3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-28 20:32:32 +01:00
Commit Graph

7381 Commits

Author SHA1 Message Date
Jesse Lentz
ce227e7b94 station: Provide SignalLevelAgent update while connecting
When a station enters the "connecting" state, if a SignalLevelAgent is
registered, provide an initial signal level via a "Changed" method call.
2022-05-23 12:56:55 -05:00
Jesse Lentz
38e2d4383a station: Simplify usage of station_signal_agent_notify()
station_signal_agent_notify() has been refactored so that its usage is
simpler. station_rssi_level_changed() has been replaced by an inlined
call to station_signal_agent_notify().
2022-05-23 12:38:41 -05:00
Jesse Lentz
6cea51b79f netdev: Initialize signal level during connection attempt
The call to netdev_rssi_level_init() in netdev_connect_common() is
currently a no-op, because netdev->connected has not yet been set at
this stage of the connection attempt. Because netdev_rssi_level_init()
is only used twice, it's been replaced by two inlined calls to
netdev_set_rssi_level_idx().
2022-05-23 12:36:00 -05:00
Denis Kenzior
58eaecbd14 AUTHORS: Mention Jesse's contributions 2022-05-20 17:01:30 -05:00
Jesse Lentz
8115105835 doc: Document initial signal level notification
Document the initial "Changed" method call following SignalLevelAgent
registration.
2022-05-20 16:57:42 -05:00
Jesse Lentz
3d27d0d80a station: send initial signal level notification
After registration of a SignalLevelAgent, make iwd inform the client of
the initial signal level via a "Changed" method call.
2022-05-20 16:56:59 -05:00
Jesse Lentz
0b9e7eb120 Allow SignalLevelAgent method calls in dbus policy
The SignalLevelAgent API is currently broken by the system bus's
security policy, which blocks iwd's outgoing method call messages. This
patch punches a hole for method calls on the
net.connman.iwd.SignalLevelAgent interface.
2022-05-20 14:50:54 -05:00
Denis Kenzior
503ce2e488 auto-t: Use NameResolvingService=none
Since this test isn't actually running name resolving service of any
kind, use NameResolvingService=none to quiet down the logs.
2022-05-20 10:15:17 -05:00
Denis Kenzior
d459509087 manpage: describe 'none' in NameResolvingService 2022-05-20 10:14:17 -05:00
Denis Kenzior
b96bbb35e0 resolve: Add "none" method
There may be situations where DNS information should not be set (for
example in auto-tests where the resolver daemon is not running) or if a
user wishes to ignore DNS information obtained.
2022-05-20 10:03:42 -05:00
Denis Kenzior
f12cf1ab9d build: Add rtnl-private.h from latest ell 2022-05-19 09:50:59 -05:00
Michael Johnson
2c9c5b6602 docs: Show new usage of IWD_DHCP_DEBUG 2022-05-19 09:47:36 -05:00
Michael Johnson
28d13f9a43 netconfig: Add multiple levels to IWD_DHCP_DEBUG
Allows granularly specifying the DHCP logging level. This allows the
user to tailor the output to what they need. By default, always display
info, errors and warnings to match the rest of iwd.

Setting `IWD_DHCP_DEBUG` to "debug", "info", "warn", "error" will limit
the logging to that level or higher allowing the default logging
verbosity to be reduced.

Setting `IWD_DHCP_DEBUG` to "1" as per the current behavior will
continue to enable debug level logging.
2022-05-19 09:47:31 -05:00
Denis Kenzior
f370b1b960 doc: Require scapy for test-runner 2022-05-11 17:26:56 -05:00
Denis Kenzior
f3c633e222 auto-t: Add EAPoL spoofing test
Make sure that unencrypted EAPoL packets received after the initial
handshake is complete do not break the connection.
2022-05-11 17:23:54 -05:00
Denis Kenzior
e44ccf3daa auto-t: Rework spoofing code
Use scapy library which allows one to easily construct and fudge various
network packets.  This makes constructing spoofed packets much easier
and more readable compared to hex-encoded, hand-crafted frames.
2022-05-11 17:20:30 -05:00
Denis Kenzior
2019823443 auto-t: Fix TA/BSSID addresses of spoofed disassoc
The TA/BSSID addresses of spoofed disassociate frames were set
incorrectly.  They should be using the 02:00:00:XX:XX:XX address, but
instead were being converted over to 42:00:00:XX:XX:XX address
2022-05-11 14:05:51 -05:00
Denis Kenzior
ee3a044b75 eapol: authenticator: Drop unencrypted EAPoL frames
After the initial handshake, once the TK has been installed, all frames
coming to the AP should be encrypted.  However, it seems that some
kernel/driver combinations allow unencrypted EAPoL frames to be received
and forwarded to userspace.  This can lead to various attacks.

