Commit graph

56 commits

Author SHA1 Message Date
Jay Katabathuni
26fac8b6a0 Interworking: Add Domain Name element (AP)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 22:25:19 +03:00
Jay Katabathuni
78bda93e83 Interworking: Add IP Address Type Availability element (AP)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 22:25:16 +03:00
Jay Katabathuni
550a3958f7 Interworking: Add Network Auth Type element (AP)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 22:25:14 +03:00
Jouni Malinen
8342185012 HS 2.0: Add mechanism for disabling DGAF
disable_dgaf=1 in hostapd.conf can now be used to disable downstream
group-addressed forwarding (DGAF). In this configuration, a unique
GTK (and IGTK) is provided to each STA in the BSS to make sure the
keys do not match and no STA can forge group-addressed frames.

An additional mechanism in the AP needs to be provided to handle some
group-addressed frames, e.g., by converting DHCP packets to unicast
IEEE 802.11 frames regardless of their destination IP address and by
providing Proxy ARP functionality.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 18:23:52 +03:00
Jay Katabathuni
159c89ab4f HS 2.0: Add configuration for Hotspot 2.0 AP support
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 18:23:11 +03:00
Mahesh Palivela
efe45d1471 hostapd: Initial IEEE 802.11ac (VHT) definitions
Add IEEE 802.11ac definitions for config, IEEE structures, constants.

Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-06-30 13:52:13 +03:00
Jouni Malinen
ffdaa05a6b WPS: Add support for NCF password token from AP
The new hostapd ctrl_iface command WPS_NFC_TOKEN can now be used to
manage AP-as-Enrollee operations with NFC password token. WPS/NDEF
parameters to this command can be used to generate a new NFC password
token. enable/disable parameters can be used to enable/disable use of
NFC password token (instead of AP PIN) for external Registrars.

A preconfigured NFS password token can be used by providing its
parameters with new hostapd.conf fields wps_nfc_dev_pw_id,
wps_nfc_dh_pubkey, wps_nfc_dh_privkey, and wps_nfc_dev_pw. This use
will also depend on WPS_NFC_TOKEN enable/disable commands, i.e., the
configured NFS password token is disabled by default.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 19:43:29 +03:00
Jouni Malinen
bde7ba6caf RADIUS DAS: Validate Event-Timestamp
DAS will now validate Event-Timestamp value to be within an acceptable
time window (300 seconds by default; can be set using
radius_das_time_window parameter). In addition, Event-Timestamp can be
required in Disconnect-Request and CoA-Request messages with
radius_das_require_event_timestamp=1.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 17:43:36 +03:00
Baruch Siach
17706d1c76 hostapd: Return error value on configuration check failure
Don't count errors since the number isn't used anyway.

Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-06-16 20:30:28 +03:00
Baruch Siach
4929898dab hostapd: Remove redundant variable initialization
The 'errors' variable is initialized later anyway.

Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-06-16 20:26:51 +03:00
Jouni Malinen
b031338cf0 Add preliminary RADIUS dynamic authorization server (RFC 5176)
This adds the basic DAS mechanism to enable hostapd to be configured
to request dynamic authorization requests (Disconnect-Request and
CoA-Request). This commit does not add actual processing of the
requests, i.e., this will only receive and authenticate the requests
and NAK them regardless of what operation is requested.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-06 22:02:42 +03:00
Jouni Malinen
af35e7af7f hostapd: Allow addition of arbitrary RADIUS attributes
New configuration parameters radius_auth_req_attr and
radius_acct_req_attr can now be used to add (or override) RADIUS
attributes in Access-Request and Accounting-Request packets.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 20:19:56 +03:00
Jouni Malinen
86f6053aa2 hostapd: Add optional Chargeable-User-Identity request (RFC 4372)
radius_request_cui=1 configuration parameter can now be used to
configure hostapd to request CUI from the RADIUS server by including
Chargeable-User-Identity attribute into Access-Request packets.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 18:19:54 +03:00
Sujith Manoharan
1ed08baf89 hostapd: Do not allow HT in 11b mode
When the HW mode has been configured as 11b, disable HT
operations.

Signed-hostap: Sujith Manoharan <c_manoha@qca.qualcomm.com>
2012-04-03 12:03:18 +03:00
Jouni Malinen
648cc711a5 GAS server: Add support for ANQP Venue Name element
The new venue_name configuration parameter can now be used to configure
the ANQP Venue Name values that stations can request through GAS.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-26 22:53:22 +02:00
Jay Katabathuni
dca30c3fb7 Interworking: Add GAS server support for AP mode
This adds GAS/ANQP implementation into hostapd. This commit brings in
the basic GAS/ANQP functionality, but only the ANQP Capability List
element is supported.

