One of the PBC APs was left running at the end of the tet case with
active PBC. Stop that AP as well before flushing scan information on the
STA.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Commit ace0fbdb69 ("P2P: Fix segfault when PBC overlap is detected")
removed the external calls to this function, but did not mark it static.
Mark it static now to clarify expected uses through the
wpas_p2p_pbc_overlap_cb() timer handler.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not sufficiently long for full scan while connected.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not sufficiently long for full scan while connected.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not long enough to allow two scan iterations to be completed.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add vendor subcmd QCA_NL80211_VENDOR_SUBCMD_ROAM_STATS and attribute id
in enum qca_wlan_vendor_attr_roam_cached_stats for collecting roaming
statistics information when diagnosing roaming behavior.
Signed-off-by: Chunquan Luo <quic_chunquan.quicinc.com>
Add new AP concurrency policy QCA_WLAN_CONCURRENT_AP_POLICY_XR to
configure interface for eXtended Reality (XR) requirements.
Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
Commit b20991da69 ("wlantest: MLD MAC Address in CCMP/GCMP AAD/nonce")
updated AAD and nonce construction to use MLD addresses in AAD for A1
and A2. IEEE P802.11be has additional cases where A3 in AAD is set to
the AP MLD address, so cover those as well.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Prefer a BSS entry that has a matching STA entry when processing
EAPOL-Key frames. This avoids issues where some combination of MLD
and/or link addresses are used in a sequence that could end up
generating two separate STA entries for the same non-AP MLD.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The BSSID (RA/TA) might differ from SA/DA for the AP, so print it as
well in the debug entry for EAPOL-Key frames.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
There was a race condition between the NFC handover requester and
selector role processing that ended up not sending out the alternative
proposal in some cases. Catch those at the end of
run_dpp_handover_client() processing (or immediately after returning
from that function without having sent out the alternative proposal).
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a new vendor command QCA_NL80211_VENDOR_SUBCMD_GET_MONITOR_MODE to
get the local packet capture status in the monitor mode. Add required
attributes to respond with status of the monitor mode. The monitor mode
can be started/configured by using the
QCA_NL80211_VENDOR_SUBCMD_SET_MONITOR_MODE subcommand.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Add new QCA vendor attributes to configure the driver for EHT
capabilities and multi link configuration.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add new QCA vendor attributes to configure the driver for EHT
capabilities. These attributes are used for testing purposes.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When I was testing dpp_auth_init on an AP with Enrollee on a different
channel from the AP I was getting failures. This happened on hwsim in
UML with time-travel for me. I don't recall seeing this with real
devices, presumably because of lax offchan implementation.
The DPP authentication would succeed. However the station would then try
to get configuration through a GAS request and fail.
The AP reported the following logs (grepped):
> 1614762426.860212: RX_ACTION category 4 action 10 sa 02:00:00:00:01:00 da 02:00:00:00:00:00 len 227 freq 2412
> 1614762426.860212: wlan0: GAS: GAS Initial Request from 02:00:00:00:01:00 (dialog token 239)
> 1614762426.860233: DPP: Wait for Configuration Result
> 1614762426.860234: nl80211: Send Action frame (ifindex=5, freq=2462 MHz wait=0 ms no_cck=0 offchanok=0)
> 1614762428.861186: DPP: Timeout while waiting for Configuration Result
> 1614762428.861186: wlan0: DPP-CONF-FAILED
While the STA reported the following logs (grepped):
> 1614762426.860193: wlan1: DPP-AUTH-SUCCESS init=0
> 1614762426.860195: DPP: Stop listen on 2412 MHz
> 1614762426.860202: wlan1: GAS-QUERY-START addr=02:00:00:00:00:00 dialog_token=239 freq=2412
> 1614762428.861185: GAS: No response received for query to 02:00:00:00:00:00 dialog token 239
> 1614762428.861189: DPP: GAS query did not succeed
> 1614762428.861189: wlan1: DPP-CONF-FAILED
AP would still receive the GAS request on ch1 but would then try to
respond on ch11 while STA was waiting on ch1.
Signed-off-by: Michal Kazior <michal@plume.com>
IEEE Std 802.11ax-2021, 12.12.2 requires this, so force MFPR=1 when
associating on the 6 GHz band so that ieee80211w=1 (i.e., MFPC=1 MFPR=0)
configuration can be used to get MFPC=1 behavior on other bands and
MFPR=1 on the 6 GHz band.
Signed-off-by: Jouni Malinen <j@w1.fi>
Allow specifying preferred GO band in addition to frequency. If a band
is specified, the first two scans will be limited to only non-DFS
channels to shorten scan times, and the next two will scan the entire
band.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Now that we check in PMKSA cache code whether the entry was created for
the same local address, it is fine to leave the old entries in the cache
even if we have changed addresses. This allows a valid PMKSA cache entry
to be used when restoring the same MAC address for the same ESS.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes the implementation more readable by sharing the same set of
enum values for all the parameters related to what kind of random MAC
addresses are used.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_s->last_mac_addr_change.sec might be zero in the special case of UML
testing with time travel since it would be possible to complete the test
case steps within one second of the system start.
