openkylin
/
wpa
mirror of https://gitee.com/openkylin/wpa.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

merage upstream 2.10

This commit is contained in:
武丹 2023-03-31 11:09:17 +08:00
parent 3146ad0114
commit ba53ce4933
544 changed files with 67765 additions and 27994 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
.gitignore vendored
View File

@ -1,35 +1,8 @@
*.a
*.o
*.d
*.gcno
*.gcda
*.gcov
*.pyc
*~
.config
tests/hwsim/logs
tests/remote/logs
wpaspy/build
wpa_supplicant/eapol_test
wpa_supplicant/nfc_pw_token
wpa_supplicant/preauth_test
wpa_supplicant/wpa_cli
wpa_supplicant/wpa_passphrase
wpa_supplicant/wpa_supplicant
wpa_supplicant/wpa_priv
wpa_supplicant/wpa_gui/Makefile
wpa_supplicant/wpa_gui/wpa_gui
wpa_supplicant/wpa_gui-qt4/Makefile
wpa_supplicant/wpa_gui-qt4/wpa_gui
wpa_supplicant/libwpa_test1
wpa_supplicant/libwpa_test2
hostapd/hostapd
hostapd/hostapd_cli
hostapd/hlr_auc_gw
hostapd/nt_password_hash
mac80211_hwsim/tools/hwsim_test
wlantest/libwlantest.a
wlantest/test_vectors
wlantest/wlantest
wlantest/wlantest_cli
**/parallel-vm.log
tags
build/

5
CONTRIBUTIONS
View File

@ -56,6 +56,9 @@ In general, the best way of generating a suitable formatted patch file
is by committing the changes to a cloned git repository and using git
format-patch. The patch can then be sent, e.g., with git send-email.
A list of pending patches waiting for review is available in
Patchwork: https://patchwork.ozlabs.org/project/hostap/list/
History of license and contributions terms
------------------------------------------
@ -140,7 +143,7 @@ The license terms used for hostap.git files
Modified BSD license (no advertisement clause):
Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi> and contributors
Copyright (c) 2002-2022, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved.
Redistribution and use in source and binary forms, with or without

2
COPYING
View File

@ -1,7 +1,7 @@
wpa_supplicant and hostapd
--------------------------
Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi> and contributors
Copyright (c) 2002-2022, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved.

2
README
View File

@ -1,7 +1,7 @@
wpa_supplicant and hostapd
--------------------------
Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi> and contributors
Copyright (c) 2002-2022, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved.
These programs are licensed under the BSD license (the one with

39
debian/NEWS vendored
View File

@ -1,39 +0,0 @@
wpasupplicant (2:2.6-19) unstable; urgency=medium
With this release, wpasupplicant no longer respects the system
default minimum TLS version, defaulting to TLSv1.0, not TLSv1.2. If
you're sure you will never connect to EAP networks requiring anything less
than 1.2, add this to your wpasupplicant configuration:
tls_disable_tlsv1_0=1
tls_disable_tlsv1_1=1
wpasupplicant also defaults to a security level 1, instead of the system
default 2. Should you need to change that, change this setting in your
wpasupplicant configuration:
openssl_ciphers=DEFAULT@SECLEVEL=2
Unlike wpasupplicant, hostapd still respects system defaults.
-- Andrej Shadura <andrewsh@debian.org> Sat, 15 Dec 2018 14:22:18 +0100
wpasupplicant (0.6.2-1) unstable; urgency=low
The -w (wait for network interface to exist) command line option no longer
exists. If you have scripts that require this option, it is time to change
them, or use one of the two supported modes of operation explained at
/usr/share/doc/wpasupplicant/README.modes.gz.
ifupdown supports hot-plugged network devices via the "allow-hotplug" class
of operation. An example /etc/network/interfaces configuration stanza would
look like:
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid myssid
wpa-psk mysecretpassphrase
network-manager is also able to handle hot-plugged network devices.
-- Kel Modderman <kel@otaku42.de> Mon, 14 Jan 2008 18:02:17 +1000

12
debian/NetworkManager/no-mac-addr-change.conf vendored
View File

@ -1,12 +0,0 @@
# Certain drivers are known not to support changing the MAC address.
# Disable touching the MAC address on such devices.
#
# See man NetworkManager.conf
#
# https://bugzilla.gnome.org/show_bug.cgi?id=777523
[device-mac-addr-change-wifi]
match-device=driver:rtl8723bs,driver:rtl8189es,driver:r8188eu,driver:8188eu,driver:eagle_sdio,driver:wl
wifi.scan-rand-mac-address=no
wifi.cloned-mac-address=preserve
ethernet.cloned-mac-address=preserve

130
debian/README.source vendored
View File

@ -1,130 +0,0 @@
"wpa" sources for Debian
------------------------
**WARNING**: THIS IS OUTDATED; check debian/watch for the actual URLs.
This "wpa" source package merges wpa_supplicant and hostapd sources, which are
maintained in one source repository[1] upstream and share considerable/
duplicate amounts of source. Starting with the 1.x branch, both wpa_supplicant
and hostapd are built from this common source package for Debian, while not
released together as tarball by upstream, the source can be obtained from the
upstream git repositories.
The preferred way to generate the orig.tar.gz is by calling
$ debian/rules get-orig-source
which will clone the upstream git repository under $TMPDIR, using mktemp(1),
and create a new tarball based on the git tag corresponding to the top most
entry in debian/changelog. This newly generated tarball will be stored as
../wpa_${VERSION}.orig.tar.gz or ../tarballs/wpa_${VERSION}.orig.tar.gz, if
a directory called ../tarballs/ exists. Eventually existing tarballs
corresponding to the current version will not be overwritten.
Required dependencies to generate a new orig.tar.gz:
- a SUSv3 compatible shell, like dash or bash
- dpkg-parsechangelog, available from dpkg-dev
- git
- xz, available from xz-utils or busybox
- mktemp and rm, available from coreutils or busybox
- sed, available from sed or busybox
- tar, available from tar or busybox
It is recommended to base tarballs for development snapshots of "wpa" on
according git tags from the upstream git repository, the available git tags
can be queried by:
$ git clone git://w1.fi/srv/git/hostap-1.git # 1.x branch
or
$ git clone git://w1.fi/srv/git/hostap.git # >= 2.x branches
changing into the corresponding directory (hostap-1 or hostapd) and calling
git tag.
$ cd hostapd-1
$ git tag
hostap_0_6_3
[…]
hostap_1_0
[…]
hostap_1_0_rc3
[…]
The Debian versions for these tags would be 0.6.3-1, 1.0 or 1.0~rc3 in
debian/changelog. Intermediate states between tags or HEAD are usually best
dealt with by creating a patch series based on the newest matching tag.
Exporting commits between "hostap_1_0" and the current git HEAD:
$ git format-patch hostap_1_0..HEAD
Exporting commits between "hostap_1_0_rc3" and "hostap_1_0":
$ git format-patch hostap_1_0_rc3..hostap_1_0
In both cases numbered patches will be dropped in the base directory of the
git clone. These numbered patches can be imported to the Debian package using
standard procedures for "3.0 (quilt)" source packages.
Tarballs can also be created manually from the upstream git repository:
$ git clone git://w1.fi/srv/git/hostap-1.git
$ cd hostap-1
$ git archive \
--format=tar \
--prefix="wpa-1.0/" \
hostap_1_0 \
README COPYING patches src wpa_supplicant hostapd | \
xz -c6 > wpa_1.0.orig.tar.gz
Arbitrary git tags or commit IDs can be used for this purpose.
Upstream git snapshots can be exported by using a specially crafted version
syntax used in the top most (pending) changelog entry. The required syntax for
correctly parsing this is:
<upstream_version>+git<date>.<revision>+<git_hash>-<debian_revision>
upstream_version := [0-9\.]* --> 2.0
date := [0-9]* --> 20131120 (YYYYMMDD)
revision := [0-9]* --> 1
git_hash := [0-9a-f]* --> 594516b
debian_revision := [0-9*] --> 1
e.g.:
2.0+git20131120.1+594516b-1
Technically any incrementing number can be used for <date>, but it's strongly
recommended to use YYYYMMDD (date --utc +%Y%m%d) and follow it by an
strictly incrementing arbitrary revision number (typically '.1'). The supplied
git hash can be abbreviated, but must be unique (see git describe, without
leading 'g').
The debian/rules get-orig-source target will automatically switch between
hostapd-1.git and hostapd.git (for >= 2.0) as needed, but it will only fetch
the explicitly specified version from a properly formatted, top most,
debian/changelog entry; it will not fetch the last upstream release or git
HEAD automatically.
The Debian packaging for wpa_supplicant/ hostapd is maintained in a subversion
repository at:
Vcs-Svn: svn://anonscm.debian.org/svn/pkg-wpa/wpa/trunk/
Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-wpa/wpa/trunk/
The development mailing list and its mailing list archive is located at:
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-wpa-devel
Work for the wpa package can be coordinated on this mailing list through:
Debian wpasupplicant Maintainers <pkg-wpa-devel@lists.alioth.debian.org>
-- Stefan Lippers-Hollmann <s.l-h@gmx.de> Sat, 28 Dec 2013 22:37:03 +0100
[1] http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap-1.git [1.x branch]
http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git [development]

6
debian/changelog vendored
View File

@ -1,3 +1,9 @@
wpa (2:2.10-ok1) yangtze; urgency=medium
* update upstream 2.10
-- wudan <wudan@wudan.kylinos.cn> Fri, 31 Mar 2023 10:54:22 +0800
wpa (2:2.9-ok3) yangtze; urgency=medium
* add-wifi6/6+

483
debian/changelog.hostapd vendored
View File

@ -1,483 +0,0 @@
hostapd (1:0.7.3-5) UNRELEASED; urgency=low
* NOT RELEASED YET
* bump standards version to 3.9.3, no changes necessary.
* update dep-5 version to final 1.0:
- add format qualifier
- s/Upstream-Maintainer/Upstream-Contact/
- s/Upstream-Source/Source/
- use "or" instead of "BSD | GPL-2" for dual-licensed sources
- order licenses alphabetically.
- fix lists of copyright holders for the final syntax
- fix license continuation.
-- Stefan Lippers-Hollmann <s.l-h@gmx.de> Mon, 27 Feb 2012 22:07:19 +0100
hostapd (1:0.7.3-4) unstable; urgency=low
* add myself to uploaders.
* add "hostap: Allow linking with libnl-3" from Ben Greear
<greearb@candelatech.com> to allow building against libnl3 3.2.
* switch build dependency from libnl-dev (libnl1) to libnl-3-dev &&
libnl-genl-3-dev accordingly.
* add libpcap-dev and libbsd-dev to kFreeBSD specific build-depends.
* disable IAPP on kFreeBSD, to avoid FTBS.
* restrict hostapd to linux-any and kfreebsd-any, hurd lacks kernel support.
* raise versioned build-dependency to (>= 3.2.3-2~), we need
libnl-genl-3-200-udeb and expect it in /lib/.
* add "For MS-CHAP, convert the password from UTF-8 to UCS-2" from
Evan Broder <ebroder@mokafive.com>, accepted upstream into hostap-1.git
* fix long description, driver_madwifi is no longer enabled, while driver_bsd
got enabled.
-- Stefan Lippers-Hollmann <s.l-h@gmx.de> Tue, 20 Dec 2011 02:51:49 +0100
hostapd (1:0.7.3-3) unstable; urgency=low
[ Kel Modderman ]
* Use /run/sendsigs.omit.d/ for sendsigs omission pid file and depend on
initscripts (>= 2.88dsf-13.3). (Closes: #633026)
* Migrate existing sendsigs omission pid files from /lib/init/rw to /run.
* Add a loop to ifupdown.sh to wait for creation of hostapd pid file before
attempting creation of sensigs omission pid file, in some cases hostapd
daemon can return before creation of the pid file has been written to disk.
* Adjust standards version to 3.9.2, no further changes required to
satisfy that.
* Only test that DAEMON_CONF is set in init.d script, do not test if what is
set is readable (which assumes only one configuration file is being used).
(Closes: #615821)
[ Stefan Lippers-Hollmann ]
* use new anonscm URIs for alioth.
-- Kel Modderman <kel@otaku42.de> Sun, 11 Dec 2011 20:32:06 +1000
hostapd (1:0.7.3-2) unstable; urgency=low
* upload to unstable
-- Jan Dittberner <jandd@debian.org> Sun, 06 Feb 2011 13:20:42 +0100
hostapd (1:0.7.3-1) experimental; urgency=low
* New upstream release, upstream declares this as the new stable release.
* debian/control: update Standards-Version to 3.9.1 (no changes
necessary)
* debian/copyright: include license text of the BSD license variant,
add myself to the list of copyright holders for the debian/* files
* add debian/hostapd.lintian-overrides and install it as
/usr/share/lintian/overrides/hostapd to fix possible-gpl-code-linked-
with-openssl Lintian error
-- Jan Dittberner <jandd@debian.org> Tue, 07 Sep 2010 20:43:01 +0200
hostapd (1:0.7.2-2) experimental; urgency=low
* disable madwifi driver
- remove debian/driver_madwifi
- disable madwifi driver in debian/config/linux
-- Jan Dittberner <jandd@debian.org> Tue, 27 Apr 2010 21:09:08 +0200
hostapd (1:0.7.2-1) experimental; urgency=low
* New upstream release
* debian/control: add myself to Uploaders
* update debian/watch to track version 0.7.x
* disable debian/patches/DTIM.patch that does not apply to current upstream
sources
-- Jan Dittberner <jandd@debian.org> Mon, 26 Apr 2010 20:21:00 +0200
hostapd (1:0.6.10-2) unstable; urgency=low
* Switch to source format 3.0 (quilt).
* Add DTIM.patch, cherry picked from upstream, which works around
problem setting DTIM period too early causing hostapd to bail out
unceremoniously. (Closes: #570116)
* Fix syntax error in ifupdown.sh. (Closes: #571029)
-- Kel Modderman <kel@otaku42.de> Wed, 24 Feb 2010 19:36:11 +1000
hostapd (1:0.6.10-1) unstable; urgency=low
* New upstream release.
- drop all patches applied upstream
* Install hostapd_cli to /usr/sbin/ from /usr/bin/, as it requires
explicit permissions to be usable by non-admin.
* Support the status command in init.d script. Depend on lsb-base (>=
3.2-13) for status_of_proc. Patch thanks to Peter Eisentraut.
(Closes: #535633)
* Add debian/README.source to describe use of quilt patch system.
* Increase Standards-Version to 3.8.4 without extra changes.
* Reduce debian/rules by tweaking the sequence of a few things and
using the --sourcedirectory option of dh in debhelper (>= 7.3.7~).
Build-Depend on that debhelper version.
* No longer install /etc/hostapd/hostapd.conf per default as there are
no sane defaults. Instead provide the configuration as an example
only and take care to remove previously installed conffiles which
remain unedited on upgrade.
* Clean up init.d script a bit by using existence of hostapd daemon
configuration file as defined in /etc/default/hostapd as conditional
for starting instead of magic RUN_DAEMON variable.
* Update README.Debian to contain information about the example
hostapd.conf file.
* Remove Reinhard Tartler from uploaders at his request. Thanks for
past contribution.
* Remove uupdate command from debian/watch, unused by maintainer.
* Adjust debian/watch to scan for the 0.6.X stable releases only.
-- Kel Modderman <kel@otaku42.de> Thu, 11 Feb 2010 14:49:44 +1000
hostapd (1:0.6.9-3) unstable; urgency=low
* Change Maintainer to pkg-wpa-devel team and add Reinhard and myself
to Uploaders to better reflect the organisation which makes the package
available.
* Import upstream patches:
- hostap_reuse_existing_ctrl_iface_socket.patch allows to reuse ctrl
interface sockets left over as result of unclean shutdown
- hostap_reject_conf_without_channel_nl80211.patch adds code to reject
configurations which use nl80211 driver without setting a channel
because this will always fail for the time being
* Build-Depend on quilt >= 0.46-7 for dh integration.
* Update debian/control long description to mention mac80211 based
drivers. Thanks to Jan Braunisch for noticing.
* Also remove reference to the Prism54 driver in package long
description, we do not support it.
-- Kel Modderman <kel@otaku42.de> Sun, 17 May 2009 04:35:12 +1000
hostapd (1:0.6.9-2) unstable; urgency=low
* Enable CONFIG_IEEE80211W, IEEE 802.11w (management frame
protection). (Closes: #522328)
-- Kel Modderman <kel@otaku42.de> Fri, 03 Apr 2009 07:07:06 +1000
hostapd (1:0.6.9-1) unstable; urgency=low
[ Kel Modderman ]
* New upstream release. (Closes: #521142)
* Document copyright errata of hostapd/driver_atheros.c in
debian/copyright.
- activate nl80211 driver backend (Closes: #429734)
- deactivate prism54 driver, it is now working. Do not mention it
in README.Debian (Closes: #475451)
* Add build dependency of libnl-dev (>= 1.1) for the nl80211 driver
backend.
* Remove need for patch system.
- ship madwifi headers in debian/driver_madwifi
- use sed to patch hostapd.conf in order to change /etc/hostapd.* to
/etc/hostapd/*
- copy in build configuration from debian/config/$(DEB_HOST_ARCH_OS)
to hostapd/.config rather than using a patch
* Add support for kfreebsd build by providing debian/config/kfreebsd
without Linux specific build options.
* Use dh-centric debian/rules and build-depend on debhelper (>= 7.0.50)
in order to take advantage of the override_dh_* feature.
* Bump debian/compat to 7.
* Adjust Standards-Version to 3.8.0, no further changes needed.
* Use machine parsable debian/copyright format.
* Add debian/manpages instead of using explicit dh_installmanpages
command in debian/rules.
* Rename debian/lintian-overrides to debian/hostapd.lintian-overrides
so that dh_lintian automatically picks it up.
* Bump Standards-Version to 3.8.1, no other changes required.
* Remove var/run/hostapd and usr/share/lintian/overrides from
debian/dirs. hostapd is able to create its own directory for unix
sockets (and that may be anywhere admin decides) and lintian stuff
is taken care of by debhelper now.
* Update copyright information in debian/ifupdown.sh
[ Faidon Liambotis ]
* Switch Maintainer/Uploaders roles with Kel; he's the de facto maintainer
nowadays, he may as well listed as such.
-- Faidon Liambotis <paravoid@debian.org> Sun, 29 Mar 2009 21:37:22 +0300
hostapd (1:0.5.10-1) unstable; urgency=low
* New upstream release.
* Document the two methods of managing hostapd in README.Debian. Also add a
hint to /etc/default/hostapd to consult README.Debian for more
information. (Closes: #443786)
* Cleanup of debian/rules, actually honor nostrip by specifying default
CFLAGS when invoking make. Remove redundant commented out content.
* Fix incorrect LSB dependency information, hostapd now requires $remote_fs
virtual facility for start and stop. Thanks to Petter Reinholdtsen.
(Closes: #466283)
-- Kel Modderman <kel@otaku42.de> Tue, 11 Mar 2008 12:36:03 +1000
hostapd (1:0.5.9-1) unstable; urgency=low
* New upstream release.
* Bumped to Standards-Version 3.7.3, no changed needed.
* Switched to Vcs-* instead of XS-Vcs.
* Added Homepage field.
* Refer to GPL-2 explicitely, as this is a GPL v2-only software.
* Remove remnants of patches for dscape/mac80211.
* Update to madwifi 0.9.3.3 headers; no functional changes.
-- Faidon Liambotis <paravoid@debian.org> Wed, 12 Dec 2007 03:43:13 +0200
hostapd (1:0.5.8-1) unstable; urgency=low
[ Kel Modderman ]
* New upstream release.
* Add bash script to prepare madwifi_headers.patch.
* patches/20_madwifi_headers.dpatch made from madwifi 0.9.3, which is what
is currently in the archive, and stable upstream release.
(Closes: #408642)
* Rename 21_madwifi_includes.dpatch to 21_madwifi_enable.dpatch.
* Make our new mac80211 header dpatches similar to that of madwifi; keep
upstream include directory tree intact and modify CFLAGS.
* Refresh our build config with upstreams current defconfig.
* CONFIG_STAKEY is deprecated in favour of CONFIG_PEERKEY.
[ Faidon Liambotis ]
* Remove upgrade paths from pre-etch versions, we only support incremental
updates. Fix a lintian error in the process.
* Don't ignore "make clean" errors, if they exist; fixes a lintian warning.
-- Faidon Liambotis <paravoid@debian.org> Tue, 24 Jul 2007 17:43:44 +0300
hostapd (1:0.5.7-1) unstable; urgency=low
* New upstream release.
* Drop backported code included in this upstream release.
* Bump debhelper compat level to 5, no other changes required.
* Include ifupdown integration; it is now possible to start
hostapd via a /etc/network/interfaces line such as:
'hostapd /etc/hostapd/hostapd.conf'
for any given interface. The daemon will start in pre-up phase of ifup,
and be killed in post-down phase of ifdown. A pidfile of
/var/run/hostapd.$IFACE.pid will be created for each interface's daemon.
* Add XS-Vcs fields to debian/control.
* Change of Uploader email address in debian/control.
* Update madwifi includes to r2157 upstream madwifi.org/trunk.
* Update debian/copyright with new upstream URL, contact information and
copyright years.
* Modify debian/watch file for new upstream release URL.
* Make debian/watch version 3, remove useless comments from file.
-- Kel Modderman <kel@otaku42.de> Mon, 09 Apr 2007 18:31:22 +1000
hostapd (1:0.5.5-3.1) unstable; urgency=high
* Non-maintainer upload.
* Urgency high for RC bugfix.
* Backport hostapd.c fix from CVS: (Closes: #398466)
- Allow hostapd_flush_old_stations to fail, otherwise configuration
of unencrypted modes failed with madwifi. (1.168)
The correct setup is handled by the backported fixes in the
previous revision.
-- Matt Brown <mattb@debian.org> Sat, 9 Dec 2006 11:03:47 +1300
hostapd (1:0.5.5-3) unstable; urgency=medium
* Update madwifi headers to r1757.
* Backport driver_madwifi.c fixes from CVS:
- Set forgotten im_op for sta_disassoc handlers (1.49)
- Fixed configuration of unencrypted modes (plaintext and IEEE 802.1X
without WEP) (1.51)
* Urgency medium because of a bugfix revision.
-- Faidon Liambotis <paravoid@debian.org> Sun, 12 Nov 2006 02:37:43 +0200
hostapd (1:0.5.5-2) unstable; urgency=low
* Versioned dependency on lsb-base (>= 3.0-3) for log_daemon_message used in
hostapd init script. (Closes: #386156)
-- Kel Modderman <kelrin@tpg.com.au> Wed, 6 Sep 2006 14:31:14 +1000
hostapd (1:0.5.5-1) unstable; urgency=low
[ Kel Modderman ]
* New upstream release.
* Allow hostapd to install, by first checking for existence of
/etc/hostapd/hostapd.conf before attempting to change permissions.
[ Faidon Liambotis ]
* Also fix ownership of hostapd.conf on upgrades.
-- Faidon Liambotis <paravoid@debian.org> Tue, 29 Aug 2006 15:29:47 +0300
hostapd (1:0.5.4-1) unstable; urgency=low
[ Kel Modderman ]
* New upstream release. (Closes: #378703)
* Add LSB INIT info header to init script, as per specs. Source lsb-base
init functions, use them to report daemon status in a standard way.
(Closes: #376327)
* Add dpatch (30_hostapd_pidfile) to allow hostapd process to create a pid
file when daemonized.
* The init daemon now creates a pid file at /var/run/hostapd.pid.
* Allow multiple configuration files to be given to hostapd via
/etc/default/hostapd, enabling the possibility of managing multiple
interfaces with one process. If the configuration files are not specified
use /etc/hostapd/hostapd.conf to preserve backwards compatability.
This also allows the user to use a single configuration file !=
/etc/hostapd/hostapd.conf. (Closes: #377054)
* Add 'reload' option to init script. Send HUP signal to hostapd, causing it
to reload its configuration file.
* Add some extra DAEMON_OPTIONS hints to the /etc/default/hostapd file.
* Set hostapd.conf permissions to 0600, it may contain sensitive details.
(Closes: #380632)
* Update madwifi headers to r1705. This should ensure maximum compatibility
with the madwifi-source package currently available. (Closes: #384504)
* Slightly change the way madwifi is activated, add an extra CFLAG instead of
hardcoding the paths to the headers in driver_madwifi.c.
* Add myself to uploaders.
[ Faidon Liambotis ]
* Fixes a potential DoS fix in RSN preauthentication (upstream bug #152).
* Add lintian override for hostapd.conf unusual permissions.
* Exclude hostapd.conf from dh_fixperms.
* Fix permissions of hostapd.conf retroactively in upgrades.
-- Faidon Liambotis <paravoid@debian.org> Fri, 25 Aug 2006 04:28:00 +0300
hostapd (1:0.5.3-1) unstable; urgency=low
* New upstream release
- Fix some warnings when compiling with GCC 4.1.
- Adapt 12_conf_etc_hostapd.dpatch to the new hostapd.conf.
* Include the test driver, for debugging purposes. (Closes: #372107)
* Delete unmodified obsolete conffiles when upgrading from a previous
version (namely, hostapd.{accept,deny}).
Thanks to Lars Wirzenius and piuparts! (Closes: #353191)
* Update madwifi-ng headers to version 0.9.0.
* Remove the suggestion of hostap-modules, hostap is merged to the latest
2.6 kernels and it's one of the many options anyway.
* Changed maintainer's e-mail address.
* Updated Standards-Version to 3.7.2, no changes needed.
-- Faidon Liambotis <paravoid@debian.org> Fri, 9 Jun 2006 03:23:23 +0300
hostapd (1:0.5.0-1) unstable; urgency=low
* New upstream release
- Removed patch 01-prism54-hostap_common, merged upstream.
* Update madwifi headers to madwifi-ng, rev1390.
* Updated 'Standards-Version' to 3.6.2.2 (no changes).
-- Faidon Liambotis <faidon@cube.gr> Thu, 5 Jan 2006 02:13:17 +0200
hostapd (1:0.4.5-2) unstable; urgency=low
* No changes, previous version appeared as an NMU.
-- Faidon Liambotis <faidon@cube.gr> Tue, 11 Oct 2005 19:15:27 +0300
hostapd (1:0.4.5-1) unstable; urgency=low
* New upstream release
- added experimental support for EAP-PSK
- added support for WE-19
* Update madwifi headers to the latest CVS. (Closes: #326893)
* README.Debian:
- Document that in-kernel versions of prism54 won't work. (Closes: #315852)
- Mention Prism2/2.5/3.0's STA firmware limitations.
* Updated 'Standards-Version' to 3.6.2.1 (no changes).
-- Faidon Liambotis <faidon@cube.gr> Mon, 10 Oct 2005 15:55:13 +0300
hostapd (1:0.4.2-1) unstable; urgency=low
* New upstream release
- Manpages incorporated upstream.
- Removed patches 01_makefile, 02_conf_wpa_to_hostapd, 03_usage_cleanup,
accepted upstream.
- Adapted patch 21_madwifi_includes
- Added support for RADIUS over IPv6
- Added support for EAP-PAX
* Removed /etc/hostapd/hostapd.accept & hostapd.deny, now shipping all
example configuration files to /usr/share/doc/hostapd/examples/
-- Faidon Liambotis <faidon@cube.gr> Wed, 15 Jun 2005 18:23:33 +0300
hostapd (1:0.3.7-2) unstable; urgency=medium
* Better handling of patching upstream using dpatch.
* Added madwifi support.
Hack stolen from wpasupplicant, thanks to Kyle McMartin.
* Changed hostapd_cli path to /usr/bin/ from /usr/sbin/.
* Report failed start of hostapd when starting from the init.d script.
(Closes: #303206).
* Added hostapd(8) and hostapd_cli(1) manpages.
Now lintian & linda clean ;)
* Cleaned-up hostapd/hostapd_cli usage information.
-- Faidon Liambotis <faidon@cube.gr> Mon, 11 Apr 2005 11:53:58 +0300
hostapd (1:0.3.7-1) unstable; urgency=medium
* New upstream release
- Changed license to Dual GPL/BSD.
- New tool hostapd_cli for command-line administration.
* Adapt description to reflect new features.
* Now Suggesting instead of Recommending hostap-modules, hostapd can now
work with other drivers.
-- Faidon Liambotis <faidon@cube.gr> Wed, 23 Feb 2005 10:12:06 +0200
hostapd (1:0.2.6-1) unstable; urgency=low
* New upstream release.
* Modified description to match v0.2.x features.
* Modified debian/rules to use 'dh_install'.
* Removed source code documentation from /usr/share/doc/.
-- Faidon Liambotis <faidon@cube.gr> Tue, 28 Dec 2004 19:01:26 +0200
hostapd (1:0.2.5-1) unstable; urgency=low
* Adopted by new maintainer (Closes: #265332).
* New upstream release (Closes: #255302).
* Create init.d script disabled by default
via /etc/default/hostapd (Closes: #208027).
* Updated 'Standards-Version' to 3.6.1.
* Other minor bugfixes.
-- Faidon Liambotis <faidon@cube.gr> Thu, 18 Nov 2004 18:11:57 +0200
hostapd (1:0.1.3-2) unstable; urgency=low
* Orphaned
-- Francois Gurin <matrix@debian.org> Thu, 12 Aug 2004 14:18:11 -0400
hostapd (1:0.1.3-1) unstable; urgency=low
* New upstream release
-- Francois Gurin <matrix@debian.org> Sun, 4 Apr 2004 19:05:28 -0400
hostapd (1:0.1.0-4) unstable; urgency=low
* changed depends to recommends.
-- Francois Gurin <matrix@debian.org> Mon, 8 Dec 2003 15:12:45 -0500
hostapd (1:0.1.0-3) unstable; urgency=low
* fixed a pebcak issue with upload
-- Francois Gurin <matrix@debian.org> Mon, 27 Oct 2003 01:37:06 -0500
hostapd (1:0.1.0-2) unstable; urgency=low
* fixed version epoch
-- Francois Gurin <matrix@debian.org> Mon, 27 Oct 2003 00:52:01 -0500
hostapd (0.1.0-1) unstable; urgency=low
* Initial Release.
-- Francois Gurin <matrix@debian.org> Sun, 26 Oct 2003 04:55:36 -0500

