Commit Graph

175 Commits

Author SHA1 Message Date
Jouni Malinen
f299117093 SAE: Add support for PMKSA caching on the AP side
This makes hostapd create PMKSA cache entries from SAE authentication
and allow PMKSA caching to be used with the SAE AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-18 13:00:29 +03:00
Jouni Malinen
0233dcac5b SAE: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
34ef46ce54 WEP shared key: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
d6c6b1fb9d Make sta NULL-check easier for static analyzers
sta == NULL check is already done above based on category !=
WLAN_ACTION_PUBLIC, but that seems to be too complex for some static
analyzers, so avoid invalid reports by explicitly checking for this
again in the WLAN_ACTION_FT case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
ee4fefc015 Remove duplicated variable zeroing
It's enough to do this once as part of the for loop.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
06df2aa60a Remove floating constant suffix 'd' from test coee
clang scan-build does not seem to like the 'd' suffix on floating
constants and ends up reporting analyzer failures. Since this suffix
does not seem to be needed, get rid of it to clear such warnings.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Peng Xu
587d60d2b7 Add AP mode support for HT 20/40 co-ex Action frame
If a 2.4 GHz band AP receives a 20/40 Coexistence management frame from
a connected station with 20/40 BSS Intolerant Channel Report element
containing the channel list in which any legacy AP are detected or AP
with 40 MHz intolerant bit set in HT Cap IE is detected in the affected
range of the BSS, the BSS will be moved from 40 to 20 MHz channel width.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:09 +03:00
Jouni Malinen
5bdac4abce Remove unused STA entry information
previous_ap and last_assoc_req were not really used for anything
meaninful, so get rid of them to reduce the size of per-STA memory
allocation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 09:57:10 +02:00
Jouni Malinen
5f7e1c06cd Redirect more frames with ext_mgmt_frame_handling=1
This allows Action frames from not-associated stations to be processed
by external test tools.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
a14896e8bb HS 2.0R2 AP: Add OSEN implementation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Chaitanya T K
3d7ad2f681 hostapd: Configure spectrum management capability
Add configuration of Spectrum Management subfield in the Capability
Information of Beacon, Probe Response, and Association Response frames.
Spectrum Management bit is set when directly requested by new
configuration option spectrum_mgmt_required=1 or when AP is running on
DFS channels. In the future, also TPC shall require this bit to be set.

Signed-hostap: Srinivasan <srinivasanb@posedge.com>
Signed-hostap: Chaitanya T K <chaitanyatk@posedge.com>
Signed-hostap: Marek Puzyniak <marek.puzyniak@tieto.com>
2014-02-25 00:54:59 +02:00
Marek Kwaczynski
8a45811638 hostapd: Add Operating Mode Notification support
Handle Operating Mode Notification received in (Re)Association Request
frames.

Signed-hostap: Marek Kwaczynski <marek.kwaczynski@tieto.com>
2014-02-14 19:30:05 +02:00
Eytan Lifshitz
93a1caece0 Remove unnecessary NULL check
In send_assoc_resp(), sta was checked for NULL, although it can't be
NULL.

Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
2014-02-13 15:58:17 +02:00
Jouni Malinen
b64afe22aa Fix SAE state validation on AP
Confirm-before-commit validation step allowed execution to continue on
error case. This could result in segfault in sae_check_confirm() if the
temporary SAE data was not available (as it would not be, e.g., in case
of an extra SAE confirm message being received after successful
exchange). Fix this by stopping SAE processing immediately after
detecting unexpected state for confirm message. In addition, make the
public sae.c functions verify sae->tmp before dereferencing it to make
this type of bugs less likely to result in critical issues.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-12 17:46:33 +02:00
Jouni Malinen
b37d582eaf Replace ieee802_11_print_ssid() with wpa_ssid_txt()
There is no need to maintain two different functions for printing out
ASCII text version of SSID.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-02-04 13:23:35 +02:00
Jouni Malinen
5ce00d09c0 GAS server: Add support for Protected Dual of Public Action frames
When GAS is used with PMF negotiated, Protected Dual of Public Action
frames are expected to be used instead of Public Action frames, i.e.,
the GAS/ANQP frames are expected to be encrypted. Add support for this
different category of Action frames being used for GAS. The payload
after the Category field is identical, so the only change is in using
the Category field based on what was received in the request frames. For
backwards compatibility, do not enforce protected dual to be used on the
AP side, i.e., follow what the station does.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 11:19:55 +02:00
Jouni Malinen
7b2c42f8b9 hostapd: Fix PMF robust Action frame processing rules
Due to misplaced parenthesis, unprotected not-Robust Action frames
(e.g., Public Action frames) were dropped in handle_assoc() when such
frames were received during an association that had negotiated use of
PMF. This is not correct since only unprotected Robust Action frames
were supposed to be handled in this way.

