Commit graph

203 commits

Author SHA1 Message Date
Jouni Malinen
2a5156a66c ERP: Add optional EAP-Initiate/Re-auth-Start transmission
hostapd can now be configured to transmit EAP-Initiate/Re-auth-Start
before EAP-Request/Identity to try to initiate ERP. This is disabled by
default and can be enabled with erp_send_reauth_start=1 and optional
erp_reauth_start_domain=<domain>.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-04 12:08:56 +02:00
Jouni Malinen
0ecff8d7c3 Add hostapd driver_params config parameter
This is mainly for development testing purposes to allow driver_nl80211
behavior to be modified.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-29 13:24:42 +02:00
Jouni Malinen
ebd557288c Remove forgotten driver_test.c variables
hostapd was still providing couple of parameters that were used only in
the already removed driver_test.c framework.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-29 12:49:55 +02:00
Dmitry Shmidt
88cb27c7a5 hostapd: Add wowlan_triggers config param
New kernels in wiphy_suspend() will call cfg80211_leave_all() that will
eventually end up in cfg80211_stop_ap() unless wowlan_triggers were set.
For now, use the parameters from the station mode as-is. It may be
desirable to extend (or constraint) this in the future for specific AP
mode needs.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-11-16 17:09:11 +02:00
Jouni Malinen
666497c8e6 Suite B: Add AKM 00-0F-AC:11
This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The
functionality itself is not yet complete, i.e., this commit only
includes parts to negotiate the new AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-16 13:20:51 +02:00
Kyeyoon Park
7d597d4617 AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.

This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.

Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-10-28 01:08:29 +02:00
Kyeyoon Park
ec8f36afca AP: Add support for BSS load element (STA Count, Channel Utilization)
The new "bss_load_update_period" parameter can be used to configure
hostapd to advertise its BSS Load element in Beacon and Probe Response
frames. This parameter is in the units of BUs (Beacon Units).

When enabled, the STA Count and the Channel Utilization value will be
updated periodically in the BSS Load element. The AAC is set to 0 sinze
explicit admission control is not supported. Channel Utilization is
calculated based on the channel survey information from the driver and
as such, requires a driver that supports providing that information for
the current operating channel.

Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-10-21 23:25:48 +03:00
Jouni Malinen
f8995f8f1c hostapd: Allow OpenSSL cipherlist string to be configured
The new openssl_cipher configuration parameter can be used to select
which TLS cipher suites are enabled when hostapd is used as an EAP
server with OpenSSL as the TLS library.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-12 11:52:05 +03:00
Jouni Malinen
df756b374e hostapd: Remove unused variable assignment
The local bss variable is used only within the while loop, so no need to
assign or even make it visible outside the loop.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-03 15:37:58 +03:00
Jouni Malinen
5d67bf1566 hostapd: Fix configuration of multiple RADIUS servers with SET
The current RADIUS server pointer was updated after each SET command
which broke parsing of multiple RADIUS servers over the control
interface. Fix this by doing the final RADIUS server pointer updates
only once the full configuration is available.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-30 20:40:11 +03:00
Jouni Malinen
06df2aa60a Remove floating constant suffix 'd' from test coee
clang scan-build does not seem to like the 'd' suffix on floating
constants and ends up reporting analyzer failures. Since this suffix
does not seem to be needed, get rid of it to clear such warnings.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
9670f8773b ACS: Clean up ifdef CONFIG_ACS to avoid unreachable code
The conf->channel assignment was unreachable if CONFIG_ACS was not
defined, so move that to be under #else.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:10 +03:00
Jouni Malinen
1dde5b5cdd Remove PSMP option from ht_capab
This was used to fill in the "PSMP support" subfield that was defined
during P802.11n development. However, this subfield was marked reserved
in the published IEEE Std 802.11n-2009 and it is not supported by
current drivers that use hostapd for SME either. As such, there is not
much point in maintaining this field as ht_capab parameter within
hostapd either.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 22:02:14 +03:00
Jouni Malinen
5784b9a41b Fix memory leaks in hostapd configuration updates
Some of the allocated configuration parameter did not free the previous
value if a configuration file or ctrl_iface SET command updated a
previously set value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 20:42:12 +03:00
Jouni Malinen
5cfc87b771 Make hs20_wan_metrics parser error print more helpful
pos == NULL in almost all of the error cases here, so print the full
parameter value instead of the current position.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-30 17:25:17 +03:00
Jouni Malinen
4be20bf9aa Fix validation of anqp_3gpp_cell_net configuration parameter
The "< '0' && > '9'" part would not match any character.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-30 17:22:23 +03:00
Jouni Malinen
23587e3999 Remove duplicated vht_capab parser entry
[VHT160-80PLUS80] was parsed twice with the second copy not really doing
anything useful.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-30 17:06:34 +03:00
Jouni Malinen
8943cc998a RADIUS server: Add support for MAC ACL
"user" MACACL "password" style lines in the eap_user file can now be
used to configured user entries for RADIUS-based MAC ACL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-29 19:31:56 +02:00
Jouni Malinen
b7a8d67f5b Allow hostapd to advertise 40 MHz intolerant HT capability
ht_capab=[40-INTOLERANT] can now be used to advertise that the BSS is 40
MHz intolerant to prevent other 20/40 MHz co-ex compliant APs from using
40 MHz channel bandwidth.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-23 23:50:37 +02:00
Jouni Malinen
8dd9f9cdde Allow management group cipher to be configured
This allows hostapd to set a different management group cipher than the
previously hardcoded default BIP (AES-128-CMAC). The new configuration
file parameter group_mgmt_cipher can be set to BIP-GMAC-128,
BIP-GMAC-256, or BIP-CMAC-256 to select one of the ciphers defined in
IEEE Std 802.11ac-2013.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-14 21:58:45 +02:00
Jouni Malinen
b4c26ef997 Clean up hostapd_config_fill() parsers
Some of the parsing code was using a bit too complex design and could be
simplified after the earlier return-on-error cleanups.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 01:09:21 +02:00
Jouni Malinen
b2e32cde83 Fix memory leaks on wpa_config_parse_string() error paths
hostapd configuration parser did not free the temporary buffer on some
error paths.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 01:09:21 +02:00
Jouni Malinen
a0b728b7e2 Simplify hostapd_config_fill() error reporting
There is no need for trying to count the number of errors in this
function since this is not a loop anymore and the return value will be
either 0 or 1.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 01:09:21 +02:00
Jouni Malinen
599f40db7d Remove extra indentation level from hostapd_config_fill()
The configuration file parsing routines were moved to a separate
function a while back, but left at the old indentation level to avoid
showing large diffs in the commit and to avoid conflicts with parallel
development in other branches. There is never a perfect time for this
type of changes, but we might as well finally get rid of that extra
indentation now with Hotspot 2.0 Rel 2 changes pulled in.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 01:09:15 +02:00
Simon Wunderlich
70ee1be248 hostapd: Add config option chanlist for DFS channels
Different channels allow different transmission power, at least in ETSI
countries. Also, ETSI requires a "channel plan" for DFS operation, and
channels should be randomly choosen from these channels.

Add a channel list configuration option for users to add channels
hostapd may pick from.

Signed-hostap: Simon Wunderlich <sw@simonwunderlich.de>
2014-03-11 18:59:40 +02:00
Jouni Malinen
4fb363c62b Fix error path handling on radius_accept_attr
This error path must not try to free the user entry since that entry was
already added to the BSS list and will be freed when BSS is freed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-10 00:44:26 +02:00
Jouni Malinen
d0ee16edc8 Allow arbitrary RADIUS attributes to be added into Access-Accept
This extends the design already available for Access-Request packets to
the RADIUS server and Access-Accept messages. Each user entry can be
configured to add arbitrary RADIUS attributes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-08 11:35:08 +02:00
Bartosz Markowski
905828fea4 hostapd: Fix vht_capab 'Maximum A-MPDU Length Exponent' handling
As per IEEE Std 802.11ac-2013, 'Maximum A-MPDU Length Exponent' field
value is in the range of 0 to 7. Previous implementation assumed EXP0 to
be the maximum length (bits 23, 24 and 25 set) what is incorrect.

This patch adds options to set it up within the 0 to 7 range.