3
debian/clean vendored
View File

@ -1,3 +0,0 @@
wpa_supplicant/.config
hostapd/.config
wpa_supplicant/wpa_supplicant-udeb

394
debian/config/hostapd/kfreebsd vendored
View File

@ -1,394 +0,0 @@
# Debian hostapd build time configuration
#
# This file lists the configuration options that are used when building the
# hostapd binary. All lines starting with # are ignored. Configuration option
# lines must be commented out complete, if they are not to be included, i.e.,
# just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cass, these lines should use += in order not
# to override previous values of the variables.
# Driver interface for Host AP driver
#CONFIG_DRIVER_HOSTAP=y
# Driver interface for wired authenticator
CONFIG_DRIVER_WIRED=y
# Driver interface for drivers using the nl80211 kernel interface
#CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for no driver (e.g., RADIUS server only)
CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
#CONFIG_IAPP=y
# WPA2/IEEE 802.11i RSN pre-authentication
CONFIG_RSN_PREAUTH=y
# IEEE 802.11w (management frame protection)
CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Integrated EAP server
CONFIG_EAP=y
# EAP Re-authentication Protocol (ERP) in integrated EAP server
CONFIG_ERP=y
# EAP-MD5 for the integrated EAP server
CONFIG_EAP_MD5=y
# EAP-TLS for the integrated EAP server
CONFIG_EAP_TLS=y
# EAP-MSCHAPv2 for the integrated EAP server
CONFIG_EAP_MSCHAPV2=y
# EAP-PEAP for the integrated EAP server
CONFIG_EAP_PEAP=y
# EAP-GTC for the integrated EAP server
CONFIG_EAP_GTC=y
# EAP-TTLS for the integrated EAP server
CONFIG_EAP_TTLS=y
# EAP-SIM for the integrated EAP server
CONFIG_EAP_SIM=y
# EAP-AKA for the integrated EAP server
CONFIG_EAP_AKA=y
# EAP-AKA' for the integrated EAP server
# This requires CONFIG_EAP_AKA to be enabled, too.
CONFIG_EAP_AKA_PRIME=y
# EAP-PAX for the integrated EAP server
CONFIG_EAP_PAX=y
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
CONFIG_EAP_PSK=y
# EAP-pwd for the integrated EAP server (secure authentication with a password)
CONFIG_EAP_PWD=y
# EAP-SAKE for the integrated EAP server
CONFIG_EAP_SAKE=y
# EAP-GPSK for the integrated EAP server
CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
CONFIG_EAP_FAST=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
# Enable UPnP support for external WPS Registrars
CONFIG_WPS_UPNP=y
# Enable WPS support with NFC config method
CONFIG_WPS_NFC=y
# EAP-IKEv2
CONFIG_EAP_IKEV2=y
# Trusted Network Connect (EAP-TNC)
CONFIG_EAP_TNC=y
# EAP-EKE for the integrated EAP server
CONFIG_EAP_EKE=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# RADIUS authentication server. This provides access to the integrated EAP
# server from external hosts using RADIUS.
CONFIG_RADIUS_SERVER=y
# Build IPv6 support for RADIUS operations
CONFIG_IPV6=y
# IEEE Std 802.11r-2008 (Fast BSS Transition)
CONFIG_IEEE80211R=y
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
CONFIG_IEEE80211N=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
CONFIG_WNM=y
# IEEE 802.11ac (Very High Throughput) support
CONFIG_IEEE80211AC=y
# IEEE 802.11ax HE support
# Note: This is experimental and work in progress. The definitions are still
# subject to change and this should not be expected to interoperate with the
# final IEEE 802.11ax version.
#CONFIG_IEEE80211AX=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
# code is not needed.
#CONFIG_NO_STDOUT_DEBUG=y
# Add support for writing debug log to a file: -f /tmp/hostapd.log
# Disabled by default.
CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
#CONFIG_DEBUG_SYSLOG=y
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Remove support for RADIUS accounting
#CONFIG_NO_ACCOUNTING=y
# Remove support for RADIUS
#CONFIG_NO_RADIUS=y
# Remove support for VLANs
#CONFIG_NO_VLAN=y
# Enable support for fully dynamic VLANs. This enables hostapd to
# automatically create bridge and VLAN interfaces if necessary.
#CONFIG_FULL_DYNAMIC_VLAN=y
# Use netlink-based kernel API for VLAN operations instead of ioctl()
# Note: This requires libnl 3.1 or newer.
CONFIG_VLAN_NETLINK=y
# Remove support for dumping internal state through control interface commands
# This can be used to reduce binary size at the cost of disabling a debugging
# option.
#CONFIG_NO_DUMP_STATE=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, comment out these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, comment out these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# hostapd depends on strong random number generation being available from the
# operating system. os_get_random() function is used to fetch random data when
# needed, e.g., for key generation. On Linux and BSD systems, this works by
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
# properly initialized before hostapd is started. This is important especially
# on embedded devices that do not have a hardware random number generator and
# may by default start up with minimal entropy available for random number
# generation.
#
# As a safety net, hostapd is by default trying to internally collect
# additional entropy for generating random data to mix in with the data
# fetched from the OS. This by itself is not considered to be very strong, but
# it may help in cases where the system pool is not initialized properly.
# However, it is very strongly recommended that the system pool is initialized
# with enough entropy either by using hardware assisted random number
# generator or by storing state over device reboots.
#
# hostapd can be configured to maintain its own entropy store over restarts to
# enhance random number generation. This is not perfect, but it is much more
# secure than using the same sequence of random numbers after every reboot.
# This can be enabled with -e<entropy file> command line option. The specified
# file needs to be readable and writable by hostapd.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal hostapd random pool can be disabled.
# This will save some in binary size and CPU use. However, this should only be
# considered for builds that are known to be used on devices that meet the
# requirements described above.
#CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
#CONFIG_GETRANDOM=y
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
#CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=openssl
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used.
CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms.
CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks.
CONFIG_INTERWORKING=y
# Hotspot 2.0
CONFIG_HS20=y
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
#CONFIG_SQLITE=y
# Enable Fast Session Transfer (FST)
CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# Testing options
# This can be used to enable some testing options (see also the example
# configuration file) that are really useful only for testing clients that
# connect to this hostapd. These options allow, for example, to drop a
# certain percentage of probe requests or auth/(re)assoc frames.
#
CONFIG_TESTING_OPTIONS=y
# Automatic Channel Selection
# This will allow hostapd to pick the channel automatically when channel is set
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# You can customize the ACS survey algorithm with the hostapd.conf variable
# acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#
CONFIG_ACS=y
# XXX: Debian #737465
# fix FTBS using gcc-4.8 by linking with -ldl on kfreebsd-any. This is
# already accounted for by the upstream Makefile, however wrongly depending
# on !CONFIG_DRIVER_BSD, while it is actually depending on the target libc
# rather than the kernel.
LIBS += -ldl
# Multiband Operation support
# These extentions facilitate efficient use of multiple frequency bands
# available to the AP and the devices that may associate with it.
CONFIG_MBO=y
# Client Taxonomy
# Has the AP retain the Probe Request and (Re)Association Request frames from
# a client, from which a signature can be produced which can identify the model
# of client device like "Nexus 6P" or "iPhone 5s".
#CONFIG_TAXONOMY=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
CONFIG_FILS=y
# FILS shared key authentication with PFS
CONFIG_FILS_SK_PFS=y
# Include internal line edit mode in hostapd_cli. This can be used to provide
# limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
CONFIG_OWE=y
# Device Provisioning Protocol (DPP)
CONFIG_DPP=y
# Simultaneous Authentication of Equals (SAE)
CONFIG_SAE=y
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1

387
debian/config/hostapd/linux vendored
View File

@ -1,387 +0,0 @@
# Debian hostapd build time configuration
#
# This file lists the configuration options that are used when building the
# hostapd binary. All lines starting with # are ignored. Configuration option
# lines must be commented out complete, if they are not to be included, i.e.,
# just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cass, these lines should use += in order not
# to override previous values of the variables.
# Driver interface for Host AP driver
CONFIG_DRIVER_HOSTAP=y
# Driver interface for wired authenticator
CONFIG_DRIVER_WIRED=y
# Driver interface for drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for no driver (e.g., RADIUS server only)
CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
CONFIG_IAPP=y
# WPA2/IEEE 802.11i RSN pre-authentication
CONFIG_RSN_PREAUTH=y
# IEEE 802.11w (management frame protection)
CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Integrated EAP server
CONFIG_EAP=y
# EAP Re-authentication Protocol (ERP) in integrated EAP server
CONFIG_ERP=y
# EAP-MD5 for the integrated EAP server
CONFIG_EAP_MD5=y
# EAP-TLS for the integrated EAP server
CONFIG_EAP_TLS=y
# EAP-MSCHAPv2 for the integrated EAP server
CONFIG_EAP_MSCHAPV2=y
# EAP-PEAP for the integrated EAP server
CONFIG_EAP_PEAP=y
# EAP-GTC for the integrated EAP server
CONFIG_EAP_GTC=y
# EAP-TTLS for the integrated EAP server
CONFIG_EAP_TTLS=y
# EAP-SIM for the integrated EAP server
CONFIG_EAP_SIM=y
# EAP-AKA for the integrated EAP server
CONFIG_EAP_AKA=y
# EAP-AKA' for the integrated EAP server
# This requires CONFIG_EAP_AKA to be enabled, too.
CONFIG_EAP_AKA_PRIME=y
# EAP-PAX for the integrated EAP server
CONFIG_EAP_PAX=y
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
CONFIG_EAP_PSK=y
# EAP-pwd for the integrated EAP server (secure authentication with a password)
CONFIG_EAP_PWD=y
# EAP-SAKE for the integrated EAP server
CONFIG_EAP_SAKE=y
# EAP-GPSK for the integrated EAP server
CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
CONFIG_EAP_FAST=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
# Enable UPnP support for external WPS Registrars
CONFIG_WPS_UPNP=y
# Enable WPS support with NFC config method
CONFIG_WPS_NFC=y
# EAP-IKEv2
CONFIG_EAP_IKEV2=y
# Trusted Network Connect (EAP-TNC)
CONFIG_EAP_TNC=y
# EAP-EKE for the integrated EAP server
CONFIG_EAP_EKE=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# RADIUS authentication server. This provides access to the integrated EAP
# server from external hosts using RADIUS.
CONFIG_RADIUS_SERVER=y
# Build IPv6 support for RADIUS operations
CONFIG_IPV6=y
# IEEE Std 802.11r-2008 (Fast BSS Transition)
CONFIG_IEEE80211R=y
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
CONFIG_IEEE80211N=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
CONFIG_WNM=y
# IEEE 802.11ac (Very High Throughput) support
CONFIG_IEEE80211AC=y
# IEEE 802.11ax HE support
# Note: This is experimental and work in progress. The definitions are still
# subject to change and this should not be expected to interoperate with the
# final IEEE 802.11ax version.
#CONFIG_IEEE80211AX=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
# code is not needed.
#CONFIG_NO_STDOUT_DEBUG=y
# Add support for writing debug log to a file: -f /tmp/hostapd.log
# Disabled by default.
CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
#CONFIG_DEBUG_SYSLOG=y
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
CONFIG_DEBUG_LINUX_TRACING=y
# Remove support for RADIUS accounting
#CONFIG_NO_ACCOUNTING=y
# Remove support for RADIUS
#CONFIG_NO_RADIUS=y
# Remove support for VLANs
#CONFIG_NO_VLAN=y
# Enable support for fully dynamic VLANs. This enables hostapd to
# automatically create bridge and VLAN interfaces if necessary.
CONFIG_FULL_DYNAMIC_VLAN=y
# Use netlink-based kernel API for VLAN operations instead of ioctl()
# Note: This requires libnl 3.1 or newer.
CONFIG_VLAN_NETLINK=y
# Remove support for dumping internal state through control interface commands
# This can be used to reduce binary size at the cost of disabling a debugging
# option.
#CONFIG_NO_DUMP_STATE=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, comment out these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, comment out these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# hostapd depends on strong random number generation being available from the
# operating system. os_get_random() function is used to fetch random data when
# needed, e.g., for key generation. On Linux and BSD systems, this works by
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
# properly initialized before hostapd is started. This is important especially
# on embedded devices that do not have a hardware random number generator and
# may by default start up with minimal entropy available for random number
# generation.
#
# As a safety net, hostapd is by default trying to internally collect
# additional entropy for generating random data to mix in with the data
# fetched from the OS. This by itself is not considered to be very strong, but
# it may help in cases where the system pool is not initialized properly.
# However, it is very strongly recommended that the system pool is initialized
# with enough entropy either by using hardware assisted random number
# generator or by storing state over device reboots.
#
# hostapd can be configured to maintain its own entropy store over restarts to
# enhance random number generation. This is not perfect, but it is much more
# secure than using the same sequence of random numbers after every reboot.
# This can be enabled with -e<entropy file> command line option. The specified
# file needs to be readable and writable by hostapd.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal hostapd random pool can be disabled.
# This will save some in binary size and CPU use. However, this should only be
# considered for builds that are known to be used on devices that meet the
# requirements described above.
#CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
#CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=openssl
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used.
CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms.
CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks.
CONFIG_INTERWORKING=y
# Hotspot 2.0
CONFIG_HS20=y
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
#CONFIG_SQLITE=y
# Enable Fast Session Transfer (FST)
CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# Testing options
# This can be used to enable some testing options (see also the example
# configuration file) that are really useful only for testing clients that
# connect to this hostapd. These options allow, for example, to drop a
# certain percentage of probe requests or auth/(re)assoc frames.
#
CONFIG_TESTING_OPTIONS=y
# Automatic Channel Selection
# This will allow hostapd to pick the channel automatically when channel is set
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# You can customize the ACS survey algorithm with the hostapd.conf variable
# acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#
CONFIG_ACS=y
# Multiband Operation support
# These extentions facilitate efficient use of multiple frequency bands
# available to the AP and the devices that may associate with it.
CONFIG_MBO=y
# Client Taxonomy
# Has the AP retain the Probe Request and (Re)Association Request frames from
# a client, from which a signature can be produced which can identify the model
# of client device like "Nexus 6P" or "iPhone 5s".
#CONFIG_TAXONOMY=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
CONFIG_FILS=y
# FILS shared key authentication with PFS
CONFIG_FILS_SK_PFS=y
# Include internal line edit mode in hostapd_cli. This can be used to provide
# limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
CONFIG_OWE=y
# Device Provisioning Protocol (DPP)
CONFIG_DPP=y
# Simultaneous Authentication of Equals (SAE)
CONFIG_SAE=y
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1

