path: root/hostapd
Commit message (Collapse)AuthorAgeFilesLines
* Allow wpa_cli/hostapd_cli client socket directory to be specifiedManikandan Mohan2015-09-011-2/+15
| | | | | | | | | This adds a new helper function wpa_ctrl_open2() that can be used instead of wpa_ctrl_open() to override the default client socket directory. Add optional -s<directory path> argument to hostapd_cli and wpa_cli to allow the client socket directory to be specified. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix key derivation for Suite B 192-bit AKM to use SHA384Jouni Malinen2015-08-272-0/+2
| | | | | | | | | While the EAPOL-Key MIC derivation was already changed from SHA256 to SHA384 for the Suite B 192-bit AKM, KDF had not been updated similarly. Fix this by using HMAC-SHA384 instead of HMAC-SHA256 when deriving PTK from PMK when using the Suite B 192-bit AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP server: Add tls_session_lifetime configurationJouni Malinen2015-08-232-0/+8
| | | | | | | | | | This new hostapd configuration parameter can be used to enable TLS session resumption. This commit adds the configuration parameter through the configuration system and RADIUS/EAPOL/EAP server components. The actual changes to enable session caching will be addressed in followup commits. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove unnecessary NULL check from LOG_LEVEL handlerJouni Malinen2015-08-211-1/+1
| | | | | | | cmd cannot be NULL here, so there is no need to check it before calling os_strlen(). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Add testing option to override own WPA/RSN IE(s)Jouni Malinen2015-08-081-0/+18
| | | | | | | | This allows the new own_ie_override=<hexdump> configuration parameter to be used to replace the normally generated WPA/RSN IE(s) for testing purposes in CONFIG_TESTING_OPTIONS=y builds. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Add support to configure debug log level at runtimeSrinivas Dasari2015-08-032-0/+69
| | | | | | | | Add support to read/configure log_level using hostapd control interface LOG_LEVEL command similarly to what was already supported in wpa_supplicant. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add build option to remove all internal RC4 usesJouni Malinen2015-08-022-0/+14
| | | | | | | | | | | | The new CONFIG_NO_RC4=y build option can be used to remove all internal hostapd and wpa_supplicant uses of RC4. It should be noted that external uses (e.g., within a TLS library) do not get disabled when doing this. This removes capability of supporting WPA/TKIP, dynamic WEP keys with IEEE 802.1X, WEP shared key authentication, and MSCHAPv2 password changes. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Add CONFIG_TLS_ADD_DL=y build option for hostapdJouni Malinen2015-07-281-0/+4
| | | | | | | This behaves similarly to the same option in wpa_supplicant, i.e., adds -ldl when linking in libcrypto from OpenSSL. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Add SHA256 support in openssl_tls_prf() for TLSv1.2Jouni Malinen2015-07-282-0/+4
| | | | | | | | This is needed when enabling TLSv1.2 support for EAP-FAST since the SSL_export_keying_material() call does not support the needed parameters for TLS PRF and the external-to-OpenSSL PRF needs to be used instead. Signed-off-by: Jouni Malinen <j@w1.fi>
* FST: Do not replace previous attachmentJouni Malinen2015-07-251-0/+4
| | | | | | | | hapd->iface->fst must not be overridden if it is already pointing to FST instance. Without this, duplicated FST-ATTACH could result in memory leak and process termination. Signed-off-by: Jouni Malinen <j@w1.fi>
* FST: Use -EINVAL instead of EINVAL as return valueJouni Malinen2015-07-251-2/+2
| | | | | | This is more consistent with other error cases. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Add build options for selecting eloop typeJouni Malinen2015-07-234-0/+29
| | | | | | | | This adds CONFIG_ELOOP_POLL=y and CONFIG_ELOOP_EPOLL=y options to hostapd build options similarly to how these were implemented for wpa_supplicant. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Mark config parameter name constJouni Malinen2015-07-213-7/+8
| | | | | | | | | The functions parsing configuration parameters do not modify the name of the parameter, so mark that function argument constant. In theory, the value should also be const, but at least for now, number of the parser functions end up modifying this to simplify parsing. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Add DUP_NETWORK global control interface commandAnton Nayshtut2015-07-211-0/+116
| | | | | | | | | | | | | | | | | | | | | | This adds a new global control interface command DUP_NETWORK with the following syntax: DUP_NETWORK src_ifname dst_ifname param The currently supported parameters: wpa wpa_key_mgmt wpa_pairwise rsn_pairwise wpa_passphrase wpa_psk The specified configuration parameter is copied from the source interface to the destination interface. The main use for this is to allow cloning of security configuration without having to expose the keys from the hostapd process. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Introduce hostapd_ctrl_iface_get_key_mgmt()Anton Nayshtut2015-07-211-70/+92
| | | | | | This function will be used in DUP_NETWORK command implementation. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Introduce hostapd_interfaces_get_hapd()Anton Nayshtut2015-07-211-10/+22