Signed-off-by: Bartosz Markowski <bartosz.markowski@tieto.com>
2014-03-06 00:09:37 +02:00
Jouni Malinen
8d2a9921af HS 2.0R2: RADIUS server support to request Subscr Remediation
The new hostapd.conf parameter subscr_remediation_url can be used to
define the URL of the Subscription Remediation Server that will be added
in a WFA VSA to Access-Accept message if the SQLite user database
indicates that the user need subscription remediation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:25 +02:00
Jouni Malinen
ae6d15c722 HS 2.0R2 AP: Add OSU Providers list ANQP element
hostapd can now be configured to advertise OSU Providers with the
new osu_* confgiuration parameters.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:25 +02:00
Jouni Malinen
f7bd7a01a8 HS 2.0R2 AP: Add Icon Request and Icon binary File ANQP elements
hostapd can now be configured to provide access for icon files
(hs20_icon config file parameter) for OSU. The hs20_icon data contains
additional meta data about the icon that is not yet used, but it will be
needed for the OSU Providers list ANQP element.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:25 +02:00
Jouni Malinen
8e1146d9da HS 2.0R2 AP: Add support for deauthentication request
If the RADIUS server includes deauthentication request in Access-Accept,
send a WNM-Notification frame to the station after 4-way handshake and
disconnect the station after configurable timeout.

A new control interface command, WNM_DEAUTH_REQ, is added for testing
purposes to allow the notification frame to sent based on local request.
This case does not disconnect the station automatically, i.e., a
separate control interface command would be needed for that.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
a14896e8bb HS 2.0R2 AP: Add OSEN implementation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
d5d24784e6 HS 2.0R2 AP: Update HS 2.0 Indication element to Release 2
The HS 2.0 Indication element from hostapd now includes the release
number field and the new ANQP Domain ID field. This ID can be configured
with anqp_domain_id parameter in hostapd.conf.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Emanuel Taube
1748f1da3d hostapd: Make it possible to remove addresses from maclists
It is already possible to add MAC addresses at runtime. This patch
allows also to remove some of them by using the prefix "-" in the
address file.

Signed-off-by: Emanuel Taube <emanuel.taube@gmail.com>
2014-02-25 16:10:29 +02:00
Chaitanya T K
3d7ad2f681 hostapd: Configure spectrum management capability
Add configuration of Spectrum Management subfield in the Capability
Information of Beacon, Probe Response, and Association Response frames.
Spectrum Management bit is set when directly requested by new
configuration option spectrum_mgmt_required=1 or when AP is running on
DFS channels. In the future, also TPC shall require this bit to be set.

Signed-hostap: Srinivasan <srinivasanb@posedge.com>
Signed-hostap: Chaitanya T K <chaitanyatk@posedge.com>
Signed-hostap: Marek Puzyniak <marek.puzyniak@tieto.com>
2014-02-25 00:54:59 +02:00
Srinivasan B
e0392f825d hostapd: Add Power Constraint element
Add Power Constraint information element to Beacon and Probe Response
frames when hostapd is configured on 5 GHz band and Country information
element is also added. According to IEEE Std 802.11-2012 a STA shall
determine a local maximum transmit power for the current channel based
on information derived from Country and Power Constraint elements.

In order to add Power Constraint element ieee80211d option need to be
enabled and new local_pwr_constraint config option need to be set to
unsigned value in units of decibels. For now this value is statically
configured but the future goal is to implement dynamic TPC algorithm
to control local power constraint.

