Jouni Malinen [Tue, 6 Apr 2010 07:38:37 +0000 (10:38 +0300)]
WPS: Add a workaround for incorrect NewWLANEventMAC format
Some ER implementation (e.g., some versions of Intel PROSet) seem to
use incorrect format for WLANEventMAC variable in PutWLANResponse.
Work around this by allowing various MAC address formats to be used
in this variable (debug message will be shown if the colon-deliminated
format specified in WFA WLANConfig 1.0 is not used).
Jouni Malinen [Tue, 6 Apr 2010 07:37:13 +0000 (10:37 +0300)]
Add a more flexible version of hwaddr_aton: hwaddr_aton2()
This version of the MAC address parser allows number of different
string formats for the address (e.g., 00:11:22:33:44:55, 0011.2233.4455,
001122334455, 00-11-22-33-44-55). It returns the number of characters
used from the input string in case of success.
Jouni Malinen [Sun, 4 Apr 2010 06:34:14 +0000 (09:34 +0300)]
FT: Re-set PTK on reassociation
It turns out that this is needed for both FT-over-DS and FT-over-air
when using mac80211, so it looks easiest to just unconditionally
re-configure the keys after reassociation when FT is used.
Jouni Malinen [Sun, 4 Apr 2010 06:31:13 +0000 (09:31 +0300)]
FT: Use bridge interface (if set) for RRB connection
This fixes receiving of RRB messages between FT APs
Jouni Malinen [Sun, 4 Apr 2010 06:17:57 +0000 (09:17 +0300)]
FT: Set WLAN_AUTH_FT auth_alg on FT-over-DS case
This is needed to allow reassociation processing to skip 4-way handshake
when FT-over-DS is used with an AP that has a previous association state
with the STA.
Jouni Malinen [Sun, 4 Apr 2010 06:16:11 +0000 (09:16 +0300)]
FT: Force key configuration after association in FT-over-DS
This seems to be needed at least with mac80211 when a STA is using
FT-over-DS to reassociate back to the AP when the AP still has the
previous association state.
Jouni Malinen [Sat, 3 Apr 2010 18:05:50 +0000 (21:05 +0300)]
Add AP-STA-DISCONNECT event for driver-based MLME
Jouni Malinen [Sat, 3 Apr 2010 18:03:13 +0000 (21:03 +0300)]
Allow hostapd_notif_assoc() to be called with all IEs
This makes the call simpler for driver wrappers since there is no need
to parse the IEs anymore before indicating association. In addition,
this allows association processing to be extended to use other IEs
in the future.
Jouni Malinen [Sat, 3 Apr 2010 16:37:21 +0000 (18:37 +0200)]
Fix Windows compilation issues with AP mode code
Jouni Malinen [Sat, 3 Apr 2010 16:36:49 +0000 (18:36 +0200)]
Add address to hostapd_logger output in wpa_supplicant as AP case
Jouni Malinen [Sat, 3 Apr 2010 16:35:42 +0000 (18:35 +0200)]
WPS: Do not include Label in default Config Methods
This avoids conflict with both Label and Display being included at
the same time (which would make it difficult to figure out which
PIN was actually used).
Jouni Malinen [Sat, 3 Apr 2010 16:34:44 +0000 (18:34 +0200)]
WPS: Fix PBC session overlap detection to use Device Password Id
Active PBC mode is indicated by Device Password Id == 4, not Config Methods
attribute.
Jouni Malinen [Sat, 3 Apr 2010 16:14:29 +0000 (09:14 -0700)]
driver_osx: Update set_key arguments to fix build
Jouni Malinen [Tue, 30 Mar 2010 05:57:10 +0000 (22:57 -0700)]
MFP: Fix IGTK PN in group rekeying
IGTK get_seqnum needs to be skipped in the same way as GTK one when
rekeying group keys. Previously, the old PN value (the one from the
previous key) was indicated and that resulted in MMIE replay detection
at the station.
