Commit Graph

1376 Commits

Author SHA1 Message Date
Jouni Malinen
b729fd8df9 FILS: Use AEAD cipher to protect EAPOL-Key frames (AP)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:47 +03:00
Jouni Malinen
3b5b7aa8fb FILS: Use AEAD cipher to check received EAPOL-Key frames (AP)
This changes 4-way handshake authenticator processing to decrypt the
EAPOL-Key frames using an AEAD cipher (AES-SIV with FILS AKMs) before
processing the Key Data field. This replaces Key MIC validation for the
cases where AEAD cipher is used. This needs to move the EAPOL-Key msg
2/4 RSN element processing to happen only after the PTK has been derived
and validated. That is done for all AKMs to avoid extra complexity with
having to maintain two code paths for this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:47 +03:00
Jouni Malinen
b986648389 FILS: Update EAPOL-Key RX rules for FILS (AP)
Key Descriptor Version 0 is used with FILS and Key Info MIC field is set
to 0 with AEAD ciphers.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:47 +03:00
Jouni Malinen
36a50fd4e8 FILS: Set EAPOL-Key Key Descriptor Version to 0 with FILS AKMs (AP)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
dc5bad48af RSN authenticator: Add more debug print details on EAPOL-Key RX
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
6d014ffc6e Make struct wpa_eapol_key easier to use with variable length MIC
Suite B 192-bit addition from IEEE Std 802.11ac-2013 replaced the
previous fixed length Key MIC field with a variable length field. That
change was addressed with an addition of a new struct defined for the
second MIC length. This is not really scalable and with FILS coming up
with a zero-length MIC case for AEAD, a more thorough change to support
variable length MIC is needed.

Remove the Key MIC and Key Data Length fields from the struct
wpa_eapol_key and find their location based on the MIC length
information (which is determined by the AKMP). This change allows the
separate struct wpa_eapol_key_192 to be removed since struct
wpa_eapol_key will now include only the fixed length fields that are
shared with all EAPOL-Key cases in IEEE Std 802.11.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
94f66e8a26 FILS: Advertise ERP domain in FILS Indication element
Calculate the hashed realm from hostapd erp_domain configuration
parameter and add this to the FILS Indication element when ERP is
enabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
c30ed45f45 FILS: Allow hostapd to select FILS AKM for connection
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
f55acd909e FILS: Set FILS Capability bit in management frames from AP
If FILS is enabled, indicate that in Beacon, Probe Response, and
(Re)Association Response frames in the Extended Capabilities element.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
198a942c83 FILS: Add FILS Indication element to Beacon and Probe Response frames
If FILS is enabled, indicate that in AP Beacon/Probe Response frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
903ecbe8da FILS: Add hostapd configuration options
This adds CONFIG_FILS=y build configuration option and new key
management options for FILS authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:27 +03:00
Jouni Malinen
94318a0d30 FILS: Add AKM definitions
This adds definitions for the new AKM suite values from P802.11ai/D11.0.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 20:46:36 +03:00
Michael Braun
96590564d6 FT: Allow PMK-R0 and PMK-R1 for FT-PSK to be generated locally
Station should be able to connect initially without ft_pmk_cache filled,
so the target AP has the PSK available and thus the same information as
the origin AP. Therefore neither caching nor communication between the
APs with respect to PMK-R0 or PMK-R1 or VLANs is required if the target
AP derives the required PMKs locally.

This patch introduces the generation of the required PMKs locally for
FT-PSK. Additionally, PMK-R0 is not stored (and thus pushed) for FT-PSK.

So for FT-PSK networks, no configuration of inter-AP communication is
needed anymore when using ft_psk_generate_local=1 configuration. The
default behavior (ft_psk_generate_local=0) remains to use the pull/push
protocol.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-10-09 11:57:56 +03:00
Nishant Chaprana
746e5c2565 Fix spelling mistakes in number of comments
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2016-09-30 22:45:03 +03:00
vamsi krishna
64c92c0757 MBO: Do not parse reason_detail in non_pref_chan attr (AP)
The reason detail field was removed from non_pref_chan attr in MBO
v0.0_r25 draft. Don't parse for this element to be compliant with the
latest drafr.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-25 17:31:26 +03:00
Denton Gentry
442819406c taxonomy: Store Probe Request frames in hostapd_sta_info
A weakness in the initial client taxonomy mechanism is from storing both
the Probe and Associate in struct sta_info. struct sta_info is created
after a client associates (or starts authentication frame exchange),
which means that any Probe Request frames sent prior to association are
not retained. The Associate Request frame has to be seen, and then
another Probe Request frame after association, before we have a
signature for the client.

Most clients send lots of Probe Request frames (lots and lots and lots
of Probes, actually), but a few do not. ChromeOS is notably sparing in
sending Probe Request frames, it can take a long time before a signature
for a ChromeOS device is available.

