path: root/src/ap
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: Fix early init failure pathJouni Malinen2016-06-121-0/+1
| | | | | | | eloop deinit calls could trigger segmentation fault if the early error path is hit before eloop_init() gets called. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd Make GAS Address3 field selection behavior configurableJouni Malinen2016-06-102-1/+7
| | | | | | | | | gas_address3=1 can now be used to force hostapd to use the IEEE 802.11 standards compliant Address 3 field value (Wildcard BSSID when not associated) even if the GAS request uses non-compliant address (AP BSSID). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Fix Public Action frame TX status processing for wildcard BSSIDJouni Malinen2016-06-101-1/+14
| | | | | | | | | | Previously all TX status events with wildcard BSSID were ignored. This did not allow Public Action frame TX status to be processed with the corrected wildcard BSSID use. Fix this to be allowed. In practice, this affects only test cases since Action frame TX status was not used for anything else. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Fix Public Action frame addressing (BSSID field)Jouni Malinen2016-06-103-13/+73
| | | | | | | | | | | | | | | | | | | | | | IEEE Std 802.11-2012, 10.19 (Public Action frame addressing) specifies that the wildcard BSSID value is used in Public Action frames that are transmitted to a STA that is not a member of the same BSS. hostapd used to use the actual BSSID value for all such frames regardless of whether the destination STA is a member of the BSS. Fix this by using the wildcard BSSID in cases the destination STA is not a member of the BSS. Leave group addressed case as-is (i.e., the actual BSSID), since both values are accepted. No such frames are currently used, though. This version is still using the AP BSSID value in the Address 3 field for GAS response frames when replying to a GAS request with AP BSSID instead of Wildcard BSSID. This is left as a workaround to avoid interoperability issues with deployed STA implementations that are still using the non-compliant address and that might be unable to process the standard compliant case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Use extended capabilities per interface typeKanchanapally, Vidyullatha2016-05-312-0/+16
| | | | | | | | | | This adds the necessary changes to support extraction and use of the extended capabilities specified per interface type (a recent cfg80211/nl80211 extension). If that information is available, per-interface values will be used to override the global per-radio value. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* mesh: Support simple SAE group negotiation caseJouni Malinen2016-05-301-0/+51
| | | | | | | | | | This allows the simplest case of SAE group negotiation to occur by selecting the next available group if the peer STA indicates the previous one was not supported. This is not yet sufficient to cover all cases, e.g., when both STAs need to change their groups, but at least some cases are no covered. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* mesh: Fix error path handling in init OOM casesJouni Malinen2016-05-291-4/+13
| | | | | | | | | hostapd deinit functions were not ready to handle a case where the data structures were not fully initialized. Make these more robust to allow wpa_supplicant mesh implementation to use the current deinit design in OOM error cases without causing NULL pointer dereferences. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add assocresp_elements parameter for hostapdBala Krishna Bhamidipati2016-04-204-0/+11
| | | | | | | | This new parameter allows hostapd to add Vendor Specific elements into (Re)Association Response frames similarly to the way vendor_elements parameter can be used for Beacon and Probe Response frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FT: Fix RRB for FT over-the-air caseGünther Kelleter2016-04-181-1/+1
| | | | | | | | | | Commit 66d464067d626cc64c5a543a8f91fe58727f4e5e ('FT: Register RRB l2_packet only if FT-over-DS is enabled') disabled RRB l2_packet socket if ft_over_ds is disabled, but this socket is required for FT over-the-air, too (FT key distribution). Enable the socket regardless of ft_over_ds setting if FT is enabled. Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
* hostapd: Add FTM range requestDavid Spinadel2016-04-175-3/+170