Jouni Malinen [Mon, 29 Mar 2010 22:42:04 +0000 (15:42 -0700)]
Add a drop_sa command to allow 802.11w testing
This drops PTK and PMK without notifying the AP.
Jouni Malinen [Mon, 29 Mar 2010 21:05:25 +0000 (14:05 -0700)]
MFP: Add SA Query Request processing in AP mode
Jouni Malinen [Mon, 29 Mar 2010 19:01:40 +0000 (12:01 -0700)]
Add test commands for sending deauth/disassoc without dropping state
This can be used to test 802.11w by sending a protected or unprotected
deauth/disassoc frame.
hostapd_cli deauth <dst addr> test=<0/1>
hostapd_cli disassoc <dst addr> test=<0/1>
test=0: unprotected
test=1: protected
Jouni Malinen [Mon, 29 Mar 2010 18:14:57 +0000 (11:14 -0700)]
Add deauthenticate/disassociate ctrl_iface commands
Jouni Malinen [Mon, 29 Mar 2010 17:48:01 +0000 (10:48 -0700)]
MFP: Add MFPR flag into station RSN IE if 802.11w is mandatory
Jouni Malinen [Mon, 29 Mar 2010 16:59:16 +0000 (09:59 -0700)]
Fix ctrl_iface get-STA-MIB for WPS disabled case
The previous version would crash here on NULL pointer dereference if
WPS was disabled.
Jouni Malinen [Sun, 28 Mar 2010 22:32:34 +0000 (15:32 -0700)]
bgscan: Add signal strength change events
This allows bgscan modules to use more information to decide on when
to perform background scans. bgscan_simple can now change between
short and long background scan intervals based on signal strength
and in addition, it can trigger immediate scans when the signal
strength is detected to be dropping.
bgscan_simple takes following parameters now:
short interval:signal strength threshold:long interval
For example:
bgscan="simple:30:-45:300"
Jouni Malinen [Sun, 28 Mar 2010 22:31:04 +0000 (15:31 -0700)]
Add driver command and event for signal strength monitoring
Jouni Malinen [Sun, 28 Mar 2010 20:56:40 +0000 (13:56 -0700)]
nl80211: Parse CQM events
Jouni Malinen [Sun, 28 Mar 2010 19:47:17 +0000 (12:47 -0700)]
Sync with wireless-testing.git include/linux/nl80211.h
Holger Schurig [Sun, 28 Mar 2010 05:22:17 +0000 (22:22 -0700)]
nl80211: Fix WEP key configuration for prior to authentication
The driver data was changed from struct wpa_driver_nl80211_data * to
struct i802_bss * and the internal call will need to match that change.
Jouni Malinen [Sat, 27 Mar 2010 06:26:24 +0000 (23:26 -0700)]
Fix wpa_auth_iface_iter() to skip BSSes without Authenticator
This could cause NULL pointer deference if multi-BSS configuration
was used with OKC in some cases.
Jouni Malinen [Sat, 27 Mar 2010 05:45:50 +0000 (22:45 -0700)]
Add freq_list network configuration parameter
This can be used to limit which frequencies are considered when
selecting a BSS. This is somewhat similar to scan_freq, but will
also affect any scan results regardless of which program triggered
the scan.
Jouni Malinen [Sat, 27 Mar 2010 05:22:38 +0000 (22:22 -0700)]
nl80211: Add more debug information about scan request parameters
Jouni Malinen [Sat, 27 Mar 2010 04:58:31 +0000 (21:58 -0700)]
nl80211: Silence set_key ENOLINK failure messages on key clearing
This happens in common case and is expected, so there is no need to
include the potentially confusing failure message in the debug log.
Jouni Malinen [Sat, 13 Mar 2010 19:43:00 +0000 (21:43 +0200)]
FT: Fix Authorized flag setting for FT protocol
4-way handshake or EAPOL is not used in this case, so we must
force Authorized flag to be set at the conclusion of successful
FT protocol run.
