aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
Commit message (Collapse)AuthorAgeFilesLines
* Update copyright notices to include the new yearJouni Malinen2011-02-273-5/+5
|
* Remove obsolete comments about libnl 1.1 being newJouni Malinen2011-02-211-6/+0
|
* hostapd: Allow coexistance of HT BSSes with WEP/TKIP BSSesHelmut Schaa2011-02-211-4/+5
| | | | | | | | | | | | | | | | | | | In multi BSS setups it wasn't possible to set up an HT BSS in conjunction with a WEP/TKIP BSS. HT needed to be turned off entirely to allow WEP/TKIP BSSes to be used. In order to allow HT BSSes to coexist with non-HT WEP/TKIP BSSes add a new BSS conf attribute "disable_11n" which disables HT capabilities on a single BSS by suppressing HT IEs in the beacon and probe response frames. Furthermore, mark all STAs associated to a WEP/TKIP BSS as non-HT STAs. The disable_11n parameter is used internally; no new entry is parsed from hostapd.conf. This allows a non-HT WEP/TKIP BSS to coexist with a HT BSS without having to disable HT mode entirely. Nevertheless, all STAs associated to the WEP/TKIP BSS will only be served as if they were non-HT STAs. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
* hostapd: Add require_ht configuration parameterJouni Malinen2011-02-092-0/+5
| | | | | This can be used to configure hostapd to reject association with any station that does not support HT PHY.
* P2P: Allow WPS_PBC command on GO to select on P2P Device AddressJouni Malinen2011-02-071-1/+1
| | | | | | | | | | | | | | An optional parameter, p2p_dev_addr, can now be given to WPS_PBC command on P2P GO to indicate that only the P2P device with the specified P2P Device Address is allowed to connect using PBC. If any other device tries to use PBC, a session overlap is indicated and the negotiation is rejected with M2D. The command format for specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g., WPS_PBC p2p_dev_addr=02:03:04:05:06:07 In addition, show the PBC session overlap indication as a WPS failure event on an AP/GO interface. This particular new case shows up as "WPS-FAIL msg=4 config_error=12".
* hostapd: Add iface-name wpa_msg() callback registrationBen Greear2011-02-061-0/+11
| | | | | | | This allows the interface name to be automatically added to log file lines by the core logging logic. Signed-off-by: Ben Greear <greearb@candelatech.com>
* hostapd: Allow logging to fileBen Greear2011-02-065-1/+32
| | | | | | Also supports 'relog' CLI command to re-open the log file. Signed-off-by: Ben Greear <greearb@candelatech.com>
* AP: Introduce sta authorized wrappersJohannes Berg2011-02-021-2/+1
| | | | | | | | To enable making state change notifications on the WLAN_STA_AUTHORIZED flag, introduce ap_sta_set_authorized(), and to reduce use of the flag itself also add a wrapper for testing the flag: ap_sta_is_authorized(). Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* AP: Enable WMM with default parameters by default for HTJohannes Berg2011-02-012-4/+1
| | | | | | | | If WMM is not disabled explicitly (wmm_enabled=0 in hostapd.conf), enable WMM automatically whenever HT (ieee80211n) is enabled. Use the default WMM parameters for AP TX queues and the EDCA parameters advertised for stations in WMM IE if no overriding values are included in the configuration.
* hostapd: Ensure that the destination directory existsMike Crowe2011-01-301-0/+1
| | | | | | | Ensure that the destination binary directory exists before installing into it. Signed-off-by: Mike Crowe <mac@mcrowe.com>
* Use DESTDIR when installing hostapd to support cross-compilingMike Crowe2011-01-301-1/+1
| | | | Signed-off-by: Mike Crowe <mac@mcrowe.com>
* hostapd: Allow TDLS use to be prohibited in the BSSJouni Malinen2011-01-282-0/+20
| | | | | | tdls_prohibit=1 and tdls_prohibit_chan_switch=1 and now be used to disable use of TDLS or TDLS channel switching in the BSS using extended cabilities IE as defined in IEEE 802.11z.
* Allow AP mode to disconnect STAs based on low ACK conditionJohannes Berg2010-12-282-0/+7
| | | | | | | | | | | The nl80211 driver can report low ACK condition (in fact it reports complete loss right now only). Use that, along with a config option, to disconnect stations when the data connection is not working properly, e.g., due to the STA having went outside the range of the AP. This is disabled by default and can be enabled with disassoc_low_ack=1 in hostapd or wpa_supplicant configuration file. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* hostapd_driver_ops reductionJouni Malinen2010-11-241-2/+3
| | | | | set_sta_vlan, get_inact_sec, sta_deauth, sta_disassoc, and sta_remove to use inline functions instead of extra abstraction.
