hostap/src/ap
Alexander Wetzel 1a7963e36f AP: Allow PTK rekeying without Ext KeyID to be disabled as a workaround
Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken
implementations and should be avoided when using or interacting with
one. The effects can be triggered by either end of the connection and
range from hardly noticeable disconnects over long connection freezes up
to leaking clear text MPDUs.

To allow affected users to mitigate the issues, add a new hostapd
configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys
with disconnection. This requires the station to reassociate to get
connected again and as such, can result in connectivity issues as well.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-02-23 12:22:49 +02:00
..
accounting.c Extra RADIUS request attributes from SQLite 2019-07-30 19:58:09 +03:00
accounting.h RADIUS: Use more likely unique accounting Acct-{,Multi-}Session-Id 2016-02-06 17:10:19 +02:00
acs.c AP: Populate iface->freq before starting AP 2019-12-20 12:42:47 +02:00
acs.h ACS: Fix memory leak if interface is disabled during scan 2017-03-04 17:30:15 +02:00
airtime_policy.c hostapd: Add airtime policy configuration support 2019-05-02 14:57:43 +03:00
airtime_policy.h hostapd: Add airtime policy configuration support 2019-05-02 14:57:43 +03:00
ap_config.c AP: Allow PTK rekeying without Ext KeyID to be disabled as a workaround 2020-02-23 12:22:49 +02:00
ap_config.h AP: Allow PTK rekeying without Ext KeyID to be disabled as a workaround 2020-02-23 12:22:49 +02:00
ap_drv_ops.c Introduce and add key_flag 2020-01-09 12:38:36 +02:00
ap_drv_ops.h Introduce and add key_flag 2020-01-09 12:38:36 +02:00
ap_list.c Remove CONFIG_IEEE80211N build option 2020-02-22 19:20:44 +02:00
ap_list.h Move ap_list_timer() to use common AP periodic cleanup mechanism 2015-07-20 13:42:35 +03:00
ap_mlme.c FILS: Do not clear PTK on FILS Auth/Assoc (AP) 2016-10-22 18:11:14 +03:00
ap_mlme.h
authsrv.c EAP server: Configurable maximum number of authentication message rounds 2019-09-01 17:19:35 +03:00
authsrv.h
beacon.c Remove Secondary Channel Offset element from Beacon/Probe Response frames 2020-02-22 19:20:44 +02:00
beacon.h hostapd: Added signal level to STA tracking 2016-10-29 00:55:49 +03:00
bss_load.c hostapd: Add average channel utilization in STATUS 2017-12-12 00:48:27 +02:00
bss_load.h
ctrl_iface_ap.c Remove CONFIG_IEEE80211N build option 2020-02-22 19:20:44 +02:00
ctrl_iface_ap.h DPP: Allow PMKSA cache entries to be added through hostapd ctrl_iface 2017-06-19 21:13:17 +03:00
dfs.c DFS: Don't handle DFS ops for 6 GHz channels 2019-12-05 17:12:27 +02:00
dfs.h DFS: Handle pre-CAC expired event 2017-03-09 17:01:50 +02:00
dhcp_snoop.c BSD: Use struct ip rather than struct iphdr 2020-01-02 19:17:10 +02:00
dhcp_snoop.h
dpp_hostapd.c DPP: Received Configurator backup processing 2020-01-31 23:16:05 +02:00
dpp_hostapd.h DPP: NFC negotiated connection handover 2020-01-27 20:36:09 +02:00
drv_callbacks.c Do not skip MBO PMF check with the WPS special case WPA check exception 2020-02-22 19:20:44 +02:00
eap_user_db.c Check snprintf result to avoid compiler warnings 2018-12-24 11:09:22 +02:00
eth_p_oui.c FT: Replace inter-AP protocol with use of OUI Extended Ethertype 2017-05-03 18:30:31 +03:00
eth_p_oui.h FT: Replace inter-AP protocol with use of OUI Extended Ethertype 2017-05-03 18:30:31 +03:00
fils_hlp.c BSD: Use struct ip rather than struct iphdr 2020-01-02 19:17:10 +02:00
fils_hlp.h FILS: DHCP relay for HLP requests 2017-02-01 18:17:39 +02:00
gas_query_ap.c DPP: Integration for hostapd 2017-06-19 21:13:17 +03:00
gas_query_ap.h DPP: Integration for hostapd 2017-06-19 21:13:17 +03:00
gas_serv.c DPP2: hostapd as TCP Relay 2019-04-22 21:08:59 +03:00
gas_serv.h DPP2: hostapd as TCP Relay 2019-04-22 21:08:59 +03:00
hostapd.c Remove CONFIG_IEEE80211N build option 2020-02-22 19:20:44 +02:00
hostapd.h HT: Remove SMPS in AP mode 2020-02-16 13:58:54 +02:00
hs20.c Remove CONFIG_IEEE80211W build parameter 2019-09-08 17:33:40 +03:00
hs20.h HS 2.0: Move Terms and Conditions Server URL generation from AP to AS 2018-06-21 20:50:54 +03:00
hw_features.c Remove CONFIG_IEEE80211N build option 2020-02-22 19:20:44 +02:00
hw_features.h Silence compiler warning in no-NEED_AP_MLME builds 2020-01-09 12:44:08 +02:00
ieee802_1x.c Introduce and add key_flag 2020-01-09 12:38:36 +02:00
