Andriy Tkachuk [Tue, 17 Feb 2009 08:17:24 +0000 (10:17 +0200)]
WPS: support registration with APs in WEP security mode
Attached patch fixes the issue when supplicant does not select APs in
WEP security mode for WPS registration.
Jouni Malinen [Mon, 16 Feb 2009 18:50:55 +0000 (20:50 +0200)]
Updated to-do list for wpa_supplicant
No point in using time with Host AP driver optimizations anymore.
Note another race condition with 4-way handshake (and PTK config to
driver).
Jouni Malinen [Mon, 16 Feb 2009 11:28:42 +0000 (13:28 +0200)]
driver_nl80211: Fix STA accounting data collection
TX/RX bytes are now reported correctly (typo ended up leaving TX bytes
uninitialized and set RX bytes value to use correct TX bytes). TX/RX
packet counts are not yet available from kernel, so we have to clear the
values to avoid reporting bogus data.
Jouni Malinen [Sun, 15 Feb 2009 18:17:25 +0000 (20:17 +0200)]
Preparations for 0.6.8 release
Jouni Malinen [Sun, 15 Feb 2009 16:35:23 +0000 (18:35 +0200)]
Update nmake.mak to match with current files
Jouni Malinen [Sun, 15 Feb 2009 15:36:49 +0000 (17:36 +0200)]
Do not try session resumption after EAP failure
If session resumption fails for any reason, do not try it again because
that is just likely to fail. Instead, drop back to using full
authentication which may work. This is a workaround for servers that do
not like session resumption, but do not know how to fall back to full
authentication properly.
Jouni Malinen [Sun, 15 Feb 2009 12:35:30 +0000 (14:35 +0200)]
Avoid using #ifdef inside printf string
This makes it easier to use a preprocessor macro for printf.
Daniel Mierswa [Sun, 15 Feb 2009 12:22:50 +0000 (14:22 +0200)]
Improved 'make install' (use BINDIR/LIBDIR, install shared objects)
Daniel Mierswa [Sun, 15 Feb 2009 12:13:27 +0000 (14:13 +0200)]
Allow the privsep driver to pass the set_country to the real driver
Jouni Malinen [Sun, 15 Feb 2009 08:28:55 +0000 (10:28 +0200)]
Check EAP-AKA' AT_KDF duplication only if KDF was negotiated
This fixes an issue where two AKA'/Challenge messages are received when
resynchronizing SEQ#. Previously, this used to trigger an authentication
failure since the second Challenge message did not duplicate AT_KDF.
Jouni Malinen [Sun, 15 Feb 2009 08:28:16 +0000 (10:28 +0200)]
Add debug prints for couple of new EAP-AKA' attributes
Jouni Malinen [Sat, 14 Feb 2009 20:21:17 +0000 (22:21 +0200)]
Rename "broadcast SSID" to "wildcard SSID"
"Wildcard SSID" is the term used in IEEE Std 802.11-2007, so it is a
better name for the zero-length SSID used in Probe Request.
Jouni Malinen [Sat, 14 Feb 2009 19:17:46 +0000 (21:17 +0200)]
driver_nl80211: Add support for multi-SSID scan requests
Jouni Malinen [Sat, 14 Feb 2009 18:59:26 +0000 (20:59 +0200)]
Add support for multi-SSID scan requests
If the driver reports support for more than one SSID per scan request,
optimize scan_ssid=1 operations in ap_scan=1 mode. This speeds up
scanning whenever scan_ssid=1 is used since the broadcast SSID can be
included in every scan request and if driver supports more than two
SSIDs in the scan request, the benefits are even larger when multiple
networks have been configured with ap_scan=1.
This is also cleaning up wpa_supplicant_scan() function by moving code
around so that the SSID list is not processed unnecessarily if the
operation mode does not need this.
Jouni Malinen [Sat, 14 Feb 2009 15:11:21 +0000 (17:11 +0200)]
driver_test: Implement scan2() handler
This does not actually send out separate scan requests for each SSID,
but the debug output can be used to test scan2() functionality with
multiple SSIDs.