Store the most recent Probe Request frame in struct hostapd_sta_info
tracking list. When a struct sta_info is created, move the Probe Request
frame information from struct hostapd_sta_info to struct sta_info.

Signed-off-by: dgentry@google.com (Denton Gentry)
Signed-off-by: denny@geekhold.com (Denton Gentry)
Signed-off-by: rofrankel@google.com (Richard Frankel)
Signed-off-by: richard@frankel.tv (Richard Frankel)
2016-09-22 00:45:24 +03:00
Denton Gentry
04059ab844 Passive Client Taxonomy
Implement the signature mechanism described in the paper
"Passive Taxonomy of Wifi Clients using MLME Frame Contents"
published by Denton Gentry and Avery Pennarun.

http://research.google.com/pubs/pub45429.html
https://arxiv.org/abs/1608.01725

This involves:
1. Add a CONFIG_TAXONOMY compile option. Enabling taxonomy incurs
   a memory overhead of up to several kilobytes per associated
   station.
2. If enabled, store the Probe Request and (Re)Associate Request frame in
   struct sta_info.
3. Implement code to extract the ID of each Information Element,
   plus selected fields and bitmasks from certain IEs, into a
   descriptive text string. This is done in a new source file,
   src/ap/taxonomy.c.
4. Implement a "signature qq:rr:ss:tt:uu:vv" command
   in hostapd_cli to retrieve the signature.

Signatures take the form of a text string. For example, a signature
for the Nexus 5X is:
  wifi4|probe:0,1,127,45,191,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:338061b2,
  vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:00000a0201000040|assoc:0,1,48,45,
  221(0050f2,2),191,127,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:339071b2,
  vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:0000000000000040

Signed-off-by: dgentry@google.com (Denton Gentry)
Signed-off-by: denny@geekhold.com (Denton Gentry)
Signed-off-by: rofrankel@google.com (Richard Frankel)
Signed-off-by: richard@frankel.tv (Richard Frankel)
2016-09-22 00:45:24 +03:00
Jouni Malinen
5e993390f6 Initialize iface->sta_seen on allocation
Previously, struct hostapd_iface sta_seen list head was initialized only
when completing interface setup. This left a window for operation that
could potentially iterate through the list before the list head has been
initialized. While the existing code checked iface->num_sta_seen to
avoid this case, it is much cleaner to initialize the list when struct
hostapd_iface is allocated to avoid any accidental missing of the extra
checks before list iteration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-09-22 00:45:24 +03:00
Nick Lowe
81258efacb Remove unused generation of Request Authenticator in Account-Request
Do not generate an unused and invalid Request Authenticator (random
value) when constructing Accounting-Request packets. The correct Request
Authenticator is calculated subsequently in radius_msg_finish_acct()
using MD5(msg + shared secret).

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-09-22 00:34:19 +03:00
Joel Cunningham
711e3cab07 Handle NULL return from os_zalloc() in sta_track_add()
This adds handling for a memory allocation failure in sta_track_add().

Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
2016-09-06 18:58:08 +03:00
Lior David
faecb39236 hostapd: Allow FTM functionality to be published
Add configuration options that control publishing of fine timing
measurement (FTM) responder and initiator functionality via bits 70, 71
of Extended Capabilities element. Typically, FTM functionality is
controlled by a location framework outside hostapd. When framework is
activated, it will use hostapd to configure the AP to publish the FTM
functionality. See IEEE P802.11-REVmc/D7.0, 9.4.2.27.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-09-05 21:23:07 +03:00
Tamizh chelvam
fc72a48a63 hostapd: Use stations nsts capability in (Re)Association Response frame
Some deployed stations incorrectly consider nsts capability in
(Re)Association Response frame as required capability instead of maximum
capability and if it is greater than station's capability then beamform
will not happen in uplink traffic.

This commit adds support for an optional workaround to use station's
nsts capability in (Re)Association Response frame if the station's nsts
is less than AP by using the use_sta_nsts=1 configuration parameter.
This configuration is introduced in this commit and it is disabled by
default.

Signed-off-by: Tamizh chelvam <c_traja@qti.qualcomm.com>
2016-09-05 21:14:40 +03:00
Jouni Malinen
f2f8616e80 Initialize hapd->nr_db in hostapd_alloc_bss_data()
Previously, this was initialized in hostapd_setup_bss() which made it
possible for a REMOVE_NEIGHBOR control interface command to be issued
prior to the list head pointers having been set. That resulted in a NULL
pointer dereference. Fix this by initializing the list head at the time
the data structure gets allocated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-22 17:44:05 +03:00
Jouni Malinen
1f3b8b4edb Check for driver initialization before doing driver operations
Number of hostapd control interface commands (e.g., STATUS-DRIVER) could
result in NULL pointer dereference when issued on not yet enabled BSS.
Fix this by checking that the driver interface has been initialized
before calling the driver_ops function.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-19 16:08:00 +03:00
Petko Bordjukov
72a652d785 IAPP: Set SO_REUSEADDR on listening socket
Make it possible for several instances of hostapd to listen on the same
network interface.

Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
2016-08-18 20:01:48 +03:00
Johannes Berg
81372e347a ap: Use is_multicast_ether_addr() more
Various checks should use is_multicast_ether_addr() instead
of hardcoding the equivalent, change it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2016-08-17 13:43:31 +03:00
Nick Lowe
8468189e90 Do not include NAS-Port attribute with AID 0
Do not include a NAS-Port attribute in Access-Request and
Accounting-Request packets where the Association ID (AID) is 0, i.e.,
not yet assigned or known.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-08-13 10:28:01 +03:00
Nick Lowe
42d30e9ea0 Add a require_message_authenticator configuration option
This can be used to mandate the presence of the Message-Authenticator
attribute on CoA/Disconnect-Request packets.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-08-08 00:36:17 +03:00
Johannes Berg
842c5af5d3 ap: Use is_broadcast_ether_addr()
There's no need to have a separate variable and open-code a more
complicated version of this, just use is_broadcast_ether_addr().

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2016-08-06 16:51:48 +03:00
Jouni Malinen
e55df99ee6 Share a single str_starts() implementation
No need to define this as a static function in multiple files.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-06 12:38:21 +03:00
Jouni Malinen
5a5638a3bf Show disabled HT/VHT properly in AP mode STATUS command
Previously, HT/VHT state was shown in STATUS based on the configuration
parameter instead of the runtime operational parameters. This could
result in claiming HT/VHT to be enabled even when it was forced to be
disabled due to an incompatible configuration. Clear HT/VHT information
in the STATUS output if HT/VHT has been disabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-02 17:41:01 +03:00
Wu Gao
551817a582 AP: Disable VHT in WEP configuration
This was already done for HT, but VHT has the same constraint on not
allowing WEP.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-02 17:31:48 +03:00
Masashi Honma
e347cafe57 mesh: Report mesh peer AID to kernel
Previously, mesh power management functionality works only with kernel
MPM. Because user space MPM did not report mesh peer AID to kernel,
the kernel could not identify the bit in TIM element. So this patch
reports mesh peer AID to kernel.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-07-23 20:26:26 +03:00
Jouni Malinen
d735811329 tests: Add TEST_FAIL() to hostapd_get_aid()
This allows additional testing coverage for AID unavailability cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-28 20:44:55 +03:00
Jouni Malinen
ebae413550 Fix a debug print in p2p_manager_disconnect()
fc2str() expects to get the 16-bit frame control value in host byte
order.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-24 19:02:58 +03:00
Jouni Malinen
451e094c7e dhcp_snoop: Silence a sparse warning
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-24 19:02:58 +03:00
Jouni Malinen
bbae0f03aa ndisc_snoop: Include ndisc_snoop.h to check prototypes
This allows the compiler to check that function prototypes match the
implementation. In addition, this gets rid of sparse warnings.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-24 19:02:58 +03:00
Jouni Malinen
468b7b12a6 Fix hostapd_sta_add() call to use NULL as the pointer instead of 0
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:14:17 +03:00
Jouni Malinen
3b6deac0e7 mesh: Avoid use of hardcoded cipher
This moves pairwise, group, and management group ciphers to various mesh
data structures to avoid having to hardcode cipher in number of places
through the code. While CCMP and BIP are still the hardcoded ciphers,
these are now set only in one location.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 20:18:09 +03:00
Jouni Malinen
f868d5607d mesh: Clean up AMPE element encoding and parsing
The AMPE element includes number of optional and variable length fields
and those cannot really be represented by a fixed struct
ieee80211_ampe_ie. Remove the optional fields from the struct and
build/parse these fields separately.

This is also adding support for IGTKdata that was completely missing
from the previous implementation. In addition, Key RSC for MGTK is now
filled in and used when configuring the RX MGTK for a peer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 20:18:09 +03:00
Jouni Malinen
4367eec439 mesh: Do not use RX MGTK as RX IGTK
The previous implementation was incorrect in forcing the MGTK to be used
as the IGTK as well. Define new variable for storing IGTK and use that,
if set, to configure IGTK to the driver. This commit does not yet fix
AMPE element parsing to fill in this information.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 20:18:09 +03:00
Jouni Malinen
a4eec3c230 mesh: Use variable length MGTK for RX
This extends the data structures to allow variable length MGTK to be
stored for RX. This is needed as an initial step towards supporting
different cipher suites.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 20:18:09 +03:00
Jouni Malinen
b02f4d058c mesh: Add variable length MTK support
This is needed as a part in enabling support for different pairwise
ciphers in mesh.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 20:18:09 +03:00
Jouni Malinen
18aca1a07d mesh: Use ieee80211w profile parameter
This is initial step in fixing issues in how PMF configuration for RSN
mesh was handled. PMF is an optional capability for mesh and it needs to
be configured consistently in both hostapd structures (to get proper
RSNE) and key configuration (not included in this commit).