For testing purposes, hostapd control interface SET command can be used
to set the gas_frag_limit parameter dynamically.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-26 22:52:53 +02:00
Shan Palanisamy
31b79e1197 hostapd: Allow config parameters to be set through ctrl_iface
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 19:36:48 +02:00
Jouni Malinen
a7f5b74d43 Split hostapd security parameter updating into a separate function
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 19:35:54 +02:00
Shan Palanisamy
ef45bc892d hostapd: Split config item parser into a separate function
This makes it easier to use the configuration file parser for updating
the configuration at run time.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 19:34:21 +02:00
Shan Palanisamy
31b540ebd5 Clear wpa_psk/passphrase when the other option is configured
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 19:32:48 +02:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Yogesh Ashok Powar
ef01fa7bfa hostapd: Make inactivity polling configurable
hostapd uses the poll method to check if the station is alive
after the station has been inactive for ap_max_inactivity seconds.
Make the poll mechanism configurable so that user can choose to
disconnect idle clients.

This can be especially useful when some devices/firmwares have
restrictions on the number of clients that can connect to the AP
and that limit is smaller than the total number of stations trying
to use the AP.

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
2011-12-25 20:57:01 +02:00
Michael Braun
05ab9712b9 Allow WPA passphrase to be fetched with RADIUS Tunnel-Password attribute
This allows per-device PSK to be configured for WPA-Personal using a
RADIUS authentication server. This uses RADIUS-based MAC address ACL
(macaddr_acl=2), i.e., Access-Request uses the MAC address of the
station as the User-Name and User-Password. The WPA passphrase is
returned in Tunnel-Password attribute in Access-Accept. This
functionality can be enabled with the new hostapd.conf parameter,
wpa_psk_radius.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2011-12-11 13:01:57 +02:00
Jouni Malinen
505a36941e Add MSK dump mechanism into hostapd RADIUS server for testing
Testing code can now be enabled in the hostapd RADIUS server to dump
each derived MSK into a text file (e.g., to be used as an input to
wlantest). This functionality is not included in the default build
and can be enabled by adding the following line to hostapd/.config:
CFLAGS += -DCONFIG_RADIUS_TEST

The MSK dump file is specified with dump_msk_file parameter in
hostapd.conf (path to the dump file). If this variable is not set,
MSK dump mechanism is not enabled at run time.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-09 00:15:04 +02:00
Bharat Chakravarty
8e5f913456 WPS: Allow RF Bands value to be overridden
A new hostapd.conf parameter, wps_rf_bands, can now be used to fix the
RF Bands value in cases where hw_mode is not set or when operating a
dual band dual concurrent AP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-30 17:44:43 +02:00
Jouni Malinen
0bf927a03e Use wpa_key_mgmt_*() helpers
This cleans up the source code and makes it less likely that new AKM
addition misses some needed changes in the future.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-24 22:47:46 +02:00
Jouni Malinen
e9447a94c0 Use a single define for maximum number of EAP methods
This cleans up the code a bit by not having to deal with theoretical
possibility of maximum number of EAP methods to be different between
various components in hostapd.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-17 20:06:33 +02:00
Jouni Malinen
39b97072b2 Add support for Time Advertisement
This adds preliminary support for IEEE 802.11v Time Advertisement
mechanism with UTC TSF offset.
2011-10-18 00:24:16 +03:00
Jouni Malinen
4b2a77aba2 Interworking: Add support for configuring Roaming Consortium List 2011-10-17 23:55:50 +03:00
Jouni Malinen
b83e3e93c8 IEEE 802.11u: Add configuration and advertisement for Interworking 2011-10-16 23:55:34 +03:00
Jouni Malinen
697cd03fc2 AP: Set pairwise/group cipher for non-WPA modes
This is needed to avoid confusing configuration in some nl80211
drivers that the new AP mode configuration alternatives for
setting security policy.
2011-09-15 15:02:59 +03:00
Jouni Malinen
cb465555d4 Allow PMKSA caching to be disabled on Authenticator
A new hostapd configuration parameter, disable_pmksa_caching=1, can now
be used to disable PMKSA caching on the Authenticator. This forces the
stations to complete EAP authentication on every association when WPA2
is being used.
2011-07-05 17:13:04 +03:00
Jouni Malinen
fa5165586f WPS: Add a workaround for Windows 7 capability discovery for PBC
Windows 7 uses incorrect way of figuring out AP's WPS capabilities by
acting as a Registrar and using M1 from the AP. The config methods
attribute in that message is supposed to indicate only the configuration
method supported by the AP in Enrollee role, i.e., to add an external
Registrar. For that case, PBC shall not be used and as such, the
PushButton config method is removed from M1 by default. If pbc_in_m1=1
is included in the configuration file, the PushButton config method is
left in M1 (if included in config_methods parameter) to allow Windows 7
to use PBC instead of PIN (e.g., from a label in the AP).
2011-05-17 19:53:02 +03:00
Jouni Malinen
cd9fc7869a hostapd: Add testing mode for RSN element extensions
CFLAGS += -DCONFIG_RSN_TESTING in .config and rsn_testing=1 in
hostapd.conf can now be used to enable a testing mode that adds
extensions to RSN element. This can be used to check whether
station implementations are incompatible with future extensions
to the RSN element.
2011-03-21 13:59:05 +02:00
Johannes Berg
2f646b6e83 WPS: Store (secondary) device type as binary
Instead of converting back and forth from the string representation,
always use the binary representation internally.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-17 18:50:22 +02:00
Shan Palanisamy
d7956add9c FT: Make FT-over-DS configurable (hostapd.conf ft_over_ds=0/1) 2011-03-06 14:31:42 +02:00
Helmut Schaa
f39b07d7ed hostapd: Allow coexistance of HT BSSes with WEP/TKIP BSSes
In multi BSS setups it wasn't possible to set up an HT BSS in
conjunction with a WEP/TKIP BSS. HT needed to be turned off entirely
to allow WEP/TKIP BSSes to be used.

