path: root/hostapd
Commit message (Collapse)AuthorAgeFilesLines
* FST: Fix a compiler warningJouni Malinen2016-03-201-1/+2
| | | | | | | | | FST_MAX_PRIO_VALUE is unsigned (u32) and some gcc versions warning about comparisong to long int val at least on 32-bit builds. Get rid of this warning by type casesing val to unsigned long int after having verified that it is positive. Signed-off-by: Jouni Malinen <j@w1.fi>
* PMKSA: Flush AP/mesh PMKSA cache by PMKSA_FLUSH commandMasashi Honma2016-03-202-0/+10
| | | | | | | | | This extends the wpa_supplicant PMKSA_FLUSH control interface command to allow the PMKSA list from the authenticator side to be flushed for AP and mesh mode. In addition, this adds a hostapd PMKSA_FLUSH control interface command to flush the PMKSA entries. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* PMKSA: Show AP/mesh PMKSA list in PMKSA commandMasashi Honma2016-03-202-0/+10
| | | | | | | | | This extends the wpa_supplicant PMKSA control interface command to allow the PMKSA list from the authenticator side to be listed for AP and mesh mode. In addition, this adds a hostapd PMKSA control interface command to show the same list for the AP case. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* hostapd: Use ifname of the current context in debug messagesEliad Peller2016-03-061-3/+2
| | | | | | | In case of multiple BSS configuration, return the current interface name, instead of the first one. Signed-off-by: Eliad Peller <eliad@wizery.com>
* hostapd: Allow use of driver-generated interface addressesEliad Peller2016-03-062-0/+6
| | | | | | | | | Add a new 'use_driver_iface_addr' configuration parameter to allow use of the default interface address generated by the driver on interface creation. This can be useful when specific MAC addresses were allocated to the device and we want to use them for multi-BSS operation. Signed-off-by: Eliad Peller <eliad@wizery.com>
* hostapd: Add global TERMINATE commandJanusz Dziedzic2016-03-051-0/+2
| | | | | | This will terminate the hostapd process. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* hostapd: Add INTERFACES ctrl_iface commandJanusz Dziedzic2016-03-051-0/+48
| | | | | | | | | | Return a list of the available interfaces (the main BSS) and optionally with ctrl_iface when the optional "ctrl" parameter is included. This is useful when using UDP ctrl_iface and add interfaces using the ADD command. After that we need to know which UDP port was assigned for the control interface for the added interface. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* hostapd: Update ctrl_interface for UDP to include the selected portJanusz Dziedzic2016-03-051-0/+7
| | | | | | | | Set up the real ctrl_interface for UDP after having selected the port. This is in format: udp:<port_no>. This is needed to get accurate interface <-> udp_port mapping. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* hostapd: Allow UDP ctrl_iface configuration to set the UDP portJanusz Dziedzic2016-03-052-2/+30
| | | | | | | | | | | | | This allows the UDP port to be set for the per-interface and global control interfaces. The format is: udp:<port_no> For example: hostapd -ddt -g udp:8888 And in the configuration file: ctrl_interface=udp:8877 Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* hostapd: Add UDP support for ctrl_ifaceJanusz Dziedzic2016-03-053-8/+292
| | | | | | | | | | | | | | | Add UDP support for ctrl_iface: New config option could be set: CONFIG_CTRL_IFACE=udp CONFIG_CTRL_IFACE=udp-remote CONFIG_CTRL_IFACE=udp6 CONFIG_CTRL_IFACE=udp6-remote And hostapd_cli usage: hostapd_cli -i localhost:8877 Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* ctrl_iface_common: Use sockaddr_storage instead of sockaddr_unJanusz Dziedzic2016-03-051-12/+11
| | | | | | | This is a step towards allowing UDP sockets to be used with the common implementation. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* hostapd: Use common functions for ctrl_ifaceJanusz Dziedzic2016-03-054-124/+22
| | | | | | Use the common functions, structures when UNIX socket ctrl_iface used. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* Android: Remove superfluous OpenSSL include pathsAdam Langley2016-03-031-1/+0
