Commit graph

377 commits

Author SHA1 Message Date
Jouni Malinen
babfbf15cc FT: Add RIC Request generation and validation (but not processing)
This adds first part of FT resource request as part of Reassocition
Request frame (i.e., FT Protocol, not FT Resource Request Protocol).
wpa_supplicant can generate a test resource request when driver_test.c
is used with internal MLME code and hostapd can verify the FTIE MIC
properly with the included RIC Request.

The actual RIC Request IEs are not processed yet and hostapd does not
yet reply with RIC Response (nor would wpa_supplicant be able to
validate the FTIE MIC for a frame with RIC Response).
2009-03-09 20:45:17 +02:00
Jouni Malinen
143a4bf632 WPS: Add a workaround for static WEP with Windows network probe
Windows XP and Vista clients can get confused about EAP-Identity/Request
when they probe the network with EAPOL-Start. In such a case, they may
assume the network is using IEEE 802.1X and prompt user for a
certificate while the correct (non-WPS) behavior would be to ask for the
static WEP key. As a workaround, use Microsoft Provisioning IE to
advertise that legacy 802.1X is not supported.

This seems to make Windows ask for a static WEP key when adding a new
network, but at least Windows XP SP3 was still marking IEEE 802.1X
enabled for the network. Anyway, this is better than just leaving the
network configured with IEEE 802.1X and automatic WEP key distribution.
2009-03-08 19:36:02 +02:00
Jouni Malinen
ed843aaa33 WMM-AC: Fix hostapd processing of ADDTS Request and add test code
Calculate the estimated medium time using integer variables since there
is no real need to use floating point arithmetics here. In addition,
make sure there is no division by zero regardless of how invalid the
request from the station is. Reject invalid parameters and refuse
requests that would take most of the bandwidth by themselves.

Add test code into wpa_supplicant mlme.c to allow WMM-AC negotiation to
be tested with driver_test.
2009-03-06 20:15:00 +02:00
Jouni Malinen
9cf548c082 Allow PN531_PATH to be overriden from .config 2009-03-06 16:25:48 +02:00
Masashi Honma
e1ee6b600b WPS: Add support for NFC out-of-band mechanism
The new file wps_nfc.c and ndef.c implements NFC device independent
operation, wps_nfc_pn531.c implements NFC device dependent operation.

This patch is only for the following use case:
- Enrollee = wpa_supplicant
- Registrar = hostapd internal Registrar

Following NFC methods can be used:
- Enrollee PIN with NFC
- Registrar PIN with NFC
- unencrypted credential with NFC

Encrypted credentials are not supported.

Enrollee side operation:

Registrar side operation:

Example configuration.
CONFIG_WPS=y
CONFIG_WPS_NFC=y
CONFIG_WPS_NFC_PN531=y

I used NFC device "NXP PN531". The NFC device access method is
confidential, so I used outer library. Please download below files from
https://www.saice-wpsnfc.bz/index.php

[WPS NFC Library]
WpsNfcLibrary/WpsNfc.h
WpsNfcLibrary/WpsNfcType.h
WpsNfcLibrary/WpsNfcVersion.h
WpsNfcLibrary/linux/libnfc_mapping_pn53x.dll
WpsNfcLibrary/linux/wpsnfc.dll

[NFC Reader/Writer Kernel Driver]
NFCKernelDriver-1.0.3/linux/kobj/sonyrw.ko

<WiFi test>
The hostapd/wpa_supplicant with this patch passed below tests on
"Wi-Fi WPS Test Plan Version 1.6".
4.2.5 Add device using NFC Method with password token
(I used SONY STA instead of NXP STA.)

4.2.6 Add device using NFC Method with configuration token

5.1.9 Add to AP using NFC Method with password token
through internal registrar
(I used SONY AP instead of NXP AP.)

5.1.10 Add to AP using NFC Method with configuration token
through internal registrar
2009-03-06 16:16:22 +02:00
Jouni Malinen
d85825e355 Fix UP-to-AC mapping for prio 3 (EE) to be AC_BE, not AC_VI 2009-03-05 16:37:13 +02:00
Jouni Malinen
37d8922e58 Fix non-HT STA addition
35463eaed3 broke non-HT STA add by trying
to se random HT capabilities to mac80211. Fix that by using NULL ht_cap
for non-HT case.
2009-03-05 11:25:32 +02:00
Jouni Malinen
f72750896c nl80211: Add verbose result debugging for NL80211_CMD_NEW_STATION 2009-03-05 11:24:48 +02:00
Jouni Malinen
b175bff0ce No need for including endian.h anymore 2009-03-04 16:29:36 +02:00
Jouni Malinen
317c33ebfb No need to check WMM IE OUI or type here
IE parser has already taken care of this. In addition, show QoS info
field in debug output.
2009-03-04 16:28:47 +02:00
Jouni Malinen
979be3fecf Use bit mask/shift and helper functions instead of C bit fields 2009-03-04 16:23:44 +02:00
Jouni Malinen
3ae0800c5f WMM cleanup (WME -> WMM rename, comments, etc.)
This updates the terminogy to match with the final WMM specification. In
addition, some of the WMM TSPEC structure fields were in incorrect order
and used without byte order swapping. Those are also taken care of this
cleanup patch.
2009-03-04 12:33:24 +02:00
Jouni Malinen
1c6965f7db Remove unused tsinfo() 2009-03-04 11:32:51 +02:00
vasanth
35463eaed3 Pass negotiated ht capability information after the association
This patch replaces the station's ht capability information with the
negotiated one in NL80211_CMD_NEW_STATION. This negotiated ht
capability will be needed for rate control initialization in the
driver.

