[PATCH 1/4] netdev: Replace bool randomize_mac with specific address
by Andrew Zaborowski
Allow netdev_create_from_genl callers to draw a random or non-random MAC
and pass it in the parameter instead of a bool to tell us to generating
the MAC locally. In P2P we are generating the MAC some time before
creating the netdev in order to pass it to the peer during negotiation.
---
src/manager.c | 22 ++++++++++++++++++----
src/netdev.c | 45 ++++++++++++++++++++++-----------------------
src/netdev.h | 3 ++-
3 files changed, 42 insertions(+), 28 deletions(-)
diff --git a/src/manager.c b/src/manager.c
index 47874e11..4ad0f03c 100644
--- a/src/manager.c
+++ b/src/manager.c
@@ -102,6 +102,9 @@ static void wiphy_setup_state_destroy(struct wiphy_setup_state *state)
static bool manager_use_default(struct wiphy_setup_state *state)
{
+ uint8_t addr_buf[6];
+ uint8_t *addr = NULL;
+
l_debug("");
if (!state->default_if_msg) {
@@ -110,13 +113,20 @@ static bool manager_use_default(struct wiphy_setup_state *state)
return false;
}
- netdev_create_from_genl(state->default_if_msg, randomize);
+ if (randomize) {
+ wiphy_generate_random_address(state->wiphy, addr_buf);
+ addr = addr_buf;
+ }
+
+ netdev_create_from_genl(state->default_if_msg, addr);
return true;
}
static void manager_new_interface_cb(struct l_genl_msg *msg, void *user_data)
{
struct wiphy_setup_state *state = user_data;
+ uint8_t addr_buf[6];
+ uint8_t *addr = NULL;
l_debug("");
@@ -134,9 +144,13 @@ static void manager_new_interface_cb(struct l_genl_msg *msg, void *user_data)
return;
}
- netdev_create_from_genl(msg, randomize &&
- !wiphy_has_feature(state->wiphy,
- NL80211_FEATURE_MAC_ON_CREATE));
+ if (randomize && !wiphy_has_feature(state->wiphy,
+ NL80211_FEATURE_MAC_ON_CREATE)) {
+ wiphy_generate_random_address(state->wiphy, addr_buf);
+ addr = addr_buf;
+ }
+
+ netdev_create_from_genl(msg, addr);
}
static void manager_new_interface_done(void *user_data)
diff --git a/src/netdev.c b/src/netdev.c
index 46c79fb0..77668151 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -125,6 +125,7 @@ struct netdev {
int8_t cur_rssi;
struct l_timeout *rssi_poll_timeout;
uint32_t rssi_poll_cmd_id;
+ uint8_t set_mac_once[6];
uint32_t set_powered_cmd_id;
netdev_command_cb_t set_powered_cb;
@@ -147,7 +148,6 @@ struct netdev {
bool ignore_connect_event : 1;
bool expect_connect_failure : 1;
bool aborting : 1;
- bool mac_randomize_once : 1;
bool events_ready : 1;
};
@@ -4259,6 +4259,20 @@ static void netdev_set_mac_cb(int error, uint16_t type, const void *data,
netdev_initial_up_cb, netdev, NULL);
}
+static bool netdev_check_set_mac(struct netdev *netdev)
+{
+ if (util_mem_is_zero(netdev->set_mac_once, 6))
+ return false;
+
+ l_debug("Setting initial address on ifindex: %d to: " MAC,
+ netdev->index, MAC_STR(netdev->set_mac_once));
+ netdev->set_powered_cmd_id =
+ rtnl_set_mac(rtnl, netdev->index, netdev->set_mac_once,
+ netdev_set_mac_cb, netdev, NULL);
+ memset(netdev->set_mac_once, 0, 6);
+ return true;
+}
+
static void netdev_initial_down_cb(int error, uint16_t type, const void *data,
uint32_t len, void *user_data)
{
@@ -4274,17 +4288,8 @@ static void netdev_initial_down_cb(int error, uint16_t type, const void *data,
return;
}
- if (netdev->mac_randomize_once) {
- uint8_t addr[ETH_ALEN];
-
- wiphy_generate_random_address(netdev->wiphy, addr);
- l_debug("Setting initial random address on "
- "ifindex: %d to: "MAC, netdev->index, MAC_STR(addr));
- netdev->set_powered_cmd_id =
- rtnl_set_mac(rtnl, netdev->index, addr,
- netdev_set_mac_cb, netdev, NULL);
+ if (netdev_check_set_mac(netdev))
return;
- }
netdev->set_powered_cmd_id =
rtnl_set_powered(rtnl, netdev->index, true,
@@ -4326,17 +4331,8 @@ static void netdev_getlink_cb(int error, uint16_t type, const void *data,
*/
powered = netdev_get_is_up(netdev);
- if (!powered && netdev->mac_randomize_once) {
- uint8_t addr[ETH_ALEN];
-
- wiphy_generate_random_address(netdev->wiphy, addr);