| | | | | | | | | | | | | | | | | | | | Add FTM range request via RRM. The AP sends Radio measurement request with FTM range request as a request for the receiving STA to send FTM requests to the given list of APs. The neighbor report part of the request is taken from the neighbor database. The control interface command is: REQ_RANGE <dst addr> <rand_int> <min_ap> <responder> [<responder>..] dst addr: MAC address of an associated STA rand_int: Randomization Interval (0..65535) in TUs min_ap: Minimum AP Count (1..15); minimum number of requested FTM ranges between the associated STA and the listed APs responder: List of BSSIDs for neighboring APs for which a measurement is requested Signed-off-by: David Spinadel <david.spinadel@intel.com>
* hostapd: Add LCI requestDavid Spinadel2016-04-174-1/+161
| | | | | | | Add a hostapd control interface command REQ_LCI to request LCI from an associated station using radio measurement. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* hostapd: Save RM enabled capability of stationDavid Spinadel2016-04-172-1/+14
| | | | | | | Save RM enabled capability element of an associating station if radio measurement is supported in its capability field. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* hostapd: Handle Neighbor Report Request frameDavid Spinadel2016-04-173-0/+260
| | | | | | | Process Neighbor Report Request frame and send Neighbor Report Response frame based on the configured neighbor report data. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* hostapd: Add own neighbor report data to neighbor databaseDavid Spinadel2016-04-161-0/+123
| | | | | | | Add own neighbor report data to neighbor database based on local LCI and location civic data. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* hostapd: Add a database of neighboring APsDavid Spinadel2016-04-164-0/+168
| | | | | | | | | | | | | | | | | Add a configurable neighbor database that includes the content of Nighbor Report element, LCI and Location Civic subelements and SSID. All parameters for a neighbor must be updated at once; Neighbor Report element and SSID are mandatory, LCI and civic are optional. The age of LCI is set to the time of neighbor update. The control interface API is: SET_NEIGHBOR <BSSID> <ssid=SSID> <nr=data> [lci=<data>] [civic=<data>] To delete a neighbor use: REMOVE_NEIGHBOR <BSSID> <SSID> Signed-off-by: David Spinadel <david.spinadel@intel.com>
* hostapd: Extend the configuration of RRM capabilitiesDavid Spinadel2016-04-163-12/+20
| | | | | | | | | | | | | Extend the radio_measurements parameter to save all the supported RRM capabilities as it's used in RM enabled capabilities element. Make this parameter not directly configurable via config file (though, keep the radio_measurements parameter for some time for backwards compatibility). Instead, add a configuration option to enable neighbor report via radio measurements. Other features can be added later as well. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* hostapd: Set LCI and Location Civic information in configurationDavid Spinadel2016-04-092-0/+5
| | | | | | | Enable configuration of LCI and location civic information in hostapd.conf. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* Add POLL_STA command to check connectivity in AP modeJouni Malinen2016-04-083-0/+25
| | | | | | | | | The hostapd "POLL_STA <addr>" control interface command can be used to check whether an associated station ACKs a QoS Data frame. The received ACK for such a frame is reported as an event message ("AP-STA-POLL-OK <addr>"). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Allow AP to disconnect STA without sending Deauth/Disassoc frameJouni Malinen2016-04-081-2/+8
| | | | | | | | The optional tx=0 parameter can be added to the hostapd DEAUTHENTICATE/DISASSOCIATE command to request disconnection without transmitting the Deauthentication/Disassociation frame to the STA. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add inactive_msec into STA outputJouni Malinen2016-04-081-2/+2
| | | | | | | This allows external programs to fetch the driver inactivity value for a specific STA ("STA <addr>" hostapd control interface command). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* AP: Pass station P2P PS capabilities info during station add/setAyala Beker2016-04-083-4/+8
| | | | | | | | | | | | If a legacy client with no P2P PS support is trying to connect to a P2P GO, the driver should know that, and change its PS behavior accordingly. Add a parameter to hostapd_sta_add_params() indicating if P2P PS is supported by the station and pass this parameter to kernel with nl80211 driver when the station is added/set. Signed-off-by: Ayala Beker <ayala.beker@intel.com>
* RADIUS: Fix possible memory leak when parsing per-STA passphraseAyala Beker2016-04-081-1/+2
