3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-25 01:19:23 +01:00
Commit Graph

5849 Commits

Author SHA1 Message Date
Marcel Holtmann
481af204b0 build: Require at least version 0.44 when building with external ELL 2021-09-14 22:00:02 +02:00
Denis Kenzior
6dbde8121d monitor: Support short form of '--noies' option 2021-09-14 10:43:36 -05:00
James Prestwood
7fda423e12 auto-t: remove ';' in testSAE autoconnect_test.py 2021-09-09 16:57:38 -05:00
James Prestwood
4c6f0ff75a auto-t: add SAE test for no supported groups 2021-09-09 16:57:38 -05:00
James Prestwood
a0a05a88b9 auto-t: add SAE test for a non-ACKed confirm 2021-09-09 16:57:38 -05:00
James Prestwood
1574909535 auto-t: change testSAE timeout_test to use match/offset
This makes things more clear on what frames are being blocked
since it passes over header information to get to the actual
SAE payload.
2021-09-09 16:57:38 -05:00
James Prestwood
9049ed2f25 auto-t: hwsim.py: add match/match_offset properties 2021-09-09 16:57:38 -05:00
James Prestwood
3f4cafe135 hwsim: add MatchBytes/MatchBytesOffset rule properties
If set, a rule will start matching 'MatchBytes' some number of bytes
into the frame (MatchBytesOffset). This is useful since header
information, addresses, and sequence numbers may be unpredictable
between test runs.

To avoid unintended matches the Prefix property is left unchanged
and will match starting at the beginning of the frame.
2021-09-09 16:57:38 -05:00
James Prestwood
a50af3b751 auto-t: remove OWE renegotiate test
Since IWD tries group 20 first all other OWE tests are actually
triggering group negotiation where this test is not. Since this
code is exercised this test can be removed completely, as well
as the additional radio/network.
2021-09-08 20:05:07 -05:00
Denis Kenzior
23af586acd netdev: Properly handle auth_proto error returns
Kernel keeps transmitting authentication frames until told to stop or an
authentication frame the kernel considers 'final' is received.  Detect
cases where the kernel would keep retransmitting, and if auth_proto
encounters a fatal protocol error, prevent these retransmissions from
occuring by sending a Deauthenticate command to the kernel.

Additionally, treat -EBADMSG/-ENOMSG return from auth_proto specially.
These error codes are meant to convey that a frame should be silently
dropped and retransmissions should continue.
2021-09-08 17:04:36 -05:00
James Prestwood
eeb42c56f0 auto-t: add sae test for non-acked commit
This test simulates the scenario where IWDs commit is not acked which
exposes a hostapd bug that ultimately fails the connection. This behavior
can be seen by reverting the commit which works around this issue:

"sae: don't send commit in confirmed state"

With the above patch applied this test should pass.

Note: The existing timeout test was reused as it was not of much use
anyways. All it did was block auth/assoc frames and expect a failure
which didn't exercise any SAE logic anyways.
2021-09-08 16:48:07 -05:00
James Prestwood
3d82ab167f mpdu: add MMPDU_STATUS_CODE_SAE_PK 2021-09-08 16:47:36 -05:00
James Prestwood
305189523a auth-proto: document acceptable return values for auth-protos
Since all auth-protos are hidden behind an abstraction they need
to be consisten with the return values as some should be handled
specially.
2021-09-08 16:46:45 -05:00
James Prestwood
7e9b4170b1 sae: don't send commit/confirm in confirmed state
This works around a hostapd bug (described more in the TODO comment)
which is exposed because of the kernels overly agressive re-transmit
behavior on missed ACKs. Combined this results in a death if the
initial commit is not acked. This behavior has been identified in
consumer access points and likely won't ever be patched for older
devices. Because of this IWD must work around the problem which can
be eliminated by not sending out this commit message.

This bug was reported to the hostapd ML:

