path: root/hostapd
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: Add wowlan_triggers config paramDmitry Shmidt2014-11-162-0/+12
| | | | | | | | | | New kernels in wiphy_suspend() will call cfg80211_leave_all() that will eventually end up in cfg80211_stop_ap() unless wowlan_triggers were set. For now, use the parameters from the station mode as-is. It may be desirable to extend (or constraint) this in the future for specific AP mode needs. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* Suite B: PMKID derivation for AKM 00-0F-AC:11Jouni Malinen2014-11-162-0/+12
| | | | | | | | | The new AKM uses a different mechanism of deriving the PMKID based on KCK instead of PMK. hostapd was already doing this after the KCK had been derived, but wpa_supplicant functionality needs to be moved from processing of EAPOL-Key frame 1/4 to 3/4 to have the KCK available. Signed-off-by: Jouni Malinen <j@w1.fi>
* Suite B: Add AKM 00-0F-AC:11Jouni Malinen2014-11-162-0/+8
| | | | | | | | This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The functionality itself is not yet complete, i.e., this commit only includes parts to negotiate the new AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove references to madwifi from various filesJouni Malinen2014-11-016-26/+11
| | | | | | | | Number of documentation and configuration files had references to the madwifi driver interface that was removed in the previous commit. Remove these references as well. Signed-off-by: Jouni Malinen <j@w1.fi>
* AP: Add support for Proxy ARP, DHCP snooping mechanismKyeyoon Park2014-10-273-0/+17
| | | | | | | | | | | | | | | | | | | | Proxy ARP allows the AP devices to keep track of the hardware address to IP address mapping of the STA devices within the BSS. When a request for such information is made (i.e., ARP request, Neighbor Solicitation), the AP will respond on behalf of the STA device within the BSS. Such requests could originate from a device within the BSS or also from the bridge. In the process of the AP replying to the request (i.e., ARP reply, Neighbor Advertisement), the AP will drop the original request frame. The relevant STA will not even know that such information was ever requested. This feature is a requirement for Hotspot 2.0, and is defined in IEEE Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly resides in the kernel bridge code, in order to optimize the performance and simplify kernel implementation, the DHCP snooping code was added to the hostapd. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* HT: Let the driver advertise its supported SMPS modes for AP modeEliad Peller2014-10-231-0/+1
| | | | | | | | Add smps_modes field, and let the driver fill it with its supported SMPS modes (static/dynamic). This will let us start an AP with specific SMPS mode (e.g., dynamic) that will allow it to reduce its power usage. Signed-off-by: Eliad Peller <eliad@wizery.com>
* AP: Add support for BSS load element (STA Count, Channel Utilization)Kyeyoon Park2014-10-214-0/+16
| | | | | | | | | | | | | | | The new "bss_load_update_period" parameter can be used to configure hostapd to advertise its BSS Load element in Beacon and Probe Response frames. This parameter is in the units of BUs (Beacon Units). When enabled, the STA Count and the Channel Utilization value will be updated periodically in the BSS Load element. The AAC is set to 0 sinze explicit admission control is not supported. Channel Utilization is calculated based on the channel survey information from the driver and as such, requires a driver that supports providing that information for the current operating channel. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* Add data test functionalityJouni Malinen2014-10-191-0/+162
| | | | | | | | | | | | It is now possible to run hwsim_test like data connectivity test through wpa_supplicant/hostapd control interface if CONFIG_TESTING_OPTIONS=y is used for the build. Test functionality is enabled/disabled at runtime with "DATA_TEST_CONFIG <1/0>". The "DATA_TEST_TX <dst> <src> <tos>" command can be used to request a test frame to be transmitted. "DATA-TEST-RX <dst> <src>" event is generated when the test frame is received. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd_cli: Add CLI commands enable, reload, and disableCedric Baudelet2014-10-121-0/+24
| | | | | | | | Commands are already present in ctrl_iface.c (and parsed in hostapd_ctrl_iface_receive() function) but not in hostapd_cli.c. This patch updates hostapd_cli.c with matching functions. Signed-off-by: Cedric Baudelet <cedric.baudelet@intel.com>
* hostapd: Allow OpenSSL cipherlist string to be configuredJouni Malinen2014-10-122-0/+12
| | | | | | | | The new openssl_cipher configuration parameter can be used to select which TLS cipher suites are enabled when hostapd is used as an EAP server with OpenSSL as the TLS library. Signed-off-by: Jouni Malinen <j@w1.fi>
* Report sendto() failures for hostapd ctrl_ifaceJouni Malinen2014-10-111-4/+15
| | | | | | | This makes issues with control interface operations more easily debuggable (CID 72681, CID 72686). Signed-off-by: Jouni Malinen <j@w1.fi>
* Add external EAPOL transmission option for testing purposesJouni Malinen2014-10-101-0/+43
| | | | | | | | | | The new ext_eapol_frame_io parameter can be used to configure hostapd and wpa_supplicant to use control interface for receiving and transmitting EAPOL frames. This makes it easier to implement automated test cases for protocol testing. This functionality is included only in CONFIG_TESTING_OPTIONS=y builds. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Update ChangeLog files for v2.3Jouni Malinen2014-10-091-0/+19
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd_cli: Use os_exec() for action script executionJouni Malinen2014-10-091-17/+8
