Commit Graph

243 Commits

Author SHA1 Message Date
Jouni Malinen
b83cbb3b3b Use a wrapper function for ieee802_1x_receive() to avoid ieee802_1x.h
Driver wrappers should not need to include ieee802_1x.h, so use a
wrapper function declared in driver.h.
2009-01-09 16:33:59 +02:00
Jouni Malinen
33eb3c4ec4 Moved disassociation processing away from driver_*.c 2009-01-09 16:27:30 +02:00
Jouni Malinen
940a0ce970 Moved association check from driver_*.c into ieee802_1x_receive() 2009-01-09 16:17:20 +02:00
Jouni Malinen
602996f8db Moved WPA setup etc. association processing away from driver_*.c
This is all details that should not need to be handled in driver_*.c.
2009-01-09 16:13:07 +02:00
Jouni Malinen
214021f585 Move RX-from-unknown-STA processing away from driver_*.c
This cleans up the driver wrapper interface by getting rid of sta_info.h
dependency in all drivers that use MLME implementation in hostapd
(driver_hostap.c and driver_nl80211.c).
2009-01-09 15:44:45 +02:00
Jouni Malinen
8607f4c31f Moved TX status processing for STA entries away from driver_*.c
Driver wrappers should not need to know about this level of core hostapd
details.
2009-01-09 15:33:36 +02:00
Jouni Malinen
76e2592190 Share the same radiotap helper implementation 2009-01-09 15:22:19 +02:00
Jouni Malinen
d200828b41 Moved rfc1042_header into driver_*.c that use it
No need to share such a small buffer and make hostapd.[ch] more complex
with it.
2009-01-09 15:06:48 +02:00
Jouni Malinen
a2f517fb93 Fixed a typo in a comment 2009-01-09 15:01:50 +02:00
Jouni Malinen
8d06da09a4 Move generic definitions away from hostapd.h
This is an initial step in trying to make hostapd.h not needed to be
included in so many files.
2009-01-08 20:14:05 +02:00
Jouni Malinen
bfddd95c9e Split hostapd/driver.h into two files
driver.h contains the definitions needed in driver wrapper
implementations (driver_*.c) and driver_i.h contains the definitions
that are used in core hostapd code to interact with the driver wrappers.
2009-01-08 20:02:56 +02:00
Jouni Malinen
f88bd28836 Added support for removing RADIUS accounting and RADIUS in general
CONFIG_NO_ACCOUNTING=y and CONFIG_NO_RADIUS=y build options can now be
used to remove RADIUS support from the hostapd build.
2009-01-08 19:15:25 +02:00
Jouni Malinen
9c584c06bd Remove MLME code from build if none of the enabled drivers need it 2009-01-08 18:40:14 +02:00
Jouni Malinen
bb305cbdcc Replaced printf() with wpa_printf() 2009-01-08 16:57:04 +02:00
Jouni Malinen
03018d3e7c Added CONFIG_NO_STDOUT_DEBUG for hostapd
This is similar to one in wpa_supplicant and can be used to reduce the
binary size by removing debugging messages.
2009-01-08 16:47:04 +02:00
Jouni Malinen
7d02e64157 Mark shared secret const in RADIUS client routines 2009-01-08 16:41:47 +02:00
Jouni Malinen
1c6e69ccda Moved documentation from developer.txt into source code files
Use Doxygen comments for functions to replace the old text file that was
not up-to-date anymore.
2009-01-08 16:33:00 +02:00
Jouni Malinen
6f78f2fb3b Preparations for 0.6.7 release 2009-01-06 20:11:15 +02:00
Jouni Malinen
f58b20ce66 Fixed IMAGE_PATH for doxygen run in root directory 2009-01-04 14:44:33 +02:00
Jouni Malinen
2eba45c8de Added endianness annotation for sparse 2009-01-03 21:00:38 +02:00
Jouni Malinen
5306f43fc3 Fixed sparse warnings about integer vs. pointer use
The configuration parsing functions seemed to have worked fine before,
but these were real bugs even if they did not show up in practice.
hostapd_ip_diff() was broken for IPv6 addresses (overwrote address and
always returned 1.
