Commit graph

957 commits

Author SHA1 Message Date
Jouni Malinen
390cd3105d WPS UFD: Make build conditional on CONFIG_WPS_UFD=y
Not all embedded devices have USB interface and it is useful to be able
to remove unneeded functionality from the binary. In addition, the
current implementation has some UNIX specific calls in it which may make
it not compile cleanly on all target systems.
2009-02-26 22:01:36 +02:00
Masashi Honma
46bdb83acd WPS: Add UFD support (USBA out-of-band mechanism)
This patch is only for the following use case:
- Enrollee = wpa_supplicant
- Registrar = hostapd internal Registrar

Following UFD methods can be used:
- Enrollee PIN with UFD
- Registrar PIN with UFD
- unencrypted credential with UFD

Encrypted credentials are not supported.

Enrollee side operation:
wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r

Registrar side operation:
./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 21:57:38 +02:00
Jouni Malinen
a9aca28ba3 Fix WPS in non-WPA modes with drivers that implement MLME
Need to set WLAN_STA_WPS and WLAN_STA_MAYBE_WPS flags even if WPA is not
enabled. This allows open and static WEP modes to initiate WPS
negotiation with madwifi-like drivers.
2009-02-23 20:57:07 +02:00
Jouni Malinen
6d7fb6918d Add new driver wrapper for the Atheros driver
This uses similar, but not identical, interface to madwifi. It is easier
to keep this separate to avoid conflicts with potential changes in the
driver interfaces.
2009-02-19 16:27:07 +02:00
Jouni Malinen
d3cba719ff WPS: Use WEP key index 1..4 instead of 0..3 when configuring AP 2009-02-18 20:17:47 +02:00
Sebastien Decugis
ab61c4fc36 Fix hostapd build without NEED_MLME
The following patch fixes a compilation issue when compiling hostapd to
serve as pure RADIUS authentication server.
2009-02-18 19:43:07 +02:00
Jouni Malinen
8807377fe4 nl80211: Add TX/RX packet counts into accounting information 2009-02-18 11:29:45 +02:00
Jouni Malinen
dbdf58b053 driver_nl80211: Fix STA accounting data collection
TX/RX bytes are now reported correctly (typo ended up leaving TX bytes
uninitialized and set RX bytes value to use correct TX bytes). TX/RX
packet counts are not yet available from kernel, so we have to clear the
values to avoid reporting bogus data.
2009-02-16 13:28:42 +02:00
Masashi Honma
34a6c94178 WPS: Fix clearing of WPS IE with madwifi driver
On WPS init/deinit process, the hostapd clears it's own WPS IE
with 0 length WPS IE. But it fails. Because the parameter to
ioctl is too short. Then hostapd prints a below message.

ioctl[IEEE80211_IOCTL_SET_APPIEBUF]: Invalid argument
2009-02-10 11:23:59 +02:00
Jouni Malinen
d0184cb25c UPnP: Renamed PutWLANResponse callback function to match action
No point in adding extra "event_" to the name.
2009-02-06 21:44:19 +02:00
Jouni Malinen
915c1ba3c5 WPS UPnP: Added support for multiple external Registrars
Allow more than one pending PutWLANMessage data to be stored (M2/M2D
from multiple external Registrars) and drop pending M2/M2D messages when
the Enrollee replies with M3.
2009-02-06 21:39:32 +02:00
Jouni Malinen
e1bad1cd7d UPnP: Workaround bogus NewWLANEventMAC in PutWLANResponse
It looks like Intel wsccmd may send a bogus NewWLANEventMAC
(11:22:33:44:55:66) when acting as an wired external Registrar. Work
around this by going through all STAs if the address does not match and
pick the STA that is in an ongoing WPS registration.
2009-02-06 16:39:49 +02:00
Daniel Mierswa
b77eab282a Explicitly link against libdl when including TNC support
If you don't choose OpenSSL as TLS implementation and choose to enable
CONFIG_EAP_TNC you have to link against libdl. The OpenSSL libraries
implicitly link against them, so this might be a reason why it wasn't
noticed yet. I assume the same applies to hostapd.
2009-02-05 19:24:16 +02:00
Jouni Malinen
42f1ee7d1f Fixed scan buffer increasing with WEXT
We can now handle up to 65535 byte result buffer which is the maximum
due to WEXT using 16-bit length field. Previously, this was limited to
32768 bytes in practice even through we tried with 65536 and 131072
buffers which we just truncated into 0 in the 16-bit variable.

This more or less doubles the number of BSSes we can received from scan
results.
2009-02-05 12:00:23 +02:00
Pavel Roskin
e7e9c46e55 Use better examples for MadWifi path in defconfig, clarify comments
MadWifi is unlikely to be in ../head relative to hostapd or
wpa_supplicant, as it would be inside the hostap git repository.
MadWifi sources are more likely to be in a directory called "madwifi"
and residing outside the hostap repository.  Using "madwifi" also
demonstrates that the top-level madwifi directory is needed.
2009-02-04 21:45:14 +02:00
Jouni Malinen
5eb4e3d024 802.11n: scan for overlapping BSSes before starting 20/40 MHz channel
Try to match PRI/SEC channel with neighboring 20/40 MHz BSSes per
IEEE 802.11n/D7.0 11.14.3.2. This is not yet complete implementation,
but at least some parts of the 40 MHz coex are improved.

40 MHz operation maybe rejected (i.e., fall back to using 20 MHz) or
pri/sec channels may be switched if needed.
2009-02-04 21:19:54 +02:00
Jouni Malinen
30fd5f1467 Verify that driver supports configured HT capabilities 2009-02-04 12:49:23 +02:00
Sebastien Decugis
c9c3eafacb Remove unused variable from struct hostapd_config
I think that the "radius" pointer in the structure hostapd_config is
never used; when the configuration is parsed the related data is stored
in hostapd_bss_config's "radius" var.
2009-01-30 21:21:46 +02:00
Jouni Malinen
6f4071c084 Do not use country_code default (was: US)
If country_code is not included in hostapd.conf, refuse to enable IEEE
802.11d and do not try to set the regulatory domain in kernel.
2009-01-30 12:43:19 +02:00
Jouni Malinen
c5e1522f9a Added notes about WPS UPnP support and external Registrars 2009-01-29 19:19:30 +02:00
Jouni Malinen
f620268f13 WPS: Add support for external Registrars using UPnP transport
This adds mostly feature complete external Registrar support with the
main missing part being proper support for multiple external Registrars
working at the same time and processing of concurrent registrations when
using an external Registrar.

This code is based on Sony/Saice implementation
(https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill
(Atheros) to make it more suitable for hostapd design and embedded
systems. Some of the UPnP code is based on Intel's libupnp. Copyrights
and licensing are explained in src/wps/wps_upnp.c in more detail.
2009-01-29 18:47:02 +02:00
Jouni Malinen
1e14526571 Use Data::Data only with Host AP driver; mac80211 can use Data::Nullfunc
The inactivity poll was originally supposed to use Data::Nullfunc, but
due to Prism2/2.5/3 firmware issues, this was changed to an empty
Data::Data frame. mac80211 does not have such an issue, so change the
inactivity poll frame to be Data::Nullfunc by default and use the
Data::Data workaround only with Host AP driver.
2009-01-27 16:36:27 +02:00
Jouni Malinen
f01a6b1e3e driver_nl80211: Fixed inactivity poll status processing
Previous version was discarding TX status for FromDS data frames, but
those are the exact ones that we need to check for inactivity poll to
work, i.e., they are TX status reports for injected data frames.