Jouni Malinen [Sat, 13 Mar 2010 19:40:44 +0000 (21:40 +0200)]
FT: Clean EAPOL supp portValid to force re-entry to AUTHENTICATED
This fixed FT-over-DS to end up in Authorized state when the EAPOL
PAE state machine re-enters AUTHENTICATED.
Jouni Malinen [Sat, 13 Mar 2010 19:13:18 +0000 (21:13 +0200)]
FT: Process reassoc resp FT IEs when using wpa_supplicant SME
Jouni Malinen [Sat, 13 Mar 2010 19:11:26 +0000 (21:11 +0200)]
FT: Fix PTK configuration in authenticator
Must update sm->pairwise when fetching PMK-R1 SA.
Add a workaround for drivers that cannot set keys before association
(e.g., cfg80211/mac80211): retry PTK configuration after association.
Jouni Malinen [Sat, 13 Mar 2010 16:28:15 +0000 (18:28 +0200)]
FT: Add driver op for marking a STA authenticated
This can be used with FT-over-DS where FT Action frame exchange
triggers transition to State 2 (authenticated) without Authentication
frame exchange.
Jouni Malinen [Sat, 13 Mar 2010 16:26:25 +0000 (18:26 +0200)]
FT: Update SME frequency info before sme_associate() call
This is needed to allow FT-over-DS to request correct channel for
the reassociation with the target AP.
Jouni Malinen [Sat, 13 Mar 2010 15:15:38 +0000 (17:15 +0200)]
FT: Add a workaround to set PTK after reassociation
If the PTK configuration prior to association fails, allow reassociation
attempt to continue and configure PTK after association. This is a
workaround for drivers that do not allow PTK to be configured before
association (e.g., current cfg80211/mac80211).
Jouni Malinen [Sat, 13 Mar 2010 15:14:41 +0000 (17:14 +0200)]
FT: Request reassociation after successful FT Action frame exchange
Jouni Malinen [Sat, 13 Mar 2010 11:39:22 +0000 (13:39 +0200)]
Fix WPS IE in Probe Response frame to include proper Config Methods values
This attribute is supposed to indicate which methods the AP supports as
an Enrollee for adding external Registrars. It was left to 0 when the
AP code did not yet support external Registrars and was forgotten when
the ER support was added.
Jouni Malinen [Fri, 12 Mar 2010 17:43:15 +0000 (19:43 +0200)]
wpa_cli: Improved command parameter tab completion
Jouni Malinen [Fri, 12 Mar 2010 15:34:56 +0000 (17:34 +0200)]
wpa_cli: Fix detach race with forked monitor process
Need to kill the monitor process before running detach command on
the monitor connection to avoid race where the monitor process may
end up getting the detach command result.
Jouni Malinen [Fri, 12 Mar 2010 15:24:50 +0000 (17:24 +0200)]
wpa_cli: Redisplay readline edit after event messages
Jouni Malinen [Thu, 11 Mar 2010 22:43:00 +0000 (00:43 +0200)]
FT: Add preliminary processing of FT Action Response from EVENT_RX_ACTION
Previously, this was only done with userspace MLME (i.e., driver_test.c);
now, driver_nl80211.c can deliver the FT Action Response (FT-over-DS)
for processing. The reassociation after successful FT Action frame
exchange is not yet implemented.
Jouni Malinen [Thu, 11 Mar 2010 22:41:03 +0000 (00:41 +0200)]
nl80211: Fix FT Action send command
Need to include payload header in the data length to avoid sending
truncated FT Action frame.
Masashi Honma [Wed, 10 Mar 2010 21:33:10 +0000 (23:33 +0200)]
NetBSD: Fix driver_bsd.c build
On NetBSD 5.0.2, wpa_supplicant build results in messages below.