609
debian/config/wpasupplicant/kfreebsd vendored
View File

@ -1,609 +0,0 @@
# Debian wpa_supplicant build time configuration
#
# This file lists the configuration options that are used when building the
# wpa_supplicant binary. All lines starting with # are ignored. Configuration
# option lines must be commented out complete, if they are not to be included,
# i.e., just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cases, these lines should use += in order not
# to override previous values of the variables.
# Uncomment following two lines and fix the paths if you have installed OpenSSL
# or GnuTLS in non-default location
#CFLAGS += -I/usr/local/openssl/include
#LIBS += -L/usr/local/openssl/lib
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
# the kerberos files are not in the default include path. Following line can be
# used to fix build issues on such systems (krb5.h not found).
#CFLAGS += -I/usr/include/kerberos
# Driver interface for generic Linux wireless extensions
# Note: WEXT is deprecated in the current Linux kernel version and no new
# functionality is added to it. nl80211-based interface is the new
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
#CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
#CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for Windows NDIS
#CONFIG_DRIVER_NDIS=y
#CFLAGS += -I/usr/include/w32api/ddk
#LIBS += -L/usr/local/lib
# For native build using mingw
#CONFIG_NATIVE_WINDOWS=y
# Additional directories for cross-compilation on Linux host for mingw target
#CFLAGS += -I/opt/mingw/mingw32/include/ddk
#LIBS += -L/opt/mingw/mingw32/lib
#CC=mingw32-gcc
# By default, driver_ndis uses WinPcap for low-level operations. This can be
# replaced with the following option which replaces WinPcap calls with NDISUIO.
# However, this requires that WZC is disabled (net stop wzcsvc) before starting
# wpa_supplicant.
# CONFIG_USE_NDISUIO=y
# Driver interface for wired Ethernet drivers
CONFIG_DRIVER_WIRED=y
# Driver interface for MACsec capable Qualcomm Atheros drivers
CONFIG_DRIVER_MACSEC_QCA=y
# Driver interface for Linux MACsec drivers
#CONFIG_DRIVER_MACSEC_LINUX=y
# Driver interface for the Broadcom RoboSwitch family
#CONFIG_DRIVER_ROBOSWITCH=y
# Driver interface for no driver (e.g., WPS ER only)
CONFIG_DRIVER_NONE=y
# Solaris libraries
#LIBS += -lsocket -ldlpi -lnsl
#LIBS_c += -lsocket
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
# MACsec is included)
CONFIG_IEEE8021X_EAPOL=y
# EAP-MD5
CONFIG_EAP_MD5=y
# EAP-MSCHAPv2
CONFIG_EAP_MSCHAPV2=y
# EAP-TLS
CONFIG_EAP_TLS=y
# EAL-PEAP
CONFIG_EAP_PEAP=y
# EAP-TTLS
CONFIG_EAP_TTLS=y
# EAP-FAST
CONFIG_EAP_FAST=y
# EAP-GTC
CONFIG_EAP_GTC=y
# EAP-OTP
CONFIG_EAP_OTP=y
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
CONFIG_EAP_SIM=y
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
CONFIG_EAP_PSK=y
# EAP-pwd (secure authentication using only a password)
CONFIG_EAP_PWD=y
# EAP-PAX
CONFIG_EAP_PAX=y
# LEAP
CONFIG_EAP_LEAP=y
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
CONFIG_EAP_AKA=y
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
# This requires CONFIG_EAP_AKA to be enabled, too.
CONFIG_EAP_AKA_PRIME=y
# Enable USIM simulator (Milenage) for EAP-AKA
#CONFIG_USIM_SIMULATOR=y
# EAP-SAKE
CONFIG_EAP_SAKE=y
# EAP-GPSK
CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
CONFIG_EAP_GPSK_SHA256=y
# EAP-TNC and related Trusted Network Connect support (experimental)
CONFIG_EAP_TNC=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
# Enable WPS external registrar functionality
CONFIG_WPS_ER=y
# Disable credentials for an open network by default when acting as a WPS
# registrar.
CONFIG_WPS_REG_DISABLE_OPEN=y
# Enable WPS support with NFC config method
CONFIG_WPS_NFC=y
# EAP-IKEv2
CONFIG_EAP_IKEV2=y
# EAP-EKE
CONFIG_EAP_EKE=y
# MACsec
#CONFIG_MACSEC=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
# engine.
CONFIG_SMARTCARD=y
# PC/SC interface for smartcards (USIM, GSM SIM)
# Enable this if EAP-SIM or EAP-AKA is included
CONFIG_PCSC=y
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
CONFIG_HT_OVERRIDES=y
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
CONFIG_VHT_OVERRIDES=y
# Development testing
#CONFIG_EAPOL_TEST=y
# Select control interface backend for external programs, e.g, wpa_cli:
# unix = UNIX domain sockets (default for Linux/*BSD)
# udp = UDP sockets using localhost (127.0.0.1)
# udp6 = UDP IPv6 sockets using localhost (::1)
# named_pipe = Windows Named Pipe (default for Windows)
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
# y = use default (backwards compatibility)
# If this option is commented out, control interface is not included in the
# build.
CONFIG_CTRL_IFACE=y
# Include support for GNU Readline and History Libraries in wpa_cli.
# When building a wpa_cli binary for distribution, please note that these
# libraries are licensed under GPL and as such, BSD license may not apply for
# the resulting binary.
CONFIG_READLINE=y
# Include internal line edit mode in wpa_cli. This can be used as a replacement
# for GNU Readline to provide limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Remove debugging code that is printing out debug message to stdout.
# This can be used to reduce the size of the wpa_supplicant considerably
# if debugging code is not needed. The size reduction can be around 35%
# (e.g., 90 kB).
#CONFIG_NO_STDOUT_DEBUG=y
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
# 35-50 kB in code size.
#CONFIG_NO_WPA=y
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
# This option can be used to reduce code size by removing support for
# converting ASCII passphrases into PSK. If this functionality is removed, the
# PSK can only be configured as the 64-octet hexstring (e.g., from
# wpa_passphrase). This saves about 0.5 kB in code size.
#CONFIG_NO_WPA_PASSPHRASE=y
# Simultaneous Authentication of Equals (SAE), WPA3-Personal
CONFIG_SAE=y
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
# This can be used if ap_scan=1 mode is never enabled.
#CONFIG_NO_SCAN_PROCESSING=y
# Select configuration backend:
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
# path is given on command line, not here; this option is just used to
# select the backend that allows configuration files to be used)
# winreg = Windows registry (see win_example.reg for an example)
CONFIG_BACKEND=file
# Remove configuration write functionality (i.e., to allow the configuration
# file to be updated based on runtime configuration changes). The runtime
# configuration can still be changed, the changes are just not going to be
# persistent over restarts. This option can be used to reduce code size by
# about 3.5 kB.
#CONFIG_NO_CONFIG_WRITE=y
# Remove support for configuration blobs to reduce code size by about 1.5 kB.
#CONFIG_NO_CONFIG_BLOBS=y
# Select program entry point implementation:
# main = UNIX/POSIX like main() function (default)
# main_winsvc = Windows service (read parameters from registry)
# main_none = Very basic example (development use only)
CONFIG_MAIN=main
# Select wrapper for operating system and C library specific functions
# unix = UNIX/POSIX like systems (default)
# win32 = Windows systems
# none = Empty template
CONFIG_OS=unix
# Select event loop implementation
# eloop = select() loop (default)
# eloop_win = Windows events and WaitForMultipleObject() loop
CONFIG_ELOOP=eloop
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
#CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select layer 2 packet implementation
# linux = Linux packet socket (default)
# pcap = libpcap/libdnet/WinPcap
# freebsd = FreeBSD libpcap
# winpcap = WinPcap with receive thread
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
# none = Empty template
CONFIG_L2_PACKET=freebsd
# Disable Linux packet socket workaround applicable for station interface
# in a bridge for EAPOL frames. This should be uncommented only if the kernel
# is known to not have the regression issue in packet socket behavior with
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=openssl
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used. It should be noted that some existing TLS v1.0 -based
# implementation may not be compatible with TLS v1.1 message (ClientHello is
# sent prior to negotiating which version will be used)
CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms. It should be
# noted that some existing TLS v1.0 -based implementation may not be compatible
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
# will be used)
CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT@SECLEVEL=1"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
# This is only for Windows builds and requires WMI-related header files and
# WbemUuid.Lib from Platform SDK even when building with MinGW.
#CONFIG_NDIS_EVENTS_INTEGRATED=y
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
# Add support for new DBus control interface
# (fi.w1.hostap.wpa_supplicant1)
CONFIG_CTRL_IFACE_DBUS_NEW=y
# Add introspection support for new DBus control interface
CONFIG_CTRL_IFACE_DBUS_INTRO=y
# Add support for loading EAP methods dynamically as shared libraries.
# When this option is enabled, each EAP method can be either included
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
# be loaded in the beginning of the wpa_supplicant configuration file
# (see load_dynamic_eap parameter in the example file) before being used in
# the network blocks.
#
# Note that some shared parts of EAP methods are included in the main program
# and in order to be able to use dynamic EAP methods using these parts, the
# main program must have been build with the EAP method enabled (=y or =dyn).
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
# unless at least one of them was included in the main build to force inclusion
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
# in the main build to be able to load these methods dynamically.
#
# Please also note that using dynamic libraries will increase the total binary
# size. Thus, it may not be the best option for targets that have limited
# amount of memory/flash.
#CONFIG_DYNAMIC_EAP_METHODS=y
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
CONFIG_IEEE80211R=y
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Set syslog facility for debug messages
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Add support for writing debug log to Android logcat instead of standard
# output
#CONFIG_ANDROID_LOG=y
# Enable privilege separation (see README 'Privilege separation' for details)
#CONFIG_PRIVSEP=y
# Enable mitigation against certain attacks against TKIP by delaying Michael
# MIC error reports by a random amount of time between 0 and 60 seconds
CONFIG_DELAYED_MIC_ERROR_REPORT=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, uncomment these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, uncomment these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# wpa_supplicant depends on strong random number generation being available
# from the operating system. os_get_random() function is used to fetch random
# data when needed, e.g., for key generation. On Linux and BSD systems, this
# works by reading /dev/urandom. It should be noted that the OS entropy pool
# needs to be properly initialized before wpa_supplicant is started. This is
# important especially on embedded devices that do not have a hardware random
# number generator and may by default start up with minimal entropy available
# for random number generation.
#
# As a safety net, wpa_supplicant is by default trying to internally collect
# additional entropy for generating random data to mix in with the data fetched
# from the OS. This by itself is not considered to be very strong, but it may
# help in cases where the system pool is not initialized properly. However, it
# is very strongly recommended that the system pool is initialized with enough
# entropy either by using hardware assisted random number generator or by
# storing state over device reboots.
#
# wpa_supplicant can be configured to maintain its own entropy store over
# restarts to enhance random number generation. This is not perfect, but it is
# much more secure than using the same sequence of random numbers after every
# reboot. This can be enabled with -e<entropy file> command line option. The
# specified file needs to be readable and writable by wpa_supplicant.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal wpa_supplicant random pool can be
# disabled. This will save some in binary size and CPU use. However, this
# should only be considered for builds that are known to be used on devices
# that meet the requirements described above.
#CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
#CONFIG_GETRANDOM=y
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
CONFIG_IEEE80211N=y
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
# (depends on CONFIG_IEEE80211N)
CONFIG_IEEE80211AC=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
CONFIG_WNM=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks (GAS/ANQP to learn more about the networks and network
# selection based on available credentials).
CONFIG_INTERWORKING=y
# Hotspot 2.0
CONFIG_HS20=y
# Enable interface matching in wpa_supplicant
#CONFIG_MATCH_IFACE=y
# Disable roaming in wpa_supplicant
#CONFIG_NO_ROAMING=y
# AP mode operations with wpa_supplicant
# This can be used for controlling AP mode operations with wpa_supplicant. It
# should be noted that this is mainly aimed at simple cases like
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
# external RADIUS server can be supported with hostapd.
CONFIG_AP=y
# P2P (Wi-Fi Direct)
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
# more information on P2P operations.
CONFIG_P2P=y
# Enable TDLS support
CONFIG_TDLS=y
# Wi-Fi Display
# This can be used to enable Wi-Fi Display extensions for P2P using an external
# program to control the additional information exchanges in the messages.
CONFIG_WIFI_DISPLAY=y
# Autoscan
# This can be used to enable automatic scan support in wpa_supplicant.
# See wpa_supplicant.conf for more information on autoscan usage.
#
# Enabling directly a module will enable autoscan support.
# For exponential module:
CONFIG_AUTOSCAN_EXPONENTIAL=y
# For periodic module:
CONFIG_AUTOSCAN_PERIODIC=y
# Password (and passphrase, etc.) backend for external storage
# These optional mechanisms can be used to add support for storing passwords
# and other secrets in external (to wpa_supplicant) location. This allows, for
# example, operating system specific key storage to be used
#
# External password backend for testing purposes (developer use)
#CONFIG_EXT_PASSWORD_TEST=y
# Enable Fast Session Transfer (FST)
CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# OS X builds. This is only for building eapol_test.
#CONFIG_OSX=y
# Automatic Channel Selection
# This will allow wpa_supplicant to pick the channel automatically when channel
# is set to "0".
#
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
# to "channel=0". This would enable us to eventually add other ACS algorithms in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
# a newly to create wpa_supplicant.conf variable acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
CONFIG_ACS=y
# XXX: Debian #737465
# fix FTBS using gcc-4.8 by linking with -ldl on kfreebsd-any. This is
# already accounted for by the upstream Makefile, however wrongly depending
# on !CONFIG_DRIVER_BSD, while it is actually depending on the target libc
# rather than the kernel.
LIBS += -ldl
# Support Multi Band Operation
CONFIG_MBO=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
CONFIG_FILS=y
# FILS shared key authentication with PFS
CONFIG_FILS_SK_PFS=y
# Support RSN on IBSS networks
# This is needed to be able to use mode=1 network profile with proto=RSN and
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
CONFIG_IBSS_RSN=y
# External PMKSA cache control
# This can be used to enable control interface commands that allow the current
# PMKSA cache entries to be fetched and new entries to be added.
CONFIG_PMKSA_CACHE_EXTERNAL=y
# Mesh Networking (IEEE 802.11s)
CONFIG_MESH=y
# Background scanning modules
# These can be used to request wpa_supplicant to perform background scanning
# operations for roaming within an ESS (same SSID). See the bgscan parameter in
# the wpa_supplicant.conf file for more details.
# Periodic background scans based on signal strength
CONFIG_BGSCAN_SIMPLE=y
# Learn channels used by the network and try to avoid bgscans on other
# channels (experimental)
CONFIG_BGSCAN_LEARN=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
CONFIG_OWE=y
# Device Provisioning Protocol (DPP)
# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
# wpa_supplicant/README-DPP for details)
CONFIG_DPP=y

13
debian/config/wpasupplicant/kfreebsd-udeb vendored
View File

@ -1,13 +0,0 @@
# Debian's wpa_supplicant build time configuration
CONFIG_DRIVER_BSD=y
LIBS += -ldl
CONFIG_CTRL_IFACE=y
CONFIG_BACKEND=file
CONFIG_MAIN=main
CONFIG_OS=unix
CONFIG_ELOOP=eloop
CONFIG_L2_PACKET=freebsd
# enable syslog support, as requested by d-i/ netcfg
CONFIG_DEBUG_SYSLOG=y
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON

602
debian/config/wpasupplicant/linux vendored
View File

@ -1,602 +0,0 @@
# Debian wpa_supplicant build time configuration
#
# This file lists the configuration options that are used when building the
# wpa_supplicant binary. All lines starting with # are ignored. Configuration
# option lines must be commented out complete, if they are not to be included,
# i.e., just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cases, these lines should use += in order not
# to override previous values of the variables.
# Uncomment following two lines and fix the paths if you have installed OpenSSL
# or GnuTLS in non-default location
#CFLAGS += -I/usr/local/openssl/include
#LIBS += -L/usr/local/openssl/lib
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
# the kerberos files are not in the default include path. Following line can be
# used to fix build issues on such systems (krb5.h not found).
#CFLAGS += -I/usr/include/kerberos
# Driver interface for generic Linux wireless extensions
# Note: WEXT is deprecated in the current Linux kernel version and no new
# functionality is added to it. nl80211-based interface is the new
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for Windows NDIS
#CONFIG_DRIVER_NDIS=y
#CFLAGS += -I/usr/include/w32api/ddk
#LIBS += -L/usr/local/lib
# For native build using mingw
#CONFIG_NATIVE_WINDOWS=y
# Additional directories for cross-compilation on Linux host for mingw target
#CFLAGS += -I/opt/mingw/mingw32/include/ddk
#LIBS += -L/opt/mingw/mingw32/lib
#CC=mingw32-gcc
# By default, driver_ndis uses WinPcap for low-level operations. This can be
# replaced with the following option which replaces WinPcap calls with NDISUIO.
# However, this requires that WZC is disabled (net stop wzcsvc) before starting
# wpa_supplicant.
# CONFIG_USE_NDISUIO=y
# Driver interface for wired Ethernet drivers
CONFIG_DRIVER_WIRED=y
# Driver interface for MACsec capable Qualcomm Atheros drivers
#CONFIG_DRIVER_MACSEC_QCA=y
# Driver interface for Linux MACsec drivers
CONFIG_DRIVER_MACSEC_LINUX=y
# Driver interface for the Broadcom RoboSwitch family
#CONFIG_DRIVER_ROBOSWITCH=y
# Driver interface for no driver (e.g., WPS ER only)
CONFIG_DRIVER_NONE=y
# Solaris libraries
#LIBS += -lsocket -ldlpi -lnsl
#LIBS_c += -lsocket
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
# MACsec is included)
CONFIG_IEEE8021X_EAPOL=y
# EAP-MD5
CONFIG_EAP_MD5=y
# EAP-MSCHAPv2
CONFIG_EAP_MSCHAPV2=y
# EAP-TLS
CONFIG_EAP_TLS=y
# EAL-PEAP
CONFIG_EAP_PEAP=y
# EAP-TTLS
CONFIG_EAP_TTLS=y
# EAP-FAST
CONFIG_EAP_FAST=y
# EAP-GTC
CONFIG_EAP_GTC=y
# EAP-OTP
CONFIG_EAP_OTP=y
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
CONFIG_EAP_SIM=y
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
CONFIG_EAP_PSK=y
# EAP-pwd (secure authentication using only a password)
CONFIG_EAP_PWD=y
# EAP-PAX
CONFIG_EAP_PAX=y
# LEAP
CONFIG_EAP_LEAP=y
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
CONFIG_EAP_AKA=y
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
# This requires CONFIG_EAP_AKA to be enabled, too.
CONFIG_EAP_AKA_PRIME=y
# Enable USIM simulator (Milenage) for EAP-AKA
#CONFIG_USIM_SIMULATOR=y
# EAP-SAKE
CONFIG_EAP_SAKE=y
# EAP-GPSK
CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
CONFIG_EAP_GPSK_SHA256=y
# EAP-TNC and related Trusted Network Connect support (experimental)
CONFIG_EAP_TNC=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
# Enable WPS external registrar functionality
CONFIG_WPS_ER=y
# Disable credentials for an open network by default when acting as a WPS
# registrar.
CONFIG_WPS_REG_DISABLE_OPEN=y
# Enable WPS support with NFC config method
CONFIG_WPS_NFC=y
# EAP-IKEv2
CONFIG_EAP_IKEV2=y
# EAP-EKE
CONFIG_EAP_EKE=y
# MACsec
CONFIG_MACSEC=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
# engine.
CONFIG_SMARTCARD=y
# PC/SC interface for smartcards (USIM, GSM SIM)
# Enable this if EAP-SIM or EAP-AKA is included
CONFIG_PCSC=y
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
CONFIG_HT_OVERRIDES=y
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
CONFIG_VHT_OVERRIDES=y
# Development testing
#CONFIG_EAPOL_TEST=y
# Select control interface backend for external programs, e.g, wpa_cli:
# unix = UNIX domain sockets (default for Linux/*BSD)
# udp = UDP sockets using localhost (127.0.0.1)
# udp6 = UDP IPv6 sockets using localhost (::1)
# named_pipe = Windows Named Pipe (default for Windows)
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
# y = use default (backwards compatibility)
# If this option is commented out, control interface is not included in the
# build.
CONFIG_CTRL_IFACE=y
# Include support for GNU Readline and History Libraries in wpa_cli.
# When building a wpa_cli binary for distribution, please note that these
# libraries are licensed under GPL and as such, BSD license may not apply for
# the resulting binary.
CONFIG_READLINE=y
# Include internal line edit mode in wpa_cli. This can be used as a replacement
# for GNU Readline to provide limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Remove debugging code that is printing out debug message to stdout.
# This can be used to reduce the size of the wpa_supplicant considerably
# if debugging code is not needed. The size reduction can be around 35%
# (e.g., 90 kB).
#CONFIG_NO_STDOUT_DEBUG=y
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
# 35-50 kB in code size.
#CONFIG_NO_WPA=y
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
# This option can be used to reduce code size by removing support for
# converting ASCII passphrases into PSK. If this functionality is removed, the
# PSK can only be configured as the 64-octet hexstring (e.g., from
# wpa_passphrase). This saves about 0.5 kB in code size.
#CONFIG_NO_WPA_PASSPHRASE=y
# Simultaneous Authentication of Equals (SAE), WPA3-Personal
CONFIG_SAE=y
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
# This can be used if ap_scan=1 mode is never enabled.
#CONFIG_NO_SCAN_PROCESSING=y
# Select configuration backend:
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
# path is given on command line, not here; this option is just used to
# select the backend that allows configuration files to be used)
# winreg = Windows registry (see win_example.reg for an example)
CONFIG_BACKEND=file
# Remove configuration write functionality (i.e., to allow the configuration
# file to be updated based on runtime configuration changes). The runtime
# configuration can still be changed, the changes are just not going to be
# persistent over restarts. This option can be used to reduce code size by
# about 3.5 kB.
#CONFIG_NO_CONFIG_WRITE=y
# Remove support for configuration blobs to reduce code size by about 1.5 kB.
#CONFIG_NO_CONFIG_BLOBS=y
# Select program entry point implementation:
# main = UNIX/POSIX like main() function (default)
# main_winsvc = Windows service (read parameters from registry)
# main_none = Very basic example (development use only)
CONFIG_MAIN=main
# Select wrapper for operating system and C library specific functions
# unix = UNIX/POSIX like systems (default)
# win32 = Windows systems
# none = Empty template
CONFIG_OS=unix
# Select event loop implementation
# eloop = select() loop (default)
# eloop_win = Windows events and WaitForMultipleObject() loop
CONFIG_ELOOP=eloop
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
#CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select layer 2 packet implementation
# linux = Linux packet socket (default)
# pcap = libpcap/libdnet/WinPcap
# freebsd = FreeBSD libpcap
# winpcap = WinPcap with receive thread
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
# none = Empty template
CONFIG_L2_PACKET=linux
# Disable Linux packet socket workaround applicable for station interface
# in a bridge for EAPOL frames. This should be uncommented only if the kernel
# is known to not have the regression issue in packet socket behavior with
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=openssl
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used. It should be noted that some existing TLS v1.0 -based
# implementation may not be compatible with TLS v1.1 message (ClientHello is
# sent prior to negotiating which version will be used)
CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms. It should be
# noted that some existing TLS v1.0 -based implementation may not be compatible
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
# will be used)
CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT@SECLEVEL=1"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
# This is only for Windows builds and requires WMI-related header files and
# WbemUuid.Lib from Platform SDK even when building with MinGW.
#CONFIG_NDIS_EVENTS_INTEGRATED=y
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
# Add support for new DBus control interface
# (fi.w1.hostap.wpa_supplicant1)
CONFIG_CTRL_IFACE_DBUS_NEW=y
# Add introspection support for new DBus control interface
CONFIG_CTRL_IFACE_DBUS_INTRO=y
# Add support for loading EAP methods dynamically as shared libraries.
# When this option is enabled, each EAP method can be either included
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
# be loaded in the beginning of the wpa_supplicant configuration file
# (see load_dynamic_eap parameter in the example file) before being used in
# the network blocks.
#
# Note that some shared parts of EAP methods are included in the main program
# and in order to be able to use dynamic EAP methods using these parts, the
# main program must have been build with the EAP method enabled (=y or =dyn).
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
# unless at least one of them was included in the main build to force inclusion
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
# in the main build to be able to load these methods dynamically.
#
# Please also note that using dynamic libraries will increase the total binary
# size. Thus, it may not be the best option for targets that have limited
# amount of memory/flash.
#CONFIG_DYNAMIC_EAP_METHODS=y
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
CONFIG_IEEE80211R=y
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Set syslog facility for debug messages
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
CONFIG_DEBUG_LINUX_TRACING=y
# Add support for writing debug log to Android logcat instead of standard
# output
#CONFIG_ANDROID_LOG=y
# Enable privilege separation (see README 'Privilege separation' for details)
#CONFIG_PRIVSEP=y
# Enable mitigation against certain attacks against TKIP by delaying Michael
# MIC error reports by a random amount of time between 0 and 60 seconds
CONFIG_DELAYED_MIC_ERROR_REPORT=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, uncomment these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, uncomment these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# wpa_supplicant depends on strong random number generation being available
# from the operating system. os_get_random() function is used to fetch random
# data when needed, e.g., for key generation. On Linux and BSD systems, this
# works by reading /dev/urandom. It should be noted that the OS entropy pool
# needs to be properly initialized before wpa_supplicant is started. This is
# important especially on embedded devices that do not have a hardware random
# number generator and may by default start up with minimal entropy available
# for random number generation.
#
# As a safety net, wpa_supplicant is by default trying to internally collect
# additional entropy for generating random data to mix in with the data fetched
# from the OS. This by itself is not considered to be very strong, but it may
# help in cases where the system pool is not initialized properly. However, it
# is very strongly recommended that the system pool is initialized with enough
# entropy either by using hardware assisted random number generator or by
# storing state over device reboots.
#
# wpa_supplicant can be configured to maintain its own entropy store over
# restarts to enhance random number generation. This is not perfect, but it is
# much more secure than using the same sequence of random numbers after every
# reboot. This can be enabled with -e<entropy file> command line option. The
# specified file needs to be readable and writable by wpa_supplicant.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal wpa_supplicant random pool can be
# disabled. This will save some in binary size and CPU use. However, this
# should only be considered for builds that are known to be used on devices
# that meet the requirements described above.
#CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
CONFIG_IEEE80211N=y
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
# (depends on CONFIG_IEEE80211N)
CONFIG_IEEE80211AC=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks (GAS/ANQP to learn more about the networks and network
# selection based on available credentials).
CONFIG_INTERWORKING=y
# Hotspot 2.0
CONFIG_HS20=y
# Enable interface matching in wpa_supplicant
#CONFIG_MATCH_IFACE=y
# Disable roaming in wpa_supplicant
#CONFIG_NO_ROAMING=y
# AP mode operations with wpa_supplicant
# This can be used for controlling AP mode operations with wpa_supplicant. It
# should be noted that this is mainly aimed at simple cases like
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
# external RADIUS server can be supported with hostapd.
CONFIG_AP=y
# P2P (Wi-Fi Direct)
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
# more information on P2P operations.
CONFIG_P2P=y
# Enable TDLS support
CONFIG_TDLS=y
# Wi-Fi Display
# This can be used to enable Wi-Fi Display extensions for P2P using an external
# program to control the additional information exchanges in the messages.
CONFIG_WIFI_DISPLAY=y
# Autoscan
# This can be used to enable automatic scan support in wpa_supplicant.
# See wpa_supplicant.conf for more information on autoscan usage.
#
# Enabling directly a module will enable autoscan support.
# For exponential module:
CONFIG_AUTOSCAN_EXPONENTIAL=y
# For periodic module:
CONFIG_AUTOSCAN_PERIODIC=y
# Password (and passphrase, etc.) backend for external storage
# These optional mechanisms can be used to add support for storing passwords
# and other secrets in external (to wpa_supplicant) location. This allows, for
# example, operating system specific key storage to be used
#
# External password backend for testing purposes (developer use)
#CONFIG_EXT_PASSWORD_TEST=y
# Enable Fast Session Transfer (FST)
CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# OS X builds. This is only for building eapol_test.
#CONFIG_OSX=y
# Automatic Channel Selection
# This will allow wpa_supplicant to pick the channel automatically when channel
# is set to "0".
#
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
# to "channel=0". This would enable us to eventually add other ACS algorithms in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
# a newly to create wpa_supplicant.conf variable acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
CONFIG_ACS=y
# Support Multi Band Operation
#CONFIG_MBO=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Support RSN on IBSS networks
# This is needed to be able to use mode=1 network profile with proto=RSN and
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
CONFIG_IBSS_RSN=y
# External PMKSA cache control
# This can be used to enable control interface commands that allow the current
# PMKSA cache entries to be fetched and new entries to be added.
CONFIG_PMKSA_CACHE_EXTERNAL=y
# Mesh Networking (IEEE 802.11s)
#CONFIG_MESH=y
# Background scanning modules
# These can be used to request wpa_supplicant to perform background scanning
# operations for roaming within an ESS (same SSID). See the bgscan parameter in
# the wpa_supplicant.conf file for more details.
# Periodic background scans based on signal strength
CONFIG_BGSCAN_SIMPLE=y
# Learn channels used by the network and try to avoid bgscans on other
# channels (experimental)
CONFIG_BGSCAN_LEARN=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
CONFIG_OWE=y
# Device Provisioning Protocol (DPP)
# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
# wpa_supplicant/README-DPP for details)
CONFIG_DPP=y