Signed-off-by: vasanth <vasanth@atheros.com>
2009-03-02 19:17:35 +02:00
Jouni Malinen
1fd4b0db7c Fix EAPOL/EAP reauthentication with external RADIUS server
The EAP server state machine will need to have special code in
getDecision() to avoid starting passthrough operations before having
completed Identity round in the beginning of reauthentication. This was
broken when moving into using the full authenticator state machine from
RFC 4137 in 0.6.x.
2009-03-02 19:06:23 +02:00
Jouni Malinen
24466b188a WPS: Convert WEP key to hex
Use of hex is safer since the enrollee may configure AP with 5 or 13
random octets of binary data as the key.
2009-02-27 17:08:17 +02:00
Jouni Malinen
f4c617ee4c WPS UFD: Add entry to ChangeLog 2009-02-26 22:10:50 +02:00
Jouni Malinen
116f7bb0a3 WPS UFD: Build OOB functionality only if UFD is enabled 2009-02-26 22:10:21 +02:00
Jouni Malinen
d5e2b2d274 WPS UFD: Use pre-configured DH keys only with OOB
The old behavior of generating new DH keys can be maintained for non-OOB
cases and only OOB (in this case, with UFD) will use the pre-configured
DH keys to allow the public key hash to be checked.
2009-02-26 22:09:35 +02:00
Jouni Malinen
7cbf51bbd8 WPS UFD: Remove oob_dev pointer from wps_context
This pointer and the especially the oob_dev->device_path does not remain
valid, so better not save it any longer than it is needed.
2009-02-26 22:07:55 +02:00
Jouni Malinen
390cd3105d WPS UFD: Make build conditional on CONFIG_WPS_UFD=y
Not all embedded devices have USB interface and it is useful to be able
to remove unneeded functionality from the binary. In addition, the
current implementation has some UNIX specific calls in it which may make
it not compile cleanly on all target systems.
2009-02-26 22:01:36 +02:00
Masashi Honma
46bdb83acd WPS: Add UFD support (USBA out-of-band mechanism)
This patch is only for the following use case:
- Enrollee = wpa_supplicant
- Registrar = hostapd internal Registrar

Following UFD methods can be used:
- Enrollee PIN with UFD
- Registrar PIN with UFD
- unencrypted credential with UFD

Encrypted credentials are not supported.

Enrollee side operation:
wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r

Registrar side operation:
./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 21:57:38 +02:00
Jouni Malinen
a9aca28ba3 Fix WPS in non-WPA modes with drivers that implement MLME
Need to set WLAN_STA_WPS and WLAN_STA_MAYBE_WPS flags even if WPA is not
enabled. This allows open and static WEP modes to initiate WPS
negotiation with madwifi-like drivers.
2009-02-23 20:57:07 +02:00
Jouni Malinen
6d7fb6918d Add new driver wrapper for the Atheros driver
This uses similar, but not identical, interface to madwifi. It is easier
to keep this separate to avoid conflicts with potential changes in the
driver interfaces.
2009-02-19 16:27:07 +02:00
Jouni Malinen
d3cba719ff WPS: Use WEP key index 1..4 instead of 0..3 when configuring AP 2009-02-18 20:17:47 +02:00
Sebastien Decugis
ab61c4fc36 Fix hostapd build without NEED_MLME
The following patch fixes a compilation issue when compiling hostapd to
serve as pure RADIUS authentication server.
2009-02-18 19:43:07 +02:00
Jouni Malinen
8807377fe4 nl80211: Add TX/RX packet counts into accounting information 2009-02-18 11:29:45 +02:00
Jouni Malinen
dbdf58b053 driver_nl80211: Fix STA accounting data collection
TX/RX bytes are now reported correctly (typo ended up leaving TX bytes
uninitialized and set RX bytes value to use correct TX bytes). TX/RX
packet counts are not yet available from kernel, so we have to clear the
values to avoid reporting bogus data.
2009-02-16 13:28:42 +02:00
Masashi Honma
34a6c94178 WPS: Fix clearing of WPS IE with madwifi driver
On WPS init/deinit process, the hostapd clears it's own WPS IE
with 0 length WPS IE. But it fails. Because the parameter to
ioctl is too short. Then hostapd prints a below message.

