3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-27 10:52:47 +01:00
Commit Graph

5865 Commits

Author SHA1 Message Date
James Prestwood
e10bb3bd77 station: Do not re-process cached entries for anqp
If the frequency of the bss is not in the list of frequencies for the
current scan, then this is a cached bss.  It was likely already
processed for ANQP before, so skip it.
2021-09-16 16:35:15 -05:00
James Prestwood
4b7138b05c monitor: parse WFA OWE Transition IE 2021-09-16 11:22:25 -05:00
James Prestwood
a94c0ed29e scan: keep track of OWE Transition element 2021-09-16 11:21:32 -05:00
James Prestwood
df6221bcb2 scan: allow non-utf8 SSIDs to be scanned for
IWD has restricted SSIDs to only utf8 so they can be displayed but
with the addition of OWE transition networks this is an unneeded
restriction (for these networks). The SSID of an OWE transition
network is never displayed to the user so limiting to utf8 isn't
required.

Allow non-utf8 SSIDs to be scanned for by including the length in
the scan parameters and not relying on strlen().
2021-09-16 11:20:46 -05:00
James Prestwood
56c2cf9f10 ie: add ie_parse_owe_transition_from_data
This is a parser for the WFA OWE Transition element. For now the
optional band/channel bytes will not be parsed as hostapd does not
yet support these and would also require the 802.11 appendix E-1
to be added to IWD. Because of this OWE Transition networks are
assumed to be on the same channel as their open counterpart.
2021-09-16 11:20:14 -05:00
Andrew Zaborowski
42bd5ba7c2 netconfig: Remove usage of in6_addr.__in6_u
in6_addr.__in6_u.__u6_addr8 is glibc-specific and named differently in
the headers shipped with musl libc for example.  The POSIX compliant and
universal way of accessing it is in6_addr.s6_addr.
2021-09-16 11:09:51 -05:00
James Prestwood
c19dc6605f network: fix pending hidden OWE scan logic
This was actually broken if triggered because __network_connect
checks if network->connect_after_owe_hidden is set and returns
already in progress. We want to keep this behavior though for
obvious reasons.

To fix this station_connect_network can be called directly which
bypasses the check. This is essentially how ANQP avoids this
problem as well.
2021-09-15 18:36:54 -05:00
James Prestwood
e11ad83222 auto-t: hostapd.py: add disable() 2021-09-15 16:42:21 -05:00
James Prestwood
f8b703efed network: support connect during OWE hidden scan
Similar to ANQP a connect call could come in while station is
scanning for OWE hidden networks. This is supported in the same
manor by saving away the dbus message and resuming the connection
after the hidden OWE scan.
2021-09-15 15:49:21 -05:00
James Prestwood
e6f5efbe73 station: add OWE_HIDDEN_STARTED/FINISHED events 2021-09-15 15:49:05 -05:00
James Prestwood
81816ce04d station: network: make ANQP watch a generic event
With the addition of OWE transition network needs to be notified
of the hidden OWE scan which is quite similar to how it is notified
of ANQP. The ANQP event watch can be made generic and reused to
allow other events besides ANQP.
2021-09-15 15:49:02 -05:00
James Prestwood
926dc608af network: set handshake SSID based on BSS, not network
This is being added to support OWE transition mode. For these
type of networks the OWE BSS may contain a different SSID than
that of the network, but the WFA spec requires this be hidden
from the user. This means we need to set the handshake SSID based
on the BSS rather than the network object.
2021-09-15 14:59:05 -05:00
James Prestwood
4329b669d0 ie: add WFA OWE Transition element type 2021-09-15 12:56:43 -05:00
Andrew Zaborowski
8b573fe398 netconfig: Refactor netconfig_set_dns
Refactor netconfig_set_dns to be a bit easier to follow and remove use
of macros.  Also bail out early if no DNS addresses are provided instead
of building an empty DNS list since resolve_set_dns() simply returns if
a NULL or empty DNS list is provided.
2021-09-14 15:12:12 -05:00
Andrew Zaborowski
97587e399f doc: Add net.connman.iwd.IPv{4,6}Configuration API doc 2021-09-14 15:12:10 -05:00
Marcel Holtmann
6f4b91ac8e Release 1.18 2021-09-14 22:00:19 +02:00
Marcel Holtmann
481af204b0 build: Require at least version 0.44 when building with external ELL 2021-09-14 22:00:02 +02:00
Denis Kenzior
6dbde8121d monitor: Support short form of '--noies' option 2021-09-14 10:43:36 -05:00
James Prestwood
7fda423e12 auto-t: remove ';' in testSAE autoconnect_test.py 2021-09-09 16:57:38 -05:00
James Prestwood
4c6f0ff75a auto-t: add SAE test for no supported groups 2021-09-09 16:57:38 -05:00
James Prestwood
a0a05a88b9 auto-t: add SAE test for a non-ACKed confirm 2021-09-09 16:57:38 -05:00
James Prestwood
1574909535 auto-t: change testSAE timeout_test to use match/offset
This makes things more clear on what frames are being blocked
since it passes over header information to get to the actual
SAE payload.
2021-09-09 16:57:38 -05:00
James Prestwood
9049ed2f25 auto-t: hwsim.py: add match/match_offset properties 2021-09-09 16:57:38 -05:00
James Prestwood
3f4cafe135 hwsim: add MatchBytes/MatchBytesOffset rule properties
If set, a rule will start matching 'MatchBytes' some number of bytes
into the frame (MatchBytesOffset). This is useful since header
information, addresses, and sequence numbers may be unpredictable
between test runs.