Some drivers can report whether the EAPoL frame has been received
unencrypted.  Use this information to drop unencrypted EAPoL frames
received after the initial handshake has been completed.
2022-05-10 16:04:29 -05:00
Denis Kenzior
ccdea73df2 eapol: Drop unexpectedly unencrypted EAP frames
After the initial handshake, once the TK has been installed, all frames
coming from the AP should be encrypted.  However, it seems that some
kernel/driver combinations allow unencrypted EAPoL frames to be received
and forwarded to userspace.  This can lead to a denial-of-service attack
where receipt of an invalid, unencrypted EAP-Failure frame generated by
an adversary results in iwd terminating an ongoing connection.

Some drivers can report whether the EAPoL frame has been received
unencrypted.  Use this information to drop unencrypted EAP frames
received after the initial handshake has been completed.

Reported-by: Domien Schepers <schepers.d@northeastern.edu>
2022-05-10 16:03:41 -05:00
Denis Kenzior
5b42cb6cda eapol: Drop unexpectedly unencrypted PTK 1/4 frames
After the initial handshake, once the TK has been installed, all frames
coming from the AP should be encrypted.  However, it seems that some
kernel/driver combinations allow unencrypted EAPoL frames to be received
and forwarded to userspace.  This can lead to a denial-of-service attack
where receipt of an invalid, unencrypted EAPoL 1/4 frame generated by an
adversary results in iwd terminating an ongoing connection.

Some drivers can report whether the EAPoL frame has been received
unencrypted.  Use this information to drop unencrypted PTK 1/4 frames
received after the initial handshake has been completed.

Reported-by: Domien Schepers <schepers.d@northeastern.edu>
2022-05-10 12:22:03 -05:00
Denis Kenzior
1ef97e5cbc eapol: Silently discard invalid EAPoL frames
Do not fail an ongoing handshake when an invalid EAPoL frame is
received.  Instead, follow the intent of 802.11-2020 section 12.7.2:
"EAPOL-Key frames containing invalid field values shall be silently
discarded."

This prevents a denial-of-service attack where receipt of an invalid,
unencrypted EAPoL 1/4 frame generated by an adversary results in iwd
terminating an ongoing connection.

Reported-by: Domien Schepers <schepers.d@northeastern.edu>
2022-05-10 10:01:08 -05:00
Denis Kenzior
1409364371 scan: Sort scan_requests by wiphy work item priority
Periodic scan requests are meant to be performed with a lower priority
than normal scan requests.  They're thus given a different priority when
inserting them into the wiphy work queue.  Unfortunately, the priority
is not taken into account when they are inserted into the
sr->requests queue.  This can result in the scanning code being confused
since it assumes the top of the queue is always the next scheduled or
currently ongoing scan.  As a result any further wiphy_work might never be
started properly.

Apr 27 16:34:40 iwd[5117]: ../iwd-1.26/src/wiphy.c:wiphy_radio_work_insert() Inserting work item 3
Apr 27 16:34:40 iwd[5117]: ../iwd-1.26/src/wiphy.c:wiphy_radio_work_next() Starting work item 3
Apr 27 16:34:40 iwd[5117]: ../iwd-1.26/src/scan.c:scan_periodic_timeout() 1
Apr 27 16:34:40 iwd[5117]: ../iwd-1.26/src/wiphy.c:wiphy_radio_work_insert() Inserting work item 4
Apr 27 16:34:43 iwd[5117]: ../iwd-1.26/src/wiphy.c:wiphy_radio_work_insert() Inserting work item 5
Apr 27 16:34:43 iwd[5117]: ../iwd-1.26/src/wiphy.c:wiphy_radio_work_done() Work item 3 done
Apr 27 16:34:43 iwd[5117]: ../iwd-1.26/src/wiphy.c:wiphy_radio_work_next() Starting work item 5
Apr 27 16:34:43 iwd[5117]: ../iwd-1.26/src/scan.c:scan_notify() Scan notification Trigger Scan(33)
Apr 27 16:34:43 iwd[5117]: ../iwd-1.26/src/scan.c:scan_request_triggered() Passive scan triggered for wdev 1
Apr 27 16:34:43 iwd[5117]: ../iwd-1.26/src/scan.c:scan_periodic_triggered() Periodic scan triggered for wdev 1

In the above log, scan request 5 (triggered by dbus) is started before
scan request 4 (periodic scan).  Yet the scanning code thinks scan
request 4 was triggered.

