The Changed() method did not actually return anything, and in fact the
no_reply flag for that message was set.
Similarly, the Release method does not expect a reply.
Don't require a gateway address from the settings file or from the DHCP
server when doing netconfig. Failing when the gateway address was
missing was breaking P2P but also small local networks.
Be paranoid and check that the prefix length in addresses from
used_addr4_list are not zero (they shouldn't be) and that address family
is AF_INET (it should be), mainly to quiet coverity warnings:
While there also fix one line's indentation.
At the end of ip_pool_select_addr4() we'd check if the selected address
is equal to the subnet address and increment it by 1 to produce a valid
host address for the AP. That check was always correct only with 24-bit
prefix, extend it to actually use the prefix-dependent mask instead of
0xff. Fixes a testAP failure triggered 50% of the times because the
netmask is 28 bit long there.
Don't signal the connected state until the client has obtained a DHCP
lease and we can set the ConnectedIP property. From now on that
property is always set when there's a connection.
p2p_parse_association_req() already extracts the P2P IE payload from the
IE sequence, there's no need to call ie_tlv_extract_p2p_payload before
it. Pass the IE sequence directly to p2p_parse_association_req().
Similarly to commit
27d302a0 ("band: Add a utility to estimate VHT rx data rate"), this
commit adds an RX data rate estimation utility for HT connections.
This function is meant to supercede a similar function in ie.c. The
current approach results in very optimistic data rate estimates since it
only takes into account the VHT/HT Capabilities IEs. It does not take
into account any local hardware limitations (such as no VHT/HT support),
limited RX MCS sets & number of spatial streams. It also does not take
into account that the AP might not be actually operating on higher
bandwidth channels.
This function is meant to address that by matching peer TX MCS sets with
the local hardware RX MCS set capability. It also takes into account
channel bandwidth capabilities of the local hardware, as well as whether
the AP is actually operating on a wider channel.
Move the band definition out of wiphy.c and into band.[ch]. This is
done to make certain utilities that depend on band information capable
of being tested from unit tests.
The band concept will most likely grow over time. For now, the only
user will be wiphy.c and unit tests, so the structures are kept public.
It is possible that the address set command succeeds just after a
netconfig object has been destroyed.
==6485== Invalid read of size 8
==6485== at 0x458A6D: netconfig_ipv4_routes_install (netconfig.c:629)
==6485== by 0x458D1C: netconfig_ipv4_ifaddr_add_cmd_cb (netconfig.c:689)
==6485== by 0x4A5E7B: process_message (netlink.c:181)
==6485== by 0x4A626A: can_read_data (netlink.c:289)
==6485== by 0x4A3E19: io_callback (io.c:120)
==6485== by 0x4A27B5: l_main_iterate (main.c:478)
==6485== by 0x4A28F6: l_main_run (main.c:525)
==6485== by 0x4A2C0E: l_main_run_with_signal (main.c:647)
==6485== by 0x404D27: main (main.c:542)
==6485== Address 0x4a47290 is 32 bytes inside a block of size 104 free'd
==6485== at 0x48399CB: free (vg_replace_malloc.c:538)
==6485== by 0x49998B: l_free (util.c:136)
==6485== by 0x457699: netconfig_free (netconfig.c:130)
==6485== by 0x45A038: netconfig_destroy (netconfig.c:1163)
==6485== by 0x41FD16: station_free (station.c:3613)
==6485== by 0x42020E: station_destroy_interface (station.c:3710)
==6485== by 0x4B990E: interface_instance_free (dbus-service.c:510)
==6485== by 0x4BC193: _dbus_object_tree_remove_interface (dbus-service.c:1694)
==6485== by 0x4BA22A: _dbus_object_tree_object_destroy (dbus-service.c:795)
==6485== by 0x4B078D: l_dbus_unregister_object (dbus.c:1537)
==6485== by 0x417ACB: device_netdev_notify (device.c:361)
==6485== by 0x4062B6: netdev_free (netdev.c:808)
==6485== Block was alloc'd at
==6485== at 0x483879F: malloc (vg_replace_malloc.c:307)
==6485== by 0x499857: l_malloc (util.c:62)
==6485== by 0x459DC0: netconfig_new (netconfig.c:1115)
==6485== by 0x41FC29: station_create (station.c:3592)
==6485== by 0x4207B3: station_netdev_watch (station.c:3864)
==6485== by 0x411A17: netdev_initial_up_cb (netdev.c:5588)
==6485== by 0x4A5E7B: process_message (netlink.c:181)
==6485== by 0x4A626A: can_read_data (netlink.c:289)
==6485== by 0x4A3E19: io_callback (io.c:120)
==6485== by 0x4A27B5: l_main_iterate (main.c:478)
==6485== by 0x4A28F6: l_main_run (main.c:525)
==6485== by 0x4A2C0E: l_main_run_with_signal (main.c:647)
==6485==
netdev_free relies on netdev->connected being set to detect whether a
connection is in progress. This variable is only set once the driver
has been connected however, so for situations where a CMD_CONNECT is
still 'in flight' or if the wiphy work is still pending, the ongoing
connection will not be canceled. Fix that by being more thorough when
trying to detect that a connection is in progress.
