This adds a cleaner mechanism for protecting against unauthorized
data frames than the previously used drop_unencrypted mechanism
(which is not even available with nl80211 and had to use a WEXT
ioctl.
The old drop_unencrypted code is left in for now as the final
surviving WEXT use in driver_nl80211.c. However, it can be removed
from the build by defining NO_WEXT. It may also be removed
eventually when most users are expected to be using recent enough
kernel version.
For now, the old code using NL80211_ATTR_STA_FLAGS is left in for
backwards compatibility with older kernel versions. It may be removed
eventually when most users are expected to be running with new
enough kernel version.
We could use auto-channel selection here eventually, but for now,
reject the configuration since it is not going to work correctly
(Beacon and Probe Response frames use incorrect value in DS Params).
I've exported the methods wpsPbc, wpsReg and wpsPin (patch attached),
so wpa_supplicant should be able to connect with WPS using the dbus
interface. I couldn't test it well because the problem seems to be in
my wireless card, a Broadcom BCM4328. At least it seems to do the same
using both interfaces. With ndiswrapper driver the "wpsie" entry
(thanks Dan!) didn't appear, and with the Broadcom wl driver it
appears but I cannot associate using WPS.
Add a new DBus method "setDebugParams" which takes the parameters
debug_level, debug_timestamp and show_keys as input and updates the
internal debug variables accordingly.
To change the debug level, enable/disable timestamps and enable/disable
show_keys the following dbus-send command can be used:
dbus-send --system --dest=fi.epitest.hostap.WPASupplicant --print-reply
/fi/epitest/hostap/WPASupplicant fi.epitest.hostap.WPASupplicant.setDebugParams
int32:0 boolean:false boolean:false
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Port the code from wpa_supplicant to re-use an existing ctrl_iface
socket file if the file does not seem to be in use. This allows
hostapd to recover from unclean shutdown of the control interface.
Some deployed implementations seem to advertise incorrect information
in this attribute. For example, Linksys WRT350N seems to have a
byteorder bug that breaks this negotiation. In order to interoperate
with existing implementations, assume that the Enrollee supports
everything we do.
Attached is a patch for the RoboSwitch driver in trunk. It is a
general revision of the source code.
Changes:
- Improved IEEE 802.1X conformance ([1])
- Better conformity to Broadcom specifications
- Fixed compatibility with different chipset revisions
It is worth noting that performance may drop a little using the new
driver. This can be overcome by using "multicast_only=1" as a
parameter. In that case only packets to the PAE group address are
regarded, as the previous revision of the driver did. A more detailed
description of the parameter and it's consequences is available at [2]
(summary: use "multicast_only=1" whenever possible).
[1] http://lists.shmoo.com/pipermail/hostap/2009-February/019398.html
[2] http://forum.openwrt.org/viewtopic.php?id=19873
None of the driver wrappers user this. hostapd-controlled broadcast SSID
hiding can only be used with drivers that use hostapd for handling
Beacon and Probe Request/Response frames.
None of the driver wrappers use this. Only the drivers that use hostapd
for Beacon and Probe Request/Response handling can now use IEEE 802.11d
properly.
Note: This changes values for existing NL80211_ATTR_MAX_SCAN_IE_LEN
and NL80211_ATTR_KEY_TYPE (for some reason, they ended up getting
swapped in wireless-testing.git) and as such, could break Michael
MIC error reporting (well, at least partially).
When in AP mode, wpa_supplicant is now enabling WPS (only Internal
Registrar). wpa_cli wps_pbc and wps_pin commands can be used to initiate
WPS negotiation similarly to how this is done in station mode (though,
the BSSID parameter is ignored).
There is no point in trying to continue if a 4-way handshake frame is
discarded or if PTK/GTK/IGTK configuration fails. Force the client to
disconnect in such a case to avoid confusing user by claiming the
connection was successfully completed.
These driver wrappers use UNIX domain sockets and as such, won't be
built with Microsoft compiler. Consequently, use of C99-style designated
initializers can be used to make these files easier to maintain. Only
driver_ndis.c needs to support the old C89-style due to Microsoft
compiler not supporting newer C standard.
This was not really supported by any of the included driver wrappers. If
this functionality is desired in the future, this (or something similar)
can be added with the changes needed into a driver wrapper to use the
mechanism.
This simplifies driver wrapper operations and removes last direct
struct hostapd_data dereferences from driver_nl80211.c. In addition,
some of the TX callbacks are now fixed for secondary BSSes.
This fixes deauth/disassoc frames in secondary BSSes when using
multi-BSSID. In addition, it reduces need to dereference
struct hostapd_data inside driver wrappers.
NO_WEXT can be defined to disable all remaining WEXT uses from
driver_nl80211.c. This breaks some functionality, so the code is still
in use by default. Anyway, the new #ifdef blocks make it easy to search
for areas that need to be converted to nl80211.
Instead of adding a new driver_ops for fetching neighbor BSS data (that
nl80211 driver interface had to scan during initialization), share the
same scan operations that wpa_supplicant is using. This gets rid of
duplicated scan code in driver_nl80211.c (and better yet, removes large
part of old WEXT code).
hostapd interface initialization is now completed in a callback, if
needed, i.e., he_features channel/hw_mode selection can use as much time
as needed. This can also help with radar detection in the future.