Fix this by using the wiphy_work priority to sort the sr->requests queue
so that the scans are ordered in the same manner.

Reported-by: Alvin Šipraga <ALSI@bang-olufsen.dk>
2022-05-02 09:18:30 -05:00
Marcel Holtmann
099700a154 Release 1.27 2022-04-21 17:01:56 +02:00
Marcel Holtmann
126883ae79 build: Require at least version 0.50 when building with external ELL 2022-04-21 16:55:52 +02:00
James Prestwood
5caeb82d61 auto-t: disable update_config for testDPP
update_config=1 lets wpa_supplicant write config changes
to the config file. In the real world this is what you want
so your DPP credentials are persistant. But for testing this
is not correct since multiple tests use the same config file
and expect it to be pristine.

Occationally wpa_supplicant was connecting to the AP without
running DPP because the config already had the network
credentials.
2022-04-15 12:17:29 -05:00
James Prestwood
b27ab1270c dpp: wait before retransmitting frames with no-ACK
The upstream code immediately retransmitted any no-ACK frames.
This would work in cases where the peer wasn't actively switching
channels (e.g. the ACK was simply lost) but caused unintended
behavior in the case of a channel switch when the peer was not
listening.

If either IWD or the peer needed to switch channels based on the
authenticate request the response may end up not getting ACKed
because the peer is idle, or in the middle of the hardware changing
channels. IWD would get no-ACK and immediately send the frame again
and most likely the same behavior would result. This would very
quickly increment frame_retry past the maximum and DPP would fail.

Instead when no ACK is received wait 1 second before sending out
the next frame. This can re-use the existing frame_pending buffer
and the same logic for re-transmitting.
2022-04-15 12:15:52 -05:00
James Prestwood
14217e6ca4 dpp: print error if CMD_FRAME fails 2022-04-15 12:15:44 -05:00
James Prestwood
07197e24fc dpp: handle sending a frame after ROC ends
There is a potential corner case of an offchannel frame callback
being called after ROC has ended.

This could happen in theory if a received frame is queued right as
the ROC session expires. If the ROC cancel event makes it to user
space before the frame IWD will schedule another ROC then receive
the frame. This doesn't prevent IWD from sending out another
frame since OFFCHANNEL_TX_OK is used, but it will prevent IWD from
receiving a response frame since no dwell duration is used with DPP.

To handle this an roc_started bool was added to the dpp_sm which
tracks the ROC state. If dpp_send_frame is called when roc_started
is false the frame will be saved and sent out once the ROC session
is started again.
2022-04-15 12:12:49 -05:00
Denis Kenzior
8a877d8692 station/network: avoid use-after-free
ConnectHiddenNetwork creates a temporary network object and initiates a
connection with it.  If the connection fails (due to an incorrect
passphrase or other reasons), then this temporary object is destroyed.
Delay its destruction until network_disconnected() since
network_connect_failed is called too early.  Also, re-order the sequence
in station_reset_connection_state() in order to avoid using the network
object after it has been freed by network_disconnected().

Fixes: 85d9d6461f ("network: Hide hidden networks on connection error")
2022-04-08 15:12:30 -05:00
Denis Kenzior
867c68c05b network: close settings prior to network removal
station_hide_network will remove and free the network object, so calling
network_close_settings will result in a crash.  Make sure this is done
prior to network object's destruction.

Fixes: 85d9d6461f ("network: Hide hidden networks on connection error")
2022-04-08 11:23:28 -05:00
James Prestwood
c5f44f8d38 doc: Update the test-runner documentation
Includes instructions for UML, which is now the preferred way to use
test-runner.
2022-04-08 10:48:17 -05:00
James Prestwood
9353c7748b test-runner: resolve --kernel absolute path
This only posed a problem oddly if the kernel binary was in the same
directory as test-runner. Resolving the absolute path with the
argument parser resolves the issue.
2022-04-06 17:22:06 -05:00
James Prestwood
5453f71a7c test-runner: fix check for phonesim
This got changed to use which, but not updated to remove the
list argument.
2022-04-06 17:22:06 -05:00
James Prestwood
cec5fab9b3 test-runner: allow decode failure when writing IO
If this fails, e.g. an invalid utf-8 character it should not cause
the test to fail.
2022-04-06 14:47:58 -05:00
James Prestwood
9edb196395 test-runner: fix ctrl-c for UML
The TIOCSTTY ioctl was not shared between UML and QEMU which prevented
any console input from making it into UML. This fixes that, and now
ctrl-c can be used to stop UML test execution.
2022-04-06 14:47:52 -05:00
James Prestwood
5710cc097b test-runner: Unify QEMU/UML logging code
The MountInfo tuple was changed to explicitly take a source string. This
is redundant for UML and system mounts since the fstype/source are the same,
but it allows QEMU to specify the '9p' fstype and use MountInfo rather than
calling mount() explicitly.

