path: root/hostapd
Commit message (Collapse)AuthorAgeFilesLines
* DPP2: Make DPP version number support available over control interfaceJouni Malinen2019-03-141-0/+31
| | | | | | | "GET_CAPABILITY dpp" can now be used to determine which version number of DPP is supported in the build. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Build configuration flags for DPP version 2 supportJouni Malinen2019-03-132-0/+6
| | | | | | | | | | The new CONFIG_DPP2=y build option for hostapd and wpa_supplicant is used to control whether new functionality defined after the DPP specification v1.0 is included. All such functionality are considered experimental and subject to change without notice and as such, not suitable for production use. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OpenSSL: Add 'check_cert_subject' support for TLS serverJared Bents2019-03-112-0/+36
| | | | | | | | | | | | | | | | | This patch added 'check_cert_subject' support to match the value of every field against the DN of the subject in the client certificate. If the values do not match, the certificate verification will fail and will reject the user. This option allows hostapd to match every individual field in the right order, also allow '*' character as a wildcard (e.g OU=Development*). Note: hostapd will match string up to 'wildcard' against the DN of the subject in the client certificate for every individual field. Signed-off-by: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com> Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com> Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Allow AP SAE configuration to be added automatically for PSKJouni Malinen2019-03-062-0/+10
| | | | | | | | | | | The new hostapd configuration parameter wps_cred_add_sae=1 can be used to request hostapd to add SAE configuration whenever WPS is used to configure the AP to use WPA2-PSK and the credential includes a passphrase (instead of PSK). This can be used to enable WPA3-Personal transition mode with both SAE and PSK enabled and PMF enabled for PSK and required for SAE associations. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Enable only group 19 by default in AP modeJouni Malinen2019-03-051-5/+9
| | | | | | | | | | | | | | | | Change the AP mode default for SAE to enable only the group 19 instead of enabling all ECC groups that are supported by the used crypto library and the SAE implementations. The main reason for this is to avoid enabling groups that are not as strong as the mandatory-to-support group 19 (i.e., groups 25 and 26). In addition, this disables heavier groups by default. In addition, add a warning about MODP groups 1, 2, 5, 22, 23, and 24 based on "MUST NOT" or "SHOULD NOT" categorization in RFC 8247. All the MODP groups were already disabled by default and would have needed explicit configuration to be allowed. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* hostapd: Add README-MULTI-APArnout Vandecappelle (Essensium/Mind)2019-02-181-0/+160
| | | | | | | | | Document what hostapd and wpa_supplicant do for Multi-AP. This is only included in hostapd, since a Multi-AP device is always an access point so it should have hostapd. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* hostapd: Support Multi-AP backhaul STA onboarding with WPSDavina Lu2019-02-182-0/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a backhaul STA through WPS. To enable this, the WPS Registrar offers a different set of credentials (backhaul credentials instead of fronthaul credentials) when the Multi-AP subelement is present in the WFA vendor extension element of the WSC M1 message. Add new configuration options to specify the backhaul credentials for the hostapd internal registrar: multi_ap_backhaul_ssid, multi_ap_backhaul_wpa_psk, multi_ap_backhaul_wpa_passphrase. These are only relevant for a fronthaul SSID, i.e., where multi_ap is set to 2 or 3. When these options are set, pass the backhaul credentials instead of the normal credentials when the Multi-AP subelement is present. Ignore the Multi-AP subelement if the backhaul config options are not set. Note that for an SSID which is fronthaul and backhaul at the same time (i.e., multi_ap == 3), this results in the correct credentials being sent anyway. The security to be used for the backaul BSS is fixed to WPA2PSK. The Multi-AP Specification only allows Open and WPA2PSK networks to be configured. Although not stated explicitly, the backhaul link is intended to be always encrypted, hence WPA2PSK. To build the credentials, the credential-building code is essentially copied and simplified. Indeed, the backhaul credentials are always WPA2PSK and never use per-device PSK. All the options set for the fronthaul BSS WPS are simply ignored. Signed-off-by: Davina Lu <ylu@quantenna.com> Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
