The request from the AP was encoded incorrectly for this test case and
an active scan was requested instead of the passive one that was
supposed to be used here.
Signed-off-by: Jouni Malinen <j@w1.fi>
Replace the TEST_ALLOC function wpas_beacon_rep_no_results with an
earlier function in the backtrace and wpabuf_resize() in preparation to
a code change that allows the compiler to optimize out
wpas_beacon_rep_no_results().
Signed-off-by: Jouni Malinen <j@w1.fi>
The channel switch command is intended for the GO interface, but
it was not sent on the group control interface. For configurations
that use a separate interface for P2P groups, this will fail the test.
Fix this by sending the channel switch command on the group control
interface and waiting for the channel switch event on the group
control interface.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
For some reason, a potential OOM in hostapd_config_read_wpa_psk() and
hostapd_derive_psk() were missed in --codecov runs during the main
iteration loop. Cover these specific cases with separate instances to
avoid missing coverage.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends previous ap_vht160_no_dfs test case coverage by running the
same test case with each of the possible HT primary channel
alternatives.
Signed-off-by: Jouni Malinen <j@w1.fi>
This file is used only by hostapd_cli and wpa_cli and neither of those
are currently included in code coverage reporting. Avoid dropping the
coverage numbers by code that cannot be reached due to not being
included in the programs that are covered.
Signed-off-by: Jouni Malinen <j@w1.fi>
5745 MHz was added as an allowed short range device range in
wireless-regdb for DE which made this test case fail. Fix it for now by
using SE instead of DE for the second part of the test case.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for wireless-regdb to include a 160 MHz channel, but with
DFS required. This test case need the regulatory information to allow
160 MHz channel without DFS. Fix false failures by skipping the test if
this exact combination is not found.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wireshark renamed eapol.keydes.key_info to
wlan_rsna_eapol.keydes.key_info and that broke this test case when
upgrading Wireshark. Fix this by trying to use both the new and the old
name.
Signed-off-by: Jouni Malinen <j@w1.fi>
Something broke eap_fast_tlv_nak_oom when moving from Ubuntu 14.04 to
16.04. OpenSSL.SSL.Connection() state_string() returns None in these
cases and the debug log prints for that were causing the case to fail.
For now, work around this by checking whether the state string is None
before trying to print it.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes the debug log easier to understand and avoids leaving large
number of pending messages into the wpa_supplicant control interface
sockets.
Signed-off-by: Jouni Malinen <j@w1.fi>
It does not look like BoringSSL allows pbeWithMD5AndDES-CBC to be used
to protect the local private key, so skip this test case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This test case verifies that SD Response frame does not block the
following remain-on-channel operation unnecessarily long.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
HT cannot be used with WEP-only network, so don't try to do that here.
This get rids of some unnecessary Beacon frame updates during
disassociation/association and can make the test case a bit more robust.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previous PeerKey test cases did not actually verify in any way that
the SMK and STK exchanges were completed since mac80211 does not support
setting the key from STK. Use a sniffer check to confirm that the
exchanges complete to avoid PeerKey regressions like the ones fixed in
the last couple of commits.
