3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-14 16:09:24 +01:00
Commit Graph

5906 Commits

Author SHA1 Message Date
Denis Kenzior
2bebb4bdc7 netdev: Handle deauth frames prior to association
In some cases the AP can send a deauthenticate frame right after
accepting our authentication.  In this case the kernel never properly
sends a CMD_CONNECT event with a failure, even though CMD_COONNECT was
used to initiate the connection.  Try to work around that by detecting
that a Deauthenticate event arrives prior to any Associte or Connect
events and handle this case as a connect failure.
2021-02-02 15:27:50 -06:00
Denis Kenzior
83e1265c6b monitor: Add --noies option
To help understand scanning results a bit better and cut down on scan
output add an option to not print the contents of the IEs.  Only the
SSID IE will be printed.
2021-02-02 12:04:53 -06:00
Denis Kenzior
8bf43c95a8 monitor: Pretty-print NL80211_SCAN_FLAGS 2021-02-02 10:37:12 -06:00
Denis Kenzior
c319bca477 station: correctly set mac randomization hint
Now that ConnectHiddenNetwork can be invoked while we're connected, set
the mac randomization hint parameter properly.  The kernel will reject
requests if randomization is enabled while we're connected to a network.
2021-02-02 09:54:34 -06:00
Denis Kenzior
06ca8e20a9 station: Hide forgotten hidden networks
If we forget a hidden network, then make sure to remove it from the
network list completely.  Otherwise it would be possible to still
issue a Network.Connect to that particular object, but the fact that the
network is hidden would be lost.
2021-02-02 09:36:37 -06:00
James Prestwood
68303ae485 client: add support for AP StartProfile
StartProfile was added to the AP interface but the required
command was never added to iwctl. This command requires a
profile exists in <configuration dir>/ap/. The syntax is as
follows:

ap <wlanX> start-profile <profile_name>
2021-02-01 15:37:46 -06:00
Denis Kenzior
add3d43dad station: expire networks found by hidden scan sooner 2021-02-01 15:30:15 -06:00
Denis Kenzior
08a295c348 station: Fix leaking of roam_freqs on shutdown
==17639== 72 (16 direct, 56 indirect) bytes in 1 blocks are definitely
lost in loss record 3 of 3
==17639==    at 0x4C2F0CF: malloc (vg_replace_malloc.c:299)
==17639==    by 0x4670AD: l_malloc (util.c:61)
==17639==    by 0x4215AA: scan_freq_set_new (scan.c:1906)
==17639==    by 0x412A9C: parse_neighbor_report (station.c:1910)
==17639==    by 0x407335: netdev_neighbor_report_frame_event
(netdev.c:3522)
==17639==    by 0x44BBE6: frame_watch_unicast_notify (frame-xchg.c:233)
==17639==    by 0x470C04: dispatch_unicast_watches (genl.c:961)
==17639==    by 0x470C04: process_unicast (genl.c:980)
==17639==    by 0x470C04: received_data (genl.c:1101)
==17639==    by 0x46D9DB: io_callback (io.c:118)
==17639==    by 0x46CC0C: l_main_iterate (main.c:477)
==17639==    by 0x46CCDB: l_main_run (main.c:524)
==17639==    by 0x46CF01: l_main_run_with_signal (main.c:656)
==17639==    by 0x403EDE: main (main.c:490)
2021-02-01 15:12:17 -06:00
Denis Kenzior
d372d59bea station: Allow ConnectHiddenNetwork to be retried
In the case that ConnectHiddenNetwork scans successfully, but fails for
some other reason, the network object is left in the scan results until
it expires.  This will prevent subsequent attempts to use
ConnectHiddenNetwork with a .NotHidden error.  Fix that by checking
whether a found network is hidden, and if so, allow the request to
proceed.
2021-02-01 14:19:37 -06:00
Denis Kenzior
e04ae506a3 network: rework network_connect_new_hidden_network
Rework the logic slightly so that this function returns an error message
on error and NULL on success, just like other D-Bus method
implementations.  This also simplifies the code slightly.
2021-02-01 13:37:07 -06:00
Denis Kenzior
56538bf75b station: Allow ConnectHiddenNetwork while connected
We used to not allow to connect to a different network while already
connected.  One had to disconnect first.  This also applied to
ConnectHiddenNetwork calls.