ioctl[IEEE80211_IOCTL_SET_APPIEBUF]: Invalid argument
2009-02-10 11:23:59 +02:00
Jouni Malinen
d0184cb25c UPnP: Renamed PutWLANResponse callback function to match action
No point in adding extra "event_" to the name.
2009-02-06 21:44:19 +02:00
Jouni Malinen
915c1ba3c5 WPS UPnP: Added support for multiple external Registrars
Allow more than one pending PutWLANMessage data to be stored (M2/M2D
from multiple external Registrars) and drop pending M2/M2D messages when
the Enrollee replies with M3.
2009-02-06 21:39:32 +02:00
Jouni Malinen
e1bad1cd7d UPnP: Workaround bogus NewWLANEventMAC in PutWLANResponse
It looks like Intel wsccmd may send a bogus NewWLANEventMAC
(11:22:33:44:55:66) when acting as an wired external Registrar. Work
around this by going through all STAs if the address does not match and
pick the STA that is in an ongoing WPS registration.
2009-02-06 16:39:49 +02:00
Daniel Mierswa
b77eab282a Explicitly link against libdl when including TNC support
If you don't choose OpenSSL as TLS implementation and choose to enable
CONFIG_EAP_TNC you have to link against libdl. The OpenSSL libraries
implicitly link against them, so this might be a reason why it wasn't
noticed yet. I assume the same applies to hostapd.
2009-02-05 19:24:16 +02:00
Jouni Malinen
42f1ee7d1f Fixed scan buffer increasing with WEXT
We can now handle up to 65535 byte result buffer which is the maximum
due to WEXT using 16-bit length field. Previously, this was limited to
32768 bytes in practice even through we tried with 65536 and 131072
buffers which we just truncated into 0 in the 16-bit variable.

This more or less doubles the number of BSSes we can received from scan
results.
2009-02-05 12:00:23 +02:00
Pavel Roskin
e7e9c46e55 Use better examples for MadWifi path in defconfig, clarify comments
MadWifi is unlikely to be in ../head relative to hostapd or
wpa_supplicant, as it would be inside the hostap git repository.
MadWifi sources are more likely to be in a directory called "madwifi"
and residing outside the hostap repository.  Using "madwifi" also
demonstrates that the top-level madwifi directory is needed.
2009-02-04 21:45:14 +02:00
Jouni Malinen
5eb4e3d024 802.11n: scan for overlapping BSSes before starting 20/40 MHz channel
Try to match PRI/SEC channel with neighboring 20/40 MHz BSSes per
IEEE 802.11n/D7.0 11.14.3.2. This is not yet complete implementation,
but at least some parts of the 40 MHz coex are improved.

40 MHz operation maybe rejected (i.e., fall back to using 20 MHz) or
pri/sec channels may be switched if needed.
2009-02-04 21:19:54 +02:00
Jouni Malinen
30fd5f1467 Verify that driver supports configured HT capabilities 2009-02-04 12:49:23 +02:00
Sebastien Decugis
c9c3eafacb Remove unused variable from struct hostapd_config
I think that the "radius" pointer in the structure hostapd_config is
never used; when the configuration is parsed the related data is stored
in hostapd_bss_config's "radius" var.
2009-01-30 21:21:46 +02:00
Jouni Malinen
6f4071c084 Do not use country_code default (was: US)
If country_code is not included in hostapd.conf, refuse to enable IEEE
802.11d and do not try to set the regulatory domain in kernel.
2009-01-30 12:43:19 +02:00
Jouni Malinen
c5e1522f9a Added notes about WPS UPnP support and external Registrars 2009-01-29 19:19:30 +02:00
Jouni Malinen
f620268f13 WPS: Add support for external Registrars using UPnP transport
This adds mostly feature complete external Registrar support with the
main missing part being proper support for multiple external Registrars
working at the same time and processing of concurrent registrations when
using an external Registrar.

This code is based on Sony/Saice implementation
(https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill
(Atheros) to make it more suitable for hostapd design and embedded
systems. Some of the UPnP code is based on Intel's libupnp. Copyrights
and licensing are explained in src/wps/wps_upnp.c in more detail.
2009-01-29 18:47:02 +02:00
Jouni Malinen
1e14526571 Use Data::Data only with Host AP driver; mac80211 can use Data::Nullfunc
The inactivity poll was originally supposed to use Data::Nullfunc, but
due to Prism2/2.5/3 firmware issues, this was changed to an empty
Data::Data frame. mac80211 does not have such an issue, so change the
inactivity poll frame to be Data::Nullfunc by default and use the
Data::Data workaround only with Host AP driver.
2009-01-27 16:36:27 +02:00
Jouni Malinen
f01a6b1e3e driver_nl80211: Fixed inactivity poll status processing
Previous version was discarding TX status for FromDS data frames, but
those are the exact ones that we need to check for inactivity poll to
work, i.e., they are TX status reports for injected data frames.