In addition, remove the debug printing of TX status for data frame since
that could fill up the debug output if kernel-side filtering cannot be
used with monitor interface.
2009-01-27 16:34:48 +02:00
Johannes Berg
9616af520b driver_nl80211: use Linux socket filter to improve performance
TX status information for all transmitted data frames is not going to
be sent to hostapd anymore, so the CPU load with high traffic load is
going to be significantly reduced.
2009-01-27 12:28:05 +02:00
Jouni Malinen
7ce3304ab3 Do not forget wpa_passphrase so that WPS can use it
Send ASCII passphrase instead of derived PSK if the configuration uses
the passphrase.
2009-01-24 12:51:28 +02:00
Jouni Malinen
3b2cf800af WPS: Lock AP Setup on multiple AP PIN validation failures
If a Registrar tries to configure the AP, but fails to validate the
device password (AP PIN), lock the AP setup after four failures. This
protects the AP PIN against brute force guessing attacks.
2009-01-23 21:57:43 +02:00
Jouni Malinen
4c29cae932 Added ap_settings option for overriding WPS AP Settings in M7
This optional configuration parameter can be used to override AP
Settings attributes in M7 similarly to extra_cred option for Credential
attribute(s) in M8.
2009-01-23 21:08:55 +02:00
Jouni Malinen
6296625308 Free extra_cred when freeing configuration 2009-01-23 20:51:26 +02:00
Jouni Malinen
401e039633 Allow WPS device strings to be unconfigured
Previous version was causing a NULL pointer dereference if a required
string was not set in configuration. It is better to make these
optional.
2009-01-22 21:26:14 +02:00
Jouni Malinen
695e2b48e2 Documented interface for external WPS credential processing 2009-01-21 16:42:11 +02:00
Jouni Malinen
a60e7213e1 Fixed WPS with open and shared WEP networks
Do not initialize EAPOL state machine for the STA when hostapd is
configured to use WPS with open or shared WEP networks. This allows the
STA to use EAPOL-Start to indicate it wants to start WPS in such a case
and hostapd does not end up running through EAPOL authentication timeout
and disconnecting the STA if WPS is not used.

