aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
Commit message (Collapse)AuthorAgeFilesLines
...
* eap_sim_db: Implement eap_sim_db_expire_pending()Frederic Leroy2015-10-312-0/+7
| | | | | | | Expire pending DB request for EAP-SIM/AKA/AKA'. Timeout defaults to 1 second and is user configurable in hostapd.conf (eap_sim_db_timeout). Signed-off-by: Frederic Leroy <frederic.leroy@b-com.com>
* Allow -1 as value to disable frag_thresholdMatthias May2015-10-282-4/+6
| | | | | | | To be consistent with the internal representation of how to disable framentation, allow -1 as a value to disable it in configuration. Signed-off-by: Matthias May <matthias.may@neratec.com>
* Extend the range of values for the RTS thresholdMatthias May2015-10-282-3/+3
| | | | | | | | Since we have HT rates the maximum framesize is no longer 2346. The usual maximum size of an A-MPDU is 65535. To disable RTS, the value -1 is already internally used. Allow it in the configuration parameter. Signed-off-by: Matthias May <matthias.may@neratec.com>
* hostapd: Add feature to start all interfaces at the same time in syncSrinivasa Duvvuri2015-10-281-1/+8
| | | | | | | | | | | | | | | | | | | | When multiple interfaces across mutiple radios are started using a single instance of hostapd, they all come up at different times depending upon how long the ACS and HT scan take on each radio. This will result in stations (that already have the AP profile) associating with the first interfaces that comes up. For example in a dual band radio case (2G and 5G) with ACS enabled, 2G always comes up first because the ACS scan takes less time on 2G and this results in all stations associating with the 2G interface first. This feature brings up all the interfaces at the same time. The list of interfaces specified via hostapd.conf files on the command line are all marked as sync interfaces. All the interfaces are synchronized in hostapd_setup_interface_complete(). This feature is turned on with '-S' commmand line option. Signed-off-by: Srinivasa Duvvuri <sduvvuri@chromium.org>
* Option to reduce Probe Response frame responses during max STAJouni Malinen2015-10-172-0/+9
| | | | | | | | | | | The new hostapd configuration parameter no_probe_resp_if_max_sta=1 can be used to request hostapd not to reply to broadcast Probe Request frames from unassociated STA if there is no room for additional stations (max_num_sta). This can be used to discourage a STA from trying to associate with this AP if the association would be rejected due to maximum STA limit. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add "git describe" based version string postfixJouni Malinen2015-10-161-0/+10
| | | | | | | | | | | | | | If hostapd or wpa_supplicant is built from a git repository, add a VERSION_STR postfix from the current git branch state. This is from "git describe --dirty=+". VERSION_STR will thus look something like "2.6-devel-hostap_2_5-132-g4363c0d+" for development builds from a modified repository. This behavior is enabled automatically if a build within git repository is detected (based on ../.git existing). This can be disabled with CONFIG_NO_GITVER=y in wpa_supplicant/.config and hostapd/.config. Signed-off-by: Jouni Malinen <j@w1.fi>
* Increase the maximum hostapd.conf line length to 4096 bytesJouni Malinen2015-10-081-1/+1
| | | | | | | | | It was already possible to use longer values through the control interface SET command, but the configuration file parser was still limited to 512 byte lines. Increase this to 4096 bytes since some of the configuration parameters (e.g., anqp_elem) can be longer. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Add support for configuring arbitrary ANQP-elementsJouni Malinen2015-10-072-0/+62
| | | | | | | | | | | | | | | | | | The new hostapd configuration parameter anqp_elem can now be used to configure arbitrary ANQP-elements for the GAS/ANQP server. In addition to supporting new elements, this can be used to override previously supported elements if some special values are needed (mainly for testing purposes). The parameter uses following format: anqp_elem=<InfoID>:<hexdump of payload> For example, AP Geospatial Location ANQP-element with unknown location: anqp_elem=265:0000 and AP Civic Location ANQP-element with unknown location: anqp_elem=266:000000 Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix couple of typos in hostapd.conf fileManeesh Jain2015-10-061-4/+4
| | | | Signed-off-by: Maneesh Jain <maneesh.jain@samsung.com>