This restriction can be dropped now.  station will intelligently
disconnect from the current AP when a station_connect_network() is
issued.
2021-02-01 13:37:07 -06:00
Denis Kenzior
fc10ee8745 station: Fix not cleaning up pending_connect
If the disconnect fails and station_disconnect_onconnect_cb is called
with an error, we reply to the original message accordingly.
Unfortunately pending_connect is not unrefed or cleared in this case.
Fix that.

Fixes: d0ee923dda ("station: Disconnect, if needed, on a new connection attempt")
2021-02-01 13:37:07 -06:00
Andrew Zaborowski
074bc52717 eapol,ap: Remove assumption of single cipher in authenticator IE
Allow the user of the eapol_sm & handshake_state APIs to have multiple
pairwise ciphers listed in the authenticator IE.
2021-02-01 10:06:21 -06:00
Andrew Zaborowski
436c5a45e4 ap: Set the group cipher when sending START_AP
Seems this was overlooked because an initial version of ap.c didn't have
group traffic support.
2021-02-01 10:05:55 -06:00
Andrew Zaborowski
065f19b479 ap: Fix cleanup on ap_parse_new_station_ies errors 2021-01-29 20:06:18 -06:00
Alvin Šipraga
af93217701 auto-t: add test for stopping periodic roam retries 2021-01-29 17:55:50 -06:00
James Prestwood
756158dfc9 knownnetworks: sanitize known_network.freq on load
An invalid known_network.freq file containing several UUID
groups which have the same 'name' key results in memory leaks
in IWD. This is because the file is loaded and the group's
are iterated without detecting duplicates. This leads to the
same network_info's known_frequencies being set/overridden
multiple times.

To fix this we just check if the network_info already has a
UUID set. If so remove the stale entry.

There may be other old, invalid, or stale entries from previous
versions of IWD, or a user misconfiguring the file. These will
now also be removed during load.
2021-01-29 17:48:03 -06:00
James Prestwood
7b2ce98abd station: fix leak on parse_neighbor_report 2021-01-29 17:22:20 -06:00
James Prestwood
9f33740d41 ap: fix off by one error
The RSN element was not being allocated properly which caused
an invalid read in some cases.
2021-01-29 15:04:10 -06:00
Denis Kenzior
ed0f3e87ca netdev: Fix re-entrancy bug in netdev_shutdown
netdev_shutdown calls queue_destroy on the netdev_list, which in turn
calls netdev_free.  netdev_free invokes the watches to notify them about
the netdev being removed.  Those clients, or anything downstream can
still invoke netdev_find.  Unfortunately queue_destroy is not re-entrant
safe, so netdev_find might return stale data.  Fix that by using
l_queue_peek_head / l_queue_pop_head instead.

src/station.c:station_enter_state() Old State: connecting, new state:
connected
^CTerminate
src/netdev.c:netdev_free() Freeing netdev wlan1[6]
src/device.c:device_free()
Removing scan context for wdev 100000001
src/scan.c:scan_context_free() sc: 0x4ae9ca0
src/netdev.c:netdev_free() Freeing netdev wlan0[48]
src/device.c:device_free()
src/station.c:station_free()
src/netconfig.c:netconfig_destroy()
==103174== Invalid read of size 8
==103174==    at 0x467AA9: l_queue_find (queue.c:346)
==103174==    by 0x43ACFF: netconfig_reset (netconfig.c:1027)
==103174==    by 0x43AFFC: netconfig_destroy (netconfig.c:1123)
==103174==    by 0x414379: station_free (station.c:3369)
==103174==    by 0x414379: station_destroy_interface (station.c:3466)
==103174==    by 0x47C80C: interface_instance_free (dbus-service.c:510)
==103174==    by 0x47C80C: _dbus_object_tree_remove_interface
(dbus-service.c:1694)
==103174==    by 0x47C99C: _dbus_object_tree_object_destroy
(dbus-service.c:795)
==103174==    by 0x409A87: netdev_free (netdev.c:770)
==103174==    by 0x4677AE: l_queue_clear (queue.c:107)
==103174==    by 0x4677F8: l_queue_destroy (queue.c:82)
==103174==    by 0x40CDC1: netdev_shutdown (netdev.c:5089)
==103174==    by 0x404736: iwd_shutdown (main.c:78)
==103174==    by 0x404736: iwd_shutdown (main.c:65)
==103174==    by 0x46BD61: handle_callback (signal.c:78)
==103174==    by 0x46BD61: signalfd_read_cb (signal.c:104)
2021-01-29 15:02:19 -06:00
Denis Kenzior
bd6d19e084 netdev: Squash memory leak on module_init failure
In the case of module_init failing due to a module that comes after
netdev, the netdev module doesn't clean up netdev_list properly.