To avoid unintended matches the Prefix property is left unchanged
and will match starting at the beginning of the frame.
2021-09-09 16:57:38 -05:00
James Prestwood
a50af3b751 auto-t: remove OWE renegotiate test
Since IWD tries group 20 first all other OWE tests are actually
triggering group negotiation where this test is not. Since this
code is exercised this test can be removed completely, as well
as the additional radio/network.
2021-09-08 20:05:07 -05:00
Denis Kenzior
23af586acd netdev: Properly handle auth_proto error returns
Kernel keeps transmitting authentication frames until told to stop or an
authentication frame the kernel considers 'final' is received.  Detect
cases where the kernel would keep retransmitting, and if auth_proto
encounters a fatal protocol error, prevent these retransmissions from
occuring by sending a Deauthenticate command to the kernel.

Additionally, treat -EBADMSG/-ENOMSG return from auth_proto specially.
These error codes are meant to convey that a frame should be silently
dropped and retransmissions should continue.
2021-09-08 17:04:36 -05:00
James Prestwood
eeb42c56f0 auto-t: add sae test for non-acked commit
This test simulates the scenario where IWDs commit is not acked which
exposes a hostapd bug that ultimately fails the connection. This behavior
can be seen by reverting the commit which works around this issue:

"sae: don't send commit in confirmed state"

With the above patch applied this test should pass.

Note: The existing timeout test was reused as it was not of much use
anyways. All it did was block auth/assoc frames and expect a failure
which didn't exercise any SAE logic anyways.
2021-09-08 16:48:07 -05:00
James Prestwood
3d82ab167f mpdu: add MMPDU_STATUS_CODE_SAE_PK 2021-09-08 16:47:36 -05:00
James Prestwood
305189523a auth-proto: document acceptable return values for auth-protos
Since all auth-protos are hidden behind an abstraction they need
to be consisten with the return values as some should be handled
specially.
2021-09-08 16:46:45 -05:00
James Prestwood
7e9b4170b1 sae: don't send commit/confirm in confirmed state
This works around a hostapd bug (described more in the TODO comment)
which is exposed because of the kernels overly agressive re-transmit
behavior on missed ACKs. Combined this results in a death if the
initial commit is not acked. This behavior has been identified in
consumer access points and likely won't ever be patched for older
devices. Because of this IWD must work around the problem which can
be eliminated by not sending out this commit message.

This bug was reported to the hostapd ML:

https://lists.infradead.org/pipermail/hostap/2021-September/039842.html

This change should not cause any compatibility problems to non-hostapd
access points and is identical to how wpa_supplicant treats this
scenario.
2021-09-08 16:46:07 -05:00
James Prestwood
f78ea26f13 fils: change fatal return code to -EPROTO
This keeps FILS consistent with what netdev expects for a fatal
auth-proto return.
2021-09-08 14:35:05 -05:00
James Prestwood
8ca638fb88 sae: fix a spec violation with duplicate commits
If a commit is received while in an accepted state the spec states
the scalar should be checked against the previous commit and if
equal the message should be silently dropped.
2021-09-08 14:16:40 -05:00
James Prestwood
799e7af9c7 sae: print state and transaction on received packets
This will make SAE a bit easier to debug in the future.
2021-09-07 20:03:02 -05:00
James Prestwood
7fe55567bd netdev: print error if CMD_ASSOCIATE fails 2021-09-07 20:02:45 -05:00
James Prestwood
5b226a8151 auto-t: hwsim.py: add drop_ack property 2021-09-07 20:02:38 -05:00
James Prestwood
bedd20b08e hwsim: add DropAck rule property
The hwsim rules did not treat frames and ACKs any differently which
can mislead the developer especially when setting a rule prefix.
If a prefix was used the frame ACK was actually being matched against
the original frame payload which seems wrong because the ACK is not
the original frame.