* SAE: VLAN assignment based on SAE Password IdentifierJouni Malinen2019-02-172-9/+25
| | | | | | | | | | The new sae_password parameter [|vlanid=<VLAN ID>] can now be used to assign stations to a specific VLAN based on which SAE Password Identifier they use. This is similar to the WPA2-Enterprise case where the RADIUS server can assign stations to different VLANs and the WPA2-Personal case where vlanid parameter in wpa_psk_file is used. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Document openssl_ecdh_curves configuration parameterHristo Venev2019-02-171-0/+13
| | | | Signed-off-by: Hristo Venev <hristo@venev.name>
* VLAN assignment based on used WPA/WPA2 passphrase/PSKJouni Malinen2019-02-142-0/+5
| | | | | | | | | | | | Extend wpa_psk_file to allow an optional VLAN ID to be specified with "vlanid=<VLAN ID>" prefix on the line. If VLAN ID is specified and the particular wpa_psk_file entry is used for a station, that station is bound to the specified VLAN. This can be used to operate a single WPA2-Personal BSS with multiple VLANs based on the used passphrase/PSK. This is similar to the WPA2-Enterprise case where the RADIUS server can assign stations to different VLANs. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HE: Fix set_he_cap() parsing of config options for MU EDCA ParamsJouni Malinen2019-02-111-1/+17
| | | | | | | | | | | | | | | | | When I replaced the POS() function with ffs() when applying relevant parts from the original patch, this ended up breaking the frame construction since the POS() function was supposed to count the bit offset for the mask with 0 being the LSB instead of 1 returned by ffs(). Furthermore, ffs() is not available in all C libraries (e.g., not directly exposed by strings.h on Android), so better not depend on that or compiler builtins for this since there is no need for this to be as fast as possible in configuration parsing. Fix this with a simple function to determine the number of bits the value needs to be shifted left to align with the mask. Fixes: 11ce7a1bc3e2 ("HE: Add MU EDCA Parameter Set element (AP)") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* crl_reload_interval: Add CRL reloading supportJared Bents2019-01-272-1/+14
| | | | | | | | | | | | | | This patch adds a new flag 'crl_reload_interval' to reload CRL periodically. This can be used to reload ca_cert file and the included CRL information on every new TLS session if difference between the last reload and the current time in seconds is greater than crl_reload_interval. This reloading is used for cases where check_crl is 1 or 2 and the CRL is included in the ca_file. Signed-off-by: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com> Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
* AP: Add wpa_psk_file reloading in runtimeMichal Kazior2019-01-262-0/+69
| | | | | | | | | | | | | The wpa_psk_file can now be modified and hostapd can be told to re-read it with the control interface RELOAD_WPA_PSK command: $ hostapd_cli reload_wpa_psk It must be noted special care must be taken if WPS is configured (wps_state=2, eap_server=1) because WPS appends PMKs to the wpa_psk_file. Signed-off-by: Michal Kazior <michal@plume.com>
* AP: Allow identifying which passphrase station used with wpa_psk_fileMichal Kazior2019-01-261-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | It is now possible to optionally specify keyid for each wpa_psk_file entry: keyid=something 00:00:00:00:00:00 secretpassphrase When station connects and the passphrase it used has an associated keyid it will be appended to the AP-STA-CONNECTED event string: wlan0: AP-STA-CONNECTED 00:36:76:21:dc:7b keyid=something It's also possible to retrieve it through the control interface: $ hostapd_cli all_sta Selected interface 'ap0' 00:36:76:21:dc:7b ... keyid=something New hostapd is able to read old wpa_psk_file. However, old hostapd will not be able to read the new wpa_psk_file if it includes keyids. Signed-off-by: Michal Kazior <michal@plume.com>
* tests: Use python3 compatible print statementMasashi Honma2019-01-261-25/+25
| | | | | | | | This patch is made by using 2to3 command. $ find . -name *.py | xargs 2to3 -f print -w -n Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* tests: Use python3 compatible "except" statementMasashi Honma2019-01-261-6/+6