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-18 15:52:54 +03:00
Jouni Malinen
b8b499e4a4 mesh: Use WPA_NONCE_LEN macro
No need to use the magic value 32 here since there is a generic define
for the RSN-related nonce values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-18 15:52:54 +03:00
Sunil Dutt
bb4e19e3f4 hostapd: Skip hostapd ACL check for drivers supporting ACL offload
Commit 0603bcb7fe ('hostapd: Process MAC
ACLs on a station association event (SME in driver)') processes MAC ACL
on a station association event for drivers which use AP SME offload but
does not consider the scenario where the drivers offload ACL. This can
result in station disconnection, though the driver accepts the
connection. Address this by avoiding the hostapd ACL check for the
drivers offloading MAC ACL.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-17 20:45:35 +03:00
Jouni Malinen
cc27c8e680 hostapd: Fix early init failure path
eloop deinit calls could trigger segmentation fault if the early error
path is hit before eloop_init() gets called.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-13 00:37:23 +03:00
Jouni Malinen
8359472589 hostapd Make GAS Address3 field selection behavior configurable
gas_address3=1 can now be used to force hostapd to use the IEEE 802.11
standards compliant Address 3 field value (Wildcard BSSID when not
associated) even if the GAS request uses non-compliant address (AP
BSSID).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-10 22:13:37 +03:00
Jouni Malinen
6996ff7b6d hostapd: Fix Public Action frame TX status processing for wildcard BSSID
Previously all TX status events with wildcard BSSID were ignored. This
did not allow Public Action frame TX status to be processed with the
corrected wildcard BSSID use. Fix this to be allowed. In practice, this
affects only test cases since Action frame TX status was not used for
anything else.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-10 21:44:49 +03:00
Jouni Malinen
78a3632765 hostapd: Fix Public Action frame addressing (BSSID field)
IEEE Std 802.11-2012, 10.19 (Public Action frame addressing) specifies
that the wildcard BSSID value is used in Public Action frames that are
transmitted to a STA that is not a member of the same BSS. hostapd used
to use the actual BSSID value for all such frames regardless of whether
the destination STA is a member of the BSS.

Fix this by using the wildcard BSSID in cases the destination STA is not
a member of the BSS. Leave group addressed case as-is (i.e., the actual
BSSID), since both values are accepted. No such frames are currently
used, though.

This version is still using the AP BSSID value in the Address 3 field
for GAS response frames when replying to a GAS request with AP BSSID
instead of Wildcard BSSID. This is left as a workaround to avoid
interoperability issues with deployed STA implementations that are still
using the non-compliant address and that might be unable to process the
standard compliant case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-10 21:44:49 +03:00
Kanchanapally, Vidyullatha
cc9a2575ca nl80211: Use extended capabilities per interface type
This adds the necessary changes to support extraction and use of the
extended capabilities specified per interface type (a recent
cfg80211/nl80211 extension). If that information is available,
per-interface values will be used to override the global per-radio
value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-31 21:35:54 +03:00
Jouni Malinen
dad0129227 mesh: Support simple SAE group negotiation case
This allows the simplest case of SAE group negotiation to occur by
selecting the next available group if the peer STA indicates the
previous one was not supported. This is not yet sufficient to cover all
cases, e.g., when both STAs need to change their groups, but at least
some cases are no covered.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-30 21:14:08 +03:00
Jouni Malinen
9c10be3f71 mesh: Fix error path handling in init OOM cases
hostapd deinit functions were not ready to handle a case where the data
structures were not fully initialized. Make these more robust to allow
wpa_supplicant mesh implementation to use the current deinit design in
OOM error cases without causing NULL pointer dereferences.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-30 01:05:16 +03:00
Bala Krishna Bhamidipati
a911227061 Add assocresp_elements parameter for hostapd
This new parameter allows hostapd to add Vendor Specific elements into
(Re)Association Response frames similarly to the way vendor_elements
parameter can be used for Beacon and Probe Response frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-20 13:12:50 +03:00
Günther Kelleter
b92d2a57ef FT: Fix RRB for FT over-the-air case
Commit 66d464067d ('FT: Register RRB
l2_packet only if FT-over-DS is enabled') disabled RRB l2_packet socket
if ft_over_ds is disabled, but this socket is required for FT
over-the-air, too (FT key distribution). Enable the socket regardless of
ft_over_ds setting if FT is enabled.

Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
2016-04-19 00:57:17 +03:00
David Spinadel
220754c553 hostapd: Add FTM range request
Add FTM range request via RRM. The AP sends Radio measurement request
with FTM range request as a request for the receiving STA to send FTM
requests to the given list of APs. The neighbor report part of the
request is taken from the neighbor database.

The control interface command is:

REQ_RANGE <dst addr> <rand_int> <min_ap> <responder> [<responder>..]

dst addr: MAC address of an associated STA
rand_int: Randomization Interval (0..65535) in TUs
min_ap: Minimum AP Count (1..15); minimum number of requested FTM ranges
	between the associated STA and the listed APs
responder: List of BSSIDs for neighboring APs for which a measurement
	is requested

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-17 12:29:12 +03:00
David Spinadel
f4f185a224 hostapd: Add LCI request
Add a hostapd control interface command REQ_LCI to request LCI from an
associated station using radio measurement.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-17 12:29:12 +03:00
David Spinadel
629e1804da hostapd: Save RM enabled capability of station
Save RM enabled capability element of an associating station if radio
measurement is supported in its capability field.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-17 12:29:12 +03:00
David Spinadel
2572df34b2 hostapd: Handle Neighbor Report Request frame
Process Neighbor Report Request frame and send Neighbor Report Response
frame based on the configured neighbor report data.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-17 12:29:07 +03:00
David Spinadel
061269b316 hostapd: Add own neighbor report data to neighbor database
Add own neighbor report data to neighbor database based on local LCI and
location civic data.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-16 21:05:40 +03:00
David Spinadel
9b4b226426 hostapd: Add a database of neighboring APs
Add a configurable neighbor database that includes the content of
Nighbor Report element, LCI and Location Civic subelements and SSID.

All parameters for a neighbor must be updated at once; Neighbor Report
element and SSID are mandatory, LCI and civic are optional. The age of
LCI is set to the time of neighbor update.

The control interface API is:
SET_NEIGHBOR <BSSID> <ssid=SSID> <nr=data> [lci=<data>] [civic=<data>]

To delete a neighbor use:
REMOVE_NEIGHBOR <BSSID> <SSID>

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-16 21:05:40 +03:00
David Spinadel
010182120d hostapd: Extend the configuration of RRM capabilities
Extend the radio_measurements parameter to save all the supported
RRM capabilities as it's used in RM enabled capabilities element.

Make this parameter not directly configurable via config file (though,
keep the radio_measurements parameter for some time for backwards
compatibility). Instead, add a configuration option to enable neighbor
report via radio measurements. Other features can be added later as
well.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-16 21:05:39 +03:00
David Spinadel
74e982d8d7 hostapd: Set LCI and Location Civic information in configuration
Enable configuration of LCI and location civic information in
hostapd.conf.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-09 11:18:55 +03:00
Jouni Malinen
1854eeca19 Add POLL_STA command to check connectivity in AP mode
The hostapd "POLL_STA <addr>" control interface command can be used to
check whether an associated station ACKs a QoS Data frame. The received
ACK for such a frame is reported as an event message ("AP-STA-POLL-OK
<addr>").

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-09 00:30:49 +03:00
Jouni Malinen
3dbfb28cfe Allow AP to disconnect STA without sending Deauth/Disassoc frame
The optional tx=0 parameter can be added to the hostapd
DEAUTHENTICATE/DISASSOCIATE command to request disconnection without
transmitting the Deauthentication/Disassociation frame to the STA.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-09 00:30:49 +03:00
Jouni Malinen
de92314033 Add inactive_msec into STA output
This allows external programs to fetch the driver inactivity value for a
specific STA ("STA <addr>" hostapd control interface command).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-09 00:30:49 +03:00
Ayala Beker
ae33239c55 AP: Pass station P2P PS capabilities info during station add/set
If a legacy client with no P2P PS support is trying to connect to
a P2P GO, the driver should know that, and change its PS behavior
accordingly.