../src/drivers/driver_bsd.c: In function 'wpa_driver_bsd_get_ssid':
../src/drivers/driver_bsd.c:876: warning: passing argument 2 of 'bsd_get_ssid'
from incompatible pointer type
../src/drivers/driver_bsd.c:876: warning: passing argument 3 of 'bsd_get_ssid'
makes integer from pointer without a cast
../src/drivers/driver_bsd.c:876: error: too many arguments to function
'bsd_get_ssid'
../src/drivers/driver_bsd.c: In function 'wpa_driver_bsd_scan':
../src/drivers/driver_bsd.c:1125: warning: passing argument 2 of 'bsd_set_ssid'
from incompatible pointer type
../src/drivers/driver_bsd.c:1125: warning: passing argument 3 of 'bsd_set_ssid'
makes integer from pointer without a cast
../src/drivers/driver_bsd.c:1125: error: too many arguments to function
'bsd_set_ssid'
gmake: *** [../src/drivers/driver_bsd.o] Error 1
This patch solves this issue.
Jouni Malinen [Sun, 7 Mar 2010 20:47:39 +0000 (22:47 +0200)]
nl80211: Add preliminary implementation of FT Action send
This is a step in adding FT support with nl80211-based drivers.
driver_nl80211.c is now registering to handle the FT Action frames
and is able to transmit FT Request frame. Received FT Action frames
are not yet indicated as driver events.
Jouni Malinen [Sun, 7 Mar 2010 20:18:33 +0000 (22:18 +0200)]
FT: Include pairwise cipher suite in PMK-R0 SA and PMK-R1 SA
This is needed to fix PTK derivation to use correct length. Previously,
64-octet PTK may have been derived if the authenticator did not already
have a STA entry. Now, the correct pairwise cipher suite is learned when
then PMK-R1 SA is received.
Jouni Malinen [Sun, 7 Mar 2010 19:29:34 +0000 (21:29 +0200)]
nl80211: Fix driver context pointer for auth-failure-case
The new per-BSS context needs to be used here when calling
wpa_driver_nl80211_deauthenticate() to avoid passing incorrect
data type to the function.
Jouni Malinen [Sun, 7 Mar 2010 19:16:42 +0000 (21:16 +0200)]
Fix a typo in r1kh config parameter description
The second item on the line is R1KH-ID, not R0KH-ID.
Marcin Marzec [Sun, 7 Mar 2010 19:02:55 +0000 (21:02 +0200)]
Fix typo in WPA_AUTH_ALG_FT definition
This was not supposed to have duplicate value with WPA_AUTH_ALG_LEAP.
The previous version was unable to set FT as the authentication
algorithm with nl80211.
Jouni Malinen [Sun, 7 Mar 2010 15:28:00 +0000 (17:28 +0200)]
wpa_gui: Remove unneeded wpa_ctrl_request() msg_cb
Jouni Malinen [Sun, 7 Mar 2010 09:51:50 +0000 (11:51 +0200)]
Remove unnecessary ifname parameter from set_ap_wps_ie() driver op
Jouni Malinen [Sun, 7 Mar 2010 09:49:27 +0000 (11:49 +0200)]
Remove unnecessary ifname parameter from set_ht_params() driver op
Jouni Malinen [Sun, 7 Mar 2010 09:45:41 +0000 (11:45 +0200)]
Remove unnecessary ifname parameter to sta_set_flags() driver op
Jouni Malinen [Sun, 7 Mar 2010 09:42:41 +0000 (11:42 +0200)]
Remove unnecessary ifname parameter from sta_add() driver op
Jouni Malinen [Sun, 7 Mar 2010 09:36:45 +0000 (11:36 +0200)]
Remove unnecessary ifname parameter from hapd_get_ssid/hapd_set_ssid
Jouni Malinen [Sun, 7 Mar 2010 09:33:06 +0000 (11:33 +0200)]
Remove unnecessary ifname parameter from set_generic_elem() driver op
Jouni Malinen [Sun, 7 Mar 2010 09:29:17 +0000 (11:29 +0200)]
Remove unneeded ifname parameter from set_privacy() driver op
Jouni Malinen [Sun, 7 Mar 2010 09:26:35 +0000 (11:26 +0200)]
driver_test: Use driver private BSS context instead of BSS lookup
The ifname-based lookup can now be replaced with the new mechanism that
allows driver wrappers to register per-BSS context data.
