For some reason, a potential OOM in hostapd_config_read_wpa_psk() and
hostapd_derive_psk() were missed in --codecov runs during the main
iteration loop. Cover these specific cases with separate instances to
avoid missing coverage.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends previous ap_vht160_no_dfs test case coverage by running the
same test case with each of the possible HT primary channel
alternatives.
Signed-off-by: Jouni Malinen <j@w1.fi>
This file is used only by hostapd_cli and wpa_cli and neither of those
are currently included in code coverage reporting. Avoid dropping the
coverage numbers by code that cannot be reached due to not being
included in the programs that are covered.
Signed-off-by: Jouni Malinen <j@w1.fi>
5745 MHz was added as an allowed short range device range in
wireless-regdb for DE which made this test case fail. Fix it for now by
using SE instead of DE for the second part of the test case.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for wireless-regdb to include a 160 MHz channel, but with
DFS required. This test case need the regulatory information to allow
160 MHz channel without DFS. Fix false failures by skipping the test if
this exact combination is not found.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wireshark renamed eapol.keydes.key_info to
wlan_rsna_eapol.keydes.key_info and that broke this test case when
upgrading Wireshark. Fix this by trying to use both the new and the old
name.
Signed-off-by: Jouni Malinen <j@w1.fi>
Something broke eap_fast_tlv_nak_oom when moving from Ubuntu 14.04 to
16.04. OpenSSL.SSL.Connection() state_string() returns None in these
cases and the debug log prints for that were causing the case to fail.
For now, work around this by checking whether the state string is None
before trying to print it.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes the debug log easier to understand and avoids leaving large
number of pending messages into the wpa_supplicant control interface
sockets.
Signed-off-by: Jouni Malinen <j@w1.fi>
It does not look like BoringSSL allows pbeWithMD5AndDES-CBC to be used
to protect the local private key, so skip this test case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This test case verifies that SD Response frame does not block the
following remain-on-channel operation unnecessarily long.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
HT cannot be used with WEP-only network, so don't try to do that here.
This get rids of some unnecessary Beacon frame updates during
disassociation/association and can make the test case a bit more robust.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previous PeerKey test cases did not actually verify in any way that
the SMK and STK exchanges were completed since mac80211 does not support
setting the key from STK. Use a sniffer check to confirm that the
exchanges complete to avoid PeerKey regressions like the ones fixed in
the last couple of commits.
Signed-off-by: Jouni Malinen <j@w1.fi>
The FILS ANQP-element changes made couple of the generic ANQP test steps
fail. Update this to ignore the special FILS cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
The sta2.scan() calls were performing full scan of all channels and
reporting only the BSS entry that happened to be the first one in the
wpa_supplicant list. This is problematic since it is possible that the
target AP was not found and incorrect BSS was selected and used for
setting scan_freq which made the connection fail. Furthermore, there is
no need to use full scan for these test cases, so use a single channel
scan instead.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use P2P listen mode on dev[1] to speed up GO Negotiation and explicitly
wait for successfully completed GO Negotiation to make the failure cases
clearer. Previously, it was possible for the GO Negotiation to fail and
execution to go to the tshark check even when no GO Negotiation Confirm
frame was sent.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There is no need to attach the monitor interface was events when issuing
only a single INTERFACES command.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It is possible for the P2P-GROUP-STARTED event to get delayed more than
one second especially when the GO Negotiation responder becomes the P2P
Client and the system is heavily loaded. Increase the default timeout
for the expected success case from 1 to 5 seconds to avoid failing test
cases that would have succeeded if given a bit more time to complete the
exchange.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was apparently possible to get a propertiesChanged event from an
earlier test case with an empty Groups property. That ended up this case
exiting immediately before running through the steps and consequently,
failing due to missed operations. Make this less likely to happen by
accepting the Groups property emptying event only after a group has been
added for a peer first.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Check whether the unexpected BSS entry is based on having received a
Beacon frame instead of Probe Response frame. While this test case is
using a huge beacon_int value, it is still possible for mac80211_hwsim
timing to work in a way that a Beacon frame is sent. That made this test
case fail in some rare cases. Fix this by ignoring the BSS entry if it
is based on Beacon frame instead of Probe Response frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Local key generation for FT-PSK does not use the AP-to-AP protocol and
as such, setting pmk_r1_push=1 is a bit confusing here since it gets
ignored in practice. Remove it to keep the test case easier to
understand.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for ap_wps_per_station_psk_failure to leave behind scan
entries with active PBC mode if cfg80211 BSS table. This could result in
a following test case failing due PBC overlap. Fix this by clearing the
cfg80211 BSS table explicitly.
