aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd/Makefile
Commit message (Collapse)AuthorAgeFilesLines
* Move parts of wpa_cli to a new common fileMikael Kanstrup2016-08-061-1/+4
| | | | | | | | In preparation for adding further command completion support to hostapd_cli move some cli related utility functions out of wpa_cli into a new common cli file. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
* hostapd: Handle Neighbor Report Request frameDavid Spinadel2016-04-171-0/+1
| | | | | | | Process Neighbor Report Request frame and send Neighbor Report Response frame based on the configured neighbor report data. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* hostapd: Add a database of neighboring APsDavid Spinadel2016-04-161-0/+1
| | | | | | | | | | | | | | | | | Add a configurable neighbor database that includes the content of Nighbor Report element, LCI and Location Civic subelements and SSID. All parameters for a neighbor must be updated at once; Neighbor Report element and SSID are mandatory, LCI and civic are optional. The age of LCI is set to the time of neighbor update. The control interface API is: SET_NEIGHBOR <BSSID> <ssid=SSID> <nr=data> [lci=<data>] [civic=<data>] To delete a neighbor use: REMOVE_NEIGHBOR <BSSID> <SSID> Signed-off-by: David Spinadel <david.spinadel@intel.com>
* Drop USE_KERNEL_HEADERS defineJouni Malinen2016-03-261-4/+0
| | | | | | | | | | This was only used for providing an option to use linux/if_packet.h instgead of netpacket/packet.h in src/ap/iapp.c. However, netpacket/packet.h is nowadays commonly available and hostapd already depends on it through src/l2_packet/l2_packet_linux.c, so there is no need to continue to provide this option for the kernel header. Signed-off-by: Jouni Malinen <j@w1.fi>
* vlan: Move ifconfig helpers to a separate fileJouni Malinen2016-03-251-0/+1
| | | | | | This removes final ioctl() use within vlan_init.c. Signed-off-by: Jouni Malinen <j@w1.fi>
* vlan: Move CONFIG_FULL_DYNAMIC_VLAN functionality into a separate fileJouni Malinen2016-03-251-0/+1
| | | | | | | This cleans up vlan_init.c by removing number of C pre-processor dependencies. Signed-off-by: Jouni Malinen <j@w1.fi>
* vlan: Clean up netlink vs. ioctl API implementationJouni Malinen2016-03-251-8/+6
| | | | | | | | | | | Move the ioctl-based VLAN implementation to a separate file to avoid need for conditional blocks within vlan_ioctl.c. This removes the internal CONFIG_VLAN_NETLINK define, i.e., this is now used only in build configuration (.config) to select whether to include the vlan_util.c (netlink) or vlan_ioctl.c (ioctl) implementation of the functions. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Add UDP support for ctrl_ifaceJanusz Dziedzic2016-03-051-1/+24
| | | | | | | | | | | | | | | Add UDP support for ctrl_iface: New config option could be set: CONFIG_CTRL_IFACE=udp CONFIG_CTRL_IFACE=udp-remote CONFIG_CTRL_IFACE=udp6 CONFIG_CTRL_IFACE=udp6-remote And hostapd_cli usage: hostapd_cli -i localhost:8877 Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* hostapd: Use common functions for ctrl_ifaceJanusz Dziedzic2016-03-051-0/+1
| | | | | | Use the common functions, structures when UNIX socket ctrl_iface used. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* MBO: Track STA cellular data capability from association requestJouni Malinen2016-02-221-0/+1
| | | | | | | | This makes hostapd parse the MBO attribute in (Re)Association Request frame and track the cellular data capability (mbo_cell_capa=<val> in STA control interface command). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Add MBO IE to Beacon, Probe Response, Association ResponseAvraham Stern2016-02-221-0/+4