| | | | | | | | This patch is made by using 2to3 command. $ find . -name *.py | xargs 2to3 -f except -w -n Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* FILS: Remove notes about experimental implementationJouni Malinen2019-01-221-2/+0
| | | | | | | | | The standard amendment has been published and there has been sufficient amount of interoperability testing for FILS to expect the protocol not to be changed anymore, so remove the notes claiming this to be experimental and not suitable for production use. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Add support for setting pbss option from config fileIan Archer2019-01-211-0/+2
| | | | | | | | | | There is currently no support for setting hostapd_bss_config.pbss from a config file, i.e., it was used only based on automatic logic in wpa_supplicant. This patch adds a key naturally called "pbss" which can be used to set it. Cc: Antony King <antony.king@bluwirelesstechnology.com> Signed-off-by: Brendan Jackman <brendan.jackman@bluwirelesstechnology.com>
* HE: Add MU EDCA Parameter Set element (AP)Siva Mullati2019-01-082-0/+116
| | | | | | | Add support for configuring parameters for the MU EDCA Parameter Set element per IEEE P802.11ax/D3.0. Signed-off-by: Siva Mullati <siva.mullati@intel.com>
* Use lchown() instead of chown() for self-created filesJouni Malinen2019-01-061-15/+15
| | | | | | | | | | | | | | There is no need to allow symlink dereferencing in these cases where a file (including directories and sockets) are created by the same process, so use the safer lchown() variant to avoid leaving potential windows for something external to replace the file before the chown() call. The particular locations used here should not have write permissions enabled for processes with less privileges, so this may not be needed, but anyway, it is better to make these more restrictive should there be cases where directory permissions are not as expected for a good deployment. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Allow systemwide policies to be overriddenJouni Malinen2019-01-052-0/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some distributions (e.g., Debian) have started introducting systemwide OpenSSL policies to disable older protocol versions and ciphers throughout all programs using OpenSSL. This can result in significant number of interoperability issues with deployed EAP implementations. Allow explicit wpa_supplicant (EAP peer) and hostapd (EAP server) parameters to be used to request systemwide policies to be overridden if older versions are needed to be able to interoperate with devices that cannot be updated to support the newer protocol versions or keys. The default behavior is not changed here, i.e., the systemwide policies will be followed if no explicit override configuration is used. The overrides should be used only if really needed since they can result in reduced security. In wpa_supplicant, tls_disable_tlsv1_?=0 value in the phase1 network profile parameter can be used to explicitly enable TLS versions that are disabled in the systemwide configuration. For example, phase1="tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=0" would request TLS v1.0 and TLS v1.1 to be enabled even if the systemwide policy enforces TLS v1.2 as the minimum version. Similarly, openssl_ciphers parameter can be used to override systemwide policy, e.g., with openssl_ciphers="DEFAULT@SECLEVEL=1" to drop from security level 2 to 1 in Debian to allow shorter keys to be used. In hostapd, tls_flags parameter can be used to configure similar options. E.g., tls_flags=[ENABLE-TLSv1.0][ENABLE-TLSv1.1] Signed-off-by: Jouni Malinen <j@w1.fi>
* Allow remote RADIUS authentication with local VLAN managementNils Nieuwejaar2019-01-021-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The documentation in the hostapd.conf file says that the dynamic_vlan variable is used to control whether VLAN assignments are accepted from a RADIUS server. The implication seems to be that a static VLAN assignment will come from the accept_mac_file if dynamic_vlan is set to 0, and a dynamic assignment will come from the RADIUS server if dynamic_vlan is set to 1. Instead, I'm seeing that the static settings from the accept_mac_file are ignored if dynamic_vlan is set to 0, but used if dynamic_vlan is set to 1. If dynamic_vlan is set to 1 and the RADIUS server does not provide a VLAN, then the accept_mac_file assignment is overridden and the STA is assigned to the default non-VLANed interface. If my understanding of the expected behavior is correct, then I believe the problem is in ap_sta_set_vlan(). That routine checks the dynamic_vlan setting, but has no