Jouni Malinen [Sat, 14 Feb 2009 15:01:32 +0000 (17:01 +0200)]
Add extended driver scan request command: driver_ops::scan2()
This can be used to provide support for scanning multiple SSIDs at a
time to optimize scan_ssid=1 operations. In addition, Probe Request IEs
will be available to scan2() (e.g., for WPS PBC scanning).
Jouni Malinen [Sat, 14 Feb 2009 14:43:43 +0000 (16:43 +0200)]
Allow multiple driver wrappers to be specified on command line
For example, -Dnl80211,wext could be used to automatically select
between nl80211 and wext. The first driver wrapper that is able to
initialize the interface will be used.
Jouni Malinen [Thu, 12 Feb 2009 20:02:19 +0000 (22:02 +0200)]
nl80211: Remove one second sleep after iface up
This workaround was needed with some drivers that used WEXT, but there
is no known nl80211-enabled driver that would need this, so lets get rid
of the extra delay.
Jouni Malinen [Thu, 12 Feb 2009 19:49:57 +0000 (21:49 +0200)]
New driver capability info: max number of scan SSIDs
The driver wrappers can now inform wpa_supplicant how many SSIDs can
be used in a single scan request (i.e., send multiple Probe Requests
per channel). This value is not yet used, but it can eventually be used
to allow a new scan command to specify multiple SSIDs to speed up
scan_ssid=1 operations. In addition, a warning could be printed if
scan_ssid=1 is used with a driver that does not support it
(max_scan_ssids=0).
Jouni Malinen [Thu, 12 Feb 2009 18:11:43 +0000 (20:11 +0200)]
nl80211: Replace WEXT scan event with nl80211
Use the new nl80211 scan event mechanism instead of the WEXT event.
This completes the move from WEXT scanning into nl80211 scanning.
Jouni Malinen [Thu, 12 Feb 2009 15:12:58 +0000 (17:12 +0200)]
nl80211: Replace SIOCGIWSCAN with NL80211_CMD_GET_SCAN
This replaces the WEXT mechanism for fetching scan results with the new
nl80211 mechanism.
Jouni Malinen [Thu, 12 Feb 2009 14:20:22 +0000 (16:20 +0200)]
nl80211: Replace SIOCSIWSCAN with NL80211_CMD_TRIGGER_SCAN
This is the first step in replacing WEXT-based scan with the new
nl80211-based mechanism.
Jouni Malinen [Thu, 12 Feb 2009 12:46:26 +0000 (14:46 +0200)]
Sync nl80211.h with the current wireless-testing version
Jouni Malinen [Wed, 11 Feb 2009 20:35:27 +0000 (22:35 +0200)]
Removed an obsolete comment about use of external program for EAP
Jouni Malinen [Wed, 11 Feb 2009 15:29:03 +0000 (17:29 +0200)]
Add another Milenage test set that is suitable for EAP-AKA'
The Test Set 19 from TS 35.208 has an AMF with the separation bit set
and as such, it is suitable for EAP-AKA' testing.
Jouni Malinen [Wed, 11 Feb 2009 15:28:42 +0000 (17:28 +0200)]
EAP-AKA': Verify that AMF separation bit is set
Jouni Malinen [Tue, 10 Feb 2009 13:26:26 +0000 (15:26 +0200)]
wpa_gui-qt4: Add support for selecting between WEP open/shared key auth
Split the auth=none option into three: open, WEP, WEP with shared key to
allow the user specify WEP with shared key authentication. In addition,
fix static WEP key edits to be enabled only when using static WEP keys
(i.e., not for IEEE 802.1X).
Jouni Malinen [Tue, 10 Feb 2009 12:31:27 +0000 (14:31 +0200)]
Fix test-sha256 build
Helmut Schaa [Tue, 10 Feb 2009 11:47:14 +0000 (13:47 +0200)]
Use signal quality if level is not available for comparing max rates
Some drivers (for example ipw2100) do not report signal level but only
signal quality. wpa_supplicant already uses the signal quality if no
level is reported and all other comparision parameters are equal to sort
the scan results. However, if two APs have different max rates and the
signal level does not differ much wpa_supplicant chooses the AP with the
higher max rate.
