Only one of the authentication frame types is encrypted. In order for
static WEP encryption to work properly (i.e., to not encrypt the frame),
we need to tell mac80211 about the frames that must not be encrypted.
If the phy info from nl80211 does not include 802.11b mode, generate
that mode based on 802.11g information. This allows hw_mode=b to be used
with drivers that support 2.4 GHz band.
This is just making an as-is copy of EAP-AKA server and peer
implementation into a new file and by using the different EAP method
type that is allocated for EAP-AKA' (50). None of the other differences
between EAP-AKA and EAP-AKA' are not yet included.
It is likely that once EAP-AKA' implementation is done and is found to
work correctly, large part of the EAP-AKA and EAP-AKA' code will be
shared. However, it is not reasonable to destabilize EAP-AKA
implementation at this point before it is clearer what the final
differences will be.
Since the Registrar may not yet know the UUID-E when a new PIN is
entered, use of a wildcard PIN that works with any UUID-E can be useful.
Such a PIN will be bound to the first Enrollee trying to use it and it
will be invalidated after the first use.
If a STA reassociates and changes key_mgmt (e.g., from WPA-PSK to WPS),
hostapd needs to reset some of the existing STA and WPA state machine
variables to allow correct processing for the new association.
WPS IE is now passed from hostapd association processing into EAP-WSC
and WPS processing. Request Type attribute is parsed from this
information and if the request is for a WLAN Manager Registrar,
additional management keys are derived (to be used with UPnP).
This depends on a patch to Linux nl80211/mac80211 that has not yet been
merged into wireless-testing. If that change is not present, the old
mechanism (WEXT) will be used instead.
It is better to pass both HT Capabilities and HT Operation IEs in the
same function call since it may be easier for the driver wrappers to
handle the changes without having to wait for the other IE in the
wrapper code.
If country_code is set in hostapd.conf, hostapd will now update nl80211
regulatory data by setting the alpha2 string for CRDA. In other words,
"iw reg set <alpha2>" is not needed anymore when using hostapd.
This adds WPS support for both hostapd and wpa_supplicant. Both programs
can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN
methods are supported.
Currently, hostapd has more complete configuration option for WPS
parameters and wpa_supplicant configuration style will likely change in
the future. External Registrars are not yet supported in hostapd or
wpa_supplicant. While wpa_supplicant has initial support for acting as
an Registrar to configure an AP, this is still using number of hardcoded
parameters which will need to be made configurable for proper operation.
Changed accounting_sta_start() to call accounting_sta_get_id()
internally in accounting.c so that external callers do not need to do
anything to allocate unique accounting id. When starting a new session,
a unique identifier is needed anyway, so no need to keep these
operations separate.
This was used to allow hostapd to associate as a non-AP STA to another
AP one the same channel while still acting as an AP with the Host AP
driver. This was very experimental and did not work with all firmware
versions. Nowadays, much better way of doing this is to use mac80211
virtual non-AP STA interface. As such, this experimental code can be
removed from hostapd to reduce the code size and make MLME code easier
to understand since it is now only handling AP functionality.
This code was originally added as a mechanism to handle long waits
during channel selection and/or radar detection. It is not currently
really used and makes the setup sequence nearly impossible to
understand. Let's get rid of the unwanted complexity. This needs to be
redesigned if it is ever needed again.
This code was not finished and did not work with the current mac80211
design. In order to avoid confusing users, it is better to remove this
completely for now and look at new implementation to work with mac80211.
It the message was large enough to require fragmentation (e.g., if a large
Session Ticket data is included), More Fragment flag was set, but no
more fragments were actually sent (i.e., Access-Accept was sent out).
These typedefs were causing build issues with new kernel/C library headers,
so lets get rid of them since they do not seem to be needed anymore. This
applies only if CONFIG_FULL_DYNAMIC_VLAN is enabled which is not even
mentioned in the defconfig file, so this should not change behavior more
most users.
If the driver wrapper does not implement passive_scan handler, do not try
to use strerror() to figure out what the error meant. This is not really an
error that the user should be notified about.
(e.g., via driver_nl80211 when using mac80211) instead of using hostapd as
the source of the regulatory information (i.e., information from CRDA is
now used with mac80211); this allows 5 GHz channels to be used with hostapd
(if allowed in the current regulatory domain).
Updated OpenSSL code for EAP-FAST to use an updated version of the
session ticket overriding API that was included into the upstream
OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is
needed with that version anymore).
Added a new configuration option, wpa_ptk_rekey, that can be used to
enforce frequent PTK rekeying, e.g., to mitigate some attacks against TKIP
deficiencies. This can be set either by the Authenticator (to initiate
periodic 4-way handshake to rekey PTK) or by the Supplicant (to request
Authenticator to rekey PTK).
With both wpa_ptk_rekey and wpa_group_rekey (in hostapd) set to 600, TKIP
keys will not be used for more than 10 minutes which may make some attacks
against TKIP more difficult to implement.