| | | | | | | | The libcrypto and libssl modules (and their respective static and host versions) use LOCAL_EXPORT_C_INCLUDE_DIRS thus just including the module is sufficient. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* Document nas_identifier requirements for RADIUS accountingJouni Malinen2016-02-281-3/+15
| | | | | | | nas_identifier needs to be set to a unique value for RADIUS accounting to work properly. This needs to be unique for each BSS. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Use BSSID as r1_key_holder if no value is configuredMichael Braun2016-02-281-0/+1
| | | | | | | | | | | | | | | | | | | r1_key_holder is an identifier that was always set to zero if unless configured before. See of IEEE Std 802.11-2012 which reads "R1KH-ID is a MAC address of the holder of the PMK-R1 in the Authenticator of the AP" See 12.2.2 of IEEE Std 802.11-2012 which reads "Each R0KH-ID and R1KH-ID is assumed to be expressed as a unique identifier within the mobility domain." "The R1KH-ID shall be set to a MAC address of the physical entity that stores the PMK-R1 ..." Defaulting this to BSSID is a more reasonable value since we have not rejected the missing r1_key_holder as invalid configuration. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
* hostapd_cli: Add support for RAW commandDedy Lansky2016-02-221-0/+55
| | | | | | | Same as for wpa_cli, RAW command is a passthrough to hostapd control interface. Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
* MBO: Track STA cellular data capability from association requestJouni Malinen2016-02-222-0/+2
| | | | | | | | This makes hostapd parse the MBO attribute in (Re)Association Request frame and track the cellular data capability (mbo_cell_capa=<val> in STA control interface command). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Add MBO IE to BSS Transition Management Request frameAvraham Stern2016-02-221-1/+59
| | | | | | | | | | | | | | | | Add an option to add MBO IE to BSS Transition Management Request frame. The MBO IE includes the transition reason code, cellular data connection preference, and, if the disassoc imminent bit is set, it may also include re-association retry delay. Otherwise, the re-association retry delay should be set to zero. The additional BSS_TM_REQ argument uses the following format: mbo=<reason>:<reassoc delay>:<cell pref> reason: 0-9 reassoc delay: 0-65535 (seconds; 0 = disabled) cell pref: 0, 1, 255 Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* hostapd: Add MBO IE to Beacon, Probe Response, Association ResponseAvraham Stern2016-02-226-0/+41
| | | | | | | | | | | | | | | | | | Add MBO IE with AP capability attribute to Beacon, Probe Response, and (Re)Association Response frames to indicate the AP supports MBO. Add option to add Association Disallowed attribute to Beacon, Probe Response, and (Re)Association Response frames. Usage: SET mbo_assoc_disallow <reason code> Valid reason code values are between 1-5. Setting the reason code to 0 will remove the Association Disallowed attribute from the MBO IE and will allow new associations. MBO functionality is enabled by setting "mbo=1" in the config file. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* ctype functions require an unsigned charRoy Marples2016-02-181-2/+2
| | | | | | | | Ensure that characters are represented as unsigned char when using isblank() and isspace(). These function take in a "int c" argument, but it needs to be unsigned for the cases where EOF is not indicated. Signed-off-by: Roy Marples <roy@marples.name>
* Add CONFIG_ELOOP_KQUEUE to defconfigRoy Marples2016-02-181-0/+3
| | | | Signed-off-by: Roy Marples <roy@marples.name>
* VLAN: Add per-STA vif optionMichael Braun2016-02-172-0/+13
| | | | | | | | This allows the stations to be assigned to their own vif. It does not need dynamic_vlan to be set. Make hostapd call ap_sta_set_vlan even if !vlan_desc.notempty, so vlan_id can be assigned regardless. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