In addition, remove the debug printing of TX status for data frame since
that could fill up the debug output if kernel-side filtering cannot be
used with monitor interface.
2009-01-27 16:34:48 +02:00
Johannes Berg
9616af520b driver_nl80211: use Linux socket filter to improve performance
TX status information for all transmitted data frames is not going to
be sent to hostapd anymore, so the CPU load with high traffic load is
going to be significantly reduced.
2009-01-27 12:28:05 +02:00
Jouni Malinen
7ce3304ab3 Do not forget wpa_passphrase so that WPS can use it
Send ASCII passphrase instead of derived PSK if the configuration uses
the passphrase.
2009-01-24 12:51:28 +02:00
Jouni Malinen
3b2cf800af WPS: Lock AP Setup on multiple AP PIN validation failures
If a Registrar tries to configure the AP, but fails to validate the
device password (AP PIN), lock the AP setup after four failures. This
protects the AP PIN against brute force guessing attacks.
2009-01-23 21:57:43 +02:00
Jouni Malinen
4c29cae932 Added ap_settings option for overriding WPS AP Settings in M7
This optional configuration parameter can be used to override AP
Settings attributes in M7 similarly to extra_cred option for Credential
attribute(s) in M8.
2009-01-23 21:08:55 +02:00
Jouni Malinen
6296625308 Free extra_cred when freeing configuration 2009-01-23 20:51:26 +02:00
Jouni Malinen
401e039633 Allow WPS device strings to be unconfigured
Previous version was causing a NULL pointer dereference if a required
string was not set in configuration. It is better to make these
optional.
2009-01-22 21:26:14 +02:00
Jouni Malinen
695e2b48e2 Documented interface for external WPS credential processing 2009-01-21 16:42:11 +02:00
Jouni Malinen
a60e7213e1 Fixed WPS with open and shared WEP networks
Do not initialize EAPOL state machine for the STA when hostapd is
configured to use WPS with open or shared WEP networks. This allows the
STA to use EAPOL-Start to indicate it wants to start WPS in such a case
and hostapd does not end up running through EAPOL authentication timeout
and disconnecting the STA if WPS is not used.

