aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd/hostapd.conf
Commit message (Collapse)AuthorAgeFilesLines
* Do not use country_code default (was: US)Jouni Malinen2009-02-081-3/+2
| | | | | | If country_code is not included in hostapd.conf, refuse to enable IEEE 802.11d and do not try to set the regulatory domain in kernel. (cherry picked from commit 6f4071c084be304e7f16a939eb3127de98a1ff0a)
* WPS: Add support for external Registrars using UPnP transportJouni Malinen2009-02-081-0/+22
| | | | | | | | | | | | | | This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail. (cherry picked from commit f620268f13dd26c3a3f4ef5509d7d17c0f322a7d)
* WPS: Lock AP Setup on multiple AP PIN validation failuresJouni Malinen2009-02-081-0/+5
| | | | | | | If a Registrar tries to configure the AP, but fails to validate the device password (AP PIN), lock the AP setup after four failures. This protects the AP PIN against brute force guessing attacks. (cherry picked from commit 3b2cf800afaaf4eec53a237541ec08bebc4c1a0c)
* Added ap_settings option for overriding WPS AP Settings in M7Jouni Malinen2009-02-081-0/+7
| | | | | | | This optional configuration parameter can be used to override AP Settings attributes in M7 similarly to extra_cred option for Credential attribute(s) in M8. (cherry picked from commit 4c29cae9320ccc6675b59f41dddf652b997fdc71)
* WPS: Added option to disable AP auto-config on first registrationJouni Malinen2009-02-081-0/+2
| | | | | | | | | | This operation can now be moved into an external program by configuring hostapd with wps_cred_processing=1 and skip_cred_build=1. A new ctrl_iface message (WPS-REG-SUCCESS <Enrollee MAC addr> <UUID-E>) will be used to notify external programs of each successful registration and that can be used as a tricker to move from unconfigured to configured state. (cherry picked from commit aabe26a136459ca8d6e0926a0bcd85835ddafc9a)
* Added wps_cred_processing configuration option for hostapdJouni Malinen2009-02-081-0/+8
| | | | | | | | This behaves like the one in wpa_supplicant, i.e., hostapd can be configured not to process new credentials (AP settings) internally and instead pass the WPS attributes for an external program to process over ctrl_iface. (cherry picked from commit d745c7cc1a2dfee6880e7707b94f7581742370e6)
* Added an option to add (or override) Credential attribute(s) in M8Jouni Malinen2009-02-081-0/+14
| | | | (cherry picked from commit 6fa68a0ee550c6659ff426290ecdee4d425155b1)
* WPS: Generate UUID based on MAC address, if not setJouni Malinen2009-01-011-0/+1
| | | | | | Generate a SHA1 hash -based UUID from the local MAC address if the UUID was not configured. This makes it easier to prepare for WPS since there is no need to generate an UUID.
* Updated SA Query procedure to use timeouts per 802.11w/D7.0Jouni Malinen2008-12-261-7/+9
| | | | | The previous max_attempts * timeout is now replaced with two timeouts (one for each retry, the other one for maximum wait).
* Added a note about mac80211-based drivers and nl80211Jouni Malinen2008-12-201-1/+1
|
* Add some notes on which channels can be used with HT40- and HT40+Jouni Malinen2008-11-241-0/+8
| | | | | This is not a complete list, but at least it can provide some help for whoever is trying to configure hostapd for 802.11n HT40 operation.
* Added support for configuring secondary channel offset for HT40Jouni Malinen2008-11-241-3/+5
|
* Rename [40HT] to [HT40] in ht_capabJouni Malinen2008-11-241-2/+2
|
* Added IEEE 802.11n HT capability configuration (ht_capab)Jouni Malinen2008-11-241-0/+21
|
* Added preliminary Wi-Fi Protected Setup (WPS) implementationJouni Malinen2008-11-231-0/+79
| | | | | | | | | | | | | This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
* Remove experimental non-AP STA code from hostapdJouni Malinen2008-11-211-4/+0
| | | | | | | | | | This was used to allow hostapd to associate as a non-AP STA to another AP one the same channel while still acting as an AP with the Host AP driver. This was very experimental and did not work with all firmware versions. Nowadays, much better way of doing this is to use mac80211 virtual non-AP STA interface. As such, this experimental code can be removed from hostapd to reduce the code size and make MLME code easier to understand since it is now only handling AP functionality.