This would have broken any Public Action frame use during PMF
association, but such frames were not really supposed to be used
currently (ANQP as the only possible use case should really use
protected dual option in such case).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 10:24:21 +02:00
Jouni Malinen
dbfb8e82ff Remove unnecessary EVENT_RX_ACTION
This driver event was used separately for some Action frames, but all
the driver wrappers converted to this from information that would have
been enough to indicate an EVENT_RX_MGMT event. In addition, the
received event was then converted back to a full IEEE 802.11 management
frame for processing in most cases. This is unnecessary complexity, so
get rid of the extra path and use EVENT_RX_MGMT for Action frames as
well as other management frame subtypes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 17:18:17 +02:00
Jouni Malinen
912b34f000 Do not process Action frames twice in hostapd SME/MLME
Commit 88b32a99d3 added support for using
some Action frame processing in hostapd for drivers that handle most of
SME/MLME internally (it added FT, this has since be extended for SA
Query and WNM). However, this was added in a way that ended up getting
both the hostapd_rx_action() and hostapd_action_rx() called for Action
frames. This could result in an attempt to process FT, SA Query, and WNM
Action frames twice.

There is need for more significant cleanup in Action frame processing in
hostapd depending on the driver type, but as a simple step to avoid
issues, skip the hostapd_action_rx() call if hostapd_rx_action()
processed the frame.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 11:25:59 +02:00
Jouni Malinen
aa189ac9dd Enable FT with SAE
It was already possible to configure hostapd and wpa_supplicant to use
FT-SAE for the key management, but number of places were missing proper
AKM checks to allow FT to be used with the new AKM.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:31 +02:00
Jouni Malinen
aa03dbd517 Remove IEEE80211_REQUIRE_AUTH_ACK
This is not really needed for anything and the standard does not require
such validation step to be made for Authentication frame transmission.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 19:35:12 +02:00
Jouni Malinen
3578e665bf WNM: Add STA flag to indicate the current WNM-Sleep-Mode state
This can be useful for displaying the current STA state and also for
determining whether some operations are likely to fail or need
additional delay.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 19:35:12 +02:00
Jouni Malinen
93827f456a hostapd: Allow external management frame processing or testing
This enables more convenient protocol testing of station side
functionality in various error cases and unexpected sequences without
having to implement each test scenario within hostapd.
ext_mgmt_frame_handle parameter can be set to 1 to move all management
frame processing into an external program through control interface
events (MGMT-RX and MGMT-TX-STATUS) and command (MGMT_TX).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 16:55:45 +02:00
Jouni Malinen
13b24a766f VHT: Use status code 104 to indicate VHT required
IEEE Std 802.11ac-2013 defines a status code for this, so use that
instead of the unspecified reason.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 21:19:45 +02:00
Andrei Otcheretianski
13daed58c7 Include driver.h in hostapd.h
This allows use of structs (and not only pointers) defined in drivers.h.
Remove also some not needed forward declarations and redundant includes.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-12-24 08:22:37 +02:00
Johannes Berg
fe52c210cf Use monotonic clock for last_sae_token_key_update
Just the usual, with a new function os_reltime_initialized()
thrown in that checks whether time has ever been retrieved
(time can't be completely zero).

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-07 20:50:15 -08:00
Jouni Malinen
61323e70e1 Convert perror/printf calls to wpa_printf
This makes debug and error logging more consistent and allows them to be
directed to a file more easily.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-02 12:58:33 +02:00
Kyeyoon Park
c551700f1f Interworking: Add support for QoS Mapping functionality for the AP
This allows QoS Map Set element to be added to (Re)Association Response
frames and in QoS Map Configure frame. The QoS Mapping parameters are
also made available for the driver interface.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 14:13:45 +03:00
Jouni Malinen
94ddef3e72 P2P: Make peer's P2P Device Address available to authenticator
This can be used to implement per-device PSK selection based on the
peer's P2P Device Address instead of P2P Interface Address.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 11:05:19 +03:00
Sujith Manoharan
69dd2967db WDS: Fix WEP usage with nl80211 wds_sta=1
The static WEP keys have to be configured for the new VLAN
interface that is created for a 4addr WDS peer, not doing so
breaks WEP functionality in nl80211/4addr based WDS links.