In case of ipw2100 no signal level is reported and thus wpa_supplicant
always takes the AP with higher max rate even if its signal quality is
really low. For example if AP1 (max rate 11Mb/s, 80% signal quality) and
AP2 (max rate 54 Mb/s, 20% signal quality) are found by a scan
wpa_supplicant would choose AP2.
Hence, if no signal level is reported depend on the signal quality if
max rate should be compared. A quality difference of 10% is considered
acceptable in favor of the higher max rate.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Jouni Malinen [Tue, 10 Feb 2009 09:45:17 +0000 (11:45 +0200)]
Fixed a copy-paste error in a function documentation
Jouni Malinen [Tue, 10 Feb 2009 09:43:40 +0000 (11:43 +0200)]
wext: Force disconnect on deauthenticate()
Use the same zero-BSSID, random-SSID trick for both disassociate() and
deauthenticate().
Dan Williams [Tue, 10 Feb 2009 09:40:19 +0000 (11:40 +0200)]
wext: really disassociate (set random SSID)
Really disassociate when tearing stuff down; drivers may sometimes
(legally) keep trying to reassociate unless the BSSID is unlocked. If
the SSID is unlocked too, under WEXT drivers are able to pick an SSID to
associate, so kill that behavior by setting a bogus SSID. Unfortunately
WEXT doesn't provide an easy method to say "stop whatever doing and just
idle".
Signed-off-by: Dan Williams <dcbw@redhat.com>
Masashi Honma [Tue, 10 Feb 2009 09:23:59 +0000 (11:23 +0200)]
WPS: Fix clearing of WPS IE with madwifi driver
On WPS init/deinit process, the hostapd clears it's own WPS IE
with 0 length WPS IE. But it fails. Because the parameter to
ioctl is too short. Then hostapd prints a below message.
ioctl[IEEE80211_IOCTL_SET_APPIEBUF]: Invalid argument
Jouni Malinen [Mon, 9 Feb 2009 20:37:55 +0000 (22:37 +0200)]
Use larger buffer for TLS encryption to avoid issues with GnuTLS
It looks like GnuTLS (at least newer versions) is using random padding
on the application data and the previously used 100 byte extra buffer
for tls_connection_encrypt() calls was not enough to handle all cases.
This resulted in semi-random authentication failures with EAP-PEAP and
EAP-TTLS during Phase 2.
Increase the extra space for encryption from 100 to 300 bytes and add an
error message into tls_gnutls.c to make it easier to notice this issue
should it ever show up again even with the larger buffer.
Masashi Honma [Mon, 9 Feb 2009 17:50:52 +0000 (19:50 +0200)]
WPS: Set correct Selected Registrar Config Methods attribute
I tried PBC with the hostapd registrar.
I pushed the button with "hostap_cli WPS_PBC".
But hostapd registrar always sends Selected Registrar Config Methods
attribute=0x0000 in beacon/probe response.
Helmut Schaa [Mon, 9 Feb 2009 17:45:06 +0000 (19:45 +0200)]
Send a dbus reply only if requested by the caller
wpa_supplicant should not send a dbus reply as response to a method call
if no reply was requested by the caller. Sending a reply even if not
requested is basically no problem but triggers dbus warnings like the
one below.
Feb 9 07:31:23 linux-gvjr dbus-daemon: Rejected send message, 2 matched
rules; type="error", sender=":1.129" (uid=0 pid=30228
comm="/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wp")
interface="(unset)" member="(unset)" error
name="fi.epitest.hostap.WPASupplicant.InvalidInterface"
requested_reply=0 destination=":1.128" (uid=0 pid=30226
comm="/usr/sbin/NetworkManager "))
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Alan T. DeKok [Sun, 8 Feb 2009 11:40:34 +0000 (13:40 +0200)]
Create os_daemon for OS X, as it's now deprecated (Leopard)
Using it results in an error at build time. So we replace it.
Jeremy C. Reed [Sun, 8 Feb 2009 11:28:37 +0000 (13:28 +0200)]
Allow driver_bsd.c to be built for NetBSD
Jouni Malinen [Sun, 8 Feb 2009 11:26:33 +0000 (13:26 +0200)]
Use os_strlcpy instead of os_strncpy when copying ifname
In theory, the ifname could be IFNAMSIZ characters long and there would
not be room for null termination.