Though strange, matching the frame prefix on an ACK has its place if
the developer wants to block just the ACK rather than the frame so
to make this case more clear 'DropAck' was added as a rule property.
And only if this is true will an ACK be checked and potentially
dropped.

To maintain the current hwsim behavior DropAck will default to true.
2021-09-07 19:02:54 -05:00
James Prestwood
06ee649a91 auto-t: hwsim.py: add match_times property 2021-09-07 19:02:47 -05:00
James Prestwood
f2197fa06b hwsim: add MatchTimes property
This integer property can be set to only match a rule a number of
times rather than all packets. This is useful for testing behavior
of a single dropped frame or ack. Once the rule has been matched
'MatchTimes' the rules will no longer be applied (unless set again
to some integer greater than zero).
2021-09-07 16:32:42 -05:00
James Prestwood
11271cd967 test-runner: move process tracking out of Namespace
Since Process.processes is a weak reference dictionary any process
put in this dict will disappear if all references are lost. This
is much better than keeping a list in the Namespace which will hold
the references forever until test-runner manually kills them all at
the end of the test. This does still need to be done for daemon
processes but everything else can just go away when it is no longer
needed.
2021-09-07 12:45:26 -05:00
James Prestwood
92a3d8f498 test-runner: write out separators in log files
The test-runner logging is very basic and just dumps everything into files
per-test. This means any subtests are just appended to existing log files
which can be difficult to parse after the fact. This is especially hard
when IWD/Hostapd runs once for the entirety of the test (as opposed to
killing between tests).

This patch writes out a separator between each subtests in the form:
===== <file>:<function> =====

To do this all processes are now kept as weak references inside the
Process class itself. Process.write_separators() can be called which
will iterate through all running processes and write the provided
separator.

This also paves the way to remove the ctx.processes array which is more
trouble than its worth due to reference issues.

Note: For tests which start IWD this will have no effect as the separator
is written prior to the test running. For these tests though, it is
much easier to read the log files because you can clearly see when
IWD starts and exits.
2021-09-07 12:45:26 -05:00
James Prestwood
ac395525c8 test-runner: use Process to start hostapd
Since the hostapd process object is tracked by the Hostapd class there
is no sense of keeping it in the process list as well.
2021-09-07 12:45:26 -05:00
James Prestwood
165557070e test-runner: fix process cleanup
Processes which were not explicitly killed ended up staying around
forever because they internally held references to other objects
such as GLib IO watches or write FDs.

This shuffles some code so these objects get cleaned up both when
explititly killed and after being waited for.
2021-09-07 12:45:26 -05:00
James Prestwood
920dc5b087 test-runner: don't use start_process for transient processes
Any process which is short lived and  waited for should just use
Process directly as to not add to the process queue.
2021-09-07 12:45:26 -05:00
James Prestwood
7123f47f84 test-runner: remove special case for "root" namespace
This was a placeholder at one point but modules grew to depend on it
being a string. Fix these dependencies and set the root namespace
name to None so there is no more special case needed to handle both
a named namespace and the original 'root' namespace.
2021-09-07 12:45:26 -05:00
Denis Kenzior
9d045fae0e scan: Parse network cost IE info into scan_bss 2021-09-03 16:32:51 -05:00
Denis Kenzior
c93966d5a1 ie: Add parse utility for network cost vendor IE 2021-09-03 16:30:28 -05:00
Andrew Zaborowski
c545674918 station: Check ie_tlv_iter_next return value
This can't be false but check it to calm static analysis.
2021-09-03 14:49:25 -05:00
Andrew Zaborowski
48c5e8d215 netconfig: Actually use the DNS override values
In netconfig_load_settings apply the DNS overrides strings we've loaded
instead of leaking them.

Fixes: ad228461ab ("netconfig: Move loading settings to new method, refactor")
2021-09-03 14:49:15 -05:00
Andrew Zaborowski
59d4e86bc5 autotests: Don't use the netifaces module
Get rid of a dependency on a package that needed to be manually
installed.
2021-09-03 14:45:18 -05:00
Andrew Zaborowski
ba152c567c autotests: Extend a testP2P timeout
With various versions of wpa_supplicant tested, after an IWD GO tears
the group down, the wpa_supplicant P2P client will not immediately
signal that the group has disappeared but will at least wait for the
lost beacon signal, wait some more and try reconnecting and all that
takes it 10s or a little longer.  Possibly sending Deauthenticate frames
to clients first would improve this.
2021-09-03 14:45:18 -05:00