The wpa_psk_file can now be modified and hostapd can be told to re-read
it with the control interface RELOAD_WPA_PSK command:
$ hostapd_cli reload_wpa_psk
It must be noted special care must be taken if WPS is configured
(wps_state=2, eap_server=1) because WPS appends PMKs to the
wpa_psk_file.
Signed-off-by: Michal Kazior <michal@plume.com>
There is no need to allow symlink dereferencing in these cases where a
file (including directories and sockets) are created by the same
process, so use the safer lchown() variant to avoid leaving potential
windows for something external to replace the file before the chown()
call. The particular locations used here should not have write
permissions enabled for processes with less privileges, so this may not
be needed, but anyway, it is better to make these more restrictive
should there be cases where directory permissions are not as expected
for a good deployment.
Signed-off-by: Jouni Malinen <j@w1.fi>
Make this command more convenient to use by not requiring two space
characters between the command and the first parameter.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add support for negotiating WNM Collocated Interference Reporting. This
allows hostapd to request associated STAs to report their collocated
interference information and wpa_supplicant to process such request and
reporting. The actual values (Collocated Interference Report Elements)
are out of scope of hostapd and wpa_supplicant, i.e., external
components are expected to generated and process these.
For hostapd/AP, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration. STAs are requested to perform
reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report
Timeout>" control interface command. The received reports are indicated
as control interface events "COLOC-INTF-REPORT <addr> <dialog token>
<hexdump of report elements>".
For wpa_supplicant/STA, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration and setting Collocated
Interference Report Elements as a hexdump with "SET coloc_intf_elems
<hexdump>" control interface command. The hexdump can contain one or
more Collocated Interference Report Elements (each including the
information element header). For additional testing purposes, received
requests are reported with "COLOC-INTF-REQ <dialog token> <automatic
report enabled> <report timeout>" control interface events and
unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>".
This commit adds support for reporting changes in the collocated
interference (Automatic Report Enabled == 1 and partial 3), but not for
periodic reports (2 and other part of 3).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new DAC_REQUEST control interface command can now be used to request
hostapd to send out Disconnect-Request and CoA-Request packets for an
existing session.
DAC_REQUEST <disconnect|coa> <MAC Address> [t_c_clear]
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previously, hostapd CHAN_SWITCH command did not effect VHT configuration
for the following:
When VHT is currently disabled (ieee80211ac=0),
1. hostapd_cli -p /var/run/hostapd chan_switch 10 5180 \
sec_channel_offset=1 center_freq1=5190 bandwidth=40 ht
====> Comes up in HT40
2. hostapd_cli -p /var/run/hostapd chan_switch 10 5765 \
sec_channel_offset=-1 center_freq1=5775 bandwidth=40 vht
====> Comes up in HT40
3. hostapd_cli -p /var/run/hostapd chan_switch 10 5200 center_freq1=5200 \
bandwidth=20 vht
====> Comes up in HT20
When VHT is currently enabled (ieee80211ac=1),
1. hostapd_cli -p /var/run/hostapd chan_switch 10 5180 \
sec_channel_offset=1 center_freq1=5190 bandwidth=40 ht
====> Comes up in VHT40
2. hostapd_cli -p /var/run/hostapd chan_switch 10 5200 center_freq1=5200 \
bandwidth=20 ht
====> Comes up in VHT20
This is since VHT config from chan_switch is processed only for
bandwidths 80 and above (80P80, 160) and for VHT20, VHT40 cases, only
NLA chan type and chan width are updated.
There is no NL attribute for determining if it is HT or VHT for
bandwidths 20 & 40 and currently they are updated as HT20, HT40 (+ or -
depending on offset). Same is notified back via
NL80211_CMD_CH_SWITCH_NOTIFY.
Instead of adding new NL attribute for tracking HT/VHT enabled config,
we are adding new hostapd VHT config parameter to save the chan_switch
config and use only for chan_switch case of VHT20 and VHT40.
Tested with all combinations of chan_switch (noHT->20->40->80->) HT/VHT
and confirmed to be working.
Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
To retain configurator information across hostapd/wpa_supplicant
restart, private key need to be maintained to generate a valid pair of
authentication keys (connector, netaccess_key, csign) for new enrollees
in the network.
Add a DPP_CONFIGURATOR_GET_KEY control interface API through which the
private key of an existing configurator can be fetched.