* VLAN: Separate station grouping and uplink configurationMichael Braun2016-02-174-4/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Separate uplink configuration (IEEE 802.1q VID) and grouping of stations into AP_VLAN interfaces. The int vlan_id will continue to identify the AP_VLAN interface the station should be assigned to. Each AP_VLAN interface corresponds to an instance of struct hostapd_vlan that is uniquely identified by int vlan_id within an BSS. New: Each station and struct hostapd_vlan holds a struct vlan_description vlan_desc member that describes the uplink configuration requested. Currently this is just an int untagged IEEE 802.1q VID, but can be extended to tagged VLANs and other settings easily. When the station was about to be assigned its vlan_id, vlan_desc and vlan_id will now be set simultaneously by ap_sta_set_vlan(). So sta->vlan_id can still be tested for whether the station needs to be moved to an AP_VLAN interface. To ease addition of tagged VLAN support, a member notempty is added to struct vlan_description. Is is set to 1 if an untagged or tagged VLAN assignment is requested and needs to be validated. The inverted form allows os_zalloc() to initialize an empty description. Though not depended on by the code, vlan_id assignment ensures: * vlan_id = 0 will continue to mean no AP_VLAN interface * vlan_id < 4096 will continue to mean vlan_id = untagged vlan id with no per_sta_vif and no extra tagged vlan. * vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans. This way struct wpa_group and drivers API do not need to be changed in order to implement tagged VLANs or per_sta_vif support. DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only, thus grouping of the stations for per_sta_vif can be used with DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct hostapd_vlan is still used to manage AP_VLAN interfaces. MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will continue to refer to int vlan_id. Renaming vlan_id to vlan_desc when type changed from int to struct vlan_description was avoided when vlan_id was also used in a way that did not depend on its type (for example, when passed to another function). Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN %d" will refer to untagged IEEE 802.1q VID. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
* Implement kqueue(2) support via CONFIG_ELOOP_KQUEUERoy Marples2016-02-071-0/+4
| | | | | | | | | | | NOTE: kqueue has to be closed and re-build after forking. epoll *should* do the same, but it seems that wpa_supplicant doesn't need it at least. I have re-worked a little bit of the epoll code (moved into a similar kqueue function) so it's trivial to requeue epoll if needed in the future. Signed-off-by: Roy Marples <roy@marples.name>
* eloop: Add eloop_sock_requeue()Roy Marples2016-02-072-4/+11
| | | | | | | This function can be used to re-build eloop socket tables after forking for eloop implementations that need this. Signed-off-by: Roy Marples <roy@marples.name>
* Add more hostapd.conf documentation for hw_mode with HT/VHTJouni Malinen2016-01-061-5/+9
| | | | | | | Try to make it more obvious that hw_mode=a needs to be used with HT and VHT when using the 5 GHz band. Signed-off-by: Jouni Malinen <j@w1.fi>
* Update copyright notices for the new year 2016Jouni Malinen2016-01-014-7/+7
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Clone default LIBS value to LIBS_* for other toolsJouni Malinen2015-12-281-0/+15
| | | | | | | | If LIBS is set with some global build system defaults, clone those for LIBS_c, LIBS_h, LIBS_n, and LIBS_p to cover wpa_cli, wpa_passphrase, hostapd_cli, hlr_auc_gw, and nt_password_hash as well. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Server configuration for OCSP stapling with ocsp_multi (RFC 6961)Jouni Malinen2015-12-222-0/+8
| | | | | | | | | | | This adds a new hostapd configuration parameter ocsp_stapling_response_multi that can be used similarly to the existing ocsp_stapling_response, but for the purpose of providing multiple cached OCSP responses. This commit adds only the configuration parameter, but does not yet add support for this mechanism with any of the supported TLS implementations. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hlr_auc_gw: Simplify string parsers with str_token()Jouni Malinen2015-12-181-93/+40
| | | | | | The helper function allows these string parsers to be made much simpler. Signed-off-by: Jouni Malinen <j@w1.fi>
* hlr_auc_gw: Fix a typo in an error messageJouni Malinen2015-12-181-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* hlr_auc_gw: Remove unnecessary assignmentJouni Malinen2015-12-181-1/+0