Add a parameter to hostapd_sta_add_params() indicating if P2P PS is
supported by the station and pass this parameter to kernel with nl80211
driver when the station is added/set.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2016-04-08 13:02:49 +03:00
Ayala Beker
f1863f2b82 RADIUS: Fix possible memory leak when parsing per-STA passphrase
Fix a possible memory leak in decode_tunnel_passwords() if an invalid
passphrase is received from the RADIUS server.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2016-04-08 11:19:40 +03:00
Jouni Malinen
e1b99620c9 AP: Do not use struct ieee80211_mgmt::u.probe_req
This struct in the union is empty, but the design of using a zero-length
u8 array here is not fully compatible with C++ and can result in
undesired compiler warnings. Since there are no non-IE fields in the
Probe Request frames, get the location of the variable length IEs simply
by using the pointer to the frame header and the known header length.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-02 16:55:01 +03:00
Jouni Malinen
795abc8e0a Drop USE_KERNEL_HEADERS define
This was only used for providing an option to use linux/if_packet.h
instgead of netpacket/packet.h in src/ap/iapp.c. However,
netpacket/packet.h is nowadays commonly available and hostapd already
depends on it through src/l2_packet/l2_packet_linux.c, so there is no
need to continue to provide this option for the kernel header.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-26 11:29:53 +02:00
Jouni Malinen
9b7cd5788a Use a separate header file for Linux bridge interface definitions
This moves the BRCTL_* defines from vlan_full.c to linux_bridge.h to
clean up header inclusion.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-26 11:27:18 +02:00
Jouni Malinen
c815fab83a Use own header file for defining Linux VLAN kernel interface
This gets rid of need to include linux/if_vlan.h and additional defines
in vlan_ioctl.c to avoid issues with missing definitions in libc
headers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-26 11:24:38 +02:00
Jörg Krause
81606ab73b vlan: Fix musl libc conflict with Linux kernel headers
Due to both <netinet/in.h> (in "utils/includes.h") and <linux/in6.h> (in
<linux/if_bridge.h>) being included, the in6_addr is being redefined:
once from the C library headers and once from the Linux kernel headers.
This causes some build failures with for example the musl C library:

In file included from /usr/include/linux/if_bridge.h:18,
                 from ../src/ap/vlan_init.c:17:
/usr/include/linux/in6.h:32: error: redefinition of 'struct in6_addr'
/usr/include/linux/in6.h:49: error: redefinition of 'struct sockaddr_in6'
/usr/include/linux/in6.h:59: error: redefinition of 'struct ipv6_mreq'

Mixing C library and Linux kernel headers is a bit problematic [1] and
should be avoided if possible [2]. In order to fix this, define just the
macros needed from <linux/if_bridge.h> as done in Busybox for the brctl
applet [3].

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=15850
[2] http://www.openwall.com/lists/musl/2015/10/06/1
[3] https://git.busybox.net/busybox/commit/?id=5fa6d1a632505789409a2ba6cf8e112529f9db18

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
2016-03-26 11:02:16 +02:00
Jouni Malinen
e86859929f vlan: Move if_nametoindex() use out of vlan_init.c
With this, vlan_init.c does not need any special header files anymore
and vlan_ifconfig.c does not need hostapd-specific header files that
might conflict with net/if.h on NetBSD.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 18:00:44 +02:00
Jouni Malinen
7c03c08229 vlan: Move ifconfig helpers to a separate file
This removes final ioctl() use within vlan_init.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 17:56:07 +02:00
Jouni Malinen
59d6390440 vlan: Move CONFIG_FULL_DYNAMIC_VLAN functionality into a separate file
This cleans up vlan_init.c by removing number of C pre-processor
dependencies.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 17:55:40 +02:00
Jouni Malinen
0fe28ddf17 vlan: Remove unnecessary header includes from netlink implementation
The implementation in vlan_util.c does not use many of the header files
that were pulled in.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 17:27:16 +02:00
Jouni Malinen
84d6755108 vlan: Clean up netlink vs. ioctl API implementation
Move the ioctl-based VLAN implementation to a separate file to avoid
need for conditional blocks within vlan_ioctl.c. This removes the
internal CONFIG_VLAN_NETLINK define, i.e., this is now used only in
build configuration (.config) to select whether to include the
vlan_util.c (netlink) or vlan_ioctl.c (ioctl) implementation of the
functions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 17:24:20 +02:00
Jörg Krause
cb38bc886e vlan: Fix musl build error
caddr_t is legacy BSD and should be avoided [1]. While glibc may still
use __caddr_t as the type, Linux kernel does not (it is "void __user *
ifru_data").

This fixes compile errors with the musl libc:

../src/ap/vlan_init.c: In function 'br_delif':
../src/ap/vlan_init.c:218:18: error: '__caddr_t' undeclared (first use in this function)
  ifr.ifr_data = (__caddr_t) args;

[1] http://stackoverflow.com/questions/6381526/what-is-the-significance-of-caddr-t-and-when-is-it-used

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
2016-03-25 16:57:05 +02:00
Jouni Malinen
8854f90bad mesh: Simplify wpa_auth_pmksa_set_to_sm()
pmksa->pmk or pmksa->pmkid cannot be NULL since they are arrays. Remove
the unnecessary NULL checks and use the provided pmksa pointer directly
to simplify the implementation. (CID 138519)

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-22 20:38:44 +02:00
Roy Marples
45e3fc72c6 Find correct driver for interface additions/removals
Interface additions/removals are not guaranteed to be for the driver
listening to the kernel events. As such, send the events to
wpa_supplicant_event_global() which can then pick the correct interface
registered with wpa_supplicant to send the event to.