Command format:
DPP_CONFIGURATOR_GET_KEY <configurator_id>
The output from this command can then be used with
"DPP_CONFIGURATOR_ADD key=<hexdump>" to create the same key again.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This header file pulls in an OpenSSL header file and as such, should not
be included without CONFIG_DPP=y to avoid bringing in an unnecessary
build dependency on OpenSSL header files.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, MAC ACL could be modified only through file operations
(modify accept/deny_mac_file and reload it to hostapd). Extend this to
allow MAC ACL to be modified and displayed through new control interface
commands:
ACCEPT_ACL <subcmd> [argument]
DENY_ACL <subcmd> [argument]
subcmd: ADD_MAC <addr>[ VLAN_ID=<id>]|DEL_MAC <addr>|SHOW|CLEAR
Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
Configurator signing its own Connector was previously supported only in
wpa_supplicant. This commit extends that to hostapd to allow an AP
acting as a Configurator to self-configure itself.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This moves the Configurator and Bootstrapping Information data from
struct hostapd_data (per-BSS) to struct hapd_interfaces (per-hostapd
process). This allows the information to be maintained over interface
restarts and shared between interfaces.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows external applications to get event indication for Probe
Request frames. Extend ctrl iface cmd "ATTACH" to enable this event on
per-request basis. For example, user has to send ctrl iface cmd "ATTACH
probe_rx_events=1" to enable the Probe Request frame events.
Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
Previously, this command stopped listen operation immediately, but if
there was an ongoing authentication exchange, a new listen operation was
started. This is not really expected behavior, so stop the
authentication exchange first with this command to avoid restarting
listen operation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is an initial step in allowing non-operating channel operations
with DPP when hostapd is the Responder. For now, this is only used for
specifying role=configurator/enrollee and qr=mutual cases similarly to
the wpa_supplicant configuration for in Responder role. Request to use a
non-operating channel will be rejected.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In order to test the WoWLAN GTK rekeying KRACK mitigation, add a
REKEY_GTK hostapd control interface command that can be used at certain
points of the test.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add a generic mechanism for configuring the DPP implementation to behave
in particular different (mostly incorrect) ways for protocol testing
purposes. The new dpp_test parameter can be set to a non-zero integer to
indicate a specific behavior. This is only available in
CONFIG_TESTING_OPTIONS=y builds.
This commit include cases for an extra attribute being added after the
Wrapped Data attribute and Initiator/Responder capabilities having an
unexpected zero capability.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows hostapd testing functionality to be forced to send out a
plaintext EAPOL-Key frame with the RESEND_* command. That can be useful
in seeing how the station behaves if an unencrypted EAPOL frame is
received when TK is already configured.
This is not really perfect since there is no convenient way of sending
out a single unencrypted frame in the current nl80211 design. The
monitor interface could likely still do this, but that's not really
supposed to be used anymore. For now, clear and restore TK during this
operation. The restore part is not really working correctly, though,
since it ends up clearing the TSC value on the AP side and that shows up
as replay protection issues on the station. Anyway, this is sufficient
to generate sniffer captures to analyze station behavior.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new hostapd control interface command SET_KEY can be used to request
an arbitrary key to be configured to the driver.
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new hostapd control interface commands "RESEND_M1 <addr>" and
"RESEND_M3 <addr>" can be used to request a retransmission of the 4-Way
Handshake messages 1/4 and 3/4 witht he same or modified ANonce (in M1).
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new hostapd control interface command "RESEND_GROUP_M1 <addr>" can
be used to request a retransmission of the Group Key Handshake message
1/2 for the current GTK.
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
This can be used to test replay protection. The "RESET_PN" command in
wpa_supplicant and "RESET_PN <addr>" command in hostapd resets the local
counters to zero for the last configured key. For hostapd, the address
parameter specifies which STA this operation is for or selects GTK
("ff:ff:ff:ff:ff:ff") or IGTK ("ff:ff:ff:ff:ff:ff IGTK").
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows ext_mgmt_frame_handling=1 cases with hostapd to process TX
status events based on external processing. This is useful for increased
test coverage of management frame processing.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, CONFIG_WNM enabled build that supports WNM for both
station mode and AP mode. However, in most wpa_supplicant cases only
station mode WNM is required and there is no need for AP mode WNM.
Add support to differentiate between station mode WNM and AP mode
WNM in wpa_supplicant builds by adding CONFIG_WNM_AP that should be
used when AP mode WNM support is required in addition to station mode
WNM. This allows binary size to be reduced for builds that require
only the station side WNM functionality.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This extends the hostapd control interface to support the
DPP_BOOTSTRAP_INFO command that was recently added for wpa_supplicant.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This updates the previously copied implementation to be up-to-date with
the more recent wpa_supplicant changes.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Allow hostapd to initiate and respond with PKEX bootstrapping similarly
to how this was implemented in wpa_supplicant.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows external programs to generate and add PMKSA cache entries
into hostapd. The main use for this is to run external DPP processing
(network introduction) and testing.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This new AKM is used with DPP when using the signed Connector to derive
a PMK. Since the KCK, KEK, and MIC lengths are variable within a single
AKM, this needs number of additional changes to get the PMK length
delivered to places that need to figure out the lengths of the PTK
components.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds DPP bootstrapping, authentication, and configuration into
hostapd similarly to how the design was integrated in wpa_supplicant.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a helper function that parses candidate list from command line
arguments.