There was already code for starting EAPOL state machines based on
received EAPOL packets, but that was not working properly since
portEnabled was not set to TRUE on that code path. This is now fixed,
too.
2009-01-21 14:18:14 +02:00
Jouni Malinen
aabe26a136 WPS: Added option to disable AP auto-config on first registration
This operation can now be moved into an external program by configuring
hostapd with wps_cred_processing=1 and skip_cred_build=1. A new
ctrl_iface message (WPS-REG-SUCCESS <Enrollee MAC addr> <UUID-E>) will
be used to notify external programs of each successful registration and
that can be used as a tricker to move from unconfigured to configured
state.
2009-01-21 13:48:10 +02:00
Jouni Malinen
d745c7cc1a Added wps_cred_processing configuration option for hostapd
This behaves like the one in wpa_supplicant, i.e., hostapd can be
configured not to process new credentials (AP settings) internally and
instead pass the WPS attributes for an external program to process over
ctrl_iface.
2009-01-21 11:54:12 +02:00
Jouni Malinen
42d16805c9 Enable wpa_msg() for hostapd
Use wpa_msg() like wpa_supplicant in order to avoid having to use direct
hostapd_ctrl_iface_send() calls.
2009-01-21 11:45:56 +02:00
Jouni Malinen
1cc84c1c6b Increased wpa_cli/hostapd_cli ping interval and made it configurable
The default interval is now 5 seconds (used to be 1 second for
interactive mode and 2 seconds for wpa_cli -a). The interval can be
changed with -G<seconds> command line option.
2009-01-20 21:12:00 +02:00
Jouni Malinen
adddffd129 Fixed MFP Association Comeback mechanism to use Timeout Interval IE
The separate Association Comeback Time IE was removed from IEEE 802.11w
and the Timeout Interval IE (from IEEE 802.11r) is used instead. The
editing on this is still somewhat incomplete in IEEE 802.11w/D7.0, but
still, the use of Timeout Interval IE is the expected mechanism.
2009-01-19 18:42:10 +02:00
Jouni Malinen
eca6e0a9a5 WPS: Provide the unparsed Credential attribute to cred_cb()
This makes it easier to pass the credential data to external programs
(e.g., Network Manager) for processing. The actual use of this data is
not yet included in hostapd/wpa_supplicant.
2009-01-17 22:17:12 +02:00
Jouni Malinen
6fa68a0ee5 Added an option to add (or override) Credential attribute(s) in M8 2009-01-16 22:50:41 +02:00
Jouni Malinen
4bb081f1b4 Renamed PMKSA cache functions to avoid duplicate symbols with supplicant
This allows hostapd/pmksa_cache.c and src/rsn_supp/pmksa_cache.c to be
linked into the same program.
2009-01-14 22:01:26 +02:00
Jouni Malinen
13268290b6 Moved rsn_pmkid() into shared code to avoid duplication 2009-01-14 21:31:47 +02:00
Jouni Malinen
010dc06853 Moved RADIUS Class attribute helpers into RADIUS module 2009-01-13 20:01:29 +02:00
Jouni Malinen
61e64e7b7f Removed dead code 2009-01-13 19:15:42 +02:00
Jouni Malinen
c77bb61aee Fixed copy-paste error in retry configuration (incorrect ioctl used) 2009-01-13 19:14:38 +02:00
Jouni Malinen
25ba219f3e Removed unused set_regulatory_domain driver function 2009-01-13 19:12:25 +02:00
Jouni Malinen
f49275c92f Fixed build without CONFIG_IEEE80211N 2009-01-12 22:08:53 +02:00
Jouni Malinen
4cdde5caf7 Fixed a typo in printf -> wpa_printf changes 2009-01-12 22:06:51 +02:00
Jouni Malinen
24bb3d9788 Fixed build with wpa_printf disabled 2009-01-12 22:06:06 +02:00
Jouni Malinen
a9843f614f Removed hw_features.o from build if hostapd MLME is not used 2009-01-12 22:03:58 +02:00
Jouni Malinen
7fd46d466f Added build option for disabling control interface (CONFIG_NO_CTRL_IFACE) 2009-01-12 21:44:57 +02:00
Jouni Malinen
30b32314eb Added build option for removing VLAN support (CONFIG_NO_VLAN) 2009-01-12 21:39:19 +02:00
Jouni Malinen
71f04b3cf9 Fixed CONFIG_NO_HOSTAPD_LOGGER build 2009-01-12 21:21:31 +02:00
Jouni Malinen
27750f29d6 Comment out RADIUS configuration parsing if RADIUS client support is
disabled in the build.
2009-01-12 16:49:39 +02:00
Jouni Malinen
10656fc23a Replaced printf() calls with wpa_printf() 2009-01-12 16:49:04 +02:00
Jouni Malinen
815d2189d9 Remove TLS-PRF from hostapd build if it is not needed 2009-01-12 15:20:12 +02:00
Jouni Malinen
03ba2cb4c6 Added CONFIG_NO_AES_EXTRAS for hostapd
This allows unneeded AES routines to be removed from the build to reduce
binary size.
2009-01-12 15:15:35 +02:00
Jouni Malinen
bc521fac13 Fixed couple of build failures with minimal configuration 2009-01-12 15:08:33 +02:00
Jouni Malinen
3904625396 Silenced some sparse warnings 2009-01-11 10:42:07 +02:00
Jouni Malinen
b7fc385071 Fixed build with 802.11n disabled 2009-01-10 21:36:41 +02:00
Jouni Malinen
5fa30f32da Cleaned up main() by splitting it into number of helper functions 2009-01-09 18:04:57 +02:00
Jouni Malinen
b5b969e9c7 Moved driver callback functions from hostapd.c to a new file 2009-01-09 17:27:03 +02:00
Jouni Malinen
81897f4c88 Moved TKIP countermeasures from hostapd.c to its own file 2009-01-09 17:12:33 +02:00
Jouni Malinen
9302c5e19c Cleanup: move related functions closer to eachother 2009-01-09 17:06:54 +02:00
Jouni Malinen
3313cea0d6 Fixed TKIP countermeasueres for drivers that do not use hostapd MLME
The Michael MIC reporting functions have to be included even when using
driver MLME.
2009-01-09 17:00:29 +02:00
Jouni Malinen
649d8890b1 Add wrapper functions for IEEE 802.11 driver calls into driver.h
These functions allow the driver_*.c wrappers not to include
ieee802_11.h.
2009-01-09 16:55:59 +02:00
Jouni Malinen
b83cbb3b3b Use a wrapper function for ieee802_1x_receive() to avoid ieee802_1x.h
Driver wrappers should not need to include ieee802_1x.h, so use a
wrapper function declared in driver.h.
2009-01-09 16:33:59 +02:00
Jouni Malinen
33eb3c4ec4 Moved disassociation processing away from driver_*.c 2009-01-09 16:27:30 +02:00
Jouni Malinen
940a0ce970 Moved association check from driver_*.c into ieee802_1x_receive() 2009-01-09 16:17:20 +02:00
Jouni Malinen
602996f8db Moved WPA setup etc. association processing away from driver_*.c
This is all details that should not need to be handled in driver_*.c.
2009-01-09 16:13:07 +02:00
Jouni Malinen
214021f585 Move RX-from-unknown-STA processing away from driver_*.c
This cleans up the driver wrapper interface by getting rid of sta_info.h
dependency in all drivers that use MLME implementation in hostapd
(driver_hostap.c and driver_nl80211.c).
2009-01-09 15:44:45 +02:00
Jouni Malinen
8607f4c31f Moved TX status processing for STA entries away from driver_*.c
Driver wrappers should not need to know about this level of core hostapd
details.
2009-01-09 15:33:36 +02:00
Jouni Malinen
76e2592190 Share the same radiotap helper implementation 2009-01-09 15:22:19 +02:00
Jouni Malinen
d200828b41 Moved rfc1042_header into driver_*.c that use it
No need to share such a small buffer and make hostapd.[ch] more complex
with it.
2009-01-09 15:06:48 +02:00
Jouni Malinen
a2f517fb93 Fixed a typo in a comment 2009-01-09 15:01:50 +02:00
Jouni Malinen
8d06da09a4 Move generic definitions away from hostapd.h
This is an initial step in trying to make hostapd.h not needed to be
included in so many files.
2009-01-08 20:14:05 +02:00
Jouni Malinen
bfddd95c9e Split hostapd/driver.h into two files
driver.h contains the definitions needed in driver wrapper
implementations (driver_*.c) and driver_i.h contains the definitions
that are used in core hostapd code to interact with the driver wrappers.
2009-01-08 20:02:56 +02:00
Jouni Malinen
f88bd28836 Added support for removing RADIUS accounting and RADIUS in general
CONFIG_NO_ACCOUNTING=y and CONFIG_NO_RADIUS=y build options can now be
used to remove RADIUS support from the hostapd build.
2009-01-08 19:15:25 +02:00
Jouni Malinen
9c584c06bd Remove MLME code from build if none of the enabled drivers need it 2009-01-08 18:40:14 +02:00
Jouni Malinen
bb305cbdcc Replaced printf() with wpa_printf() 2009-01-08 16:57:04 +02:00
Jouni Malinen
03018d3e7c Added CONFIG_NO_STDOUT_DEBUG for hostapd
This is similar to one in wpa_supplicant and can be used to reduce the
binary size by removing debugging messages.
2009-01-08 16:47:04 +02:00
Jouni Malinen
7d02e64157 Mark shared secret const in RADIUS client routines 2009-01-08 16:41:47 +02:00
Jouni Malinen
1c6e69ccda Moved documentation from developer.txt into source code files
Use Doxygen comments for functions to replace the old text file that was
not up-to-date anymore.
2009-01-08 16:33:00 +02:00
Jouni Malinen
6f78f2fb3b Preparations for 0.6.7 release 2009-01-06 20:11:15 +02:00
Jouni Malinen
f58b20ce66 Fixed IMAGE_PATH for doxygen run in root directory 2009-01-04 14:44:33 +02:00
Jouni Malinen
2eba45c8de Added endianness annotation for sparse 2009-01-03 21:00:38 +02:00
Jouni Malinen
5306f43fc3 Fixed sparse warnings about integer vs. pointer use
The configuration parsing functions seemed to have worked fine before,
but these were real bugs even if they did not show up in practice.
hostapd_ip_diff() was broken for IPv6 addresses (overwrote address and
always returned 1.
2009-01-03 20:46:32 +02:00
Jouni Malinen
d953d9ab80 Removed sparse destinations since "CC=cgcc make" works fine 2009-01-03 20:39:52 +02:00
Jouni Malinen
7e5ba1b916 Mark functions static if not used elsewhere and use proper prototypes 2009-01-03 20:38:42 +02:00
Jouni Malinen
875f6d7b93 Create all doxygen docs from root directory to get proper path names
This updated all doxygen runs to use the same style that was used for
wpa_supplicant full documents. The full vs. fast configurations are now
otherwise identical apart from fast not generating dot files or
latex/pdf version of the documentation.
2009-01-03 09:59:12 +02:00
Jouni Malinen
a17df5fb8b Fixed number of doxygen warnings 2009-01-02 22:28:04 +02:00
Jouni Malinen
a4149765a2 Added more src subdirectories into doxygen docs 2009-01-02 22:27:17 +02:00
Jouni Malinen
4be048a8a6 Updated doxygen configuration files to work with new doxygen
The doxygen run is not exactly warning free yet, but this gets a step
closer to being able to produce something useful again.
2009-01-02 21:57:51 +02:00
Jouni Malinen
862e08a9a4 Include ieee802_11_defs.h explicitly instead of assuming it gets included
Some build configurations failed to compile because this file did not
get included.
2009-01-02 21:14:21 +02:00
Jouni Malinen
79da74a20c WPS: Generate UUID based on MAC address, if not set
Generate a SHA1 hash -based UUID from the local MAC address if the UUID
was not configured. This makes it easier to prepare for WPS since there
is no need to generate an UUID.
2009-01-01 22:56:52 +02:00
Jouni Malinen
e834272f73 Include pending MFP defines in nl80211_copy.h
This can be used to get rid of the extra cpp define since we have our
local copy of wireless.h and nl80211.h.
2008-12-31 18:10:14 +02:00
Jouni Malinen
ac43f1fa39 Renamed nl80211 HT channel parameters to match with kernel 2008-12-31 17:59:13 +02:00
Jouni Malinen
df1e9601a4 Fixed SA Query Request length
Do not send extra 24 octets of random data in the end.
2008-12-31 17:50:14 +02:00
Jouni Malinen
1aa5c13471 Clear BIP keys, too, when removing broadcast keys with MFP enabled 2008-12-31 17:49:43 +02:00
Jouni Malinen
d5263983ac MFP: Remove mac80211 workaround of IGTK in monitor netdev
mac80211 can now figure out which key to use for injected frames (in
most cases), so we can remove the workaround for configuring IGTK on the
monitor interface that is used for injecting frames.
2008-12-31 17:48:13 +02:00
Jouni Malinen
88b4b4246d Added ctrl_interface command for sending a SA Query request
This can be useful for testing IEEE 802.11w functionality, so provide
means for manual request to send a SA Query request.
2008-12-30 18:04:29 +02:00
Jouni Malinen
805e6dc663 Disconnect the STA if EAP timeout is reached
There is not really much else the Authenticator can do if it does not
receive valid EAP response from the Supplicant/EAP peer. EAP-Failure
would need to be sent before trying to start again with
EAP-Request/Identity, but that is not allowed before the EAP peer
actually replies. Anyway, forcing a new association is likely to clean
up peer state, too, so it can help fixing some issues that could have
caused the peer not to be able to reply in the first place.
2008-12-29 19:16:48 +02:00
Jouni Malinen
8e09c6d253 Fixed retransmission of EAP requests if no response is received
It looks like this never survived the move from IEEE 802.1X-2001 to
IEEE 802.1X-2004 and EAP state machine (RFC 4137). The retransmission
scheduling and control is now in EAP authenticator and the
calculateTimeout() producedure is used to determine timeout for
retransmission (either dynamic backoff or value from EAP method hint).

The recommended calculations based on SRTT and RTTVAR (RFC 2988) are not
yet implemented since there is no round-trip time measurement available
yet.