| | | | | | | The pos variable is not used after the final parsed item, so no need to set it here. Signed-off-by: Jouni Malinen <j@w1.fi>
* Use proper build config for parsing proxy_arpMatt Woods2015-12-051-2/+4
| | | | | | | | | | In the definition of struct hostapd_bss_config, proxy_arp isn't affected by the macro CONFIG_HS20. In addition, proxy_arp is not described in the section of Hotspot 2.0 in the file hostapd.conf. The item proxy_arp should be decided its action area by the macro CONFIG_PROXYARP which is used to select whether the needed function gets included in the build. Signed-off-by: Matt Woods <matt.woods@aliyun.com>
* BoringSSL: Move OCSP implementation into a separate fileJouni Malinen2015-12-042-0/+2
| | | | | | | | This makes it easier to share the OCSP implementation needed for BoringSSL outside tls_openssl.c. For now, this is mainly for http_curl.c. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add SHA384 and SHA512 implementations from LibTomCrypt libraryPali Rohár2015-11-292-0/+24
| | | | | | | These will be used with the internal TLS implementation to extend hash algorithm support for new certificates and TLS v1.2. Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
* eap_sim_db: Implement eap_sim_db_expire_pending()Frederic Leroy2015-10-312-0/+7
| | | | | | | Expire pending DB request for EAP-SIM/AKA/AKA'. Timeout defaults to 1 second and is user configurable in hostapd.conf (eap_sim_db_timeout). Signed-off-by: Frederic Leroy <frederic.leroy@b-com.com>
* Allow -1 as value to disable frag_thresholdMatthias May2015-10-282-4/+6
| | | | | | | To be consistent with the internal representation of how to disable framentation, allow -1 as a value to disable it in configuration. Signed-off-by: Matthias May <matthias.may@neratec.com>
* Extend the range of values for the RTS thresholdMatthias May2015-10-282-3/+3
| | | | | | | | Since we have HT rates the maximum framesize is no longer 2346. The usual maximum size of an A-MPDU is 65535. To disable RTS, the value -1 is already internally used. Allow it in the configuration parameter. Signed-off-by: Matthias May <matthias.may@neratec.com>
* hostapd: Add feature to start all interfaces at the same time in syncSrinivasa Duvvuri2015-10-281-1/+8
| | | | | | | | | | | | | | | | | | | | When multiple interfaces across mutiple radios are started using a single instance of hostapd, they all come up at different times depending upon how long the ACS and HT scan take on each radio. This will result in stations (that already have the AP profile) associating with the first interfaces that comes up. For example in a dual band radio case (2G and 5G) with ACS enabled, 2G always comes up first because the ACS scan takes less time on 2G and this results in all stations associating with the 2G interface first. This feature brings up all the interfaces at the same time. The list of interfaces specified via hostapd.conf files on the command line are all marked as sync interfaces. All the interfaces are synchronized in hostapd_setup_interface_complete(). This feature is turned on with '-S' commmand line option. Signed-off-by: Srinivasa Duvvuri <sduvvuri@chromium.org>
* Option to reduce Probe Response frame responses during max STAJouni Malinen2015-10-172-0/+9
| | | | | | | | | | | The new hostapd configuration parameter no_probe_resp_if_max_sta=1 can be used to request hostapd not to reply to broadcast Probe Request frames from unassociated STA if there is no room for additional stations (max_num_sta). This can be used to discourage a STA from trying to associate with this AP if the association would be rejected due to maximum STA limit. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add "git describe" based version string postfixJouni Malinen2015-10-161-0/+10
| | | | | | | | | | | | | | If hostapd or wpa_supplicant is built from a git repository, add a VERSION_STR postfix from the current git branch state. This is from "git describe --dirty=+". VERSION_STR will thus look something like "2.6-devel-hostap_2_5-132-g4363c0d+" for development builds from a modified repository. This behavior is enabled automatically if a build within git repository is detected (based on ../.git existing). This can be disabled with CONFIG_NO_GITVER=y in wpa_supplicant/.config and hostapd/.config. Signed-off-by: Jouni Malinen <j@w1.fi>