* Removed partial IEEE 802.11h implementationJouni Malinen2008-11-211-13/+0
| | | | | | This code was not finished and did not work with the current mac80211 design. In order to avoid confusing users, it is better to remove this completely for now and look at new implementation to work with mac80211.
* Added support for enforcing frequent PTK rekeyingJouni Malinen2008-11-061-0/+4
| | | | | | | | | | | | Added a new configuration option, wpa_ptk_rekey, that can be used to enforce frequent PTK rekeying, e.g., to mitigate some attacks against TKIP deficiencies. This can be set either by the Authenticator (to initiate periodic 4-way handshake to rekey PTK) or by the Supplicant (to request Authenticator to rekey PTK). With both wpa_ptk_rekey and wpa_group_rekey (in hostapd) set to 600, TKIP keys will not be used for more than 10 minutes which may make some attacks against TKIP more difficult to implement.
* EAP-FAST: Allow A-ID and A-ID-Info to be configured separatelyJouni Malinen2008-10-191-1/+12
| | | | | | | Changed EAP-FAST configuration to use separate fields for A-ID and A-ID-Info (eap_fast_a_id_info) to allow A-ID to be set to a fixed 16-octet len binary value for better interoperability with some peer implementations; eap_fast_a_id is now configured as a hex string.
* EAP-FAST: Make PAC-Key lifetime values configurableJouni Malinen2008-10-081-0/+8
| | | | | The hardcoded values in eap_fast.c were replaced with values read from hostapd.conf.
* EAP-FAST: Added support for disabling anonymous/authenticated provisioningJouni Malinen2008-10-081-0/+7
| | | | | | | | | eap_fast_prov config parameter can now be used to enable/disable different EAP-FAST provisioning modes: 0 = provisioning disabled 1 = only anonymous provisioning allowed 2 = only authenticated provisioning allowed 3 = both provisioning modes allowed
* Added a new driver wrapper, "none", for RADIUS server only configurationJouni Malinen2008-10-011-2/+2
| | | | | This can be used to limit hostapd code size and clean up debug output for configurations that do not use hostapd to control AP functionality.
* Added support for using SHA256-based stronger key derivation for WPA2Jouni Malinen2008-08-311-1/+2
| | | | | | IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new AKMPs and clean up AKMP processing with helper functions in defs.h.
* IEEE 802.11w: Added association pingJouni Malinen2008-08-311-1/+10
| | | | | | This updates management frame protection to use the assocition ping process from the latest draft (D6.0) to protect against unauthenticated authenticate or (re)associate frames dropping association.
* Added support for setting VLAN ID for STAs based on local MAC ACLJouni Malinen2008-08-281-1/+2
| | | | | | This allows the accept_mac_file to be used as an alternative for RADIUS server-based configuration. This is mainly to ease VLAN testing (i.e., no need to set up RADIUS server for this anymore).
* Add configuration option for enabling optional use of short preambleJouni Malinen2008-08-211-0/+11
|
* Add preliminary IEEE 802.11n support into hostapdJouni Malinen2008-08-211-0/+7
| | | | | | | | | | | | This commit brings in cleaned up version of IEEE 802.11n implementation from Intel (1). The Intel tarball includes number of other changes, too, and only the changes specific to IEEE 802.11n are brought in here. In addition, this does not include all the changes (e.g., some of the configuration parameters are still missing and driver wrapper changes for mac80211 were not included). (1) http://www.kernel.org/pub/linux/kernel/people/chuyee/wireless/iwl4965_ap/hostap_0_6_0_intel_0.0.13.1.tgz
* Added support for opportunistic key caching (OKC)Jouni Malinen2008-08-031-0/+7
| | | | | This allows hostapd to share the PMKSA caches internally when multiple BSSes or radios are being controlled by the same hostapd process.
* Cleaned up some of invalid documentation related to channel configuration.Jouni Malinen2008-07-231-7/+9
|
* Added instructions on how to create the DH parameters files.Jouni Malinen2008-05-211-0/+2
|
* Updated the comment on 'bridge' variable to mention nl80211 which needsJouni Malinen2008-05-071-3/+3
| | | | this parameter, too.
* TNC: Added TNC server support into documentation and ChangeLogsJouni Malinen2008-03-091-0/+6
|
* Added max_listen_interval configuration optionJouni Malinen2008-02-281-0/+3
| | | | | | This allows associations to be denied if the STA tries to use too large listen interval. The default value is 65535 which matches with the field size limits.
* Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 releaseJouni Malinen2008-02-281-0/+792