| | | | | | | | | | | | | | | | | | Add MBO IE with AP capability attribute to Beacon, Probe Response, and (Re)Association Response frames to indicate the AP supports MBO. Add option to add Association Disallowed attribute to Beacon, Probe Response, and (Re)Association Response frames. Usage: SET mbo_assoc_disallow <reason code> Valid reason code values are between 1-5. Setting the reason code to 0 will remove the Association Disallowed attribute from the MBO IE and will allow new associations. MBO functionality is enabled by setting "mbo=1" in the config file. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* VLAN: Separate station grouping and uplink configurationMichael Braun2016-02-171-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Separate uplink configuration (IEEE 802.1q VID) and grouping of stations into AP_VLAN interfaces. The int vlan_id will continue to identify the AP_VLAN interface the station should be assigned to. Each AP_VLAN interface corresponds to an instance of struct hostapd_vlan that is uniquely identified by int vlan_id within an BSS. New: Each station and struct hostapd_vlan holds a struct vlan_description vlan_desc member that describes the uplink configuration requested. Currently this is just an int untagged IEEE 802.1q VID, but can be extended to tagged VLANs and other settings easily. When the station was about to be assigned its vlan_id, vlan_desc and vlan_id will now be set simultaneously by ap_sta_set_vlan(). So sta->vlan_id can still be tested for whether the station needs to be moved to an AP_VLAN interface. To ease addition of tagged VLAN support, a member notempty is added to struct vlan_description. Is is set to 1 if an untagged or tagged VLAN assignment is requested and needs to be validated. The inverted form allows os_zalloc() to initialize an empty description. Though not depended on by the code, vlan_id assignment ensures: * vlan_id = 0 will continue to mean no AP_VLAN interface * vlan_id < 4096 will continue to mean vlan_id = untagged vlan id with no per_sta_vif and no extra tagged vlan. * vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans. This way struct wpa_group and drivers API do not need to be changed in order to implement tagged VLANs or per_sta_vif support. DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only, thus grouping of the stations for per_sta_vif can be used with DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct hostapd_vlan is still used to manage AP_VLAN interfaces. MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will continue to refer to int vlan_id. Renaming vlan_id to vlan_desc when type changed from int to struct vlan_description was avoided when vlan_id was also used in a way that did not depend on its type (for example, when passed to another function). Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN %d" will refer to untagged IEEE 802.1q VID. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
* Implement kqueue(2) support via CONFIG_ELOOP_KQUEUERoy Marples2016-02-071-0/+4
| | | | | | | | | | | NOTE: kqueue has to be closed and re-build after forking. epoll *should* do the same, but it seems that wpa_supplicant doesn't need it at least. I have re-worked a little bit of the epoll code (moved into a similar kqueue function) so it's trivial to requeue epoll if needed in the future. Signed-off-by: Roy Marples <roy@marples.name>
* Clone default LIBS value to LIBS_* for other toolsJouni Malinen2015-12-281-0/+15
| | | | | | | | If LIBS is set with some global build system defaults, clone those for LIBS_c, LIBS_h, LIBS_n, and LIBS_p to cover wpa_cli, wpa_passphrase, hostapd_cli, hlr_auc_gw, and nt_password_hash as well. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* BoringSSL: Move OCSP implementation into a separate fileJouni Malinen2015-12-041-0/+1
| | | | | | | | This makes it easier to share the OCSP implementation needed for BoringSSL outside tls_openssl.c. For now, this is mainly for http_curl.c. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add SHA384 and SHA512 implementations from LibTomCrypt libraryPali Rohár2015-11-291-0/+12
| | | | | | | These will be used with the internal TLS implementation to extend hash algorithm support for new certificates and TLS v1.2. Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
* Add "git describe" based version string postfixJouni Malinen2015-10-161-0/+10
| | | | | | | | | | | | | | If hostapd or wpa_supplicant is built from a git repository, add a VERSION_STR postfix from the current git branch state. This is from "git describe --dirty=+". VERSION_STR will thus look something like "2.6-devel-hostap_2_5-132-g4363c0d+" for development builds from a modified repository. This behavior is enabled automatically if a build within git repository is detected (based on ../.git existing). This can be disabled with CONFIG_NO_GITVER=y in wpa_supplicant/.config and hostapd/.config. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix key derivation for Suite B 192-bit AKM to use SHA384Jouni Malinen2015-08-271-0/+1