This was found with the following test case sequence:
ap_wps_per_station_psk_failure autogo_pbc
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Work around the mac80211_hwsim limitation on channel survey by forcing
the last connection to be on 2.4 GHz band. Without this, wpas_ap_acs
would have failed to start the AP if the previous test case used the 5
GHz band.
Signed-off-by: Jouni Malinen <j@w1.fi>
There has been number of failures from this test case due to the
MESH-SAE-AUTH-FAILURE event from dev[0] and dev[1] arriving couple of
seconds after the one second timeout after the dev[2] events. This does
not look like a real issue, so increase the timeout to five seconds to
make this less likely to show false failures during testing.
Signed-off-by: Jouni Malinen <j@w1.fi>
If wpa_state is left to SCANNING by a previously executed test case,
scan_trigger_failure will fail. Instead of waiting for that failure,
check for wpa_state at the beginning of the test case and report a more
helpful error message if the test case would fail due to a previously
executed test case.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add two tests that check if the kernel BSS leak (when we get a deauth or
otherwise abandon an association attempt) is present in the kernel. This
is for a long-standing cfg80211/mac80211 issue that got fixed with the
kernel commit 'cfg80211/mac80211: fix BSS leaks when abandoning assoc
attempts'.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The final check in this test case was issuing a new P2P_FIND command
immediately after the P2P_SERVICE_DEL command on the peer. It looked
like it was possible for the scan timing to go in a sequence that made
the new P2P_FIND operation eventually accept a cfg80211 BSS entry from
the very end of the previous P2P_FIND. This resulted in unexpected
P2P-DEVICE-FOUND event even though there was no new Probe Response frame
from the peer at that point in time.
Make this less likely to show unrelated failures by waiting a bit before
starting a new P2P_FIND operation after having changes peer
configuration.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These test cases verify that there is no duplicate processing of P2P
Action frames while operating in a P2P group.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends the ap_wds_sta test case to cover post-reassociation case
(both with and without Authentication frame exchange) and add similar
test cases to cover open and WEP cases in addition to this existing
WPA2-PSK test case.
These cover functionality testing for the previous fix in
reassociation-without-new-authentication case. In addition, these find a
new mac80211 issue for the WEP + 4addr combination.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Verify that AP does not break PMF-enabled connection due to injected
Authentication frame. This is a regression test for
NL80211_FEATURE_FULL_AP_CLIENT_STATE changes resulting in dropping the
key in such a case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The optional "-m <multi.dat>" command line option can now be used to
specify a data file that can include multiple management frames with
each one prefixed with a 16-bit big endian length field. This allows a
single fuzzer run to be used to go through multi-frame exchanges. The
multi.dat file shows an example of this with Probe Request frame,
Authentication frame, Association Request frame, and an Action frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for the first wt.clear_bss_counters(bssid) call to fail
the test if timing worked out in a way that the wlantest process had not
received any Beacon frames from the first AP. Run a directed scan for
both of the BSSs before starting the test validation steps to make sure
such a case cannot fail this test case.
