Before querying the PMKSA cache, wait for the STA to have appeared on
the AP side, otherwise scheduling differences may have us asking when
the STA thinks it's connected but the AP hasn't fully processed that.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Make sure hostapd has had time to complete 4-way handshake processing
before initiating reauthentication from wpa_supplicant. There is a small
window for race condition here when testing with UML and time travel.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This test case seems to be failing every now and then due to the AP not
getting out the Deauthentication frame after PMKSA expiration if the STA
is in power save mode.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It looks like this test case can fail if the STA goes to power save mode
and the Deauthentication frame from the AP after session timeout is not
actually sent at all. Check more details to make it clear that this is
indeed the reason behind the failure.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for hostapd to enter the PTKINITDONE state before checking
connectivity. This is needed to avoid a race condition with UML
time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
When going through 4-way handshake, the station side reports
CTRL-EVENT-CONNECTED after having sent out EAPOL-Key msg 4/4. The AP
side reports AP-STA-CONNECT after having completed processing of this
frame. Especially when using UML with time travel, it is possible for
the connectivity test to be started before the AP side has configured
the pairwise TK if the test is triggered based on CTRL-EVENT-CONNECTED
instead of AP-STA-CONNECT.
Add explicit wait for AP-STA-CONNECT in some of these cases to reduce
likelihood of reporting failures for test cases that are actually
behaving as expected. This shows up with "dev1->dev2 unicast data
delivery failed" in the test log.
Do the same before requesting reauthentication from the station side
since that has a similar issue with the EAPOL-Start frame getting
encrypted before the AP is ready for it.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is fine for the station to associate with either AP in this test
case, so do not force AP side connection check with apdev[0].
Signed-off-by: Jouni Malinen <j@w1.fi>
Clear wpa_supplicant scan cache before starting these test cases since
the ROAM command depends on the correct BSS entry being found.
scan_for_bss() does not enforce that correct entry to be present if
there was an earlier BSS entry with the same BSSID.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The hwsim tests used to execute shell commands in the tests using the
subprocess python module. Use the cmd_execute() general function for
executing shell commands to setup bridge so that this would also work on
remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (1) converts the cases where apdev[#]['ifname'] was used as
the argument to hostapd.add_ap().
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This adds new tests to verify pmksa_cache_preauth when
used with per_sta_vif and possibly vlans.
While at it it refactors the code such that the tests
pmksa_cache_preauth
pmksa_cache_preauth_vlan_enabled
pmksa_cache_preauth_vlan_used
pmksa_cache_preauth_per_sta_vif
pmksa_cache_preauth_vlan_enabled_per_sta_vif
pmksa_cache_preauth_vlan_used_per_sta_vif
share code where possible.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This enhances the test pmksa_cache_preauth_vlan_used to check
connectivity in the correct VLAN bridge.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This test case could fail if the cfg80211 scan cache brought in a BSS
entry from an earlier test case and a new scan did not get executed
prior to the ROAM command. Fix this by forcing the scan to go through
prior to roaming to AP2
This issue showed up with the following test case sequence:
connect_cmd_roam pmksa_cache_opportunistic_connect
Signed-off-by: Jouni Malinen <j@w1.fi>
This change add two new tests to verify hostapd operation when used with
VLANs. Both are based on pmksa_cache_preauth and enable dynamic VLANs,
pmksa_cache_preauth_vlan_used additionally uses a station with VID 1.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
run-tests.py is running as root, so sudo does not need to be used
anymore from within each test case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When the STA is forced to disconnect immediately after completion of
4-way handshake, there is a race condition on the AP side between the
reception of EAPOL-Key msg 4/4 and the following Deauthentication frame.
It is possible for the deauthentication notification to be processed
first since that message uses different path from kernel to user space.
If hostapd does not receive EAPOL-Key msg 4/4 prior to deauthentication,
no PMKSA cache entry is added. This race condition was making the test
cases expecting PMKSA caching to work to fail every now and then. Avoid
this issue by waiting for AP-STA-CONNECTED event from hostapd. This
makes sure the PMKSA cache entry gets added on the AP side.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to wait for the timeout if the ROAM command itself
failed. This could happen if an earlier test case had left hidden SSIDs
in the cfg80211 BSS table.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies that hostapd uses Session-Timeout value from Access-Accept
as the lifetime for the PMKSA cache entries and expires entries both
while the station is disconnected and during an association.
Signed-off-by: Jouni Malinen <j@w1.fi>
The single channel scan while associated to another AP and immediately
after starting the second AP can miss the Probe Response frame
especially under heavy CPU load. Avoid false error reports by allowing
multiple scan rounds to be performed. wpas_ctrl_bssid_filter is also
modified to take into account different get_bss() behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>