Signed-hostap: Sujith Manoharan <c_manoha@qca.qualcomm.com>
2013-07-20 17:41:22 +03:00
Michael Braun
80ebfd9527 VLAN: Avoid access to non-existing interfaces
Currently, hostapd_get_vlan_id_ifname() is used to determine if a given
vlan is valid *and* to actually determine the interface. This leads to
wpa_set_keys() sometimes setting the key on the wildcard interface name,
which does not make sense.

This patch therefore adds hostapd_vlan_id_valid() and makes
hostapd_get_vlan_id_ifname() not return a wildcard interface.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-06-25 12:03:02 +03:00
Ben Greear
728d97171b Use status code 17 (unable to handle new STA) on max-STA limitation
This is more useful information than the previously used value 1
(unspecified failure).

Signed-hostap: Ben Greear <greearb@candelatech.com>
2013-04-28 16:45:55 +03:00
Johannes Berg
c2aff6b1d1 hostapd: Add some testing options
In order to test clients in scenarios where APs may (randomly)
drop certain management frames, introduce some testing options
into the hostapd configuration that can make it ignore certain
frames. For now, these are probe requests, authentication and
(re)association frames.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-04-23 17:51:28 +03:00
Jouni Malinen
8dabf4bb46 GAS server: Fix a regression in GAS server callback
Commit 2d9ffe1e85 broke GAS server
callback for receiving Public Action frames. The incorrect context
pointer was used in the public_action_cb2 case. Fix this to use the
correct context pointer.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-16 19:15:05 +02:00
Jouni Malinen
2d9ffe1e85 P2P: Fix Action frame processing if Interworking is enabled
GAS server used the same public_action_cb mechanism as P2P to process
Action frames. This ended up overriding P2P processing of Action frames
while running an AP/GO interface with a build that enables Interworking
(e.g., for Hotspot 2.0) and a driver that uses hostapd for AP mode
SME/MLME. Fix this by adding a separate callback registration for the
GAS server. This should really be cleaned up by supporting arbitrary
number of callback handlers, but for now, this addresses the regression
with a minimal change.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-04 15:38:35 +02:00
Jouni Malinen
b4fd3613d3 SAE: Free temporary buffers when moving to Accepted state
Most of the variables are not needed anymore once the SAE instance
has entered Accepted state. Free these to save memory.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
a50414c322 SAE: Check random_get_bytes() return value
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
625f202a74 SAE: Allow enabled groups to be configured
hostapd.conf sae_groups parameter can now be used to limit the set of
groups that the AP allows for SAE. Similarly, sae_groups parameter is
wpa_supplicant.conf can be used to set the preferred order of groups. By
default, all implemented groups are enabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
d136c376f2 SAE: Add support for Anti-Clogging mechanism
hostapd can now be configured to use anti-clogging mechanism based on
the new sae_anti_clogging_threshold parameter (which is
dot11RSNASAEAntiCloggingThreshold in the standard). The token is
generated using a temporary key and the peer station's MAC address.
wpa_supplicant will re-try SAE authentication with the token included if
commit message is rejected with a token request.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
dd43026a19 SAE: Rename state variables to match IEEE 802.11 standard
The enum values for struct sae_data::state now match the protocol
instance states as defined in IEEE Std 802.11-2012, 11.3.8.2.2