Jouni Malinen [Sun, 7 Mar 2010 09:25:28 +0000 (11:25 +0200)]
Avoid crash after driver init failure
hostapd_flush_old_stations() needs to check whether the driver
initialization was successful since it gets called on an error path.
Jouni Malinen [Sun, 7 Mar 2010 08:05:05 +0000 (10:05 +0200)]
Remove unneeded iface parameter from if_add() driver op
Jouni Malinen [Sun, 7 Mar 2010 08:04:35 +0000 (10:04 +0200)]
Remove forgotten ifname parameter from set_beacon() call
Felix Fietkau [Sun, 7 Mar 2010 07:59:22 +0000 (09:59 +0200)]
hostapd: fix a segfault in the error path of the nl80211 if_add function
Jouni Malinen [Sat, 6 Mar 2010 20:37:48 +0000 (22:37 +0200)]
nl80211: Unregister forgotten eloop socket on init failure
Jouni Malinen [Sat, 6 Mar 2010 20:36:40 +0000 (22:36 +0200)]
Remove unnecessary ifname parameter from set_beacon()
The new per-BSS driver context makes this unnecessary.
Felix Fietkau [Sat, 6 Mar 2010 20:30:25 +0000 (22:30 +0200)]
hostapd: allow stations to move between different bss interfaces
With this patch, a client gets kicked out of the last BSS it was
attached to, when it is associating to a different one.
While mac80211 does allow a station to be present on multiple bss
interfaces, this does seem to cause problems both for the stack
and for hostapd.
Felix Fietkau [Sat, 6 Mar 2010 20:22:56 +0000 (22:22 +0200)]
hostapd: Fix interface selection for the nl80211 driver
This patch allows the nl80211 driver to create its own per-bss context
and pass it to the drv_priv pointer of the hostapd bss state.
With this and the following patch, stations can associate to and switch
between multiple BSS interfaces of a single wiphy.
This obsoletes a few instances of passing ifname to a callback, those
can be removed in a separate patch.
It might also be useful to move more fields from the driver data to the
per-bss data structure in the future.
Felix Fietkau [Sat, 6 Mar 2010 18:52:22 +0000 (20:52 +0200)]
hostapd: fix bogus nl80211 interface remove messages for STA WDS
Felix Fietkau [Sat, 6 Mar 2010 18:44:31 +0000 (20:44 +0200)]
hostapd: add ifname to the sta_set_flags callback
This fixes multi-BSS STA operations (e.g., setting AUTHORIZED flag) with
nl80211-based drivers.
Jouni Malinen [Sat, 6 Mar 2010 14:40:53 +0000 (16:40 +0200)]
Remove unneeded CONFIG_EAP comments
These are not needed for WPS builds since CONFIG_WPS=y enables all
the needed EAP components.
Jouni Malinen [Sat, 6 Mar 2010 14:37:57 +0000 (16:37 +0200)]
Avoid warnings on unused function/variables if debug is disabled
CONFIG_NO_STDOUT_DEBUG removes wpa_printf() calls, so need to ifdef
some function and variable definitions to avoid compiler warnings.
Dmitry Shmidt [Sat, 6 Mar 2010 09:13:50 +0000 (11:13 +0200)]
Update priority list after priority change
Despite comments in the wpa_config_update_prio_list(struct wpa_config
*config) telling that it is called "if priority for a network is
changed", it is apparently not.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Kel Modderman [Sat, 6 Mar 2010 08:16:47 +0000 (10:16 +0200)]
wpa_supplicant: fix FTBFS on Debian GNU/kFreeBSD
This patch allows wpa_supplicant to compile on Debian's kfreebsd
architectures.