This should make EAP authentication much more robust in environments
where initial packets are lost for any reason. If the EAP method does
not provide a hint on timeout, default schedule of 3, 6, 12, 20, 20, 20,
... seconds will be used.
2008-12-29 18:10:34 +02:00
Jouni Malinen
65d50f0ac6 Add RADIUS server support for identity selection hint (RFC 4284)
Previously, only the delivery option 1 from RFC 4284
(EAP-Request/Identity from the AP) was supported. Now option 3
(subsequent EAP-Request/Identity from RADIUS server) can also be used
when hostapd is used as a RADIUS server. The eap_user file will need to
have a Phase 1 user entry pointing to Identity method in order for this
to happen (e.g., "* Identity" in the end of the file). The identity hint
is configured in the same was as for AP/Authenticator case (eap_message
in hostapd.conf).
2008-12-26 20:22:12 +02:00
Andriy Tkachuk
d9f5626293 NEED_BASE64 for WPS
It looks like we need base64 routines when compiling WPS in hostapd
(used in src/wps/wps_registrar.c:910).
2008-12-26 16:40:27 +02:00
Jouni Malinen
6f5c8dbd79 Added a TODO item for sending protected Disassoc after failed SA Query 2008-12-26 15:56:30 +02:00
Jouni Malinen
cae93bdc9c Added a note about IEEE 802.11w/D7.0 update 2008-12-26 12:59:07 +02:00
Jouni Malinen
8f4617c6c4 Do not use SA Query procedure if reassociation is part of FT 2008-12-26 12:55:35 +02:00
Jouni Malinen
ff89afb77b Add Key Length field into IGTK sub-element (FTIE) per 802.11w/D7.0 2008-12-26 12:49:15 +02:00
Jouni Malinen
45c94154a6 Updated SA Query procedure to use timeouts per 802.11w/D7.0
The previous max_attempts * timeout is now replaced with two timeouts
(one for each retry, the other one for maximum wait).
2008-12-26 12:30:34 +02:00
Jouni Malinen
93b76319f1 Renamed Ping procedure into SA Query procedure per 802.11w/D7.0
This commit changes just the name and Action category per D7.0. The
retransmit/timeout processing in the AP is not yet updated with the
changes in D7.0.
2008-12-26 11:46:21 +02:00
Jouni Malinen
9a9876bf9c Fixed the MFP Status/Reason Code values per 802.11w/D7.0 2008-12-26 11:29:17 +02:00
Jouni Malinen
ff36ff00b8 Reject association if HT STA tries to use TKIP as pairwise cipher 2008-12-22 14:05:53 +02:00
Jouni Malinen
f130ba9b4a Allow HT to be enabled for a STA even without WMM
The STA won't be able to use block ACK/aggregation, but at least it
should be allowed to use MCS rates and HT40.
2008-12-22 13:05:33 +02:00
Jouni Malinen
e6f9861ace Added a note about mac80211-based drivers and nl80211 2008-12-20 13:02:29 +02:00
Jouni Malinen
a2b3a34bab IANA allocated EAP method type 51 to EAP-GPSK 2008-12-20 12:39:24 +02:00
Jouni Malinen
bae61562a4 Cleaned up EAPOL-Key timeout processing
dot11RSNAConfigGroupUpdateTimeOut and
dot11RSNAConfigPairwiseUpdateTimeOut MIB variables were only used in
draft versions of IEEE 802.11i, so rename these in order not to use
confusing name here.

Replaced EAPOL-Key timeout to use following timeouts (in
milliseconds): 100,1000,1000,1000 (this was 1000,1000,1000,0). There
is no point in sending out the final EAPOL-Key frame which would be
immediately followed by disconnection. After the change to allow
response to any pending EAPOL-Key frame, it is fine to send the first
retransmission quickly to avoid long wait in cases where Supplicant
did not receive the first frame for any reason. The new sequence will
still provide 3.1 seconds of time to get any response frame, so this
does not reduce the previous time.
2008-12-18 17:15:36 +02:00
Jouni Malinen
47f72245e2 Do not allow HT with WPA/WPA2 to be enabled without CCMP
IEEE 802.11n does not allow HT STAs to use TKIP between themselves, so
do do allow a configuration that would force this to happen if HT is
used.
2008-12-17 12:16:13 +02:00
Jouni Malinen
22a299ee9d Improve EAPOL-Key handshake stability with retransmitted frames
Accept response to any pending request, not just the last one. This
gives the Supplicant more time to reply since hostapd will now allow up
to three seconds for the reply to the first EAPOL-Key frame transmission
(and two seconds for the first retry and one second for the last) while
the previous version invalidated any old request immediately when
sending a retransmitted frame.

If the Supplicant replies to more than one request, only the first reply
to arrive at the Authenticator will be processed. As far as the
Supplicant is concerned, this behavior does not differ from the previous
one except for being less likely to cause unneeded retransmissions of
EAPOL-Key frames.

This can help in cases where power saving is used when the group key is
rekeyed or when there is excessive traffic on the channel that can delay
(or drop) EAPOL-Key frames.
2008-12-16 14:17:33 +02:00
Jouni Malinen
75fc67e97b driver_test: Handle WPS IE in non-MLME test 2008-12-12 22:52:56 +02:00
Jouni Malinen
e33bbd8f4d driver_test: Optional support for using UDP socket
driver_test can now be used either over UNIX domain socket or UDP
socket. This makes it possible to run the test over network and makes it
easier to port driver_test to Windows.

hostapd configuration: test_socket=UDP:<listen port>
wpa_supplicant configuration: driver_param=test_udp=<dst IP addr>:<port>
2008-12-12 21:35:22 +02:00
Jouni Malinen
9a6cec7bc6 Added CONFIG_IEEE80211N into defconfig (commented out) 2008-12-10 00:46:55 +02:00
Jouni Malinen
cfb7e8a086 Fixed build without CONFIG_IEEE80211N 2008-12-10 00:45:57 +02:00
Jouni Malinen
fecc01663b Updated the comment about libnl to state that version 1.1 is new enough 2008-12-09 22:41:01 +02:00
Jouni Malinen
205a372b2d Added libnl 2.0 compatibility code (CONFIG_LIBNL20=y in .config needed)
Unfortunately, at least the current libnl git snapshot changes the API
in backwards incompatible way and in a way that makes it difficult to
to allow building against the latest libnl code.
2008-12-08 22:40:58 +02:00
Jouni Malinen
d9f2b1c382 driver_test: Added support for testing WPS without use_mlme 2008-12-08 21:42:01 +02:00
Jouni Malinen
7e45830ab7 nl80211: Include copy of linux/nl80211.h with hostapd/wpa_supplicant
This makes it easier to build the packages and allows all new features
to be built into the binary regardless of which kernel is currently
used.
2008-12-08 11:04:13 +02:00
Jouni Malinen
a9d1364c5f Merged EAP-AKA' into eap_aka.c and added it to defconfig/ChangeLog 2008-12-07 19:24:56 +02:00
Jouni Malinen
bb9f45e0bb nl80211: Remove the debug print from data frame processing
This is currently happening way too frequently (mac80211 monitor
interface sends TX info for every frame) and the end result makes it
difficult to read hostapd debug log if there is large amount of data
traffic.
2008-12-04 14:20:33 +02:00
Jouni Malinen
4a7b9f885f Fixed WEP authentication (both Open System and Shared Key) with mac80211
Only one of the authentication frame types is encrypted. In order for
static WEP encryption to work properly (i.e., to not encrypt the frame),
we need to tell mac80211 about the frames that must not be encrypted.
2008-12-04 13:21:35 +02:00
Jouni Malinen
f07688e37d nl80211: Generate 802.11b mode based on 802.11g information
If the phy info from nl80211 does not include 802.11b mode, generate
that mode based on 802.11g information. This allows hw_mode=b to be used
with drivers that support 2.4 GHz band.
2008-12-03 12:42:21 +02:00
Jouni Malinen
8c37556cd1 Add a starting point for EAP-AKA' (draft-arkko-eap-aka-kdf-10)
This is just making an as-is copy of EAP-AKA server and peer
implementation into a new file and by using the different EAP method
type that is allocated for EAP-AKA' (50). None of the other differences
between EAP-AKA and EAP-AKA' are not yet included.