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
f2e9818f73 SAE: Add processing of the confirm message
This adds validation of the received confirm messages for SAE.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
fb8fcc2950 SAE: Add generation of the confirm message fields
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
146f6c9a00 SAE: Add processing of the commit message
This adds validation of the received commit messages and key derivation
for SAE.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
8e31e9550a SAE: Add generation of the commit message fields
This adds derivation of PWE and the needed commit values so that the
full SAE commit message can be built.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
750efe6ea6 SAE: Move related operations next to each other
There is no need to keep the two SAE steps separated from each other.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
98efcc4176 SAE: Use a shared data structure for AP and station
This makes it easier to share common functions for both roles.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Johannes Berg
a9a1d0f08a hostapd: Pass VHT capabilities to driver wrapper
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-01-12 17:51:52 +02:00
Jouni Malinen
c79938a584 WNM: Enable WNM-Sleep Mode configuration with hostapd SME/MLME
This allows hostapd to process WNM-Sleep Mode Request when using the
internal SME/MLME.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 19:16:17 +02:00
Jouni Malinen
f2a14be798 Use a shared function for freeing PSK list
There is no need to duplicate this code in multiple locations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 18:01:55 +02:00
Michael Braun
5ee56c4e19 Keep and use list of PSKs per station for RADIUS-based PSK
This adds support for multiple PSKs per station when using a RADIUS
authentication server to fetch the PSKs during MAC address
authentication step. This can be useful if multiple users share a
device but each user has his or her own private passphrase.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2012-11-25 17:57:16 +02:00
Michael Braun
2ad3e6c858 Cache a list of PSK entries for RADIUS-based PSK delivery
Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2012-11-25 17:57:16 +02:00
Johannes Berg
202d97d477 hostapd: Add VHT PHY selector if VHT is required
If VHT is required, add the VHT PHY selector to
the (extended) supported rates IE.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-11-24 17:27:16 +02:00
Jouni Malinen
f403dcd648 HS 2.0: Maintain a copy of HS 2.0 Indication from Association Request
This allows the AP to figure out whether a station is a HS 2.0 STA
during the association and access any information that the STA may have
included in this element.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-24 12:24:31 +02:00
Jouni Malinen
21af6d15a8 SAE: Add Finite Cyclic Group negotiation and Send-Confirm
This replaces the previously used bogus test data in SAE messages with
the first real field. The actual SAE authentication mechanism is still
missing and the Scaler, Element, and Confirm fields are not included.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-06 19:30:54 +03:00
Jouni Malinen
c10347f246 Add initial parts for SAE
This introduces new AKM for SAE and FT-SAE and adds the initial parts
for going through the SAE Authentication frame exchange. The actual SAE
algorithm and new fields in Authentication frames are not yet included
in this commit and will be added separately. This version is able to
complete a dummy authentication with the correct authentication
algorithm and transaction values to allow cfg80211/mac80211 drivers to
be tested (all the missing parts can be handled with
hostapd/wpa_supplicant changes).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 19:51:07 +03:00
Felix Fietkau
9974381109 hostapd: Add check for the wds sta flag before creating 4addr VLANs
Signed-hostap: Felix Fietkau <nbd@openwrt.org>
2012-09-23 13:25:49 +03:00
Felix Fietkau
22b42372d0 hostapd: Clear WLAN_STA_ASSOC_REQ_OK if sending the assoc response failed
As long as WLAN_STA_ASSOC_REQ_OK is set in sta->flags, Class 3 frames do
not trigger a disassoc/deauth. If it is still set even after the assoc
response tx has already failed, it may take somewhat longer for clients
to realize that the connection wasn't fully established.

Signed-hostap: Felix Fietkau <nbd@openwrt.org>
2012-09-23 13:23:16 +03:00
Jouni Malinen
41fe8b42b5 Show an error message if sending of Action frame fails
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 18:34:16 +03:00
Jouni Malinen
3489cfb09c Use a shared helper function for merging supported rate lists
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 17:52:41 +03:00
Michael Braun
2092597fee Copy User-Name/CUI from RADIUS ACL to STA entry
Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2012-08-19 14:20:10 +03:00
Christian Lamparter
f0c7a986bb AP: Fix erroneous "station tried TKIP" error
The commit b5fd8b1833
"VHT: Do not allow use of TKIP with VHT" introduced
an off-by-one regression: a WPA/RSN 11n AP would no
longer accept stations to connect, instead it would
produce a bogus error message:
... Station tried to use TKIP with HT association.