Jouni Malinen [Sun, 8 Feb 2009 10:47:28 +0000 (12:47 +0200)]
Fix MinGW build with CONFIG_EAP_TNC=y
MinGW does not use -ldl so do not add this unconditionally.
Jouni Malinen [Sat, 7 Feb 2009 10:07:06 +0000 (12:07 +0200)]
Avoid memory leak on error path in crypto_cipher_init()
Jouni Malinen [Sat, 7 Feb 2009 10:04:45 +0000 (12:04 +0200)]
Add crypto_cipher_{init,encrypt,decrypt,deinit} for GnuTLS
Jouni Malinen [Sat, 7 Feb 2009 08:30:32 +0000 (10:30 +0200)]
Fix privsep build with CONFIG_CLIENT_MLME=y
Add wpa_supplicant_sta_free_hw_features() and wpa_supplicant_sta_rx()
for driver wrappers in wpa_priv.
Daniel Mierswa [Sat, 7 Feb 2009 08:19:28 +0000 (10:19 +0200)]
Include wpabuf.o in wpa_priv build
If you choose to use CONFIG_PRIVSEP=y, the wpabuf functions seem to
miss. The attached patch is against trunk and should probably fix it.
Jouni Malinen [Sat, 7 Feb 2009 08:16:11 +0000 (10:16 +0200)]
Removed printf size_t format warning on 64-bit
Jouni Malinen [Sat, 7 Feb 2009 08:09:49 +0000 (10:09 +0200)]
Removed CONFIG_EAP_WSC=dyn option
Build EAP-WSC dynamically does not make much sense and with the
dependencies to WPS code from number of places resolving this is not
trivial. It is simpler to just remove this option.
Pavel Roskin [Sat, 7 Feb 2009 08:05:23 +0000 (10:05 +0200)]
Fix building dynamic EAP peer modules
Strip directory name from the target in the pattern rule for dynamic
modules. Remove dynamic modules on "make clean".
Jouni Malinen [Fri, 6 Feb 2009 19:44:19 +0000 (21:44 +0200)]
UPnP: Renamed PutWLANResponse callback function to match action
No point in adding extra "event_" to the name.
Jouni Malinen [Fri, 6 Feb 2009 19:39:32 +0000 (21:39 +0200)]
WPS UPnP: Added support for multiple external Registrars
Allow more than one pending PutWLANMessage data to be stored (M2/M2D
from multiple external Registrars) and drop pending M2/M2D messages when
the Enrollee replies with M3.
Jouni Malinen [Fri, 6 Feb 2009 17:04:55 +0000 (19:04 +0200)]
WPS UPnP: Add IP address and port details into debug messages
This makes it much easier to debug operations with multiple external
Registrars.
Jouni Malinen [Fri, 6 Feb 2009 14:39:49 +0000 (16:39 +0200)]
UPnP: Workaround bogus NewWLANEventMAC in PutWLANResponse
It looks like Intel wsccmd may send a bogus NewWLANEventMAC
(11:22:33:44:55:66) when acting as an wired external Registrar. Work
around this by going through all STAs if the address does not match and
pick the STA that is in an ongoing WPS registration.
Jouni Malinen [Fri, 6 Feb 2009 12:19:59 +0000 (14:19 +0200)]
WPS: Allow minor version differences in Version attribute check
Version attribute processing details are not described in the WPS spec,
but it is safer to allow minor version to change and only refuse to
process the message if major version is different from ours. This
matches with the behavior used in the Intel reference implementation.
Jouni Malinen [Fri, 6 Feb 2009 12:15:47 +0000 (14:15 +0200)]
WPS: Moved Version attribute validation into a shared function
Jouni Malinen [Fri, 6 Feb 2009 12:05:17 +0000 (14:05 +0200)]
UPnP: Removed shadowed variable
Andriy Tkachuk [Fri, 6 Feb 2009 12:03:34 +0000 (14:03 +0200)]
WPS: Set correct Device Password ID in M2
It looks like we don't set correspondent Device Password ID attribute in
M2 message during PBC registration. Without it TG185n STA was not able
to connect to our AP in PBC mode. Attached patch fixes this.