| | | | | | | Fix a possible memory leak in decode_tunnel_passwords() if an invalid passphrase is received from the RADIUS server. Signed-off-by: Ayala Beker <ayala.beker@intel.com>
* AP: Do not use struct ieee80211_mgmt::u.probe_reqJouni Malinen2016-04-021-3/+3
| | | | | | | | | | This struct in the union is empty, but the design of using a zero-length u8 array here is not fully compatible with C++ and can result in undesired compiler warnings. Since there are no non-IE fields in the Probe Request frames, get the location of the variable length IEs simply by using the pointer to the frame header and the known header length. Signed-off-by: Jouni Malinen <j@w1.fi>
* Drop USE_KERNEL_HEADERS defineJouni Malinen2016-03-261-4/+0
| | | | | | | | | | This was only used for providing an option to use linux/if_packet.h instgead of netpacket/packet.h in src/ap/iapp.c. However, netpacket/packet.h is nowadays commonly available and hostapd already depends on it through src/l2_packet/l2_packet_linux.c, so there is no need to continue to provide this option for the kernel header. Signed-off-by: Jouni Malinen <j@w1.fi>
* Use a separate header file for Linux bridge interface definitionsJouni Malinen2016-03-261-10/+1
| | | | | | | This moves the BRCTL_* defines from vlan_full.c to linux_bridge.h to clean up header inclusion. Signed-off-by: Jouni Malinen <j@w1.fi>
* Use own header file for defining Linux VLAN kernel interfaceJouni Malinen2016-03-262-12/+4
| | | | | | | | This gets rid of need to include linux/if_vlan.h and additional defines in vlan_ioctl.c to avoid issues with missing definitions in libc headers. Signed-off-by: Jouni Malinen <j@w1.fi>
* vlan: Fix musl libc conflict with Linux kernel headersJörg Krause2016-03-261-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | Due to both <netinet/in.h> (in "utils/includes.h") and <linux/in6.h> (in <linux/if_bridge.h>) being included, the in6_addr is being redefined: once from the C library headers and once from the Linux kernel headers. This causes some build failures with for example the musl C library: In file included from /usr/include/linux/if_bridge.h:18, from ../src/ap/vlan_init.c:17: /usr/include/linux/in6.h:32: error: redefinition of 'struct in6_addr' /usr/include/linux/in6.h:49: error: redefinition of 'struct sockaddr_in6' /usr/include/linux/in6.h:59: error: redefinition of 'struct ipv6_mreq' Mixing C library and Linux kernel headers is a bit problematic [1] and should be avoided if possible [2]. In order to fix this, define just the macros needed from <linux/if_bridge.h> as done in Busybox for the brctl applet [3]. [1] https://sourceware.org/bugzilla/show_bug.cgi?id=15850 [2] http://www.openwall.com/lists/musl/2015/10/06/1 [3] https://git.busybox.net/busybox/commit/?id=5fa6d1a632505789409a2ba6cf8e112529f9db18 Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
* vlan: Move if_nametoindex() use out of vlan_init.cJouni Malinen2016-03-253-4/+8
| | | | | | | | With this, vlan_init.c does not need any special header files anymore and vlan_ifconfig.c does not need hostapd-specific header files that might conflict with net/if.h on NetBSD. Signed-off-by: Jouni Malinen <j@w1.fi>
* vlan: Move ifconfig helpers to a separate fileJouni Malinen2016-03-252-50/+66
| | | | | | This removes final ioctl() use within vlan_init.c. Signed-off-by: Jouni Malinen <j@w1.fi>
* vlan: Move CONFIG_FULL_DYNAMIC_VLAN functionality into a separate fileJouni Malinen2016-03-253-742/+766
| | | | | | | This cleans up vlan_init.c by removing number of C pre-processor dependencies. Signed-off-by: Jouni Malinen <j@w1.fi>
* vlan: Remove unnecessary header includes from netlink implementationJouni Malinen2016-03-251-8/+0
| | | | | | | The implementation in vlan_util.c does not use many of the header files that were pulled in. Signed-off-by: Jouni Malinen <j@w1.fi>
* vlan: Clean up netlink vs. ioctl API implementationJouni Malinen2016-03-254-156/+174
| | | | | | | | | | | Move the ioctl-based VLAN implementation to a separate file to avoid need for conditional blocks within vlan_ioctl.c. This removes the internal CONFIG_VLAN_NETLINK define, i.e., this is now used only in build configuration (.config) to select whether to include the vlan_util.c (netlink) or vlan_ioctl.c (ioctl) implementation of the functions. Signed-off-by: Jouni Malinen <j@w1.fi>
* vlan: Fix musl build errorJörg Krause2016-03-251-3/+3