There was already code for starting EAPOL state machines based on
received EAPOL packets, but that was not working properly since
portEnabled was not set to TRUE on that code path. This is now fixed,
too.
2009-01-21 14:18:14 +02:00
Jouni Malinen
aabe26a136 WPS: Added option to disable AP auto-config on first registration
This operation can now be moved into an external program by configuring
hostapd with wps_cred_processing=1 and skip_cred_build=1. A new
ctrl_iface message (WPS-REG-SUCCESS <Enrollee MAC addr> <UUID-E>) will
be used to notify external programs of each successful registration and
that can be used as a tricker to move from unconfigured to configured
state.
2009-01-21 13:48:10 +02:00
Jouni Malinen
d745c7cc1a Added wps_cred_processing configuration option for hostapd
This behaves like the one in wpa_supplicant, i.e., hostapd can be
configured not to process new credentials (AP settings) internally and
instead pass the WPS attributes for an external program to process over
ctrl_iface.
2009-01-21 11:54:12 +02:00
Jouni Malinen
42d16805c9 Enable wpa_msg() for hostapd
Use wpa_msg() like wpa_supplicant in order to avoid having to use direct
hostapd_ctrl_iface_send() calls.
2009-01-21 11:45:56 +02:00
Jouni Malinen
1cc84c1c6b Increased wpa_cli/hostapd_cli ping interval and made it configurable
The default interval is now 5 seconds (used to be 1 second for
interactive mode and 2 seconds for wpa_cli -a). The interval can be
changed with -G<seconds> command line option.
2009-01-20 21:12:00 +02:00
Jouni Malinen
adddffd129 Fixed MFP Association Comeback mechanism to use Timeout Interval IE
The separate Association Comeback Time IE was removed from IEEE 802.11w
and the Timeout Interval IE (from IEEE 802.11r) is used instead. The
editing on this is still somewhat incomplete in IEEE 802.11w/D7.0, but
still, the use of Timeout Interval IE is the expected mechanism.
2009-01-19 18:42:10 +02:00
Jouni Malinen
eca6e0a9a5 WPS: Provide the unparsed Credential attribute to cred_cb()
This makes it easier to pass the credential data to external programs
(e.g., Network Manager) for processing. The actual use of this data is
not yet included in hostapd/wpa_supplicant.
2009-01-17 22:17:12 +02:00
Jouni Malinen
6fa68a0ee5 Added an option to add (or override) Credential attribute(s) in M8 2009-01-16 22:50:41 +02:00
Jouni Malinen
4bb081f1b4 Renamed PMKSA cache functions to avoid duplicate symbols with supplicant
This allows hostapd/pmksa_cache.c and src/rsn_supp/pmksa_cache.c to be
linked into the same program.
2009-01-14 22:01:26 +02:00
Jouni Malinen
13268290b6 Moved rsn_pmkid() into shared code to avoid duplication 2009-01-14 21:31:47 +02:00
Jouni Malinen
010dc06853 Moved RADIUS Class attribute helpers into RADIUS module 2009-01-13 20:01:29 +02:00
Jouni Malinen
61e64e7b7f Removed dead code 2009-01-13 19:15:42 +02:00
Jouni Malinen
c77bb61aee Fixed copy-paste error in retry configuration (incorrect ioctl used) 2009-01-13 19:14:38 +02:00
Jouni Malinen
25ba219f3e Removed unused set_regulatory_domain driver function 2009-01-13 19:12:25 +02:00
Jouni Malinen
f49275c92f Fixed build without CONFIG_IEEE80211N 2009-01-12 22:08:53 +02:00
Jouni Malinen
4cdde5caf7 Fixed a typo in printf -> wpa_printf changes 2009-01-12 22:06:51 +02:00
Jouni Malinen
24bb3d9788 Fixed build with wpa_printf disabled 2009-01-12 22:06:06 +02:00
Jouni Malinen
a9843f614f Removed hw_features.o from build if hostapd MLME is not used 2009-01-12 22:03:58 +02:00
Jouni Malinen
7fd46d466f Added build option for disabling control interface (CONFIG_NO_CTRL_IFACE) 2009-01-12 21:44:57 +02:00
Jouni Malinen
30b32314eb Added build option for removing VLAN support (CONFIG_NO_VLAN) 2009-01-12 21:39:19 +02:00
Jouni Malinen
71f04b3cf9 Fixed CONFIG_NO_HOSTAPD_LOGGER build 2009-01-12 21:21:31 +02:00
Jouni Malinen
27750f29d6 Comment out RADIUS configuration parsing if RADIUS client support is
disabled in the build.
2009-01-12 16:49:39 +02:00
Jouni Malinen
10656fc23a Replaced printf() calls with wpa_printf() 2009-01-12 16:49:04 +02:00
Jouni Malinen
815d2189d9 Remove TLS-PRF from hostapd build if it is not needed 2009-01-12 15:20:12 +02:00
Jouni Malinen
03ba2cb4c6 Added CONFIG_NO_AES_EXTRAS for hostapd
This allows unneeded AES routines to be removed from the build to reduce
binary size.
2009-01-12 15:15:35 +02:00
Jouni Malinen
bc521fac13 Fixed couple of build failures with minimal configuration 2009-01-12 15:08:33 +02:00
Jouni Malinen
3904625396 Silenced some sparse warnings 2009-01-11 10:42:07 +02:00
Jouni Malinen
b7fc385071 Fixed build with 802.11n disabled 2009-01-10 21:36:41 +02:00
Jouni Malinen
5fa30f32da Cleaned up main() by splitting it into number of helper functions 2009-01-09 18:04:57 +02:00
Jouni Malinen
b5b969e9c7 Moved driver callback functions from hostapd.c to a new file 2009-01-09 17:27:03 +02:00
Jouni Malinen
81897f4c88 Moved TKIP countermeasures from hostapd.c to its own file 2009-01-09 17:12:33 +02:00
Jouni Malinen
9302c5e19c Cleanup: move related functions closer to eachother 2009-01-09 17:06:54 +02:00
Jouni Malinen
3313cea0d6 Fixed TKIP countermeasueres for drivers that do not use hostapd MLME
The Michael MIC reporting functions have to be included even when using
driver MLME.
2009-01-09 17:00:29 +02:00
Jouni Malinen
649d8890b1 Add wrapper functions for IEEE 802.11 driver calls into driver.h
These functions allow the driver_*.c wrappers not to include
ieee802_11.h.
2009-01-09 16:55:59 +02:00
Jouni Malinen
b83cbb3b3b Use a wrapper function for ieee802_1x_receive() to avoid ieee802_1x.h
Driver wrappers should not need to include ieee802_1x.h, so use a
wrapper function declared in driver.h.
2009-01-09 16:33:59 +02:00
Jouni Malinen
33eb3c4ec4 Moved disassociation processing away from driver_*.c 2009-01-09 16:27:30 +02:00
Jouni Malinen
940a0ce970 Moved association check from driver_*.c into ieee802_1x_receive() 2009-01-09 16:17:20 +02:00
Jouni Malinen
602996f8db Moved WPA setup etc. association processing away from driver_*.c
This is all details that should not need to be handled in driver_*.c.
2009-01-09 16:13:07 +02:00
Jouni Malinen
214021f585 Move RX-from-unknown-STA processing away from driver_*.c
This cleans up the driver wrapper interface by getting rid of sta_info.h
dependency in all drivers that use MLME implementation in hostapd
