Commit graph

100 commits

Author SHA1 Message Date
Jouni Malinen
6e89cc438e Preparations for 0.6.6 release 2008-11-23 17:02:06 +02:00
Jouni Malinen
2fc98d02c1 Simplified RADIUS accounting id usage
Changed accounting_sta_start() to call accounting_sta_get_id()
internally in accounting.c so that external callers do not need to do
anything to allocate unique accounting id. When starting a new session,
a unique identifier is needed anyway, so no need to keep these
operations separate.
2008-11-23 11:12:17 +02:00
Jouni Malinen
74bd7dae63 Use SM_ENTER_GLOBAL to clean up EAPOL state machine debug messages
This removes unnecessary messages about entering REAUTH_TIMER INITIALIZE
state every second when a STA is in unauthenticated state.
2008-11-23 11:01:28 +02:00
Jouni Malinen
b1fa8bf129 Allocate new Acct-Session-Id on EAPOL-Logoff
Stop accounting session on EAPOL-Logoff and use new Acct-Session-Id if
STA authenticates again within same association after this.
2008-11-23 10:47:36 +02:00
Jouni Malinen
39e50be082 Fixed listen interval configuration for nl80211 drivers
Need to update the struct sta_info value, too, and not only the local
variable used in handle_assoc()..
2008-11-22 21:20:27 +02:00
Jouni Malinen
fe2c5241b5 Remove experimental non-AP STA code from hostapd
This was used to allow hostapd to associate as a non-AP STA to another
AP one the same channel while still acting as an AP with the Host AP
driver. This was very experimental and did not work with all firmware
versions. Nowadays, much better way of doing this is to use mac80211
virtual non-AP STA interface. As such, this experimental code can be
removed from hostapd to reduce the code size and make MLME code easier
to understand since it is now only handling AP functionality.
2008-11-21 20:48:58 +02:00
Jouni Malinen
ddaa83ebeb Remove overly complex hostapd setup sequence with n+1 callbacks
This code was originally added as a mechanism to handle long waits
during channel selection and/or radar detection. It is not currently
really used and makes the setup sequence nearly impossible to
understand. Let's get rid of the unwanted complexity. This needs to be
redesigned if it is ever needed again.
2008-11-21 20:39:33 +02:00
Jouni Malinen
2387b8c0b0 Removed forgotten register_drivers() prototype
Driver registration style was changed long time ago and this is not used
anymore.
2008-11-21 19:51:06 +02:00
Jouni Malinen
d52e94f965 Removed partial IEEE 802.11h implementation
This code was not finished and did not work with the current mac80211
design. In order to avoid confusing users, it is better to remove this
completely for now and look at new implementation to work with mac80211.
2008-11-21 19:45:20 +02:00
Jouni Malinen
d337b6fb65 Removed now unused reconfig variables. 2008-11-21 19:31:54 +02:00
Jouni Malinen
fb6d357532 reconfig.c file was not used at all, so remove it.
This implementation of reconfiguration is way too complex. Something
simpler should be implemented to allow dynamic configuration changes.
2008-11-21 19:28:45 +02:00
Jouni Malinen
477df071d7 Fixed hostapd build without l2_packet (e.g., RADIUS server only). 2008-11-21 15:44:00 +02:00
Jouni Malinen
012783f1ab Fixed EAP-TLS message fragmentation for the last TLS message
It the message was large enough to require fragmentation (e.g., if a large
Session Ticket data is included), More Fragment flag was set, but no
more fragments were actually sent (i.e., Access-Accept was sent out).
2008-11-20 19:39:35 +02:00
Jouni Malinen
bac912e5bd Remove extra typedefs since they do not seem to be needed anymore
These typedefs were causing build issues with new kernel/C library headers,
so lets get rid of them since they do not seem to be needed anymore. This
applies only if CONFIG_FULL_DYNAMIC_VLAN is enabled which is not even
mentioned in the defconfig file, so this should not change behavior more
most users.
2008-11-18 15:06:03 +02:00
Jouni Malinen
ba60b94a40 Improved the error message for passive scan not being available
If the driver wrapper does not implement passive_scan handler, do not try
to use strerror() to figure out what the error meant. This is not really an
error that the user should be notified about.