Patch by Stefan Lippers-Hollmann based on work done by Petr Salinger
and Emmanuel Bouthenot for 0.6.X (http://bugs.debian.org/480572).
Jouni Malinen [Sat, 6 Mar 2010 08:04:41 +0000 (10:04 +0200)]
bsd: Use os_strlcpy instead of strlcpy
Jouni Malinen [Fri, 5 Mar 2010 19:42:06 +0000 (21:42 +0200)]
Add optional scan result filter based on SSID
filter_ssids=1 global configuration parameter can now be used to
enable scan result filtering (with -Dnl80211 only for now) based on
the configured SSIDs. In other words, only the scan results that have
an SSID matching with one of the configured networks are included in the
BSS table. This can be used to reduce memory needs in environments that
have huge number of APs.
Jouni Malinen [Fri, 5 Mar 2010 18:20:09 +0000 (20:20 +0200)]
Make maximum BSS table size configurable
New global configuration parameter bss_max_count can now be used to
change the maximum BSS table size. The old fixed size limit (200) is
used as the default value for this parameter.
Jouni Malinen [Sun, 28 Feb 2010 09:09:58 +0000 (11:09 +0200)]
Allow roam based on preferred BSSID regardless of signal strength
Jouni Malinen [Sat, 27 Feb 2010 18:03:13 +0000 (20:03 +0200)]
Do not inhibit suspend even if wpa_cli command fails
There is no point in inhibiting suspend in case wpa_supplicant is
not running and as such, return success unconditionally from this
script.
Jouni Malinen [Sat, 27 Feb 2010 16:46:02 +0000 (18:46 +0200)]
Add suspend/resume notifications
wpa_supplicant can now be notified of suspend/resume events, e.g.,
from pm-action scripts. This allows wpa_supplicant to clear information
that may become invalid during a suspend operation.
Jouni Malinen [Sat, 27 Feb 2010 16:40:25 +0000 (18:40 +0200)]
Clear current_bss pointer on disassociation/deauthentication
This is needed to allow the BSS table entry for the previously used
BSS to be removed. Now wpa_bss_in_use() can return 0 for the last BSS
that was used as soon as deauthentication/disassociation event has been
received.
Jouni Malinen [Sat, 27 Feb 2010 16:39:09 +0000 (18:39 +0200)]
Add more debug prints to make deauth/disassoc events clearer
Jouni Malinen [Fri, 19 Feb 2010 17:14:41 +0000 (19:14 +0200)]
Use os_snprintf instead of snprintf
Jouni Malinen [Fri, 19 Feb 2010 16:54:07 +0000 (18:54 +0200)]
Rename EAP server source files to avoid duplicate names
This makes it easier to build both EAP peer and server functionality
into the same project with some toolchains.
Jouni Malinen [Fri, 19 Feb 2010 16:35:40 +0000 (18:35 +0200)]
Make EAPOL Authenticator buildable with Microsoft compiler
Masashi Honma [Tue, 16 Feb 2010 17:47:00 +0000 (19:47 +0200)]
bsd: Use device capability information
This patch enables the use of device capability information from the
driver when possible.
Jouni Malinen [Tue, 16 Feb 2010 17:41:49 +0000 (19:41 +0200)]
nl80211: Add support for off-channel Action TX/RX commands
The kernel side support for this was just added into
wireless-testing.git. This commit adds the driver wrapper code needed
to allow wpa_supplicant to use the new functionality.
Jouni Malinen [Tue, 16 Feb 2010 17:34:51 +0000 (19:34 +0200)]
Add alloc_interface_addr() drv op option for specifying ifname
Some drivers may need to use a specific ifname for the virtual
interface, so allow them to do this with a new parameter passed
to the alloc_interface_addr() handler.
