3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-22 13:02:44 +01:00
Commit Graph

2076 Commits

Author SHA1 Message Date
Andrew Zaborowski
eda160de12 eapol: Set a timeout for preauthentication
Wait 1 second for the first EAP frame to be received, after that wait up
to 3 seconds for all of EAP to complete.
2017-08-25 11:26:26 -05:00
Tim Kourt
9bb19526d9 client: Exclude unnecessary checks
Arrays are guaranteed to be initialized during
the compilation time.
2017-08-23 16:26:05 -05:00
Tim Kourt
4d626d6576 monitor: Fix casting error
Fix for the cros-compilation with Chromium OS’s toolchain
that uses GCC 4.9
2017-08-23 16:26:05 -05:00
Andrew Zaborowski
d3cf79ed12 autotests: Restore AP beacons after timeout in testFT-PSK-roam
In the beacon loss test try to simulate a periodic communication problem
because we don't support roaming if the AP goes away completely.
2 seconds seems to be enough to consistently trigger the beacon_loss
event without triggering a disconnect by the linux kernel or hiding the AP
from the roam scan.  Also set the RSSI for that AP lower so that it is
not reselected by iwd.
2017-08-23 13:26:58 -05:00
Andrew Zaborowski
b66d55c52c doc: Add hwsim.Rule.Drop property 2017-08-23 13:26:58 -05:00
Andrew Zaborowski
bf86081eba hwsim: Add Rule.Drop property
Add a way to have matching packets dropped by the hwsim medium.
2017-08-23 13:26:58 -05:00
Andrew Zaborowski
07b04e180f agent: Add a destroy function parameter for agent requests 2017-08-22 23:28:36 -05:00
Andrew Zaborowski
452e174802 netdev: RSSI polling support for less capable drivers
If the kernel device driver or the kernel nl80211 version doesn't
support the new RSSI threshold list CQM monitoring, implement similar
logic in iwd with periodic polling.  This is only active when an RSSI
agent is registered to receive the events.  I tested this with the same
testRSSIAgent autotests that tests the driver-side rssi monitoring
except with all timeouts multiplied by ~20.
2017-08-22 22:51:34 -05:00
James Prestwood
417367e272 eap-sim: Fix EAP-SIM version list length checks
The AT_VERSION_LIST attribute length was not being properly
checked. The actual length check did not include possible padding
bytes, so align_len() was added to ensure it was padded properly.
The comment about the padding being included in the Master Key
generation was not correct (padding is NOT included), and was removed.
2017-08-22 12:40:22 -05:00
Andrew Zaborowski
23af935e7b eapol: Add eapol_sm_set_require_handshake
Function to allow netdev.c to explicitly tell eapol.c whether to expect
EAP / 4-Way handshake.  This is to potentially make the code more
descriptive, until now we'd look at sm->handshake->ptk_complete to see
if a new PTK was needed.

A 4-Way handshake is required on  association to an AP except after FT.
2017-08-21 18:35:00 -05:00
James Prestwood
14dcda4d59 autotest: EAP-AKA autotest
Implemented milenage algorithm in hlrauc.py. Unlike EAP-SIM, the
authentication center must compute several values to give back
to the server (hostapd). This was already done by IWD as the peer
in EAP-AKA, but was also needed on the server side (HLR AuC).
2017-08-21 18:22:28 -05:00
James Prestwood
6aaa917dde aka: EAP-AKA protocol implementation 2017-08-21 18:20:10 -05:00
James Prestwood
7c61d0365e autotest: EAP-SIM autotest
Included an HLR AuC python implementation that is required by
hostapd. This is what hostapd uses to retrieve SIM card values
over a UNIX socket.
2017-08-21 18:04:52 -05:00
James Prestwood
b2fe7fe230 unit: EAP-SIM unit tests
Several unit tests for EAP-SIM functionality:
 - Get/Add attributes
 - MAC calculation
 - PRNG test
2017-08-21 18:03:13 -05:00
James Prestwood
283717b22f sim: EAP-SIM protocol implementation 2017-08-21 17:43:55 -05:00
Andrew Zaborowski
e6765c1e9b monitor: Actually print management frame subtype
The subtype was only printed if mpdu_validate had returned an error for
the frame, i.e. would not be printed for well formed frames.  This was
probably an intent to avoid printing the frame subtype after all the
conents of the body frame had been printed already, but iwmon only
supports printing of Authentication and Deauthentication frames so far.
2017-08-15 15:18:40 -05:00
Andrew Zaborowski
a9cbb95260 netdev: Add interface type setter and getter
Modify netdev_get_iftype, which was until now unused, and add
netdev_set_iftype.  Don't skip interfaces with types other than STATION
on startup, instead reset the type to STATION in device.c.

netdev_get_iftype is modified to use our own interface type enum to
avoid forcing users to include "nl80211.h".