Jouni Malinen [Fri, 6 Feb 2009 11:52:30 +0000 (13:52 +0200)]
Added CONFIG_WPS_UPNP for wpa_supplicant tests
For now, this is just an undocumented build option to make it possible
to build ../src/wps/*.o in a way that matches with hostapd needs.
Daniel Mierswa [Thu, 5 Feb 2009 17:24:16 +0000 (19:24 +0200)]
Explicitly link against libdl when including TNC support
If you don't choose OpenSSL as TLS implementation and choose to enable
CONFIG_EAP_TNC you have to link against libdl. The OpenSSL libraries
implicitly link against them, so this might be a reason why it wasn't
noticed yet. I assume the same applies to hostapd.
Masashi Honma [Thu, 5 Feb 2009 17:19:19 +0000 (19:19 +0200)]
Setting probe request ie with madwifi driver
The madwifi driver has interface to set probe request ie.
Attached patch will enable the functionality.
I could see probe request includes WSC IE with this patch.
Jouni Malinen [Thu, 5 Feb 2009 16:57:26 +0000 (18:57 +0200)]
Add crypto_mod_exp() for GnuTLS (libgcrypt)
This allows WPS to be linked with GnuTLS.
Jouni Malinen [Thu, 5 Feb 2009 16:20:26 +0000 (18:20 +0200)]
Fixed eapol_test linking with CONFIG_IBSS_RSN=y
Jouni Malinen [Thu, 5 Feb 2009 16:18:31 +0000 (18:18 +0200)]
Cleaned up printf format warnings on 64-bit build
Jouni Malinen [Thu, 5 Feb 2009 10:00:23 +0000 (12:00 +0200)]
Fixed scan buffer increasing with WEXT
We can now handle up to 65535 byte result buffer which is the maximum
due to WEXT using 16-bit length field. Previously, this was limited to
32768 bytes in practice even through we tried with 65536 and 131072
buffers which we just truncated into 0 in the 16-bit variable.
This more or less doubles the number of BSSes we can received from scan
results.
Jouke Witteveen [Wed, 4 Feb 2009 20:05:14 +0000 (22:05 +0200)]
Better support in RoboSwitch driver
I am terribly sorry, but because of a lack of testing equipment the
patch was submitted not properly tested.
Because the chipset documentation is not publicly available all
behaviour has to be found out by experimentation. The other day, I
made some incorrect assumptions based on my findings.
I do believe the attached patch does support the whole RoboSwitch line
(5325, 5350, 5352, 5365 and others). It is a drop-in substitution for
my previous submission.
Helmut Schaa [Wed, 4 Feb 2009 19:55:12 +0000 (21:55 +0200)]
Fix a segfault in wpa_supplicant_deinit
If wpa_supplicant is started with -u but the DBus service is already
registered wpa_supplicant will bail out. However, it will segfault
in wpa_supplicant_deinit because global->drv_priv wasn't allocated
yet.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Jouni Malinen [Wed, 4 Feb 2009 19:48:05 +0000 (21:48 +0200)]
Add CONFIG_DRIVER_NL80211 and clarify client MLME limitations
This is based on a patch from Pavel Roskin <proski@gnu.org>, but with
the WIRELESS_DEV part removed instead of moved since it does not apply
anymore. Additional note on client MLME limitations was also added.
Pavel Roskin [Wed, 4 Feb 2009 19:45:14 +0000 (21:45 +0200)]
Use better examples for MadWifi path in defconfig, clarify comments
MadWifi is unlikely to be in ../head relative to hostapd or
wpa_supplicant, as it would be inside the hostap git repository.
MadWifi sources are more likely to be in a directory called "madwifi"
and residing outside the hostap repository. Using "madwifi" also
demonstrates that the top-level madwifi directory is needed.
Jouni Malinen [Wed, 4 Feb 2009 19:19:54 +0000 (21:19 +0200)]
802.11n: scan for overlapping BSSes before starting 20/40 MHz channel
Try to match PRI/SEC channel with neighboring 20/40 MHz BSSes per
IEEE 802.11n/D7.0 11.14.3.2. This is not yet complete implementation,
but at least some parts of the 40 MHz coex are improved.