Jouni Malinen [Tue, 16 Feb 2010 17:28:38 +0000 (19:28 +0200)]
Sync with linux/nl80211.h from wireless-testing.git
Jouni Malinen [Sun, 14 Feb 2010 14:14:20 +0000 (16:14 +0200)]
wpa_cli: Add option to use child process to receive events
CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config can be used to
configure wpa_cli build to make a version of wpa_cli that forks
a child process to receive event messages. This allows the events
to be shown immediately instead of having to wait for the next
periodic poll with PING.
Jouni Malinen [Sun, 14 Feb 2010 14:08:15 +0000 (16:08 +0200)]
EAP-TNC: Add Flags field into fragment acknowledgement
TNC IF-T is somewhat unclear on this are, but
draft-hanna-nea-pt-eap-00.txt, which is supposed to define the same
protocol, is clearer on the Flags field being included.
This change breaks interoperability with the old implementation if
EAP-TNC fragmentation is used. The old version would not accept
the acknowledgement message with the added Flags octet while the
new version accepts messagss with with both options.
Jouni Malinen [Sat, 13 Feb 2010 19:37:35 +0000 (21:37 +0200)]
wpa_gui: Use separate ctrl_iface connection for event messages
Jouni Malinen [Sat, 13 Feb 2010 16:03:52 +0000 (18:03 +0200)]
EAP-TNC server: Fix processing when last message is fragmented
If the last message from the EAP-TNC server was fragmented, the
fragment processing lost the DONE/FAIL state and did not know how
to handle the final ACK from the peer. Fix this by remembering the
earlier DONE/FAIL state when fragmenting a frame.
Jouni Malinen [Sat, 13 Feb 2010 16:00:39 +0000 (18:00 +0200)]
EAP-TNC: Accept fragment ack frame with Flags field
TNC IF-T specification is unclear on the exact contents of the fragment
acknowledgement frame. An interoperability issue with the tncs@fhh
implementation was reported by Arne Welzel
<arne.welzel@stud.fh-hannover.de> due to the different interpretations
of the specification. Relax EAP-TNC server/peer validation rules to
accept fragmentation acknowledgement frames to include the Flags field
to avoid this issue.
Kel Modderman [Sat, 13 Feb 2010 12:03:18 +0000 (14:03 +0200)]
wpa_gui-qt4: do not show WPS AP available event tray messages
Do not show WPS event tray messages as they can happen too frequently.
Signed-off-by: Kel Modderman <kel@otaku42.de>
Masashi Honma [Sat, 13 Feb 2010 11:59:29 +0000 (13:59 +0200)]
bsd: Aggregate ioctl routines
This patch aggregates ioctls.
First is SIOCS80211. The SIOCS80211's arguments has 3 couples.
1-1. i_len, i_data
1-2. i_val
1-3. i_len, i_data, i_val (currently only IEEE80211_IOC_APPIE)
There were 3 routines for each cases. This patch aggregates these to
one.
Second is SIOCG80211. The SIOCG80211 returns 2 type of value.
2-1. i_len
2-2. i_val
There were 2 routines for each cases. This patch aggregates these to
one.
I have tested on both FreeBSD 8.0 and NetBSD 5.0.1 with these cases.
[hostapd]
RSN-PSK(CCMP)/WPA-PSK(TKIP)
[wpa_supplicant(STA)]
RSN-PSK(CCMP)/WPA-PSK(TKIP)
[wpa_supplicant(AP)]
RSN-PSK(CCMP)/WPA-PSK(TKIP)
Masashi Honma [Sat, 13 Feb 2010 11:57:39 +0000 (13:57 +0200)]
FreeBSD: Add support for FreeBSD 8.0 STA/AP
This patch adds both wpa_supplicant and hostapd support for
FreeBSD 8.0.