==6254== 24 bytes in 1 blocks are still reachable in loss record 1 of 1
==6254==    at 0x483777F: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6254==    by 0x4675ED: l_malloc (util.c:61)
==6254==    by 0x46909D: l_queue_new (queue.c:63)
==6254==    by 0x406AE4: netdev_init (netdev.c:5038)
==6254==    by 0x44A7B3: iwd_modules_init (module.c:152)
==6254==    by 0x404713: nl80211_appeared (main.c:171)
==6254==    by 0x4713DE: process_unicast (genl.c:993)
==6254==    by 0x4713DE: received_data (genl.c:1101)
==6254==    by 0x46E00B: io_callback (io.c:118)
==6254==    by 0x46D20C: l_main_iterate (main.c:477)
==6254==    by 0x46D2DB: l_main_run (main.c:524)
==6254==    by 0x46D2DB: l_main_run (main.c:506)
==6254==    by 0x46D502: l_main_run_with_signal (main.c:656)
==6254==    by 0x403EDB: main (main.c:490)
2021-01-29 13:39:20 -06:00
James Prestwood
aefcaf8559 ap: handle GET_KEY error setting RSC to zero
Rather than the previous hack which disabled group traffic it
was found that the GTK RSC could be manually set to zero which
allows group traffic. This appears to fix AP mode on brcmfmac
along with the previous fixes. This is not documented in
nl80211, but appears to work with this driver.
2021-01-29 13:15:36 -06:00
James Prestwood
4635e095ba ap: rename ap_parse_ie to be more descriptive
This is only used for NEW_STATION parsing so name appropriately
2021-01-29 13:15:24 -06:00
Denis Kenzior
c09e97689b include: Update to the latest nl80211.h 2021-01-29 11:49:58 -06:00
James Prestwood
32028f6daf ap: add DEL_STATION path to fullmac AP handling
This is how a fullmac card tells userspace that a station has
left. This fixes the issue where the same client cannot re-connect
to the same AP multiple times. ap_new_station was renamed to
ap_handle_new_station for consistency.
2021-01-29 11:36:09 -06:00
James Prestwood
7429b2162d ap: allow no group traffic on GET_KEY error
Some fullmac cards were found to be buggy with getting the GTK
where it returns a BIP key for the GTK index, even after creating
a GTK with NEW_KEY explicitly. In an effort to get these cards
semi-working we can treat this just as a warning and continue with
the handshake without a GTK set which disables group traffic. A
warning is printed in this case so the user is not completely in
the dark.
2021-01-28 13:41:43 -06:00
Alvin Šipraga
a04b61ec77 netdev: preserve cur_rssi_low across reassociation
Fix an issue with the recent changes to signal monitoring from commit
f456501b ("station: retry roaming unless notified of a high RSSI"):

    1. driver sends NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW
    2. netdev->cur_rssi_low changes from FALSE to TRUE
    3. netdev sends NETDEV_EVENT_RSSI_THRESHOLD_LOW to station
    4. on roam reassociation, cur_rssi_low is reset to FALSE
    5. station still assumes RSSI is low, periodically roams
       until netdev sends NETDEV_EVENT_RSSI_THRESHOLD_HIGH
    6. driver sends NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH
    7. netdev->cur_rssi_low doesn't change (still FALSE)
    8. netdev never sends NETDEV_EVENT_RSSI_THRESHOLD_HIGH
    9. station remains stuck in an infinite roaming loop