Signed-off-by: Roy Marples <roy@marples.name>
2016-03-22 17:41:37 +02:00
Jouni Malinen
90377029c6 wpa_supplicant: Fix CONFIG_IBSS_RSN=y build without CONFIG_AP=y
Commit 1889af2e0f ('VLAN: Separate station
grouping and uplink configuration') added an ap_sta_set_vlan() function
that gets called from pmksa_cache_auth.c. This broke CONFIG_IBSS_RSN=y
build if src/ap/sta_info.c did not get included in the build, i.e., if
CONFIG_AP=y was not set.

Fix this by making the ap_sta_set_vlan() call conditional on
CONFIG_NO_VLAN being undefined and define this for CONFIG_IBSS_RSN=y
builds. This is fine for wpa_supplicant since CONFIG_AP=y case was
already defining this. For hostapd, this function call is not needed for
CONFIG_NO_VLAN case either.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-21 21:12:20 +02:00
Masashi Honma
9f2cf23e2e mesh: Add support for PMKSA caching
This patch add functionality of mesh SAE PMKSA caching. If the local STA
already has peer's PMKSA entry in the cache, skip SAE authentication and
start AMPE with the cached value.

If the peer does not support PMKSA caching or does not have the local
STA's PMKSA entry in the cache, AMPE will fail and the PMKSA cache entry
of the peer will be removed. Then STA retries with ordinary SAE
authentication.

If the peer does not support PMKSA caching and the local STA uses
no_auto_peer=1, the local STA can not retry SAE authentication because
NEW_PEER_CANDIDATE event cannot start SAE authentication when
no_auto_peer=1. So this patch extends MESH_PEER_ADD command to use
duration(sec). Throughout the duration, the local STA can start SAE
authentication triggered by NEW_PEER_CANDIDATE even though
no_auto_peer=1.

This commit requires commit 70c93963ed
('SAE: Fix PMKID calculation for PMKSA cache'). Without that commit,
chosen PMK comparison will fail.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-03-20 17:56:38 +02:00
Masashi Honma
4c522c7798 PMKSA: Flush AP/mesh PMKSA cache by PMKSA_FLUSH command
This extends the wpa_supplicant PMKSA_FLUSH control interface command to
allow the PMKSA list from the authenticator side to be flushed for AP
and mesh mode. In addition, this adds a hostapd PMKSA_FLUSH control
interface command to flush the PMKSA entries.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-03-20 17:37:53 +02:00
Masashi Honma
b8daac18a4 PMKSA: Show AP/mesh PMKSA list in PMKSA command
This extends the wpa_supplicant PMKSA control interface command to allow
the PMKSA list from the authenticator side to be listed for AP and mesh
mode. In addition, this adds a hostapd PMKSA control interface command
to show the same list for the AP case.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-03-20 17:37:53 +02:00
Zefir Kurtisi
3bd58861ae hostapd: Handle running out of DFS channels
In scenarios where only DFS channels are available (e.g., outdoor,
special country codes), hostapd must be able to handle situations
where all are unavailable.

The two possibilities to get there are
1) while operating on the last available DFS channel a radar is
   detected
2) hostapd is started while all channels are unavailable

In both cases, hostapd instead of terminating should better
wait for the NOPs to pass and re-try operation after the CAC.

This patch provides that feature by using the condition
(iface->state == HAPD_IFACE_DFS && !iface->cac_started)
as NOP mode signature to retry operation from within
hostapd_dfs_nop_finished().

Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
2016-03-08 12:16:37 +02:00
Eliad Peller
6448e06415 hostapd: Allow use of driver-generated interface addresses
Add a new 'use_driver_iface_addr' configuration parameter to allow use
of the default interface address generated by the driver on interface
creation. This can be useful when specific MAC addresses were allocated
to the device and we want to use them for multi-BSS operation.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-06 20:00:40 +02:00
Eliad Peller
f2accfe708 AP: Save EAPOL received before Association Response ACK
There is a race condition in which AP might receive the EAPOL-Start
frame (from the just-associated station) before the TX completion of the
Association Response frame. This in turn will cause the EAPOL-Start
frame to get dropped, and potentially failing the connection.