| | | | | | | | | Use os_exec() to run the action script operations to avoid undesired command line processing for control interface event strings. Previously, it could have been possible for some of the event strings to include unsanitized data which is not suitable for system() use. (CVE-2014-3686) Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix hostapd GET_CONFIG wpa_pairwise_cipher valueJouni Malinen2014-09-071-1/+1
| | | | | | | Copy-paste error ended up getting rsn_pairwise_cipher value for both rsn_pairwise_cipher and wpa_pairwise_cipher (CID 72693). Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Remove unused variable assignmentJouni Malinen2014-09-031-2/+3
| | | | | | | The local bss variable is used only within the while loop, so no need to assign or even make it visible outside the loop. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add printf NULL checks to silence static analyzerSrinivas Girigowda2014-08-282-3/+6
| | | | | | | | Add NULL checks to take care of issues reported by static analyzer tool on potentially using NULL with printf format %s (which has undefined behavior even though many compilers end up printing "(null)"). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Make chan_switch command per-interface not per-BSSMichal Kazior2014-06-281-4/+16
| | | | | | | | Currently hostapd data structures aren't ready for multi-channel BSSes, so make the command work now at least with single-channel multi-BSS channel switching. Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
* ChangeLog entries for v2.2Jouni Malinen2014-06-041-0/+87
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Fix configuration of multiple RADIUS servers with SETJouni Malinen2014-05-301-2/+2
| | | | | | | | | The current RADIUS server pointer was updated after each SET command which broke parsing of multiple RADIUS servers over the control interface. Fix this by doing the final RADIUS server pointer updates only once the full configuration is available. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd_cli: Fix segmentation fault with interface commandEduardo Abinader2014-05-301-2/+2
| | | | | | | | | ctrl_ifname was not being freed and allocated consistently by using proper functions: os_free() and os_strdup(). This can result in segmentation fault when these OS specific wrappers use different implementation (e.g., with CONFIG_WPA_TRACE=y). Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
* Android: Use extended P2P functionality (ANDROID_P2P) for all vendorsDmitry Shmidt2014-04-291-9/+3
| | | | Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* Remove floating constant suffix 'd' from test coeeJouni Malinen2014-04-291-2/+2
| | | | | | | | clang scan-build does not seem to like the 'd' suffix on floating constants and ends up reporting analyzer failures. Since this suffix does not seem to be needed, get rid of it to clear such warnings. Signed-off-by: Jouni Malinen <j@w1.fi>
* ACS: Clean up ifdef CONFIG_ACS to avoid unreachable codeJouni Malinen2014-04-291-1/+2
| | | | | | | The conf->channel assignment was unreachable if CONFIG_ACS was not defined, so move that to be under #else. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Android: Disable unused parameter warningsGreg Hackmann2014-04-241-0/+3
| | | | | | | This avoids large number of undesired compiler warnings since Android build system is added -Wextra. Signed-off-by: Greg Hackmann <ghackmann@google.com>
* Remove PSMP option from ht_capabJouni Malinen2014-04-072-3/+0
| | | | | | | | | | | This was used to fill in the "PSMP support" subfield that was defined during P802.11n development. However, this subfield was marked reserved in the published IEEE Std 802.11n-2009 and it is not supported by current drivers that use hostapd for SME either. As such, there is not much point in maintaining this field as ht_capab parameter within hostapd either. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix memory leaks in hostapd configuration updatesJouni Malinen2014-04-051-0/+7
| | | | | | | | Some of the allocated configuration parameter did not free the previous value if a configuration file or ctrl_iface SET command updated a previously set value. Signed-off-by: Jouni Malinen <j@w1.fi>
* Make hs20_wan_metrics parser error print more helpfulJouni Malinen2014-03-301-1/+1
| | | | | | | pos == NULL in almost all of the error cases here, so print the full parameter value instead of the current position. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix validation of anqp_3gpp_cell_net configuration parameterJouni Malinen2014-03-301-1/+1
| | | | | | The "< '0' && > '9'" part would not match any character. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove duplicated vht_capab parser entryJouni Malinen2014-03-301-2/+0
| | | | | | | [VHT160-80PLUS80] was parsed twice with the second copy not really doing anything useful. Signed-off-by: Jouni Malinen <j@w1.fi>
* Notify STA of disconnection based on ACL changeJouni Malinen2014-03-301-4/+4
| | | | | | | | ap_sta_deauthenticate() does not necessarily send a Deauthentication frame to the STA. Use ap_sta_disconnect() to drop the association so that the notification frame goes out. Signed-off-by: Jouni Malinen <j@w1.fi>
* RADIUS server: Add support for MAC ACLJouni Malinen2014-03-291-1/+5
| | | | | | | "user" MACACL "password" style lines in the eap_user file can now be used to configured user entries for RADIUS-based MAC ACL. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Add vendor command supportAvraham Stern2014-03-272-0/+83
| | | | | | | | | | | Add support of vendor command to hostapd ctrl_iface. Vendor command's format: VENDOR <vendor id> <sub command id> [<hex formatted data>] The 3rd argument will be converted to binary data and then passed as argument to the sub command. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* Add a note on using 'iw list' to determine multi-BSS supportJouni Malinen2014-03-251-0/+5