| | | | | | | | | | | | | | | | caddr_t is legacy BSD and should be avoided [1]. While glibc may still use __caddr_t as the type, Linux kernel does not (it is "void __user * ifru_data"). This fixes compile errors with the musl libc: ../src/ap/vlan_init.c: In function 'br_delif': ../src/ap/vlan_init.c:218:18: error: '__caddr_t' undeclared (first use in this function) ifr.ifr_data = (__caddr_t) args; [1] http://stackoverflow.com/questions/6381526/what-is-the-significance-of-caddr-t-and-when-is-it-used Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
* mesh: Simplify wpa_auth_pmksa_set_to_sm()Jouni Malinen2016-03-221-7/+3
| | | | | | | | pmksa->pmk or pmksa->pmkid cannot be NULL since they are arrays. Remove the unnecessary NULL checks and use the provided pmksa pointer directly to simplify the implementation. (CID 138519) Signed-off-by: Jouni Malinen <j@w1.fi>
* Find correct driver for interface additions/removalsRoy Marples2016-03-222-2/+29
| | | | | | | | | Interface additions/removals are not guaranteed to be for the driver listening to the kernel events. As such, send the events to wpa_supplicant_event_global() which can then pick the correct interface registered with wpa_supplicant to send the event to. Signed-off-by: Roy Marples <roy@marples.name>
* wpa_supplicant: Fix CONFIG_IBSS_RSN=y build without CONFIG_AP=yJouni Malinen2016-03-211-4/+3
| | | | | | | | | | | | | | | | Commit 1889af2e0f89f9a98171761683eb1c244584daf8 ('VLAN: Separate station grouping and uplink configuration') added an ap_sta_set_vlan() function that gets called from pmksa_cache_auth.c. This broke CONFIG_IBSS_RSN=y build if src/ap/sta_info.c did not get included in the build, i.e., if CONFIG_AP=y was not set. Fix this by making the ap_sta_set_vlan() call conditional on CONFIG_NO_VLAN being undefined and define this for CONFIG_IBSS_RSN=y builds. This is fine for wpa_supplicant since CONFIG_AP=y case was already defining this. For hostapd, this function call is not needed for CONFIG_NO_VLAN case either. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* mesh: Add support for PMKSA cachingMasashi Honma2016-03-206-7/+58
| | | | | | | | | | | | | | | | | | | | | | | | | This patch add functionality of mesh SAE PMKSA caching. If the local STA already has peer's PMKSA entry in the cache, skip SAE authentication and start AMPE with the cached value. If the peer does not support PMKSA caching or does not have the local STA's PMKSA entry in the cache, AMPE will fail and the PMKSA cache entry of the peer will be removed. Then STA retries with ordinary SAE authentication. If the peer does not support PMKSA caching and the local STA uses no_auto_peer=1, the local STA can not retry SAE authentication because NEW_PEER_CANDIDATE event cannot start SAE authentication when no_auto_peer=1. So this patch extends MESH_PEER_ADD command to use duration(sec). Throughout the duration, the local STA can start SAE authentication triggered by NEW_PEER_CANDIDATE even though no_auto_peer=1. This commit requires commit 70c93963edefa37ef84b73efb9d04ea10268341c ('SAE: Fix PMKID calculation for PMKSA cache'). Without that commit, chosen PMK comparison will fail. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* PMKSA: Flush AP/mesh PMKSA cache by PMKSA_FLUSH commandMasashi Honma2016-03-206-0/+30
| | | | | | | | | This extends the wpa_supplicant PMKSA_FLUSH control interface command to allow the PMKSA list from the authenticator side to be flushed for AP and mesh mode. In addition, this adds a hostapd PMKSA_FLUSH control interface command to flush the PMKSA entries. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* PMKSA: Show AP/mesh PMKSA list in PMKSA commandMasashi Honma2016-03-206-0/+66
| | | | | | | | | This extends the wpa_supplicant PMKSA control interface command to allow the PMKSA list from the authenticator side to be listed for AP and mesh mode. In addition, this adds a hostapd PMKSA control interface command to show the same list for the AP case. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* hostapd: Handle running out of DFS channelsZefir Kurtisi2016-03-081-4/+10
| | | | | | | | | | | | | | | | | | | | | In scenarios where only DFS channels are available (e.g., outdoor, special country codes), hostapd must be able to handle situations where all are unavailable. The two possibilities to get there are 1) while operating on the last available DFS channel a radar is detected 2) hostapd is started while all channels are unavailable In both cases, hostapd instead of terminating should better wait for the NOPs to pass and re-try operation after the CAC. This patch provides that feature by using the condition (iface->state == HAPD_IFACE_DFS && !iface->cac_started) as NOP mode signature to retry operation from within hostapd_dfs_nop_finished(). Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