src/wiphy.c:wiphy_radio_work_next() Starting work item 2
Terminate
src/netdev.c:netdev_free() Freeing netdev wlan0[9]
src/device.c:device_free()
src/station.c:station_free()
src/netconfig.c:netconfig_destroy()
Removing scan context for wdev c
src/scan.c:scan_context_free() sc: 0x4a44c80
src/netdev.c:netdev_mlme_notify() MLME notification New Station(19)
src/netdev.c:netdev_link_notify() event 16 on ifindex 9
==6356== Invalid write of size 4
==6356== at 0x40A253: netdev_cmd_connect_cb (netdev.c:2522)
==6356== by 0x4A8886: process_unicast (genl.c:986)
==6356== by 0x4A8C48: received_data (genl.c:1098)
==6356== by 0x4A3DFD: io_callback (io.c:120)
==6356== by 0x4A2799: l_main_iterate (main.c:478)
==6356== by 0x4A28DA: l_main_run (main.c:525)
==6356== by 0x4A2BF2: l_main_run_with_signal (main.c:647)
==6356== by 0x404D27: main (main.c:542)
==6356== Address 0x4a3e418 is 152 bytes inside a block of size 472 free'd
==6356== at 0x48399CB: free (vg_replace_malloc.c:538)
==6356== by 0x49996F: l_free (util.c:136)
==6356== by 0x406662: netdev_free (netdev.c:886)
==6356== by 0x4129C2: netdev_shutdown (netdev.c:5980)
==6356== by 0x403A14: iwd_shutdown (main.c:79)
==6356== by 0x403A7D: signal_handler (main.c:90)
==6356== by 0x4A2AFB: sigint_handler (main.c:612)
==6356== by 0x4A2F3B: handle_callback (signal.c:78)
==6356== by 0x4A3030: signalfd_read_cb (signal.c:104)
==6356== by 0x4A3DFD: io_callback (io.c:120)
==6356== by 0x4A2799: l_main_iterate (main.c:478)
==6356== by 0x4A28DA: l_main_run (main.c:525)
==6356== Block was alloc'd at
==6356== at 0x483879F: malloc (vg_replace_malloc.c:307)
==6356== by 0x49983B: l_malloc (util.c:62)
==6356== by 0x4121BD: netdev_create_from_genl (netdev.c:5776)
==6356== by 0x451F6F: manager_new_station_interface_cb (manager.c:173)
==6356== by 0x4A8886: process_unicast (genl.c:986)
==6356== by 0x4A8C48: received_data (genl.c:1098)
==6356== by 0x4A3DFD: io_callback (io.c:120)
==6356== by 0x4A2799: l_main_iterate (main.c:478)
==6356== by 0x4A28DA: l_main_run (main.c:525)
==6356== by 0x4A2BF2: l_main_run_with_signal (main.c:647)
==6356== by 0x404D27: main (main.c:542)
If the daemon is started and killed rapidly on startup, it is possible
for netdev_shutdown to be called prior to manager processing messages
that actually create the netdev itself. Since the netdev_list has
already been freed, the storage is lost. Fix that by destroying
netdev_list only when the module is unloaded.
