For wpa_supplicant based SAE/OWE connection, the wpa_supplicant state
machine is aware of the PMKID created for a connection and this gets
removed when "REMOVE_NETWORK all" is called. However, when SAE/OWE
offload is enabled, wpa_supplicant is not aware of the PMKID generated
by the driver/firmware. So add PMKSA del indication to the driver from
remove_network context so that the driver can free PMKs associated with
the SSID.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
The bgscan_init() declared wrongly when CONFIG_BGSCAN is not defined,
fix that.
Fixes: 3139270903 ("bgscan: Add global bgscan configuration")
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
If ioctl() returns EBUSY on the command SIOCBRADDIF, the interface might
have already been added to the bridge by an external operation (e.g.,
netifd in OpenWrt), and linux_br_add_if() should not indicate an error.
Check whether the interface is correctly brigded when ioctl()
returns EBUSY and if so, report success.
Signed-off-by: Michael-CY Lee <michael-cy.lee@mediatek.com>
Otherwise any new scan result (even manual ones if they do not set
use_id=X to a non-zero value), can cause a reconnect to the same BSS
when MLO is used. This is because the current BSS is not detected by
wpa_supplicant_need_to_roam() and it assumes that roaming is needed.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Remove a spurious \tab char in hostapd_eid_rnr() between arguments to a
function.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In case the TBTT information is reporting about an AP in the same AP MLD
as the current AP, the AP MLD ID in the MLD Parameters subfield should
be set to 0.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Earlier refactoring of ibss_mesh_setup_freq() ended up dropping the case
where HE would be enabled without VHT on the 2.4 GHz band. Add that back
to allow HE to be used on 2.4 GHz with IBSS and mesh.
Fixes: 64043e6156 ("Split ibss_mesh_setup_freq() into multiple functions")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Link ID needs to be specified for MLD case when doing channel switch.
Add it to the driver command.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
Add support for reload_config hostapd_cli command as an alternative
mechanism for SIGHUP on the hostapd process.
When AP parameters such as ssid/encryption/password etc. are changed
externally in hostapd.conf, RELOAD_CONFIG cli will re-read the .conf,
update the in-memory contents and issue a change_beacon to update
beacon_ies.
For full config update, the following example sequence of commands can
be used:
hostapd_cli -i ath0 -p /var/run/hostapd-wifi0 disable
hostapd_cli -i ath0 -p /var/run/hostapd-wifi0 reload_config
hostapd_cli -i ath0 -p /var/run/hostapd-wifi0 enable
Signed-off-by: Sai Pratyusha Magam <quic_smagam@quicinc.com>
It can take significant amount of time to find the peer in this type of
a case where an AP connection is forced on a different channel while
going through p2p_find on both devices.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
DPP initiator will try three channels in this sequence and it can take
very close to the previously used five second timeout before being able
to try on the actual operating channel of the AP. This could result in
the test case failing unnecessarily. Increase the timeout to avoid this.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Avoid potential race condition in ap_cipher_tkip_countermeasures_ap by
sending the first test frame only after the AP has completed processing
the 4-way handshake and also wait a bit to allow the group key handshake
to be completed.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
If a tests hits a WARN_ON_ONCE then the retriggering will make it appear
to pass, since the warning will not happen again. Make this more
reliable by resetting the states at the beginning of each test.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The kernel has an asynchronous work to enable TX, which hasn't always
run by the time we get to TX tests. Do a sysfs read from the carrier
file before TX, on newer kernels this synchronises the needed state.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
It looks like the lifetime_in_memory test cases can hit a read failure
(Errno 5 - Input/output error) every now and then, so skip memory areas
that report that, but go through all readable process memory.
Signed-off-by: Jouni Malinen <j@w1.fi>
There are different CHAN_SWITCH flows for DFS and non-DFS channels.
Non-DFS one saves previous BW value in iface->conf, but DFS flow
replaces it with a new user requested value. Setting a non-DFS channel
after a DFS one with BW = 160 would have resulted in a mismatch between
the saved BW and vht_capab (if VHT160 was not included by default). This
would have led to a check fail in the hostapd_set_freq_params()
function.
Signed-off-by: Dmitrijs Martinovs <dmartinovs@maxlinear.com>
Wait for AP/GO to complete processing before taking the next step in a
test instead of waiting just for STA. This avoids race conditions with
UML time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
The remaining lifetime of the PMKSA entry is decreasing, so need to
allow it to differ between the old and new entries.