In order to allow HT BSSes to coexist with non-HT WEP/TKIP BSSes add a
new BSS conf attribute "disable_11n" which disables HT capabilities on a
single BSS by suppressing HT IEs in the beacon and probe response
frames. Furthermore, mark all STAs associated to a WEP/TKIP BSS as
non-HT STAs. The disable_11n parameter is used internally; no new entry
is parsed from hostapd.conf.

This allows a non-HT WEP/TKIP BSS to coexist with a HT BSS without
having to disable HT mode entirely. Nevertheless, all STAs associated to
the WEP/TKIP BSS will only be served as if they were non-HT STAs.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2011-02-21 17:27:16 +02:00
Jouni Malinen
2944824315 hostapd: Add require_ht configuration parameter
This can be used to configure hostapd to reject association with
any station that does not support HT PHY.
2011-02-09 15:08:47 +02:00
Johannes Berg
d2da224948 AP: Enable WMM with default parameters by default for HT
If WMM is not disabled explicitly (wmm_enabled=0 in hostapd.conf),
enable WMM automatically whenever HT (ieee80211n) is enabled. Use
the default WMM parameters for AP TX queues and the EDCA parameters
advertised for stations in WMM IE if no overriding values are
included in the configuration.
2011-02-01 14:34:12 +02:00
Jouni Malinen
1161ff1ef5 hostapd: Allow TDLS use to be prohibited in the BSS
tdls_prohibit=1 and tdls_prohibit_chan_switch=1 and now be used to
disable use of TDLS or TDLS channel switching in the BSS using
extended cabilities IE as defined in IEEE 802.11z.
2011-01-28 19:21:59 +02:00
Johannes Berg
0d7e5a3a29 Allow AP mode to disconnect STAs based on low ACK condition
The nl80211 driver can report low ACK condition (in fact it reports
complete loss right now only). Use that, along with a config option, to
disconnect stations when the data connection is not working properly,
e.g., due to the STA having went outside the range of the AP. This is
disabled by default and can be enabled with disassoc_low_ack=1 in
hostapd or wpa_supplicant configuration file.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-12-28 17:15:01 +02:00
Yogesh Ashok Powar
6950b2caa8 hostapd: Prohibit WEP configuration when HT is enabled
WFA 11n testing does not allow WEP when IEEE 802.11n is enabled.
Reject such combination when parsing hostapd configuration file.

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
2010-11-09 16:49:03 +02:00
Felix Fietkau
d3b4286967 Allow client isolation to be configured (ap_isolate=1)
Client isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging is
allowed.
2010-11-09 16:27:15 +02:00
Felix Fietkau
d38ae2ea85 Add bridge handling for WDS STA interfaces
By default, add them to the configured bridge of the AP interface
(if present), but allow the user to specify a separate bridge.
2010-11-09 16:12:42 +02:00
Jouni Malinen
7e3c178142 Remove unused TX queue parameters related to Beacon frames
These are not used by any driver wrapper, i.e., only the four
data queues (BK, BE, VI, VO) are configurable. Better remove these
so that there is no confusion about being able to configure
something additional.
2010-11-05 01:23:17 +02:00
Dmitry Shmidt
ae6e1bee67 Add WPA_IGNORE_CONFIG_ERRORS option to continue in case of bad config
This is an option to continue with wpa_supplicant and hostapd even if
config file has errors. The problem is that these daemons are the best
"candidates" for the config change, so if they can not start because
config file was let's say corrupted, you can not fix it easily.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2010-10-31 12:38:49 +02:00
Jouni Malinen
f61039c75f WPS 2.0: Disable WPS if ignore_broadcast_ssid or WEP is used
These combinations are disallowed in WPS 2.0 (and do not work well
(or at all) with many deployed WPS 1.0 devices either).
2010-09-24 15:17:03 -07:00
Dan Harkins
df684d82ff EAP-pwd: Add support for EAP-pwd server and peer functionality
This adds an initial EAP-pwd (RFC 5931) implementation. For now,
this requires OpenSSL.
2010-09-14 21:51:40 -10:00
Jouni Malinen
962473c136 P2P: Add preliminary P2P Manager AP support for hostapd 2010-09-09 07:17:18 -07:00
Jouni Malinen
7f6ec672ea EAP server: Add support for configuring fragment size 2010-07-20 22:56:10 -07:00