2009-01-03 20:46:32 +02:00
Jouni Malinen
d953d9ab80 Removed sparse destinations since "CC=cgcc make" works fine 2009-01-03 20:39:52 +02:00
Jouni Malinen
7e5ba1b916 Mark functions static if not used elsewhere and use proper prototypes 2009-01-03 20:38:42 +02:00
Jouni Malinen
875f6d7b93 Create all doxygen docs from root directory to get proper path names
This updated all doxygen runs to use the same style that was used for
wpa_supplicant full documents. The full vs. fast configurations are now
otherwise identical apart from fast not generating dot files or
latex/pdf version of the documentation.
2009-01-03 09:59:12 +02:00
Jouni Malinen
a17df5fb8b Fixed number of doxygen warnings 2009-01-02 22:28:04 +02:00
Jouni Malinen
a4149765a2 Added more src subdirectories into doxygen docs 2009-01-02 22:27:17 +02:00
Jouni Malinen
4be048a8a6 Updated doxygen configuration files to work with new doxygen
The doxygen run is not exactly warning free yet, but this gets a step
closer to being able to produce something useful again.
2009-01-02 21:57:51 +02:00
Jouni Malinen
862e08a9a4 Include ieee802_11_defs.h explicitly instead of assuming it gets included
Some build configurations failed to compile because this file did not
get included.
2009-01-02 21:14:21 +02:00
Jouni Malinen
79da74a20c WPS: Generate UUID based on MAC address, if not set
Generate a SHA1 hash -based UUID from the local MAC address if the UUID
was not configured. This makes it easier to prepare for WPS since there
is no need to generate an UUID.
2009-01-01 22:56:52 +02:00
Jouni Malinen
e834272f73 Include pending MFP defines in nl80211_copy.h
This can be used to get rid of the extra cpp define since we have our
local copy of wireless.h and nl80211.h.
2008-12-31 18:10:14 +02:00
Jouni Malinen
ac43f1fa39 Renamed nl80211 HT channel parameters to match with kernel 2008-12-31 17:59:13 +02:00
Jouni Malinen
df1e9601a4 Fixed SA Query Request length
Do not send extra 24 octets of random data in the end.
2008-12-31 17:50:14 +02:00
Jouni Malinen
1aa5c13471 Clear BIP keys, too, when removing broadcast keys with MFP enabled 2008-12-31 17:49:43 +02:00
Jouni Malinen
d5263983ac MFP: Remove mac80211 workaround of IGTK in monitor netdev
mac80211 can now figure out which key to use for injected frames (in
most cases), so we can remove the workaround for configuring IGTK on the
monitor interface that is used for injecting frames.
2008-12-31 17:48:13 +02:00
Jouni Malinen
88b4b4246d Added ctrl_interface command for sending a SA Query request
This can be useful for testing IEEE 802.11w functionality, so provide
means for manual request to send a SA Query request.
2008-12-30 18:04:29 +02:00
Jouni Malinen
805e6dc663 Disconnect the STA if EAP timeout is reached
There is not really much else the Authenticator can do if it does not
receive valid EAP response from the Supplicant/EAP peer. EAP-Failure
would need to be sent before trying to start again with
EAP-Request/Identity, but that is not allowed before the EAP peer
actually replies. Anyway, forcing a new association is likely to clean
up peer state, too, so it can help fixing some issues that could have
caused the peer not to be able to reply in the first place.
2008-12-29 19:16:48 +02:00
Jouni Malinen
8e09c6d253 Fixed retransmission of EAP requests if no response is received
It looks like this never survived the move from IEEE 802.1X-2001 to
IEEE 802.1X-2004 and EAP state machine (RFC 4137). The retransmission
scheduling and control is now in EAP authenticator and the
calculateTimeout() producedure is used to determine timeout for
retransmission (either dynamic backoff or value from EAP method hint).

The recommended calculations based on SRTT and RTTVAR (RFC 2988) are not
yet implemented since there is no round-trip time measurement available
yet.

This should make EAP authentication much more robust in environments
where initial packets are lost for any reason. If the EAP method does
not provide a hint on timeout, default schedule of 3, 6, 12, 20, 20, 20,
... seconds will be used.