Signed-hostap: Srinivasan <srinivasanb@posedge.com>
Signed-hostap: Chaitanya T K <chaitanyatk@posedge.com>
Signed-hostap: Marek Puzyniak <marek.puzyniak@tieto.com>
2014-02-24 23:51:23 +02:00
Jouni Malinen
a1dd890a85 RADIUS: Add minimal accounting server support
This can be used to test RADIUS Accounting in hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 16:26:48 +02:00
Jouni Malinen
08081ad8ef hostapd: Skip full AP configuration validation on SET command
It is possible for the configuration to be temporarily invalid when
adding a new AP through SET commands followed by ENABLE. Avoid this
issue by using less strict validation on SET commands and perform full
configuration validation only on ENABLE. Use cases with configuration
file maintain their previous behavior, i.e., full validation after the
file has been read.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 20:23:56 +02:00
Jouni Malinen
a1a31b6c3f Remove hostapd dump_file functionality
This debugging mechanism has now been deprecated by the control
interface commands that can be used to fetch same internal information
from hostapd in a more convenient way. Leave the empty USR1 signal
handler and configuration file parameter for backwards compatibility.
They can be removed in future versions of hostapd.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 18:15:07 +02:00
Jouni Malinen
fcc61230d1 Declare wpa_drivers in src/drivers/driver.h
This avoids some warnings from sparse.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:19:37 +02:00
Paul Stewart
c101bb9d23 hostapd: Add option to send OBSS scan params
Add a parameter to send the overlapping BSS scan parameter
information element. This will require clients to perform
background scans to check for neigbors overlapping this
HT40 BSS. Since the implementation is incomplete it should
only be used for testing.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-11-07 14:05:41 +02:00
Jouni Malinen
2fe210cebb hostapd: Fix multi-BSS configuration file parsing regression
Commit ebd79f07c4 broke parsing of
configuration files that use the bss parameter to specify another BSS
entry. This resulted in crashing the process with NULL pointer
dereference since the new hostapd_config::bss design requires this
function to allocate a new hostapd_bss_config structure.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 20:01:50 +02:00
Jouni Malinen
eff0fd1ee8 hostapd: Move generic configuration functions into src/ap
This allows the configuration validation routines to be called from
src/ap/*.c for runtime updates of configuration without reprocessing the
full configuration file.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-29 16:58:21 +02:00
Jouni Malinen
ebd79f07c4 hostapd: Make hostapd_config::bss array of pointers
This makes it more convenient to move BSS configuration entries between
struct hostapd_config instances to clean up per-BSS configuration file
design.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-29 16:58:21 +02:00
Jouni Malinen
a781e211f9 hostapd: Force PSK to be derived again on BSS reload
This may be needed if the wpa_psk information for previously derived
from passphrase and either the SSID or the passphrase has changed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-29 16:58:20 +02:00
Eliad Peller
b29b012cbc Fix some VHT Capabilities definitions
VHT_CAP_BEAMFORMEE_STS_MAX, VHT_CAP_SOUNDING_DIMENSION_OFFSET, and
VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT were not defined properly (wrong
name/size). Fix that and update the hostapd.conf parsing accordingly.

Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
2013-10-27 19:05:58 +02:00
Eliad Peller
7066a8e7dd hostapd: Fix wrong VHT configuration capabilities flags
Wrong capabilities flags were used when certain VHT
capabilities were defined.

Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
2013-10-27 18:59:37 +02:00
Jouni Malinen
9bc33868bf Add test option for specifying hardcoded BSS Load element
The new bss_load_test parameter can be used to configure hostapd to
advertise a fixed BSS Load element in Beacon and Probe Response frames
for testing purposes. This functionality is disabled in the build by
default and can be enabled with CONFIG_TESTING_OPTIONS=y.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 14:13:45 +03:00
Kyeyoon Park
c551700f1f Interworking: Add support for QoS Mapping functionality for the AP
This allows QoS Map Set element to be added to (Re)Association Response
frames and in QoS Map Configure frame. The QoS Mapping parameters are
also made available for the driver interface.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 14:13:45 +03:00
Kyeyoon Park
f224cf05ab HS 2.0: Allow printf format parsing with language:name strings
This allows Hotspot 2.0 and Interworking strings that use language:name
string (e.g., venue_name) to be encoded using printf format to enter
special characters like newline.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 14:43:40 +03:00
Jouni Malinen
04e533e249 Fix language string length validation in parse_lang_string()
The language string length needs to be validated to hit into the
three-octet lang field in struct hostapd_lang_string before copying
this. Invalid configuration entries in hostapd.conf could have resulted
in buffer overflow.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 14:42:39 +03:00
Jouni Malinen
cdf8bfa434 Disallow WEP configuration in WPA network
Some drivers fail to work if WEP keys are configured in a WPA network.
To avoid potentially confusing error cases, reject hostapd configuration
that enables WPA and includes parameters that would imply that WEP keys
would be set.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-31 17:18:45 +03:00
Michal Kazior
50f4f2a066 hostapd: Add Automatic Channel Selection (ACS) support
This adds ACS support to hostapd. Currently only survey-based
algorithm is available.

To use ACS you need to enable CONFIG_ACS=y in .config and use
channel=0 (or channel=acs_survey) in hostapd.conf.