Signed-off-by: Jouni Malinen <j@w1.fi>
The kernel commit 'mac80211: filter multicast data packets on AP /
AP_VLAN' started filtering out the test frame used in
ap_vlan_without_station and that resulted in false failures. For now,
ignore that "error" case to avoid claiming failures when the kernel is
doing what it is expected to do.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows the new FILS test cases to be executed automatically when a
recent enough kernel version is used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The extension of aes_128_ctr_encrypt() to allow AES-192 and AES-256 to
be used in addition to AES-128 for CTR mode encryption resulted in the
backtrace for the function calls changing. Update the test cases that
started failing due to that change.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This test case did not clear sched_scan_plans if alloc_fail() resulted
in skipping the test case. This would result in the following
autoscan_exponential and autoscan_periodic test cases failing.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In case that a dedicated P2P Device interface is used, a new interface
must be create for a P2P group. Thus, in order to send mgmt
frames, attach a new WpaSupplicant object to the newly created group
and use this object for sending the frames.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Use the global control interface to remove P2P networks in
persistent_group_peer_dropped3 to support configurations that use a
dedicated P2P Device interface.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
For configurations that use a dedicated P2P Device interface, which
mandates that a separate interface is used for the P2P group, vendor
specific IE's must be added to the VENDOR_ELEM_P2P_* frame types in
order to be used by the P2P group interface. The VENDOR_ELEM_ASSOC_REQ
(13) parameter would need to be issued on the group interface which
would be challenging to do due to timing in case a separate group
interface gets used.
In case a dedicated P2P Device interface is used, don't include a test
for VENDOR_ELEM_ASSOC_REQ to avoid failing this part of the test case.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This test case could have ended with the station devices still in US
regulatory domain and that could make a following test case fail in some
sequences. For example, "ap_track_taxonomy ibss_5ghz" sequence made
ibss_5ghz fail to see the regdom change event since there was not one
due to the US country code already being in use at the beginning of the
test case. Fix this by clearing the country code at the end of
ap_track_taxonomy.
Signed-off-by: Jouni Malinen <j@w1.fi>
The reason_detail field was removed from the implementation, so the test
cases need matching changes.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add testcase to verify a failed reconnect attempt due to authentication
timeout blacklists the correct AP. Driver capabilities are forced to
non-SME and driver roaming (BSS selection) mode.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Add testcase to verify failed roaming attempt due to authentication
timeout blacklists the correct AP. Roaming attempt is performed
with the reassociate command and bssid_set=1. Driver capabilities
are forced to non-SME and driver roaming (BSS selection) mode.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Clear wpa_supplicant scan cache before starting these test cases since
the ROAM command depends on the correct BSS entry being found.
scan_for_bss() does not enforce that correct entry to be present if
there was an earlier BSS entry with the same BSSID.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This moves the wpa_supplicant debug entries from the end of a test case
using a dynamically added wlan5 interface to the correct test case,
i.e., the test case that added the interface instead of whatever test
case happens to follow this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Some tests call the check_qos_map() function more than once. Make sure
each test sets up wlantest only once before the first time the function
is called.
The wlantest setup sets the channel for the wlantest interface and
executes the wlantest executable. It is more efficient to do that only
once for each test.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Some operations take longer time on real hardware than on hwsim. This
commit increases two timeouts so that the tests will pass on real
hardware, too.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Use increased timeouts for connect and disconnect since these operations
take a longer time on real harware than they do on hwsim.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
It looks like the attempt to read the process id from a PID file can
return empty data. This resulted in kill_pid() failing to kill the
process and all the following FST test cases using the extra interface
failing. While the PID file is really supposed to have a valid PID value
when we get this far, it is better to try multiple times to avoid
failing large number of test cases.
The current os_daemonize() implementation ends up calling daemon() first
and then writing the PID file from the remaining process that is running
in the background. This leaves a short race condition where an external
process that started hostapd/wpa_supplicant could end up trying to read
the PID file before it has been written.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 2d6a526ac3 ('tests: Make
ap_wps_er_http_proto more robust') tried to work around the timeouts
here, but that was not really the best approach since the one second
timeout that was used here for connect() ended up being very close to
the limit even before the kernel change. The longer connect() time is
caused by a sequence where the listen() backlog ignores the connection
instead of accept() followed by close() within the wpa_supplicant ER
HTTP connection handling. The time to retransmit the SYN changed a bit
in the kernel from 1.0 sec to about 1.03 sec. This was enough to push
that over the one second timeout.