(driver_hostap.c and driver_nl80211.c).
2009-01-09 15:44:45 +02:00
Jouni Malinen
8607f4c31f Moved TX status processing for STA entries away from driver_*.c
Driver wrappers should not need to know about this level of core hostapd
details.
2009-01-09 15:33:36 +02:00
Jouni Malinen
76e2592190 Share the same radiotap helper implementation 2009-01-09 15:22:19 +02:00
Jouni Malinen
d200828b41 Moved rfc1042_header into driver_*.c that use it
No need to share such a small buffer and make hostapd.[ch] more complex
with it.
2009-01-09 15:06:48 +02:00
Jouni Malinen
a2f517fb93 Fixed a typo in a comment 2009-01-09 15:01:50 +02:00
Jouni Malinen
8d06da09a4 Move generic definitions away from hostapd.h
This is an initial step in trying to make hostapd.h not needed to be
included in so many files.
2009-01-08 20:14:05 +02:00
Jouni Malinen
bfddd95c9e Split hostapd/driver.h into two files
driver.h contains the definitions needed in driver wrapper
implementations (driver_*.c) and driver_i.h contains the definitions
that are used in core hostapd code to interact with the driver wrappers.
2009-01-08 20:02:56 +02:00
Jouni Malinen
f88bd28836 Added support for removing RADIUS accounting and RADIUS in general
CONFIG_NO_ACCOUNTING=y and CONFIG_NO_RADIUS=y build options can now be
used to remove RADIUS support from the hostapd build.
2009-01-08 19:15:25 +02:00
Jouni Malinen
9c584c06bd Remove MLME code from build if none of the enabled drivers need it 2009-01-08 18:40:14 +02:00
Jouni Malinen
bb305cbdcc Replaced printf() with wpa_printf() 2009-01-08 16:57:04 +02:00
Jouni Malinen
03018d3e7c Added CONFIG_NO_STDOUT_DEBUG for hostapd
This is similar to one in wpa_supplicant and can be used to reduce the
binary size by removing debugging messages.
2009-01-08 16:47:04 +02:00
Jouni Malinen
7d02e64157 Mark shared secret const in RADIUS client routines 2009-01-08 16:41:47 +02:00
Jouni Malinen
1c6e69ccda Moved documentation from developer.txt into source code files
Use Doxygen comments for functions to replace the old text file that was
not up-to-date anymore.
2009-01-08 16:33:00 +02:00
Jouni Malinen
6f78f2fb3b Preparations for 0.6.7 release 2009-01-06 20:11:15 +02:00
Jouni Malinen
f58b20ce66 Fixed IMAGE_PATH for doxygen run in root directory 2009-01-04 14:44:33 +02:00
Jouni Malinen
2eba45c8de Added endianness annotation for sparse 2009-01-03 21:00:38 +02:00
Jouni Malinen
5306f43fc3 Fixed sparse warnings about integer vs. pointer use
The configuration parsing functions seemed to have worked fine before,
but these were real bugs even if they did not show up in practice.
hostapd_ip_diff() was broken for IPv6 addresses (overwrote address and
always returned 1.
2009-01-03 20:46:32 +02:00
Jouni Malinen
d953d9ab80 Removed sparse destinations since "CC=cgcc make" works fine 2009-01-03 20:39:52 +02:00
Jouni Malinen
7e5ba1b916 Mark functions static if not used elsewhere and use proper prototypes 2009-01-03 20:38:42 +02:00
Jouni Malinen
875f6d7b93 Create all doxygen docs from root directory to get proper path names
This updated all doxygen runs to use the same style that was used for
wpa_supplicant full documents. The full vs. fast configurations are now
otherwise identical apart from fast not generating dot files or
latex/pdf version of the documentation.
2009-01-03 09:59:12 +02:00
Jouni Malinen
a17df5fb8b Fixed number of doxygen warnings 2009-01-02 22:28:04 +02:00
Jouni Malinen
a4149765a2 Added more src subdirectories into doxygen docs 2009-01-02 22:27:17 +02:00
Jouni Malinen
4be048a8a6 Updated doxygen configuration files to work with new doxygen
The doxygen run is not exactly warning free yet, but this gets a step
closer to being able to produce something useful again.
2009-01-02 21:57:51 +02:00
Jouni Malinen
862e08a9a4 Include ieee802_11_defs.h explicitly instead of assuming it gets included
Some build configurations failed to compile because this file did not
get included.
2009-01-02 21:14:21 +02:00
Jouni Malinen
79da74a20c WPS: Generate UUID based on MAC address, if not set
Generate a SHA1 hash -based UUID from the local MAC address if the UUID
was not configured. This makes it easier to prepare for WPS since there
is no need to generate an UUID.
2009-01-01 22:56:52 +02:00
Jouni Malinen
e834272f73 Include pending MFP defines in nl80211_copy.h
This can be used to get rid of the extra cpp define since we have our
local copy of wireless.h and nl80211.h.
2008-12-31 18:10:14 +02:00
Jouni Malinen
ac43f1fa39 Renamed nl80211 HT channel parameters to match with kernel 2008-12-31 17:59:13 +02:00
Jouni Malinen
df1e9601a4 Fixed SA Query Request length
Do not send extra 24 octets of random data in the end.
2008-12-31 17:50:14 +02:00
Jouni Malinen
1aa5c13471 Clear BIP keys, too, when removing broadcast keys with MFP enabled 2008-12-31 17:49:43 +02:00
Jouni Malinen
d5263983ac MFP: Remove mac80211 workaround of IGTK in monitor netdev
mac80211 can now figure out which key to use for injected frames (in
most cases), so we can remove the workaround for configuring IGTK on the
monitor interface that is used for injecting frames.
2008-12-31 17:48:13 +02:00
Jouni Malinen
88b4b4246d Added ctrl_interface command for sending a SA Query request
This can be useful for testing IEEE 802.11w functionality, so provide
means for manual request to send a SA Query request.
2008-12-30 18:04:29 +02:00
Jouni Malinen
805e6dc663 Disconnect the STA if EAP timeout is reached
There is not really much else the Authenticator can do if it does not
receive valid EAP response from the Supplicant/EAP peer. EAP-Failure
would need to be sent before trying to start again with
EAP-Request/Identity, but that is not allowed before the EAP peer
actually replies. Anyway, forcing a new association is likely to clean
up peer state, too, so it can help fixing some issues that could have
caused the peer not to be able to reply in the first place.
2008-12-29 19:16:48 +02:00
Jouni Malinen
8e09c6d253 Fixed retransmission of EAP requests if no response is received
It looks like this never survived the move from IEEE 802.1X-2001 to
IEEE 802.1X-2004 and EAP state machine (RFC 4137). The retransmission
scheduling and control is now in EAP authenticator and the
calculateTimeout() producedure is used to determine timeout for
retransmission (either dynamic backoff or value from EAP method hint).