| | | | | | | | | While the EAPOL-Key MIC derivation was already changed from SHA256 to SHA384 for the Suite B 192-bit AKM, KDF had not been updated similarly. Fix this by using HMAC-SHA384 instead of HMAC-SHA256 when deriving PTK from PMK when using the Suite B 192-bit AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add build option to remove all internal RC4 usesJouni Malinen2015-08-021-0/+8
| | | | | | | | | | | | The new CONFIG_NO_RC4=y build option can be used to remove all internal hostapd and wpa_supplicant uses of RC4. It should be noted that external uses (e.g., within a TLS library) do not get disabled when doing this. This removes capability of supporting WPA/TKIP, dynamic WEP keys with IEEE 802.1X, WEP shared key authentication, and MSCHAPv2 password changes. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Add CONFIG_TLS_ADD_DL=y build option for hostapdJouni Malinen2015-07-281-0/+4
| | | | | | | This behaves similarly to the same option in wpa_supplicant, i.e., adds -ldl when linking in libcrypto from OpenSSL. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Add SHA256 support in openssl_tls_prf() for TLSv1.2Jouni Malinen2015-07-281-0/+2
| | | | | | | | This is needed when enabling TLSv1.2 support for EAP-FAST since the SSL_export_keying_material() call does not support the needed parameters for TLS PRF and the external-to-OpenSSL PRF needs to be used instead. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Add build options for selecting eloop typeJouni Malinen2015-07-231-0/+8
| | | | | | | | This adds CONFIG_ELOOP_POLL=y and CONFIG_ELOOP_EPOLL=y options to hostapd build options similarly to how these were implemented for wpa_supplicant. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: Testing supportAnton Nayshtut2015-07-161-0/+3
| | | | | | This patch introduces infrastructure needed for FST module tests. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: Add build rules for hostapdAnton Nayshtut2015-07-161-0/+12
| | | | | | This patch integrates the FST into the hostapd. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Clear allocated debug message buffers explicitlyJouni Malinen2015-06-171-0/+1
| | | | | | | | | | | | When hostapd or wpa_supplicant is run in debug more with key material prints allowed (-K on the command line), it is possible for passwords and keying material to show up in debug prints. Since some of the debug cases end up allocating a temporary buffer from the heap for processing purposes, a copy of such password may remain in heap. Clear these temporary buffers explicitly to avoid causing issues for hwsim test cases that verify contents of memory against unexpected keys. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Fix some compilation errorsEliad Peller2015-03-291-0/+1
| | | | | | | | | | | | | | | If NEED_AP_MLME=y is not defined, compilation might fail under some configurations: src/ap/drv_callbacks.c:594:2: warning: implicit declaration of function ‘hostapd_acs_completed’ [-Wimplicit-function-declaration] src/ap/sta_info.c:253: undefined reference to `sae_clear_retransmit_timer' Fix these errors by adding the missing hostapd_acs_completed() stub, and defining NEED_AP_MLME in case of CONFIG_SAE. Signed-off-by: Eliad Peller <eliad@wizery.com>
* OpenSSL: Implement AES-128 CBC using EVP APIJouni Malinen2015-03-291-0/+2
| | | | | | | | This replaces the internal CBC mode implementation in aes_128_cbc_encrypt() and aes_128_cbc_decrypt() with the OpenSSL implementation for CONFIG_TLS=openssl builds. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix hlr_auc_gw build with OpenSSLJouni Malinen2015-03-201-0/+2
| | | | | | | | Commit 983c6a606bc839248ea0c69090e60c095a655bc6 ('OpenSSL: Replace internal HMAC-MD5 implementation') forgot to make inclusion of md5.o conditional for hlr_auc_gw build. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove SChannel supportJouni Malinen2015-03-181-11/+0
| | | | | | | | | SChannel/CryptoAPI as a TLS/crypto library alternative was never completed. Critical functionality is missing and there are bugs in this implementation. Since there are no known plans of completing this support, it is better to remove this code. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add a variable to handle extra CFLAGS valuesRoger Zanoni2015-01-311-0/+1
