This NS seems to go out from the AP interface every now and then and it
makes proxyarp_open_ebtables_ipv6 fails inconveniently often. That frame
should not really be there, but it's not clear what exactly is needed to
stop it going through. It does not come from the test operations
themselves, so ignore it for now to keep test results cleaner.
Signed-off-by: Jouni Malinen <j@w1.fi>
Explicitly clear cfg80211 scan cache to avoid issues from scan results
from previous test cases interfering with INTERWORKING_CONNECT
operation.
Signed-off-by: Jouni Malinen <j@w1.fi>
This removes dependency on tcpdump by using an already included test
tool for capturing frames with Ethernet headers. There were some issues
in getting tcpdump working on Ubuntu 19.10, so this seems to be a clean
way of addressing that.
Signed-off-by: Jouni Malinen <j@w1.fi>
Flush cfg80211 scan cache explicitly when running this test case to
avoid issues with the ROAM command not working due to a scan result from
an earlier test case. This was causing failures in the following test
case sequence:
rrm_beacon_req_active_ap_channels rrm_reassociation
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to generate these OCSP responses for every single test
session. Generate these more dynamically if a test case that uses these
files is executed.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to generate these OCSP responses for every single test
session. Generate these more dynamically if a test case that uses these
files is executed.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to generate this OCSP response for every single test
session. Generate this more dynamically if the test case that uses the
particular file is executed.
Signed-off-by: Jouni Malinen <j@w1.fi>
Some of the error paths in go_neg_pbc() and go_neg_pin() did not wait
for the helper thread to complete processing. This could result in
unexpected behavior when the test case could have exited while the
thread was still performing tasks for the GO Negotiation. This could
result in getting stuck in one of the following test cases with
"go_neg_init_pbc thread caught an exception from p2p_go_neg_init: Group
formation timed out" showing up in the log.
This was hit, e.g., with the following test sequence:
no_go_freq p2p_channel_drv_pref_autogo
Signed-off-by: Jouni Malinen <j@w1.fi>
This gets rid of the loop that was polling for things to do every 0.25
seconds and instead, reacts to any data from VMs as soon as it becomes
available. This avoids unnecessary operations when no new data is
available and avoids unnecessary waits when new data becomes available
more quickly.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for hostapd to enter the PTKINITDONE state before checking
connectivity. This is needed to avoid a race condition with UML
time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is more efficient since we can now start only the necessary number
of VMs instead of always forcing all VMs to start with one second delay.
This can also control the starting delay by keeping at most two VMs
starting at a time instead of using the hardcoded one second wait for
each consecutive VM.
Signed-off-by: Jouni Malinen <j@w1.fi>
For some reason, running tshark in the test cases can take significant
time especially with UML time-travel. Optimize this by reducing the
number of times tshark needs to be executed in the loop.
Signed-off-by: Jouni Malinen <j@w1.fi>
The wlan_mgt to wlan renaming is already included in most recent tshark
versions, so replace the backwards compatibility option to prefer the
new version so that current versions do not need to take the performance
hit.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like these test cases can fail with the new "Undefined
secondary channel: drop OBSS scan results" case. Add more checks to
determine if something is wrong with the connection.
In addition, force clearing of the cfg80211 scan cache on the main AP
interface so that a scan result from a previous test case cannot prevent
40 MHz channel bandwidth from being used. This could apparently happen
in the following test case sequence:
ap_ht40_scan_conflict obss_scan
Signed-off-by: Jouni Malinen <j@w1.fi>
These were doing practically the same thing, so get rid of the external
helper function and standardize on using hapd.wait_sta().
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for hostapd to indicate connection before disconnecting from the
station side. This avoids a race condition especially with UML
time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for hostapd to report completion of the connection before going
through the disconnection and reconnection steps to avoid a race
condition especially with UML time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for hostapd to report connection completion before performing
connectivity test to avoid race conditions especially with UML
time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
The RECONNECT command on the station was issued immediately after
wpa_supplicant had processed EAPOL-Key msg 3/4. This could happen before
hostapd has processed EAPOL-Key msg 4/4 and especially with UML
time-travel, this could result in the following FT protocol exchange
going through in a manner that makes the hostapd process EAPOL-Key msg
4/4 from the first association as a postponed EAPOL RX at the beginning
of the second association. Avoid this by waiting hostapd to report
completion of the connection before issuing RECONNECT.
Signed-off-by: Jouni Malinen <j@w1.fi>
This PMKID replacement case is not going to prevent connection after a
change in wpa_insert_pmkid() so remove it.
Signed-off-by: Jouni Malinen <j@w1.fi>
Data connectivity test could have been started in the middle of 4-way
handshake. This test case needs to wait for two STA connections before
starting the connectivity test since the first one is only for the
provisioning step.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous waits were matching both DPP-TX and DPP-TX-STATUS and if
the latter event was received, the test cases would either report
failure or would not really test what was supposed to be verified. Fix
this by waiting explicitly for "DPP-TX " to avoid matching
"DPP-TX-STATUS" prefix.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait STA connection to be completed in hostapd before testing
connectivity. This avoids a possible race condition that could be hit
especially when testing with UML time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
openssl engines may dynamically load external libraries. Our event_*()
functions happen to be named very generically, such that event_add()
collides with the libevent library (https://libevent.org/). This can
have disastrous effects (esp. when using CONFIG_WPA_TRACE, which enables
partial linking) when our SSL engines call into the WPS event_add()
instead of their intended libevent event_add().
Resolve this by providing a more unique prefix to these functions.
Rename performed via:
sed -i -E \
's:\<event_(add|delete_all|send_all_later|send_stop_all)\>:wps_upnp_event_\1:g' \
$(git grep -l event_)
Tested via (among other things) hwsim '-f ap_wps' module.
