Bug 2095296

Summary: eapol_test (part of wpa_supplicant) does not support IPv6
Product: [Fedora] Fedora Reporter: Stefan Paetow <oss>
Component: wpa_supplicantAssignee: Davide Caratti <dcaratti>
Status: ASSIGNED --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: 37CC: bgalvani, blueowl, dcaratti, dcbw, lkundrak
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch to enable IPv6 support none

Description Stefan Paetow 2022-06-09 13:22:26 UTC 
Description of problem:

The eapol_test utility that ships in the wpa_supplicant package is not built with IPv6 support. It supports it, it just needs to be compiled in.

Version-Release number of selected component (if applicable):

2.10

How reproducible:

Run eapol_test with the following command-line:

eapol_test -c sample_config.cnf -a <IPv6 address> -s <secret>

Actual results:

It will die with a SEGV. 

Expected results:

It should initiate an EAP conversation with a server

Additional info:

Add the line CONFIG_IPV6=y to your 'build-config' file in your SOURCES, and hey presto, eapol_test will be built with support for IPv6.
Comment 1 Ben Cotton 2022-08-09 13:17:42 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora Linux 37 development cycle.
Changing version to 37.
Comment 2 Stefan Paetow 2023-04-16 15:40:09 UTC 
Sorry to have to be a pain, but surely it does not take nearly a year to switch *one* setting in your build sources to make eapol_test IPv6-compatible?
Comment 3 Stefan Paetow 2023-05-26 02:12:39 UTC 
Created attachment 1966948 [details]
Patch to enable IPv6 support

This works against the standard defconfig.
Comment 4 Davide Caratti 2023-05-31 09:14:02 UTC 
(In reply to Stefan Paetow from comment #2)
> Sorry to have to be a pain, but surely it does not take nearly a year to
> switch *one* setting in your build sources to make eapol_test
> IPv6-compatible?

hello Stefan,

thanks for the patch. Looking at the code, the segfault happens here:

eapol_test: eapol_test.c:1032: wpa_init_conf: Assertion `0' failed.
Program received signal SIGABRT, Aborted.

that is:

1029         if (hostapd_parse_ip_addr(authsrv, &as->addr) < 0) {
1030                 wpa_printf(MSG_ERROR, "Invalid IP address '%s'",
1031                            authsrv);
1032                 assert(0);    <-- send SIGABRT
1033         }

like you mentioned, hostapd_parse_ip_adress returns -1 because CONFIG_IPV6 is not there and an IPv6 address is passed as authentication server address.

besides eapol_test, this also impacts wpa_supplicant RADIUS configuration (i.e. it allows specifying IPv6 addresses in the client). I see that CONFIG_IPV6 is not enabled also in the upstream project [1], though it's enabled in hostapd [2] and in the upstream CI [3]: what about sending a patch for wpa_supplicant/defconfig to the upstream project, so that future releases will not need a patch anymore?

thanks,
-- 
davide

[1] https://w1.fi/cgit/hostap/tree/wpa_supplicant/defconfig
[2] https://w1.fi/cgit/hostap/tree/hostapd/defconfig
[3] https://w1.fi/cgit/hostap/tree/tests/hwsim/example-wpa_supplicant.config
Comment 5 Stefan Paetow 2023-06-07 13:02:58 UTC 
Davide, 

I've submitted a patch (identical to the attached) to the wpa_supplicant project. It has not yet been actioned.
Comment 6 Davide Caratti 2023-06-07 13:36:07 UTC 
(In reply to Stefan Paetow from comment #5)
> Davide, 
> 
> I've submitted a patch (identical to the attached) to the wpa_supplicant
> project. It has not yet been actioned.

hello Stefan,

yes I noticed [1] :) , thanks for following up.- I will update wpa_supplicant with your patch once it gets applied (next, I will drop it after version 2.11 will be released).

Thanks!
-- 
davide


[1] http://lists.infradead.org/pipermail/hostap/2023-June/041617.html
Comment 7 Stefan Paetow 2023-06-23 22:16:40 UTC 
Hi Davide, 

The patch appears to have been dropped from wpa_supplicant; it has not been rolled into the source although patches submitted before and after have. So, I'd say that this should be actioned within this ecosystem instead of effectively requiring those using IPv6 to rebuild it themselves.

Thank you!
Comment 8 Davide Caratti 2023-07-17 13:29:22 UTC 
(In reply to Stefan Paetow from comment #7)
> Hi Davide, 
> 
> The patch appears to have been dropped from wpa_supplicant; it has not been
> rolled into the source although patches submitted before and after have. So,
> I'd say that this should be actioned within this ecosystem instead of
> effectively requiring those using IPv6 to rebuild it themselves.
> 
> Thank you!

https://src.fedoraproject.org/rpms/wpa_supplicant/pull-request/19

(and I'll try a RESEND of your upstream patch soon)