path: root/hostapd
Commit message (Collapse)AuthorAgeFilesLines
* nl80211: Add ACS support for Broadcom deviceXinrui Sun32 hours1-0/+3
| | | | | | | BRCM vendor command used to trigger ACS scan. After ACS finished, DHD driver will send results by event BRCM_VENDOR_EVENT_ACS. Signed-off-by: Xinrui Sun <xinrui.sun@broadcom.com>
* RADIUS client: Support SO_BINDTODEVICEBen Greear34 hours2-0/+9
| | | | | | | | Allow the RADIUS client socket to be bound to a specific netdev. This helps hostapd work better in VRF and other fancy network environments. Signed-off-by: Ben Greear <greearb@candelatech.com> Signed-off-by: Andreas Tobler <andreas.tobler at onway.ch>
* Android: Add DRIVER command support on hostapd and hostapd_cliSunil Dutt2 days2-0/+34
| | | | | | | | Add DRIVER command support on hostapd and hostapd_cli on Android similarly to the way this previously enabled in wpa_supplicant and wpa_cli. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Multi-AP: Fix backhaul SSID printing conditionJouni Malinen7 days1-1/+1
| | | | | | | | ssid->ssid is an array so comparison against NULL is pointless; check ssid->ssid_len instead. Fixes: 871d6648f502 ("hostapd: Add multi_ap settings to get_config() output") Signed-off-by: Jouni Malinen <j@w1.fi>
* AP: Check driver's capability to enable OCV when driver SME is usedVeerendranath Jakkam13 days1-0/+3
| | | | | | | | | | | | | When the driver SME is used, offloaded handshakes which need Operating Channel Validation (OCV) such as SA Query procedure, etc. would fail if hostapd enables OCV based on configuration but the driver doesn't support OCV. To avoid this when driver SME is used, enable OCV from hostapd only when the driver indicates support for OCV. This commit also adds a capability flag to indicate whether driver SME is used in AP mode. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
* Enable beacon protection only when driver indicates supportVeerendranath Jakkam13 days1-1/+2
| | | | | | | | | | | Enabling beacon protection will cause STA connection/AP setup failures if the driver doesn't support beacon protection. To avoid this, check the driver capability before enabling beacon protection. This commit also adds a capability flag to indicate beacon protection support in client mode only. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
* AP: Unsolicited broadcast Probe Response configurationAloka Dixit14 days2-0/+18
| | | | | | | | | | Add hostapd configuration options for unsolicited broadcast Probe Response transmission for in-band discovery in 6 GHz. Maximum allowed packet interval is 20 TUs (IEEE P802.11ax/D8.0, AP behavior for fast passive scanning). Setting value to 0 disables the transmission. Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
* FILS: Add generation of FILS Discovery frame templateAloka Dixit2021-02-142-0/+11
| | | | | | | | | Add hostapd configuration parameters for FILS Discovery frame transmission interval and prepare a template for FILS Discovery frame for the driver interface. The actual driver interface changes are not included in this commit. Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
* AP: Extend Spatial Reuse Parameter SetRajkumar Manoharan2021-02-072-2/+59
| | | | | | | | | | Extend SPR element to support following fields and pass all information to kernel for driver use. * Non-SRG OBSS PD Max Offset * SRG BSS Color Bitmap * SRG Partial BSSID Bitmap Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
* Allow HE MCS rate selection for Beacon framesRajkumar Manoharan2021-02-072-0/+12
| | | | | | | | Allow HE MCS rate to be used for beacon transmission when the driver advertises the support. The rate is specified with a new beacon_rate option "he:<HE MCS>" in hostapd configuration. Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
* hostapd: Add HE 6 GHz band capability configurationRajkumar Manoharan2021-02-072-0/+44
| | | | | | | | Enable user to configure Maximum MPDU Length, Maximum A-MPDU Length Exponent, Rx Antenna Pattern Consistency, and Tx Antenna Pattern Consistency of 6 GHz capability through config file. Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
* hostapd: Report errors ACCEPT_ACL/DENY_ACL control interface commandsMasafumi Utsugi2021-02-071-3/+8
| | | | | | | Return FAIL for couple of the operations that were previously ignoring invalid addresses without reporting errors. Signed-off-by: Masafumi Utsugi <mutsugi@allied-telesis.co.jp>
* hostapd: Fix dynamic ACCEPT_ACL management over control interfaceMasafumi Utsugi2021-02-071-6/+6
| | | | | | | | | | | hostapd_disassoc_accept_mac() was called after a new accept MAC address was added (ACCEPT_ACL ADD_MAC), but this function should have been called after an accept MAC address was removed and accept MAC list was cleared to disconnect a STA which is not listed in the update accept MAC address list. Fix this by moving the call to places where a connected STA can actually end up losing its previously present accept entry. Signed-off-by: Masafumi Utsugi <mutsugi@allied-telesis.co.jp>