| | | | | | | This adds a pointer to hostapd.conf to using 'iw list' with the current nl80211 drivers to determine supported interface combinations. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Enable WSC 2.0 support unconditionallyJouni Malinen2014-03-255-13/+0
| | | | | | | | | There is not much point in building devices with WPS 1.0 only supported nowadays. As such, there is not sufficient justification for maintaining extra complexity for the CONFIG_WPS2 build option either. Remove this by enabling WSC 2.0 support unconditionally. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Allow hostapd to advertise 40 MHz intolerant HT capabilityJouni Malinen2014-03-232-0/+3
| | | | | | | | ht_capab=[40-INTOLERANT] can now be used to advertise that the BSS is 40 MHz intolerant to prevent other 20/40 MHz co-ex compliant APs from using 40 MHz channel bandwidth. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add SAE and FT-SAE key_mgmt to hostapd GET_CONFIGJouni Malinen2014-03-221-0/+16
| | | | | | These options were missing from the current key_mgmt values. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix hostapd.conf description of HT40+Jouni Malinen2014-03-211-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Allow management group cipher to be configuredJouni Malinen2014-03-142-0/+25
| | | | | | | | | | This allows hostapd to set a different management group cipher than the previously hardcoded default BIP (AES-128-CMAC). The new configuration file parameter group_mgmt_cipher can be set to BIP-GMAC-128, BIP-GMAC-256, or BIP-CMAC-256 to select one of the ciphers defined in IEEE Std 802.11ac-2013. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Clean up hostapd_config_fill() parsersJouni Malinen2014-03-111-49/+45
| | | | | | | Some of the parsing code was using a bit too complex design and could be simplified after the earlier return-on-error cleanups. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix memory leaks on wpa_config_parse_string() error pathsJouni Malinen2014-03-111-4/+5
| | | | | | | hostapd configuration parser did not free the temporary buffer on some error paths. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Simplify hostapd_config_fill() error reportingJouni Malinen2014-03-111-132/+109
| | | | | | | | There is no need for trying to count the number of errors in this function since this is not a loop anymore and the return value will be either 0 or 1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove extra indentation level from hostapd_config_fill()Jouni Malinen2014-03-111-1306/+1252
| | | | | | | | | | | The configuration file parsing routines were moved to a separate function a while back, but left at the old indentation level to avoid showing large diffs in the commit and to avoid conflicts with parallel development in other branches. There is never a perfect time for this type of changes, but we might as well finally get rid of that extra indentation now with Hotspot 2.0 Rel 2 changes pulled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Document interworking realm EAP Method typesBen Greear2014-03-111-0/+2
| | | | | | Add link to the EAP type definitions document. Signed-hostap: Ben Greear <greearb@candelatech.com>
* hostapd: Add config option chanlist for DFS channelsSimon Wunderlich2014-03-112-0/+15
| | | | | | | | | | | Different channels allow different transmission power, at least in ETSI countries. Also, ETSI requires a "channel plan" for DFS operation, and channels should be randomly choosen from these channels. Add a channel list configuration option for users to add channels hostapd may pick from. Signed-hostap: Simon Wunderlich <sw@simonwunderlich.de>
* Use internal FIPS 186-2 PRF if neededJouni Malinen2014-03-112-4/+8
| | | | | | | | | | | | Previously, EAP-SIM/AKA/AKA' did not work with number of crypto libraries (GnuTLS, CryptoAPI, NSS) since the required FIPS 186-2 PRF function was not implemented. This resulted in somewhat confusing error messages since the placeholder functions were silently returning an error. Fix this by using the internal implementation of FIP 186-2 PRF (including internal SHA-1 implementation) with crypto libraries that do not implement this in case EAP-SIM/AKA/AKA' is included in the build. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix error path handling on radius_accept_attrJouni Malinen2014-03-091-0/+1
| | | | | | | This error path must not try to free the user entry since that entry was already added to the BSS list and will be freed when BSS is freed. Signed-off-by: Jouni Malinen <j@w1.fi>
* RADIUS server: Add option for storing log information to SQLite DBJouni Malinen2014-03-091-0/+8
| | | | | | | If eap_user_file is configured to point to an SQLite database, RADIUS server code can use that database for log information. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Allow arbitrary RADIUS attributes to be added into Access-AcceptJouni Malinen2014-03-082-6/+38
| | | | | | | | This extends the design already available for Access-Request packets to the RADIUS server and Access-Accept messages. Each user entry can be configured to add arbitrary RADIUS attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix hostapd error path regressionJouni Malinen2014-03-071-0/+2
| | | | | | | | | | Commit 354c903f8e47ae0fb41fb54ecc018e61d9573506 added setting of driver_ap_teardown on the hostapd exit path without taking into account that this may also be called on an error path where the interface has not been initialized. Fix the resulting NULL pointer dereference to allow hostapd to exit cleanly in error case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>