It is likely that once EAP-AKA' implementation is done and is found to
work correctly, large part of the EAP-AKA and EAP-AKA' code will be
shared. However, it is not reasonable to destabilize EAP-AKA
implementation at this point before it is clearer what the final
differences will be.
2008-12-02 20:12:49 +02:00
Jouni Malinen
e8ff1e594e Fixed non-HT (and GF, 20 MHz) counting
Must not count the same STA multiple times if it reassociates back to
the same AP without the old STA entry being removed.
2008-12-02 14:32:05 +02:00
Jouni Malinen
08bec36178 WPS: Added support for wildcard PINs that work with any UUID-E
Since the Registrar may not yet know the UUID-E when a new PIN is
entered, use of a wildcard PIN that works with any UUID-E can be useful.
Such a PIN will be bound to the first Enrollee trying to use it and it
will be invalidated after the first use.
2008-11-30 20:32:03 +02:00
Jouni Malinen
30f5c941aa WPS: Added note about update_config and added WPS to ChangeLog 2008-11-30 17:48:45 +02:00
Jouni Malinen
a8d05fca5f Clear various flags on re-association to allow key_mgmt changes
If a STA reassociates and changes key_mgmt (e.g., from WPA-PSK to WPS),
hostapd needs to reset some of the existing STA and WPA state machine
variables to allow correct processing for the new association.
2008-11-30 17:22:51 +02:00
Jouni Malinen
06384c662a WPS: Added driver_test debug dump of Beacon/ProbeResp WPS IE 2008-11-29 21:27:25 +02:00
Jouni Malinen
8874b727ab WPS: Add length limits to device attribute strings 2008-11-29 21:26:07 +02:00
Jouni Malinen
43fb17940f WPS: Fixed hostapd to use allocated buffers for device attributes
Previous version did not handle re-configuration correctly since WPS
context data was pointing to old (now freed) strings.
2008-11-29 21:12:12 +02:00
Jouni Malinen
7d7b8e960a WPS: Split wps_common.c into parts
To make it easier to find various functions, attribute functions were
split into wps_attr_{build,parse,process}.c.
2008-11-29 13:16:26 +02:00
Jouni Malinen
120bd30c34 WPS: Moved RF Bands processing into wps_dev_attr.c
This allows the RF Bands attribute to be configured and stored.
2008-11-29 12:59:43 +02:00
Jouni Malinen
eb76b7e3ff WPS: Parse Request Type from WPS IE in (Re)AssocReq and derive mgmt keys
WPS IE is now passed from hostapd association processing into EAP-WSC
and WPS processing. Request Type attribute is parsed from this
information and if the request is for a WLAN Manager Registrar,
additional management keys are derived (to be used with UPnP).
2008-11-29 12:11:56 +02:00
Jouni Malinen
2f4eb31454 Changed NL80211_ATTR_WIPHY_SEC_CHAN_OFFSET to use U32 2008-11-26 16:16:28 +02:00
Jouni Malinen
a78d3dbd02 nl80211: Fixed a merge issue in an earlier commit for set_freq 2008-11-26 10:52:45 +02:00
Jouni Malinen
446842b101 nl80211: Clear HT flags from the channel when exiting 2008-11-26 10:51:01 +02:00
Jouni Malinen
fe0f58fa69 Added option to distinguish non-HT and HT20 in set_freq 2008-11-26 10:44:04 +02:00
Jouni Malinen
95da9bbc36 nl80211: Add support for setting channel frequency and HT20 vs. HT40
This depends on a patch to Linux nl80211/mac80211 that has not yet been
merged into wireless-testing. If that change is not present, the old
mechanism (WEXT) will be used instead.
2008-11-25 20:59:39 +02:00
Jouni Malinen
ffbcf648ed Change HT parameter configuration to use a single driver ops function
It is better to pass both HT Capabilities and HT Operation IEs in the
same function call since it may be easier for the driver wrappers to
handle the changes without having to wait for the other IE in the
wrapper code.
2008-11-25 14:57:34 +02:00
Jouni Malinen
3e0cb2c503 Validate HT40 channel pair validity based on IEEE 802.11n Annex J 2008-11-25 12:51:03 +02:00
Jouni Malinen
d6c9d4740b driver_nl80211: Added set_country() handler
If country_code is set in hostapd.conf, hostapd will now update nl80211
regulatory data by setting the alpha2 string for CRDA. In other words,
"iw reg set <alpha2>" is not needed anymore when using hostapd.
2008-11-25 12:10:35 +02:00
Jouni Malinen
df73d284fb Added support for generating Country IE based on nl80211 regulatory info 2008-11-25 11:56:28 +02:00
Jouni Malinen
bf01d8bc2b Get maximum TX power for each allowed channel from mac80211 2008-11-25 11:11:50 +02:00
Jouni Malinen
b3e7a97df0 Add some notes on which channels can be used with HT40- and HT40+
This is not a complete list, but at least it can provide some help for
whoever is trying to configure hostapd for 802.11n HT40 operation.
2008-11-24 19:28:37 +02:00
Jouni Malinen
cd587cceff Add set STA Channel Width field to 1 when allowing HT40 2008-11-24 16:44:17 +02:00
Jouni Malinen
a8d8410e1f Added support for configuring secondary channel offset for HT40 2008-11-24 16:33:45 +02:00
Jouni Malinen
a86f6ccad7 Rename [40HT] to [HT40] in ht_capab 2008-11-24 16:11:19 +02:00
Jouni Malinen
8725598c46 Fixed HT Capabilities Info byte order processing for big endian CPUs 2008-11-24 16:06:18 +02:00
Jouni Malinen
fc14f56759 Added IEEE 802.11n HT capability configuration (ht_capab) 2008-11-24 15:44:25 +02:00
Jouni Malinen
ad08c3633c Added preliminary Wi-Fi Protected Setup (WPS) implementation
This adds WPS support for both hostapd and wpa_supplicant. Both programs
can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN
methods are supported.