I refered
http://www.jp.freebsd.org/cgi/cvsweb.cgi/src/usr.sbin/wpa/hostapd/driver_freebsd
.c
http://www.jp.freebsd.org/cgi/cvsweb.cgi/src/usr.sbin/wpa/wpa_supplicant/driver_
freebsd.c
I have tested on FreeBSD 8.0 with these cases.
[hostapd]
RSN-PSK(CCMP)/WPA-PSK(TKIP)
[wpa_supplicant(STA)]
RSN-PSK(CCMP)/WPA-PSK(TKIP)
[wpa_supplicant(AP)]
RSN-PSK(CCMP)/WPA-PSK(TKIP)
Masashi Honma [Sat, 13 Feb 2010 11:54:27 +0000 (13:54 +0200)]
FreeBSD: Enable channel control
This patch enables FreeBSD channel control.
I have tested on FreeBSD 7.2 with these cases.
[hostapd]
RSN-PSK(CCMP)/WPA-PSK(TKIP)
[wpa_supplicant(STA)]
RSN-PSK(CCMP)/WPA-PSK(TKIP)
[wpa_supplicant(AP)]
RSN-PSK(CCMP)/WPA-PSK(TKIP)
Masashi Honma [Sat, 13 Feb 2010 11:52:03 +0000 (13:52 +0200)]
bsd: Unify wpa_driver_bsd_ops
The attached patch unifies hostapd wpa_driver_bsd_ops and
wpa_supplicant wpa_driver_bsd_ops.
I have tested on NetBSD 5.0.1 with these cases.
[hostapd]
RSN-PSK(CCMP)/WPA-PSK(TKIP)
[wpa_supplicant(STA)]
RSN-PSK(CCMP)/WPA-PSK(TKIP)
[wpa_supplicant(AP)]
RSN-PSK(CCMP)/WPA-PSK(TKIP)
Masashi Honma [Sat, 13 Feb 2010 11:50:19 +0000 (13:50 +0200)]
bsd: Unify struct bsd_driver_data and struct wpa_driver_bsd_data
This patch unifies struct bsd_driver_data and struct wpa_driver_bsd_data.
Masashi Honma [Sat, 13 Feb 2010 11:48:52 +0000 (13:48 +0200)]
bsd: Use same field name between hostapd and wpa_supplicant
This patch modifies field name of struct bsd_driver_data to use
same name of struct wpa_driver_bsd_data. This is a preparation of
unifying struct bsd_driver_data and struct wpa_driver_bsd_data.
Jouni Malinen [Sat, 13 Feb 2010 09:14:23 +0000 (11:14 +0200)]
Add TLS client events, server probing, and srv cert matching
This allows external programs (e.g., UI) to get more information
about server certificate chain used during TLS handshake. This can
be used both to automatically probe the authentication server to
figure out most likely network configuration and to get information
about reasons for failed authentications.
The follow new control interface events are used for this:
CTRL-EVENT-EAP-PEER-CERT
CTRL-EVENT-EAP-TLS-CERT-ERROR
In addition, there is now an option for matching the server certificate
instead of the full certificate chain for cases where a trusted CA is
not configured or even known. This can be used, e.g., by first probing
the network and learning the server certificate hash based on the new
events and then adding a network configuration with the server
certificate hash after user have accepted it. Future connections will
then be allowed as long as the same server certificate is used.
Authentication server probing can be done, e.g., with following
configuration options:
eap=TTLS PEAP TLS
identity=""
ca_cert="probe://"
Example set of control events for this:
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' hash=5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a
CTRL-EVENT-EAP-TLS-CERT-ERROR reason=8 depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' err='Server certificate chain probe'
CTRL-EVENT-EAP-FAILURE EAP authentication failed
Server certificate matching is configured with ca_cert, e.g.:
ca_cert="hash://server/sha256/5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a"
This functionality is currently available only with OpenSSL. Other
TLS libraries (including internal implementation) may be added in
the future.