* hostapd: Add testing option to use only ECSAJohannes Berg2015-10-032-0/+6
| | | | | | | | Some APs don't include a CSA IE when an ECSA IE is generated, and mac80211 used to fail following their channel switch. Add a testing option to hostapd to allow reproducing the behavior. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* nl80211: Add build option for QCA vendor extensionsJouni Malinen2015-10-012-0/+6
| | | | | | | This allows the binary sizes to be reduced if no support for nl80211 vendor extensions are needed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add ChangeLog entries for v2.5Jouni Malinen2015-09-271-0/+36
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Add option to reject authentication on 2.4 GHz from dualband STAJouni Malinen2015-09-052-0/+16
| | | | | | | | | | | | | | | | | | The new no_auth_if_seen_on=<ifname> parameter can now be used to configure hostapd to reject authentication from a station that was seen on another radio. This can be used with enabled track_sta_max_num configuration on another interface controlled by the same hostapd process to reject authentication attempts from a station that has been detected to be capable of operating on another band, e.g., to try to reduce likelihood of the station selecting a 2.4 GHz BSS when the AP operates both a 2.4 GHz and 5 GHz BSS concurrently. Note: Enabling this can cause connectivity issues and increase latency for connecting with the AP. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add option to ignore Probe Request frames on 2.4 GHz from dualband STAJouni Malinen2015-09-052-0/+18
| | | | | | | | | | | | | | | | | | | The new no_probe_resp_if_seen_on=<ifname> parameter can now be used to configure hostapd to not reply to group-addressed Probe Request from a station that was seen on another radio. This can be used with enabled track_sta_max_num configuration on another interface controlled by the same hostapd process to restrict Probe Request frame handling from replying to group-addressed Probe Request frames from a station that has been detected to be capable of operating on another band, e.g., to try to reduce likelihood of the station selecting a 2.4 GHz BSS when the AP operates both a 2.4 GHz and 5 GHz BSS concurrently. Note: Enabling this can cause connectivity issues and increase latency for discovering the AP. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Add mechanism to track unconnected stationsJouni Malinen2015-09-053-0/+51
| | | | | | | | | | | hostapd can now be configured to track unconnected stations based on Probe Request frames seen from them. This can be used, e.g., to detect dualband capable station before they have associated. Such information could then be used to provide guidance on which colocated BSS to use in case of a dualband AP that operates concurrently on multiple bands under the control of a single hostapd process. Signed-off-by: Jouni Malinen <j@w1.fi>
* Allow wpa_cli/hostapd_cli client socket directory to be specifiedManikandan Mohan2015-09-011-2/+15
| | | | | | | | | This adds a new helper function wpa_ctrl_open2() that can be used instead of wpa_ctrl_open() to override the default client socket directory. Add optional -s<directory path> argument to hostapd_cli and wpa_cli to allow the client socket directory to be specified. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix key derivation for Suite B 192-bit AKM to use SHA384Jouni Malinen2015-08-272-0/+2
| | | | | | | | | While the EAPOL-Key MIC derivation was already changed from SHA256 to SHA384 for the Suite B 192-bit AKM, KDF had not been updated similarly. Fix this by using HMAC-SHA384 instead of HMAC-SHA256 when deriving PTK from PMK when using the Suite B 192-bit AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP server: Add tls_session_lifetime configurationJouni Malinen2015-08-232-0/+8
| | | | | | | | | | This new hostapd configuration parameter can be used to enable TLS session resumption. This commit adds the configuration parameter through the configuration system and RADIUS/EAPOL/EAP server components. The actual changes to enable session caching will be addressed in followup commits. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove unnecessary NULL check from LOG_LEVEL handlerJouni Malinen2015-08-211-1/+1
| | | | | | | cmd cannot be NULL here, so there is no need to check it before calling os_strlen(). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Add testing option to override own WPA/RSN IE(s)Jouni Malinen2015-08-081-0/+18