40 MHz operation maybe rejected (i.e., fall back to using 20 MHz) or
pri/sec channels may be switched if needed.
Jouni Malinen [Wed, 4 Feb 2009 10:49:23 +0000 (12:49 +0200)]
Verify that driver supports configured HT capabilities
Jouni Malinen [Tue, 3 Feb 2009 11:25:49 +0000 (13:25 +0200)]
UPnP: Minor coding style cleanup
Jouke Witteveen [Tue, 3 Feb 2009 11:13:54 +0000 (13:13 +0200)]
Better support in RoboSwitch driver
The RoboSwitch driver of wpa_supplicant had one shortcoming: not
supporting the 5365 series. I believe the patch attached fixes this
problem.
Furthermore it contains a small readability rewrite. It basically is an
explicit loop-rollout so that the wpa_driver_roboswitch_leave style
matches that of wpa_driver_roboswitch_join.
Jouni Malinen [Sun, 1 Feb 2009 20:02:32 +0000 (22:02 +0200)]
wpa_gui-qt4: Disable WPS tab in the same way as the menu item
Disable by default and only enable if the running wpa_supplicant has
support for WPS. This is based on a patch from Kel Modderman
<kel@otaku42.de>.
Jouni Malinen [Sat, 31 Jan 2009 20:22:09 +0000 (22:22 +0200)]
Remove orphaned wpa_cli control socket on EADDRINUSE
If the bind() on /tmp/wpa_ctrl_<pid>_<in-proc-counter> fails with
EADDRINUSE, there is an existing socket file with the name we are trying
to create. Since getpid() is unique, there cannot be another process
using that socket and we can just unlink the file and try again. This
can speed up client connection if wpa_cli is killed without allowing it
to clean up the socket file. [Bug 288]
Jouni Malinen [Fri, 30 Jan 2009 19:34:40 +0000 (21:34 +0200)]
Add comments on the new Broadcom driver not using driver_broadcom.c
The newer Broadcom driver ("hybrid Linux driver") supports Linux
wireless extensions and does not need (or even work) with the old
driver wrapper.
Sebastien Decugis [Fri, 30 Jan 2009 19:21:46 +0000 (21:21 +0200)]
Remove unused variable from struct hostapd_config
I think that the "radius" pointer in the structure hostapd_config is
never used; when the configuration is parsed the related data is stored
in hostapd_bss_config's "radius" var.
Jouni Malinen [Fri, 30 Jan 2009 10:43:19 +0000 (12:43 +0200)]
Do not use country_code default (was: US)
If country_code is not included in hostapd.conf, refuse to enable IEEE
802.11d and do not try to set the regulatory domain in kernel.
Jouni Malinen [Thu, 29 Jan 2009 17:19:30 +0000 (19:19 +0200)]
Added notes about WPS UPnP support and external Registrars
Jouni Malinen [Thu, 29 Jan 2009 16:47:02 +0000 (18:47 +0200)]
WPS: Add support for external Registrars using UPnP transport
This adds mostly feature complete external Registrar support with the
main missing part being proper support for multiple external Registrars
working at the same time and processing of concurrent registrations when
using an external Registrar.
This code is based on Sony/Saice implementation
(https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill
(Atheros) to make it more suitable for hostapd design and embedded
systems. Some of the UPnP code is based on Intel's libupnp. Copyrights
and licensing are explained in src/wps/wps_upnp.c in more detail.
Jouni Malinen [Wed, 28 Jan 2009 09:59:29 +0000 (11:59 +0200)]
Fixed WPS Authenticator attribute processing after M2D
We must not replace M1 with M2D as the last_msg since we need M1 to
validate a possible M2 after M2D. Since M2D and ACK/NACK replies do not
include Authenticator attribute, we can just ignore M2D as far as
updating last_msg is concerned.
Jouni Malinen [Tue, 27 Jan 2009 14:36:27 +0000 (16:36 +0200)]
Use Data::Data only with Host AP driver; mac80211 can use Data::Nullfunc
The inactivity poll was originally supposed to use Data::Nullfunc, but
due to Prism2/2.5/3 firmware issues, this was changed to an empty
Data::Data frame. mac80211 does not have such an issue, so change the
inactivity poll frame to be Data::Nullfunc by default and use the
Data::Data workaround only with Host AP driver.