2008-11-18 15:01:24 +02:00
Jouni Malinen
9ee06a63e5 driver_nl80211: Remove monitor interface if AP initialization fails 2008-11-18 14:55:32 +02:00
Jouni Malinen
10b83bd712 Changed channel flags configuration to read the information from the driver
(e.g., via driver_nl80211 when using mac80211) instead of using hostapd as
the source of the regulatory information (i.e., information from CRDA is
now used with mac80211); this allows 5 GHz channels to be used with hostapd
(if allowed in the current regulatory domain).
2008-11-18 14:51:43 +02:00
Jouni Malinen
0cf03892a4 OpenSSL 0.9.9 API change for EAP-FAST session ticket overriding API
Updated OpenSSL code for EAP-FAST to use an updated version of the
session ticket overriding API that was included into the upstream
OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is
needed with that version anymore).
2008-11-16 21:29:12 +02:00
Jouni Malinen
581a8cde77 Added support for enforcing frequent PTK rekeying
Added a new configuration option, wpa_ptk_rekey, that can be used to
enforce frequent PTK rekeying, e.g., to mitigate some attacks against TKIP
deficiencies. This can be set either by the Authenticator (to initiate
periodic 4-way handshake to rekey PTK) or by the Supplicant (to request
Authenticator to rekey PTK).

With both wpa_ptk_rekey and wpa_group_rekey (in hostapd) set to 600, TKIP
keys will not be used for more than 10 minutes which may make some attacks
against TKIP more difficult to implement.
2008-11-06 19:57:21 +02:00
Jouni Malinen
988ab690ac Preparations for 0.6.5 release 2008-11-01 17:20:25 +02:00
Jouni Malinen
07d44beeab Added a note about hostapd driver_nl80211 and AP mode in wireless-testing 2008-11-01 14:32:10 +02:00
Johannes Berg
4aac554ce2 driver_nl80211: Remove set_ssid from nl80211 driver
This is no longer required (and does not work with current
wireless-testing anymore).

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2008-11-01 13:45:34 +02:00
Jouni Malinen
cb7b04c8c9 Moved ieee802_11_parse_elems() into common code 2008-10-29 21:48:14 +02:00
Jouni Malinen
3d536eb453 Removed the unused hapd argument to ieee802_11_parse_elems() 2008-10-29 21:33:46 +02:00
Jouni Malinen
fefee8a74d driver_nl80211: Added TX queue parameter configuration 2008-10-29 19:35:17 +02:00
Jouni Malinen
4c99a969e3 driver_nl80211: Added basic rate configuration 2008-10-29 19:34:27 +02:00
Jouni Malinen
8e8df25541 nl80211: Finish dumps properly (ported from iw.git) 2008-10-29 19:28:35 +02:00
Jouni Malinen
990ec3787e Set TX queue parameters during initialization
This was already called from reconfig.c, but the call from hostapd.c had
been forgotten.
2008-10-29 19:25:15 +02:00
Jouni Malinen
9663596fac Fix group key rekeying when reauth happens during pending group key update
We need to cancel the group key update for a STA if a reauthentication
request is received while the STA is in pending group key update. When
canceling the update, we will also need to make sure that the PTK Group Key
state machine ends up in the correct state (IDLE) to allow future updates
in case of WPA2.
2008-10-21 13:54:54 +03:00
Jouni Malinen
2d86724409 EAP-FAST: Allow A-ID and A-ID-Info to be configured separately
Changed EAP-FAST configuration to use separate fields for A-ID and
A-ID-Info (eap_fast_a_id_info) to allow A-ID to be set to a fixed
16-octet len binary value for better interoperability with some peer
implementations; eap_fast_a_id is now configured as a hex string.
2008-10-19 09:55:59 +03:00
Jouni Malinen
2100a768bf Fixed WPA/RSN IE validation to verify the proto (WPA vs. WPA2) is enabled
Previous version could have allowed a broken client to complete WPA (or
WPA2) authentication even if the selected proto was not enabled in hostapd
configuration.
2008-10-15 06:34:39 +03:00
Jouni Malinen
a11c90a64a EAP-FAST: Make PAC-Key lifetime values configurable
The hardcoded values in eap_fast.c were replaced with values read from
hostapd.conf.
2008-10-08 17:25:47 +03:00
Jouni Malinen
378eae5e9b EAP-FAST: Added support for disabling anonymous/authenticated provisioning
eap_fast_prov config parameter can now be used to enable/disable different
EAP-FAST provisioning modes:
0 = provisioning disabled
1 = only anonymous provisioning allowed
2 = only authenticated provisioning allowed
3 = both provisioning modes allowed
2008-10-08 16:55:23 +03:00
Jouni Malinen
85141289d5 Silenced some of the driver-related messages for driver=none case
No need to print these to confuse users that configure hostapd as a RADIUS
server without any AP functionality.