20
debian/config/wpasupplicant/linux-udeb vendored
View File

@ -1,20 +0,0 @@
# Debian's wpa_supplicant build time configuration
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_NL80211=y
CONFIG_LIBNL32=y
CONFIG_CTRL_IFACE=y
CONFIG_BACKEND=file
CONFIG_MAIN=main
CONFIG_OS=unix
CONFIG_ELOOP=eloop
CONFIG_L2_PACKET=linux
# At least one of these two is needed to get
# the netlink driver working, why this is the case
# is currently mysterious
#CONFIG_IEEE8021X_EAPOL=y
CONFIG_WPS=y
# enable syslog support, as requested by d-i/ netcfg
CONFIG_DEBUG_SYSLOG=y
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON

433
debian/copyright vendored
View File

@ -1,433 +0,0 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: hostapd
Upstream-Contact: Jouni Malinen <j@w1.fi>
Source: git://w1.fi/srv/git/hostap.git
Files-Excluded:
doc/*
eap_example/*
mac80211_hwsim/*
radius_example/*
tests/*
wlantest/*
wpadebug/*
wpaspy/*
Android.mk
build_release
Files: *
Copyright: 2002-2014, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: hostapd/logwatch/*
Copyright: 2005, Henrik Brix Andersen <brix@gentoo.org>
License: BSD-3-clause or GPL-2
Files: hostapd/Android.mk
Copyright: 2008, The Android Open Source Project
License: BSD-3-clause
Files: hostapd/hostapd.8
hostapd/hostapd_cli.1
Copyright: 2005, Faidon Liambotis <faidon@cube.gr>
License: BSD-3-clause
Files: hs20/*
Copyright: 2012-2014, Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: patches/*
Copyright: 2005, Alexey Kobozev <akobozev@cisco.com>
2005-2012, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: src/ap/acs.*
Copyright: 2011, Atheros Communications
2013, Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: src/ap/ap_list.*
src/ap/ap_mlme.*
src/ap/beacon.*
src/ap/hw_features.*
src/ap/vlan_init.*
src/ap/wmm.*
Copyright: 2002-2009, Jouni Malinen <j@w1.fi>
2002-2004, Instant802 Networks, Inc.
2005-2006, Devicescape Software, Inc.
License: BSD-3-clause
Files: src/ap/dfs.*
Copyright: 2002-2013, Jouni Malinen <j@w1.fi>
2013, Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: src/ap/gas_serv.*
src/ap/wnm_ap.*
src/common/ieee802_1x_defs.h
src/common/qca-vendor*
Copyright: 2011-2014, Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: src/ap/hs20.*
wpa_supplicant/hs20_supplicant.*
Copyright: 2009, Atheros Communications, Inc.
2011-2013, Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: src/ap/ieee802_11_ht.c
Copyright: 2002-2009, Jouni Malinen <j@w1.fi>
2007-2008, Intel Corporation
License: BSD-3-clause
Files: src/ap/p2p_hostapd.*
Copyright: 2009-2010, Atheros Communications
License: BSD-3-clause
Files: src/ap/vlan_util.*
Copyright: 2012, Michael Braun <michael-dev@fami-braun.de>
License: BSD-3-clause
Files: src/common/gas.*
Copyright: 2009, Atheros Communications
2011-2012, Qualcomm Atheros
License: BSD-3-clause
Files: src/common/ieee802_11_defs.h
Copyright: 2002-2009, Jouni Malinen <j@w1.fi>
2007-2008, Intel Corporation
License: BSD-3-clause
Files: src/common/wpa_helpers.*
Copyright: 2010-2011, Atheros Communications, Inc.
2011-2012, Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: src/crypto/aes-internal*
Copyright: 2000, Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
2000, Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
2000, Paulo Barreto <paulo.barreto@terra.com.br>
2003-2012, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: src/crypto/des-internal.c
Copyright: 2005, Tom St Denis <tomstdenis@gmail.com>
2006-2009, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: src/crypto/md4-internal.c
Copyright: 1993, Colin Plumb
2004, Todd C. Miller
2006, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: src/crypto/md5-internal.c
Copyright: 1993, Colin Plumb
2003-2005, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: src/crypto/sha1-internal.c
Copyright: 1998, Steve Reid <sreid@sea-to-sky.net>
1998, James H. Brown <jbrown@burgoyne.com>
2001, Saul Kravitz <Saul.Kravitz@celera.com>
2001-2005, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: src/drivers/driver_atheros.c
Copyright: 2004, Sam Leffler <sam@errno.com>
2004, Video54 Technologies
2005-2007, Jouni Malinen <j@w1.fi>
2009, Atheros Communications
License: BSD-3-clause
Files: src/drivers/driver_bsd.c
Copyright: 2004, Sam Leffler <sam@errno.com>
2004, 2Wire, Inc
License: BSD-3-clause
Files: src/drivers/driver_macsec_qca.c
Copyright: 2004, Gunter Burchardt <tira@isx.de>
2005-2009, Jouni Malinen <j@w1.fi>
2013-2014, Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: src/drivers/driver_madwifi.c
Copyright: 2004, Sam Leffler <sam@errno.com>
2004, Video54 Technologies
2004-2007, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: src/drivers/driver_nl80211.c
Copyright: 2002-2014, Jouni Malinen <j@w1.fi>
2003-2004, Instant802 Networks, Inc.
2005-2006, Devicescape Software, Inc.
2007, Johannes Berg <johannes@sipsolutions.net>
2009-2010, Atheros Communications
License: BSD-3-clause
Files: src/drivers/driver_none.c
Copyright: 2008, Atheros Communications
License: BSD-3-clause
Files: src/drivers/driver_openbsd.c
Copyright: 2013, Mark Kettenis <mark.kettenis@xs4all.nl>
License: BSD-3-clause
Files: src/drivers/driver_roboswitch.c
Copyright: 2008-2009, Jouke Witteveen
License: BSD-3-clause
Files: src/drivers/driver_wired.c
Copyright: 2005-2009, Jouni Malinen <j@w1.fi>
2004, Gunter Burchardt <tira@isx.de>
License: BSD-3-clause
Files: src/drivers/nl80211_copy.h
Copyright: 2006-2010, Johannes Berg <johannes@sipsolutions.net>
2008, Michael Wu <flamingice@sourmilk.net>
2008, Luis Carlos Cobo <luisca@cozybit.com>
2008, Michael Buesch <m@bues.ch>
2008-2009, Luis R. Rodriguez <lrodriguez@atheros.com>
2008, Jouni Malinen <jouni.malinen@atheros.com>
2008, Colin McCabe <colin@cozybit.com>
License: ISC
Files: src/eap_common/eap_pwd_common.*
src/eap_peer/eap_pwd.c
src/eap_server/eap_server_pwd.c
Copyright: 2010, Dan Harkins <dharkins@lounge.org>
License: BSD-3-clause
Files: src/eap_peer/eap_proxy*
Copyright: 2011-2013 Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: src/l2_packet/l2_packet_freebsd.c
Copyright: 2003-2005, Jouni Malinen <j@w1.fi>
2005, Sam Leffler <sam@errno.com>
License: BSD-3-clause
Files: src/p2p/*
Copyright: 2009-2010, Atheros Communications
License: BSD-3-clause
Files: src/pae/*
Copyright: 2013-2014, Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: src/rsn_supp/tdls.c
Copyright: 2010-2011, Atheros Communications
License: BSD-3-clause
Files: src/tls/libtommath.c
Copyright: 2005-2007, Tom St Denis <tomstdenis@gmail.com>
License: public-domain
Files: src/utils/browser*
src/utils/http*
src/utils/xml*
Copyright: 2012-2014, Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: src/utils/radiotap.c
Copyright: 2007, Andy Green <andy@warmcat.com>
2009, Johannes Berg <johannes@sipsolutions.net>
License: BSD-3-clause
Files: src/utils/radiotap.h
Copyright: 2003-2004, David Young
License: BSD-3-clause
Files: src/wps/http.h
src/wps/upnp_xml.*
src/wps/wps_upnp.*
src/wps/wps_upnp_event.c
src/wps/wps_upnp_i.h
src/wps/wps_upnp_ssdp.c
src/wps/wps_upnp_web.c
Copyright: 2000-2003, Intel Corporation
2006-2007, Sony Corporation
2008-2009, Atheros Communications
2009, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: src/wps/httpread.*
Copyright: 2008, Ted Merrill, Atheros Communications
License: BSD-3-clause
Files: src/wps/ndef.c
Copyright: 2009-2012, Masashi Honma <honma@ictec.co.jp>
License: BSD-3-clause
Files: src/wps/wps_validate.c
Copyright: 2010, Atheros Communications, Inc.
License: BSD-3-clause
Files: wpa_supplicant/dbus/dbus_common.*
wpa_supplicant/dbus/dbus_common_i.h
wpa_supplicant/dbus/dbus_new.*
wpa_supplicant/dbus/dbus_new_handlers.*
wpa_supplicant/dbus/dbus_new_handlers_wps.c
wpa_supplicant/dbus/dbus_new_helpers.*
wpa_supplicant/dbus/dbus_new_introspect.c
Copyright: 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
2009-2010, Witold Sowa <witold.sowa@gmail.com>
2009-2010, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: wpa_supplicant/dbus/dbus_dict_helpers.*
wpa_supplicant/dbus/dbus_old*
Copyright: 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
License: BSD-3-clause
Files: wpa_supplicant/dbus/dbus_new_handlers_p2p.*
wpa_supplicant/examples/p2p/*
wpa_supplicant/examples/dbus-listen-preq.py
Copyright: 2011-2012, Intel Corporation
License: BSD-3-clause
Files: wpa_supplicant/utils/log2pcap.py
Copyright: Johannes Berg <johannes@sipsolutions.net>, Intel Corporation
License: BSD-3-clause
Files: wpa_supplicant/wpa_gui-qt4/icons/ap.svg
Copyright: 2008, mystica
License: public-domain
Files: wpa_supplicant/wpa_gui-qt4/icons/group.svg
Copyright: 2009, Andrew Fitzsimon / Anonymous
License: public-domain
Files: wpa_supplicant/wpa_gui-qt4/icons/invitation.svg
Copyright: 2009, Jean Victor Balin
License: public-domain
Files: wpa_supplicant/wpa_gui-qt4/icons/laptop.svg
Copyright: 2008, metalmarious
License: public-domain
Files: wpa_supplicant/wpa_gui-qt4/icons/wpa_gui.svg
Copyright: 2008, Bernard Gray <bernard.gray@gmail.com>
License: BSD-3-clause or GPL-2
Files: wpa_supplicant/wpa_gui-qt4/peers.*
wpa_supplicant/wpa_gui-qt4/stringquery.*
Copyright: 2009-2010, Atheros Communications
License: BSD-3-clause
Files: wpa_supplicant/wpa_gui-qt4/signalbar.*
Copyright: 2011, Kel Modderman <kel@otaku42.de>
License: BSD-3-clause
Files: wpa_supplicant/Android.mk
wpa_supplicant/wpa_supplicant_conf.*
Copyright: 2008-2010, The Android Open Source Project
License: BSD-3-clause
Files: wpa_supplicant/ap.*
Copyright: 2003-2009, Jouni Malinen <j@w1.fi>
2009, Atheros Communications
License: BSD-3-clause
Files: wpa_supplicant/autoscan*
Copyright: 2012, Intel Corporation
License: BSD-3-clause
Files: wpa_supplicant/gas_query.*
wpa_supplicant/offchannel.*
wpa_supplicant/p2p_supplicant.*
wpa_supplicant/wifi_display.*
Copyright: 2009-2011, Atheros Communications
2011-2014, Qualcomm Atheros
2011-2014, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: wpa_supplicant/interworking.*
wpa_supplicant/wnm_sta.*
wpa_supplicant/wpas_kay.*
Copyright: 2011-2014, Qualcomm Atheros
2011-2014, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: debian/*
Copyright: 2004-2006, Kyle McMartin <kyle@debian.org>
2005-2009, Faidon Liambotis <paravoid@debian.org>
2006-2008, Reinhard Tartler <siretart@tauware.de>
2006-2012, Kel Modderman <kel@otaku42.de>
2010, Jan Dittberner <jandd@debian.org>
2010-2014, Stefan Lippers-Hollmann <s.l-h@gmx.de>
License: BSD-3-clause
License: BSD-3-clause
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
.
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
.
3. Neither the name(s) of the above-listed copyright holder(s) nor the
names of its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
License: GPL-2
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2 as
published by the Free Software Foundation.
.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
.
On Debian GNU/Linux systems, the complete text of the GNU General Public
License version 2 can be found in `/usr/share/common-licenses/GPL-2'.
.
Note that this distribution of hostapd comes with configuration options that
link it to the OpenSSL library. The OpenSSL license is GPL-incompatible,
therefore in this distribution only the BSD license applies.
License: ISC
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
License: public-domain
Minimal code for RSA support from LibTomMath 0.41
http://libtom.org/
http://libtom.org/files/ltm-0.41.tar.bz2
This library was released in public domain by Tom St Denis.
.
The combination in this file may not use all of the optimized algorithms
from LibTomMath and may be considerable slower than the LibTomMath with its
default settings. The main purpose of having this version here is to make it
easier to build bignum.c wrapper without having to install and build an
external library.