Jouni Malinen [Tue, 27 Jan 2009 14:34:48 +0000 (16:34 +0200)]
driver_nl80211: Fixed inactivity poll status processing
Previous version was discarding TX status for FromDS data frames, but
those are the exact ones that we need to check for inactivity poll to
work, i.e., they are TX status reports for injected data frames.
In addition, remove the debug printing of TX status for data frame since
that could fill up the debug output if kernel-side filtering cannot be
used with monitor interface.
Johannes Berg [Tue, 27 Jan 2009 10:28:05 +0000 (12:28 +0200)]
driver_nl80211: use Linux socket filter to improve performance
TX status information for all transmitted data frames is not going to
be sent to hostapd anymore, so the CPU load with high traffic load is
going to be significantly reduced.
Jouni Malinen [Sat, 24 Jan 2009 10:51:28 +0000 (12:51 +0200)]
Do not forget wpa_passphrase so that WPS can use it
Send ASCII passphrase instead of derived PSK if the configuration uses
the passphrase.
Jouni Malinen [Sat, 24 Jan 2009 10:50:00 +0000 (12:50 +0200)]
WPS: Add a workaround for incorrect passphrase encoding in Network Key
External Registrar in Vista may include NULL termination in the Network
Key when encoding an ASCII passphrase for WPA/WPA2-PSK. As a workaround,
remove this extra octet if present.
Jouni Malinen [Fri, 23 Jan 2009 19:57:43 +0000 (21:57 +0200)]
WPS: Lock AP Setup on multiple AP PIN validation failures
If a Registrar tries to configure the AP, but fails to validate the
device password (AP PIN), lock the AP setup after four failures. This
protects the AP PIN against brute force guessing attacks.
Jouni Malinen [Fri, 23 Jan 2009 19:08:55 +0000 (21:08 +0200)]
Added ap_settings option for overriding WPS AP Settings in M7
This optional configuration parameter can be used to override AP
Settings attributes in M7 similarly to extra_cred option for Credential
attribute(s) in M8.
Jouni Malinen [Fri, 23 Jan 2009 18:51:26 +0000 (20:51 +0200)]
Free extra_cred when freeing configuration
Jouni Malinen [Fri, 23 Jan 2009 16:01:03 +0000 (18:01 +0200)]
Add an EAPOL payload length workaround for a WPS implementation
Buffalo WHR-G125 Ver.1.47 seems to send EAP-WPS packets with too short
EAPOL header length field (14 octets regardless of EAP frame length).
This is fixed in firmware Ver.1.49, but the broken version is included
in many deployed APs. As a workaround, fix the EAPOL header based on the
correct length in the EAP packet. This workaround can be disabled with
eap_workaround=0 option in the network configuration.
Jouni Malinen [Fri, 23 Jan 2009 11:10:58 +0000 (13:10 +0200)]
Allow WPS APs for PIN enrollment even without Selected Registrar
Some WPS APs do not set Selected Registrar attribute to 1 properly when
using an external Registrar. Allow such an AP to be selected for PIN
registration after couple of scan runs that do not find APs marked with
Selected Registrar = 1. This allows wpa_supplicant to iterate through
all APs that advertise WPS support without delaying connection with
implementations that set Selected Registrar = 1 properly.
Jouni Malinen [Thu, 22 Jan 2009 19:26:14 +0000 (21:26 +0200)]
Allow WPS device strings to be unconfigured
Previous version was causing a NULL pointer dereference if a required
string was not set in configuration. It is better to make these
optional.
Jouni Malinen [Thu, 22 Jan 2009 17:32:58 +0000 (19:32 +0200)]
WPS: Pad DH Public Key and Shared Key to 192 octets
WPS spec is not very specific on the presentation used for the DH
values. The Public Key attribute is described to be 192 octets long, so
that could be interpreted to imply that other places use fixed length
presentation for the DH keys. Change the DH derivation to use fixed
length bufferd by zero padding them from beginning if needed. This can
resolve infrequent (about 1/256 chance for both Public Key and Shared
Key being shorter) interop issues.