ieee802_1x.h Extra RADIUS request attributes from SQLite 2019-07-30 19:58:09 +03:00
ieee802_11.c Remove CONFIG_IEEE80211N build option 2020-02-22 19:20:44 +02:00
ieee802_11.h Remove Secondary Channel Offset element from Beacon/Probe Response frames 2020-02-22 19:20:44 +02:00
ieee802_11_auth.c Fix possible memory leak of RADIUS data in handle_auth() 2019-12-29 23:43:55 +02:00
ieee802_11_auth.h Make hostapd_copy_psk_list() non-static 2019-12-29 23:34:01 +02:00
ieee802_11_he.c HE: Dynamically turn on TWT responder support 2020-02-16 12:37:47 +02:00
ieee802_11_ht.c Fix a typo in a comment 2020-02-22 19:20:44 +02:00
ieee802_11_shared.c AP mode indication of Beacon protection being enabled 2020-02-17 23:48:24 +02:00
ieee802_11_vht.c AP: Publish only HE capabilities and operation IEs on 6 GHz band 2019-10-15 15:39:22 +03:00
Makefile Remove IAPP functionality from hostapd 2019-09-11 13:11:03 +03:00
mbo_ap.c MBO: Do not parse reason_detail in non_pref_chan attr (AP) 2016-09-25 17:31:26 +03:00
mbo_ap.h MBO: Parse non-preferred channel list on the AP 2016-02-22 21:17:38 +02:00
ndisc_snoop.c Fix DHCP/NDISC snoop deinit followed by failing re-init 2017-03-04 11:42:15 +02:00
ndisc_snoop.h
neighbor_db.c hostapd: Support showing neighbor list through hostapd_cli 2019-12-26 17:59:03 +02:00
neighbor_db.h hostapd: Support showing neighbor list through hostapd_cli 2019-12-26 17:59:03 +02:00
p2p_hostapd.c
p2p_hostapd.h
pmksa_cache_auth.c FILS: Update PMKID derivation rules for ERP key hierarchy establishment 2017-09-13 22:17:58 +03:00
pmksa_cache_auth.h OWE: PMKSA caching in AP mode 2017-10-09 12:12:54 +03:00
preauth_auth.c
preauth_auth.h
rrm.c hostapd: Fix a typo in function name 2019-01-02 16:40:34 +02:00
rrm.h Report beacon request TX status as control interface event 2017-01-03 16:02:58 +02:00
sta_info.c Remove CONFIG_IEEE80211N build option 2020-02-22 19:20:44 +02:00
sta_info.h SAE: A bit optimized sae_confirm_immediate=2 for testing purposes 2020-01-08 20:57:08 +02:00
taxonomy.c Fix or supress various sparse warnings 2017-01-29 18:33:10 +02:00
taxonomy.h taxonomy: Store Probe Request frames in hostapd_sta_info 2016-09-22 00:45:24 +03:00
tkip_countermeasures.c hostapd: Add logging around Michael MIC related failures 2018-04-02 16:51:29 +03:00
tkip_countermeasures.h
utils.c
vlan.c VLAN: Fix vlan_compare() for tagged VLANs 2016-02-22 19:53:05 +02:00
vlan.h radius: Add tagged VLAN parsing 2016-02-17 11:46:13 +02:00
vlan_full.c vlan: Use new bridge ioctl() 2019-01-02 00:23:43 +02:00
vlan_ifconfig.c vlan: Move if_nametoindex() use out of vlan_init.c 2016-03-25 18:00:44 +02:00
vlan_init.c Check snprintf result to avoid compiler warnings 2018-12-24 11:09:22 +02:00
vlan_init.h VLAN: Separate station grouping and uplink configuration 2016-02-17 11:46:11 +02:00
vlan_ioctl.c Use own header file for defining Linux VLAN kernel interface 2016-03-26 11:24:38 +02:00
vlan_util.c vlan: Remove unnecessary header includes from netlink implementation 2016-03-25 17:27:16 +02:00
vlan_util.h vlan: Move if_nametoindex() use out of vlan_init.c 2016-03-25 18:00:44 +02:00
wmm.c Fix wmm compile on fedora-17 (gcc 4.7.2) 2020-02-03 02:03:32 +02:00
wmm.h
wnm_ap.c Add BIGTK KDE and subelement similarly to IGTK 2020-02-17 23:48:24 +02:00
wnm_ap.h WNM: Collocated Interference Reporting 2018-10-30 14:07:51 +02:00
wpa_auth.c AP: Allow PTK rekeying without Ext KeyID to be disabled as a workaround 2020-02-23 12:22:49 +02:00
wpa_auth.h AP: Allow PTK rekeying without Ext KeyID to be disabled as a workaround 2020-02-23 12:22:49 +02:00
wpa_auth_ft.c Add BIGTK KDE and subelement similarly to IGTK 2020-02-17 23:48:24 +02:00
wpa_auth_glue.c AP: Allow PTK rekeying without Ext KeyID to be disabled as a workaround 2020-02-23 12:22:49 +02:00
wpa_auth_glue.h
wpa_auth_i.h Generate BIGTK and rekey it with IGTK 2020-02-17 23:48:24 +02:00
wpa_auth_ie.c Merge wpa_supplicant and hostapd EAPOL-Key KDE parsers 2019-10-18 13:02:27 +03:00
wpa_auth_ie.h Merge wpa_supplicant and hostapd EAPOL-Key KDE parsers 2019-10-18 13:02:27 +03:00
wpa_auth_kay.c macsec: Support IEEE 802.1X(EAP)/PSK MACsec Key Agreement in hostapd 2019-06-03 20:27:44 +03:00
wpa_auth_kay.h macsec: Support IEEE 802.1X(EAP)/PSK MACsec Key Agreement in hostapd 2019-06-03 20:27:44 +03:00
wps_hostapd.c WPS: Mark added PSK entry with wps=1 tag for per-Enrollee PSK case 2020-02-16 11:54:36 +02:00
wps_hostapd.h
x_snoop.c
x_snoop.h