| | | | | | | | | | | | | Some packages don't install its headers in the default directory (e.g.: In Arch Linux libiberty and libn13 includes are installed) in their own subdirectory under /usr/include) and the build fails trying to find the headers. This patch will allow passing extra CFLAGS values without discarding the assignments made in the Makefile. The CFLAGS values in the Makefile are ignored, if defined directly in the make command line. Signed-off-by: Roger Zanoni <roger.zanoni@openbossa.org>
* OpenSSL: Implement aes_wrap() and aes_unwrap()Jouni Malinen2015-01-281-0/+4
| | | | | | | | This replaces the implementation in aes-wrap.c and aes-unwrap.c with OpenSSL AES_wrap_key() and AES_unwrap_key() functions when building hostapd or wpa_supplicant with OpenSSL. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OpenSSL: Replace internal HMAC-MD5 implementationJouni Malinen2015-01-281-3/+5
| | | | | | | Use OpenSSL HMAC_* functions to implement HMAC-MD5 instead of depending on the src/crypto/md5.c implementation. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add Suite B 192-bit AKMJouni Malinen2015-01-261-0/+5
| | | | | | | WPA-EAP-SUITE-B-192 can now be used to select 192-bit level Suite B into use as the key management method. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add HMAC-SHA384Jouni Malinen2015-01-261-0/+3
| | | | | | For now, this is only implemented with OpenSSL. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove Network Security Service (NSS) supportJouni Malinen2015-01-101-16/+0
| | | | | | | | | | NSS as a TLS/crypto library alternative was never completed and this barely functional code does not even build with the current NSS version. Taken into account that there has not been much interest in working on this crypto wrapper over the years, it is better to just remove this code rather than try to get it into somewhat more functional state. Signed-off-by: Jouni Malinen <j@w1.fi>
* Introduce common hw featuresJanusz Dziedzic2015-01-101-0/+1
| | | | | | Introduce wpa_supplicant/hostapd hw features. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* crypto: Clear temporary heap allocations before freeingJouni Malinen2015-01-061-0/+1
| | | | | | This reduces the time private keys may remain in heap memory after use. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add QUIET=1 option for makeJouni Malinen2014-12-291-0/+4
| | | | | | This can be used to reduce verbosity for build messages. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Make install path configurablePrashanth Bhatta2014-12-191-3/+6
| | | | | | | | | | Makefile always installs to /usr/local/bin and on some platforms, /usr/local/bin is not in default search path. Modify the Makefile such that bin path can be configurable so that build system can pass appropriate path for installation. If bin path is not specified then by default binaries are installed in /usr/local/bin. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* ERP: Add support for ERP on EAP server and authenticatorJouni Malinen2014-12-041-0/+9
| | | | | | | | | | | | | Derive rRK and rIK on EAP server if ERP is enabled and use these keys to allow EAP re-authentication to be used and to derive rMSK. The new hostapd configuration parameter eap_server_erp=1 can now be used to configure the integrated EAP server to derive EMSK, rRK, and rIK at the successful completion of an EAP authentication method. This functionality is not included in the default build and can be enabled with CONFIG_ERP=y. Signed-off-by: Jouni Malinen <j@w1.fi>
* proxyarp: Use C library header files and CONFIG_IPV6Jouni Malinen2014-11-251-0/+2
| | | | | | | | | | | This replaces the use of Linux kernel header files (linux/ip.h, linux/udp.h, linux/ipv6.h, and linux/icmpv6.h) with equivalent header files from C library. In addition, ndisc_snoop.c is now built conditionally on CONFIG_IPV6=y so that it is easier to handle hostapd builds with toolchains that do not support IPv6 even if Hotspot 2.0 is enabled in the build. Signed-off-by: Jouni Malinen <j@w1.fi>
* AP: Add Neighbor Discovery snooping mechanism for Proxy ARPKyeyoon Park2014-11-191-0/+1