* hostapd: Add multi_ap settings to get_config() outputRaphaël Mélotte2021-02-061-0/+46
| | | | | | | | | | | Since a running hostapd is not necessarily using the settings that are in the configuration file (if they were changed at runtime, or the file was changed but not reloaded, etc.), being able to get their value at runtime can be useful (to know if they have to be updated for example). If multi_ap is set, also print the SSID and passphrase (or PSK). Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
* hostapd: Add an option to notify management frames on ctrl_ifaceRaphaël Mélotte2021-02-062-0/+6
| | | | | | | | | | | | | | | | In some contexts (e.g., Multi-AP) it can be useful to have access to some of the management frames in upper layers (e.g., to be able to process the content of association requests externally). Add 'notify_mgmt_frames'. When enabled, it will notify the ctrl_iface when a management frame arrives using the AP-MGMT-FRAME-RECEIVED event message. Note that to avoid completely flooding the ctrl_iface, not all management frames are included (e.g., Beacon and Probe Request frames are excluded). Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
* hostapd: Generalize channel switch methods to incorperated HE modeMuna Sinada2021-02-061-3/+3
| | | | | | | Remove the VHT specific naming on methods that are utilized in both VHT and HE modes. Signed-off-by: Muna Sinada <msinada@codeaurora.org>
* Add PTKSA cache to hostapdIlan Peer2021-01-253-0/+9
| | | | Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* AP: Add support for configuring PASNIlan Peer2021-01-255-0/+42
| | | | Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* WPA: Extend the wpa_pmk_to_ptk() function to also derive KDKIlan Peer2021-01-251-0/+6
| | | | | | | | | | | | Extend the wpa_pmk_to_ptk() to also derive Key Derivation Key (KDK), which can later be used for secure LTF measurements. Update the wpa_supplicant and hostapd configuration and the corresponding WPA and WPA Auth state machine, to allow enabling of KDK derivation. For now, use a testing parameter to control whether KDK is derived. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* DPP2: Add DPP_CONTROLLER commands to hostapd_cli and wpa_cliDisha Das2020-12-161-0/+18
| | | | | | | Add the DPP control interface DPP_CONTROLLER_START and DPP_CONTROLLER_STOP commands to the CLIs. Signed-off-by: Disha Das <dishad@codeaurora.org>
* Extend the setband support for 6 GHz and band combinationsVeerendranath Jakkam2020-12-111-12/+20
| | | | | | | | | | Support possible band combinations of 2.4 GHz, 5 GHz, and 6 GHz with QCA_WLAN_VENDOR_ATTR_SETBAND_MASK attribute. Ensure backwards compatibility with old drivers that are using QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE attribute and supporting only 2.4 GHz and 5 GHz bands. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
* Add option to ignore Probe Request frames when RSSI is too lowJohn Crispin2020-12-022-0/+6
| | | | | | | Add a new hostapd configuration parameters rssi_ignore_probe_request to ignore Probe Request frames received with too low RSSI. Signed-off-by: John Crispin <john@phrozen.org>
* hostapd: Add ability to disable HT/VHT/HE per BSSShay Bar2020-12-022-0/+15
| | | | | | | | | | | | Add the ability to disable HT/VHT/HE for specific BSS from hostapd.conf. - Add disable_11ax boolean to hostapd_bss_config. - Change disable_11n and disable_11ac to bool in hostapd_bss_config. - Add configuration option to set these disable_11* parameters (which were previously used only automatically based on incompatible security parameters to disable HT/VHT). Signed-off-by: Shay Bar <shay.bar@celeno.com>
* Set NLA_F_NESTED flag with NL80211_ATTR_VENDOR_DATA conditionallyVinita S. Maloo2020-11-102-8/+20
| | | | | | | | | | | | | | | | | | | | | | | | The newer kernel versions enforce strict netlink attribute policy validation and will cause cfg80211 to reject vendor commands with NL80211_ATTR_VENDOR_DATA if NLA_F_NESTED attribute is not set but if the vendor command is expecting nested data within NL80211_ATTR_VENDOR_DATA attribute. Most of the earlier instances were addressed by adding NLA_F_NESTED flag in nla_nest_start(). This commit addresses the remaining instance in which NL80211_ATTR_VENDOR_DATA is populated using data set by user through the control interface. Enhance the control interface VENDOR command to indicate whether the vendor subcommand uses nested attributes within NL80211_ATTR_VENDOR_DATA attribute or not. Set NLA_F_NESTED flag for existing QCA vendor commands which use nested attributes within the NL80211_ATTR_VENDOR_DATA attributes so that the old frameworks implementations for already existing commands work without any issues. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* hostapd: Fix typosYegor Yefremov2020-10-168-11/+11
| | | | Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
* DPP2: Add DPP_CHIRP commands to hostapd_cli and wpa_cliWystan Schmidt2020-10-111-0/+23
| | | | | | | Add the DPP control interface chirp commands to the CLIs for greater visibility and ease of use. Signed-off-by: Wystan Schmidt <wystan.schmidt@charter.com>
* hostapd_cli: Add dpp_bootstrap_set commandAndrew Beltrano2020-10-111-0/+9
| | | | | | | Expose DPP_BOOTSTRAP_SET through hostapd_cli command dpp_bootstrap_set <id> <configurator params..> Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
* gitignore: Clean up a bitJohannes Berg2020-10-111-0/+5
| | | | | | | | Now that we no longer leave build artifacts outside the build folder, we can clean up the gitignore a bit. Also move more things to per-folder files that we mostly had already anyway. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* hostapd: Fix error message for radius_accept_attr config optionPali Rohár2020-10-101-1/+1
| | | | | | Error message contained wrong config option. Signed-off-by: Pali Rohár <pali@kernel.org>
* build: Remove hostapd vs. wpa_supplicant build checksJohannes Berg2020-10-101-9/+1
| | | | | | | | These are no longer needed now. Note that this was never actually sufficient since src/drivers/ isn't the only thing shared, and thus a cross-build detection didn't work in all cases. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* build: Put object files into build/ folderJohannes Berg2020-10-101-5/+17
| | | | | | | | | | | | | | | | Instead of building in the source tree, put most object files into the build/ folder at the root, and put each thing that's being built into a separate folder. This then allows us to build hostapd and wpa_supplicant (or other combinations) without "make clean" inbetween. For the tests keep the objects in place for now (and to do that, add the build rule) so that we don't have to rewrite all of that with $(call BUILDOBJS,...) which is just noise there. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* build: Move config file handling into build.rulesJohannes Berg2020-10-101-12/+1
| | | | | | | This will make it easier to split out the handling in a proper way, and handle common cflags/dependencies. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* build: Add a common-clean targetJohannes Berg2020-10-101-3/+2
| | | | | | | | Clean up in a more common fashion as well, initially for ../src/. Also add $(Q) to the clean target in src/ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* build: Pull common fragments into a build.rules fileJohannes Berg2020-10-101-31/+3
| | | | | | | Some things are used by most of the binaries, pull them into a common rule fragment that we can use properly. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* OCV: Work around for misbehaving STAs that indicate OCVC=1 without OCIVeerendranath Jakkam2020-10-081-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | Some legacy stations copy previously reserved RSN capability bits, including OCVC, in (Re)Association Request frames from the AP's RSNE but do not indicate MFP capability and/or do not send OCI in RSN handshakes. This is causing connection failures with such erroneous STAs. To improve interoperability with such legacy STAs allow a workaround OCV mode to be enabled to ignore OCVC=1 from the STA if it does not follow OCV requirements in the first protected exchange. This covers cases where a STA claims to have OCV capability, but it does not negotiate use of management frame protection or does not include OCI in EAPOL Key msg 2/4, FT Reassociation Request frame, or FILS (Re)Association Reqest. The previous behavior with ocv=1 is maintained, i.e., misbehaving STAs are not allowed to connect. When the new workaround mode is enabled with ocv=2, the AP considers STA as OCV capable on below criteria - STA indicates both OCV and MFP capability - STA sends OCI during connection attempt in a protected frame Enabling this workaround mode reduced OCV protection to some extend since it allows misbehavior to go through. As such, this should be enabled only if interoperability with misbehaving STAs is needed. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
* SAE-PK: Add support to skip sae_pk password check for testing purposesShaakir Mohamed2020-09-111-1/+7
| | | | | | | | Add support to skip sae_pk password check under compile flag CONFIG_TESTING_OPTIONS which allows AP to be configured with sae_pk enabled but a password that is invalid for sae_pk. Signed-off-by: Shaakir Mohamed <smohamed@codeaurora.org>