85
debian/examples/wpa-roam.conf vendored
View File

@ -1,85 +0,0 @@
######################## Debian wpa-roam Template #############################
#
# Template configuration for wpa-roam mode of Debian's wpasupplicant package.
# wpa-roam mode is described in detail in the wpa_action(8) manpage, and also
# at /usr/share/doc/wpasupplicant/README.modes.gz. Please read these documents
# to get an overview of how to setup this mode.
#
# For a detailed set of configuration examples for different networks, refer to
# /usr/share/doc/wpasupplicant/README.wpa_supplicant.conf.gz
#
# Also see the other files in /usr/share/doc/wpasupplicant/examples/ for
# specific network configuration examples.
#
# Empty lines and lines starting with # are ignored
#
# NOTE! This file may contain password information and should be made readable
# only by root user or netdev group on multiuser systems.
#
######################## Global Configuration Options #########################
#
# The update_config option can be used to allow wpa_supplicant to overwrite
# configuration file whenever configuration is changed (e.g., new network block
# is added with wpa_cli or wpa_gui, or a password is changed). This is required
# for wpa_cli/wpa_gui to be able to store the configuration changes
# permanently.
#
# NOTE! Any comments will be removed from the configuration file when the
# update_config option is used.
#
#update_config=1
# The ctrl_interface specifies the path to a unix socket through which the
# supplicant may be controlled and interacted with.
#
# DIR= Path to UNIX socket control interface, mandatory for wpa-roam mode
# GROUP= Users in this group to control wpa_supplicant via wpa_cli/wpa_gui
#
ctrl_interface=DIR=/run/wpa_supplicant GROUP=netdev
#
######################## Network Block Configurations #########################
#
# Each network is configured as a separate block in this configuration file.
# The network blocks are listed in preference of order, the top most network
# to be found in scan results is used.
#
# By default, all networks will get same priority (0). If some of the networks
# are more desirable, the "priority=" network parameter can be used to change
# the order in which wpa_supplicant goes through the network blocks when
# selecting what network will be used. The priority groups will be iterated
# in decreasing priority, the network with the highest priority value will be
# considered for selection first and the network with the lowest priority value
# will be considered last.
#
# NOTE! The scan_ssid=1 and ap_scan=2 modes ignore the priority field. Instead,
# the networks will be considered in the order specified in this configuration
# file.
#
# The "id_str=" network identifier string parameter is given to wpa_action when
# a network has been selected, and contains this field in its configuration
# block. The given id_str string will be used to select a logical interfaces
# from ifupdown's /etc/network/interfaces file.
#
###############################################################################
#network={
# ssid="Example WEP Network"
# key_mgmt=NONE
# wep_key0=6162636465
# wep_tx_keyidx=0
# id_str="johns_house"
#}
#network={
# ssid="Example WPA Network"
# psk="mysecretpassphrase"
# id_str="home"
#}
###############################################################################
# Default behaviour is to associate with any open access point, further
# networks can be configured with wpa_cli/wpa_gui.
#
network={
key_mgmt=NONE
}

3
debian/gbp.conf vendored
View File

@ -1,3 +0,0 @@
[DEFAULT]
debian-branch=debian/master
upstream-branch=upstream/latest

106
debian/get-orig-source vendored
View File

@ -1,106 +0,0 @@
#!/bin/sh
set -e
if [ -n "${1}" ]; then
CURDIR="${1}"
else
echo "ERROR: not called with \$(CURDIR) parameter" >&2
exit 1
fi
# parse versions
if [ -n "${2}" ]; then
VERSION="${2}"
else
VERSION="$(dpkg-parsechangelog -l${CURDIR}/debian/changelog | sed -ne 's,^Version: *\([0-9]*:\)\?\(.*\)$,\2,p')"
fi
DEB_VER="$(echo ${VERSION} | sed 's,\-[0-9a-z\~\.]*,,')"
UP_VER="$(echo ${DEB_VER} | sed 's,\~,\-,g')"
SNAPDATE="$(echo ${DEB_VER} | sed 's/.*[+~]git\([0-9]*\).*/\1/')"
case "${UP_VER}" in
*[+-]git[0-9\.]*+*)
UP_VER_TAG="$(echo $UP_VER | sed 's,.*[+-]git[0-9\.]*+,,')"
;;
*)
UP_VER_TAG="hostap_$(echo $UP_VER | sed -e 's,\.,_,g' -e 's,\-,_,g')"
;;
esac
# set upstream (git-) Vcs
UP_VCS="git://w1.fi/srv/git/hostap.git"
if dpkg --compare-versions "${DEB_VER}" lt "2~"; then
UP_VCS="git://w1.fi/srv/git/hostap-1.git"
fi
# write to ../{,_}tarballs/, if it exists - ../ otherwise
if [ -d "${CURDIR}/../tarballs" ]; then
ORIG_TARBALL="${CURDIR}/../tarballs/wpa_${DEB_VER}.orig.tar.xz"
elif [ -d "${CURDIR}/../_tarballs" ]; then
ORIG_TARBALL="${CURDIR}/../_tarballs/wpa_${DEB_VER}.orig.tar.xz"
else
ORIG_TARBALL="${CURDIR}/../wpa_${DEB_VER}.orig.tar.xz"
fi
# don't overwrite existing tarballs
if [ -e "${ORIG_TARBALL}" ]; then
echo "ERROR: don't overwrite existing ${ORIG_TARBALL}" >&2
exit 2
fi
TEMP_SOURCE="$(mktemp -d --tmpdir wpa-orig-source.XXXXXXXXXX)"
if [ "$?" -ne 0 ] || [ -z "${TEMP_SOURCE}" ] || [ ! -d "${TEMP_SOURCE}" ]; then
echo "ERROR: failed to create temporary working directory" >&2
exit 3
fi
# clone upstream git repository
echo "clone ${UP_VCS}:"
git clone "${UP_VCS}" "${TEMP_SOURCE}"
if [ "$?" -ne 0 ] || [ ! -d "${TEMP_SOURCE}" ]; then
echo "ERROR: cloning ${UP_VCS} failed" >&2
rm -rf "${TEMP_SOURCE}"
exit 4
fi
# add CONTRIBUTIONS for wpa 2.2~
# (it's available since 2.0~, but only gets included in 2.2~)
if dpkg --compare-versions "${DEB_VER}" ge "2.2~"; then
CONTRIBUTIONS="CONTRIBUTIONS"
fi
# add Hotspot 2.0 OSU server for wpa 2.2~
if dpkg --compare-versions "${DEB_VER}" ge "2.2~"; then
HS20="hs20"
elif dpkg --compare-versions "${DEB_VER}" ge "2.1+" && [ "${SNAPDATE}" -ge "20140526" ]; then
HS20="hs20"
fi
# add drop patches/ for wpa 2.6~, it's no longer available.
if dpkg --compare-versions "${DEB_VER}" ge "2.6~"; then
PATCHES=""
elif dpkg --compare-versions "${DEB_VER}" ge "2.5+" && [ "${SNAPDATE}" -ge "20160108" ]; then
PATCHES=""
else
PATCHES="patches"
fi
# create new upstream tarball
cd "${TEMP_SOURCE}" && \
git archive \
--format=tar \
--prefix="wpa-${UP_VER}/" \
"${UP_VER_TAG}" \
README COPYING $CONTRIBUTIONS $PATCHES src wpa_supplicant hostapd $HS20 | \
xz -c6 > "${ORIG_TARBALL}"
if [ "$?" -ne 0 ] || [ ! -e "${ORIG_TARBALL}" ]; then
echo "ERROR: failure to create ${ORIG_TARBALL}" >&2
rm -rf "${TEMP_SOURCE}"
exit 5
else
echo "SUCCESS: New upstream tarball has been saved at ${ORIG_TARBALL}"
rm -rf "${TEMP_SOURCE}"
exit 0
fi

3
debian/gitlab-ci.yml vendored
View File

@ -1,3 +0,0 @@
include:
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml

29
debian/hostapd.NEWS vendored
View File

@ -1,29 +0,0 @@
wpa (2:2.7-3) unstable; urgency=medium
Starting from this version, the init script of hostapd will display
a warning if DAEMON_CONF is set to a value different from
/etc/hostapd/hostapd.conf. A future upload will also attempt
to migrate the configuration file to the new location.
-- Andrej Shadura <andrewsh@debian.org> Thu, 10 Jan 2019 21:29:31 +0100
wpa (2:2.6-10) unstable; urgency=medium
The hostapd .service file is now automatically masked every time the
package is upgraded with no valid configuration.
The plan is to deprecate /etc/default/hostapd at some point, making
/etc/hostapd/hostapd.conf the standard location for the configuration
file.
-- Andrew Shadura <andrewsh@debian.org> Tue, 28 Nov 2017 12:29:21 +0100
wpa (2:2.6-8) unstable; urgency=medium
Since 2:2.6-6, hostapd ships a systemd .service file. As hostapd comes
with /etc/default/hostapd file, which by default doesn't specify any
config file, to prevent installation or boot failures, the package's
postinst script masks the hostapd.service unit on the first install.
After editing the default file, users need to unmask it themselves.
-- Andrew Shadura <andrewsh@debian.org> Sun, 26 Nov 2017 19:25:50 +0000

43
debian/hostapd.README.Debian vendored
View File

@ -1,43 +0,0 @@
hostapd for Debian
------------------
This package provides two methods for managing hostapd process(es); an
initscript and an ifupdown hook. Both methods require creation of a
hostapd daemon configuration file (/etc/hostapd/hostapd.conf) to
function correctly.
An example hostapd.conf may be used as a template but _must_ be edited
to suit your local configuration. An example is located at:
/usr/share/doc/hostapd/examples/hostapd.conf.gz
To use the example as a template:
# zcat /usr/share/doc/hostapd/examples/hostapd.conf.gz > \
/etc/hostapd/hostapd.conf
# $EDITOR /etc/hostapd/hostapd.conf
If you're running systemd, you need to unmask the hostapd unit by running:
systemctl unmask hostapd
If you want to run multiple instances of hostapd with different
configurations, consider using a service template hostapd@.service
shipped with the package. E.g. for a hostapd configuration file named
/etc/hostapd/wifi.conf, the service name will be hostapd@wifi.service.
The previously supported configuration setting DAEMON_CONF in
/etc/default/hostapd is deprecated and its support will be removed.
To use the ifupdown method, the path to hostapd configuration file can
be specified in a network interfaces configuration stanza in
/etc/network/interfaces like so:
iface eth1 inet static
hostapd /etc/hostapd/hostapd.conf
...
The hostapd process will be started in the pre-up phase of ifup, and be
terminated in the post-down phase of ifdown.
Please note:
* If you want to use hostapd with a Prism2/2.5/3 card in WPA mode, you'll need
STA firmware version >= 1.7.0.

23
debian/hostapd.default vendored
View File

@ -1,23 +0,0 @@
# Defaults for hostapd initscript
#
# WARNING: The DAEMON_CONF setting has been deprecated and will be removed
# in future package releases.
#
# See /usr/share/doc/hostapd/README.Debian for information about alternative
# methods of managing hostapd.
#
# Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration
# file and hostapd will be started during system boot. An example configuration
# file can be found at /usr/share/doc/hostapd/examples/hostapd.conf.gz
#
#DAEMON_CONF=""
# Additional daemon options to be appended to hostapd command:-
# -d show more debug messages (-dd for even more)
# -K include key data in debug messages
# -t include timestamps in some debug messages
#
# Note that -B (daemon mode) and -P (pidfile) options are automatically
# configured by the init.d script and must not be added to DAEMON_OPTS.
#
#DAEMON_OPTS=""

3
debian/hostapd.docs vendored
View File

@ -1,3 +0,0 @@
hostapd/README
hostapd/README-MULTI-AP
hostapd/README-WPS

6
debian/hostapd.examples vendored
View File

@ -1,6 +0,0 @@
hostapd/hostapd.accept
hostapd/hostapd.conf
hostapd/hostapd.deny
hostapd/hostapd.eap_user
hostapd/hostapd.radius_clients
hostapd/hostapd.wpa_psk

80
debian/hostapd.init vendored
View File

@ -1,80 +0,0 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: hostapd
# Required-Start: $remote_fs
# Required-Stop: $remote_fs
# Should-Start: $network
# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Advanced IEEE 802.11 management daemon
# Description: Userspace IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP
# Authenticator
### END INIT INFO
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON_SBIN=/usr/sbin/hostapd
DAEMON_DEFS=/etc/default/hostapd
DAEMON_CONF=/etc/hostapd/hostapd.conf
NAME=hostapd
DESC="advanced IEEE 802.11 management"
PIDFILE=/run/hostapd.pid
[ -x "$DAEMON_SBIN" ] || exit 0
[ -s "$DAEMON_DEFS" ] && . /etc/default/hostapd
[ -n "$DAEMON_CONF" ] || exit 0
DAEMON_OPTS="-B -P $PIDFILE $DAEMON_OPTS $DAEMON_CONF"
. /lib/lsb/init-functions
for conf in $DAEMON_CONF
do
if [ ! -r "$conf" ]
then
log_action_msg "hostapd config $conf not found, not starting hostapd."
exit 0
fi
done
case "$1" in
start)
if [ "$DAEMON_CONF" != /etc/hostapd/hostapd.conf ]
then
log_warning_msg "hostapd config not in /etc/hostapd/hostapd.conf -- please read /usr/share/doc/hostapd/NEWS.Debian.gz"
fi
log_daemon_msg "Starting $DESC" "$NAME"
start-stop-daemon --start --oknodo --quiet --exec "$DAEMON_SBIN" \
--pidfile "$PIDFILE" -- $DAEMON_OPTS >/dev/null
log_end_msg "$?"
;;
stop)
log_daemon_msg "Stopping $DESC" "$NAME"
start-stop-daemon --stop --oknodo --quiet --exec "$DAEMON_SBIN" \
--pidfile "$PIDFILE"
log_end_msg "$?"
;;
reload)
log_daemon_msg "Reloading $DESC" "$NAME"
start-stop-daemon --stop --signal HUP --exec "$DAEMON_SBIN" \
--pidfile "$PIDFILE"
log_end_msg "$?"
;;
restart|force-reload)
$0 stop
sleep 8
$0 start
;;
status)
status_of_proc "$DAEMON_SBIN" "$NAME"
exit $?
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|force-reload|reload|status}" >&2
exit 1
;;
esac
exit 0

3
debian/hostapd.install vendored
View File

@ -1,3 +0,0 @@
debian/ifupdown/hostapd/ifupdown.sh etc/hostapd/
hostapd/hostapd usr/sbin/
hostapd/hostapd_cli usr/sbin/

2
debian/hostapd.links vendored
View File

@ -1,2 +0,0 @@
etc/hostapd/ifupdown.sh /etc/network/if-pre-up.d/hostapd
etc/hostapd/ifupdown.sh /etc/network/if-post-down.d/hostapd

9
debian/hostapd.lintian-overrides vendored
View File

@ -1,9 +0,0 @@
# We distribute the package under the terms of the BSD license due to the
# openssl issue, tell lintian to not complain:
hostapd binary: possible-gpl-code-linked-with-openssl
# no need for per-interface init scripts since hostapd has ifupdown integration
hostapd: package-supports-alternative-init-but-no-init.d-script lib/systemd/system/hostapd@.service
# we want to call systemctl and not anything else to mask a unit
hostapd: maintainer-script-calls-systemctl

2
debian/hostapd.manpages vendored
View File

@ -1,2 +0,0 @@
hostapd/hostapd.8
hostapd/hostapd_cli.1

17
debian/hostapd.postinst vendored
View File

@ -1,17 +0,0 @@
#!/bin/sh
set -e
#DEBHELPER#
if [ -d /run/systemd/system ] && [ "$1" = configure ]
then
DAEMON_CONF=
. /etc/default/hostapd
if [ -z "$DAEMON_CONF" ] && [ ! -r /etc/hostapd/hostapd.conf ] && ! systemctl --quiet is-active hostapd.service
then
systemctl mask hostapd.service
fi
fi
exit 0

11
debian/hostapd.postrm vendored
View File

@ -1,11 +0,0 @@
#!/bin/sh
set -e
if [ -d /run/systemd/system ] && [ "$1" = purge ]
then
systemctl unmask hostapd.service
fi
#DEBHELPER#
exit 0

15
debian/hostapd.service vendored
View File

@ -1,15 +0,0 @@
[Unit]
Description=Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
After=network.target
[Service]
Type=forking
PIDFile=/run/hostapd.pid
Restart=on-failure
RestartSec=2
Environment=DAEMON_CONF=/etc/hostapd/hostapd.conf
EnvironmentFile=-/etc/default/hostapd
ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS ${DAEMON_CONF}
[Install]
WantedBy=multi-user.target

15
debian/hostapd@.service vendored
View File

@ -1,15 +0,0 @@
[Unit]
Description=Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator (%I)
After=network.target
BindsTo=sys-subsystem-net-devices-%i.device
[Service]
Type=forking
PIDFile=/run/hostapd.%i.pid
Restart=on-failure
RestartSec=2
EnvironmentFile=-/etc/default/hostapd
ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.%i.pid $DAEMON_OPTS /etc/hostapd/%i.conf
[Install]
WantedBy=multi-user.target sys-subsystem-net-devices-%i.device

50
debian/ifupdown/action_wpa.sh vendored
View File

@ -1,50 +0,0 @@
#!/bin/sh
# Action script to enable/disable wpa-roam interfaces in reaction to
# ifplugd events.
#
# Copyright: Copyright (c) 2008-2010, Kel Modderman <kel@otaku42.de>
# License: GPL-2
#
PATH=/sbin:/usr/sbin:/bin:/usr/bin
if [ ! -x /sbin/wpa_action ]; then
exit 0
fi
# ifplugd(8) - <iface> <action>
#
# If an ifplugd managed interface is brought up, disconnect any
# wpa-roam managed interfaces so that only one "roaming" interface
# remains active on the system.
IFPLUGD_IFACE="${1}"
case "${2}" in
up)
COMMAND=disconnect
;;
down)
COMMAND=reconnect
;;
*)
echo "$0: unknown arguments: ${@}" >&2
exit 1
;;
esac
for CTRL in /run/wpa_supplicant/*; do
[ -S "${CTRL}" ] || continue
IFACE="${CTRL#/run/wpa_supplicant/}"
# skip if ifplugd is managing this interface
if [ "${IFPLUGD_IFACE}" = "${IFACE}" ]; then
continue
fi
if wpa_action "${IFACE}" check; then
wpa_cli -i "${IFACE}" "${COMMAND}"
fi
done