Fix this by using a sufficiently long timeout (10 sec) to allow SYN
retransmission to occur to recover from the listen() backlog case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It looks like connect() for a TCP socket can time out at least with a
recent kernel. Handle that case more gracefully by ignoring that socket
while allowing the test to continue.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It looks like it is possible for the separate started wpa_supplicant
process to remain running after a test case like fst_sta_config_default.
This would result in failures to run any following test case that uses
the wlan5 interface. Try to kill the process more thoroughly by waiting
for the PID file to show up and write more details into the logs to make
it easier to debug issues in this area.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use a smaller fragment_size to force the roundtrip limit to be reached
with OpenSSL 1.1.0 which seemed to result in a bit shorter TLS messages
being used and being able to complete the authentication successfully
with the previously used fragment_size value.
Signed-off-by: Jouni Malinen <j@w1.fi>
The bssid argument was missing from couple of test cases. While this is
clearly incorrect, it looks like the error did not really cause any
significant issues to the test case. Anyway, better provide the correct
set of arguments to the call.
Signed-off-by: Jouni Malinen <j@w1.fi>
After successfully passing the 525 tests on a remote setup mark the
tests as remote compatible.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Add a new function decorator for the test functions so that they can be
marked as remote compatible tests. Add a general filter to the remote
tests execution script to only execute tests that are remote compatible.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing shell commands to setup bridge so that this would also work on
remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing "iw connect ..." commands so that this would also work on
remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing "ip link set up/down" commands so that this would also work on
remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing "iw ... station get" commands so that this would also work on
remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing "ps ax" so that this would also work on remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing "ip addr add/del .." so that this would also work on remote
setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing "iw scan .." so that this would also work on remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing "iw reg set 00" so that this would also work on remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
One TDLS test case was using wlantest without doing the setup first.
This makes the test not work on real hardware. Fix the issue by adding
the wlantest setup to the test.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
hwsim_utils.set_powersace() used to do file operations locally in
python. Start using the cmd_execute() general function for file
operations so that this would also work on remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
This verifies that the channel switch is reported by the station and
replaces the fixed sleep before a traffic test by wait for the actual
switch operation to complete.
Signed-off-by: Jouni Malinen <j@w1.fi>
The generic cmd_execute() function was introduced in a manner that
converted the argument array to a string and used shell to run the
command unconditionally. This is not really desirable, so move back to
using the command array by default and use the single command string
with a shell only when really needed.
Signed-off-by: Jouni Malinen <j@w1.fi>
The ap_ht tests used to execute shell commands in the tests using the
subprocess python module. Complete the move to using the cmd_execute()
general function for executing shell commands so that this would also
work on remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The ap_ht tests used to execute shell commands in the tests using the
subprocess python module. Start using the cmd_execute() general function
for executing shell commands so that this would also work on remote
setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The ap_ht tests used to execute iw reg set command using the subprocess
python module. Start using the cmd_execute() general function for
executing shell commands so that this would also work on remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The test cases ap_ht40_5ghz_invalid_pair and ap_ht40_5ghz_disabled_sec
mixed use of apdev[0] and apdev[1] while only needing a single AP. This
works when both the devices are on the same host (e.g., with
mac80211_hwsim), but not when using separate remote hosts. Fix this by
using apdev[0] more consistently in these test cases.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Some TDLS and WPS test cases reference the hapd variable in the finally
block even if the test failed before assigning the value to this
variable. This makes the code in the finally block to fail on
referencing this variable. Assign None to the hapd variable before
starting the tests to avoid this.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The ap_ciphers tests used to do file operations locally in python. Start
using the cmd_execute() general function for file operations so that
this would also work on remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Add the feature to execute shell commands on each wpa_supplicant/hostapd
interface host. When executing remote tests the interfaces are not all
on a single host so when executing shell commands the test needs to
execute the command on the host which the interface relevant for the
command is on. This patch enables tests to execute the command on the
relevant host.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The next commit modifies the BSS command behavior to report partial
results for a BSS, so mesh_scan_oom needs to allow a BSS entry to be
returned as long as it does not include the mesh information.
