3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-27 03:19:24 +01:00
Commit Graph

1957 Commits

Author SHA1 Message Date
Andrew Zaborowski
95847189ab device: Start a roaming attempt on low RSSI detection
Trigger a roam attempt when the RSSI level has been low for at least 5
seconds using the netdev RSSI LOW/HIGH events.  See if neighbor reports
are supported and if so, request and process the neighbor reports list
to restrict the number of channels to be scanned.  The scanning part is
not included in this patch for readability.
2017-01-18 17:27:35 -06:00
Denis Kenzior
ee23476523 TODO: Add PBC session overlap enhancement task 2017-01-17 18:20:50 -06:00
Andrew Zaborowski
8bacbf01e4 netdev: Handle the FT Reassociation Response message
Validate the fourth message of the fast transition sequence and save the
new keys and state as current values in the netdev object.  The
FT-specific IE validation that was already present in the initial MD
is moved to a new function.
2017-01-13 11:51:24 -06:00
Andrew Zaborowski
0854b90687 netdev: Handle the FT Authentication Response message
Parse the second message of the FT transition, validate and build the
third message, the Reassociation Request.
2017-01-12 10:33:40 -06:00
Andrew Zaborowski
d52683a2cb netdev: Implement netdev_fast_transition
Build and send the FT Authentication Request frame, the initial Fast
Transition message.

In this version the assumption is that once we start a transition attempt
there's no going back so the old handshake_state, scan_bss, etc. can be
replaced by the new objects immediately and there's no point at which both
the old and the new connection states are needed.  Also the disconnect
event for the old connection is implicit.  At netdev level the state
during a transition is almost the same with a new connection setup.

The first disconnect event on the netlink socket after the FT Authenticate
is assumed to be the one generated by the kernel for the old connection.
The disconnect event doesn't contain the AP bssid (unlike the
deauthenticate event preceding it), otherwise we could check to see if
the bssid is the one we are interested in or could check connect_cmd_id
assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 10:29:26 -06:00
Tim Kourt
46717cae08 auto-t: interoperability of IWD/AP with MFP options
This patch combines the work done by Rahul to test the
interoperability of permutations of MFP options in IWD/AP
into a single autotest.
2017-01-10 17:58:40 -06:00
Denis Kenzior
4471e7805c AUTHORS: Mention Tim's contributions 2017-01-10 16:14:42 -06:00
Denis Kenzior
edfbd81ea2 device: Support iwd.conf mfp settings
This adds support for iwd.conf 'ManagementFrameProtection' setting.

This setting has the following semantics, with '1' being the default:
0 - MFP off, even if hardware is capable
1 - Use MFP if available
2 - MFP required.  If the hardware is not capable, no connections will
be possible.  Use at your own risk.
2017-01-06 18:28:44 -06:00
Andrew Zaborowski
3f3e60e415 eapol: Check the MSK size supplied by EAP
Despite RFC3748 mandating MSKs to be at least 256 bits some EAP methods
return shorter MSKs.  Since we call handshake_failed when the MSK is too
short, EAP methods have to be careful with their calls to set_key_material
because it may result in a call to the method's .remove method.

EAP-TLS and EAP-TTLS can't handle that currently and would be difficult to
adapt because of the TLS internals but they always set msk_len to 64 so
handshake_failed will not be called.
2017-01-06 13:24:03 -06:00
Andrew Zaborowski
c5906d1c20 mschapv2: Call set_key_material last in handle_success
Make sure that eap_set_key_material can free the whole EAP method and
EAP state machine before returning, by calling that function last.  This
relies on eap_mschapv2_handle_success being the last call in about 5
stack frames above it too.
2017-01-06 13:22:05 -06:00
Andrew Zaborowski
15f4ddfaa6 device: Drop unused device->connected_mde 2017-01-03 16:38:08 -06:00
Andrew Zaborowski
7e81dcac6f device: Move common code to device_reset_connection_state 2017-01-03 16:33:36 -06:00
Andrew Zaborowski
f73b751124 netdev: Add netdev_get_handshake
Getter for current handshake_state object.
2017-01-03 16:30:56 -06:00
Andrew Zaborowski
c36d0fcfa4 netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events 2017-01-03 13:52:26 -06:00
Andrew Zaborowski
fbb7a72643 netdev: Register for and parse Neighbor Report responses 2017-01-03 13:11:52 -06:00
Andrew Zaborowski
dafa43fa54 netdev: Support sending Neighbor Report requests 2017-01-03 13:03:20 -06:00
Andrew Zaborowski
8646ab5bdd netdev: Handle Action Frames in netdev
Action Frames are sent by nl80211 as unicast data.  We're not receiving
any other unicast packets in iwd at this time so let netdev directly
handle all unicast data on the genl socket.
2017-01-03 12:56:36 -06:00
Andrew Zaborowski
b0f51a2527 scan: Support freq_set in scan_parameters
This way we can tell the kernel to only scan on particular frequencies
2017-01-03 12:10:07 -06:00
Andrew Zaborowski
ed1538d5bb scan: Add scan_active_full
Add a version of scan_active that accepts a struct with the scan
parameters so we can more easily add new parameters.  Since the genl
message is now built within scan_active_start the extra_ie memory
can be freed by the caller at any time.
2017-01-03 12:07:37 -06:00
Denis Kenzior
ada054cc30 test-runner: Don't use killall
killall doesn't wait for the iwd process to clean up, so using it is not
enough when cleaning up between tests.