993
debian/ifupdown/functions.sh vendored
View File

@ -1,993 +0,0 @@
#!/bin/sh
#####################################################################
## Purpose
# This file contains common shell functions used by scripts of the
# wpasupplicant package to allow ifupdown to manage wpa_supplicant.
# It also contains some functions used by wpa_action(8) that allow
# ifupdown to be managed by wpa_cli(8) action events.
#
# This file is provided by the wpasupplicant package.
#####################################################################
# Copyright (C) 2006 - 2009 Debian/Ubuntu wpasupplicant Maintainers
# <pkg-wpa-devel@lists.alioth.debian.org>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# On Debian GNU/Linux systems, the text of the GPL license,
# version 2, can be found in /usr/share/common-licenses/GPL-2.
#####################################################################
## global variables
# wpa_supplicant variables
WPA_SUP_BIN="/sbin/wpa_supplicant"
WPA_SUP_PNAME="wpa_supplicant"
WPA_SUP_PIDFILE="/run/wpa_supplicant.${WPA_IFACE}.pid"
WPA_SUP_OMIT_DIR="/run/sendsigs.omit.d"
WPA_SUP_OMIT_PIDFILE="${WPA_SUP_OMIT_DIR}/wpasupplicant.wpa_supplicant.${WPA_IFACE}.pid"
# wpa_cli variables
WPA_CLI_BIN="/sbin/wpa_cli"
WPA_CLI_PNAME="wpa_cli"
WPA_CLI_PIDFILE="/run/wpa_action.${WPA_IFACE}.pid"
WPA_CLI_TIMESTAMP="/run/wpa_action.${WPA_IFACE}.timestamp"
WPA_CLI_IFUPDOWN="/run/wpa_action.${WPA_IFACE}.ifupdown"
# default ctrl_interface socket directory
if [ -z "$WPA_CTRL_DIR" ]; then
WPA_CTRL_DIR="/run/wpa_supplicant"
fi
# verbosity variables
if [ -n "$IF_WPA_VERBOSITY" ] || [ "$VERBOSITY" = "1" ]; then
TO_NULL="/dev/stdout"
DAEMON_VERBOSITY="--verbose"
else
TO_NULL="/dev/null"
DAEMON_VERBOSITY="--quiet"
fi
#####################################################################
## wpa_cli wrapper
# Path to common ctrl_interface socket and iface supplied.
# NB: WPA_CTRL_DIR cannot be used for interactive commands, it is
# set only in the environment that wpa_cli provides when processing
# action events.
#
wpa_cli () {
"$WPA_CLI_BIN" -p "$WPA_CTRL_DIR" -i "$WPA_IFACE" "$@"
return "$?"
}
#####################################################################
## verbose and stderr message wrapper
# Ensures a standard and easily identifiable message is printed by
# scripts using this function library.
#
# log Log a message to syslog when called non-interactively
# by wpa_action
#
# verbose To stdout when IF_WPA_VERBOSITY or VERBOSITY is true
#
# action Same as verbose but without newline
# Useful for allowing wpa_cli commands to echo result
# value of 'OK' or 'FAILED'
#
# stderr Echo warning or error messages to stderr
#
# NB: when called by wpa_action, there is no redirection (verbose)
#
wpa_msg () {
if [ "$1" = "log" ]; then
shift
case "$WPA_ACTION" in
"CONNECTED"|"DISCONNECTED")
[ -x /usr/bin/logger ] || return
if [ "$#" -gt 0 ]; then
logger -t "wpa_action" "$@"
else
logger -t "wpa_action"
fi
;;
*)
[ "$#" -gt 0 ] && echo "wpa_action: $@"
;;
esac
return
fi
case "$1" in
"verbose")
shift
echo "$WPA_SUP_PNAME: $@" >$TO_NULL
;;
"action")
shift
echo -n "$WPA_SUP_PNAME: $@ -- " >$TO_NULL
;;
"stderr")
shift
echo "$WPA_SUP_PNAME: $@" >/dev/stderr
;;
*)
;;
esac
}
#####################################################################
## validate daemon pid files
# Test daemon process ID files via start-stop-daemon with a signal 0
# given the exec binary and pidfile location.
#
# $1 daemon
# $2 pidfile
#
# Returns true when pidfile exists, the process ID exists _and_ was
# created by the exec binary.
#
# If the test fails, but the pidfile exists, it is stale
#
test_daemon_pidfile () {
local DAEMON
local PIDFILE
if [ -n "$1" ]; then
DAEMON="$1"
fi
if [ -f "$2" ]; then
PIDFILE="$2"
fi
if [ -n "$DAEMON" ] && [ -f "$PIDFILE" ]; then
if start-stop-daemon --stop --quiet --signal 0 \
--exec "$DAEMON" --pidfile "$PIDFILE"; then
return 0
else
rm -f "$PIDFILE"
return 1
fi
else
return 1
fi
}
# validate wpa_supplicant pidfile
test_wpa_supplicant () {
test_daemon_pidfile "$WPA_SUP_BIN" "$WPA_SUP_PIDFILE"
}
# validate wpa_cli pidfile
test_wpa_cli () {
test_daemon_pidfile "$WPA_CLI_BIN" "$WPA_CLI_PIDFILE"
}
#####################################################################
## daemonize wpa_supplicant
# Start wpa_supplicant via start-stop-dameon with all required
# options. Will start if environment variable WPA_SUP_CONF is present
#
# Default options:
# -B dameonize/background process
# -D driver backend ('wext' if none given)
# -P process ID file
# -C path to ctrl_interface socket directory
# -s log to syslog
#
# Conditional options:
# -c configuration file
# -W wait for wpa_cli to attach to ctrl_interface socket
# -b bridge interface name
# -f path to log file
#
init_wpa_supplicant () {
[ -n "$WPA_SUP_CONF" ] || return 0
local WPA_SUP_OPTIONS
WPA_SUP_OPTIONS="-s -B -P $WPA_SUP_PIDFILE -i $WPA_IFACE"
if [ -n "$WPA_ACTION_SCRIPT" ]; then
if [ -x "$WPA_ACTION_SCRIPT" ]; then
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -W"
wpa_msg verbose "wait for wpa_cli to attach"
else
wpa_msg stderr "action script \"$WPA_ACTION_SCRIPT\" not executable"
return 1
fi
fi
if [ -n "$IF_WPA_BRIDGE" ]; then
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -b $IF_WPA_BRIDGE"
wpa_msg verbose "wpa-bridge $IF_WPA_BRIDGE"
fi
if [ -n "$IF_WPA_DRIVER" ]; then
wpa_msg verbose "wpa-driver $IF_WPA_DRIVER"
case "$IF_WPA_DRIVER" in
hostap|ipw|madwifi|ndiswrapper)
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -D nl80211,wext"
wpa_msg stderr "\"$IF_WPA_DRIVER\" wpa-driver is unsupported"
wpa_msg stderr "using \"nl80211,wext\" wpa-driver instead ..."
;;
*)
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -D $IF_WPA_DRIVER"
;;
esac
else
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -D nl80211,wext"
wpa_msg verbose "wpa-driver nl80211,wext (default)"
fi
if [ -n "$IF_WPA_DEBUG_LEVEL" ]; then
case "$IF_WPA_DEBUG_LEVEL" in
3)
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -t -ddd"
;;
2)
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -t -dd"
;;
1)
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -t -d"
;;
0)
# wpa_supplicant default verbosity
;;
-1)
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -q"
;;
-2)
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -qq"
;;
esac
wpa_msg verbose "using debug level: $IF_WPA_DEBUG_LEVEL"
fi
if [ -n "$IF_WPA_LOGFILE" ]; then
# custom log file
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -f $IF_WPA_LOGFILE"
WPA_SUP_LOGFILE="$IF_WPA_LOGFILE"
wpa_msg verbose "logging to $IF_WPA_LOGFILE"
fi
wpa_msg verbose "$WPA_SUP_BIN $WPA_SUP_OPTIONS $WPA_SUP_CONF"
start-stop-daemon --start --oknodo $DAEMON_VERBOSITY \
--name $WPA_SUP_PNAME --startas $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE \
-- $WPA_SUP_OPTIONS $WPA_SUP_CONF
if [ "$?" -ne 0 ]; then
wpa_msg stderr "$WPA_SUP_BIN daemon failed to start"
return 1
fi
local WPA_PIDFILE_WAIT
local MAX_WPA_PIDFILE_WAIT
WPA_PIDFILE_WAIT="0"
MAX_WPA_PIDFILE_WAIT="5"
until [ -s "$WPA_SUP_PIDFILE" ]; do
if [ "$WPA_PIDFILE_WAIT" -ge "$MAX_WPA_PIDFILE_WAIT" ]; then
wpa_msg stderr "timed out waiting for creation of $WPA_SUP_PIDFILE"
return 1
else
wpa_msg verbose "waiting for \"$WPA_SUP_PIDFILE\": " \
"$WPA_PIDFILE_WAIT (max. $MAX_WPA_PIDFILE_WAIT)"
fi
WPA_PIDFILE_WAIT=$(($WPA_PIDFILE_WAIT + 1))
sleep 1
done
if [ -d "${WPA_SUP_OMIT_DIR}" ]; then
wpa_msg verbose "creating sendsigs omission pidfile: $WPA_SUP_OMIT_PIDFILE"
cat "$WPA_SUP_PIDFILE" > "$WPA_SUP_OMIT_PIDFILE"
fi
local WPA_SOCKET_WAIT
local MAX_WPA_SOCKET_WAIT
WPA_SOCKET_WAIT="0"
MAX_WPA_SOCKET_WAIT="5"
until [ -S "$WPA_CTRL_DIR/$WPA_IFACE" ]; do
if [ "$WPA_SOCKET_WAIT" -ge "$MAX_WPA_SOCKET_WAIT" ]; then
wpa_msg stderr "ctrl_interface socket not found at $WPA_CTRL_DIR/$WPA_IFACE"
return 1
else
wpa_msg verbose "waiting for \"$WPA_CTRL_DIR/$WPA_IFACE\": " \
"$WPA_SOCKET_WAIT (max. $MAX_WPA_SOCKET_WAIT)"
fi
WPA_SOCKET_WAIT=$(($WPA_SOCKET_WAIT + 1))
sleep 1
done
wpa_msg verbose "ctrl_interface socket located at $WPA_CTRL_DIR/$WPA_IFACE"
}
#####################################################################
## stop wpa_supplicant process
# Kill wpa_supplicant via start-stop-daemon, given the location of
# the pidfile or ctrl_interface socket path and interface name
#
kill_wpa_supplicant () {
test_wpa_supplicant || return 0
wpa_msg verbose "terminating $WPA_SUP_PNAME daemon via pidfile $WPA_SUP_PIDFILE"
start-stop-daemon --stop --oknodo $DAEMON_VERBOSITY \
--exec $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE
if [ -f "$WPA_SUP_PIDFILE" ]; then
rm -f "$WPA_SUP_PIDFILE"
fi
if [ -f "$WPA_SUP_OMIT_PIDFILE" ]; then
wpa_msg verbose "removing $WPA_SUP_OMIT_PIDFILE"
rm -f "$WPA_SUP_OMIT_PIDFILE"
fi
}
#####################################################################
## reload wpa_supplicant process
# Sending a HUP signal causes wpa_supplicant to reparse its
# configuration file
#
reload_wpa_supplicant () {
if test_wpa_supplicant; then
wpa_msg verbose "reloading wpa_supplicant configuration file via HUP signal"
start-stop-daemon --stop --signal HUP \
--name "$WPA_SUP_PNAME" --pidfile "$WPA_SUP_PIDFILE"
else
wpa_msg verbose "cannot $WPA_ACTION, $WPA_SUP_PIDFILE does not exist"
fi
}
#####################################################################
## daemonize wpa_cli and action script
# If environment variable WPA_ACTION_SCRIPT is present, wpa_cli will
# be spawned via start-stop-daemon
#
# Required options:
# -a action script => wpa_action
# -P process ID file
# -B background process
#
init_wpa_cli () {
[ -n "$WPA_ACTION_SCRIPT" ] || return 0
local WPA_CLI_OPTIONS
WPA_CLI_OPTIONS="-B -P $WPA_CLI_PIDFILE -i $WPA_IFACE"
wpa_msg verbose "$WPA_CLI_BIN $WPA_CLI_OPTIONS -p $WPA_CTRL_DIR -a $WPA_ACTION_SCRIPT"
start-stop-daemon --start --oknodo $DAEMON_VERBOSITY \
--name $WPA_CLI_PNAME --startas $WPA_CLI_BIN --pidfile $WPA_CLI_PIDFILE \
-- $WPA_CLI_OPTIONS -p $WPA_CTRL_DIR -a $WPA_ACTION_SCRIPT
if [ "$?" -ne 0 ]; then
wpa_msg stderr "$WPA_CLI_BIN daemon failed to start"
return 1
fi
}
#####################################################################
## stop wpa_cli process
# Kill wpa_cli via start-stop-daemon, given the location of the
# pidfile
#
kill_wpa_cli () {
test_wpa_cli || return 0
wpa_msg verbose "terminating $WPA_CLI_PNAME daemon via pidfile $WPA_CLI_PIDFILE"
start-stop-daemon --stop --oknodo $DAEMON_VERBOSITY \
--exec $WPA_CLI_BIN --pidfile $WPA_CLI_PIDFILE
if [ -f "$WPA_CLI_PIDFILE" ]; then
rm -f "$WPA_CLI_PIDFILE"
fi
if [ -f "$WPA_CLI_TIMESTAMP" ]; then
rm -f "$WPA_CLI_TIMESTAMP"
fi
if [ -L "$WPA_CLI_IFUPDOWN" ]; then
rm -f "$WPA_CLI_IFUPDOWN"
fi
}
#####################################################################
## higher level wpa_cli wrapper for variable and set_network commands
# wpa_cli_do <value> <type> <variable> [set_network variable] <desc>
#
# $1 envorinment variable
# $2 data type of variable {raw|ascii}
# $3 wpa_cli variable, if $3 is set_network, shift and take
# set_network subvariable
# $4 wpa-* string as it would appear in interfaces file, enhances
# verbose messages
#
wpa_cli_do () {
if [ -z "$1" ]; then
return 0
fi
local WPACLISET_VALUE
local WPACLISET_VARIABLE
local WPACLISET_DESC
case "$2" in
ascii)
# Double quote
WPACLISET_VALUE="\"$1\""
;;
raw|*)
# Provide raw value
WPACLISET_VALUE="$1"
;;
esac
case "$3" in
set_network)
if [ -z "$WPA_ID" ]; then
return 1
fi
shift
WPACLISET_VARIABLE="set_network $WPA_ID $3"
;;
*)
WPACLISET_VARIABLE="$3"
;;
esac
case "$4" in
*-psk|*-passphrase|*-passwd*|*-password*|*-wep-key*)
WPACLISET_DESC="$4 *****"
;;
*)
WPACLISET_DESC="$4 $WPACLISET_VALUE"
;;
esac
wpa_msg action "$WPACLISET_DESC"
wpa_cli $WPACLISET_VARIABLE "$WPACLISET_VALUE" >$TO_NULL
if [ "$?" -ne 0 ]; then
wpa_msg stderr "$WPACLISET_DESC failed!"
fi
}
#####################################################################
## check value data type in plaintext or hex
# returns 0 if input consists of hexadecimal digits only, 1 otherwise
#
ishex () {
if [ -z "$1" ]; then
return 0
fi
case "$1" in
*[!0-9a-fA-F]*)
# plaintext
return 1
;;
*)
# hexadecimal
return 0
;;
esac
}
#####################################################################
## sanity check and set psk|passphrase
# Warn about strange psk|passphrase values
#
# $1 psk or passphrase value
#
# If psk is surrounded by quotes strip them.
#
# If psk contains all hexadecimal characters and string length is 64:
# is 256bit hexadecimal
# else:
# is plaintext
#
# plaintext passphrases must be 8 - 63 characters in length
# 256-bit hexadecimal key must be 64 characters in length
#
wpa_key_check_and_set () {
if [ "$#" -ne 3 ]; then
return 0
fi
local KEY
local KEY_LEN
local KEY_TYPE
local ENC_TYPE
case "$1" in
'"'*'"')
# Strip surrounding quotation marks
KEY=$(echo -n "$1" | sed 's/^"//;s/"$//')
;;
*)
KEY="$1"
;;
esac
KEY_LEN="${#KEY}"
case "$2" in
wep_key*)
ENC_TYPE="WEP"
;;
psk)
ENC_TYPE="WPA"
;;
*)
return 0
;;
esac
if [ "$ENC_TYPE" = "WEP" ]; then
if ishex "$KEY"; then
case "$KEY_LEN" in
10|26|32|58)
# 64/128/152/256-bit WEP
KEY_TYPE="raw"
;;
*)
KEY_TYPE="ascii"
;;
esac
else
KEY_TYPE="ascii"
fi
if [ "$KEY_TYPE" = "ascii" ]; then
if [ "$KEY_LEN" -lt "5" ]; then
wpa_msg stderr "WARNING: plaintext or ascii WEP key has $KEY_LEN characters,"
wpa_msg stderr "it must have at least 5 to be valid."
fi
fi
elif [ "$ENC_TYPE" = "WPA" ]; then
if ishex "$KEY"; then
case "$KEY_LEN" in
64)
# 256-bit WPA
KEY_TYPE="raw"
;;
*)
KEY_TYPE="ascii"
;;
esac
else
KEY_TYPE="ascii"
fi
if [ "$KEY_TYPE" = "ascii" ]; then
if [ "$KEY_LEN" -lt "8" ] || [ "$KEY_LEN" -gt "63" ]; then
wpa_msg stderr "WARNING: plaintext or ascii WPA key has $KEY_LEN characters,"
wpa_msg stderr "it must have between 8 and 63 to be valid."
wpa_msg stderr "If the WPA key is a 256-bit hexadecimal key, it must have"
wpa_msg stderr "exactly 64 characters."
fi
fi
fi
wpa_cli_do "$KEY" "$KEY_TYPE" set_network "$2" "$3"
}
#####################################################################
## formulate a usable configuration from interfaces(5) wpa- lines
# A series of wpa_cli commands corresponding to environment variables
# created as a result of wpa- lines in an interfaces stanza.
#
# NB: no-act when roaming daemon is used (to avoid prematurely
# attaching to ctrl_interface socket)
#
conf_wpa_supplicant () {
if [ -n "$WPA_ACTION_SCRIPT" ]; then
return 0
fi
if [ "$IF_WPA_DRIVER" = "wired" ]; then
IF_WPA_AP_SCAN="0"
wpa_msg verbose "forcing ap_scan=0 (required for wired IEEE8021X auth)"
fi
if [ -n "$IF_WPA_ESSID" ]; then
# #403316, be similar to wireless tools
IF_WPA_SSID="$IF_WPA_ESSID"
fi
wpa_cli_do "$IF_WPA_AP_SCAN" raw \
ap_scan wpa-ap-scan
wpa_cli_do "$IF_WPA_PREAUTHENTICATE" raw \
preauthenticate wpa-preauthenticate
if [ -n "$IF_WPA_SSID" ] || [ "$IF_WPA_DRIVER" = "wired" ] || \
[ -n "$IF_WPA_KEY_MGMT" ]; then
case "$IF_WPA_SSID" in
'"'*'"')
IF_WPA_SSID=$(echo -n "$IF_WPA_SSID" | sed 's/^"//;s/"$//')
;;
*)
;;
esac
WPA_ID=$(wpa_cli add_network)
wpa_msg verbose "configuring network block -- $WPA_ID"
wpa_cli_do "$IF_WPA_SSID" ascii \
set_network ssid wpa-ssid
wpa_cli_do "$IF_WPA_PRIORITY" raw \
set_network priority wpa-priority
wpa_cli_do "$IF_WPA_BSSID" raw \
set_network bssid wpa-bssid
if [ -s "$IF_WPA_PSK_FILE" ]; then
IF_WPA_PSK=$(cat "$IF_WPA_PSK_FILE")
fi
# remain compat with wpa-passphrase-file
if [ -s "$IF_WPA_PASSPHRASE_FILE" ]; then
IF_WPA_PSK=$(cat "$IF_WPA_PASSPHRASE_FILE")
fi
# remain compat with wpa-passphrase
if [ -n "$IF_WPA_PASSPHRASE" ]; then
IF_WPA_PSK="$IF_WPA_PASSPHRASE"
fi
if [ -n "$IF_WPA_PSK" ]; then
wpa_key_check_and_set "$IF_WPA_PSK" \
psk wpa-psk
fi
wpa_cli_do "$IF_WPA_PAIRWISE" raw \
set_network pairwise wpa-pairwise
wpa_cli_do "$IF_WPA_GROUP" raw \
set_network group wpa-group
wpa_cli_do "$IF_WPA_MODE" raw \
set_network mode wpa-mode
wpa_cli_do "$IF_WPA_FREQUENCY" raw \
set_network frequency wpa-frequency
wpa_cli_do "$IF_WPA_SCAN_FREQ" raw \
set_network scan_freq wpa-scan-freq
wpa_cli_do "$IF_WPA_FREQ_LIST" raw \
set_network freq_list wpa-freq-list
wpa_cli_do "$IF_WPA_KEY_MGMT" raw \
set_network key_mgmt wpa-key-mgmt
wpa_cli_do "$IF_WPA_PROTO" raw \
set_network proto wpa-proto
wpa_cli_do "$IF_WPA_AUTH_ALG" raw \
set_network auth_alg wpa-auth-alg
wpa_cli_do "$IF_WPA_SCAN_SSID" raw \
set_network scan_ssid wpa-scan-ssid
wpa_cli_do "$IF_WPA_IDENTITY" ascii \
set_network identity wpa-identity
wpa_cli_do "$IF_WPA_ANONYMOUS_IDENTITY" ascii \
set_network anonymous_identity wpa-anonymous-identity
wpa_cli_do "$IF_WPA_EAP" raw \
set_network eap wpa-eap
wpa_cli_do "$IF_WPA_EAPPSK" raw \
set_network eappsk wpa-eappsk
wpa_cli_do "$IF_WPA_NAI" ascii \
set_network nai wpa-nai
wpa_cli_do "$IF_WPA_PASSWORD" ascii \
set_network password wpa-password
wpa_cli_do "$IF_WPA_CA_CERT" ascii \
set_network ca_cert wpa-ca-cert
wpa_cli_do "$IF_WPA_CA_PATH" ascii \
set_network ca_path wpa-ca-path
wpa_cli_do "$IF_WPA_CLIENT_CERT" ascii \
set_network client_cert wpa-client-cert
wpa_cli_do "$IF_WPA_PRIVATE_KEY" ascii \
set_network private_key wpa-private-key
wpa_cli_do "$IF_WPA_PRIVATE_KEY_PASSWD" ascii \
set_network private_key_passwd wpa-private-key-passwd
wpa_cli_do "$IF_WPA_DH_FILE" ascii \
set_network dh_file wpa-dh-file
wpa_cli_do "$IF_WPA_SUBJECT_MATCH" ascii \
set_network subject_match wpa-subject-match
wpa_cli_do "$IF_WPA_ALTSUBJECT_MATCH" ascii \
set_network altsubject_match wpa-altsubject-match
wpa_cli_do "$IF_WPA_CA_CERT2" ascii \
set_network ca_cert2 wpa-ca-cert2
wpa_cli_do "$IF_WPA_CA_PATH2" ascii \
set_network ca_path2 wpa-ca-path2
wpa_cli_do "$IF_WPA_CLIENT_CERT2" ascii \
set_network client_cert2 wpa-client-cert2
wpa_cli_do "$IF_WPA_PRIVATE_KEY2" ascii \
set_network private_key2 wpa-private-key2
wpa_cli_do "$IF_WPA_PRIVATE_KEY_PASSWD2" ascii \
set_network private_key_passwd2 wpa-private-key-passwd2
wpa_cli_do "$IF_WPA_DH_FILE2" ascii \
set_network dh_file2 wpa-dh-file2
wpa_cli_do "$IF_WPA_SUBJECT_MATCH2" ascii \
set_network subject_match2 wpa-subject-match2
wpa_cli_do "$IF_WPA_ALTSUBJECT_MATCH2" ascii \
set_network altsubject_match2 wpa-altsubject-match2
wpa_cli_do "$IF_WPA_EAP_METHODS" raw \
set_network eap_methods wpa-eap-methods
wpa_cli_do "$IF_WPA_PHASE1" ascii \
set_network phase1 wpa-phase1
wpa_cli_do "$IF_WPA_PHASE2" ascii \
set_network phase2 wpa-phase2
wpa_cli_do "$IF_WPA_PCSC" raw \
set_network pcsc wpa-pcsc
wpa_cli_do "$IF_WPA_PIN" ascii \
set_network pin wpa-pin
wpa_cli_do "$IF_WPA_ENGINE" raw \
set_network engine wpa-engine
wpa_cli_do "$IF_WPA_ENGINE_ID" ascii \
set_network engine_id wpa-engine-id
wpa_cli_do "$IF_WPA_KEY_ID" ascii \
set_network key_id wpa-key-id
wpa_cli_do "$IF_WPA_EAPOL_FLAGS" raw \
set_network eapol_flags wpa-eapol-flags
if [ -n "$IF_WPA_WEP_KEY0" ]; then
wpa_key_check_and_set "$IF_WPA_WEP_KEY0" \
wep_key0 wpa-wep-key0
fi
if [ -n "$IF_WPA_WEP_KEY1" ]; then
wpa_key_check_and_set "$IF_WPA_WEP_KEY1" \
wep_key1 wpa-wep-key1
fi
if [ -n "$IF_WPA_WEP_KEY2" ]; then
wpa_key_check_and_set "$IF_WPA_WEP_KEY2" \
wep_key2 wpa-wep-key2
fi
if [ -n "$IF_WPA_WEP_KEY3" ]; then
wpa_key_check_and_set "$IF_WPA_WEP_KEY3" \
wep_key3 wpa-wep-key3
fi
wpa_cli_do "$IF_WPA_WEP_TX_KEYIDX" raw \
set_network wep_tx_keyidx wpa-wep-tx-keyidx
wpa_cli_do "$IF_WPA_PROACTIVE_KEY_CACHING" raw \
set_network proactive_key_caching wpa-proactive-key-caching
wpa_cli_do "$IF_WPA_PAC_FILE" ascii \
set_network pac_file wpa-pac-file
wpa_cli_do "$IF_WPA_PEERKEY" raw \
set_network peerkey wpa-peerkey
wpa_cli_do "$IF_FRAGMENT_SIZE" raw \
set_network fragment_size wpa-fragment-size
wpa_cli_do "$IF_WPA_ID_STR" ascii \
set_network id_str wpa-id-str
wpa_cli_do "$WPA_ID" raw \
enable_network "enabling network block"
fi
}
#####################################################################
## Log wpa_cli environment variables
wpa_log_env () {
wpa_msg log "WPA_IFACE=$WPA_IFACE WPA_ACTION=$WPA_ACTION"
wpa_msg log "WPA_ID=$WPA_ID WPA_ID_STR=$WPA_ID_STR WPA_CTRL_DIR=$WPA_CTRL_DIR"
}
#####################################################################
## hysteresis checking
# Networking tools such as dhcp clients used with ifupdown can
# synthesize artificial ACTION events, particularly just after a
# DISCONNECTED/CONNECTED events are experienced in quick succession.
# This can lead to infinite event loops, and in extreme cases has the
# potential to cause system instability.
#
wpa_hysteresis_event () {
echo "$(date +%s)" > "$WPA_CLI_TIMESTAMP" 2>/dev/null
}
wpa_hysteresis_check () {
if [ -f "$WPA_CLI_TIMESTAMP" ]; then
local TIME
local TIMESTAMP
local TIMEWAIT
TIME=$(date +%s)
# current time minus 4 second event buffer
TIMEWAIT=$(($TIME-4))
# get time of last event
TIMESTAMP=$(cat $WPA_CLI_TIMESTAMP)
# compare values, allowing new action to be processed
# only if last action was more than 4 seconds ago
if [ "$TIMEWAIT" -le "$TIMESTAMP" ]; then
wpa_msg log "$WPA_ACTION event blocked by hysteresis check"
return 1
fi
fi
return 0
}
#####################################################################
## ifupdown locking functions
# A collection of rudimentary locking functions to lock ifup/ifdown
# actions.
#
ifupdown_lock () {
ln -s lock "$WPA_CLI_IFUPDOWN"
}
ifupdown_locked () {
[ -L "$WPA_CLI_IFUPDOWN" ] && return 0
return 1
}
ifupdown_unlock () {
rm -f "$WPA_CLI_IFUPDOWN"
}
#####################################################################
## apply mapping logic and ifup logical interface
# Apply mapping logic via id_str or external mapping script, check
# state of IFACE with respect to ifupdown and ifup logical interaface
#
ifup () {
local INTERFACES_FILE
local IFUP_RETVAL
local WPA_LOGICAL_IFACE
if [ -e /etc/network/interfaces ]; then
INTERFACES_FILE="/etc/network/interfaces"
else
wpa_msg log "/etc/network/interfaces does not exist, $WPA_IFACE will not be configured"
return 1
fi
if [ -z "$IF_WPA_MAPPING_SCRIPT_PRIORITY" ] && [ -n "$WPA_ID_STR" ]; then
WPA_LOGICAL_IFACE="$WPA_ID_STR"
fi
if [ -z "$WPA_LOGICAL_IFACE" ] && [ -n "$IF_WPA_MAPPING_SCRIPT" ]; then
local WPA_MAP_STDIN
WPA_MAP_STDIN=$(set | sed -n 's/^\(IF_WPA_MAP[0-9]*\)=.*/echo \$\1/p')
if [ -n "$WPA_MAP_STDIN" ]; then
WPA_LOGICAL_IFACE=$(eval "$WPA_MAP_STDIN" | "$IF_WPA_MAPPING_SCRIPT" "$WPA_IFACE")
else
WPA_LOGICAL_IFACE=$("$IF_WPA_MAPPING_SCRIPT" "$WPA_IFACE")
fi
if [ -n "$WPA_LOGICAL_IFACE" ]; then
wpa_msg log "mapping script result: $WPA_LOGICAL_IFACE"
else
wpa_msg log "mapping script failed."
fi
fi
if [ -z "$WPA_LOGICAL_IFACE" ]; then
if [ -n "$IF_WPA_ROAM_DEFAULT_IFACE" ]; then
WPA_LOGICAL_IFACE="$IF_WPA_ROAM_DEFAULT_IFACE"
else
WPA_LOGICAL_IFACE="default"
fi
fi
if [ -n "$WPA_LOGICAL_IFACE" ]; then
if ! /sbin/ifquery "${WPA_LOGICAL_IFACE}" > /dev/null 2>&1; then
wpa_msg log "network settings not defined for $WPA_LOGICAL_IFACE in $INTERFACES_FILE and included files."
WPA_LOGICAL_IFACE="default"
fi
wpa_msg log "ifup $WPA_IFACE=$WPA_LOGICAL_IFACE"
ifupdown_lock
if /sbin/ifquery "$WPA_IFACE" | grep -q '^wpa-roam: ' ; then
# Force settings over the unconfigured "master" IFACE
/sbin/ifup -v --force "$WPA_IFACE=$WPA_LOGICAL_IFACE"
else
/sbin/ifup -v "$WPA_IFACE=$WPA_LOGICAL_IFACE"
fi
IFUP_RETVAL="$?"
ifupdown_unlock
fi
if [ -d "${WPA_SUP_OMIT_DIR}" ]; then
wpa_msg log "creating sendsigs omission pidfile: $WPA_SUP_OMIT_PIDFILE"
cat "$WPA_SUP_PIDFILE" > "$WPA_SUP_OMIT_PIDFILE"
fi
return "$IFUP_RETVAL"
}
#####################################################################
## ifdown IFACE
# Check IFACE state and ifdown as requested.
#
ifdown () {
wpa_msg log "ifdown $WPA_IFACE"
ifupdown_lock
/sbin/ifdown -v "$WPA_IFACE"
ifupdown_unlock
wpa_msg log "removing sendsigs omission pidfile: $WPA_SUP_OMIT_PIDFILE"
rm -f "$WPA_SUP_OMIT_PIDFILE"
}
#####################################################################
## keep IFACE scanning
# After ifdown, the IFACE may be left "down", and inhibits
# wpa_supplicant's ability to continue roaming.
#
# NB: use iproute if present, flushing the IFACE first
#
if_post_down_up () {
if [ -x /bin/ip ]; then
ip addr flush dev "$WPA_IFACE" 2>/dev/null
ip link set "$WPA_IFACE" up
else
ifconfig "$WPA_IFACE" up
fi
}