Signed-off-by: Jouni Malinen <j@w1.fi>
Check for MESH-PEER-CONNECTED from dev[1] before reporting MGMT-RX
timeout errors from dev[0]. This avoids false failures in case the short
0.01 s timeout at the end of the loop was not long enough to catch the
message.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that the Accepting Additional Mesh Peerings field is being
cleared properly when the maximum peer links count is reached.
Signed-off-by: Jouni Malinen <j@w1.fi>
Start using the wpa_supplicant remote UDP interface for the control and
monitor sockets for P2P group interfaces so that P2P tests would work on
real hardware. Also have the group requests and events show in the test
log with the hostname and the interface name of the group interface.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The code contained some places that used an additional argument for
setup_hw after -R and also contained places where setup_hw cmdline was
passed as a string instead of an argument list. It also contained places
where the ifname was only treated as a single interface and disregarded
the possiblity of multiple interfaces. This commit fixes these issues
and executes setup_hw from a single function for all cases.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Use a monitor interface given in the command line that is not also a
station or an AP as a monitor running wlantest on the channel used by
the test. This makes all the tests that use wlantest available for
execution on real hardware on remote hosts.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
In monitor.py in the remote tests code there is fucntion create() that
creates standalone monitor interfaces. In this function there is an
iteration of the ifaces of the host by using the ifaces variable but
this variable is non-existing. This patch creates this variable before
its usage.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
This function is used for remote tests when a monitor interface is
needed on the channel on which the AP operates. This change enables us
to also query P2P interfaces for the channel information to use for
monitor interfaces.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Instead of accessing the logs list member of the remote host directly,
use a function to add logs to the remote host to be collected after the
test. This enables us to later have different implementation of remote
hosts or logs collection without requiring to have this list as the
implementation.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The regular hwsim tests use both unicast and broadcast frames to test
the connectivity between 2 interfaces. For real hardware (remote hwsim
tests) the broadcast frames will sometimes not be seen by all connected
stations since they can be in low power mode during DTIM or because
broadcast frames are not ACKed. Use 10 retries for broadcast
connectivity tests for real hardware so that the test will pass if we
successfully received at least one of them.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
This is needed to work with the tls_openssl.c changes that renamed the
function that is used for deriving the EAP-FAST keys.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit afb2e8b891 ('tests: Store P2P
Device ifname in class WpaSupplicant') did not take into account the
possibility of capa.flags not existing in get_driver_status() and broke
WEXT test cases. Fix this by checking that capa.flags is present before
looking at its value.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allow to run hwsim test cases.
duts go to apdev while refs go to dev
For now I tested:
./run-tests.py -d hwsim0 -r hwsim1 -h ap_open -h dfs
./run-tests.py -r hwsim0 -r hwsim1 -h ibss_open -v
./run-tests.py -r hwsim0 -r hwsim1 -r hwsim2 -d hwsim3 -d hwsim4 -h ap_vht80 -v
./run-tests.py -r hwsim0 -r hwsim1 -r hwsim2 -d hwsim3 -d hwsim4 -h all -k ap -k vht
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This is simple example how to write a simple test case.
modprobe mac80211_hwsim radios=4
run example:
./run-tests.py -d hwsim0 -r hwsim1 -t example
run example with monitors:
./run-tests.py -d hwsim0 -r hwsim1 -t example -m all -m hwsim2
run example with trace record:
./run-tests.py -d hwsim0 -r hwsim1 -t example -T
run example with trace and perf:
./run-tests.py -d hwsim0 -r hwsim1 -t example -T -P
restart hw before test case run:
./run-tests.py -d hwsim0 -r hwsim1 -t example -R
run example verbose
./run-tests.py -d hwsim0 -r hwsim1 -t example -v
For perf/trace you need to write own hw specyfic scripts:
trace_start.sh, trace_stop.sh
perf_start.sh, perf_stop.sh
In any case you will find logs in the logs/current/ directory.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Add monitor support. This supports monitors added to the current
interfaces. This also support standalone monitor with multi interfaces
support. This allows to get logs from different channels at the same
time to one pcap file.