- l_debug("Setting initial random address on "
- "ifindex: %d to: "MAC, netdev->index, MAC_STR(addr));
- netdev->set_powered_cmd_id =
- rtnl_set_mac(rtnl, netdev->index, addr,
- netdev_set_mac_cb, netdev, NULL);
+ if (!powered && netdev_check_set_mac(netdev))
return;
- }
cb = powered ? netdev_initial_down_cb : netdev_initial_up_cb;
@@ -4511,7 +4507,8 @@ error:
return NULL;
}
-struct netdev *netdev_create_from_genl(struct l_genl_msg *msg, bool random_mac)
+struct netdev *netdev_create_from_genl(struct l_genl_msg *msg,
+ const uint8_t *set_mac)
{
struct l_genl_attr attr;
uint16_t type, len;
@@ -4628,7 +4625,9 @@ struct netdev *netdev_create_from_genl(struct l_genl_msg *msg, bool random_mac)
memcpy(netdev->name, ifname, ifname_len);
netdev->wiphy = wiphy;
netdev->pae_over_nl80211 = pae_io == NULL;
- netdev->mac_randomize_once = random_mac;
+
+ if (set_mac)
+ memcpy(netdev->set_mac_once, set_mac, 6);
if (pae_io) {
netdev->pae_io = pae_io;
diff --git a/src/netdev.h b/src/netdev.h
index 032265f9..192cb4fe 100644
--- a/src/netdev.h
+++ b/src/netdev.h
@@ -205,5 +205,6 @@ uint32_t netdev_station_watch_add(struct netdev *netdev,
bool netdev_station_watch_remove(struct netdev *netdev, uint32_t id);
-struct netdev *netdev_create_from_genl(struct l_genl_msg *msg, bool random_mac);
+struct netdev *netdev_create_from_genl(struct l_genl_msg *msg,
+ const uint8_t *set_mac);
bool netdev_destroy(struct netdev *netdev);
--
2.20.1
1 month, 2 weeks
[PATCH 1/5] doc: add CONFIG_DRIVER_NONE to hostapd config
by James Prestwood
This allows hostapd to be started as a standalone radius server
---
doc/hostapd.config | 1 +
1 file changed, 1 insertion(+)
diff --git a/doc/hostapd.config b/doc/hostapd.config
index cf88386e..2ad99b8a 100644
--- a/doc/hostapd.config
+++ b/doc/hostapd.config
@@ -1,5 +1,6 @@
CONFIG_DRIVER_HOSTAP=y
CONFIG_DRIVER_NL80211=y
+CONFIG_DRIVER_NONE=y
CONFIG_LIBNL32=y
CONFIG_IAPP=y
CONFIG_RSN_PREAUTH=y
--
2.17.1
1 month, 3 weeks
Restart of iwd.service necessary after boot
by Wiktor Kwapisiewicz
Hello,
I'm using iwd on ArchLinux as a systemd service with conjunction with
systemd-networkd and generally it works very well (iwctl live updates
are impressive) with a minor annoyance that the service requires restart
after each boot to function.
This issue have been reported by others on ArchLinux site:
https://bugs.archlinux.org/task/63912
In the service logs the only significant line seems to be "NEW_INTERFACE
failed: Device or resource busy":
$ journalctl -u iwd
Starting Wireless service...
Wireless daemon version 1.4
Started Wireless service.
netconfig: Network configuration is disabled.
Wiphy: 0, Name: phy0
Permanent Address: 30:52:cb:84:72:ff
Bands: 2.4 GHz 5 GHz
Ciphers: CCMP TKIP BIP
Supported iftypes: ad-hoc station ap p2p-client p2p-go p2p-device
NEW_INTERFACE failed: Device or resource busy
networkctl reports "configuring" but nothing ever happens:
$ networkctl
IDX LINK TYPE OPERATIONAL SETUP
1 lo loopback carrier unmanaged
2 wlan0 wlan no-carrier configuring
3 enp10s0u2u4 ether no-carrier configuring
4 enp9s0u1u2 ether no-carrier configuring
After service restart it does complain about "unknown error" but
everything works as normal:
Wireless daemon version 1.4
Started Wireless service.
netconfig: Network configuration is disabled.
Wiphy: 0, Name: phy0
Permanent Address: 30:52:cb:84:72:ff
Bands: 2.4 GHz 5 GHz
Ciphers: CCMP TKIP BIP
Supported iftypes: ad-hoc station ap p2p-client p2p-go p2p-device
DEL_INTERFACE failed: Unknown error 524
hardware_rekey not supported
And it is routable in networkctl:
$ networkctl
IDX LINK TYPE OPERATIONAL SETUP
1 lo loopback carrier unmanaged
2 wlan0 wlan routable configured
3 enp10s0u2u4 ether no-carrier configuring
4 enp9s0u1u2 ether no-carrier configuring
Interestingly one of ArchLinux users [0] reported that adding sleep in
"ExecStartPre" of the systemd service makes the problem disappear and
yes, this workaround also works on my end.