2008-12-29 18:10:34 +02:00
Jouni Malinen
65d50f0ac6 Add RADIUS server support for identity selection hint (RFC 4284)
Previously, only the delivery option 1 from RFC 4284
(EAP-Request/Identity from the AP) was supported. Now option 3
(subsequent EAP-Request/Identity from RADIUS server) can also be used
when hostapd is used as a RADIUS server. The eap_user file will need to
have a Phase 1 user entry pointing to Identity method in order for this
to happen (e.g., "* Identity" in the end of the file). The identity hint
is configured in the same was as for AP/Authenticator case (eap_message
in hostapd.conf).
2008-12-26 20:22:12 +02:00
Andriy Tkachuk
d9f5626293 NEED_BASE64 for WPS
It looks like we need base64 routines when compiling WPS in hostapd
(used in src/wps/wps_registrar.c:910).
2008-12-26 16:40:27 +02:00
Jouni Malinen
6f5c8dbd79 Added a TODO item for sending protected Disassoc after failed SA Query 2008-12-26 15:56:30 +02:00
Jouni Malinen
cae93bdc9c Added a note about IEEE 802.11w/D7.0 update 2008-12-26 12:59:07 +02:00
Jouni Malinen
8f4617c6c4 Do not use SA Query procedure if reassociation is part of FT 2008-12-26 12:55:35 +02:00
Jouni Malinen
ff89afb77b Add Key Length field into IGTK sub-element (FTIE) per 802.11w/D7.0 2008-12-26 12:49:15 +02:00
Jouni Malinen
45c94154a6 Updated SA Query procedure to use timeouts per 802.11w/D7.0
The previous max_attempts * timeout is now replaced with two timeouts
(one for each retry, the other one for maximum wait).
2008-12-26 12:30:34 +02:00
Jouni Malinen
93b76319f1 Renamed Ping procedure into SA Query procedure per 802.11w/D7.0
This commit changes just the name and Action category per D7.0. The
retransmit/timeout processing in the AP is not yet updated with the
changes in D7.0.
2008-12-26 11:46:21 +02:00
Jouni Malinen
9a9876bf9c Fixed the MFP Status/Reason Code values per 802.11w/D7.0 2008-12-26 11:29:17 +02:00
Jouni Malinen
ff36ff00b8 Reject association if HT STA tries to use TKIP as pairwise cipher 2008-12-22 14:05:53 +02:00
Jouni Malinen
f130ba9b4a Allow HT to be enabled for a STA even without WMM
The STA won't be able to use block ACK/aggregation, but at least it
should be allowed to use MCS rates and HT40.
2008-12-22 13:05:33 +02:00
Jouni Malinen
e6f9861ace Added a note about mac80211-based drivers and nl80211 2008-12-20 13:02:29 +02:00
Jouni Malinen
a2b3a34bab IANA allocated EAP method type 51 to EAP-GPSK 2008-12-20 12:39:24 +02:00
Jouni Malinen
bae61562a4 Cleaned up EAPOL-Key timeout processing
dot11RSNAConfigGroupUpdateTimeOut and
dot11RSNAConfigPairwiseUpdateTimeOut MIB variables were only used in
draft versions of IEEE 802.11i, so rename these in order not to use
confusing name here.

Replaced EAPOL-Key timeout to use following timeouts (in
milliseconds): 100,1000,1000,1000 (this was 1000,1000,1000,0). There
is no point in sending out the final EAPOL-Key frame which would be
immediately followed by disconnection. After the change to allow
response to any pending EAPOL-Key frame, it is fine to send the first
retransmission quickly to avoid long wait in cases where Supplicant
did not receive the first frame for any reason. The new sequence will
still provide 3.1 seconds of time to get any response frame, so this
does not reduce the previous time.
2008-12-18 17:15:36 +02:00
Jouni Malinen
47f72245e2 Do not allow HT with WPA/WPA2 to be enabled without CCMP
IEEE 802.11n does not allow HT STAs to use TKIP between themselves, so
do do allow a configuration that would force this to happen if HT is
used.