Currently, hostapd has more complete configuration option for WPS
parameters and wpa_supplicant configuration style will likely change in
the future. External Registrars are not yet supported in hostapd or
wpa_supplicant. While wpa_supplicant has initial support for acting as
an Registrar to configure an AP, this is still using number of hardcoded
parameters which will need to be made configurable for proper operation.
2008-11-23 19:34:26 +02:00
Jouni Malinen
6e89cc438e Preparations for 0.6.6 release 2008-11-23 17:02:06 +02:00
Jouni Malinen
2fc98d02c1 Simplified RADIUS accounting id usage
Changed accounting_sta_start() to call accounting_sta_get_id()
internally in accounting.c so that external callers do not need to do
anything to allocate unique accounting id. When starting a new session,
a unique identifier is needed anyway, so no need to keep these
operations separate.
2008-11-23 11:12:17 +02:00
Jouni Malinen
74bd7dae63 Use SM_ENTER_GLOBAL to clean up EAPOL state machine debug messages
This removes unnecessary messages about entering REAUTH_TIMER INITIALIZE
state every second when a STA is in unauthenticated state.
2008-11-23 11:01:28 +02:00
Jouni Malinen
b1fa8bf129 Allocate new Acct-Session-Id on EAPOL-Logoff
Stop accounting session on EAPOL-Logoff and use new Acct-Session-Id if
STA authenticates again within same association after this.
2008-11-23 10:47:36 +02:00
Jouni Malinen
39e50be082 Fixed listen interval configuration for nl80211 drivers
Need to update the struct sta_info value, too, and not only the local
variable used in handle_assoc()..
2008-11-22 21:20:27 +02:00
Jouni Malinen
fe2c5241b5 Remove experimental non-AP STA code from hostapd
This was used to allow hostapd to associate as a non-AP STA to another
AP one the same channel while still acting as an AP with the Host AP
driver. This was very experimental and did not work with all firmware
versions. Nowadays, much better way of doing this is to use mac80211
virtual non-AP STA interface. As such, this experimental code can be
removed from hostapd to reduce the code size and make MLME code easier
to understand since it is now only handling AP functionality.
2008-11-21 20:48:58 +02:00
Jouni Malinen
ddaa83ebeb Remove overly complex hostapd setup sequence with n+1 callbacks
This code was originally added as a mechanism to handle long waits
during channel selection and/or radar detection. It is not currently
really used and makes the setup sequence nearly impossible to
understand. Let's get rid of the unwanted complexity. This needs to be
redesigned if it is ever needed again.
2008-11-21 20:39:33 +02:00
Jouni Malinen
2387b8c0b0 Removed forgotten register_drivers() prototype
Driver registration style was changed long time ago and this is not used
anymore.
2008-11-21 19:51:06 +02:00
Jouni Malinen
d52e94f965 Removed partial IEEE 802.11h implementation
This code was not finished and did not work with the current mac80211
design. In order to avoid confusing users, it is better to remove this
completely for now and look at new implementation to work with mac80211.
2008-11-21 19:45:20 +02:00
Jouni Malinen
d337b6fb65 Removed now unused reconfig variables. 2008-11-21 19:31:54 +02:00
Jouni Malinen
fb6d357532 reconfig.c file was not used at all, so remove it.
This implementation of reconfiguration is way too complex. Something
simpler should be implemented to allow dynamic configuration changes.
2008-11-21 19:28:45 +02:00
Jouni Malinen
477df071d7 Fixed hostapd build without l2_packet (e.g., RADIUS server only). 2008-11-21 15:44:00 +02:00
Jouni Malinen
012783f1ab Fixed EAP-TLS message fragmentation for the last TLS message
It the message was large enough to require fragmentation (e.g., if a large
Session Ticket data is included), More Fragment flag was set, but no
more fragments were actually sent (i.e., Access-Accept was sent out).
2008-11-20 19:39:35 +02:00
Jouni Malinen
bac912e5bd Remove extra typedefs since they do not seem to be needed anymore
These typedefs were causing build issues with new kernel/C library headers,
so lets get rid of them since they do not seem to be needed anymore. This
applies only if CONFIG_FULL_DYNAMIC_VLAN is enabled which is not even
mentioned in the defconfig file, so this should not change behavior more
most users.
2008-11-18 15:06:03 +02:00
Jouni Malinen
ba60b94a40 Improved the error message for passive scan not being available
If the driver wrapper does not implement passive_scan handler, do not try
to use strerror() to figure out what the error meant. This is not really an
error that the user should be notified about.
2008-11-18 15:01:24 +02:00
Jouni Malinen
9ee06a63e5 driver_nl80211: Remove monitor interface if AP initialization fails 2008-11-18 14:55:32 +02:00
Jouni Malinen
10b83bd712 Changed channel flags configuration to read the information from the driver
(e.g., via driver_nl80211 when using mac80211) instead of using hostapd as
the source of the regulatory information (i.e., information from CRDA is
now used with mac80211); this allows 5 GHz channels to be used with hostapd
(if allowed in the current regulatory domain).
2008-11-18 14:51:43 +02:00
Jouni Malinen
0cf03892a4 OpenSSL 0.9.9 API change for EAP-FAST session ticket overriding API
Updated OpenSSL code for EAP-FAST to use an updated version of the
session ticket overriding API that was included into the upstream
OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is
needed with that version anymore).
2008-11-16 21:29:12 +02:00
Jouni Malinen
581a8cde77 Added support for enforcing frequent PTK rekeying
Added a new configuration option, wpa_ptk_rekey, that can be used to
enforce frequent PTK rekeying, e.g., to mitigate some attacks against TKIP
deficiencies. This can be set either by the Authenticator (to initiate
periodic 4-way handshake to rekey PTK) or by the Supplicant (to request
Authenticator to rekey PTK).

With both wpa_ptk_rekey and wpa_group_rekey (in hostapd) set to 600, TKIP
keys will not be used for more than 10 minutes which may make some attacks
against TKIP more difficult to implement.
2008-11-06 19:57:21 +02:00
Jouni Malinen
988ab690ac Preparations for 0.6.5 release 2008-11-01 17:20:25 +02:00
Jouni Malinen
07d44beeab Added a note about hostapd driver_nl80211 and AP mode in wireless-testing 2008-11-01 14:32:10 +02:00
Johannes Berg
4aac554ce2 driver_nl80211: Remove set_ssid from nl80211 driver
This is no longer required (and does not work with current
wireless-testing anymore).