146
debian/ifupdown/hostapd/ifupdown.sh vendored
View File

@ -1,146 +0,0 @@
#!/bin/sh
# Copyright (C) 2006-2009 Debian hostapd maintainers
# Faidon Liambotis <paravoid@debian.org>
# Kel Modderman <kel@otaku42.de>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# On Debian GNU/Linux systems, the text of the GPL license,
# version 2, can be found in /usr/share/common-licenses/GPL-2.
# quit if we're called for lo
if [ "$IFACE" = lo ]; then
exit 0
fi
if [ -n "$IF_HOSTAPD" ]; then
HOSTAPD_CONF="$IF_HOSTAPD"
else
exit 0
fi
HOSTAPD_BIN="/usr/sbin/hostapd"
HOSTAPD_PNAME="hostapd"
HOSTAPD_PIDFILE="/run/hostapd.$IFACE.pid"
HOSTAPD_OMIT_PIDFILE="/run/sendsigs.omit.d/hostapd.$IFACE.pid"
if [ ! -x "$HOSTAPD_BIN" ]; then
exit 0
fi
if [ "$VERBOSITY" = "1" ]; then
TO_NULL="/dev/stdout"
else
TO_NULL="/dev/null"
fi
hostapd_msg () {
case "$1" in
verbose)
shift
echo "$HOSTAPD_PNAME: $@" > "$TO_NULL"
;;
stderr)
shift
echo "$HOSTAPD_PNAME: $@" > /dev/stderr
;;
*)
;;
esac
}
test_hostapd_pidfile () {
if [ -n "$1" ] && [ -f "$2" ]; then
if start-stop-daemon --stop --quiet --signal 0 \
--exec "$1" --pidfile "$2"; then
return 0
else
rm -f "$2"
return 1
fi
else
return 1
fi
}
init_hostapd () {
HOSTAPD_OPTIONS="-B -P $HOSTAPD_PIDFILE $HOSTAPD_CONF"
HOSTAPD_MESSAGE="$HOSTAPD_BIN $HOSTAPD_OPTIONS"
test_hostapd_pidfile "$HOSTAPD_BIN" "$HOSTAPD_PIDFILE" && return 0
hostapd_msg verbose "$HOSTAPD_MESSAGE"
start-stop-daemon --start --oknodo --quiet --exec "$HOSTAPD_BIN" \
--pidfile "$HOSTAPD_PIDFILE" -- $HOSTAPD_OPTIONS > "$TO_NULL"
if [ "$?" -ne 0 ]; then
return "$?"
fi
HOSTAPD_PIDFILE_WAIT=0
until [ -s "$HOSTAPD_PIDFILE" ]; do
if [ "$HOSTAPD_PIDFILE_WAIT" -ge 5 ]; then
hostapd_msg stderr \
"timeout waiting for pid file creation"
return 1
fi
HOSTAPD_PIDFILE_WAIT=$(($HOSTAPD_PIDFILE_WAIT + 1))
sleep 1
done
cat "$HOSTAPD_PIDFILE" > "$HOSTAPD_OMIT_PIDFILE"
return 0
}
kill_hostapd () {
HOSTAPD_MESSAGE="stopping $HOSTAPD_PNAME via pidfile: $HOSTAPD_PIDFILE"
test_hostapd_pidfile "$HOSTAPD_BIN" "$HOSTAPD_PIDFILE" || return 0
hostapd_msg verbose "$HOSTAPD_MESSAGE"
start-stop-daemon --stop --oknodo --quiet --exec "$HOSTAPD_BIN" \
--pidfile "$HOSTAPD_PIDFILE" > "$TO_NULL"
[ "$HOSTAPD_OMIT_PIDFILE" ] && rm -f "$HOSTAPD_OMIT_PIDFILE"
}
case "$MODE" in
start)
case "$PHASE" in
pre-up)
init_hostapd || exit 1
;;
*)
hostapd_msg stderr "unknown phase: \"$PHASE\""
exit 1
;;
esac
;;
stop)
case "$PHASE" in
post-down)
kill_hostapd
;;
*)
hostapd_msg stderr "unknown phase: \"$PHASE\""
exit 1
;;
esac
;;
*)
hostapd_msg stderr "unknown mode: \"$MODE\""
exit 1
;;
esac
exit 0

81
debian/ifupdown/wpa_action vendored
View File

@ -1,81 +0,0 @@
#!/bin/sh
# Copyright (C) 2006 - 2009 Debian/Ubuntu wpasupplicant Maintainers
# <pkg-wpa-devel@lists.alioth.debian.org>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# On Debian GNU/Linux systems, the text of the GPL license,
# version 2, can be found in /usr/share/common-licenses/GPL-2.
if [ -n "$IF_WPA_ROAM_MAINT_DEBUG" ]; then
set -x
fi
if [ -z "$1" ] || [ -z "$2" ]; then
echo "Usage: $0 IFACE ACTION"
exit 1
fi
# network interface
WPA_IFACE="$1"
# [CONNECTED|DISCONNECTED|stop|reload|check]
WPA_ACTION="$2"
if [ -f /etc/wpa_supplicant/functions.sh ]; then
. /etc/wpa_supplicant/functions.sh
else
exit 0
fi
case "$WPA_ACTION" in
"CONNECTED")
wpa_log_env
wpa_hysteresis_check || exit 1
wpa_hysteresis_event
if ifup; then
wpa_cli status | wpa_msg log
else
wpa_cli status | wpa_msg log
wpa_cli reassociate
fi
;;
"DISCONNECTED")
wpa_log_env
wpa_hysteresis_check || exit 1
ifdown
if_post_down_up
;;
"stop"|"down")
test_wpa_cli && kill_wpa_cli
ifdown
test_wpa_supplicant && kill_wpa_supplicant
;;
"restart"|"reload")
test_wpa_supplicant || exit 1
reload_wpa_supplicant
;;
"check")
test_wpa_supplicant || exit 1
test_wpa_cli || exit 1
;;
*)
echo "Unknown action: \"$WPA_ACTION\""
exit 1
;;
esac
exit 0

148
debian/ifupdown/wpa_action.8 vendored
View File

@ -1,148 +0,0 @@
.TH WPA_ACTION "8" "26 May 2006" "" ""
.SH NAME
wpa_action \- wpa_cli action script
.SH SYNOPSIS
\fBwpa_action\fR \fIIFACE ACTION\fR
.SH "DESCRIPTION"
\fBwpa_action\fR is a shell script designed to control the \fBifupdown\fR
framework according to \fIACTION\fR events received from \fBwpa_supplicant\fR.
\fBwpa_cli\fR receives \fICONNECTED\fR and \fIDISCONNECTED\fR events from
\fBwpa_supplicant\fR via the crtl_iface socket and gives the \fIACTION\fR event
to the \fBwpa_action\fR script as an argument, along with the \fIIFACE\fR to be
acted upon.
.PP
\fBwpa_action\fR also receives an environment variable from \fBwpa_cli\fR,
\fIWPA_ID_STR\fR, containing an alphanumeric identification string for the
\fICURRENT\fR network block. \fIWPA_ID_STR\fR is provided by the 'id_str'
network block option of \fBwpa_supplicant.conf\fR, and provides a means to map
the \fIACTION\fR to a \fILOGICAL\fR interface configured in the \fBinterfaces\fR
file.
.PP
If either the ifupdown \fBinterfaces\fR or \fIifstate\fR file cannot be found,
\fBwpa_action\fR will exit silently (status 0). \fBwpa_action\fR will search
the following locations for their existence:
.nf
/etc/network/run/ifstate
/run/network/ifstate
/etc/network/interfaces
.fi
.PP
.SH IFACE
Network interface to be acted upon, for example 'eth1' or 'wlan0'.
.SH ACTION
An \fIACTION\fR to be performed on the \fIIFACE\fR.
.TP
\fBCONNECTED\fR
\fBwpa_supplicant\fR has completed authentication.
\fBifup\fR \fIIFACE=WPA_ID_STR\fR is invoked and the action is logged to
syslog. Network settings for the \fILOGICAL\fR interface \fIWPA_ID_STR\fR
are applied.
.TP
\fBDISCONNECTED\fR
\fBwpa_supplicant\fR has detected disconnection.
\fBifdown\fR \fIIFACE=WPA_ID_STR\fR is invoked and the action is logged to
syslog. Network settings for the \fILOGICAL\fR interface \fIWPA_ID_STR\fR
are undone.
.TP
\fBstop\fR
The 'stop' \fIACTION\fR is a called manually by the user, to stop the
\fBwpa_cli\fR daemon, invoke \fBifdown\fR \fIIFACE\fR (if the \fIIFACE\fR is
present in the \fIifstate\fR file) and stop the \fBwpa_supplicant\fR daemon.
.TP
\fBreload\fR
The 'reload' \fIACTION\fR can be used to reload the \fBwpa_supplicant\fR
configuration file specified by \fIwpa-roam\fR . 'restart' is a synonym
for 'reload' and can be used equally. The action is logged to
\fI/var/log/wpa_action.log\fR.
.SH ENVIRONMENT
An alphanumeric identification string provided by the 'id_str' network block
option of \fBwpa_supplicant.conf\fR is exported to \fBwpa_action\fR as an
environment variable, \fIWPA_ID_STR\fR. When 'id_str' is not configured for the
\fICURRENT\fR network block, 'default' is substituted for the absent
\fIWPA_ID_STR\fR environment variable.
.PP
A unique network identifier, \fIWPA_ID\fR, is exported to \fBwpa_action\fR. It
is the number assigned to the \fICURRENT\fR \fBwpa_supplicant\fR network block
(network_id).
.SH USAGE
The only reasons for \fBwpa_action\fR to be explicitly executed by the user is
to stop \fBwpa_cli\fR from controlling \fBifupdown\fR or reload the
\fIwpa_supplicant.conf\fR file after editing.
.PP
.RS
\fBwpa_action\fR \fIeth1 stop\fR
.RE
.PP
Otherwise, \fBwpa_action\fR is given as an argument to a \fBwpa_cli\fR
daemon.
.PP
.RS
\fBwpa_cli\fR \fI-i eth1 -a /sbin/wpa_action -B\fR
.RE
.PP
This can be done by using the \fIwpa-roam\fR option in the \fBinterfaces\fR
file. \fIwpa-roam\fR takes one argument, a user provided
\fBwpa_supplicant.conf\fR file.
.PP
The inet \fIMETHOD\fR must be 'manual' for this interface, as it will
be configured according to \fBwpa_cli\fR action events. Also supply a 'default'
\fBinterfaces\fR stanza using the dhcp inet \fIMETHOD\fR so that networks
without an 'id_str' option can fallback to attempting to receive an ip via
dhcp. If one or more networks requires additional network configuration,
provide an unique 'id_str' for each network, and an \fBinterfaces\fR stanza
using the 'id_str' value as a \fILOGICAL\fR interface. The following interfaces
file is configured to use dhcp for any network without an 'id_str', a static ip
for the network with an 'id_str' of 'home_static' and dhcp plus an additional
post-up command for the network with an 'id_str' of 'uni'.
.PP
An example wpa_supplicant.conf configured to roam between 3 different networks:
.PP
.RS
.nf
network={
ssid="foo"
id_str="uni"
key_mgmt=NONE
}
network={
ssid="bar"
id_str="home_static"
psk=123456789...
}
network={
ssid=""
key_mgmt=NONE
}
.fi
.RE
.PP
The corresponding \fBinterfaces\fR file would contain \fILOGICAL\fR interfaces,
that correlate to each unique 'id_str' provided by the configuration file:
.PP
.RS
.nf
iface eth1 inet manual
wpa-driver wext
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp
iface uni inet dhcp
iface home_static inet static
address 192.168.0.20
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
.fi
.RE
.PP
.SH SEE ALSO
\fBwpa_cli(8)\fR, \fBwpa_supplicant(8)\fR, \fBwpa_supplicant.conf(5)\fR,
\fBifup(8)\fR, \fBinterfaces(5)\fR
.SH AUTHOR
This manual page was written by Kel Modderman <kel@otaku42.de> for
the Debian GNU system (but may be used by others).

172
debian/ifupdown/wpasupplicant/ifupdown.sh vendored
View File

@ -1,172 +0,0 @@
#!/bin/sh
#####################################################################
## Purpose
# This file is executed by ifupdown in pre-up, post-up, pre-down and
# post-down phases of network interface configuration. It allows
# ifup(8), and ifdown(8) to manage wpa_supplicant(8) and wpa_cli(8)
# processes running in daemon mode.
#
# /etc/wpa_supplicant/functions.sh is sourced by this file.
#
# This file is provided by the wpasupplicant package.
#####################################################################
# Copyright (C) 2006 - 2009 Debian/Ubuntu wpasupplicant Maintainers
# <pkg-wpa-devel@lists.alioth.debian.org>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# On Debian GNU/Linux systems, the text of the GPL license,
# version 2, can be found in /usr/share/common-licenses/GPL-2.
if [ -n "$IF_WPA_MAINT_DEBUG" ]; then
set -x
fi
# quit if we're called for the loopback
if [ "$IFACE" = lo ]; then
exit 0
fi
# allow wpa_supplicant interface to be specified via wpa-iface
# useful for starting wpa_supplicant on one interface of a bridge
if [ -n "$IF_WPA_IFACE" ]; then
WPA_IFACE="$IF_WPA_IFACE"
else
WPA_IFACE="$IFACE"
fi
# source functions
if [ -f /etc/wpa_supplicant/functions.sh ]; then
. /etc/wpa_supplicant/functions.sh
else
exit 0
fi
# quit if executables are not installed
if [ ! -x "$WPA_SUP_BIN" ] || [ ! -x "$WPA_CLI_BIN" ]; then
exit 0
fi
do_start () {
if test_wpa_cli; then
# if wpa_action is active for this IFACE, do nothing
ifupdown_locked && exit 0
# if the administrator is calling ifup, say something useful
if [ "$PHASE" = "pre-up" ]; then
wpa_msg stderr "wpa_action is managing ifup/ifdown state of $WPA_IFACE"
wpa_msg stderr "execute \`ifdown --force $WPA_IFACE' to stop wpa_action"
fi
exit 1
elif ! set | grep -q "^IF_WPA"; then
# no wpa- option defined for IFACE, do nothing
exit 0
fi
# ensure stale ifupdown_lock marker is purged
ifupdown_unlock
# preliminary sanity checks for roaming daemon
if [ -n "$IF_WPA_ROAM" ]; then
if [ "$METHOD" != "manual" ]; then
wpa_msg stderr "wpa-roam can only be used with the \"manual\" inet METHOD"
exit 1
fi
if [ -n "$IF_WPA_MAPPING_SCRIPT" ]; then
if ! type "$IF_WPA_MAPPING_SCRIPT" >/dev/null; then
wpa_msg stderr "wpa-mapping-script \"$IF_WPA_MAPPING_SCRIPT\" is not valid"
exit 1
fi
fi
if [ -n "$IF_WPA_MAPPING_SCRIPT_PRIORITY" ] && [ -z "$IF_WPA_MAPPING_SCRIPT" ]; then
wpa_msg stderr "\"wpa-mapping-script-priority 1\" is invalid without a wpa-mapping-script"
exit 1
fi
IF_WPA_CONF="$IF_WPA_ROAM"
WPA_ACTION_SCRIPT="/sbin/wpa_action"
fi
# master function; determines if ifupdown.sh should do something or not
if [ -n "$IF_WPA_CONF" ] && [ "$IF_WPA_CONF" != "managed" ]; then
if [ ! -s "$IF_WPA_CONF" ]; then
wpa_msg stderr "cannot read contents of $IF_WPA_CONF"
exit 1
fi
WPA_SUP_CONF_CTRL_DIR=$(sed -n -e 's/[[:space:]]*#.*//g' -e 's/[[:space:]]\+.*$//g' \
-e 's/^ctrl_interface=\(DIR=\)\?\(.*\)/\2/p' "$IF_WPA_CONF")
if [ -n "$WPA_SUP_CONF_CTRL_DIR" ]; then
WPA_CTRL_DIR="$WPA_SUP_CONF_CTRL_DIR"
WPA_SUP_CONF="-c $IF_WPA_CONF"
else
# specify the default ctrl_interface since none was defined in
# the given IF_WPA_CONF
WPA_SUP_CONF="-c $IF_WPA_CONF -C $WPA_CTRL_DIR"
fi
else
# specify the default ctrl_interface
WPA_SUP_CONF="-C $WPA_CTRL_DIR"
fi
}
do_stop () {
if test_wpa_cli; then
# if wpa_action is active for this IFACE and calling ifdown,
# do nothing
ifupdown_locked && exit 0
elif test_wpa_supplicant; then
# wpa_supplicant process exists for this IFACE, but wpa_cli
# process does not. Allow stop mode to kill this process.
:
else
exit 0
fi
}
case "$MODE" in
start)
do_start
case "$PHASE" in
pre-up)
kill_wpa_supplicant
init_wpa_supplicant || exit 1
conf_wpa_supplicant || { kill_wpa_supplicant; exit 1; }
;;
post-up)
init_wpa_cli || { kill_wpa_supplicant; exit 1; }
;;
esac
;;
stop)
do_stop
case "$PHASE" in
pre-down)
kill_wpa_cli
;;
post-down)
kill_wpa_supplicant
;;
*)
wpa_msg stderr "unknown phase: \"$PHASE\""
exit 1
;;
esac
;;
*)
wpa_msg stderr "unknown mode: \"$MODE\""
exit 1
;;
esac
exit 0

444
debian/patches/0013-add-wifi6-6-and-get-5g-freq.patch vendored Normal file
View File