Example of t3-monitor added to config.py file.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Add tests/remote directory and files:
config.py - handle devices/setup_params table
run-tests.py - run test cases
test_devices.py - run basic configuration tests
You can add own configuration file, by default this is cfg.py, and put
there devices and setup_params definition in format you can find in
config.py file. You can use -c option or just create cfg.py file.
Print available devices/test_cases:
./run-tests.py
Check devices (ssh connection, authorized_keys, interfaces):
./run-test.py -t devices
Run sanity tests (test_sanity_*):
./run-test.py -d <dut_name> -t sanity
Run all tests:
./run-tests.py -d <dut_name> -t all
Run test_A and test_B:
./run-tests.py -d <dut_name> -t "test_A, test_B"
Set reference device, and run sanity tests:
./run-tests.py -d <dut_name> -r <ref_name> -t sanity
Multiple duts/refs/monitors could be setup:
e.g.
./run-tests.py -d <dut_name> -r <ref1_name> -r <ref2_name> -t sanity
Monitor could be set like this:
./run-tests.py -d <dut_name> -t sanity -m all -m <standalone_monitor>
You can also add filters to tests you would like to run
./run-tests.py -d <dut_name> -t all -k wep -k g_only
./run-tests.py -d <dut_name> -t all -k VHT80
./run-test.py doesn't start/terminate wpa_supplicant or hostpad,
test cases are resposible for that, while we don't know test
case requirements.
Restart (-R) trace (-T) and perf (-P) options available.
This request trace/perf logs from the hosts (if possible).
As parameters each test case get:
- devices - table of available devices
- setup_params
- duts - names of DUTs should be tested
- refs - names of reference devices should be used
- monitors - names of monitors list
Each test could return append_text.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This is a regression test case to verify that MTK is calculated properly
also in this unexpected sequence.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that pmf=2 is ignored for a non-RSN network while a
network profile specific ieee80211w=2 is enforced.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that a WPA2PSK passphrase with control characters gets
rejected in a WPS Credential and that control characters in SSID get
written as a hexdump.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When a dedicated P2P Device interface is used, its configuration should
be cloned to the group interface. Add a test that covers this both when
a separate group interface is used and not.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Use the global control interface to remove P2P network blocks, to
support cases when a dedicated P2P Device interface is used.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Some environments define default system wide HTTP proxy. Using default
system configuration may result in a failure to open some HTTP URLs. Fix
this by ensuring that no proxies are used.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In p2p_channel_vht80_autogo and p2p_channel_vht80p80_autogo, parse the
P2P-GROUP-STARTED event prior to calling the group_request() method, as
otherwise the group ifname is not set.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Support configurations that use a dedicated P2P Device interface by
using the global control interface and specifying the interface name for
the GET commands fetching the ip_addr_go parameter.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Modify the persistent_group_profile_add test to support configurations
that use a dedicated P2P Device interface by sending the ADD_NETWORK and
SET_NETWORK commands on the global control interface and specifying the
P2P Device interface name.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add an attribute to class WpaSupplicant with the name of the
P2P Device interface. If a separate interface is not used for
P2P Device, this attribute will hold the name of the only used
interface (with functions also as the P2P Device management
interface).
This attribute will be used to direct P2P related commands to the
P2P Device interface, which is needed for configurations that use
a separate interface for the P2P Device.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Waiting for the P2P-DEVICE-FOUND event should be done on the global
control interface to support configurations that use a dedicated P2P
Device interface.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Support configurations that use a dedicated P2P Device interface by
sending the P2P_CONNECT command on the global control interface.
In addition, when a dedicated P2P Device interface is used, there is no
need to manually respond to the Provision Discovery Request since the
request is processed by the P2P Device interface and this interface was
not set for external RX management frames handling.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This fixes commit 2f0f69a9ec ('tests: Use
p2ps_provision() and p2ps_connect_pd() in p2ps_connect_p2ps_method()').