way of determining whether the incoming vlan_desc is static (i.e., from accept_mac_file) or dynamic (i.e., from a RADIUS server). I've attached a patch that gets hostapd working as I believe it's meant to, and updates the documentation to make the implicit behavior explicit. The functional changes are: - hostapd_allowed_address() will always extract the vlan_id from the accept_macs file. It will not update the vlan_id from the RADIUS cache if dynamic_vlan is DISABLED. - hostapd_acl_recv_radius() will not update the cached vlan_id if dynamic_vlan is DISABLED. - ieee802_1x_receive_auth() will not update the vlan_id if dynamic_vlan is DISABLED. More cosmetic: Most of the delta is just moving code out of ieee802_1x_receive_auth() into a new ieee802_1x_update_vlan() routine. While I initially did this because the new DISABLED check introduced excessive indentation, it has the added advantage of eliminating the vlan_description allocation and os_memset() call for all DYNAMIC_VLAN_DISABLED configs. I've done a couple rounds of review offline with Michael Braun (who has done much of the work in this part of the code) and incorporated his feedback. If dynamic_vlan=0 (disabled), vlan assignments will be managed using the local accept_mac_file ACL file, even if a RADIUS server is being used for user authentication. This allows us to manage users and devices independently. Signed-off-by: Nils Nieuwejaar <nils.nieuwejaar@gmail.com>
* hostapd_cli: Add option to send beacon report requestAvraham Stern2019-01-021-0/+9
| | | | | | This new 'req_beacon' command is useful for testing. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* crypto: Add option to use getrandom()Lubomir Rintel2019-01-012-0/+8
| | | | | | | | | | | | | | | | | | | | | According to random(4) manual, /dev/random is essentially deprecated on Linux for quite some time: "The /dev/random interface is considered a legacy interface, and /dev/urandom is preferred and sufficient in all use cases, with the exception of applications which require randomness during early boot time; for these applications, getrandom(2) must be used instead, because it will block until the entropy pool is initialized." An attempt to use it would cause unnecessary blocking on machines without a good hwrng even when it shouldn't be needed. Since Linux 3.17, a getrandom(2) call is available that will block only until the randomness pool has been seeded. It is probably not a good default yet as it requires a fairly recent kernel and glibc (3.17 and 2.25 respectively). Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* Update copyright notices for the new year 2019Jouni Malinen2019-01-013-5/+5
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* OCE: Add RSSI based association rejection support (AP)Beni Lev2019-01-012-0/+19
| | | | | | | | | An AP might reject a STA association request due to low RSSI. In such case, the AP informs the STA the desired RSSI improvement and a retry timeout. The STA might retry to associate even if the RSSI hasn't improved if the retry timeout expired. Signed-off-by: Beni Lev <beni.lev@intel.com>
* hostapd: Add configuration option check_crl_strictSam Voss2018-12-312-0/+9
| | | | | | | | | | | | | | | | | | | | Add the ability to ignore time-based CRL errors from OpenSSL by specifying a new configuration parameter, check_crl_strict=0. This causes the following: - This setting does nothing when CRL checking is not enabled. - When CRL is enabled, "strict mode" will cause CRL time errors to not be ignored and will continue behaving as it currently does. - When CRL is enabled, disabling strict mode will cause CRL time errors to be ignored and will allow connections. By default, check_crl_strict is set to 1, or strict mode, to keep current functionality. Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
* hostapd: Add openssl_ecdh_curves configuration parameterHristo Venev2018-12-301-0/+3
| | | | | | | | | This makes it possible to use ECDSA certificates with EAP-TLS/TTLS/etc. It should be noted that when using Suite B, different mechanism is used to specify the allowed ECDH curves and this new parameter must not be used in such cases. Signed-off-by: Hristo Venev <hristo@venev.name>
* hostapd: Support for overriding the bridge name per VLAN via vlan_fileFelix Fietkau2018-12-212-2/+14
| | | | | | | | This makes it easier to integrate dynamic VLANs in custom network configurations. The bridge name is added after the interface name in the vlan_file line, also separated by whitespace. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* DPP: Add self configuration command in hostapd_cli and wpa_cliPrasad, Jagadeesh (Contractor)2018-12-211-0/+9