Using killall -w also doesn't work since iwd is launched by the script.
By the time killall is invoked, the script process is also cleaned up.
So when iwd is killed via killall, nobody is there to reap the zombie
process (test-runner is running as init, but doesn't do this)

The easiest solution is to make the test script itself clean up any iwd
processes it launches.  This is what has been implemented in the
previous patch.
2016-12-20 12:44:52 -06:00
Denis Kenzior
ed69774dbc autotests: Clean up iwd process
If the process is launched by the test, then clean it up when the test
is cleaned up
2016-12-20 12:44:52 -06:00
Denis Kenzior
cec1546fce netdev: Fix crash on netdev_disconnect 2016-12-20 10:37:07 -06:00
Denis Kenzior
adde4e2db9 netdev: Fix typo 2016-12-20 10:31:33 -06:00
Rahul Rahul
1378830a2c autotests: EAP-TLS test with MFPC 2016-12-19 11:08:26 -06:00
Rahul Rahul
960fb0348e autotests: EAP-TLS test with MFPR and SHA256 2016-12-19 11:07:47 -06:00
Rahul Rahul
cf10ef0833 autotests: WPA2 test with SHA256 2016-12-19 11:06:00 -06:00
Denis Kenzior
04e89c773b AUTHORS: Mention Markus' contributions 2016-12-19 11:04:10 -06:00
Markus Ongyerth
cd4957eb55 wscutil: Change type for va_args for clang
clang complains about enum as var_arg type
because of the argument standard conversion.
In a small test I did neither clang nor gcc can
properly warn about out of range values, so it's
purely for documentation either way.
2016-12-19 11:03:00 -06:00
Markus Ongyerth
139c8af210 wiphy: Remove useless null check on array 2016-12-19 11:02:55 -06:00
Markus Ongyerth
e2074678a3 autotools: Only use -Wcast-align with gcc
-Wcast-align currently breaks compilation with clang.
There's a more details about it on the ell mailing list.
2016-12-19 11:02:50 -06:00
Andrew Zaborowski
27bdddf010 netdev: Emit DISCONNECT_BY_SME event on eapol failures
There are situations when a CMD_DISCONNECT or deauthenticate will be
issued locally because of an error detected locally where netdev would
not be able to emit a event to the device object.   The CMD_DISCONNECT
handler can only send an event if the disconnect is triggered by the AP
because we don't have an enum value defined for other diconnects.  We
have these values defined for the connect callback but those errors may
happen when the connect callback is already NULL because a connection
has been estabilshed.  So add an event type for local errors.

These situations may occur in a transition negotiation or in an eapol
handshake failure during rekeying resulting in a call to
netdev_handshake_failed.
2016-12-15 17:08:47 -06:00
Andrew Zaborowski
4d366df23f wsc: Handle beacon lost event
Handle the beacon loss event same as a disconnect: if any credentials
have been received try using them, otherwise fail.
2016-12-15 16:57:05 -06:00
Andrew Zaborowski
a750b7067a netdev: Drop netdev->remote_addr 2016-12-15 15:47:57 -06:00
Andrew Zaborowski
b99c89fd35 netdev: Drop separate mde parameter, simplify 2016-12-15 15:46:57 -06:00
Andrew Zaborowski
9c6643b773 netdev: Always require handshake_state with netdev_connect 2016-12-15 15:25:53 -06:00
Andrew Zaborowski
d93a44a3f0 wsc: Move eapol_sm creation to netdev_connect_wsc 2016-12-15 15:16:25 -06:00
Denis Kenzior
c9ee5b8e7f TODO: Add task about MSK sizes 2016-12-15 11:15:21 -06:00
Denis Kenzior
e458d0604e TODO: Cleanup some completed tasks 2016-12-15 10:59:19 -06:00
Denis Kenzior
3d4da25b6c unit: Tweak style 2016-12-14 23:09:55 -06:00
Denis Kenzior
aca4641fad eap-mschapv2: Fixup some style issues 2016-12-14 23:07:02 -06:00
Markus Ongyerth
214603e68f tools: Add MD4 to test runner kernel config 2016-12-14 23:01:22 -06:00
Markus Ongyerth
5af52f519b autotests: add autotest for eap-mschapv2 2016-12-14 23:01:00 -06:00
Markus Ongyerth
9afe21f86f eap-mschapv2: add code for eap method 2016-12-14 22:56:56 -06:00
Markus Ongyerth
dfc852dd3e unit: Add tests for eap-mschapv2 functions 2016-12-14 22:47:00 -06:00
Markus Ongyerth
1baa6ec04c eap-mschap: Add crypto functions for mschapv2
Add the key-derivation and hash functions required for mschapv2.
The eap-mschapv2 protocol can be implemented on top of these functions.
2016-12-14 22:46:18 -06:00
Denis Kenzior
6e729f6175 test-runner: Make sure to chdir to top_level_path
Some unit tests expect to be running from the top level iwd tree
directory to load certificates and such.  Make sure that test-runner
chdirs to the appropriate directory prior to running the unit tests.
2016-12-14 15:52:28 -06:00
Denis Kenzior
3440652520 doc: Mention the need for ell-key-crypto branch 2016-12-14 15:48:23 -06:00
Rahul Rahul
0327be75c8 autotests: WPA2 test with MFP required 2016-12-14 14:53:28 -06:00
Denis Kenzior
2cd36be5ff netdev: Fixup USE_MFP atribute usage
The kernel parses NL80211_ATTR_USE_MFP to mean an enumeration
nl80211_mfp.  So instead of using a boolean, we should be using the
value NL80211_MFP_REQUIRED.
2016-12-13 09:26:42 -06:00
Denis Kenzior
221a8f9218 eapol: Fix IGTK key index extraction 2016-12-13 09:25:21 -06:00