Signed-off-by: Jouni Malinen <j@w1.fi>
The FILS ANQP-element changes made couple of the generic ANQP test steps
fail. Update this to ignore the special FILS cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
The sta2.scan() calls were performing full scan of all channels and
reporting only the BSS entry that happened to be the first one in the
wpa_supplicant list. This is problematic since it is possible that the
target AP was not found and incorrect BSS was selected and used for
setting scan_freq which made the connection fail. Furthermore, there is
no need to use full scan for these test cases, so use a single channel
scan instead.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use P2P listen mode on dev[1] to speed up GO Negotiation and explicitly
wait for successfully completed GO Negotiation to make the failure cases
clearer. Previously, it was possible for the GO Negotiation to fail and
execution to go to the tshark check even when no GO Negotiation Confirm
frame was sent.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There is no need to attach the monitor interface was events when issuing
only a single INTERFACES command.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It is possible for the P2P-GROUP-STARTED event to get delayed more than
one second especially when the GO Negotiation responder becomes the P2P
Client and the system is heavily loaded. Increase the default timeout
for the expected success case from 1 to 5 seconds to avoid failing test
cases that would have succeeded if given a bit more time to complete the
exchange.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was apparently possible to get a propertiesChanged event from an
earlier test case with an empty Groups property. That ended up this case
exiting immediately before running through the steps and consequently,
failing due to missed operations. Make this less likely to happen by
accepting the Groups property emptying event only after a group has been
added for a peer first.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Check whether the unexpected BSS entry is based on having received a
Beacon frame instead of Probe Response frame. While this test case is
using a huge beacon_int value, it is still possible for mac80211_hwsim
timing to work in a way that a Beacon frame is sent. That made this test
case fail in some rare cases. Fix this by ignoring the BSS entry if it
is based on Beacon frame instead of Probe Response frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Local key generation for FT-PSK does not use the AP-to-AP protocol and
as such, setting pmk_r1_push=1 is a bit confusing here since it gets
ignored in practice. Remove it to keep the test case easier to
understand.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for ap_wps_per_station_psk_failure to leave behind scan
entries with active PBC mode if cfg80211 BSS table. This could result in
a following test case failing due PBC overlap. Fix this by clearing the
cfg80211 BSS table explicitly.
This was found with the following test case sequence:
ap_wps_per_station_psk_failure autogo_pbc
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Work around the mac80211_hwsim limitation on channel survey by forcing
the last connection to be on 2.4 GHz band. Without this, wpas_ap_acs
would have failed to start the AP if the previous test case used the 5
GHz band.
Signed-off-by: Jouni Malinen <j@w1.fi>
There has been number of failures from this test case due to the
MESH-SAE-AUTH-FAILURE event from dev[0] and dev[1] arriving couple of
seconds after the one second timeout after the dev[2] events. This does
not look like a real issue, so increase the timeout to five seconds to
make this less likely to show false failures during testing.
Signed-off-by: Jouni Malinen <j@w1.fi>
If wpa_state is left to SCANNING by a previously executed test case,
scan_trigger_failure will fail. Instead of waiting for that failure,
check for wpa_state at the beginning of the test case and report a more
helpful error message if the test case would fail due to a previously
executed test case.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add two tests that check if the kernel BSS leak (when we get a deauth or
otherwise abandon an association attempt) is present in the kernel. This
is for a long-standing cfg80211/mac80211 issue that got fixed with the
kernel commit 'cfg80211/mac80211: fix BSS leaks when abandoning assoc
attempts'.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The final check in this test case was issuing a new P2P_FIND command
immediately after the P2P_SERVICE_DEL command on the peer. It looked
like it was possible for the scan timing to go in a sequence that made
the new P2P_FIND operation eventually accept a cfg80211 BSS entry from
the very end of the previous P2P_FIND. This resulted in unexpected
P2P-DEVICE-FOUND event even though there was no new Probe Response frame
from the peer at that point in time.
Make this less likely to show unrelated failures by waiting a bit before
starting a new P2P_FIND operation after having changes peer
configuration.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These test cases verify that there is no duplicate processing of P2P
Action frames while operating in a P2P group.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends the ap_wds_sta test case to cover post-reassociation case
(both with and without Authentication frame exchange) and add similar
test cases to cover open and WEP cases in addition to this existing
WPA2-PSK test case.
These cover functionality testing for the previous fix in
reassociation-without-new-authentication case. In addition, these find a
new mac80211 issue for the WEP + 4addr combination.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Verify that AP does not break PMF-enabled connection due to injected
Authentication frame. This is a regression test for
NL80211_FEATURE_FULL_AP_CLIENT_STATE changes resulting in dropping the
key in such a case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The optional "-m <multi.dat>" command line option can now be used to
specify a data file that can include multiple management frames with
each one prefixed with a 16-bit big endian length field. This allows a
single fuzzer run to be used to go through multi-frame exchanges. The
multi.dat file shows an example of this with Probe Request frame,
Authentication frame, Association Request frame, and an Action frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>