I did not have this problem when using old wpa_supplicant. I'm using XPS
13 (9350, Broadcom BCM4350). I had the problem since I installed iwd and
it's still here in version 1.4
Is there a way to debug this issue further?
Thank you for your help!
Kind regards,
Wiktor
[0]: https://bugs.archlinux.org/task/63912#comment183316
--
https://metacode.biz/@wiktor
2 months
[PATCH] peap: Ignore Crypto-Binding TLVs with invalid compound MACs
by Tim Kourt
Some server implementation don't seem to provide the valid compound MACs.
In the meantime, iwd will ignore the invalid Crypto-Binding TLVs as their
usage is optional.
---
src/eap-peap.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/eap-peap.c b/src/eap-peap.c
index 273a206f..005eacc4 100644
--- a/src/eap-peap.c
+++ b/src/eap-peap.c
@@ -231,8 +231,11 @@ static int eap_extensions_handle_cryptobinding_tlv(struct eap_state *eap,
cryptobinding_compound_mac_len)) {
l_error("PEAP: Generated compound MAC and server compound MAC "
"don't match.");
-
- return -EIO;
+ /*
+ * Ignore the Crypto-Binding TLV in the case of unmatched
+ * compound MACs.
+ */
+ return 0;
}
/* Build response Crypto-Binding TLV */
--
2.13.6
2 months, 1 week
[PATCH 0/1] USB Passthrough documentation
by James Prestwood
I just added this to the test-runner document. It ended up being longer
than I expected so if we want this in its own file I can add a separate
one.
James Prestwood (1):
doc: describe hardware passthrough feature
doc/test-runner.txt | 62 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 62 insertions(+)
--
2.17.1
2 months, 1 week
[PATCH v2] doc: describe hardware passthrough feature
by James Prestwood
There are wiki's floating around, but I have consolidated the steps for
USB passthrough into our internal docs.
---
doc/test-runner.txt | 62 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 62 insertions(+)
-v2:
* Fixed up some spelling mistakes/wordage
diff --git a/doc/test-runner.txt b/doc/test-runner.txt
index 1bc02ced..2d45bedc 100644
--- a/doc/test-runner.txt
+++ b/doc/test-runner.txt
@@ -389,6 +389,68 @@ if __name__ == '__main__':
unittest.main()
#~~~~~~~~~~~~~~~~~~ end of alwaysFailingTest.py ~~~~~~~~~~~~~~~~~~~~~~~~~
+Using hardware passthrough
+---------------------------
+
+The --hw, -w flag lets you pass in a config file containing USB/PCI adapter
+addresses, which can then be used as radios inside the test/VM just as the
+virtual mac80211_hwsim radios are used. Note: physical radios cannot be used at
+the same time as mac80211_hwsim radios.
+
+Using this option, in some cases, does require some pre-configuration that won't
+be described in this document. Specifically, PCI adapters are very involved to
+get setup, and require special kernel boot options (on the host), BIOS changes,
+and most likely a lot of time to get the system working reliably. Because of
+this only USB adapters will be discussed in this document.
+
+If PCI passthrough is something you need, it would be best to follow this guide:
+
+https://wiki.archlinux.org/index.php/PCI_passthrough_via_OVMF
+
+First, whatever kernel you are using must contain the adapters driver and, if
+required, firmware built in. The driver can be built in using 'make menuconfig'
+and finding the correct driver for your adapter:
+
+Device Driver -> Network Device Support -> Wireless LAN
+
+Enable [*] the driver(s) you need, save, and exit.
+
+The firmware also needs to be built in, and this will require you finding the
+right firmware file (/lib/firmware/) required for your adapter and adding it to
+CONFIG_EXTRA_FIRMWARE in your .config file. It is sometimes not very obvious
+what firmware you need. I have found that during the kernel boot some adapters
+will print out if the firmware was not found, and the name of the firmware file
+they expect. If you are having trouble finding the firmware file try continuing
+on and see what happens when test-runner starts. Google is also your friend.
+
+Once you have the kernel built you can write your hardware config file for
+test-runner. Find the USB bus and device for the adapter:
+
+$ lsusb
+
+You should see your device listed with a 'Bus' and 'Device' number:
+
+$ Bus 001 Device 002: ........
+
+Put these into your passthrough config file under a 'USBAdapters' group:
+
+[USBAdapters]
+rad0=1,2
+
+Note: The 'rad#' does not matter at this time. These named keys will not
+correspond to rad0, rad1, etc in your test config file. This may change in the
+future.
