WFD elements received in
Provision Discovery Response and GO Negotiation Response frames.

Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com>
2016-03-05 10:02:59 +02:00
Eliad Peller
c69ef1d2da P2P: Respect p2p_ignore_shared_freq on p2p_group_add
Make sure wpas_p2p_init_go_params() respects the p2p_ignore_shared_freq
configuration option. Choose currently used frequencies only if this
option is not set, or if there are no unused channels left.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-04 21:17:32 +02:00
Eliad Peller
4115b0524b P2P: Fix shared freq print in wpas_p2p_init_go_params()
"freq" contains the forced frequency, not the selected one. Print the
correct freq instead.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-04 21:16:00 +02:00
Ilan Peer
12c1fdf19a P2P: Update peer listen channel from Probe Request frames
In case a Probe Request frame is received from a known peer P2P Device,
update the listen channel based on the P2P attributes in the Probe
Request frame. This can be useful for cases where the peer P2P Device
changed its listen channel, and the local P2P device is about to start a
GO Negotiation or invitation signaling with the peer.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-03-03 17:10:26 +02:00
Ben Rosenfeld
a805731086 P2P: Abort ongoing scan when p2p_find is stopped
When p2p_find is stopped, send request to the driver
in order to cancel an ongoing scan if there is one.

Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
2016-03-03 17:10:26 +02:00
Ayala Beker
7441698fcf nl80211: Abort an ongoing scan upon scan timeout indication
Currently, when scan is stuck in the kernel/driver/fw,
the nl80211 driver tries to recover by faking a SCAN_RESULTS flow.
However, the scan is still stuck in the kernel/driver/fw.

To avoid that stuck request, abort it upon scan timeout.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2016-03-03 17:10:26 +02:00
Ilan Peer
d4b521a38b tests: Handle different delays in discovery_and_interface_disabled
Test different delay intervals between the INTERFACE_DISABLED event
and the INTERFACE_ENABLED event for discovery_and_interface_disabled.

Previously, only a delay of 1 second was used, in which case the
scan results for the P2P_FIND operation were received after the
interface was enabled again, and the case the scan results were
received while the interface was disabled was not covered.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-03-03 17:10:26 +02:00
Ilan Peer
1446afc865 wpa_supplicant: Handle EVENT_SCAN_RESULTS when an interface is disabled
An interface can be disabled while it has an ongoing scan request.
In such a case, when the scan results notification is received,
it was being ignored (as the interface is already disabled) so the
scan state was not cleared. This can cause undetermined behavior
for the next scan request.

To handle this, clear the scan state when EVENT_SCAN_RESULTS is
received and the interface is disabled.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-03-03 17:10:26 +02:00
Avraham Stern
d14e63a2aa WNM: Do not scan based on malformed BSS Transition Management Request
Verify that when the Candidate List Included bit is set in a BSS
Transition Management Request frame, the candidate list actually
includes at least one candidate. If no candidates are included, reject
the request without scanning.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-03-03 17:10:25 +02:00
Jouni Malinen
f1e26f8965 tests: BTM Request Preferred Candidate List followed by vendor element
This goes through parsing code for a case that was interpreted
incorrectly in the past.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-03 17:10:25 +02:00
Avraham Stern
f420577f3c WNM: Fix candidates count in BSS Transition Management Request
In BSS Transition Management Request frame, it is possible that vendor
specific IEs are included after the candidate list. In this case the
candidates count was incremented for each IE although the candidate list
is already over which could result in adding all zeros candidates into
the neighbor list.

Fix that by incrementing the candidates count only for neighbor report
elements.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-03-03 17:09:26 +02:00