* Increase the maximum hostapd.conf line length to 4096 bytesJouni Malinen2015-10-081-1/+1
| | | | | | | | | It was already possible to use longer values through the control interface SET command, but the configuration file parser was still limited to 512 byte lines. Increase this to 4096 bytes since some of the configuration parameters (e.g., anqp_elem) can be longer. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Add support for configuring arbitrary ANQP-elementsJouni Malinen2015-10-072-0/+62
| | | | | | | | | | | | | | | | | | The new hostapd configuration parameter anqp_elem can now be used to configure arbitrary ANQP-elements for the GAS/ANQP server. In addition to supporting new elements, this can be used to override previously supported elements if some special values are needed (mainly for testing purposes). The parameter uses following format: anqp_elem=<InfoID>:<hexdump of payload> For example, AP Geospatial Location ANQP-element with unknown location: anqp_elem=265:0000 and AP Civic Location ANQP-element with unknown location: anqp_elem=266:000000 Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix couple of typos in hostapd.conf fileManeesh Jain2015-10-061-4/+4
| | | | Signed-off-by: Maneesh Jain <maneesh.jain@samsung.com>
* hostapd: Add testing option to use only ECSAJohannes Berg2015-10-032-0/+6
| | | | | | | | Some APs don't include a CSA IE when an ECSA IE is generated, and mac80211 used to fail following their channel switch. Add a testing option to hostapd to allow reproducing the behavior. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* nl80211: Add build option for QCA vendor extensionsJouni Malinen2015-10-012-0/+6
| | | | | | | This allows the binary sizes to be reduced if no support for nl80211 vendor extensions are needed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add ChangeLog entries for v2.5Jouni Malinen2015-09-271-0/+36
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Add option to reject authentication on 2.4 GHz from dualband STAJouni Malinen2015-09-052-0/+16
| | | | | | | | | | | | | | | | | | The new no_auth_if_seen_on=<ifname> parameter can now be used to configure hostapd to reject authentication from a station that was seen on another radio. This can be used with enabled track_sta_max_num configuration on another interface controlled by the same hostapd process to reject authentication attempts from a station that has been detected to be capable of operating on another band, e.g., to try to reduce likelihood of the station selecting a 2.4 GHz BSS when the AP operates both a 2.4 GHz and 5 GHz BSS concurrently. Note: Enabling this can cause connectivity issues and increase latency for connecting with the AP. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add option to ignore Probe Request frames on 2.4 GHz from dualband STAJouni Malinen2015-09-052-0/+18
| | | | | | | | | | | | | | | | | | | The new no_probe_resp_if_seen_on=<ifname> parameter can now be used to configure hostapd to not reply to group-addressed Probe Request from a station that was seen on another radio. This can be used with enabled track_sta_max_num configuration on another interface controlled by the same hostapd process to restrict Probe Request frame handling from replying to group-addressed Probe Request frames from a station that has been detected to be capable of operating on another band, e.g., to try to reduce likelihood of the station selecting a 2.4 GHz BSS when the AP operates both a 2.4 GHz and 5 GHz BSS concurrently. Note: Enabling this can cause connectivity issues and increase latency for discovering the AP. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Add mechanism to track unconnected stationsJouni Malinen2015-09-053-0/+51
| | | | | | | | | | | hostapd can now be configured to track unconnected stations based on Probe Request frames seen from them. This can be used, e.g., to detect dualband capable station before they have associated. Such information could then be used to provide guidance on which colocated BSS to use in case of a dualband AP that operates concurrently on multiple bands under the control of a single hostapd process. Signed-off-by: Jouni Malinen <j@w1.fi>