2008-10-01 14:17:35 +03:00
Jouni Malinen
d64dabeebc Added a new driver wrapper, "none", for RADIUS server only configuration
This can be used to limit hostapd code size and clean up debug output for
configurations that do not use hostapd to control AP functionality.
2008-10-01 14:07:55 +03:00
Johannes Berg
cafe38cae0 nl80211 hostapd driver: clean up netlink code
Put it into a single place instead of having it all over.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2008-09-29 19:37:24 +03:00
Johannes Berg
6773de39b1 nl80211 driver: correctly set the encrypt bit for eapol frames
A recent kernel change led to all EAPOL frames being encrypted rather than
just those for the group handshake. This is due to transmit processing in
the kernel now using the proper interface which would encrypt those frames
with the group key because hostapd wasn't requesting that they not be
encrypted. This changes the nl80211 driver to not request encryption unless
the EAPOL frame should be encrypted.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2008-09-29 19:21:51 +03:00
Jouni Malinen
b27f13ed28 MFP + FT: Added support for sending IGTK in FTIE 2008-09-01 11:00:59 +03:00
Jouni Malinen
565861976d Added support for using SHA256-based stronger key derivation for WPA2
IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for
key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new
AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 22:57:28 +03:00
Jouni Malinen
9b71728bba Cleaned up TX callback request processing
Move the use of 802.11 header protocol field into driver_hostap.c since
this is a Host AP driver specific mechanism and other driver wrappers
should not really need to know about it.
2008-08-31 11:15:56 +03:00
Jouni Malinen
c2a714088d Moved WMM action category definition into ieee802_11_defs.h 2008-08-31 11:06:58 +03:00
Jouni Malinen
5d22a1d5aa IEEE 802.11w: Added association ping
This updates management frame protection to use the assocition ping process
from the latest draft (D6.0) to protect against unauthenticated
authenticate or (re)associate frames dropping association.
2008-08-31 11:04:47 +03:00
Jouni Malinen
1e858f69d9 Copy previous BSSID into STA data only after full validation of the request 2008-08-30 18:25:44 +03:00
Jouni Malinen
0b60b0aaad Updated MFP defines based on IEEE 802.11w/D6.0 and use new MFPC/MFPR
This adds most of the new frame format and identifier definitions from IEEE
802.11w/D6.0. In addition, the RSN IE capability field values for MFP is
replaced with the new two-bit version with MFPC (capable) and MFPR
(required) processing.
2008-08-30 14:59:39 +03:00
Jouni Malinen
271d2830ff Added support for setting VLAN ID for STAs based on local MAC ACL
This allows the accept_mac_file to be used as an alternative for RADIUS
server-based configuration. This is mainly to ease VLAN testing (i.e., no
need to set up RADIUS server for this anymore).
2008-08-28 18:43:26 +03:00
Jouni Malinen
00ad53ef68 Send HT parameters for new STAs
This depends on a mac80211 patch to add NL80211_ATTR_HT_CAPABILITY
(which is not yet in wireless-testing).
2008-08-25 11:30:39 +03:00
Jouni Malinen
f2c290ccf4 Switched driver_nl80211 to use the new sta_add2() 2008-08-25 10:06:40 +03:00
Jouni Malinen
4d4233eaf4 Fixed internal TLSv1 server implementation for abbreviated handshake
When the TLS handshake had been completed earlier by the server in case of
abbreviated handshake, the output buffer length was left uninitialized. It
must be initialized to zero in this case. This code is used by EAP-FAST
server and the uninitialized length could have caused it to try to send a
very large frame (though, this would be terminated by the 50 roundtrip EAP
limit). This broke EAP-FAST server code in some cases when PAC was used to
establish the tunnel.
2008-08-24 13:08:15 +03:00
Jouni Malinen
1f21bc4cc3 Fixed EAP-FAST server PAC-Opaque padding
0.6.4 broke this for some peer identity lengths. The padding was supposed
to make sure that the length of PAC-Opaque is divisible by 8.
2008-08-24 12:50:12 +03:00
Jouni Malinen
9d2a76a2c3 Moved IEEE 802.11n parameter to be per-radio instead of per-BSS 2008-08-22 21:03:31 +03:00