The recommended calculations based on SRTT and RTTVAR (RFC 2988) are not
yet implemented since there is no round-trip time measurement available
yet.

This should make EAP authentication much more robust in environments
where initial packets are lost for any reason. If the EAP method does
not provide a hint on timeout, default schedule of 3, 6, 12, 20, 20, 20,
... seconds will be used.
2008-12-29 18:10:34 +02:00
Jouni Malinen
65d50f0ac6 Add RADIUS server support for identity selection hint (RFC 4284)
Previously, only the delivery option 1 from RFC 4284
(EAP-Request/Identity from the AP) was supported. Now option 3
(subsequent EAP-Request/Identity from RADIUS server) can also be used
when hostapd is used as a RADIUS server. The eap_user file will need to
have a Phase 1 user entry pointing to Identity method in order for this
to happen (e.g., "* Identity" in the end of the file). The identity hint
is configured in the same was as for AP/Authenticator case (eap_message
in hostapd.conf).
2008-12-26 20:22:12 +02:00
Andriy Tkachuk
d9f5626293 NEED_BASE64 for WPS
It looks like we need base64 routines when compiling WPS in hostapd
(used in src/wps/wps_registrar.c:910).
2008-12-26 16:40:27 +02:00
Jouni Malinen
6f5c8dbd79 Added a TODO item for sending protected Disassoc after failed SA Query 2008-12-26 15:56:30 +02:00
Jouni Malinen
cae93bdc9c Added a note about IEEE 802.11w/D7.0 update 2008-12-26 12:59:07 +02:00
Jouni Malinen
8f4617c6c4 Do not use SA Query procedure if reassociation is part of FT 2008-12-26 12:55:35 +02:00
Jouni Malinen
ff89afb77b Add Key Length field into IGTK sub-element (FTIE) per 802.11w/D7.0 2008-12-26 12:49:15 +02:00
Jouni Malinen
45c94154a6 Updated SA Query procedure to use timeouts per 802.11w/D7.0
The previous max_attempts * timeout is now replaced with two timeouts
(one for each retry, the other one for maximum wait).
2008-12-26 12:30:34 +02:00
Jouni Malinen
93b76319f1 Renamed Ping procedure into SA Query procedure per 802.11w/D7.0
This commit changes just the name and Action category per D7.0. The
retransmit/timeout processing in the AP is not yet updated with the
changes in D7.0.
2008-12-26 11:46:21 +02:00
Jouni Malinen
9a9876bf9c Fixed the MFP Status/Reason Code values per 802.11w/D7.0 2008-12-26 11:29:17 +02:00
Jouni Malinen
ff36ff00b8 Reject association if HT STA tries to use TKIP as pairwise cipher 2008-12-22 14:05:53 +02:00
Jouni Malinen
f130ba9b4a Allow HT to be enabled for a STA even without WMM
The STA won't be able to use block ACK/aggregation, but at least it
should be allowed to use MCS rates and HT40.
2008-12-22 13:05:33 +02:00
Jouni Malinen
e6f9861ace Added a note about mac80211-based drivers and nl80211 2008-12-20 13:02:29 +02:00
Jouni Malinen
a2b3a34bab IANA allocated EAP method type 51 to EAP-GPSK 2008-12-20 12:39:24 +02:00
Jouni Malinen
bae61562a4 Cleaned up EAPOL-Key timeout processing
dot11RSNAConfigGroupUpdateTimeOut and
dot11RSNAConfigPairwiseUpdateTimeOut MIB variables were only used in
draft versions of IEEE 802.11i, so rename these in order not to use
confusing name here.