Note that setting an interface UP and DOWN wouldn't generally reset the
iftype to STATION.  Another process may still change the type while iwd
is running and iwd would not detect this as it would detect another
interface setting interface DOWN, not sure how far we want to go in
monitoring all of the properties this way.
2017-08-15 15:01:33 -05:00
Andrew Zaborowski
b344d27c56 ie: Fix Supported Rates length check
Supported Rates IEs can be 1-8 bytes, not only 8 byte long, according to
802.11-2012 8.4.2.3.
2017-08-15 13:57:27 -05:00
Andrew Zaborowski
38b5f3fee4 autotests: Add test for roam triggered by beacon loss
The two tests in test.py are similar except for the way that the roaming
is triggered.
2017-08-15 12:43:14 -05:00
Andrew Zaborowski
0cd18a0214 device: Set current BSS rank to 0 if not in scan results
If we're adding the BSS to the list only because it is the current BSS,
set the rank to 0 (lowest possible value) in case the list gets used in
the next Connect call.
2017-08-15 12:41:46 -05:00
Andrew Zaborowski
6e03933e62 netdev: Allow reassociation if not currently connected
Allow attempts to connect to a new AP using the Reassociation frame even
if netdev->operational is false.  This is needed if we want to continue
an ongoing roam attempt after the original connection broke and will be
needed when we start using cached PMKSAs in the future.
2017-08-15 12:39:35 -05:00
Andrew Zaborowski
a4edbbd429 device: Trigger roaming on beacon loss
Use beacon loss event to trigger a roam attempt in addition to the RSSI
monitoring.  Due to the how well beacons are normally received compared
to data packets, a beacon loss indicates a serious problem with the
connection so act as soon as a first beacon loss event is seen.

Avoid roaming methods that involve the current AP: preauthentication,
neighbor report request and FT-over-the-DS (not supported)
2017-08-15 11:53:15 -05:00
Andrew Zaborowski
cb9c6e8ade netdev: Handle CMD_DISCONNECT without "by AP" flag
There are situations including after beacon loss and during FT where the
cfg80211 will detect we're now disconnected (in some cases will send a
Deauthenticate frame too) and generate this event, or the driver may do
this.  For example in ieee80211_report_disconnect in net/mac80211/mlme.c
will (through cfg80211) generate a CMD_DEAUTHENTICATE followed by a
CMD_DISCONNECT.
2017-08-14 16:32:35 -05:00
Andrew Zaborowski
5c4313bcc2 netdev: Don't assume disconnect on beacon loss
The kernel doesn't reset the netdev's state to disconnected when it
sends us a beacon loss event so we can't either unless we automatically
send a disconnect command to the kernel.

It seems the handling of beacon loss depends on the driver.  For example
in mac80211 only after N beacon loss events (default 7) a probe request is
sent to the AP and a deauthenticate packet is sent if no probe reply is
receiver within T (default 500ms).
2017-08-14 16:32:35 -05:00
Denis Kenzior
d67f8acd57 build: Add new files from ell 2017-08-14 16:32:35 -05:00
Marcel Holtmann
45e4626d80 test-runner: Add support for Qemu on ARM 32-bit and 64-bit 2017-08-08 00:00:59 -07:00
Marcel Holtmann
60bc0ecf22 monitor: Use temporary variable for RTA_PAYLOAD 2017-08-07 23:48:22 -07:00
Marcel Holtmann
df911c0cf6 agent: Simplify loop exit handling 2017-07-18 08:37:21 +02:00
Tim Kourt
653019c263 agent: Fix uninitialized member usage 2017-07-18 08:36:06 +02:00
Mat Martineau
21fae3d1d9 test-runner: Avoid intermediate string in number conversion
Derive a floating-point interval value from integers using math rather
than integer->string->float conversion. The string technique triggered a
-Wformat-overflow warning.
2017-07-11 16:34:52 -07:00
Tim Kourt
8071b51168 client: do display quit on exit 2017-06-09 14:08:21 -05:00
Tim Kourt
3bfbe72e33 client: Disable cmd refresh on console resize 2017-06-09 14:08:21 -05:00
Tim Kourt
2fb671e0d4 client: add flashing indicator for the updatable tables 2017-06-09 14:08:21 -05:00
Tim Kourt
31d60b5cf2 agent: Fix formatting 2017-06-09 14:05:30 -05:00
Tim Kourt
7bd22770ed agent: Enable multi-agent support
If an application initiates the Connect() operation and
that application has an agent registered, then that
application's agent will be called. Otherwise, the default
agent is called.
2017-06-09 14:05:30 -05:00
Denis Kenzior
ff319b8234 crypto: Fix valgrind warning
==40686== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
==40686==    at 0x5147037: sendmsg (in /usr/lib64/libc-2.24.so)
==40686==    by 0x43957C: operate_cipher (cipher.c:354)
==40686==    by 0x439C18: l_cipher_decrypt (cipher.c:415)
==40686==    by 0x40FAB8: arc4_skip (crypto.c:181)