Signed-off-by: Brian Norris <briannorris@chromium.org>
The 127.0.0.11/24 address that could have been left on the wlan0
interface resulted in some test case sequence failures. Fix this by
explicitly clearing that address when terminating sigma_dut.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
start_sigma_dut() can raise an exception and as such, assigning a
variable to its return value within a try block does not work in this
manner when the result is supposed to be used in the finally statement.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The second round may use PMKSA caching, but AP will need to reject msg
2/4 in that case as well due to RSNXE mismatch.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
sigma_dut does not clear sae_pwe value when the command line argument
"-2" is used, so we need to explicitly clear this from wpa_supplicant at
the end of the test case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The previous description of wmediumd_scan_only_one used multiple lines
and that resulted in parallel-vm.py miscounting total number of test
cases. Fix that by getting rid of the newlines from the description.
Signed-off-by: Jouni Malinen <j@w1.fi>
Now that parallel-vm.py is actually stopping VMs as soon as they are not
needed for retries, it is not really an unexpected exit to see a VM exit
while test cases remain in the queue as long as at least that many VMs
remain running. Get rid of confusing 'unexpected exit' status from the
UI in such cases.
Fixes: 4aaddecdd8 ("tests: Handle test retries through the same queue")
Signed-off-by: Jouni Malinen <j@w1.fi>
Now that wpa_supplicant was modified to use NAI realm query even if
roaming_consortium is set, this test case is actually able to find a
match. Update it to avoid cause incorrect test failures.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
There was a bug in wmediumd in that it didn't set the
frequency of frames, and thus they were always received
by mac80211_hwsim, regardless of channel it was on.
Add two tests that verify we only find a single instance
of an AP if we only have that one, and run this both with
and without wmediumd.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Avoid race conditions in completing mesh group removal/re-addition steps
and starting connectivity check. It seemed to be possible to get to the
connectivity test in some cases before the mesh STA had rejoined the
mesh and completed key configuration.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is in preparation of an implementation to to remove the alternative
SSWU path that was needed only for this particular group.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
These test cases were all using group 21 even though they were supposed
to go through all the possible groups.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It looks like the wpa_auth_get_seqnum() function might not always be
visible in the backtrace since the compiler may optimize that wrapper
away. Use the i802_get_seqnum() function instead as a trigger for the
get_seqnum operation failure trigger to avoid this.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to be able to compare the received RSNXE to a protected
version in EAPOL-Key msg 2/4.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify behavior with sae_pwe configuration values 0..2, i.e., test the
new hash-to-element mechanism for deriving PWE and negotiation for which
method to use.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. This contains updates from running
tests/hwsim/auth_server/update.sh.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This verifies mac80211 behavior for Layer 2 Update frame use and other
unexpected frames from a not fully authentication station.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait hostapd to complete key setup before asking it to send a frame that
may need PMF. This is needed especially with UML time-travel.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This looked like a copy-paste error in the event message check and once
that was fixed, couple of test cases needed fixes to expect a success
from the Configurator.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
IEEE Std 802.11F-2003 was withdrawn in 2006 and as such it has not been
maintained nor is there any expectation of the withdrawn trial-use
recommended practice to be maintained in the future. Furthermore,
implementation of IAPP in hostapd was not complete, i.e., only parts of
the recommended practice were included. The main item of some real use
long time ago was the Layer 2 Update frame to update bridges when a STA
roams within an ESS, but that functionality has, in practice, been moved
to kernel drivers to provide better integration with the networking
stack.
Signed-off-by: Jouni Malinen <j@w1.fi>
Hardcode this to be defined and remove the separate build options for
PMF since this functionality is needed with large number of newer
protocol extensions and is also something that should be enabled in all
WPA2/WPA3 networks.
Signed-off-by: Jouni Malinen <j@w1.fi>
The hostapd side operations and data connectivity test were executed
without explicitly waiting for hostapd to report connection as having
been completed. This could result in trying to transmit data before
EAPOL-Key msg 4/4 was processed especially when using UML time-travel.
Make this more robust by waiting for hostapd to be ready before the data
test.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case was failing if wlantest was able to decrypt the CCMP
protected frames. Fix the tshark filter string to include only the
actually encrypted frames for PN comparison.
Signed-off-by: Jouni Malinen <j@w1.fi>
These were moved from test_sae.py to utils.py, so import them from the
correct location instead of through test_sae.py that imports them from
utils.py.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for hostapd to report completion of connection so that the WNM
Notification Request frame does not get sent before the AP has processed
EAPOL-Key msg 4/4 and configured the TK. This could result in a race
condition especially when testing using UML with time-travel.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is needed with the increased maximum EAP round limit since the
server side sends out longer messages in this exchange and that prevent
the short message limit from being reached.
Signed-off-by: Jouni Malinen <j@w1.fi>
This cleans up coding style of the EAP implementation by avoiding
typedef of an enum hiding the type of the variables.
Signed-off-by: Jouni Malinen <j@w1.fi>
In addition, update the generation script to allow convenient update of
the server and user certificates without having to generate new keys.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The wlan.mesh.config doesn't have to be the last element of beacon. Things
like VHT or HE oper/cap are usually follow the mesh configuration element.
The workaround must first get the position of a correct reference value in
wlan.mesh.config (ps_protocol) and then calculate the correct
wlan.mesh.config.cap offset based on that.
Reported-by: Johannes Berg <johannes@sipsolutions.net>
Fixes: 2cbaf0de22 ("tests: Work around tshark bug in wpas_mesh_max_peering")
Signed-off-by: Sven Eckelmann <sven@narfation.org>