2008-12-17 12:16:13 +02:00
Jouni Malinen
22a299ee9d Improve EAPOL-Key handshake stability with retransmitted frames
Accept response to any pending request, not just the last one. This
gives the Supplicant more time to reply since hostapd will now allow up
to three seconds for the reply to the first EAPOL-Key frame transmission
(and two seconds for the first retry and one second for the last) while
the previous version invalidated any old request immediately when
sending a retransmitted frame.

If the Supplicant replies to more than one request, only the first reply
to arrive at the Authenticator will be processed. As far as the
Supplicant is concerned, this behavior does not differ from the previous
one except for being less likely to cause unneeded retransmissions of
EAPOL-Key frames.

This can help in cases where power saving is used when the group key is
rekeyed or when there is excessive traffic on the channel that can delay
(or drop) EAPOL-Key frames.
2008-12-16 14:17:33 +02:00
Jouni Malinen
75fc67e97b driver_test: Handle WPS IE in non-MLME test 2008-12-12 22:52:56 +02:00
Jouni Malinen
e33bbd8f4d driver_test: Optional support for using UDP socket
driver_test can now be used either over UNIX domain socket or UDP
socket. This makes it possible to run the test over network and makes it
easier to port driver_test to Windows.

hostapd configuration: test_socket=UDP:<listen port>
wpa_supplicant configuration: driver_param=test_udp=<dst IP addr>:<port>
2008-12-12 21:35:22 +02:00
Jouni Malinen
9a6cec7bc6 Added CONFIG_IEEE80211N into defconfig (commented out) 2008-12-10 00:46:55 +02:00
Jouni Malinen
cfb7e8a086 Fixed build without CONFIG_IEEE80211N 2008-12-10 00:45:57 +02:00
Jouni Malinen
fecc01663b Updated the comment about libnl to state that version 1.1 is new enough 2008-12-09 22:41:01 +02:00
Jouni Malinen
205a372b2d Added libnl 2.0 compatibility code (CONFIG_LIBNL20=y in .config needed)
Unfortunately, at least the current libnl git snapshot changes the API
in backwards incompatible way and in a way that makes it difficult to
to allow building against the latest libnl code.
2008-12-08 22:40:58 +02:00
Jouni Malinen
d9f2b1c382 driver_test: Added support for testing WPS without use_mlme 2008-12-08 21:42:01 +02:00
Jouni Malinen
7e45830ab7 nl80211: Include copy of linux/nl80211.h with hostapd/wpa_supplicant
This makes it easier to build the packages and allows all new features
to be built into the binary regardless of which kernel is currently
used.
2008-12-08 11:04:13 +02:00
Jouni Malinen
a9d1364c5f Merged EAP-AKA' into eap_aka.c and added it to defconfig/ChangeLog 2008-12-07 19:24:56 +02:00
Jouni Malinen
bb9f45e0bb nl80211: Remove the debug print from data frame processing
This is currently happening way too frequently (mac80211 monitor
interface sends TX info for every frame) and the end result makes it
difficult to read hostapd debug log if there is large amount of data
traffic.
2008-12-04 14:20:33 +02:00
Jouni Malinen
4a7b9f885f Fixed WEP authentication (both Open System and Shared Key) with mac80211
Only one of the authentication frame types is encrypted. In order for
static WEP encryption to work properly (i.e., to not encrypt the frame),
we need to tell mac80211 about the frames that must not be encrypted.
2008-12-04 13:21:35 +02:00
Jouni Malinen
f07688e37d nl80211: Generate 802.11b mode based on 802.11g information
If the phy info from nl80211 does not include 802.11b mode, generate
that mode based on 802.11g information. This allows hw_mode=b to be used
with drivers that support 2.4 GHz band.
2008-12-03 12:42:21 +02:00
Jouni Malinen
8c37556cd1 Add a starting point for EAP-AKA' (draft-arkko-eap-aka-kdf-10)
This is just making an as-is copy of EAP-AKA server and peer
implementation into a new file and by using the different EAP method
type that is allocated for EAP-AKA' (50). None of the other differences
between EAP-AKA and EAP-AKA' are not yet included.

It is likely that once EAP-AKA' implementation is done and is found to
work correctly, large part of the EAP-AKA and EAP-AKA' code will be
shared. However, it is not reasonable to destabilize EAP-AKA
implementation at this point before it is clearer what the final
differences will be.