| | | | | | | | | The back-end support for DPP self configuration was already present in hostapd and wpa_supplicant. However, the command to invoke DPP self configuration was not available in hostapd_cli and wpa_cli. Add the command "dpp_configurator_sign" in them. Signed-off-by: Prasad, Jagadeesh <Jagadeesh_Prasad@comcast.com>
* DPP: Accept DPP_CONFIGURATION_SIGN without double space before parametersJouni Malinen2018-12-211-1/+1
| | | | | | | Make this command more convenient to use by not requiring two space characters between the command and the first parameter. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* hostapd: Add Multi-AP protocol supportVenkateswara Naralasetty2018-12-192-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | The purpose of Multi-AP specification is to enable inter-operability across Wi-Fi access points (APs) from different vendors. This patch introduces one new configuration parameter 'multi_ap' to enable Multi-AP functionality and to configure the BSS as a backhaul and/or fronthaul BSS. Advertise vendor specific Multi-AP capabilities in (Re)Association Response frame, if Multi-AP functionality is enabled through the configuration parameter. A backhaul AP must support receiving both 3addr and 4addr frames from a backhaul STA, so create a VLAN for it just like is done for WDS, i.e., by calling hostapd_set_wds_sta(). Since Multi-AP requires WPA2 (never WEP), we can safely call hostapd_set_wds_encryption() as well and we can reuse the entire WDS condition. To parse the Multi-AP Extension subelement, we use get_ie(): even though that function is meant for parsing IEs, it works for subelements. Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* OCV: Add utility functions to insert OCI elementsMathy Vanhoef2018-12-162-0/+2
| | | | | | | This commit adds utility functions to insert various encoding of the OCI element. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* OCV: Add hostapd config parameterMathy Vanhoef2018-12-162-0/+13
| | | | | | | Add hostapd.conf parameter ocv to disable or enable Operating Channel Verification (OCV) support. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* OCV: Add build configuration for channel validation supportMathy Vanhoef2018-12-164-0/+16
| | | | | | Add compilation flags for Operating Channel Verification (OCV) support. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* HS 2.0 server: RADIUS server support for SIM provisioningJouni Malinen2018-12-151-0/+3
| | | | | | | | | | | | | This adds support for hostapd-as-RADIUS-authentication-server to request subscription remediation for SIM-based credentials. The new hostapd.conf parameter hs20_sim_provisioning_url is used to set the URL prefix for the remediation server for SIM provisioning. The random hotspot2dot0-mobile-identifier-hash value will be added to the end of this URL prefix and the same value is stored in a new SQLite database table sim_provisioning for the subscription server implementation to use. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Allow Hotspot 2.0 release number to be configuredJouni Malinen2018-12-081-0/+10
| | | | | | | | | The new hostapd configuration parameter hs20_release can be used to configure the AP to advertise a specific Hotspot 2.0 release number instead of the latest supported release. This is mainly for testing purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Move send_probe_response parameter to BSS specific itemsJouni Malinen2018-12-071-1/+1
| | | | | | This can be more convenient for testing Multiple BSSID functionality. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Update version to v2.7 and copyright years to include 2018hostap_2_7Jouni Malinen2018-12-024-5/+60
| | | | | | | Also add the ChangeLog entries for both hostapd and wpa_supplicant to describe main changes between v2.6 and v2.7. Signed-off-by: Jouni Malinen <j@w1.fi>
* Uncomment CONFIG_LIBNL32=y in defconfigJouni Malinen2018-12-021-1/+1
| | | | | | | | libnl 3.2 release is much more likely to be used nowadays than the versions using the older API, so uncomment this in wpa_supplicant and hostapd defconfig. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix hostapd testing functionality for setting key/seqJouni Malinen2018-11-301-1/+1
| | | | | | Use sizeof() correctly on seq[]. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Fix a typo in a commentJouni Malinen2018-11-251-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix dpp_configurator_get_key command name in hostapd_cliDamodaran, Rohit (Contractor)2018-11-221-1/+1