Signed-off-by: Jouni Malinen <j@w1.fi>
When MAC address randomization settings change we should use a new MAC
address even if we are associating to the same ESS.
For example, consider this scenario:
- hardware MAC is being used,
- we disconnect from the network,
- policy/style is changed via D-Bus to turn randomization on,
- we reconnect to the same network.
In the last step a randomized MAC address should be used.
Changes to the randomization settings include both changes to the
policy/style to be used and changes to the pregenerated MAC address
value in case of mac_addr==3.
Signed-off-by: Andrzej Ostruszka <amo@semihalf.com>
gas_failures was using an invalid preassoc_mac_addr value 1111 to
trigger a failure. That won't work once wpa_supplicant starts validating
the range of the configuration parameter. Use a different mechanism to
force a failure in the actual random MAC address change functionality.
Signed-off-by: Jouni Malinen <j@w1.fi>
sta_dynamic_random_mac_addr and sta_dynamic_random_mac_addr_keep_oui
assumed that the same random MAC address remains in use even though it
set the lifetime to 0 seconds. This might have worked in the past by
accident, but set this properly to configure a longer lifetime.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the CreateInterface command was used to create a virtual AP
interface, deleting this interface using the RemoveInterface command was
also bringing down the primary interface.
wpa_supplicant never uses hostapd style multi-BSS setup with
type=WPA_IF_AP_BSS and setup_ap=1 to if_add() when creating an AP
interface in wpa_driver_nl80211_if_add(), so it should not go through
the multi-BSS tear down procedure in wpa_driver_nl80211_if_remove(). The
virtual AP resources init and deinit are well handled in
wpa_driver_nl80211_init() and wpa_driver_nl80211_deinit().
Collapse the interface type to WPA_IF_STATION for the D-Bus interface to
skip the multi-BSS cleanup procedure. This is inline with the control
interface design. Add comments before the code to avoid confusion.
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
IEEE P802.11be/D2.0 added a 4-octet Basic EHT-MCS And Nss Set field into
the EHT Operation element. cfg80211 is now verifying that the EHT
Operation element has large enough payload and that check is failing
with the previous version. This commit does not really set the correct
Basic EHT-MCS And Nss Set values, but the IE length check is now passing
to allow initial mac80211_hwsim testing to succeed.
Signed-off-by: Jouni Malinen <j@w1.fi>
The driver is expected to translate the link addresses to MLD addresses
when processing an Authentication frame from a MLD AP. Thus, accept
Authentication frame when the peer matches the expected MLD address.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In case both the local driver and the AP support MLD, request an MLD
association from the driver.
When processing the association event from the driver verify that the
multi link information in the (Re)Association Response frame ML element
matches the links on which the association was expected.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In case both the local driver and the AP support MLD, request an MLD
authentication from the driver. When processing the authentication event
from the driver verify that the MLD address in the authentication data
matches that of the requested AP.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Authentication frames include several fixed body parts (see Table 9-68
(Authentication frame body) and Table 9-69 (Presence of fields and
elements in Authentication frames) in IEEE P802.11-REVme/D2.0).
To be able to parse the IE part, these fields need to be skipped. Since
SAE logic already implements this parsing, change SAE authentication
handling functions to return the offset to the IE part. This preparation
is needed for future MLD patches that need to parse out the ML related
elements in the Authentication frames.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In case of drivers that offload the 4-way handshake to the driver, there
was no way of updating wpa_supplicant about the transition disable
bitmap received as a part of EAPOL-Key msg 3/4.
With latest provisions in cfg80211_port_authorized(), the TD bitmap can
be sent to the upper layer. Parse that as a part of the port authorized
event and set the transition disable information accordingly.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
Some Wi-Fi SoCs do not ensure unique MAC address for the new virtual
interface. Enforce unique address is used for the created AP interface
similarly to other previously address interface types.
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
chromeOS uses random generated MAC address for AP interface so that the
device could remain anonymous and untrackable. Add an address parameter
for CreateInterface method to pass in OS managed MAC address.
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
Fix a potential memory leak in CreateInterface method.
Fixes: 0ba266d86c ("dbus: Add virtual interface create/remove logic to be inline with ctrl_iface")
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
Return value of crypto_bignum_to_bin() wasn't always checked, resulting
in potential access to uninitialized values. Fix it, as some analyzers
complain about it.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Micha Hashkes <micha.hashkes@intel.com>
Fix an issue that results in TX failures being stored where TX retries
belongs.
Fixes: ad4fa5dd3c ("Add more nl80211 info to struct wpa_signal_info")
Signed-off-by: David Ruth <druth@chromium.org>
k_pad and tk were not cleared in internal HMAC-SHA256 implementation.
Clear them to avoid leaving secret material in temporary stack
variables.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
DEFINE_STACK_OF() was only introduced in OpenSSL 1.1.0 and newer, but
the ifdef directive that wrapped it was wrongly removed when cleaning
some BoringSSL definitions. Use ifdef confistently for defining and
using AttrOrOID.
Fixes: faf9c04cb5 ("Remove a host of unnecessary OPENSSL_IS_BORINGSSL ifdefs")
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Extend the SAE-EXT-KEY testing to also cover GCMP-256.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Use more specific status code values to report error cases.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
