Instead of having all driver stuff collected across wpa_supplicant
and hostapd, create a common snippet that they both include and
that handles the build configuration.
If base64_encode() were to be used with a huge data array, the
previous version could have resulted in overwriting the allocated
buffer due to an integer overflow as pointed out in
http://www.freebsd.org/cgi/query-pr.cgi?pr=137484. However, there
are no know use cases in hostapd or wpa_supplicant that would do that.
Anyway, the recommended change looks reasonable and provides additional
protection should the base64_encode() function be used for something
else in the future.
Current wpa_supplicant has a bug with WEP keys, it adds a zero-length
sequence counter field to netlink which the kernel doesn't accept.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
hostapd currently tries to encrypt all auth frames,
except for "OPEN" and "SHARED with transaction 3".
This means that it will send an encrypted "unknown
auth algorithm" reply for all other algorithsm. Fix
this by changing the logic to only encrypt shared
key auth frames with transaction 3.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Change existing CONFIG_LIBNL20 compatibility code in
driver_nl80211.c to be used by both wpa_supplicant
and hostapd, but take care of nl_handle too now.
Propagate CONFIG_LIBNL20 out of .config file and onto
CFLAGS in the Makefile.
Use libnl-gen now too.
Signed-off-by: Jon Loeliger <jdl@bigfootnetworks.com>
---
This removes need for local configuration to ignore *.o and *~
and allows the src/*/.gitignore files to be removed (subdirectories
will inherit the rules from the root .gitignore).
This attribute is not supposed to be used in the response frame (i.e.,
it is only in the EAP-Request/SIM-Notification frame) per RFC 4186
chapters 10.1 and 9.9. This is a minor bug since the server is required
to ignore the contents of the EAP-Response/SIM-Notification during
protected result indication per chapter 6.2.
EAP-AKA peer was already following the similar specification in RFC 4187,
but this was somehow missed in the EAP-SIM peer implementation.
The driver wrappers should not need to include wps_hostapd.h, so let's
make this easier by introducing a driver callback for reporting Probe
Request frames.
Since we do not currently support changing the AP settings received
from M7, there is no point in actually sending out the M8 that would
likely trigger the AP to reconfigure itself and potentially reboot.
For now, we just receive the AP settings in M7 and add a local network
configuration block based on those, but NACK the message. This makes
wps_reg work like wps_pin, but by using the AP PIN instead of a client
PIN.
Old way does not work with all drivers on NetBSD and FreeBSD are
also using this so should be a safe change. [Bug 312]
Signed-off-by: Roy Marples <roy@marples.name>
Add generic functions to get/set 80211 vars, set 80211 params and
get/sid ssid.
Change NetBSD defines to match the ioctl used for portability.
Check size we're copying into instead of assuming IFNAMSIZ.
Signed-off-by: Roy Marples <roy@marples.name>
If hostapd segfaults, or is killed with -9, or the interface already exists,
when the interface is created, it will fail.
Configuration file: /tmp/hostapd/hostapd.conf
Failed to create interface mon.wlan0_0.
Using interface wlan0_0 with hwaddr 00:13:01:01:08:0a and ssid 'IG_0405_LAN'
Failed to set beacon head/tail or DTIM period
Failed to create interface wlan0_1.
Try to remove the interface and re-create it before aborting.
To ensure the supplicant starts and ends with a clean slate (keys are
already cleaned up at init and deinit time), force a null BSSID and
bogus SSID to ensure the driver isn't connected to anything.
Signed-off-by: Dan Williams <dcbw@redhat.com>
4853d5ac84 had a small bug in the order
of these function calls in _wext_deauthenticate() (_disassociate()
did have the correct order). The deauthentication frame is supposed
to go out (if driver supports that) before we disconnect more
forcefully.
Otherwise the driver might interpret the request as a request to
create/join a new adhoc network with the bogus SSID.
Signed-off-by: Dan Williams <dcbw@redhat.com>
hostapd_cli wps_pin command can now have an optional timeout
parameter that sets the PIN lifetime in seconds. This can be used
to reduce the likelihood of someone else using the PIN should an
active PIN be left in the Registrar.
The attached patch will replace get_scan_results with get_scan_results2.
This is a preparation for WPS on BSD.
And I erased "wpa_scan_result_compar". Because scan result
sorting will be done with "wpa_scan_result_compar" on
"scan_helpers.c".
I have done below tests on NetBSD with an atheros card.
- WPA2-PSK(CCMP)
- WPA-PSK(TKIP)
- PEAP(MSCHAPv2)
- EAP-TLS
- EAP-TTLS(MSCHAPv2)
This adds a cleaner mechanism for protecting against unauthorized
data frames than the previously used drop_unencrypted mechanism
(which is not even available with nl80211 and had to use a WEXT
ioctl.
The old drop_unencrypted code is left in for now as the final
surviving WEXT use in driver_nl80211.c. However, it can be removed
from the build by defining NO_WEXT. It may also be removed
eventually when most users are expected to be using recent enough
kernel version.
For now, the old code using NL80211_ATTR_STA_FLAGS is left in for
backwards compatibility with older kernel versions. It may be removed
eventually when most users are expected to be running with new
enough kernel version.
Some deployed implementations seem to advertise incorrect information
in this attribute. For example, Linksys WRT350N seems to have a
byteorder bug that breaks this negotiation. In order to interoperate
with existing implementations, assume that the Enrollee supports
everything we do.
Attached is a patch for the RoboSwitch driver in trunk. It is a
general revision of the source code.
Changes:
- Improved IEEE 802.1X conformance ([1])
- Better conformity to Broadcom specifications
- Fixed compatibility with different chipset revisions
It is worth noting that performance may drop a little using the new
driver. This can be overcome by using "multicast_only=1" as a
parameter. In that case only packets to the PAE group address are
regarded, as the previous revision of the driver did. A more detailed
description of the parameter and it's consequences is available at [2]
(summary: use "multicast_only=1" whenever possible).
[1] http://lists.shmoo.com/pipermail/hostap/2009-February/019398.html
[2] http://forum.openwrt.org/viewtopic.php?id=19873
None of the driver wrappers user this. hostapd-controlled broadcast SSID
hiding can only be used with drivers that use hostapd for handling
Beacon and Probe Request/Response frames.
None of the driver wrappers use this. Only the drivers that use hostapd
for Beacon and Probe Request/Response handling can now use IEEE 802.11d
properly.