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
1. Fail roaming to an AP which exceeded its number of allowed stations.
2. Fail roaming due to passphrase mismatch.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
It is better to use a list of command line arguments for the local
execution case and convert that to a space-separated string for the
remote case.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes the DFS test cases that use start_dfs_ap() more usable for
testing with remote hosts.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass apdev to instead of HostapdGlobal() to invalid_ap() to make the
dynamic AP test cases more useful for testing with remove hosts.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Use hostapd.add_ap() and hostapd.remove_bss() to avoid direct
HostapdGlobal() use in some of the dynamic AP test cases to make them
more usable for testing with remote hosts.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass apdev param to hostapd.add_bss(). Kill hardcoded phy param and get
phy base on apdev. These are needed to support operation with a remote
test host.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
We need this for remote host support. From apdev we can get
apdev['hostname'] and apdev['port'].
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
1. Add tests for hostapd neighbor database and neighbor report and
request. Remove the partial neighbor report request test from
test_wpas_ctrl.py since they are now covered more completely in
test_rrm.py.
2. Add LCI request test.
3. Add FTM range request signaling test. This covers only the control
interface commands and measurement request/response exchange for now.
Full end-to-end functionality requires support of station reporting
RRM capability.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Use quotation marks to match the new SSID encoding format in the
NEIGHBOR_REP_REQUEST command. In this specific test case, the exact SSID
value did not make any difference for behavior. The previous version
ended up getting decoded as a hexstring after the NEIGHBOR_REP_REQUEST
format change. The new version goes back to the ASCII string version of
"abcdef".
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Modify the test cases to tests the Hotspot 2.0 filtering functionality
in wpa_supplicant, instead of testing only the kernel interface.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The new persistent_group_peer_dropped3 test case is similar to
persistent_group_peer_dropped with the difference being in the
responding device (the one from which the persistent group information
is dropped) is not issued a separate P2P_LISTEN command and instead, a
single P2P_FIND is used through the exchange to verify that this
operation does not get stopped unexpectedly. This is a regression test
case to verify that P2P_PENDING_INVITATION_RESPONSE case ends up calling
p2p_check_after_scan_tx_continuation() in non-success case. It should be
noted that this is dependent on timing: Action frame TX request needs to
occur during the P2P_FIND Search phase (scan). As such, not every
execution of this test case will hit the previous issue sequence, but
that should be hit every now and then.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (7) converts the cases where a local variable is used to store
apdev[#]['ifname'] before passing it as the argument to hostapd.add_ap().
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (6) converts the cases where apdevs[#]['ifname'] was used as
the argument to hostapd.add_ap().
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (5) converts the cases that use the start_ap_wpa2_psk() helper
function.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (4) converts the cases that call hostapd.add_ap() from a
helper function that got apdev[i] as an argument.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (3) converts the cases that use the start_ap() helper
function.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (2) converts the cases that use the add_ssdp_ap() helper
function.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (1) converts the cases where apdev[#]['ifname'] was used as
the argument to hostapd.add_ap().
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This allows the full apdev dict to be passed to the add_ap() function
instead of just ifname. This allows us to handle also remote hosts while
we can check apdev['hostname'], apdev['port']. The old style ifname
argument is still accepted to avoid having to convert all callers in a
single commit.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
The test cases fst_ap_start_session_oom and fst_setup_mbie_diff did not
clean up FST sessions properly in case alloc_fail failed due to missing
support for it in the build. This could result in abandoning attached
hostapd global control interface monitors and test case failures due to
the global control interface socket running out of output buffer.
Fix this by going through the cleanup steps even if alloc_fail raises
HwsimSkip exception.
Signed-off-by: Jouni Malinen <j@w1.fi>
For now, this is not enforcing cfg80211 reassociation since the needed
changes do not yet exist in the upstream kernel. Once those changes are
accepted, the TODO note in the test case can be addressed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This needs to be allowed with OpenSSL 1.1.0 since the RC4-based cipher
has been disabled by default.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This class allows execution of commands on a remote hosts/machine. This
is based on ssh with authorized keys, so you should be able to execute
such commands without any password:
ssh <user>@<hostname> id
By default user is root.