This also moves logging cleanup into _prepare_mounts so both UML and QEMU
can use it.
2022-04-06 14:47:45 -05:00
James Prestwood
1a903001f9 auto-t: cleanup the few uses of is_verbose
These were used outside of run-tests in a couple places. Replace
these with Process.is_verbose()
2022-04-06 14:47:32 -05:00
James Prestwood
e70d7e0857 test-runner: write separators for transient processes
Many processes are not long running (e.g. hostapd_cli, ip, iw, etc)
and the separators written to log files don't show up for these which
makes debugging difficult. This is even true for IWD/Hostapd for tests
with start_iwd=0.

After writing separators for long running processes write them out for
any additional log files too.
2022-04-06 14:47:24 -05:00
James Prestwood
f199e3f40d test-runner: move BarChart into utils.py 2022-04-06 14:47:18 -05:00
James Prestwood
bc9dfee7cd test-runner: remove unused class members 2022-04-06 14:47:13 -05:00
James Prestwood
e993503c4d test-runner: simplify start_iwd handling
Replace two separate if blocks to handle the default value
with fallback=True.
2022-04-06 14:47:06 -05:00
James Prestwood
b731e121c9 test-runner: remove path_exists/find_binary
These are already implemented in the shutil module
2022-04-06 14:46:59 -05:00
James Prestwood
c74ac94c31 test-runner: isolate Process/Namespace into utils
Way too many classes have a dependency on the TestContext class, in
most cases only for is_verbose. This patch removes the dependency from
Process and Namespace classes.

For Process, the test arguments can be parsed in the class itself which
will allow for this class to be completely isolated into its own file.

The Namespace class was already relatively isolated. Both were moved
into utils.py which makes 'run-tests' quite a bit nicer to look at and
more fitting to its name.
2022-04-06 14:46:10 -05:00
James Prestwood
6003ad1527 test-runner: add logging, monitor, and results to UML
This commonizes some mounting code between QEMU and UML to allow exporting
of files to the host environment. UML does this with a hostfs mount while
QEMU still uses 9p.

The common code sanitizing the inputs has been put into _prepare_outfiles
and _prepare_mounts was modified to take an 'extra' arugment containing
additional mount points.

The results and monitor parent directories are now passed into the environment
via arguments, and these are hidden from the help text (in addition to testhome)
2022-04-05 17:49:55 -05:00
James Prestwood
309760cbab test-runner: use type=os.path.abspath for argparse
This is a convenient type which automatically resolves the argument
to an absolute path. Use this for any arguments expected to be
paths.
2022-04-05 17:49:55 -05:00
James Prestwood
87345b4c14 doc: update hwsim documentation
This was quite dated and needed to be updated both to
reflect the API change to a dictionary argument, as well
as document NoVirtualInterface.
2022-04-05 13:50:40 -05:00
James Prestwood
96e8c0a3ab test-runner: fix --help and unknown options
If --help or unknown options were supplied to test-runner python
would thrown a maximum recusion depth exception. This was due to
the way ArgumentParser was subclassed.

To fix this call ArgumentParser.__init__() rather than using the
super() method. And do this also for the RunnerCoreArgParse
subclass as well. In addition the namespace argument was removed
from parse_args since its not used, and instead supplied directly
to the parents parse_args method.
2022-04-05 13:33:44 -05:00
James Prestwood
01efa0171d test-runner: enable scripts to be executed as init
This enables CONFIG_BINFMT_SCRIPT which allows the init process to
interpret #! and execute the script rather than requiring a binary
for init.
2022-04-05 13:33:41 -05:00
James Prestwood
5ef196f74d test-runner: resolve absolute path for --start argument 2022-04-05 13:33:38 -05:00
James Prestwood
197368dcfc auto-t: hwsim.py: set NoVirtualInterface by default
There is really no reason to have hwsim create interfaces automatically
for test-runner. test-runner already does this for wpa_supplicant and
hostapd, and IWD can create the interface itself.
2022-04-05 13:33:35 -05:00