Replaced EAPOL-Key timeout to use following timeouts (in
milliseconds): 100,1000,1000,1000 (this was 1000,1000,1000,0). There
is no point in sending out the final EAPOL-Key frame which would be
immediately followed by disconnection. After the change to allow
response to any pending EAPOL-Key frame, it is fine to send the first
retransmission quickly to avoid long wait in cases where Supplicant
did not receive the first frame for any reason. The new sequence will
still provide 3.1 seconds of time to get any response frame, so this
does not reduce the previous time.
2008-12-18 17:15:36 +02:00
Jouni Malinen
47f72245e2 Do not allow HT with WPA/WPA2 to be enabled without CCMP
IEEE 802.11n does not allow HT STAs to use TKIP between themselves, so
do do allow a configuration that would force this to happen if HT is
used.
2008-12-17 12:16:13 +02:00
Jouni Malinen
22a299ee9d Improve EAPOL-Key handshake stability with retransmitted frames
Accept response to any pending request, not just the last one. This
gives the Supplicant more time to reply since hostapd will now allow up
to three seconds for the reply to the first EAPOL-Key frame transmission
(and two seconds for the first retry and one second for the last) while
the previous version invalidated any old request immediately when
sending a retransmitted frame.

If the Supplicant replies to more than one request, only the first reply
to arrive at the Authenticator will be processed. As far as the
Supplicant is concerned, this behavior does not differ from the previous
one except for being less likely to cause unneeded retransmissions of
EAPOL-Key frames.

This can help in cases where power saving is used when the group key is
rekeyed or when there is excessive traffic on the channel that can delay
(or drop) EAPOL-Key frames.
2008-12-16 14:17:33 +02:00
Jouni Malinen
75fc67e97b driver_test: Handle WPS IE in non-MLME test 2008-12-12 22:52:56 +02:00
Jouni Malinen
e33bbd8f4d driver_test: Optional support for using UDP socket
driver_test can now be used either over UNIX domain socket or UDP
socket. This makes it possible to run the test over network and makes it
easier to port driver_test to Windows.

hostapd configuration: test_socket=UDP:<listen port>
wpa_supplicant configuration: driver_param=test_udp=<dst IP addr>:<port>
2008-12-12 21:35:22 +02:00
Jouni Malinen
9a6cec7bc6 Added CONFIG_IEEE80211N into defconfig (commented out) 2008-12-10 00:46:55 +02:00
Jouni Malinen
cfb7e8a086 Fixed build without CONFIG_IEEE80211N 2008-12-10 00:45:57 +02:00
Jouni Malinen
fecc01663b Updated the comment about libnl to state that version 1.1 is new enough 2008-12-09 22:41:01 +02:00
Jouni Malinen
205a372b2d Added libnl 2.0 compatibility code (CONFIG_LIBNL20=y in .config needed)
Unfortunately, at least the current libnl git snapshot changes the API
in backwards incompatible way and in a way that makes it difficult to
to allow building against the latest libnl code.
2008-12-08 22:40:58 +02:00
Jouni Malinen
d9f2b1c382 driver_test: Added support for testing WPS without use_mlme 2008-12-08 21:42:01 +02:00
Jouni Malinen
7e45830ab7 nl80211: Include copy of linux/nl80211.h with hostapd/wpa_supplicant
This makes it easier to build the packages and allows all new features
to be built into the binary regardless of which kernel is currently
used.
2008-12-08 11:04:13 +02:00
Jouni Malinen
a9d1364c5f Merged EAP-AKA' into eap_aka.c and added it to defconfig/ChangeLog 2008-12-07 19:24:56 +02:00
Jouni Malinen
bb9f45e0bb nl80211: Remove the debug print from data frame processing
This is currently happening way too frequently (mac80211 monitor
interface sends TX info for every frame) and the end result makes it
difficult to read hostapd debug log if there is large amount of data
traffic.
2008-12-04 14:20:33 +02:00
Jouni Malinen
4a7b9f885f Fixed WEP authentication (both Open System and Shared Key) with mac80211
Only one of the authentication frame types is encrypted. In order for
static WEP encryption to work properly (i.e., to not encrypt the frame),
we need to tell mac80211 about the frames that must not be encrypted.
2008-12-04 13:21:35 +02:00
Jouni Malinen
f07688e37d nl80211: Generate 802.11b mode based on 802.11g information
If the phy info from nl80211 does not include 802.11b mode, generate
that mode based on 802.11g information. This allows hw_mode=b to be used
with drivers that support 2.4 GHz band.
2008-12-03 12:42:21 +02:00
Jouni Malinen
8c37556cd1 Add a starting point for EAP-AKA' (draft-arkko-eap-aka-kdf-10)
This is just making an as-is copy of EAP-AKA server and peer
implementation into a new file and by using the different EAP method
type that is allocated for EAP-AKA' (50). None of the other differences
between EAP-AKA and EAP-AKA' are not yet included.

It is likely that once EAP-AKA' implementation is done and is found to
work correctly, large part of the EAP-AKA and EAP-AKA' code will be
shared. However, it is not reasonable to destabilize EAP-AKA
implementation at this point before it is clearer what the final
differences will be.
2008-12-02 20:12:49 +02:00