| | | | | | This function will be used in DUP_NETWORK command implementation. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add shared periodic cleanup function for AP modeJouni Malinen2015-07-201-0/+26
| | | | | | | | | This new mechanism can be used to combine multiple periodic AP (including P2P GO) task into a single eloop timeout to minimize number of wakeups for the process. hostapd gets its own periodic caller and wpa_supplicant uses the previously added timer to trigger these calls. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hlr_auc_gw: Hide a bogus static analyzer warningJouni Malinen2015-07-181-8/+8
| | | | | | | | | | For some reason, snprintf() was not seen as sufficient to remove potentially tainted string from fgets() before passing this to rename(). This does not make much sense, but anyway, try to get rid of the warning by using a separate buffer for the internally written file names. (CID 72690) Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Add current wpa parameter into GET_CONFIG outputMohammed Shafi Shajakhan2015-07-171-0/+7
| | | | | | | This can be used, e.g., by an action script to update new WPS settings for the AP. Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com>
* hostapd_cli: Allow PID file to be specifiedMohammed Shafi Shajakhan2015-07-171-2/+5
| | | | | | | This can help when running multiple hostapd_cli instances per interface and need to kill them correspondingly. Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com>
* hostapd: Extend the sounding and BF steering capabilitiesVivek Natarajan2015-07-172-2/+16
| | | | | | | Depending on the number of antennas, the txbf sounding and steering capabilites need to be extended. Signed-off-by: Vivek Natarajan <nataraja@qti.qualcomm.com>
* FST: Clear hostapd fst_ies on FST-DETACH to avoid use of freed memoryJouni Malinen2015-07-171-0/+1
| | | | | | | This is needed in the corner case of FST-DETACH being used without stopping the AP instance. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Document hostapd ft_over_ds configuration parameterJouni Malinen2015-07-171-0/+5
| | | | | | This had been forgotten from hostapd.conf. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Add global to local control interface redirectionAnton Nayshtut2015-07-161-0/+47
| | | | | | | | | This patch implements global to local control interface redirection in the same way as it's done for wpa_supplicant. Any global control interface command beginning with "IFNAME=..." will be routed to the corresponding local control interface handler. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Add hostapd_ctrl_iface_receive_process()Anton Nayshtut2015-07-161-36/+53
| | | | | | | The newly introduced function will be used in followup commits to handle requests redirected from the global control interface. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: Testing supportAnton Nayshtut2015-07-163-0/+9
| | | | | | This patch introduces infrastructure needed for FST module tests. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: Add hostapd_cli fst commandAnton Nayshtut2015-07-161-0/+32
| | | | | | This can be used to issue FST-MANAGER control interface commands. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: Add build rules for hostapdAnton Nayshtut2015-07-164-0/+31
| | | | | | This patch integrates the FST into the hostapd. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: hostapd control interfaceAnton Nayshtut2015-07-161-0/+64
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: Integration into hostapdAnton Nayshtut2015-07-161-0/+14
| | | | | | This commit integrates the FST into the hostapd. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: hostapd configuration parametersAnton Nayshtut2015-07-162-0/+84
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Global control interface notificationsAnton Nayshtut2015-07-162-10/+109
| | | | | | | | | | This commit implements hostapd global control interface notifications infrastructure. hostapd global control interface clients issue ATTACH/DETACH commands to register and deregister with hostapd correspondingly - the same way as for any other hostapd/wpa_supplicant control interface. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add EAPOL_SET hostapd command to configure EAPOL parametersJouni Malinen2015-07-121-0/+26
| | | | | | | | This new control interface command "EAPOL_REAUTH <MAC address> <parameter> <value>" can be used to implement the IEEE 802.1X PAE Set Authenticator Configuration operation. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add EAPOL_REAUTH hostapd command to trigger EAPOL reauthenticationJouni Malinen2015-07-121-0/+22
| | | | | | | This new control interface command "EAPOL_REAUTH <MAC address>" can be used to implement the IEEE 802.1X PAE Reauthenticate operation. Signed-off-by: Jouni Malinen <j@w1.fi>
* DATA_TEST_TX: Avoid ubsan warning on 0x80<<24 not fitting in intJouni Malinen2015-07-071-2/+2
| | | | | | | Use unsigned constant instead of signed to avoid warning with the LSB being set in an int. Signed-off-by: Jouni Malinen <j@w1.fi>
* Avoid misaligned IPv4 header accesses in DATA_TEST_* commandsJouni Malinen2015-07-071-9/+9