For more details see wiki page [1] or comments in src/ap/acs.c.

[1]: http://wireless.kernel.org/en/users/Documentation/acs

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-08-31 11:51:06 +03:00
Michael Braun
c2db79f237 VLAN: Remove vlan_tail
Everything in hostapd can be implemented efficiently without vlan_tail.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-08-04 21:45:50 +03:00
Sujith Manoharan
3f9a8137f5 hostapd: Add a config option to control beaconing
In a AP/STA concurrent setup, if the STA interface is continually
scanning, trying to connect to a network, the AP interface
is basically broken since beaconing would be erratic.

This option can be used in a WDS setup where one AP acts as a
Client/AP-Repeater. The Repeater AP interface has to start beaconing
only after the Client interface has established a WDS link with the
"Root AP".

Signed-hostap: Sujith Manoharan <c_manoha@qca.qualcomm.com>
2013-07-20 17:20:43 +03:00
Jouni Malinen
67fe933d40 Add server identity configuration for EAP server
The new server_id parameter in hostapd.conf can now be used to specify
which identity is delivered to the EAP peer with EAP methods that
support authenticated server identity.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-07 20:30:10 +03:00
Jouni Malinen
080585c01a Add support for OCSP stapling to validate server certificate
When using OpenSSL with TLS-based EAP methods, wpa_supplicant can now be
configured to use OCSP stapling (TLS certificate status request) with
ocsp=1 network block parameter. ocsp=2 can be used to require valid OCSP
response before connection is allowed to continue.

hostapd as EAP server can be configured to return cached OCSP response
using the new ocsp_stapling_response parameter and an external mechanism
for updating the response data (e.g., "openssl ocsp ..." command).

This allows wpa_supplicant to verify that the server certificate has not
been revoked as part of the EAP-TLS/PEAP/TTLS/FAST handshake before
actual data connection has been established (i.e., when a CRL could not
be fetched even if a distribution point were specified).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-06-30 01:01:15 +03:00
Michael Braun
2aaeedfa07 bridge: Give bridge name in per-bss configuration
Currently, when different BSS using different tagged vlan
interfaces, they are forced to share the bridge brvlan#,
which is not desirable.

This patch fixes this by making the bridge name configurable.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-06-25 11:09:01 +03:00
Simon Wunderlich
732118eca3 Rename hostapd_parse_rates() to a more generic int list parser
This can be used with other integer lists than just rates.

Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 20:27:47 +03:00
Simon Wunderlich
b113a171ac DFS: Add ieee80211h hostapd configuration parameter
This patch is based on the original work by Boris Presman and
Victor Goldenshtein. Channel Switch Announcement support has been
removed and event handling as well as channel set handling was
changed, among various other changes.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 20:14:53 +03:00
Johannes Berg
7af092a015 hostapd: Add Key MIC in group EAPOL-Key frames corruption test option
For some testing it can be useful to force the Key MIC in group
EAPOL-Key frames to be corrupt. Add an option to allow setting a
probability for corrupting the Key MIC and use it in the WPA code,
increasing the first byte of the MIC by one to corrupt it if desired.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-05-04 11:45:03 +03:00
Jouni Malinen
8b44ad7e16 Use os_zalloc() instead of os_malloc() + os_memset()
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 23:05:52 +03:00
Johannes Berg
c2aff6b1d1 hostapd: Add some testing options
In order to test clients in scenarios where APs may (randomly)
drop certain management frames, introduce some testing options
into the hostapd configuration that can make it ignore certain
frames. For now, these are probe requests, authentication and
(re)association frames.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-04-23 17:51:28 +03:00
Jouni Malinen
a679c0f284 WPS: Allow hostapd process to control independent WPS interfaces
The new wps_independent=1 configuration parameter can be used to remove
interfaces from the shared hostapd process WPS control (i.e., to apply
WPS operations only to a subset of interfaces instead of all).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 12:34:35 +03:00
Jouni Malinen
042ec551d4 WPS: Use pre-configured NFC password token instead of overriding it
"WPS_NFC_TOKEN <WPS/NDEF>" used to generate a new NFC password token
regardless of whether there was a pre-configured token in the
configuration. Change this to use the pre-configured value, if
available, instead. This allows the same command to be used to write the
password token to an NFC tag more conveniently.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-15 11:24:29 +02:00
Jouni Malinen
cf830c1c54 Use a helper function for selection group cipher for AP mode
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 17:41:40 +02:00
Jouni Malinen
a39c78be41 Use a common function for parsing cipher suites
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 17:06:22 +02:00
Jouni Malinen
625f202a74 SAE: Allow enabled groups to be configured
hostapd.conf sae_groups parameter can now be used to limit the set of
groups that the AP allows for SAE. Similarly, sae_groups parameter is
wpa_supplicant.conf can be used to set the preferred order of groups. By
default, all implemented groups are enabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
d136c376f2 SAE: Add support for Anti-Clogging mechanism
hostapd can now be configured to use anti-clogging mechanism based on
the new sae_anti_clogging_threshold parameter (which is
dot11RSNASAEAntiCloggingThreshold in the standard). The token is
generated using a temporary key and the peer station's MAC address.
wpa_supplicant will re-try SAE authentication with the token included if
commit message is rejected with a token request.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
2049a875bc WNM: Additional BSS Transition Management capability
Add some more functionality for BSS Transition Management:
- advertise support for BSS Transition Management in extended
  capabilities element
- add hostapd.conf parameter bss_transition=1 for enabling support
  for BSS Transition Management
- add "hostapd_cli disassoc_imminent <STA> <num TBTTs>" for sending
  disassociation imminent notifications for testing purposes
- wpa_supplicant: trigger a new scan to find another BSS if the
  current AP indicates disassociation imminent (TODO: the old AP needs
  to be marked to use lower priority to avoid re-selecting it)