The commit in question introduced the logic in (5). Previously the
assumption in station was - like in netdev - that if the signal was
still low, the driver would send a duplicate LOW event after
reassociation. This change makes netdev follow the same new logic as
station, i.e. assume the same signal state (LOW/HIGH) until told
otherwise by the driver.
2021-01-28 13:40:10 -06:00
Alvin Šipraga
fda4734a1b auto-t: throw exception if hostapd can't send BSS transition req
The testAPRoam autotest was silently failing on my machine until I
realized that my distribution hostapd (Arch Linux) is not built with
CONFIG_WNM_AP=y. Indeed, it is also disabled by default in upstream
hostapd. This resulted in the send_bss_transition() function of
hostapd.py silently failing. With this change, throw an exception in
case the BSS_TM_REQ command does not succeed to hopefully save others
the time of debugging this problem.
2021-01-28 13:30:57 -06:00
James Prestwood
63c8df78a3 ap: handle NEW_STATION for fullmac cards
Since fullmac cards handle auth/assoc in firmware IWD must
react differently while in AP mode just as it does in station.
For fullmac cards a NEW_STATION event is emitted post association
and from here the 4-way handshake can begin. In this NEW_STATION
handler a new sta_state is created and the needed members are
set in order to inject us back into the normal code execution
for softmac post association (i.e. creating group keys and
starting the 4-way handshake). From here everything works the
same as softmac.
2021-01-28 13:25:18 -06:00
James Prestwood
d1b3f2d14f auto-t: remove stale hw.conf options
After the test-runner re-write many tests were left with
stale options that are no longer used at all. These were
periodically getting removed as changes were made to
individual tests, but its apparent now that a tree wide
removal was needed.
2021-01-27 13:42:58 -06:00
Alvin Šipraga
30e7bf5f0d doc: update test-runner invocation documentation
The test-runner no longer recognizes -t to specify an autotest. Instead
it uses -A.
2021-01-27 13:20:29 -06:00
Alvin Šipraga
5e7ec20057 doc: add python package requirements for test-runner 2021-01-27 13:19:42 -06:00
Alvin Šipraga
d83b4a4597 doc: update kernel configuration instructions for KVM guests
The kvmguest shorthand was removed after the release of Linux 5.10. It
was just shorthand for kvm_guest.config anyway, so update the
test-runner documentation accordingly.
2021-01-27 13:19:26 -06:00
Alvin Šipraga
d544fb9fa8 auto-t: add test for roaming retry timing
Recent changes make iwd more eager to retry roaming if it has detected a
high RSSI since the last attempt. Add an autotest to verify this
behaviour.
2021-01-27 13:13:43 -06:00
Denis Kenzior
6db352a82d manager: UseDefaultInterface for bcmsdh_sdmmc
This driver is used on some ARM based devices
2021-01-27 09:58:34 -06:00
Andrew Zaborowski
6f62056fcf eap-tls: Use the right variable in settings check 2021-01-27 09:52:47 -06:00
James Prestwood
a9c32d85ea station: cancel quick scans on Connect()
At some point the non-interactive client tests began failing.
This was due to a bug in station where it would transition from
'connected' to 'autoconnect' due to a failed scan request. This
happened because a quick scan got scheduled during an ongoing
scan, then a Connect() gets issued. The work queue treats the
Connect as a priority so it delays the quick scan until after the
connection succeeds. This results in a failed quick scan which
IWD does not expect to happen when in a 'connected' state. This
failed scan actually triggers a state transition which then
gets IWD into a strange state where its connected from the
kernel point of view but does not think it is:

src/station.c:station_connect_cb() 13, result: 0
src/station.c:station_enter_state() Old State: connecting, new state: connected
src/wiphy.c:wiphy_radio_work_done() Work item 6 done
src/wiphy.c:wiphy_radio_work_next() Starting work item 5
src/station.c:station_quick_scan_triggered() Quick scan trigger failed: -95
src/station.c:station_enter_state() Old State: connected, new state: autoconnect_full

To fix this IWD should simply cancel any pending quick scans
if/when a Connect() call comes in.
2021-01-26 14:45:00 -06:00
James Prestwood
b0e970ae38 test-runner: fix logging, verbose, and process output
There were some major problems related to logging and process
output. Tests which required output from start_process would
break if used with '--log/--verbose'. This is because we relied
on 'communicate' to retrieve the process output, but Popen does
not store process output when stdout/stderr are anything other
than PIPE.