Signed-hostapd: Christian Lamparter <chunkeey@googlemail.com>
2012-08-11 10:53:03 +03:00
Mahesh Palivela
140e850a66 VHT: Add option for requiring use of VHT
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 19:53:24 +03:00
Mahesh Palivela
14708b501f VHT: Add VHT elements into (Re)Association Response
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 19:51:17 +03:00
Mahesh Palivela
b5fd8b1833 VHT: Do not allow use of TKIP with VHT
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 19:50:37 +03:00
Mahesh Palivela
de3cdf354a VHT: Store VHT capabilities and manage VHT flag for STAs
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 19:49:18 +03:00
Jouni Malinen
b6668734ab WNM: Add advertisement of BSS max idle period
If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period
information to the (Re)Association Response frame from the AP and parse
this information on the station. For SME-in-wpa_supplicant case, add a
timer to handle periodic transmission of the keep-alive frame. The
actual request for the driver to transmit a frame is not yet
implemented.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-27 17:35:00 -07:00
Johannes Berg
baf513d695 Pass signal strength through, fix units
The signal strength is currently never used as the only driver reporting
it is nl80211 which uses IEEE80211_RADIOTAP_DB_ANTSIGNAL which is never
populated by the kernel. The kernel will (soon) populate
IEEE80211_RADIOTAP_DBM_ANTSIGNAL instead though, so use that.

Also, since it was never really populated, we can redefine the signal
field to be in dBm units only.

My next patch will also require knowing the signal strength of probe
requests throughout the code (where available), so add it to the
necessary APIs.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-04-01 18:48:12 +03:00
Jouni Malinen
0c01d65d6d Ignore TX status for Data frames from not associated STA
Commit d9a38716cc did this for
hostapd_eapol_tx_status() but missed the older hostapd_tx_status()
path. Address that case, too.

The TX status event may be received after a station has been
disassociated in cases where the disassociation is following a
transmission of a Data frame. Ignore such events if the STA is not
associated at the moment the event is being processed. This avoids
confusing debug entries and rescheduling of the EAPOL TX timeouts for
STAs that are still in the STA table, but are not really in active EAPOL
session.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-02-14 21:04:14 +02:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
d9a38716cc Ignore TX status for Data frames from not associated STA
The TX status event may be received after a stations has been
disassociated in cases where the disassociation is following a
transmission of a Data frame. Ignore such events if the STA is not
associated at the moment the event is being processed. This avoids
confusing debug entries and rescheduling of the EAPOL TX timeouts for
STAs that are still in the STA table, but are not really in active EAPOL
session.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-02-04 12:18:56 +02:00
Jouni Malinen
c84b868a71 Make hostapd_eid_wmm_valid() return more logical return values
Return 1/0 instead 0/-1 to indicate valid/invalid element so that
the if statement makes more sense with !wmm_valid().

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-17 12:41:00 +02:00
Jason Young
5d06163714 AP: Pass station's WMM configuration to driver wrappers
This updates a previous patch did more or less the same thing by
providing the qosinfo as a single variable to the driver wrappers.

Signed-hostap: Jason Young <jason.young@dspg.com>
2011-12-17 12:38:06 +02:00
Eliad Peller
5f32f79c6e AP: Add uapsd_queues and max_sp fields
Add uapsd_queues and max_sp fields to sta_info struct,
and pass them to the sta_add callback.

These values are determined by the WMM IE in the (Re)Association Request.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2011-12-17 11:55:14 +02:00
Michael Braun
05ab9712b9 Allow WPA passphrase to be fetched with RADIUS Tunnel-Password attribute
This allows per-device PSK to be configured for WPA-Personal using a
RADIUS authentication server. This uses RADIUS-based MAC address ACL
(macaddr_acl=2), i.e., Access-Request uses the MAC address of the
station as the User-Name and User-Password. The WPA passphrase is
returned in Tunnel-Password attribute in Access-Accept. This
functionality can be enabled with the new hostapd.conf parameter,
wpa_psk_radius.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2011-12-11 13:01:57 +02:00
Arik Nemtsov
3eeee931dd Allow Action frames with unknown BSSID in GO mode
P2P invitation responses are transmitted with the BSSID set to the peer
address. Pass these action frames up to allow the GO to receive the
Invitation Response (and avoid sending the Invitation Request multiple
times).

Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-12-04 12:10:11 +02:00
Jouni Malinen
0bf927a03e Use wpa_key_mgmt_*() helpers
This cleans up the source code and makes it less likely that new AKM
addition misses some needed changes in the future.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-24 22:47:46 +02:00
Jouni Malinen
71093e5ea9 WPS: Include WSC IE in (Re)Association Response for maybe-WPS case
If the station is indicating use of WPS, WSC IE should be added into the
(Re)Association Response frame. This is clear for the case when WSC IE
was included in the (Re)Association Request frame. However, even the
WLAN_STA_MAYBE_WPS case may actually indicate use of WPS. Assume that to
be the case when WPA/WPA2 is enabled (i.e., when the STA does not
include WPA/RSN/WSC IE while AP has WPA/RSN enabled).