| | | | | | | | The option to get DPP configurator key in hostapd_cli was named incorrectly. It was wrongly pointing to dpp_configurator_remove. Fix this by using the correct name. Signed-off-by: Rohit Damodaran <Rohit_Damodaran@comcast.com>
* OCE: Move OCE checks to IE formation from hostapd initializationAnkita Bajaj2018-10-301-21/+2
| | | | | | | | | | Earlier, the OCE flags were checked during hostapd initialization. This doesn't address few cases like for example when the interface is added from control interface. Move the OCE flag checks to the functions that are forming the MBO/OCE IEs to cover all the different paths for enabling a BSS. Also use macros as appropriate for readability. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WNM: Collocated Interference ReportingJouni Malinen2018-10-302-0/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for negotiating WNM Collocated Interference Reporting. This allows hostapd to request associated STAs to report their collocated interference information and wpa_supplicant to process such request and reporting. The actual values (Collocated Interference Report Elements) are out of scope of hostapd and wpa_supplicant, i.e., external components are expected to generated and process these. For hostapd/AP, this mechanism is enabled by setting coloc_intf_reporting=1 in configuration. STAs are requested to perform reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report Timeout>" control interface command. The received reports are indicated as control interface events "COLOC-INTF-REPORT <addr> <dialog token> <hexdump of report elements>". For wpa_supplicant/STA, this mechanism is enabled by setting coloc_intf_reporting=1 in configuration and setting Collocated Interference Report Elements as a hexdump with "SET coloc_intf_elems <hexdump>" control interface command. The hexdump can contain one or more Collocated Interference Report Elements (each including the information element header). For additional testing purposes, received requests are reported with "COLOC-INTF-REQ <dialog token> <automatic report enabled> <report timeout>" control interface events and unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>". This commit adds support for reporting changes in the collocated interference (Automatic Report Enabled == 1 and partial 3), but not for periodic reports (2 and other part of 3). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WMM: Update WMM parameter advertisement on the flyBeni Lev2018-10-161-0/+6
| | | | | | | Update the Beacon frame template once WMM parameters have been changed and the AP is already up. Signed-off-by: Beni Lev <beni.lev@intel.com>
* HS 2.0: OSU Provider NAI List advertisementJouni Malinen2018-10-052-1/+25
| | | | | | | | | | Extend hostapd to allow the new OSU Provider NAI List ANQP-element to be advertised in addition to the previously used OSU Providers list ANQP-element. The new osu_nai2 configurator parameter option is used to specify the OSU_NAI value for the shared BSS (Single SSID) case while osu_nai remains to be used for the separate OSU BSS. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Parse sae_password option when CONFIG_SAE is enabledHai Shalom2018-09-021-1/+1
| | | | | | | | | Call to parse_sae_password was incorrectly depending on CONFIG_TESTING_OPTIONS and CONFIG_SAE. Should depend only on the latter. Fixes: 2377c1caef77 ("SAE: Allow SAE password to be configured separately (AP)") Signed-off-by: Hai Shalom <haishalom@google.com>
* hostapd: SET ht_capab support for disabling 40 MHz bandwidthSathishkumar Muruganandam2018-08-211-0/+2
| | | | | | | | | | | | | | | | | 'hostapd_cli SET ht_capab' only checked for [HT40+] or [HT40-] or both to be present. Based on the offset + or -, secondary_channel is updated but HT20/VHT20 mode can be brought up only from config file and can't be done using the SET command when the current HT mode is HT40+ or HT40-. When managing AP+STA mode from userspace doing hostapd_cli: "disable -> set channel, ht_capab -> enable" sequence, channel switch from HT40/VHT40 to HT20/VHT20 was not possible with this SET ht_capab limitation. Cover this additional case by resetting secondary_channel to 0 for HT20/VHT20 when ht_capab has neither [HT40+] nor [HT40-] present. Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
* Provide more details of WPA3 modes in hostapd.confJouni Malinen2018-08-011-1/+17
| | | | | | | Clarify that wpa=2 (i.e., RSN) is used for WPA3 and list previously undocumented wpa_key_mgmt values. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>