* DPP: Remove unnecessary dpp_global_config parametersJouni Malinen2020-08-251-1/+0
| | | | | | | | | These were not really used anymore since the AP/Relay case did not set msg_ctx or process_conf_obj in the global DPP context. Get the appropriate pointers more directly from the more specific data structures instead and remove these global values. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Controller support in hostapdJouni Malinen2020-08-251-0/+8
| | | | | | | | Extend hostapd support for DPP Controller to cover the DPP_CONTROLLER_* cases that were previously implemented only in wpa_supplicant. This allows hostapd/AP to be provisioned using DPP over TCP. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE-PK: Update design for fingerprint encoding into passwordJouni Malinen2020-08-051-17/+53
| | | | | | | | | | Update the SAE-PK implementation to match the changes in the protocol design: - allow only Sec values 3 and 5 and encode this as a single bit field with multiple copies - add a checksum character Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Extend GET_PMK to check PMKSA cache on the APJouni Malinen2020-08-031-3/+17
| | | | | | | | This allows the testing command GET_PMK to return a PMK in cases where the association fails (e.g., when using SAE and getting a valid PMKSA entry added before association) or after the association has been lost. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Rename temporary blocking of nonresponsive R0KHJouni Malinen2020-07-241-1/+1
| | | | | | Avoid use of the "blacklist" term here to reduce undesired connotations. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* 6 GHz: Change 6 GHz channels per IEEE P802.11ax/D6.1Wu Gao2020-06-231-4/+4
| | | | | | | | | | | The channel numbering/center frequencies was changed in IEEE P802.11ax/D6.1. The center frequencies of the channels were shifted by 10 MHz. Also, a new operating class 136 was defined with a single channel 2. Add required support to change the channelization as per IEEE P802.11ax/D6.1. Signed-off-by: Wu Gao<wugao@codeaurora.org> Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org>
* EAP-TEAP (server): Allow Phase 2 skip based on client certificateJouni Malinen2020-06-202-1/+3
| | | | | | | | eap_teap_auth=2 can now be used to configure hostapd to skip Phase 2 if the peer can be authenticated based on client certificate during Phase 1. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove unused enum valuesJouni Malinen2020-06-081-8/+0
| | | | | | | | The last user of these was removed in commit 17fbb751e174 ("Remove user space client MLME") and there is no need to maintain these unused values anymore. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Move local TX queue parameter parser into a common fileSubrat Dash2020-06-081-91/+1
| | | | | | | This allows the same implementation to be used for wpa_supplicant as well. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE-PK: Testing functionality to allow behavior overridesJouni Malinen2020-06-081-0/+4
| | | | | | | | The new sae_commit_status and sae_pk_omit configuration parameters and an extra key at the end of sae_password pk argument can be used to override SAE-PK behavior for testing purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Allow transition_disable updates during the lifetime of a BSSJouni Malinen2020-06-071-0/+3
| | | | | | | This is mainly for testing purposes to allow more convenient checking of station behavior when a transition mode is disabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE-PK: A tool for generating SAE-PK Modifier and passwordJouni Malinen2020-06-022-0/+194
| | | | | | | | | | | | | | | sae_pk_gen can be used to generate Modifier (M) and password for SAE-PK based on a previously generated EC private key, Sec value (2..5), and SSID. For example, these commands can be used to generate the private key and the needed hostapd configuration parameter options: make sae_pk_gen openssl ecparam -genkey -outform DER -out saepk.der -name prime256v1 ./sae_pk_gen saepk.der 3 "SAE-PK test" Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE-PK: AP functionalityJouni Malinen2020-06-022-1/+43
| | | | | | | | This adds AP side functionality for SAE-PK. The new sae_password configuration parameters can now be used to enable SAE-PK mode whenever SAE is enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE-PK: Extend SAE functionality for AP validationJouni Malinen2020-06-022-0/+8
| | | | | | | | | This adds core SAE functionality for a new mode of using SAE with a specially constructed password that contains a fingerprint for an AP public key and that public key being used to validate an additional signature in SAE confirm from the AP. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>