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-24 22:05:33 +02:00
Helmut Schaa
8cfa3527e1 Allow MLME frames to be sent without expecting an ACK (no retries)
In some situations it might be benefical to send a unicast frame without
the need for getting it ACKed (probe responses for example). In order to
achieve this add a new noack parameter to the drivers send_mlme callback
that can be used to advise the driver to not wait for an ACK for this
frame.

Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
2011-11-19 19:02:05 +02:00
Johannes Berg
dd840f793c AP: Add explicit EAPOL TX status event
The new event can be used when EAPOL TX status can't be reported as a
complete 802.11 frame but is instead reported as just the EAPOL data as
originally passed to hapd_send_eapol().

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-11-19 13:00:30 +02:00
Jouni Malinen
ae055af4f7 Move AP events for STA connected/disconnected into one function
Instead of trying to remember to add wpa_msg() calls for every possible
path where a STA becomes authorized or unauthorized, use
ap_sta_set_authorized() to send these events more consistently.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 22:17:41 +02:00
Jouni Malinen
3ec1e9020f Fix some recent wpa_msg() calls in hostapd use correct context
wpa_msg() has to use hapd->msg_ctx instead of hapd as the context
pointer to work properly in wpa_supplicant AP mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 22:04:17 +02:00
Jouni Malinen
46eeedac61 Remove unused variables 2011-10-23 12:42:55 +03:00
Johannes Berg
bcf24348ed AP: Do station poll in driver wrapper
This offloads the station polling to driver wrappers, which may offload
it again to the driver. The hostap driver wrapper uses "real" data
frames while nl80211 uses null data frames.

Also add a specific event to indicate that a poll was successful for
future use with the nl80211 driver.
2011-10-20 21:03:08 +03:00
Jouni Malinen
06c4d2472f Move Ext Capab and Interworking element construction into shared file
These needs to be available for drivers that implement SME/MLME.
2011-10-17 21:03:52 +03:00
Mahesh Palivela
d4370eac2e Move SA Query mechanism into a file that can be shared more easily
This is the first step in allowing SA Query mechanism in hostapd to be
used with drivers that implement authentication and association MLME/SME
(i.e., do not use ieee802_11.c).
2011-10-17 17:33:17 +03:00
Jouni Malinen
b83e3e93c8 IEEE 802.11u: Add configuration and advertisement for Interworking 2011-10-16 23:55:34 +03:00
Yogesh Ashok Powar
8666585b9e Disconnect STA when it fails to get added in kernel driver/firmware
Data path for stations that get successfully associated to the
hostapd but fail to get added in the driver/firmware, will not
work. In such cases, hostapd should deauth and disconnect such
stations. In such scenario, hostapd should disconnect the STAs.

Sample output with following patch
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: authenticated
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: associated (aid 1)
wlan0: AP-STA-CONNECTED 0c:74:c2:9a:4c:59
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: Could not add STA to kernel driver
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: deauthenticated due to local deauth request

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
2011-10-15 12:41:28 +03:00
Jouni Malinen
4dc03726de Delay STA entry removal until Deauth/Disassoc TX status in AP mode
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. The STA
entry (and PTK) will be removed from the kernel only after the
Deauth/Disassoc has been transmitted (e.g., when the STA wakes up).
A hardcoded two second timeout is used to limit the length of this
window should the driver fail to deliver the frame (e.g., the STA
is out of range and does not wake up). The kernel STA entry is
marked unauthorized during the wait to avoid accepting Data
frames from the STA that we have decided to disconnect.