| | | | | | | | This allows the new own_ie_override=<hexdump> configuration parameter to be used to replace the normally generated WPA/RSN IE(s) for testing purposes in CONFIG_TESTING_OPTIONS=y builds. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Add support to configure debug log level at runtimeSrinivas Dasari2015-08-032-0/+69
| | | | | | | | Add support to read/configure log_level using hostapd control interface LOG_LEVEL command similarly to what was already supported in wpa_supplicant. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add build option to remove all internal RC4 usesJouni Malinen2015-08-022-0/+14
| | | | | | | | | | | | The new CONFIG_NO_RC4=y build option can be used to remove all internal hostapd and wpa_supplicant uses of RC4. It should be noted that external uses (e.g., within a TLS library) do not get disabled when doing this. This removes capability of supporting WPA/TKIP, dynamic WEP keys with IEEE 802.1X, WEP shared key authentication, and MSCHAPv2 password changes. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Add CONFIG_TLS_ADD_DL=y build option for hostapdJouni Malinen2015-07-281-0/+4
| | | | | | | This behaves similarly to the same option in wpa_supplicant, i.e., adds -ldl when linking in libcrypto from OpenSSL. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Add SHA256 support in openssl_tls_prf() for TLSv1.2Jouni Malinen2015-07-282-0/+4
| | | | | | | | This is needed when enabling TLSv1.2 support for EAP-FAST since the SSL_export_keying_material() call does not support the needed parameters for TLS PRF and the external-to-OpenSSL PRF needs to be used instead. Signed-off-by: Jouni Malinen <j@w1.fi>
* FST: Do not replace previous attachmentJouni Malinen2015-07-251-0/+4
| | | | | | | | hapd->iface->fst must not be overridden if it is already pointing to FST instance. Without this, duplicated FST-ATTACH could result in memory leak and process termination. Signed-off-by: Jouni Malinen <j@w1.fi>
* FST: Use -EINVAL instead of EINVAL as return valueJouni Malinen2015-07-251-2/+2
| | | | | | This is more consistent with other error cases. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Add build options for selecting eloop typeJouni Malinen2015-07-234-0/+29
| | | | | | | | This adds CONFIG_ELOOP_POLL=y and CONFIG_ELOOP_EPOLL=y options to hostapd build options similarly to how these were implemented for wpa_supplicant. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Mark config parameter name constJouni Malinen2015-07-213-7/+8
| | | | | | | | | The functions parsing configuration parameters do not modify the name of the parameter, so mark that function argument constant. In theory, the value should also be const, but at least for now, number of the parser functions end up modifying this to simplify parsing. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Add DUP_NETWORK global control interface commandAnton Nayshtut2015-07-211-0/+116
| | | | | | | | | | | | | | | | | | | | | | This adds a new global control interface command DUP_NETWORK with the following syntax: DUP_NETWORK src_ifname dst_ifname param The currently supported parameters: wpa wpa_key_mgmt wpa_pairwise rsn_pairwise wpa_passphrase wpa_psk The specified configuration parameter is copied from the source interface to the destination interface. The main use for this is to allow cloning of security configuration without having to expose the keys from the hostapd process. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Introduce hostapd_ctrl_iface_get_key_mgmt()Anton Nayshtut2015-07-211-70/+92
| | | | | | This function will be used in DUP_NETWORK command implementation. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Introduce hostapd_interfaces_get_hapd()Anton Nayshtut2015-07-211-10/+22
| | | | | | This function will be used in DUP_NETWORK command implementation. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add shared periodic cleanup function for AP modeJouni Malinen2015-07-201-0/+26
| | | | | | | | | This new mechanism can be used to combine multiple periodic AP (including P2P GO) task into a single eloop timeout to minimize number of wakeups for the process. hostapd gets its own periodic caller and wpa_supplicant uses the previously added timer to trigger these calls. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hlr_auc_gw: Hide a bogus static analyzer warningJouni Malinen2015-07-181-8/+8