Signed-off-by: Jouni Malinen <j@w1.fi>
Avoid race condition with TX status reporting for the broadcast
Deauthentication frame. This could be delivered after the SET command
for ext_mgmt_frame_handled=1 and as such, could result in an
MGMT-TX-STATUS event that would confuse the next step in the test.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for the externally triggered scan to actually start before issuing
the own scan command to avoid a race condition with UML time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
Do not leave dev[0] in state where it is waiting for
NL80211_CMD_ASSOCIATE to complete since that might deliver an
ASSOC_TIMED_OUT event to the next test case.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for the start_listen() callback to be called to request
the driver to start a driver operation and stop_listen() called
immediately after that (e.g., due to a request to transmit a P2P Public
Action frame) before the driver has had time to start ROC and send an
event to notify of that. Such a sequence could result in
p2p->pending_listen_freq being left to a nonzero value without getting a
call to p2p_listen_cb() to clear it. This would stop an ongoing P2P
listen operation since no following p2p_listen() call would start the
listen due to the pending command being assumed to be in effect.
Fix this by detecting this particular sequence and clearing
p2p->pending_listen_freq.
This was found with the p2p_listen_and_offchannel_tx test case with the
new kernel scheduled and UML time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case has a race condition between the first and second
initiated DPP exchange. New kernel scheduling with UML time-travel is
making the first exchange complete before the first one can be started.
Making this fully robust would likely need ext_mgmt_frame_handling=1 and
more complex test script, but as an initial workaround, split URI
parsing from dev[2] to happen before dev[1] is started so that only a
single DPP_AUTH_INIT command is needed during the race window.
In addition, detect the race condition and SKIP the test instead of
reporting FAIL.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for hostapd to complete processing before taking the next step in a
test instead of waiting just for wpa_supplicant. This avoids race
conditions with UML time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
Even though the radio work has started here, kernel might not have
started ROC (i.e., the REMAIN_ON_CHANNEL event has not yet been
received). Wait a bit to increase likelihood of everything being ready
for the following DPP operation.
Signed-off-by: Jouni Malinen <j@w1.fi>
At least with UML time-travel, it is possible for the response frame to
be received before the TX status of the request is delivered. Such a
sequence resulted in run_req_beacon() dropping the response event and
the following step failing due to a missing event. Avoid this by caching
the received response in run_req_beacon() and returning them to the
caller.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait some time before requesting disconnection to allow hostapd to
complete 4-way handshake processing. Wait some time after disconnection
has been completed on the STA before trying to use SAE again with the AP
so that hostapd has a chance to complete disconnection with UML
time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
Allow doing X BSS transition management query calls before falling back
to scan.
Example format to do 4 BTM queries before attempting a scan:
bgscan="simple:30:-65:300:4"
Signed-off-by: Ben Greear <greearb@candelatech.com>
With changes to optimize scan for specific BSSID, there arises a
scenario where in nl80211_trigger_scan() is called with a scan
randomization enabled. A combination of NL80211_ATTR_MAC for BSSID and
scan randomization, which uses NL80211_ATTR_MAC for a different purpose,
results in invalid error for the scan request. To fix the issue use
attribute NL80211_ATTR_BSSID instead of NL80211_ATTR_MAC.
NL80211_ATTR_BSSID was introduced in kernel commit 2fa436b3a2a7
("nl80211: Use different attrs for BSSID and random MAC addr in scan
req") in 2016. Prior to that, only NL80211_ATTR_MAC could be used for
specifying the target BSSID. For backwards compatibility, add the
NL80211_ATTR_MAC attribute as well when not using a random MAC address.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
The underlying driver can reject only specific links in an association
request. In that case we will only ignore the corresponding BSS. Add a
test for this flow by simulating an association failure on the second
link specifically.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Test ML association, automatic link discovery using ML probe requests
and marking BSSs as failed after an ML association failure, if the
corresponding link also rejected the association.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Also check that we can discover BSSs requests using ML probe requests.
Note that this requires a new enough mac80211 which parses the ML probe
request and reports the contained BSSs.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
All the station flags other than WPA_STA_SHORT_PREAMBLE are relevant
only for the MLD station and not to the link stations (as these flags
are related to the MLD state and not the link state).
As for the WPA_STA_SHORT_PREAMBLE, since the station is an EHT
station, it must have short preamble.
Thus, do not propagate the flags change for link stations to the driver.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