Intead, in the case of logging or outfiles, we can simply read
from the file we just wrote to.

For an explicit --verbose application we must handle things
slightly different. A keyword argument was added to Process,
'need_out' which will ensure the process output is kept
regardless of --log or --verbose.

Now a user should be able to use --log/--verbose without any
tests failing.
2021-01-26 13:41:23 -06:00
James Prestwood
cc345582ad test-runner: don't always print "verbose on for ..."
This shouldn't have been a dbg print, but rather a normal print
which will only be printed when '-d' is used.
2021-01-26 13:41:01 -06:00
James Prestwood
296f1d0d1c test-runner: fix verbose arguments as single string
The verbose arguments come in from the QEMU command line as a
single string. This should have been split into an array immediately
but was not. This led to issues like hostapd debug being enabled
when "-v hostapd_cli" was passed in.
2021-01-26 13:40:49 -06:00
Andrew Zaborowski
5c95c5cc16 netconfig: Set more correct buffer length
Use INET_ADDRSTRLEN as the IPv4 address buffer size to avoid confusion.
2021-01-25 14:01:58 -06:00
Andrew Zaborowski
54e3bb385a doc: Specify the DNS format as string lists 2021-01-25 14:01:58 -06:00
Andrew Zaborowski
d6e99c1197 doc: Update EAP-TLS client key setting information 2021-01-25 14:01:58 -06:00
Andrew Zaborowski
a55f8864d2 testrunner: Fix /tmp files cleanup on error
Since the list of files copied to /tmp was part of the return value from
pre_test(), if an exception occurred inside pre_test(), "copied" would
be undefined and the post_test(ctx, copied) call in the finally clause
cause another exception:

raceback (most recent call last):
  File "/home/balrog/repos/iwd/tools/test-runner", line 1508, in <module>
    run_tests()
  File "/home/balrog/repos/iwd/tools/test-runner", line 1242, in run_tests
    run_auto_tests(config.ctx, args)
  File "/home/balrog/repos/iwd/tools/test-runner", line 1166, in run_auto_tests
    post_test(ctx, copied)
UnboundLocalError: local variable 'copied' referenced before assignment

(apart from not being able to clean up the files).  Pass "copied" as a
paremeter to pre_test instead.
2021-01-25 14:01:58 -06:00
Andrew Zaborowski
6fdae0c4eb autotests: Test loading binary key formats in testEAP-TLS 2021-01-25 14:01:58 -06:00
Andrew Zaborowski
84cae48c1b eap-tls: Make use of l_cert_load_container_file
Switch EAP-TLS-ClientCert and EAP-TLS-ClientKey to use
l_cert_load_container_file for file loading so that the file format is
autodetected.  Add new setting EAP-TLS-ClientKeyBundle for loading both
the client certificate and private key from one file.
2021-01-25 14:01:58 -06:00
Andrew Zaborowski
b0aa1e4e88 eap-tls: Drop EAP-{TTLS,PEAP}-Client{Cert,Key}
As requested move the client certificate and private key loading from
eap-tls-common.c to eap-tls.c.  No man page change needed because those
two settings weren't documented in it in the first place.
2021-01-25 14:01:58 -06:00
James Prestwood
5e631b4e38 auto-t: fix wait_for_object_condition
After the re-write this was broken and not noticed until
recently. The issue appeared to be that the GLib timeout
callback retained no context of local variables. Previously
_wait_timed_out was set as a class variable, but this was
removed so multiple IWD instances could work. Without
_wait_timed_out being a class variable the GLib timeout
setting it had no effect on the wait loop.

To fix this we can set _wait_timed_out on the object being
passed in. This is preserved in the GLib timeout callback
and setting it gets honored in the wait loop.
2021-01-25 13:10:52 -06:00
Denis Kenzior
944e0b5e23 client: Update copyrights 2021-01-25 10:46:07 -06:00
James Prestwood
8539c7aa9e client: remove display_dictionary
This has been replaced by diagnostic_display
2021-01-22 15:02:54 -06:00