Solve this by saving EAPOL frames from authenticated-but-not-associated
stations, and handling them during the Association Response frame TX
completion processing.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-06 17:08:12 +02:00
Janusz Dziedzic
56885eecf4 hostapd: Add UDP support for ctrl_iface
Add UDP support for ctrl_iface:

New config option could be set:
CONFIG_CTRL_IFACE=udp
CONFIG_CTRL_IFACE=udp-remote
CONFIG_CTRL_IFACE=udp6
CONFIG_CTRL_IFACE=udp6-remote

And hostapd_cli usage:
hostapd_cli -i localhost:8877

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:37 +02:00
Janusz Dziedzic
89b781bc89 hostapd: Use common functions for ctrl_iface
Use the common functions, structures when UNIX socket ctrl_iface used.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:15:05 +02:00
Peng Xu
e1d00d47c7 Add error handling for offloaded ACS with vendor command failures
In case vendor ACS command returns invalid channel or hardware mode,
complete the interface setup with an error code instead of simply
return, so that hostapd can properly clean up the interface setup.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-03 12:19:43 +02:00
Jouni Malinen
debde14b5b RADIUS: Add Acct-Delay-Time into accounting messages
This tells to the server how long we have been trying to transmit the
message so that the actual time of the message generation can be
determined from receive time (ignoring network delays and only at
accuracy of one second).

For interim updates, only value 0 is used since there are no
retransmissions of the same message. For other accounting messages, the
initial attempt goes out with value 0 and the retransmissions, if
needed, show the number of seconds the message has been waiting in the
queue.

Update the Identifier and Authenticator in the messages whenever
updating the Acct-Delay-Time per RFC 2866, 4.1 requirements.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-29 17:43:13 +02:00
Jouni Malinen
669b5324e1 RADIUS: Update full message for interim accounting updates
Instead of using the RADIUS client retransmission design with the old
RADIUS message contents for each retry, trigger a completely new interim
accounting update instance more quickly (using the same schedule as
RADIUS message retransmissions) to improve accounting updates in cases
where RADIUS message delivery fails. This allows the server to get up to
date information from the time the "retry" message was sent instead of
the old information from the time the first failed attempt was sent.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-29 11:52:16 +02:00
Jouni Malinen
902c07a7af Replace hostapd_mac_comp_empty() with is_zero_ether_addr()
There is no need to maintain two implementations of the functionality.
is_zero_ether_addr() is easier to understand, so use it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-28 20:11:58 +02:00
Michael Braun
5aef495fda VLAN: Avoid use of libnl cache
Using rtnl_link_alloc_cache() is expensive as it fills in all configured
links. Using rtnl_link_get_kernel() is much more lightweight.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-28 20:05:17 +02:00
Michael Braun
170c545ab4 FT: Check destination MAC address on RRB receive
As the Linux variant of l2_packet_init() does not use its own_addr
argument and l2_packet_receive() does not filter on destination MAC
address, this needs to be checked in the callback.

If there are multiple BSSes listening for FT RRB packets, all their
BSSIDs need to be local to the bridge interface. As l2_packet_init() is
going to receive all of them going for any local address, those RRB
messages started turning up on BSSes that were not destinated for and
cluttering logs.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-28 19:23:17 +02:00
Michael Braun
57b2c9140c RADIUS: Allow RADIUS server to provide PSK instead of passphrase
If the AP is slow, passphrase hashing takes too long to serve the client
before timeout. Extend the Tunnel-Password design to allow a 64
character value to be interpreted as a PSK and send SSID to RADIUS
server. This allows the RADIUS server to either take care of passphrase
hashing or to use raw PSK without such hashing.

This is especially important for FT-PSK with FT-over-air, where hashing
cannot be deferred.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-28 19:06:49 +02:00
Michael Braun
d8912fd80e Cache hashed passphrase in RADIUS-based PSK delivery
Instead of copying the full struct hostapd_sta_wpa_psk_short, share the
existing entry and use reference counting to check when it needs to be
freed. This allows caching of PSKs derived from passphrases to avoid
having to perform the heavy hashing operation multiple times.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-28 19:06:45 +02:00
Michael Braun
f8e09bc57e Defer passphrase-to-PSK hashing out of 802.11 authentication ACL check
Hashing takes quite some time (can be about one second on a low-power
CPU for each passphrase provided), so hostapd can easily hit the 900 ms
Wi-Fi client authentication deadline (mac80211 uses 3x 300 ms). This can
be fixed by storing the passphrase instead of PSK with the STA and defer
the hashing into the WPA/RSN 4-way handshake, when enumerating all PSKs.

This applies for the case where a RADIUS server is used to store the
per-STA passphrases and this passphrase is delivered as part of the MAC
ACL check during IEEE 802.11 Authentication frame processing.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-28 18:46:05 +02:00
Michael Braun
cc9c805a51 VLAN: Use stack instead of heap allocation for new interface name
The VLAN ifname is limited to the maximum length of IFNAMSIZ, so there
is no need to use heap allocation for it.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-28 18:29:58 +02:00