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-22 20:27:30 +02:00
Vladimir Kondratiev
7829894c21 Introduce 60 GHz band
Basic support for the 60 GHz band. Neither P2P nor WPS are yet taken
care off. Allows to start AP with very simple config:

network={
        ssid="test"
        mode=2
        frequency=60480
        key_mgmt=NONE
}

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-18 11:50:35 +02:00
Jouni Malinen
b93c8509cc Add support for advertising UTF-8 SSID extended capability
This field can be used to indicate that UTF-8 encoding is used in the
SSID field.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 20:46:51 +02:00
Jouni Malinen
c79938a584 WNM: Enable WNM-Sleep Mode configuration with hostapd SME/MLME
This allows hostapd to process WNM-Sleep Mode Request when using the
internal SME/MLME.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 19:16:17 +02:00
Johannes Berg
3117ad4283 hostapd: Add second VHT frequency segment config
Add the configuration option vht_oper_centr_freq_seg1_idx
for the second segment of an 80+80 MHz channel and use it
when building the VHT operation IE.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-11-24 18:02:29 +02:00
Jouni Malinen
ee431d77a5 Add preliminary support for using SQLite for eap_user database
CONFIG_SQLITE=y option can now be used to allow the eap_user_file text
file to be replaced with a SQLite database
(eap_user_file=sqlite:/path/to/sqlite.db). hostapd.eap_user_sqlite
shows an example of how the database tables can be created for this
purpose. This commit does not yet include full functionality of the
text file format, but at least basic EAP-TTLS/MSCHAPv2 style
authentication mechanisms with plaintext passwords can be used for
tests.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-21 00:47:47 +02:00
Jouni Malinen
c10347f246 Add initial parts for SAE
This introduces new AKM for SAE and FT-SAE and adds the initial parts
for going through the SAE Authentication frame exchange. The actual SAE
algorithm and new fields in Authentication frames are not yet included
in this commit and will be added separately. This version is able to
complete a dummy authentication with the correct authentication
algorithm and transaction values to allow cfg80211/mac80211 drivers to
be tested (all the missing parts can be handled with
hostapd/wpa_supplicant changes).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 19:51:07 +03:00
Jouni Malinen
eb7719ff22 Add support for using GCMP cipher from IEEE 802.11ad
This allows both hostapd and wpa_supplicant to be used to derive and
configure keys for GCMP. This is quite similar to CCMP key
configuration, but a different cipher suite and somewhat different rules
are used in cipher selection. It should be noted that GCMP is not
included in default parameters at least for now, so explicit
pairwise/group configuration is needed to enable it. This may change in
the future to allow GCMP to be selected automatically in cases where
CCMP could have been used.