+
+You can then run test-runner using this config file:
+
+./test-runner -k <kernel> --hw passthrough.conf ...
+
+If running specific tests you need to ensure you have enough adapters defined
+in the config file, and that the adapters support the features you expect. For
+example, some adapters cannot go into AP mode, or use certain channels. If your
+test expects these features and the adapters do not support them, the test will
+fail in sometimes unexpected ways.
+
Using the 'shell' feature
---------------------------
--
2.17.1
2 months, 1 week
Issue with IWD 1.3 and connecting with PEAP
by Kristian Klausen
Hi
I just upgraded to IWD 1.3 and I can't connect to my school network anymore.
The "handshake" fails with:
iwd[581]: PEAP: Generated compound MAC and server compound MAC don't match.
iwd[581]: 4-Way handshake failed for ifindex: 5, reason: 15
I'm not sure if the school network is incorrectly configured, if that is
the case, it would be nice if I could disable "Crypto-Binding".
I use IWD with NetworkManager 1.20.8 and a IWD config similar to this:
[Security]
EAP-Method=PEAP
EAP-Identity=<username>
EAP-Password=<password>
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=<username>
EAP-PEAP-Phase2-Password=<password>
[Settings]
Autoconnect=true
Best regards
Kristian Klausen
2 months, 1 week
[PATCH] resolve: Fix check for incorrect function name
by Tim Kourt
---
src/resolve.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/resolve.c b/src/resolve.c
index 1d9bbe0a..c8cda269 100644
--- a/src/resolve.c
+++ b/src/resolve.c
@@ -435,7 +435,7 @@ void resolve_add_domain_name(uint32_t ifindex, const char *domain_name)
if (!domain_name)
return;
- if (!method.ops || !method.ops->add_dns)
+ if (!method.ops || !method.ops->add_domain_name)
return;
method.ops->add_domain_name(ifindex, domain_name, method.data);
--
2.13.6
2 months, 1 week
[PATCH] manpage: Add section about IPv4 static network configuration
by Tim Kourt
---
src/iwd.network.rst | 45 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+)
diff --git a/src/iwd.network.rst b/src/iwd.network.rst
index 756addf3..6b068202 100644
--- a/src/iwd.network.rst
+++ b/src/iwd.network.rst
@@ -232,6 +232,51 @@ authentication configuration.
method's negotiation is encrypted, a secure identity string can be
provided.
+Network Configuration Settings
+-------------------------------
+
+The group ``[IPv4]`` contains settings for Internet Protocol version 4 (IPv4)
+network configuration with the static addresses.
+
+.. list-table::
+ :header-rows: 0
+ :stub-columns: 0
+ :widths: 20 80
+ :align: left
+
+ * - Address
+ - IPv4 address string
+
+ The IPv4 address to assign. This field is `required` for the static
+ configuration.
+ * - Gateway
+ - IPv4 address string
+
+ The IPv4 address of the gateway (router). This field is `required` for
+ the static configuration.
+ * - DNS
+ - IPv4 address string
+
+ The IPv4 address of the Domain Name System (DNS). This field is
+ `optional`. DNS setting can be used to override the DNS entries received
+ from the DHCP server.
+ * - Netmask
+ - IPv4 address string
+
+ The IPv4 address of the subnet. This field is `optional`. 255.255.255.0
+ is used as default Netmask.
+ * - Broadcast
+ - IPv4 address string
+
+ The IPv4 address to be used for the broadcast. This field is `optional`.
+ * - DomainName
+ - string
+
+ The DomainName is the name of the local Internet domain. This field is
+ `optional`. DomainName setting can be used to override the DomainName
+ value obtained from the DHCP server.
+
+
Embedded PEMs
-------------
--
2.13.6
2 months, 1 week
[PATCH] peap: Add debug statements
by Tim Kourt
---
src/eap-peap.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/eap-peap.c b/src/eap-peap.c
index 5de6e862..ee71514a 100644
--- a/src/eap-peap.c
+++ b/src/eap-peap.c
@@ -170,6 +170,8 @@ static int eap_extensions_handle_cryptobinding_tlv(struct eap_state *eap,
uint8_t buf[61];
uint8_t imck[60];
+ l_debug();
+
if (tlv_value_len != cryptobinding_val_len)
return -EBADMSG;
@@ -405,8 +407,11 @@ static void eap_extensions_handle_request(struct eap_state *eap,
&response[EAP_EXTENSIONS_HEADER_LEN],
&result);
- if (response_len < 0)
+ if (response_len < 0) {
+ l_debug("PEAP: Failed to process TLVs %d", response_len);
+
return;
+ }
response_len += EAP_EXTENSIONS_HEADER_LEN;
--
2.13.6
2 months, 1 week