2008-12-02 20:12:49 +02:00
Jouni Malinen
e8ff1e594e Fixed non-HT (and GF, 20 MHz) counting
Must not count the same STA multiple times if it reassociates back to
the same AP without the old STA entry being removed.
2008-12-02 14:32:05 +02:00
Jouni Malinen
08bec36178 WPS: Added support for wildcard PINs that work with any UUID-E
Since the Registrar may not yet know the UUID-E when a new PIN is
entered, use of a wildcard PIN that works with any UUID-E can be useful.
Such a PIN will be bound to the first Enrollee trying to use it and it
will be invalidated after the first use.
2008-11-30 20:32:03 +02:00
Jouni Malinen
30f5c941aa WPS: Added note about update_config and added WPS to ChangeLog 2008-11-30 17:48:45 +02:00
Jouni Malinen
a8d05fca5f Clear various flags on re-association to allow key_mgmt changes
If a STA reassociates and changes key_mgmt (e.g., from WPA-PSK to WPS),
hostapd needs to reset some of the existing STA and WPA state machine
variables to allow correct processing for the new association.
2008-11-30 17:22:51 +02:00
Jouni Malinen
06384c662a WPS: Added driver_test debug dump of Beacon/ProbeResp WPS IE 2008-11-29 21:27:25 +02:00
Jouni Malinen
8874b727ab WPS: Add length limits to device attribute strings 2008-11-29 21:26:07 +02:00
Jouni Malinen
43fb17940f WPS: Fixed hostapd to use allocated buffers for device attributes
Previous version did not handle re-configuration correctly since WPS
context data was pointing to old (now freed) strings.
2008-11-29 21:12:12 +02:00
Jouni Malinen
7d7b8e960a WPS: Split wps_common.c into parts
To make it easier to find various functions, attribute functions were
split into wps_attr_{build,parse,process}.c.
2008-11-29 13:16:26 +02:00
Jouni Malinen
120bd30c34 WPS: Moved RF Bands processing into wps_dev_attr.c
This allows the RF Bands attribute to be configured and stored.
2008-11-29 12:59:43 +02:00
Jouni Malinen
eb76b7e3ff WPS: Parse Request Type from WPS IE in (Re)AssocReq and derive mgmt keys
WPS IE is now passed from hostapd association processing into EAP-WSC
and WPS processing. Request Type attribute is parsed from this
information and if the request is for a WLAN Manager Registrar,
additional management keys are derived (to be used with UPnP).
2008-11-29 12:11:56 +02:00
Jouni Malinen
2f4eb31454 Changed NL80211_ATTR_WIPHY_SEC_CHAN_OFFSET to use U32 2008-11-26 16:16:28 +02:00
Jouni Malinen
a78d3dbd02 nl80211: Fixed a merge issue in an earlier commit for set_freq 2008-11-26 10:52:45 +02:00
Jouni Malinen
446842b101 nl80211: Clear HT flags from the channel when exiting 2008-11-26 10:51:01 +02:00
Jouni Malinen
fe0f58fa69 Added option to distinguish non-HT and HT20 in set_freq 2008-11-26 10:44:04 +02:00
Jouni Malinen
95da9bbc36 nl80211: Add support for setting channel frequency and HT20 vs. HT40
This depends on a patch to Linux nl80211/mac80211 that has not yet been
merged into wireless-testing. If that change is not present, the old
mechanism (WEXT) will be used instead.
2008-11-25 20:59:39 +02:00
Jouni Malinen
ffbcf648ed Change HT parameter configuration to use a single driver ops function
It is better to pass both HT Capabilities and HT Operation IEs in the
same function call since it may be easier for the driver wrappers to
handle the changes without having to wait for the other IE in the
wrapper code.
2008-11-25 14:57:34 +02:00
Jouni Malinen
3e0cb2c503 Validate HT40 channel pair validity based on IEEE 802.11n Annex J 2008-11-25 12:51:03 +02:00
Jouni Malinen
d6c9d4740b driver_nl80211: Added set_country() handler
If country_code is set in hostapd.conf, hostapd will now update nl80211
regulatory data by setting the alpha2 string for CRDA. In other words,
"iw reg set <alpha2>" is not needed anymore when using hostapd.