This commit does not included changes to WPS or P2P to allow GCMP to be
used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 11:52:15 +03:00
Jouni Malinen
b52f084cfa Add parameter for vendor specific elements into Beacon/Probe Response
The new vendor_elements parameter in hostapd.conf can be used to add new
vendor specific element(s) into Beacon and Probe Response frames.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-27 16:20:10 +03:00
Jay Katabathuni
8047b18691 Interworking: Add advertising of NAI Realm list
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-26 18:59:12 +03:00
Jay Katabathuni
a9277e85ca HS 2.0: Add advertisement of Operator Friendly Name
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-25 21:39:19 +03:00
Jouni Malinen
1792e58dbb Interworking: Use generic language,string parser
Replace the Venue Name specific data structure and parser with a
generic mechanism that can be used with other fields that use the
same format.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-25 21:39:00 +03:00
Jay Katabathuni
4065a3092b HS 2.0: Add advertisement of WAN Metrics
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-25 20:28:40 +03:00
Jay Katabathuni
5ccc54aae4 HS 2.0: Add advertisement of Connection Capability
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-25 19:16:09 +03:00
Jay Katabathuni
df5934f194 HS 2.0: Add advertising of Operating Class Indication
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-25 18:26:32 +03:00
Jay Katabathuni
7515adb2b1 Interworking: Add advertising of 3GPP Cellular Network info
The anqp_3gpp_cell_net parameter can be used to configure hostapd
to advertise 3GPP Cellular Network ANQP information.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-25 18:26:28 +03:00
Jouni Malinen
6e4598755b Use os_strdup() instead of os_malloc() + os_memcpy()
It is simpler to use os_strdup() to copy strings even if the end results
end up being used as binary data with a separate length field.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 18:50:42 +03:00
Jouni Malinen
99be648c5d HS 2.0: Do not allow AP hs20=1 configuration without RSN
Hotspot 2.0 networks are required to use WPA2-Enterprise/CCMP, so
enforce this while validating hostapd configuration.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 12:55:12 +03:00
Avinash Patil
d8a085508c hostapd: Disable WPS 2.0 when WPA-TKIP only configuration is set
WSC 2.0 deprecates use of WPA (TKIP) and does not allow WPA/TKIP only
configuration (i.e., WPA2/CCMP needs to be enabled in mixed mode for
WPA/TKIP to be acceptable). Enforce this by disabling WPS if
configuration enables WPA/TKIP without WPA2/CCMP.

Signed-off-by: Avinash Patil <patila@marvell.com>
2012-08-17 19:21:40 +03:00
Jouni Malinen
067ffa2696 Convert os_realloc() for an array to use os_realloc_array()
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-13 21:21:23 +03:00
Yoni Divinsky
eda070f14f Move WMM AC parameter parser into a common file
This allows the same implementation to be used for wpa_supplicant, too.

Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
2012-08-12 11:33:00 +03:00
Mahesh Palivela
9615994ea6 VHT: Add configuration of operating center frequency
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 19:54:54 +03:00
Mahesh Palivela
140e850a66 VHT: Add option for requiring use of VHT
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 19:53:24 +03:00
Mahesh Palivela
6c93c38d7c VHT: Document vht_oper_chwidth and fix indentation
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 19:44:16 +03:00
Michael Braun
a00237ceb8 Add hostapd configuration option to set VLAN naming scheme
Signed-hostap: M. Braun <michael-dev@fami-braun.de>
2012-08-10 14:09:03 +03:00
Jouni Malinen
e122bb70b8 hostapd: Add alternative format for configuring SSID
The new ssid2 parameter can be used as an alternative mechanism for
configuring SSID for hostapd. It uses the same formats that
wpa_supplicant uses in the configuration file for strings.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 16:27:40 +03:00
Jouni Malinen
986de33d5c Convert remaining SSID routines from char* to u8*
This makes it more explicit that the SSID is not a null terminated
C string.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 16:07:25 +03:00
Jay Katabathuni
26fac8b6a0 Interworking: Add Domain Name element (AP)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 22:25:19 +03:00
Jay Katabathuni
78bda93e83 Interworking: Add IP Address Type Availability element (AP)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 22:25:16 +03:00
Jay Katabathuni
550a3958f7 Interworking: Add Network Auth Type element (AP)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 22:25:14 +03:00