https://lists.infradead.org/pipermail/hostap/2021-September/039842.html

This change should not cause any compatibility problems to non-hostapd
access points and is identical to how wpa_supplicant treats this
scenario.
2021-09-08 16:46:07 -05:00
James Prestwood
f78ea26f13 fils: change fatal return code to -EPROTO
This keeps FILS consistent with what netdev expects for a fatal
auth-proto return.
2021-09-08 14:35:05 -05:00
James Prestwood
8ca638fb88 sae: fix a spec violation with duplicate commits
If a commit is received while in an accepted state the spec states
the scalar should be checked against the previous commit and if
equal the message should be silently dropped.
2021-09-08 14:16:40 -05:00
James Prestwood
799e7af9c7 sae: print state and transaction on received packets
This will make SAE a bit easier to debug in the future.
2021-09-07 20:03:02 -05:00
James Prestwood
7fe55567bd netdev: print error if CMD_ASSOCIATE fails 2021-09-07 20:02:45 -05:00
James Prestwood
5b226a8151 auto-t: hwsim.py: add drop_ack property 2021-09-07 20:02:38 -05:00
James Prestwood
bedd20b08e hwsim: add DropAck rule property
The hwsim rules did not treat frames and ACKs any differently which
can mislead the developer especially when setting a rule prefix.
If a prefix was used the frame ACK was actually being matched against
the original frame payload which seems wrong because the ACK is not
the original frame.

Though strange, matching the frame prefix on an ACK has its place if
the developer wants to block just the ACK rather than the frame so
to make this case more clear 'DropAck' was added as a rule property.
And only if this is true will an ACK be checked and potentially
dropped.

To maintain the current hwsim behavior DropAck will default to true.
2021-09-07 19:02:54 -05:00
James Prestwood
06ee649a91 auto-t: hwsim.py: add match_times property 2021-09-07 19:02:47 -05:00
James Prestwood
f2197fa06b hwsim: add MatchTimes property
This integer property can be set to only match a rule a number of
times rather than all packets. This is useful for testing behavior
of a single dropped frame or ack. Once the rule has been matched
'MatchTimes' the rules will no longer be applied (unless set again
to some integer greater than zero).
2021-09-07 16:32:42 -05:00
James Prestwood
11271cd967 test-runner: move process tracking out of Namespace
Since Process.processes is a weak reference dictionary any process
put in this dict will disappear if all references are lost. This
is much better than keeping a list in the Namespace which will hold
the references forever until test-runner manually kills them all at
the end of the test. This does still need to be done for daemon
processes but everything else can just go away when it is no longer
needed.
2021-09-07 12:45:26 -05:00
James Prestwood
92a3d8f498 test-runner: write out separators in log files
The test-runner logging is very basic and just dumps everything into files
per-test. This means any subtests are just appended to existing log files
which can be difficult to parse after the fact. This is especially hard
when IWD/Hostapd runs once for the entirety of the test (as opposed to
killing between tests).

This patch writes out a separator between each subtests in the form:
===== <file>:<function> =====

To do this all processes are now kept as weak references inside the
Process class itself. Process.write_separators() can be called which
will iterate through all running processes and write the provided
separator.

This also paves the way to remove the ctx.processes array which is more
trouble than its worth due to reference issues.

Note: For tests which start IWD this will have no effect as the separator
is written prior to the test running. For these tests though, it is
much easier to read the log files because you can clearly see when
IWD starts and exits.
2021-09-07 12:45:26 -05:00
James Prestwood
ac395525c8 test-runner: use Process to start hostapd
Since the hostapd process object is tracked by the Hostapd class there
is no sense of keeping it in the process list as well.
2021-09-07 12:45:26 -05:00
James Prestwood
165557070e test-runner: fix process cleanup
Processes which were not explicitly killed ended up staying around
forever because they internally held references to other objects
such as GLib IO watches or write FDs.

This shuffles some code so these objects get cleaned up both when
explititly killed and after being waited for.
2021-09-07 12:45:26 -05:00
James Prestwood
920dc5b087 test-runner: don't use start_process for transient processes
Any process which is short lived and  waited for should just use
Process directly as to not add to the process queue.
2021-09-07 12:45:26 -05:00
James Prestwood
7123f47f84 test-runner: remove special case for "root" namespace
This was a placeholder at one point but modules grew to depend on it
being a string. Fix these dependencies and set the root namespace
name to None so there is no more special case needed to handle both
a named namespace and the original 'root' namespace.
2021-09-07 12:45:26 -05:00
Denis Kenzior
9d045fae0e scan: Parse network cost IE info into scan_bss 2021-09-03 16:32:51 -05:00
Denis Kenzior
c93966d5a1 ie: Add parse utility for network cost vendor IE 2021-09-03 16:30:28 -05:00
Andrew Zaborowski
c545674918 station: Check ie_tlv_iter_next return value
This can't be false but check it to calm static analysis.
2021-09-03 14:49:25 -05:00
Andrew Zaborowski
48c5e8d215 netconfig: Actually use the DNS override values
In netconfig_load_settings apply the DNS overrides strings we've loaded
instead of leaking them.