| | | | | | | | | | For some reason, snprintf() was not seen as sufficient to remove potentially tainted string from fgets() before passing this to rename(). This does not make much sense, but anyway, try to get rid of the warning by using a separate buffer for the internally written file names. (CID 72690) Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Add current wpa parameter into GET_CONFIG outputMohammed Shafi Shajakhan2015-07-171-0/+7
| | | | | | | This can be used, e.g., by an action script to update new WPS settings for the AP. Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com>
* hostapd_cli: Allow PID file to be specifiedMohammed Shafi Shajakhan2015-07-171-2/+5
| | | | | | | This can help when running multiple hostapd_cli instances per interface and need to kill them correspondingly. Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com>
* hostapd: Extend the sounding and BF steering capabilitiesVivek Natarajan2015-07-172-2/+16
| | | | | | | Depending on the number of antennas, the txbf sounding and steering capabilites need to be extended. Signed-off-by: Vivek Natarajan <nataraja@qti.qualcomm.com>
* FST: Clear hostapd fst_ies on FST-DETACH to avoid use of freed memoryJouni Malinen2015-07-171-0/+1
| | | | | | | This is needed in the corner case of FST-DETACH being used without stopping the AP instance. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Document hostapd ft_over_ds configuration parameterJouni Malinen2015-07-171-0/+5
| | | | | | This had been forgotten from hostapd.conf. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Add global to local control interface redirectionAnton Nayshtut2015-07-161-0/+47
| | | | | | | | | This patch implements global to local control interface redirection in the same way as it's done for wpa_supplicant. Any global control interface command beginning with "IFNAME=..." will be routed to the corresponding local control interface handler. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Add hostapd_ctrl_iface_receive_process()Anton Nayshtut2015-07-161-36/+53
| | | | | | | The newly introduced function will be used in followup commits to handle requests redirected from the global control interface. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: Testing supportAnton Nayshtut2015-07-163-0/+9
| | | | | | This patch introduces infrastructure needed for FST module tests. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: Add hostapd_cli fst commandAnton Nayshtut2015-07-161-0/+32
| | | | | | This can be used to issue FST-MANAGER control interface commands. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: Add build rules for hostapdAnton Nayshtut2015-07-164-0/+31
| | | | | | This patch integrates the FST into the hostapd. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: hostapd control interfaceAnton Nayshtut2015-07-161-0/+64
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: Integration into hostapdAnton Nayshtut2015-07-161-0/+14
| | | | | | This commit integrates the FST into the hostapd. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: hostapd configuration parametersAnton Nayshtut2015-07-162-0/+84
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Global control interface notificationsAnton Nayshtut2015-07-162-10/+109
| | | | | | | | | | This commit implements hostapd global control interface notifications infrastructure. hostapd global control interface clients issue ATTACH/DETACH commands to register and deregister with hostapd correspondingly - the same way as for any other hostapd/wpa_supplicant control interface. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add EAPOL_SET hostapd command to configure EAPOL parametersJouni Malinen2015-07-121-0/+26
| | | | | | | | This new control interface command "EAPOL_REAUTH <MAC address> <parameter> <value>" can be used to implement the IEEE 802.1X PAE Set Authenticator Configuration operation. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add EAPOL_REAUTH hostapd command to trigger EAPOL reauthenticationJouni Malinen2015-07-121-0/+22
| | | | | | | This new control interface command "EAPOL_REAUTH <MAC address>" can be used to implement the IEEE 802.1X PAE Reauthenticate operation. Signed-off-by: Jouni Malinen <j@w1.fi>
* DATA_TEST_TX: Avoid ubsan warning on 0x80<<24 not fitting in intJouni Malinen2015-07-071-2/+2
| | | | | | | Use unsigned constant instead of signed to avoid warning with the LSB being set in an int. Signed-off-by: Jouni Malinen <j@w1.fi>