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2008-11-01 13:45:34 +02:00
Jouni Malinen
cb7b04c8c9 Moved ieee802_11_parse_elems() into common code 2008-10-29 21:48:14 +02:00
Jouni Malinen
3d536eb453 Removed the unused hapd argument to ieee802_11_parse_elems() 2008-10-29 21:33:46 +02:00
Jouni Malinen
fefee8a74d driver_nl80211: Added TX queue parameter configuration 2008-10-29 19:35:17 +02:00
Jouni Malinen
4c99a969e3 driver_nl80211: Added basic rate configuration 2008-10-29 19:34:27 +02:00
Jouni Malinen
8e8df25541 nl80211: Finish dumps properly (ported from iw.git) 2008-10-29 19:28:35 +02:00
Jouni Malinen
990ec3787e Set TX queue parameters during initialization
This was already called from reconfig.c, but the call from hostapd.c had
been forgotten.
2008-10-29 19:25:15 +02:00
Jouni Malinen
9663596fac Fix group key rekeying when reauth happens during pending group key update
We need to cancel the group key update for a STA if a reauthentication
request is received while the STA is in pending group key update. When
canceling the update, we will also need to make sure that the PTK Group Key
state machine ends up in the correct state (IDLE) to allow future updates
in case of WPA2.
2008-10-21 13:54:54 +03:00
Jouni Malinen
2d86724409 EAP-FAST: Allow A-ID and A-ID-Info to be configured separately
Changed EAP-FAST configuration to use separate fields for A-ID and
A-ID-Info (eap_fast_a_id_info) to allow A-ID to be set to a fixed
16-octet len binary value for better interoperability with some peer
implementations; eap_fast_a_id is now configured as a hex string.
2008-10-19 09:55:59 +03:00
Jouni Malinen
2100a768bf Fixed WPA/RSN IE validation to verify the proto (WPA vs. WPA2) is enabled
Previous version could have allowed a broken client to complete WPA (or
WPA2) authentication even if the selected proto was not enabled in hostapd
configuration.
2008-10-15 06:34:39 +03:00
Jouni Malinen
a11c90a64a EAP-FAST: Make PAC-Key lifetime values configurable
The hardcoded values in eap_fast.c were replaced with values read from
hostapd.conf.
2008-10-08 17:25:47 +03:00
Jouni Malinen
378eae5e9b EAP-FAST: Added support for disabling anonymous/authenticated provisioning
eap_fast_prov config parameter can now be used to enable/disable different
EAP-FAST provisioning modes:
0 = provisioning disabled
1 = only anonymous provisioning allowed
2 = only authenticated provisioning allowed
3 = both provisioning modes allowed
2008-10-08 16:55:23 +03:00
Jouni Malinen
85141289d5 Silenced some of the driver-related messages for driver=none case
No need to print these to confuse users that configure hostapd as a RADIUS
server without any AP functionality.
2008-10-01 14:17:35 +03:00
Jouni Malinen
d64dabeebc Added a new driver wrapper, "none", for RADIUS server only configuration
This can be used to limit hostapd code size and clean up debug output for
configurations that do not use hostapd to control AP functionality.
2008-10-01 14:07:55 +03:00
Johannes Berg
cafe38cae0 nl80211 hostapd driver: clean up netlink code
Put it into a single place instead of having it all over.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2008-09-29 19:37:24 +03:00
Johannes Berg
6773de39b1 nl80211 driver: correctly set the encrypt bit for eapol frames
A recent kernel change led to all EAPOL frames being encrypted rather than
just those for the group handshake. This is due to transmit processing in
the kernel now using the proper interface which would encrypt those frames
with the group key because hostapd wasn't requesting that they not be
encrypted. This changes the nl80211 driver to not request encryption unless
the EAPOL frame should be encrypted.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2008-09-29 19:21:51 +03:00
Jouni Malinen
b27f13ed28 MFP + FT: Added support for sending IGTK in FTIE 2008-09-01 11:00:59 +03:00
Jouni Malinen
565861976d Added support for using SHA256-based stronger key derivation for WPA2
IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for
key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new
AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 22:57:28 +03:00
Jouni Malinen
9b71728bba Cleaned up TX callback request processing
Move the use of 802.11 header protocol field into driver_hostap.c since
this is a Host AP driver specific mechanism and other driver wrappers
should not really need to know about it.
2008-08-31 11:15:56 +03:00
Jouni Malinen
c2a714088d Moved WMM action category definition into ieee802_11_defs.h 2008-08-31 11:06:58 +03:00
Jouni Malinen
5d22a1d5aa IEEE 802.11w: Added association ping
This updates management frame protection to use the assocition ping process
from the latest draft (D6.0) to protect against unauthenticated
authenticate or (re)associate frames dropping association.
2008-08-31 11:04:47 +03:00
Jouni Malinen
1e858f69d9 Copy previous BSSID into STA data only after full validation of the request 2008-08-30 18:25:44 +03:00
Jouni Malinen
0b60b0aaad Updated MFP defines based on IEEE 802.11w/D6.0 and use new MFPC/MFPR
This adds most of the new frame format and identifier definitions from IEEE
802.11w/D6.0. In addition, the RSN IE capability field values for MFP is
replaced with the new two-bit version with MFPC (capable) and MFPR
(required) processing.
2008-08-30 14:59:39 +03:00
Jouni Malinen
271d2830ff Added support for setting VLAN ID for STAs based on local MAC ACL
This allows the accept_mac_file to be used as an alternative for RADIUS
server-based configuration. This is mainly to ease VLAN testing (i.e., no
need to set up RADIUS server for this anymore).
2008-08-28 18:43:26 +03:00
Jouni Malinen
00ad53ef68 Send HT parameters for new STAs
This depends on a mac80211 patch to add NL80211_ATTR_HT_CAPABILITY
(which is not yet in wireless-testing).
2008-08-25 11:30:39 +03:00
Jouni Malinen
f2c290ccf4 Switched driver_nl80211 to use the new sta_add2() 2008-08-25 10:06:40 +03:00
Jouni Malinen
4d4233eaf4 Fixed internal TLSv1 server implementation for abbreviated handshake
When the TLS handshake had been completed earlier by the server in case of
abbreviated handshake, the output buffer length was left uninitialized. It
must be initialized to zero in this case. This code is used by EAP-FAST
server and the uninitialized length could have caused it to try to send a
very large frame (though, this would be terminated by the 50 roundtrip EAP
limit). This broke EAP-FAST server code in some cases when PAC was used to
establish the tunnel.
2008-08-24 13:08:15 +03:00
Jouni Malinen
1f21bc4cc3 Fixed EAP-FAST server PAC-Opaque padding
0.6.4 broke this for some peer identity lengths. The padding was supposed
to make sure that the length of PAC-Opaque is divisible by 8.
2008-08-24 12:50:12 +03:00
Jouni Malinen
9d2a76a2c3 Moved IEEE 802.11n parameter to be per-radio instead of per-BSS 2008-08-22 21:03:31 +03:00
Jouni Malinen
edd360e170 Do not store dynamic HT IEs in configuration structures
The configuration data should only store the static configuration data and
not dynamic data. In addition, storing HT configuration and state in IEs is
not the easiest way of doing this, so use more convenient data types for
storing configuration and dynamic state. The HT IEs are then generated
based on the static configuration and dynamic state whenever needed.
2008-08-22 20:55:52 +03:00
Tomas Winkler
71b6ae1425 Add Intel copyright for files with 802.11n Intel changes
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
2008-08-22 09:15:05 +03:00
Jouni Malinen
839faf0475 Add configuration option for enabling optional use of short preamble 2008-08-21 18:36:21 +03:00
Jouni Malinen
de9289c8e9 Add preliminary IEEE 802.11n support into hostapd
This commit brings in cleaned up version of IEEE 802.11n implementation
from Intel (1). The Intel tarball includes number of other changes, too,
and only the changes specific to IEEE 802.11n are brought in here. In
addition, this does not include all the changes (e.g., some of the
configuration parameters are still missing and driver wrapper changes for
mac80211 were not included).

(1)
http://www.kernel.org/pub/linux/kernel/people/chuyee/wireless/iwl4965_ap/hostap_0_6_0_intel_0.0.13.1.tgz
2008-08-21 18:18:38 +03:00
Jouni Malinen
1d8ce433c9 Internal X.509/TLSv1: Support SHA-256 in X.509 certificate digest 2008-08-16 11:21:22 +03:00
Jouni Malinen
c1e033b0bb IEEE Std 802.11r-2008 has been released, so update references 2008-08-15 11:25:24 +03:00
Jouni Malinen
d48ae45b73 Preparations for 0.6.4 release 2008-08-10 20:33:12 +03:00
Jouni Malinen
7b5776834b Fixed a NULL pointer dereference when driver initialization fails 2008-08-08 19:30:58 +03:00
Jouni Malinen
358921edb7 Added support for setting BSS parameters with NL80211_CMD_SET_BSS
This new cfg80211 command is used for setting CTS protect, short preamble,
and short slot time parameters for the BSS. The matching kernel change has
been submitted, but is not yet included in wireless-testing. The code here
used #ifdef to avoid compilation failures before the new command is
available.
2008-08-07 20:09:55 +03:00
Jouni Malinen
bf98f7f3bc Added support for opportunistic key caching (OKC)
This allows hostapd to share the PMKSA caches internally when multiple
BSSes or radios are being controlled by the same hostapd process.
2008-08-03 20:17:58 +03:00
Jouni Malinen
27e120c46d Cleaned up some of invalid documentation related to channel configuration. 2008-07-23 03:51:10 +03:00
Jouni Malinen
b0f23e11ed Fixed NULL pointer dereference on error path [Bug 273] 2008-07-18 05:57:03 +03:00
Jouni Malinen
eb0699b6ba Add IGTK/MFP configuration (disabled by default)
Added code to use suggested nl80211/cfg80211 API for setting MFP related
parameters. This is disabled by default since the API changes has not yet
been approved. The new commands can be enabled by defining
NL80211_MFP_PENDING (this will be removed once the API changes is
approved).
2008-06-18 11:23:59 +03:00
Jouni Malinen
f3f7540edc Added WLAN_STA_MFP flag for driver wrappers so that they can configure the
driver to enable MFP (IEEE 802.11w) processing for the STA.
2008-06-17 11:21:11 +03:00
Jouni Malinen
94e5af7948 Added support for configuring IGTK
This needs changes in kernel code, too, but the cipher suite for IGTK is
defined in IEEE 802.11w, so this code in hostapd side can be added now.
2008-06-16 11:20:01 +03:00
Jouni Malinen
2eeaa5c9d0 EAP-PEAP: Moved the common peap_prfplus() function into a shared file 2008-06-09 10:32:12 +03:00
Jouni Malinen
3f3339dfe7 Fixed a buffer overflow in nla_parse call
The first argument (tb) to nla_parse must have room for maxtype+1, not
maxtype, elements.
2008-06-06 16:51:17 +03:00
Pavel Roskin
f3833aee90 Fix compile warnings on 64-bit systems
Don't cast pointers to int in definitions of PRISM2_HOSTAPD_RID_HDR_LEN
and PRISM2_HOSTAPD_GENERIC_ELEMENT_HDR_LEN.  Use size_t instead.  That's
actually what the code needs.
2008-06-06 14:17:03 +03:00
Jouni Malinen
a8e16edc86 Introduced new helper function is_zero_ether_addr()
Use this inline function to replace os_memcmp(addr,
"\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0.
2008-06-03 18:08:48 +03:00
Jouni Malinen
957ed801e9 Fix USE_KERNEL_HEADERS build with compat-wireless
compat-wireless does not include linux/compiler.h to define __user, so
define it in hostapd code before including linux/wireless.h.
2008-06-03 11:57:52 +03:00
Jouni Malinen
8479707beb Include wireless_copy.h instead of linux/wireless.h to avoid conflicts
linux/wireless.h ends up including number of Linux kernel header files and
many of the definitions are conflicting with (or at least duplicating)
definitions in net/if.h.
2008-06-03 11:31:42 +03:00
Jouni Malinen
34f564dbd5 Redesigned EAP-TLS/PEAP/TTLS/FAST fragmentation/reassembly
Fragmentation is now done as a separate step to clean up the design and to
allow the same code to be used in both Phase 1 and Phase 2. This adds
support for fragmenting EAP-PEAP/TTLS/FAST Phase 2 (tunneled) data.
2008-05-28 09:57:17 +03:00
Jouni Malinen
1b52ea47e4 Added fragmentation support for EAP-TNC 2008-05-26 12:00:18 +03:00
Jouni Malinen
29222cd303 Added instructions on how to create the DH parameters files. 2008-05-21 10:53:56 +03:00
Jouni Malinen
dcf9c2bd77 Updated the comment on 'bridge' variable to mention nl80211 which needs
this parameter, too.
2008-05-07 13:51:00 +03:00
Michael Bernhard
b717ee2ab2 Disable functionality in hostapd_deauth_all_stas for hostap driver only
Signed-off-by: Michael Bernhard <michael.bernhard@bfh.ch>
2008-04-16 14:40:32 +03:00
Jouni Malinen
0d58229994 Small whitespace cleanup 2008-04-13 12:48:59 +03:00
Michael Bernhard
4c6122c397 driver_nl80211: Do not send nl80211 message if beacon is not set yet
Signed-off-by: Michael Bernhard <michael.bernhard at bfh.ch>
2008-04-13 12:41:30 +03:00
Michael Bernhard
f4a5a7468d driver_nl80211: Return correct value
Signed-off-by: Michael Bernhard <michael.bernhard at bfh.ch>
2008-04-13 12:40:24 +03:00
Michael Bernhard
a325926a9c driver_nl80211: Initialize local variable
This solves the problem with out-of-sync ACK messages.