Fixes: ad228461ab ("netconfig: Move loading settings to new method, refactor")
2021-09-03 14:49:15 -05:00
Andrew Zaborowski
59d4e86bc5 autotests: Don't use the netifaces module
Get rid of a dependency on a package that needed to be manually
installed.
2021-09-03 14:45:18 -05:00
Andrew Zaborowski
ba152c567c autotests: Extend a testP2P timeout
With various versions of wpa_supplicant tested, after an IWD GO tears
the group down, the wpa_supplicant P2P client will not immediately
signal that the group has disappeared but will at least wait for the
lost beacon signal, wait some more and try reconnecting and all that
takes it 10s or a little longer.  Possibly sending Deauthenticate frames
to clients first would improve this.
2021-09-03 14:45:18 -05:00
Denis Kenzior
dd9265f2db netdev: deauth if eapol_start fails 2021-09-03 14:40:16 -05:00
James Prestwood
8b6ad5d3b9 owe: netdev: refactor to remove OWE as an auth-proto 2021-09-03 14:34:30 -05:00
James Prestwood
038b9bff4d wsc: set ssid in handshake
netdev now assumes the SSID was set in the handshake (normally via
network_handshake_setup) but WSC calls netdev_connect directly so
it also should set the SSID.
2021-09-03 14:30:44 -05:00
James Prestwood
db2f14225d netdev: factor out scan_bss from CMD_CONNECT builder
In order to support OWE in the CMD_CONNECT path the scan_bss parameter
needs to be removed since this is lost after netdev_connect returns.
Nearly everything needed is also stored in the handshake except the
privacy capability which is now being mirrored in the netdev object
itself.
2021-09-03 14:30:44 -05:00
James Prestwood
3975e4eb6d station: check for duplicate frequencies in debug scan 2021-09-03 13:19:49 -05:00
James Prestwood
1b44527511 test-runner: fix --monitor option
Two issues:
 - log-gid/uid was not being set
 - the log file was being appended if it already existed
2021-09-03 13:19:46 -05:00
Denis Kenzior
735dc0b7f3 TODO: Mark Passpoint task as done 2021-08-31 14:46:49 -05:00
Denis Kenzior
318568bcb6 TODO: Mark MSK size task as done 2021-08-31 14:46:47 -05:00
Denis Kenzior
f0d227dcb5 TODO: Mark Diagnostic interface task done 2021-08-31 14:39:45 -05:00
Denis Kenzior
10aac88be5 TODO: Add a task regarding DNAv4 2021-08-31 14:38:41 -05:00
Andrew Zaborowski
c79f583e0c test-runner: Fix verbose check for processes in namespaces
Check whether verbose output is enabled for process name arg[0] before
prepending the "ip netns exec" part to arg since arg[0] is going to be
"ip" after that.
2021-08-31 10:11:01 -05:00
Andrew Zaborowski
5b7ec7689a ap: Add MACs to FILS IP Assignment responses
Try to include the gateway and DNS MAC addresses in the corresponding
fields in the FILS IP Address Assignment IEs we send to the clients.
2021-08-31 10:10:05 -05:00
Andrew Zaborowski
093d23a869 netconfig: Apply MACs received in FILS IP Assigment
Use the MAC addresses for the gateways and DNS servers received in the
FILS IP Assigment IE together with the gateway IP and DNS server IP.
Commit the IP to MAC mappings directly to the ARP/NDP tables so that the
network stack can skip sending the corresponding queries over the air.
2021-08-31 10:07:13 -05:00
Andrew Zaborowski
eb1149ca1f ie: Extract same-subnet check code to util.h 2021-08-31 10:06:47 -05:00
Andrew Zaborowski
d383a49b7b station, netdev: Enable FILS IP Address Assignment
Send and receive the FILS IP Address Assignment IEs during association.
As implemented this would work independently of FILS although the only
AP software handling this mechanism without FILS is likely IWD itself.

No support is added for handling the IP assignment information sent from
the server after the initial Association Request/Response frames, i.e.
the information is only used if it is received directly in the
Association Response without the "response pending" bit, otherwise the
DHCP client will be started.
2021-08-31 10:04:36 -05:00
Andrew Zaborowski
581b6139dc netconfig: FILS IP assigment API
Add two methods that will allow station to implement FILS IP Address
Assigment, one method to decide whether to send the request during
association, and fill in the values to be used in the request IE, and
another to handle the response IE values received from the server and
apply them.  The netconfig->rtm_protocol value used when the address is
assigned this way remains RTPROT_DHCP because from the user's point of
view this is automatic IP assigment by the server, a replacement for
DHCP.
2021-08-31 10:01:11 -05:00