* Maintain internal entropy pool for augmenting random number generationJouni Malinen2010-11-232-0/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By default, make hostapd and wpa_supplicant maintain an internal entropy pool that is fed with following information: hostapd: - Probe Request frames (timing, RSSI) - Association events (timing) - SNonce from Supplicants wpa_supplicant: - Scan results (timing, signal/noise) - Association events (timing) The internal pool is used to augment the random numbers generated with the OS mechanism (os_get_random()). While the internal implementation is not expected to be very strong due to limited amount of generic (non-platform specific) information to feed the pool, this may strengthen key derivation on some devices that are not configured to provide strong random numbers through os_get_random() (e.g., /dev/urandom on Linux/BSD). This new mechanism is not supposed to replace proper OS provided random number generation mechanism. The OS mechanism needs to be initialized properly (e.g., hw random number generator, maintaining entropy pool over reboots, etc.) for any of the security assumptions to hold. If the os_get_random() is known to provide strong ramdom data (e.g., on Linux/BSD, the board in question is known to have reliable source of random data from /dev/urandom), the internal hostapd random pool can be disabled. This will save some in binary size and CPU use. However, this should only be considered for builds that are known to be used on devices that meet the requirements described above. The internal pool is disabled by adding CONFIG_NO_RANDOM_POOL=y to the .config file.
* Fix hlr_auc_gw build with CONFIG_WPA_TRACE=yJouni Malinen2010-11-231-0/+2
|
* Annotate places depending on strong random numbersJouni Malinen2010-11-231-2/+3
| | | | | | | | | | | | | This commit adds a new wrapper, random_get_bytes(), that is currently defined to use os_get_random() as is. The places using random_get_bytes() depend on the returned value being strong random number, i.e., something that is infeasible for external device to figure out. These values are used either directly as a key or as nonces/challenges that are used as input for key derivation or authentication. The remaining direct uses of os_get_random() do not need as strong random numbers to function correctly.
* Drop local stations on broadcast deauth/disassoc requestJouni Malinen2010-11-101-0/+4
| | | | | | When hostapd_cli deauth/disassoc is used with ff:ff:ff:ff:ff:ff address, drop all local STA entries in addition to sending out the broadcast deauth/disassoc frame.
* Fix a typo in the commentJouni Malinen2010-11-101-1/+1
|
* hostapd: Prohibit WEP configuration when HT is enabledYogesh Ashok Powar2010-11-091-0/+7
| | | | | | | WFA 11n testing does not allow WEP when IEEE 802.11n is enabled. Reject such combination when parsing hostapd configuration file. Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
* hostapd: Add comment about CONFIG_FULL_DYNAMIC_VLAN to defconfigHelmut Schaa2010-11-091-0/+4
| | | | | | | Add comment about CONFIG_FULL_DYNAMIC_VLAN to defconfig. By default this feature is still disabled. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
* Allow client isolation to be configured (ap_isolate=1)Felix Fietkau2010-11-092-0/+6
| | | | | | Client isolation can be used to prevent low-level bridging of frames between associated stations in the BSS. By default, this bridging is allowed.
* Add bridge handling for WDS STA interfacesFelix Fietkau2010-11-092-0/+8
| | | | | By default, add them to the configured bridge of the AP interface (if present), but allow the user to specify a separate bridge.
* Remove unused TX queue parameters related to Beacon framesJouni Malinen2010-11-042-22/+11
| | | | | | | These are not used by any driver wrapper, i.e., only the four data queues (BK, BE, VI, VO) are configurable. Better remove these so that there is no confusion about being able to configure something additional.
* Add ctrl_iface command 'GET version'Jouni Malinen2010-10-312-1/+49
| | | | | This can be used to fetch the wpa_supplicant/hostapd version string.
* Add WPA_IGNORE_CONFIG_ERRORS option to continue in case of bad configDmitry Shmidt2010-10-311-0/+2
| | | | | | | | | This is an option to continue with wpa_supplicant and hostapd even if config file has errors. The problem is that these daemons are the best "candidates" for the config change, so if they can not start because config file was let's say corrupted, you can not fix it easily. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* hostapd: Add wps_config ctrl_interface command for configuring APJouni Malinen2010-10-213-0/+84
| | | | | | This command can be used to configure the AP using the internal WPS registrar. It works in the same way as new AP settings received from an ER.
* WPS: Update Beacon/ProbeResp IE on wps_version_number changesJouni Malinen2010-10-191-1/+2
| | | | | | This test command is supposed to change the WPS version number in all places immediately, so make sure that the IEs used in management frames get updated immediately.
* P2P: Extend P2P manager functionality to work with driver MLMEJouni Malinen2010-10-081-0/+5
| | | | | Add P2P IE into Beacon, Probe Response, and (Re)Association Request frames for drivers that generate this frames internally.