Signed-off-by: Michael Bernhard <michael.bernhard at bfh.ch>
2008-04-13 12:39:13 +03:00
Michael Bernhard
99c55ef92f driver_nl80211: Clone netlink callbacks instead of creating new ones
This way the default callbacks are inherited.

Signed-off-by: Michael Bernhard <michael.bernhard at bfh.ch>
2008-04-13 12:37:49 +03:00
Bernhard Michael
f7868b5018 driver_nl80211: Use customizable netlink callbacks
This allows the use of NL_CB_VERBOSE or NL_CB_DEBUG.

Signed-off-by: Michael Bernhard <michael.bernhard at bfh.ch>
2008-04-13 12:36:23 +03:00
Michael Bernhard
7cc92d7275 driver_nl80211: Use the correct nl80211 command to flush all stations
Signed-off-by: Michael Bernhard <michael.bernhard at bfh.ch>
2008-04-13 12:33:59 +03:00
Johannes Berg
dda803699f nl80211 driver: fix beacon interval setting
This removes the hard-coded beacon interval setting.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2008-04-09 10:11:04 +03:00
Artem Antonov
eaaab2bd98 Fix nl80211 driver to receive EAPOL response
This patch fixes nl80211 driver to receive EAPOL response if wlan0 was
added to bridge.
2008-04-08 09:49:06 +03:00
Daniel Wagner
913cf1caec Rename NL80211_[ATTR]_STA_STAT_* to NL80211_[ATTR_]STA_INFO_
adapt to change 72141605e9f9d856418bbed9dc47e5ad42aabb42
nl80211/cfg80211: support for mesh, sta dumping

Signed-off-by: Daniel Wagner <wagi@monom.org>
2008-03-31 12:39:52 +03:00
Jouni Malinen
e7d8003358 EAP-PEAP: Fixed interop issues in key derivation with cryptobinding
It looks like Microsoft implementation does not match with their
specification as far as PRF+ label usage is concerned.. IPMK|CMK is derived
without null termination on the label, but the label for CSK derivation
must be null terminated.

This allows cryptobinding to be used with PEAPv0 in a way that
interoperates with Windows XP SP3 (RC2) and as such, this functionality is
now enabled as an optional addition to PEAPv0.
2008-03-19 16:58:06 +02:00
Jouni Malinen
06726f0bdd EAP-PEAP: Moved EAP-TLV processing into eap_peap.c
EAP-PEAP was the only method that used the external eap_tlv.c server
implementation. This worked fine just for the simple protected result
notification, but extending the TLV support for cryptobinding etc. is not
trivial with such separation. With the TLV processing integrated into
eap_peap.c, all the needed information is now available for using
additional TLVs.
2008-03-18 08:31:04 +02:00
Chris Zimmermann
6affdaee6b Support for RADIUS ACLs with drivers that do not use hostapd MLME
Sam Leffler <sam@errno.com>:
Attached are changes from Chris Zimmerman (cc'd) to allow drivers to handle
radius ACL's.  The patch is against 0.5.10 but I suspect will also apply to
your latest code.  These mods enable radius acl support in freebsd w/ my
vap code.

You may want to do the changes to ieee802_11_auth.c differently as they
currently require all participating drivers to work the same.  You might be
able to check the return value from hostapd_set_radius_acl_auth and use
that to decide whether the alternate code should be run so you can have 1
driver using this stuff while the other does not.

(jm: Added without more dynamic check for now; in addition, none of the
current in-tree driver wrappers actually implement these handlers, so this
is in preparation for future changes)
2008-03-12 11:43:55 +02:00
Chris Zimmermann
b6745143e8 hostapd_allowed_address() is called from hostapd_config_reload_sta() with
session_timeout and acct_interim_interval set to NULL.  Without checking
these before accessing, we'd cause a NULL pointer access in this case.  In
ieee802_11.c calls hostapd_allowed_address() with valid pointers.
2008-03-12 11:39:56 +02:00
Jouni Malinen
502a293e30 TNC: Added TNC server support into documentation and ChangeLogs 2008-03-09 12:14:15 +02:00
Jouni Malinen
c3e258ae9f TNC: Provide 'tnc' configuration option for EAP server and methods 2008-03-09 10:42:53 +02:00
Jouni Malinen
da08a7c732 TNC: Added preliminary TNC implementation for hostapd
This adds EAP-TNC method and TNCS (IF-IMV and IF-TNCCS) functionality.
There is no integration with EAP-TTLS and EAP-FAST at this point, so this
version is not yet suitable for real use (i.e., EAP-TNC can only be tested
outside a tunnel which is not an allowed configuration for deployment).
However, the basic TNCS functionality is more or less complete and this
version seems to interoperate with wpa_supplicant.
2008-03-09 10:37:18 +02:00
Jouni Malinen
7914585fe0 EAP-FAST: Cleaned up TLV processing and added support for EAP Sequences
Number of TLVs were processed in groups and these cases were now separated
into more flexible processing of one TLV at the time. wpabuf_concat()
function was added to make it easier to concatenate TLVs. EAP Sequences are
now supported in both server and peer code, but the server side is not
enabled by default.
2008-02-27 17:59:34 -08:00
Jouni Malinen
a4819630f6 EAP-FAST: Added shared helper functions for building TLVs 2008-02-27 17:56:30 -08:00
Jouni Malinen
829f14be17 EAP-FAST: Add peer identity into EAP-FAST PAC-Opaque
This allows Phase 2 Identity Request to be skipped if the identity is
already known from PAC-Opaque received in TLS handshake in order to save
one roundtrip from normal authentication.
2008-02-27 17:55:40 -08:00
Jouni Malinen
b0194fe07e Added max_listen_interval configuration option
This allows associations to be denied if the STA tries to use too large
listen interval. The default value is 65535 which matches with the field
size limits.
2008-02-27 17:54:06 -08:00
Jouni Malinen
dc366e8e85 Added listen interval to hostapd sta_add() driver function 2008-02-27 17:45:00 -08:00
Jouni Malinen
3b46a31ec7 Added files that cg-init excluded 2008-02-27 17:36:06 -08:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00