| | | | | | | | The IPv4 header after the Ethernet header is not 32-bit aligned and the previous version ended up accessing 32-bit members at misaligned addresses. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add backtrace-based error path testing mechanismJouni Malinen2015-06-291-0/+44
| | | | | | | | | | | | | | | | The new TEST_FAIL and GET_FAIL control interface commands can be used similarly to the earlier TEST_ALLOC_FAIL/GET_ALLOC_FAIL design. The new version is more generic framework allowing any function to be annotated for failure testing with the TEST_FAIL() macro. This mechanism is only available in builds with CONFIG_WPA_TRACE_BFD=y and CONFIG_TESTING_OPTIONS=y. For other builds, the TEST_FAIL() macro is defined to return 0 to allow the compiler to remove the test code from normal production builds. As the first test site, allow os_get_random() to be marked for failing based on call backtrace. Signed-off-by: Jouni Malinen <j@w1.fi>
* AP: Increase maximum value accepted for cwmin/cwmaxJouni Malinen2015-06-272-5/+9
| | | | | | | | The cwmin/cwmax parameters were limited more than is needed. Allow the full range (0..15 for wmm_ac_??_{cwmin,cwmax} and 1..32767 for tx_queue_data?_{cwmin,cwmax}) to be used. Signed-off-by: Jouni Malinen <j@w1.fi>
* Android: Rename ANDROID_P2P_STUB to ANDROID_LIB_STUBKevin Cernekee2015-06-261-1/+2
| | | | | | | | | | If BOARD_HOSTAPD_PRIVATE_LIB is not used on an Android build, we will need to replace both the p2p functions *and* wpa_driver_nl80211_driver_cmd in order to successfully link. Let's make the name more generic so it is more obvious what it is used for. Suggested-by: Dmitry Shmidt <dimitrysh@google.com> Signed-off-by: Kevin Cernekee <cernekee@google.com>
* Clear allocated debug message buffers explicitlyJouni Malinen2015-06-172-0/+2
| | | | | | | | | | | | When hostapd or wpa_supplicant is run in debug more with key material prints allowed (-K on the command line), it is possible for passwords and keying material to show up in debug prints. Since some of the debug cases end up allocating a temporary buffer from the heap for processing purposes, a copy of such password may remain in heap. Clear these temporary buffers explicitly to avoid causing issues for hwsim test cases that verify contents of memory against unexpected keys. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Document the wpa_msg_cb "global" parameterJouni Malinen2015-06-101-1/+2
| | | | | | | | Instead of an int variable with magic values 0, 1, 2, use an enum that gives clearer meaning to the values now that the original boolean type global argument is not really a boolean anymore. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove [MU-BEAMFORMEE] option from hostapd vht_capab parameterJouni Malinen2015-06-102-7/+0
| | | | | | | | The standard hardcodes the MU Beamformee Capable subfield is hardcoded to 0 when transmitting by an AP, so there is no need to provide a configuration parameter for setting this to one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix spelling of initialize in a comment and an error messageJouni Malinen2015-06-101-1/+1
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Extend hw_mode to support any band for offloaded ACS casePeng Xu2015-05-272-1/+5
| | | | | | | | | When device supports dual band operations with offloaded ACS, hw_mode can now be set to any band (hw_mode=any) in order to allow ACS to select the best channel from any band. After a channel is selected, the hw_mode is updated for hostapd. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Increase DH key size in the hostapd.conf exampleJouni Malinen2015-05-241-1/+1
| | | | | | | | OpenSSL is moving to use 2048-bit DH key size as the default with dhparam. Increase the value in the hostapd.conf to match that to reduce likelihood of ending up using a shorter key. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Add support for 60 GHz bandHamad Kadmany2015-04-272-2/+4
| | | | | | | | Handling of WPS RF band for 60 GHz was missing. Add it in all relevant places and also map "AES" as the cipher to GCMP instead of CCMP when operating on the 60 GHz band. Signed-off-by: Hamad Kadmany <qca_hkadmany@qca.qualcomm.com>
* Make IPv6 NA multicast-to-unicast conversion configurableJouni Malinen2015-04-272-0/+9
| | | | | | | | | | | This can be used with Proxy ARP to allow multicast NAs to be forwarded to associated STAs using link layer unicast delivery. This used to be hardcoded to be enabled, but it is now disabled by default and can be enabled with na_mcast_to_ucast=1. This functionality may not be desired in all networks and most cases work without it, so the new default-to-disabled is more appropriate. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Declare all read only data structures as constMikael Kanstrup2015-04-251-6/+6
| | | | | | | | By analysing objdump output some read only structures were found in .data section. To help compiler further optimize code declare these as const. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
* Replace HOSTAPD_MAX_SSID_LEN with SSID_MAX_LENJouni Malinen2015-04-221-3/+3
| | | | | | This makes source code more consistent. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Use SSID_MAX_LEN define instead of value 32 when comparing SSID lengthJouni Malinen2015-04-221-2/+3
| | | | | | This makes the implementation easier to understand. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>