Support for sync and async calls is included.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This is needed for ap_vlan_tagged_wpa2_radius_id_change to pass. The
ioctl-based vlan_add() function does not use the vlan_if_name parameter
at all.
Signed-off-by: Jouni Malinen <j@w1.fi>
The no self.global_iface case was not returning the result from the
self.request() case. While this is not really a path that is supposed to
be used, make it return the response since it is at least theoretically
possible to get here.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to allow updated Interworking behavior that adds the
realm to the EAP-Response/Identity value.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Incorrect path and file name was used in the openssl command to generate
one of the OCSP responses. Also fix
ap_wpa2_eap_tls_intermediate_ca_ocsp_multi to expect success rather than
failure due to OCSP response. Based on the test description, this was
supposed to succeed, but apparently that root_ocsp() bug prevented this
from happening.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Test different delay intervals between the INTERFACE_DISABLED event
and the INTERFACE_ENABLED event for discovery_and_interface_disabled.
Previously, only a delay of 1 second was used, in which case the
scan results for the P2P_FIND operation were received after the
interface was enabled again, and the case the scan results were
received while the interface was disabled was not covered.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
A malicious station could try to do FT-over-DS with a non WPA-enabled
BSS. When this BSS is located in the same hostapd instance, internal RRB
delivery will be used and thus the FT Action Frame will be processed by
a non-WPA enabled BSS. This processing used to crash hostapd as
hapd->wpa_auth is NULL.
This test implements such a malicious request for regression testing.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This adds new tests to verify pmksa_cache_preauth when
used with per_sta_vif and possibly vlans.
While at it it refactors the code such that the tests
pmksa_cache_preauth
pmksa_cache_preauth_vlan_enabled
pmksa_cache_preauth_vlan_used
pmksa_cache_preauth_per_sta_vif
pmksa_cache_preauth_vlan_enabled_per_sta_vif
pmksa_cache_preauth_vlan_used_per_sta_vif
share code where possible.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This adds a test case ap_vlan_reconnect. It connects, disconnects, and
reconnects a station in a VLAN. This tests for a regression with
wpa_group entering the FATAL_FAILURE state as the AP_VLAN interface is
removed before the group was stopped.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This extends the P2P Device testing coverage to include the newly
enabled option of using the primary interface (e.g., wlan0) for P2P
group operation instead of always forcing a separate group interface to
be created dynamically.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This tests BSS Transition Management Query frame generation with
candidate list and transmission of the following request and response
frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a test that verifies that no Association Request frame is sent to
APs that include the MBO IE with association disallowed attribute in
Beacon and Probe Response frames.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add tests to verify that MBO IE in BSS Transition Management Request
frame is parsed correctly:
1. The MBO transition reason code is received by the MBO station.
2. The MBO cellular data connection preference is received by the
MBO station.
3. The MBO station does not try to connect to the AP until the retry
delay is over.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This is needed to avoid reporting failures after a change to remove the
fallback path in PIN generation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This enhances the test pmksa_cache_preauth_vlan_used to check
connectivity in the correct VLAN bridge.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
The use of the newer OpenSSL API in openssl_hmac_vector() removes one of
the memory allocations, so the TEST_ALLOC_FAIL here could not trigger.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that num_plinks is decremented properly if a peer mesh STA
reconnects without closing the link explicitly.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case for enforcing that AP setup fails in case there is need
to fall back to 20 MHz channel due to invalid 40 MHz configuration.
Modify this to allow successful AP startup as long as 40 MHz channel
does not get enabled.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This verifies that the persistent group information gets dropped based
on peer response (unknown group) and that a new group formation can be
completed after such invitation failure.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previous version expired in January. The new ones are from running
ec-generate.sh and ec2-generate.sh again.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is a regression test case for hostapd bug where the
disconnection/deauthentication TX status callback timeout could be
forgotten after new association if no ACK frame was received and the STA
managed to reconnect within two seconds.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The OpenSSL memory allocation changes broke this test case. Fix this by
removing the cases that do not get triggered anymore and add a separate
wpas_ctrl_error test case to cover the fail_test() versions of errors.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>