This function will be used (in the following commits) to add
a candidate list to BSS transition management query.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
The new control interface command "REQ_BEACON <STA addr>
[req_mode=<mode>] <beacon request>" can now be used to request hostapd
to transmit a measurement request to request a beacon report from an
associated STA. This command returns the assigned dialog token (1-255)
or FAIL on failure.
Signed-off-by: Jouni Malinen <j@w1.fi>
The actual BSS configuration parameter can be updated with the SET
control interface command, so there is no need to maintain a separate
per-BSS parameter and a separate control interface handling for this.
Signed-off-by: Jouni Malinen <j@w1.fi>
The optional url=<URL> parameter was stored in allocated memory and that
memory was leaked if some following parameter parsing attempts failed.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it easier to write hwsim test cases to verify management
frame processing sequences with dropped or modified frames. When
ext_mgmt_frame_handling is used, this new command can be used to request
hostapd to process a received a management frame, e.g., based on
information reported in the MGMT-RX events.
This is more or less identical to the earlier wpa_supplicant commit
4de70e2330 ('Add MGMT_RX_PROCESS test
command for wpa_supplicant'), but for hostapd.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 4ec1fd8e42 ('FT: Differentiate
between FT for station and for AP in build') renamed all
CONFIG_IEEE80211R instances within src/ap/* to CONFIG_IEEE80211R_AP, but
it did not change hostapd/* files to match. While this does not cause
much harm for normal use cases, this broke some test builds where
wpa_supplicant build is used to build in hostapd/*.c files for analysis.
Fix this by completing CONFIG_IEEE80211R_AP renaming.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a configuration option in hostapd.conf and in neighbor report that
sets an AP as stationary. To enable this option on the current AP set
the config option stationary_ap to 1. To set a neighbor entry to be
marked as stationary add the word stat to the SET_NEIGHBOR command. This
option tells hostapd to send LCI data even if it is older than requested
by max age subelement in RRM request.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Add signal level information to the station tracking information. Also
make it available via the "TRACK_STA_LIST" control command.
Signed-off-by: Kevin Mahoney <k.mahoney@cablelabs.com>
Commit 56885eecf4 ('hostapd: Add UDP
support for ctrl_iface') added dl_list_init() for global_ctrl_dst to
hostapd_global_ctrl_iface_init().
Though, hostapd_global_ctrl_iface_init() is only called from
main.c:main(), which already initializes global_ctrl_dst unconditionally
before. Same with global_ctrl_sock.
Remove this duplicate initialization.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This adds CONFIG_FILS=y build configuration option and new key
management options for FILS authentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Implement the signature mechanism described in the paper
"Passive Taxonomy of Wifi Clients using MLME Frame Contents"
published by Denton Gentry and Avery Pennarun.
http://research.google.com/pubs/pub45429.htmlhttps://arxiv.org/abs/1608.01725
This involves:
1. Add a CONFIG_TAXONOMY compile option. Enabling taxonomy incurs
a memory overhead of up to several kilobytes per associated
station.
2. If enabled, store the Probe Request and (Re)Associate Request frame in
struct sta_info.
3. Implement code to extract the ID of each Information Element,
plus selected fields and bitmasks from certain IEs, into a
descriptive text string. This is done in a new source file,
src/ap/taxonomy.c.
4. Implement a "signature qq:rr:ss:tt:uu:vv" command
in hostapd_cli to retrieve the signature.
Signatures take the form of a text string. For example, a signature
for the Nexus 5X is:
wifi4|probe:0,1,127,45,191,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:338061b2,
vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:00000a0201000040|assoc:0,1,48,45,
221(0050f2,2),191,127,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:339071b2,
vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:0000000000000040
Signed-off-by: dgentry@google.com (Denton Gentry)
Signed-off-by: denny@geekhold.com (Denton Gentry)
Signed-off-by: rofrankel@google.com (Richard Frankel)
Signed-off-by: richard@frankel.tv (Richard Frankel)
This hostapd control interface command could hit a NULL pointer
dereference if issued before the BSS was enabled.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>