* hostapd: Allow use of driver-generated interface addressesEliad Peller2016-03-062-7/+20
| | | | | | | | | Add a new 'use_driver_iface_addr' configuration parameter to allow use of the default interface address generated by the driver on interface creation. This can be useful when specific MAC addresses were allocated to the device and we want to use them for multi-BSS operation. Signed-off-by: Eliad Peller <eliad@wizery.com>
* AP: Save EAPOL received before Association Response ACKEliad Peller2016-03-063-0/+62
| | | | | | | | | | | | | There is a race condition in which AP might receive the EAPOL-Start frame (from the just-associated station) before the TX completion of the Association Response frame. This in turn will cause the EAPOL-Start frame to get dropped, and potentially failing the connection. Solve this by saving EAPOL frames from authenticated-but-not-associated stations, and handling them during the Association Response frame TX completion processing. Signed-off-by: Eliad Peller <eliad@wizery.com>
* hostapd: Add UDP support for ctrl_ifaceJanusz Dziedzic2016-03-051-0/+1
| | | | | | | | | | | | | | | Add UDP support for ctrl_iface: New config option could be set: CONFIG_CTRL_IFACE=udp CONFIG_CTRL_IFACE=udp-remote CONFIG_CTRL_IFACE=udp6 CONFIG_CTRL_IFACE=udp6-remote And hostapd_cli usage: hostapd_cli -i localhost:8877 Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* hostapd: Use common functions for ctrl_ifaceJanusz Dziedzic2016-03-051-2/+2
| | | | | | Use the common functions, structures when UNIX socket ctrl_iface used. Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* Add error handling for offloaded ACS with vendor command failuresPeng Xu2016-03-031-4/+9
| | | | | | | | In case vendor ACS command returns invalid channel or hardware mode, complete the interface setup with an error code instead of simply return, so that hostapd can properly clean up the interface setup. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* RADIUS: Add Acct-Delay-Time into accounting messagesJouni Malinen2016-02-291-0/+9
| | | | | | | | | | | | | | | | | | This tells to the server how long we have been trying to transmit the message so that the actual time of the message generation can be determined from receive time (ignoring network delays and only at accuracy of one second). For interim updates, only value 0 is used since there are no retransmissions of the same message. For other accounting messages, the initial attempt goes out with value 0 and the retransmissions, if needed, show the number of seconds the message has been waiting in the queue. Update the Identifier and Authenticator in the messages whenever updating the Acct-Delay-Time per RFC 2866, 4.1 requirements. Signed-off-by: Jouni Malinen <j@w1.fi>
* RADIUS: Update full message for interim accounting updatesJouni Malinen2016-02-292-0/+60
| | | | | | | | | | | | Instead of using the RADIUS client retransmission design with the old RADIUS message contents for each retry, trigger a completely new interim accounting update instance more quickly (using the same schedule as RADIUS message retransmissions) to improve accounting updates in cases where RADIUS message delivery fails. This allows the server to get up to date information from the time the "retry" message was sent instead of the old information from the time the first failed attempt was sent. Signed-off-by: Jouni Malinen <j@w1.fi>
* Replace hostapd_mac_comp_empty() with is_zero_ether_addr()Jouni Malinen2016-02-283-12/+4
| | | | | | | There is no need to maintain two implementations of the functionality. is_zero_ether_addr() is easier to understand, so use it. Signed-off-by: Jouni Malinen <j@w1.fi>
* VLAN: Avoid use of libnl cacheMichael Braun2016-02-281-23/+7
| | | | | | | Using rtnl_link_alloc_cache() is expensive as it fills in all configured links. Using rtnl_link_get_kernel() is much more lightweight. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
* FT: Check destination MAC address on RRB receiveMichael Braun2016-02-281-0/+3
| | | | | | | | | | | | | | As the Linux variant of l2_packet_init() does not use its own_addr argument and l2_packet_receive() does not filter on destination MAC address, this needs to be checked in the callback. If there are multiple BSSes listening for FT RRB packets, all their BSSIDs need to be local to the bridge interface. As l2_packet_init() is going to receive all of them going for any local address, those RRB messages started turning up on BSSes that were not destinated for and cluttering logs. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>