2008-11-25 12:10:35 +02:00
Jouni Malinen
df73d284fb Added support for generating Country IE based on nl80211 regulatory info 2008-11-25 11:56:28 +02:00
Jouni Malinen
bf01d8bc2b Get maximum TX power for each allowed channel from mac80211 2008-11-25 11:11:50 +02:00
Jouni Malinen
b3e7a97df0 Add some notes on which channels can be used with HT40- and HT40+
This is not a complete list, but at least it can provide some help for
whoever is trying to configure hostapd for 802.11n HT40 operation.
2008-11-24 19:28:37 +02:00
Jouni Malinen
cd587cceff Add set STA Channel Width field to 1 when allowing HT40 2008-11-24 16:44:17 +02:00
Jouni Malinen
a8d8410e1f Added support for configuring secondary channel offset for HT40 2008-11-24 16:33:45 +02:00
Jouni Malinen
a86f6ccad7 Rename [40HT] to [HT40] in ht_capab 2008-11-24 16:11:19 +02:00
Jouni Malinen
8725598c46 Fixed HT Capabilities Info byte order processing for big endian CPUs 2008-11-24 16:06:18 +02:00
Jouni Malinen
fc14f56759 Added IEEE 802.11n HT capability configuration (ht_capab) 2008-11-24 15:44:25 +02:00
Jouni Malinen
ad08c3633c Added preliminary Wi-Fi Protected Setup (WPS) implementation
This adds WPS support for both hostapd and wpa_supplicant. Both programs
can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN
methods are supported.

Currently, hostapd has more complete configuration option for WPS
parameters and wpa_supplicant configuration style will likely change in
the future. External Registrars are not yet supported in hostapd or
wpa_supplicant. While wpa_supplicant has initial support for acting as
an Registrar to configure an AP, this is still using number of hardcoded
parameters which will need to be made configurable for proper operation.
2008-11-23 19:34:26 +02:00
Jouni Malinen
6e89cc438e Preparations for 0.6.6 release 2008-11-23 17:02:06 +02:00
Jouni Malinen
2fc98d02c1 Simplified RADIUS accounting id usage
Changed accounting_sta_start() to call accounting_sta_get_id()
internally in accounting.c so that external callers do not need to do
anything to allocate unique accounting id. When starting a new session,
a unique identifier is needed anyway, so no need to keep these
operations separate.
2008-11-23 11:12:17 +02:00
Jouni Malinen
74bd7dae63 Use SM_ENTER_GLOBAL to clean up EAPOL state machine debug messages
This removes unnecessary messages about entering REAUTH_TIMER INITIALIZE
state every second when a STA is in unauthenticated state.
2008-11-23 11:01:28 +02:00
Jouni Malinen
b1fa8bf129 Allocate new Acct-Session-Id on EAPOL-Logoff
Stop accounting session on EAPOL-Logoff and use new Acct-Session-Id if
STA authenticates again within same association after this.
2008-11-23 10:47:36 +02:00
Jouni Malinen
39e50be082 Fixed listen interval configuration for nl80211 drivers
Need to update the struct sta_info value, too, and not only the local
variable used in handle_assoc()..
2008-11-22 21:20:27 +02:00
Jouni Malinen
fe2c5241b5 Remove experimental non-AP STA code from hostapd
This was used to allow hostapd to associate as a non-AP STA to another
AP one the same channel while still acting as an AP with the Host AP
driver. This was very experimental and did not work with all firmware
versions. Nowadays, much better way of doing this is to use mac80211
virtual non-AP STA interface. As such, this experimental code can be
removed from hostapd to reduce the code size and make MLME code easier
to understand since it is now only handling AP functionality.
2008-11-21 20:48:58 +02:00
Jouni Malinen
ddaa83ebeb Remove overly complex hostapd setup sequence with n+1 callbacks
This code was originally added as a mechanism to handle long waits
during channel selection and/or radar detection. It is not currently
really used and makes the setup sequence nearly impossible to
understand. Let's get rid of the unwanted complexity. This needs to be
redesigned if it is ever needed again.
2008-11-21 20:39:33 +02:00