Masashi Honma [Thu, 22 Jan 2009 13:18:03 +0000 (15:18 +0200)]
Use WPS state Not Configured instead of Configured in Enrollee
This is needed to allow external Registrar (at least the implementation
in Windows Vista) to configure the Enrollee.
With this patch and my previous patch (for wps.c) , I could pass "Wi-Fi
WPS Test Plan Version 1.0 [5.1.4. Add to AP using PIN Config method and
PASS PHRASE through wired external registrar]".
Masashi Honma [Thu, 22 Jan 2009 13:12:18 +0000 (15:12 +0200)]
WPS: Check Device Password ID attribute only if present in AP search
I can't pass the "Wi-Fi WPS Test Plan Version 1.0 [5.1.4. Add to AP
using PIN Config method and PASS PHRASE through wired external
registrar]". The wpa_supplicant-0.6.7 can't recoginize the testbed
AP(BCM94704AGRRev-E.2.4) as WPS PIN AP. Because after PIN entered, the
AP sends Selected Registrar attribute=0 and not send Device Password ID
attribute.
The proposed change as-is removed validation of Selected Registrar
attribute completely. However, that part is not included in this commit
since it can cause problems for environments with multiple WPS-enabled
APs. Another workaround for this will be considered in wpa_supplicant
scanning process (e.g., start trying to use WPS with APs that do not set
Selected Registrar to TRUE after couple of scan runs that do not find
any APs with Selected Registrar TRUE).
Jouni Malinen [Wed, 21 Jan 2009 14:42:11 +0000 (16:42 +0200)]
Documented interface for external WPS credential processing
Jouni Malinen [Wed, 21 Jan 2009 12:18:14 +0000 (14:18 +0200)]
Fixed WPS with open and shared WEP networks
Do not initialize EAPOL state machine for the STA when hostapd is
configured to use WPS with open or shared WEP networks. This allows the
STA to use EAPOL-Start to indicate it wants to start WPS in such a case
and hostapd does not end up running through EAPOL authentication timeout
and disconnecting the STA if WPS is not used.
There was already code for starting EAPOL state machines based on
received EAPOL packets, but that was not working properly since
portEnabled was not set to TRUE on that code path. This is now fixed,
too.
Jouni Malinen [Wed, 21 Jan 2009 11:48:10 +0000 (13:48 +0200)]
WPS: Added option to disable AP auto-config on first registration
This operation can now be moved into an external program by configuring
hostapd with wps_cred_processing=1 and skip_cred_build=1. A new
ctrl_iface message (WPS-REG-SUCCESS <Enrollee MAC addr> <UUID-E>) will
be used to notify external programs of each successful registration and
that can be used as a tricker to move from unconfigured to configured
state.
Jouni Malinen [Wed, 21 Jan 2009 09:54:12 +0000 (11:54 +0200)]
Added wps_cred_processing configuration option for hostapd
This behaves like the one in wpa_supplicant, i.e., hostapd can be
configured not to process new credentials (AP settings) internally and
instead pass the WPS attributes for an external program to process over
ctrl_iface.
Jouni Malinen [Wed, 21 Jan 2009 09:45:56 +0000 (11:45 +0200)]
Enable wpa_msg() for hostapd
Use wpa_msg() like wpa_supplicant in order to avoid having to use direct
hostapd_ctrl_iface_send() calls.
Jouni Malinen [Tue, 20 Jan 2009 19:28:31 +0000 (21:28 +0200)]
Changed Credential MAC Address to be BSSID in AP/Registrar
WPS spec is not very clear on which MAC address is used here, but BSSID
makes more sense than Enrollee MAC address.
Jouni Malinen [Tue, 20 Jan 2009 19:16:29 +0000 (21:16 +0200)]
Changed the version to 0.7.0 since development branch is now 0.7.x
Jouni Malinen [Tue, 20 Jan 2009 19:12:00 +0000 (21:12 +0200)]
Increased wpa_cli/hostapd_cli ping interval and made it configurable
The default interval is now 5 seconds (used to be 1 second for
interactive mode and 2 seconds for wpa_cli -a). The interval can be
changed with -G<seconds> command line option.