Initialize the skip buffer to 0s.  This isn't strictly necessary, but
hides the above valgrind warning.

The aim of arc4 skip is simply to seed some data into the RC4 cipher so
it makes it harder for the attacker to decrypt.  This 'initialization'
doesn't really care what data is fed.
2017-06-06 13:33:08 -05:00
Denis Kenzior
7e2e965eb7 crypto: Optimize arc4_skip 2017-06-06 13:32:14 -05:00
Denis Kenzior
6c64ae3461 AUTHORS: Mention James' contributions 2017-06-02 14:22:39 -05:00
Denis Kenzior
8e2b3513e7 AUTHORS: Mention Matías' contributions 2017-06-02 14:22:07 -05:00
James Prestwood
1cd1183916 test-runner: move remove_absolute_path_dirs call
remove_absolute_path_dirs() was not getting called in some test
failure cases. This caused subsequent tests to fail due to stale
files existing.
2017-06-02 14:21:01 -05:00
Denis Kenzior
23d9b4c089 unit: Only run tests if checksum is available 2017-06-01 16:30:14 -05:00
Matías Zúñiga
d46489c4ee test-runner: Always define qemu_table
Otherwise build fails in architectures with no qemu name defined.
2017-06-01 11:19:10 -05:00
Denis Kenzior
21fffe2629 netdev: Use CMD_DISCONNECT for non-FT cases
CMD_DEAUTHENTICATE is not available for FullMAC based cards.  We already
use CMD_CONNECT in the non-FT cases, which works on all cards.  However,
for some reason we kept using CMD_DEAUTHENTICATE instead of CMD_DISCONNECT.

For FT (error) cases, keep using CMD_DEAUTHENTICATE.
2017-05-31 11:08:40 -05:00
Tim Kourt
a647072e02 doc: Add device state: roaming 2017-05-30 19:56:38 -05:00
Tim Kourt
5c9ed0ccf0 client: Allow switching between bars and dbms for rssi output 2017-05-30 17:19:54 -05:00
Tim Kourt
e6d4a34773 client: Add caption for misc. cmds 2017-05-30 17:14:08 -05:00
Andrew Zaborowski
0416749710 eap: Move eap->method NULL check before first dereference
Move the eap->method NULL check to fix possible crash.
2017-05-30 17:10:31 -05:00
Andrew Zaborowski
e3c6d2e169 netdev: Use NL80211_ATTR_SOCKET_OWNER flag
Use the new NL80211_ATTR_SOCKET_OWNER with CMD_CONNECT and
CMD_ASSOCIATE to make sure an iwd crash results in deauthentication.
2017-05-30 17:09:09 -05:00
Andrew Zaborowski
132d3ac11c autotests: Test operstate is IF_OPER_UP when state == connected
Test that iwd correctly sets the interface's operstate before and after
a roam, in the same autotests which run the connectivity check.
2017-05-30 17:08:36 -05:00
Andrew Zaborowski
71c15306fd autotests: Test communication when iwd reports connected
Test that the AP interface and the station interface managed by iwd
can actually send and receive ethernet traffic when iwd is in the
connected state.  Due to linux routing none of the high level utilities
like ping or arping can be easily used to test communication between
two interfaces of the same machine so use a method based on the
mac80211_hwsim/tools/hwsim_test.c utility in the wpa_supplicant tree
that uses a raw socket to inject unicast and broadcast frames.

Add this check in three tests of different security type connections
that simulate a single AP, and the two roaming tests with two APs.
Check that the station can't communicate with the other AP's interface.
2017-05-30 17:08:31 -05:00