* Fix hostapd_cli get_config not to show key when WPA is disabledJouni Malinen2010-10-081-4/+6
| | | | | Previously, incorrectly configured passphrase or group cipher type could be shown even if WPA was disabled.
* Fix .gitignore files to not ignore subdirectory matchesJouni Malinen2010-10-071-7/+0
| | | | | | | The previous used .gitignore files were mathing some files that were actually already in the repository (e.g., hostapd/logwatch/hostapd). Avoid this by listing the conflicting entries in the root directory .gitignore with full path.
* Mark ctrl_iface RX debug for PING commands excessiveJouni Malinen2010-09-241-1/+4
| | | | | | This cleans up debug log from unnecessary entries when using wpa_cli/hostapd_cli or other ctrl_iface monitors that PING periodically to check connectivity.
* WPS 2.0: Disable WPS if ignore_broadcast_ssid or WEP is usedJouni Malinen2010-09-241-0/+14
| | | | | These combinations are disallowed in WPS 2.0 (and do not work well (or at all) with many deployed WPS 1.0 devices either).
* WPS: Add hostapd_cli get_config commandJouni Malinen2010-09-233-0/+181
| | | | This can be used by a WPS UI to display the current AP configuration.
* WPS: Add wps_check_pin command for processing PIN from user inputJouni Malinen2010-09-233-0/+84
| | | | | UIs can use this command to process a PIN entered by a user and to validate the checksum digit (if present).
* WPS: Make testing operations configurable at runtimeJouni Malinen2010-09-223-0/+69
| | | | | | | | | | | | | | | | | | | Instead of build time options (CONFIG_WPS_TESTING_EXTRA_CRED and CONFIG_WPS_EXTENSIBILITY_TESTING), use a single build option (CONFIG_WPS_TESTING) and runtime configuration of which testing operations are enabled. This allows a single binary to be used for various tests. The runtime configuration can be done through control interface with wpa_cli/hostapd_cli commands: Enable extensibility tests: set wps_version_number 0x57 Disable extensibility tests (WPS2 build): set wps_version_number 0x20 Enable extra credential tests: set wps_testing_dummy_cred 1 Disable extra credential tests: set wps_testing_dummy_cred 0
* EAP-pwd: Add support for EAP-pwd server and peer functionalityDan Harkins2010-09-153-0/+15
| | | | | This adds an initial EAP-pwd (RFC 5931) implementation. For now, this requires OpenSSL.
* P2P: Add forgotten allow_cross_connection exampleJouni Malinen2010-09-091-0/+3
|
* P2P: Add preliminary P2P Manager AP support for hostapdJouni Malinen2010-09-093-0/+87
|
* WPS: Fix CONFIG_WPS_STRICT build optionJouni Malinen2010-09-091-5/+5
| | | | This was not supposed to be depending on CONFIG_WPS_NFC.
* WPS 2.0: Make WSC 2.0 support to be build option (CONFIG_WPS2)Jouni Malinen2010-09-093-0/+7
| | | | | For now, the default build will only include WSC 1.0 support. CONFIG_WPS2=y can be used to add support for WSC 2.0.
* WPS 2.0: Validate WPS attributes in management frames and WSC messagesJouni Malinen2010-09-091-0/+5
| | | | | | | | If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and reject the frames if any of the mandatory attributes is missing or if an included attribute uses an invalid value. In addition, verify that all mandatory attributes are included and have valid values in the WSC messages.
* WPS 2.0: Add virtual/physical display and pushbutton config methodsJouni Malinen2010-09-091-2/+3
|
* WPS 2.0: Add support for AuthorizedMACs attributeJouni Malinen2010-09-093-5/+23
| | | | | | | | | | Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
* Fix hostapd build with CONFIG_IEEE80211N but without NEED_AP_MLMEJouni Malinen2010-09-051-2/+2
|
* WPS: Add support for dynamic AP PIN managementJouni Malinen2010-08-244-2/+112
| | | | | | | | | A new hostapd_cli command, wps_ap_pin, can now be used to manage AP PIN at runtime. This can be used to generate a random AP PIN and to only enable the AP PIN for short period (e.g., based on user action on the AP device). Use of random AP PIN that is only enabled for short duration is highly recommended to avoid security issues with a static AP PIN.
* EAP server: Add support for configuring fragment sizeJouni Malinen2010-07-212-0/+5
|
* Fix a typo in Disassociation frame buildingJouni Malinen2010-07-181-1/+1
| | | | | This did not really change any behavior since Deauthentication frame uses the same format.
* Preparations for 0.7.2 releaseJouni Malinen2010-04-181-0/+27
|
* WPS: Include CONFIG_EAP automatically if WPS is enabledJouni Malinen2010-04-171-0/+1
|