This behavior is available only with drivers that provide TX status
events for Deauth/Disassoc frames (nl80211 at this point). Other
drivers continue to use the previous behavior where the STA entry
is removed immediately.
2011-08-28 23:07:02 +03:00
Jouni Malinen
17f6b90056 WPS: Wait for EAPOL-Start unless WPS 2.0 station as workaround
Extend the code that waits for the station to send EAPOL-Start before
initiating EAPOL authenticator operations to cover the case where the
station includes WPS IE in (Re)Association Request frame if that IE
does not include support for WPS 2.0. While this should not really
be needed, this may help with some deployed WPS 1.0 stations that do
not support EAPOL operations correctly and may get confused of the
EAP-Request/Identity packets that would show up twice if EAPOL-Start
is transmitted.
2011-08-28 19:16:59 +03:00
Arik Nemtsov
d83ab1fe37 hostapd: Set STA flags when adding a new station
When adding a new station, set the STA flags as part of the sta_add()
command. This ensures the flags are up to date when the station is added
by lower level drivers.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-07-12 20:26:52 +03:00
Jouni Malinen
b8281964af Add workaround for race condition with AssocResp TX status
It may take some time for the TX status to be delivered for a
(Re)Association Response frame and if any Data frames are received
during that time, they may end up getting dropped as Class 3 frames in
not-associated state. This results in a Disassociation frame being sent
to the station and it assuming that the association has been lost.

Work around the issue by remembering that the (Re)Association Request
has already been accepted and skip the Deauth/Disassoc sending because
of the possible Class 3 frames before the TX status callback is
received.
2011-04-15 19:26:28 +03:00
Per Ekman
0b04889f0d Remove references to time_t/time()/random()
Replace direct calls in AP mode code with os_*() wrappers.
2011-04-11 18:33:48 +03:00
Ben Greear
24d75245bd AP: Update logging related to inactivity and disassociation
Add MAC addresses for stations and use wpa_msg instead of printf
methods to make it easier to grep logs and find messages for the
station in question.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-02-24 17:44:45 +02:00
Helmut Schaa
f39b07d7ed hostapd: Allow coexistance of HT BSSes with WEP/TKIP BSSes
In multi BSS setups it wasn't possible to set up an HT BSS in
conjunction with a WEP/TKIP BSS. HT needed to be turned off entirely
to allow WEP/TKIP BSSes to be used.

In order to allow HT BSSes to coexist with non-HT WEP/TKIP BSSes add a
new BSS conf attribute "disable_11n" which disables HT capabilities on a
single BSS by suppressing HT IEs in the beacon and probe response
frames. Furthermore, mark all STAs associated to a WEP/TKIP BSS as
non-HT STAs. The disable_11n parameter is used internally; no new entry
is parsed from hostapd.conf.

This allows a non-HT WEP/TKIP BSS to coexist with a HT BSS without
having to disable HT mode entirely. Nevertheless, all STAs associated to
the WEP/TKIP BSS will only be served as if they were non-HT STAs.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2011-02-21 17:27:16 +02:00
Jouni Malinen
2944824315 hostapd: Add require_ht configuration parameter
This can be used to configure hostapd to reject association with
any station that does not support HT PHY.
2011-02-09 15:08:47 +02:00
Johannes Berg
6905dcb1e0 AP: Introduce sta authorized wrappers
To enable making state change notifications on the WLAN_STA_AUTHORIZED
flag, introduce ap_sta_set_authorized(), and to reduce use of the flag
itself also add a wrapper for testing the flag: ap_sta_is_authorized().

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-02 16:52:32 +02:00
Jouni Malinen
1161ff1ef5 hostapd: Allow TDLS use to be prohibited in the BSS
tdls_prohibit=1 and tdls_prohibit_chan_switch=1 and now be used to
disable use of TDLS or TDLS channel switching in the BSS using
extended cabilities IE as defined in IEEE 802.11z.
2011-01-28 19:21:59 +02:00
Jouni Malinen
cbcf92b42f AP: Validate management frame length
Make sure that received management frames are long enough before
processing them. This avoids a potential segmentation fault if a
driver delivers an invalid frame all the way to hostapd.
2011-01-17 12:21:29 +02:00
Jouni Malinen
1df492df34 Do not send Deauth/Disassoc to unknown STA if SA is invalid
The frame needs to be sent from an individual (non-group) address,
so drop invalid frames before sending Deauth/Disassoc frames to
not associated STAs.
2010-12-04 17:40:36 -08:00
Jouni Malinen
0e8a96a911 Get rid of struct hostapd_driver_ops abstraction
This is not needed anymore and just makes things more difficult
to understand, so move the remaining function pointers to direct
function calls and get rid of the struct hostapd_driver_ops.
2010-11-24 16:50:06 +02:00