| | | | | | | | This commit establishes the infrastructure, and handles the Neighbor Solicitation and Neighbor Advertisement frames. This will be extended in the future to handle other frames. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* AP: Add a generic "x_snoop" infrastructure for Proxy ARPKyeyoon Park2014-11-191-0/+1
| | | | Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* Suite B: PMKID derivation for AKM 00-0F-AC:11Jouni Malinen2014-11-161-0/+6
| | | | | | | | | The new AKM uses a different mechanism of deriving the PMKID based on KCK instead of PMK. hostapd was already doing this after the KCK had been derived, but wpa_supplicant functionality needs to be moved from processing of EAPOL-Key frame 1/4 to 3/4 to have the KCK available. Signed-off-by: Jouni Malinen <j@w1.fi>
* AP: Add support for Proxy ARP, DHCP snooping mechanismKyeyoon Park2014-10-271-0/+10
| | | | | | | | | | | | | | | | | | | | Proxy ARP allows the AP devices to keep track of the hardware address to IP address mapping of the STA devices within the BSS. When a request for such information is made (i.e., ARP request, Neighbor Solicitation), the AP will respond on behalf of the STA device within the BSS. Such requests could originate from a device within the BSS or also from the bridge. In the process of the AP replying to the request (i.e., ARP reply, Neighbor Advertisement), the AP will drop the original request frame. The relevant STA will not even know that such information was ever requested. This feature is a requirement for Hotspot 2.0, and is defined in IEEE Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly resides in the kernel bridge code, in order to optimize the performance and simplify kernel implementation, the DHCP snooping code was added to the hostapd. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* AP: Add support for BSS load element (STA Count, Channel Utilization)Kyeyoon Park2014-10-211-0/+1
| | | | | | | | | | | | | | | The new "bss_load_update_period" parameter can be used to configure hostapd to advertise its BSS Load element in Beacon and Probe Response frames. This parameter is in the units of BUs (Beacon Units). When enabled, the STA Count and the Channel Utilization value will be updated periodically in the BSS Load element. The AAC is set to 0 sinze explicit admission control is not supported. Channel Utilization is calculated based on the channel survey information from the driver and as such, requires a driver that supports providing that information for the current operating channel. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
* WPS: Enable WSC 2.0 support unconditionallyJouni Malinen2014-03-251-4/+0
| | | | | | | | | There is not much point in building devices with WPS 1.0 only supported nowadays. As such, there is not sufficient justification for maintaining extra complexity for the CONFIG_WPS2 build option either. Remove this by enabling WSC 2.0 support unconditionally. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Use internal FIPS 186-2 PRF if neededJouni Malinen2014-03-111-2/+4
| | | | | | | | | | | | Previously, EAP-SIM/AKA/AKA' did not work with number of crypto libraries (GnuTLS, CryptoAPI, NSS) since the required FIPS 186-2 PRF function was not implemented. This resulted in somewhat confusing error messages since the placeholder functions were silently returning an error. Fix this by using the internal implementation of FIP 186-2 PRF (including internal SHA-1 implementation) with crypto libraries that do not implement this in case EAP-SIM/AKA/AKA' is included in the build. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* HS 2.0R2: Add common OSEN definitionsJouni Malinen2014-02-251-0/+4
| | | | Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Add a module test integration to hwsim testsJouni Malinen2014-02-211-0/+5
| | | | | | | | | | | | CONFIG_MODULE_TESTS=y build option can now be used to build in module tests into hostapd and wpa_supplicant binaries. These test cases will be used to get better testing coverage for various details that are difficult to test otherwise through the control interface control. A single control interface command is used to executed these tests within the hwsim test framework. This commit adds just the new mechanism, but no module tests are yet integrated into this mechanism. Signed-off-by: Jouni Malinen <j@w1.fi>