@ -0,0 +1,444 @@
From: wudan <wudan@kylinos.cn>
Date: Wed, 23 Nov 2022 10:38:35 +0800
Subject: add-wifi6/6+ and get-5g-freq
---
wpa_supplicant/bss.c | 190 +++++++++++++++++++++++++++++++-
wpa_supplicant/bss.h | 17 +++
wpa_supplicant/dbus/dbus_new.c | 12 ++
wpa_supplicant/dbus/dbus_new_handlers.c | 101 +++++++++++++++++
wpa_supplicant/dbus/dbus_new_handlers.h | 3 +
5 files changed, 320 insertions(+), 3 deletions(-)
diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
index 441529c..be9250a 100644
--- a/wpa_supplicant/bss.c
+++ b/wpa_supplicant/bss.c
@@ -309,7 +309,162 @@ static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src,
calculate_update_time(fetch_time, src->age, &dst->last_update);
}
+static u8 wpa_bss_get_160m_support_capability(struct wpa_bss *bss)
+{
+ const u8 *ie;
+ unsigned int channelWidth = 0;
+ unsigned int channelCenterSegment0 = 0;
+ unsigned int channelCenterSegment1 = 0;
+
+ /*find the VHT operation information */
+ ie = wpa_bss_get_ie(bss, WLAN_EID_VHT_OPERATION);
+ if (ie == NULL || (ie[1] <= WIFI6WIFI6PLUS_VHT_CHANNEL_CENTER_SEGMENT1_INDEX)) {
+ wpa_printf(MSG_DEBUG, "wifi6wifi6+: NOT found VHT tag for SSID %s "MACSTR,
+ wpa_ssid_txt(bss->ssid, bss->ssid_len), MAC2STR(bss->bssid));
+ return WIFI6WIFI6PLUS_NOT_SUPPORTED;
+ }
+
+ /*if the channel width equals 160MHZ, this AP has wifi6+ capability.*/
+ channelWidth = ie[WIFI6WIFI6PLUS_HT_PRIMARY_CHANNEL_INDEX + 2];
+ if (channelWidth == CHANWIDTH_160MHZ) {
+ wpa_printf(MSG_DEBUG, "wifi6wifi6+: 160MHZ supported(160MHZ) for SSID %s "MACSTR,
+ wpa_ssid_txt(bss->ssid, bss->ssid_len), MAC2STR(bss->bssid));
+ return WIFI6WIFI6PLUS_SUPPORTED;
+ }
+
+ /*if Not, */
+ channelCenterSegment0 = ie[WIFI6WIFI6PLUS_VHT_CHANNEL_CENTER_SEGMENT0_INDEX + 2];
+ channelCenterSegment1 = ie[WIFI6WIFI6PLUS_VHT_CHANNEL_CENTER_SEGMENT1_INDEX + 2];
+ wpa_printf(MSG_DEBUG, "wifi6wifi6+: SSID %s channelCenterSegment0:%d channelCenterSegment1:%d "MACSTR,
+ wpa_ssid_txt(bss->ssid, bss->ssid_len), channelCenterSegment0, channelCenterSegment1, MAC2STR(bss->bssid));
+ if ((channelWidth == CHANWIDTH_80MHZ ) && channelCenterSegment0 && channelCenterSegment1
+ && abs(channelCenterSegment1 - channelCenterSegment0) == 8) {
+ wpa_printf(MSG_DEBUG, "wifi6wifi6+: 160MHZ supported for SSID %s "MACSTR,
+ wpa_ssid_txt(bss->ssid, bss->ssid_len), MAC2STR(bss->bssid));
+ return WIFI6WIFI6PLUS_SUPPORTED;
+ }
+
+ wpa_printf(MSG_DEBUG, "wifi6wifi6+: 160MHZ NOT supported for SSID %s "MACSTR,
+ wpa_ssid_txt(bss->ssid, bss->ssid_len), MAC2STR(bss->bssid));
+ return WIFI6WIFI6PLUS_NOT_SUPPORTED;
+}
+static u8 wpa_bss_get_narrowband_capability(struct wpa_bss *bss)
+{
+ const u8 *ie;
+ u8 index;
+ u8 bcc_id_header[9] = {0, 0xE0, 0xFC, 0x40, 0, 0, 0, 0x01, 0};
+ unsigned int len = 0;
+
+ /*To fetch vendor specific IE*/
+ ie = wpa_bss_get_vendor_ie_content(bss, HW_IE_VENDOR_TYPE);
+ if (ie == NULL || (ie[1] <= sizeof(bcc_id_header))) {
+ wpa_printf(MSG_DEBUG, "wifi6wifi6+: vendor specific IE error1 for SSID %s "MACSTR,
+ wpa_ssid_txt(bss->ssid, bss->ssid_len), MAC2STR(bss->bssid));
+ return WIFI6WIFI6PLUS_NOT_SUPPORTED;
+ }
+
+ /*To match the BCC ID head.*/
+ for (index = 0; index < sizeof(bcc_id_header); index++) {
+ wpa_printf(MSG_DEBUG, "wifi6wifi6+: SSID %s ie[%d]:%d bcc_id_header:%d "MACSTR,
+ wpa_ssid_txt(bss->ssid, bss->ssid_len), index+2,ie[index+2],bcc_id_header[index], MAC2STR(bss->bssid));
+ if ( ie[index + 2] != bcc_id_header[index]) {
+ wpa_printf(MSG_DEBUG, "wifi6wifi6+: bcc_id_header not match error SSID %s "MACSTR,
+ wpa_ssid_txt(bss->ssid, bss->ssid_len), MAC2STR(bss->bssid));
+ return WIFI6WIFI6PLUS_NOT_SUPPORTED;
+ }
+ }
+
+ /*To find the narrowband sub ie entry, if successful, then to find the narrowband capability field and check its value.*/
+ index = WIFI6WIFI6PLUS_TYPE_NARROWBAND_SUBIE_INDEX;
+ while (ie[1] > ie[index + 1] ) {
+ wpa_printf(MSG_DEBUG, "wifi6wifi6+: to match NB SUBIE for SSID %s ie[%d]:%d "MACSTR,
+ wpa_ssid_txt(bss->ssid, bss->ssid_len), index, ie[index], MAC2STR(bss->bssid));
+ if (ie[index] == WIFI6WIFI6PLUS_TYPE_NARROWBAND_SUBIE) {
+ wpa_printf(MSG_DEBUG, "wifi6wifi6+: NB SUBIE FOUND SSID %s "MACSTR,
+ wpa_ssid_txt(bss->ssid, bss->ssid_len), MAC2STR(bss->bssid));
+ len = ie[index + 1];
+ index += len - WIFI6WIFI6PLUS_NARROWBAND_OFFSET;
+ if (index >= ie[1] ) {
+ wpa_printf(MSG_DEBUG, "wifi6wifi6+: Index ERROR SSID %s "MACSTR,
+ wpa_ssid_txt(bss->ssid, bss->ssid_len), MAC2STR(bss->bssid));
+ return WIFI6WIFI6PLUS_NOT_SUPPORTED;
+ }
+
+ if (WIFI6WIFI6PLUS_NARROWBAND_CAPABILITY == (ie[index] & WIFI6WIFI6PLUS_NARROWBAND_CAPABILITY)) {
+ wpa_printf(MSG_DEBUG, "wifi6wifi6+: narrowband supported for SSID %s "MACSTR,
+ wpa_ssid_txt(bss->ssid, bss->ssid_len), MAC2STR(bss->bssid));
+ return WIFI6WIFI6PLUS_SUPPORTED;
+ }
+ }
+ len = ie[index + 1];
+ index += len + 2;
+ }
+
+ wpa_printf(MSG_DEBUG, "wifi6wifi6+: NB SUBIE NOT FOUND SSID %s ie[%d]:%d "MACSTR,
+ wpa_ssid_txt(bss->ssid, bss->ssid_len), index, ie[index], MAC2STR(bss->bssid));
+ return WIFI6WIFI6PLUS_NOT_SUPPORTED;
+}
+static u8 wpa_bss_get_wifi6_capability(struct wpa_bss *bss)
+{
+ const u8 *ie;
+
+ /*Whether this ap has wifi6 capability or not*/
+ ie = get_ie_ext((u8 *) (bss + 1), bss->ie_len, WLAN_EID_EXT_HE_CAPABILITIES);
+ if (ie) {
+ return WIFI6WIFI6PLUS_SUPPORTED;
+ }
+ return WIFI6WIFI6PLUS_NOT_SUPPORTED;
+}
+static void wpa_bss_get_wifi_category(struct wpa_bss *bss)
+{
+ u8 isWifi6Supported = 0;
+ u8 is160mBandSupported = 0;
+ u8 isNarrowbandSupported = 0;
+
+ wpa_printf(MSG_DEBUG, "\r\n--------wifi6wifi6+ detect starting for SSID %s--------"MACSTR,
+ wpa_ssid_txt(bss->ssid, bss->ssid_len), MAC2STR(bss->bssid));
+ /*Whether this ap has wifi6 capability or not*/
+ isWifi6Supported = wpa_bss_get_wifi6_capability(bss);
+ if (!isWifi6Supported){
+ wpa_printf(MSG_DEBUG, "wifi6wifi6+: Wifi6 Not Supported %d SSID %s "MACSTR,
+ isWifi6Supported, wpa_ssid_txt(bss->ssid, bss->ssid_len), MAC2STR(bss->bssid));
+ bss->category = WIFI6WIFI6PLUS_WIFI_CAPABILITY_DEFAULT;
+ wpa_printf(MSG_DEBUG, "--------wifi6wifi6+ detect finished for SSID %s--------"MACSTR,
+ wpa_ssid_txt(bss->ssid, bss->ssid_len), MAC2STR(bss->bssid));
+ return;
+ }
+
+ /*Whether this ap has wifi6 configure capability or not*/
+ is160mBandSupported = wpa_bss_get_160m_support_capability(bss);
+
+ if (is160mBandSupported){
+ wpa_printf(MSG_DEBUG, "wifi6wifi6+: Wifi6 + Supported %d SSID %s "MACSTR,
+ is160mBandSupported, wpa_ssid_txt(bss->ssid, bss->ssid_len), MAC2STR(bss->bssid));
+ bss->category = WIFI6WIFI6PLUS_WIFI_CATEGORY_WIFI6_PLUS;
+ wpa_printf(MSG_DEBUG, "--------wifi6wifi6+ detect finished for SSID %s--------"MACSTR,
+ wpa_ssid_txt(bss->ssid, bss->ssid_len), MAC2STR(bss->bssid));
+ return;
+ }
+
+ /*Whether this ap has narrowband capability or not*/
+ isNarrowbandSupported = wpa_bss_get_narrowband_capability(bss);
+
+ /*at last updating category result to bss entry according to the above results.*/
+ if (isNarrowbandSupported) {
+ wpa_printf(MSG_DEBUG, "wifi6wifi6+: Wifi6 + Supported %d SSID %s "MACSTR,
+ isNarrowbandSupported, wpa_ssid_txt(bss->ssid, bss->ssid_len), MAC2STR(bss->bssid));
+ bss->category = WIFI6WIFI6PLUS_WIFI_CATEGORY_WIFI6_PLUS;
+ }
+ else {
+ wpa_printf(MSG_DEBUG, "wifi6wifi6+: Wifi6 Supported %d SSID %s "MACSTR,
+ isWifi6Supported, wpa_ssid_txt(bss->ssid, bss->ssid_len), MAC2STR(bss->bssid));
+ bss->category = WIFI6WIFI6PLUS_WIFI_CATEGORY_WIFI6;
+ }
+ wpa_printf(MSG_DEBUG, "--------wifi6wifi6+ detect finished for SSID %s-------- "MACSTR,
+ wpa_ssid_txt(bss->ssid, bss->ssid_len), MAC2STR(bss->bssid));
+ return;
+}
static int wpa_bss_is_wps_candidate(struct wpa_supplicant *wpa_s,
struct wpa_bss *bss)
{
@@ -445,7 +600,8 @@ static struct wpa_bss * wpa_bss_add(struct wpa_supplicant *wpa_s,
bss->beacon_ie_len = res->beacon_ie_len;
os_memcpy(bss + 1, res + 1, res->ie_len + res->beacon_ie_len);
wpa_bss_set_hessid(bss);
-
+ /*get the highest category of this ap and update into bss added by zwx955772 on 20210320*/
+ wpa_bss_get_wifi_category(bss);
if (wpa_s->num_bss + 1 > wpa_s->conf->bss_max_count &&
wpa_bss_remove_oldest(wpa_s) != 0) {
wpa_printf(MSG_ERROR, "Increasing the MAX BSS count to %d "
@@ -463,9 +619,9 @@ static struct wpa_bss * wpa_bss_add(struct wpa_supplicant *wpa_s,
else
extra[0] = '\0';
wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Add new id %u BSSID " MACSTR
- " SSID '%s' freq %d%s",
+ " SSID '%s' freq %d category %d %s",
bss->id, MAC2STR(bss->bssid), wpa_ssid_txt(ssid, ssid_len),
- bss->freq, extra);
+ bss->freq, bss->category, extra);
wpas_notify_bss_added(wpa_s, bss->bssid, bss->id);
return bss;
}
@@ -1142,6 +1298,34 @@ const u8 * wpa_bss_get_vendor_ie(const struct wpa_bss *bss, u32 vendor_type)
return NULL;
}
+/**
+ * wpa_bss_get_vendor_ie_content - Fetch a vendor information element from a BSS entry (for wifi6/6+)
+ * @bss: BSS table entry
+ * @vendor_type: Vendor type (four octets starting the IE payload)
+ * Returns: Pointer to the information element (id field) or %NULL if not found
+ *
+ * This function returns the first matching information element in the BSS
+ * entry.
+ */
+const u8 * wpa_bss_get_vendor_ie_content(const struct wpa_bss *bss, u32 vendor_type)
+{
+ const u8 *end, *pos;
+
+ pos = (const u8 *) (bss + 1);
+ end = pos + bss->ie_len;
+
+ while (end - pos > 1) {
+ if (2 + pos[1] > end - pos)
+ break;
+ if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && pos[9] == 0x01 &&
+ vendor_type == WPA_GET_BE32(&pos[2]))
+ return pos;
+ pos += 2 + pos[1];
+ }
+
+ return NULL;
+}
+
/**
* wpa_bss_get_vendor_ie_beacon - Fetch a vendor information from a BSS entry
diff --git a/wpa_supplicant/bss.h b/wpa_supplicant/bss.h
index 3ce8cd3..5454ad5 100644
--- a/wpa_supplicant/bss.h
+++ b/wpa_supplicant/bss.h
@@ -19,6 +19,20 @@ struct wpa_scan_res;
#define WPA_BSS_ASSOCIATED BIT(5)
#define WPA_BSS_ANQP_FETCH_TRIED BIT(6)
+#define WIFI6WIFI6PLUS_NARROWBAND_CAPABILITY 0x20
+#define WIFI6WIFI6PLUS_HT_PRIMARY_CHANNEL_INDEX 0
+#define WIFI6WIFI6PLUS_VHT_CHANNEL_CENTER_SEGMENT0_INDEX 1
+#define WIFI6WIFI6PLUS_VHT_CHANNEL_CENTER_SEGMENT1_INDEX 2
+#define WIFI6WIFI6PLUS_WIFI_CAPABILITY_DEFAULT 0
+#define WIFI6WIFI6PLUS_WIFI_CATEGORY_WIFI6 1
+#define WIFI6WIFI6PLUS_WIFI_CATEGORY_WIFI6_PLUS 2
+#define WIFI6WIFI6PLUS_SUPPORTED 1
+#define WIFI6WIFI6PLUS_NOT_SUPPORTED 0
+#define WIFI6WIFI6PLUS_NARROWBAND_OFFSET 1
+#define WIFI6WIFI6PLUS_TYPE_NARROWBAND_SUBIE 0xFD
+#define WIFI6WIFI6PLUS_TYPE_NARROWBAND_SUBIE_INDEX 0x0B
+#define HW_IE_VENDOR_TYPE 0x00E0FC40
+
struct wpa_bss_anqp_elem {
struct dl_list list;
u16 infoid;
@@ -102,6 +116,8 @@ struct wpa_bss {
unsigned int est_throughput;
/** Signal-to-noise ratio in dB */
int snr;
+ /*indicating wifi category(0 means common ap, 1 means wifi6, 2 means wifi6+ )*/
+ int category;
/** ANQP data */
struct wpa_bss_anqp *anqp;
/** Length of the following IE field in octets (from Probe Response) */
@@ -137,6 +153,7 @@ struct wpa_bss * wpa_bss_get_id_range(struct wpa_supplicant *wpa_s,
unsigned int idf, unsigned int idl);
const u8 * wpa_bss_get_ie(const struct wpa_bss *bss, u8 ie);
const u8 * wpa_bss_get_vendor_ie(const struct wpa_bss *bss, u32 vendor_type);
+const u8 * wpa_bss_get_vendor_ie_content(const struct wpa_bss *bss, u32 vendor_type);
const u8 * wpa_bss_get_vendor_ie_beacon(const struct wpa_bss *bss,
u32 vendor_type);
struct wpabuf * wpa_bss_get_vendor_ie_multi(const struct wpa_bss *bss,
diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c
index fc2fc2e..285cbb5 100644
--- a/wpa_supplicant/dbus/dbus_new.c
+++ b/wpa_supplicant/dbus/dbus_new.c
@@ -2820,6 +2820,11 @@ static const struct wpa_dbus_property_desc wpas_dbus_bss_properties[] = {
NULL,
NULL
},
+ { "Category", WPAS_DBUS_NEW_IFACE_BSS, "q",
+ wpas_dbus_getter_bss_category,
+ NULL,
+ NULL
+ },
{ "Frequency", WPAS_DBUS_NEW_IFACE_BSS, "q",
wpas_dbus_getter_bss_frequency,
NULL,
@@ -3490,6 +3495,13 @@ static const struct wpa_dbus_method_desc wpas_dbus_interface_methods[] = {
END_ARGS
}
},
+ { "GetChannelFreq", WPAS_DBUS_NEW_IFACE_INTERFACE,
+ (WPADBusMethodHandler) wpas_dbus_handler_get_channel_freq,
+ {
+ { "freq", "s", ARG_OUT },
+ END_ARGS
+ }
+ },
#ifdef CONFIG_AUTOSCAN
{ "AutoScan", WPAS_DBUS_NEW_IFACE_INTERFACE,
(WPADBusMethodHandler) wpas_dbus_handler_autoscan,
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
index 6c36d91..b647594 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
@@ -4433,6 +4433,22 @@ dbus_bool_t wpas_dbus_getter_bss_frequency(
&freq, error);
}
+dbus_bool_t wpas_dbus_getter_bss_category(
+ const struct wpa_dbus_property_desc *property_desc,
+ DBusMessageIter *iter, DBusError *error, void *user_data)
+{
+ struct bss_handler_args *args = user_data;
+ struct wpa_bss *res;
+ u16 category;
+
+ res = get_bss_helper(args, error, __func__);
+ if (!res)
+ return FALSE;
+
+ category = (u16) res->category;
+ return wpas_dbus_simple_property_getter(iter, DBUS_TYPE_UINT16,
+ &category, error);
+}
static int cmp_u8s_desc(const void *a, const void *b)
{
@@ -5323,3 +5339,88 @@ dbus_bool_t wpas_dbus_getter_mesh_group(
}
#endif /* CONFIG_MESH */
+static const char * modestr(enum hostapd_hw_mode mode)
+{
+ switch (mode) {
+ case HOSTAPD_MODE_IEEE80211B:
+ return "802.11b";
+ case HOSTAPD_MODE_IEEE80211G:
+ return "802.11g";
+ case HOSTAPD_MODE_IEEE80211A:
+ return "802.11a";
+ case HOSTAPD_MODE_IEEE80211AD:
+ return "802.11ad";
+ default:
+ return "?";
+ }
+}
+DBusMessage *wpas_dbus_handler_get_channel_freq(DBusMessage *message,
+ struct wpa_supplicant *wpa_s, DBusError *error)
+{
+#ifdef CONFIG_AP
+ DBusMessage *reply = NULL;
+ DBusMessageIter iter, subArrayIter;
+ dbus_message_iter_init(message, &iter);
+ char *freq = NULL;
+ int i;
+ char *hmode;
+ char str[200];
+ if (wpa_s->hw.modes)
+ {
+ for (i = 0; i < wpa_s->hw.num_modes; i++)
+ {
+ struct hostapd_hw_modes *mode = &wpa_s->hw.modes[i];
+ char *mode_str = modestr(wpa_s->hw.modes[i].mode);
+ char *pos = str;
+ char *end = pos + sizeof(str);
+ int j, res;
+
+ for (j = 0; j < mode->num_channels; j++)
+ {
+ if (strcmp(modestr(mode->mode), "802.11a") == 0)
+ {
+ struct hostapd_channel_data *chan = &mode->channels[j];
+
+ res = os_snprintf(pos, end - pos, " %d%s%s%s",
+ chan->freq,
+ (chan->flag & HOSTAPD_CHAN_DISABLED) ? "[DISABLED]" : "",
+ (chan->flag & HOSTAPD_CHAN_NO_IR) ? "[NO_IR]" : "",
+ (chan->flag & HOSTAPD_CHAN_RADAR) ? "[RADAR]" : "");
+ if (os_snprintf_error(end - pos, res))
+ break;
+ pos += res;
+ *pos = '\0';
+ wpa_printf(MSG_DEBUG, "nl80211: Mode IEEE %s:%s",
+ modestr(mode->mode), str);
+ }
+ }
+ }
+ }
+ freq = os_calloc(1204, sizeof(char *));
+ reply = dbus_message_new_method_return(message);
+ if (!reply)
+ return wpas_dbus_error_no_memory(message);
+
+ dbus_message_iter_init_append(reply, &iter);
+
+ if (!freq)
+ {
+ dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory");
+ return NULL;
+ }
+ strcpy(freq, str);
+ if (!dbus_message_iter_append_basic(&iter,
+ DBUS_TYPE_STRING,
+ &freq))
+ {
+ dbus_message_unref(reply);
+ return NULL;
+ }
+ os_free(freq);
+
+ return reply;
+#else /* CONFIG_AP */
+ wpa_printf(MSG_ERROR, "no sport mode");
+ return FALSE;
+#endif /* CONFIG_AP */
+}
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.h b/wpa_supplicant/dbus/dbus_new_handlers.h
index d922ce1..adc231f 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers.h
+++ b/wpa_supplicant/dbus/dbus_new_handlers.h
@@ -190,6 +190,7 @@ DECLARE_ACCESSOR(wpas_dbus_getter_bss_privacy);
DECLARE_ACCESSOR(wpas_dbus_getter_bss_mode);
DECLARE_ACCESSOR(wpas_dbus_getter_bss_signal);
DECLARE_ACCESSOR(wpas_dbus_getter_bss_frequency);
+DECLARE_ACCESSOR(wpas_dbus_getter_bss_category);
DECLARE_ACCESSOR(wpas_dbus_getter_bss_rates);
DECLARE_ACCESSOR(wpas_dbus_getter_bss_wpa);
DECLARE_ACCESSOR(wpas_dbus_getter_bss_rsn);
@@ -262,5 +263,7 @@ DBusMessage * wpas_dbus_handler_subscribe_preq(
DBusMessage *message, struct wpa_supplicant *wpa_s);
DBusMessage * wpas_dbus_handler_unsubscribe_preq(
DBusMessage *message, struct wpa_supplicant *wpa_s);
+DBusMessage *wpas_dbus_handler_get_channel_freq(DBusMessage *message,
+ struct wpa_supplicant *wpa_s,DBusError *error);
#endif /* CTRL_IFACE_DBUS_HANDLERS_NEW_H */

101
debian/rules vendored
View File

@ -1,101 +0,0 @@
#!/usr/bin/make -f
export QT_SELECT=qt5
export DEB_BUILD_MAINT_OPTIONS=hardening=+all
DPKG_EXPORT_BUILDFLAGS = 1
include /usr/share/dpkg/default.mk
# The build system doesn't use CPPFLAGS, pass them to CFLAGS/CXXFLAGS to
# enable the missing (hardening) flags
DEB_CFLAGS_MAINT_APPEND = -MMD -Wall $(shell dpkg-buildflags --get CPPFLAGS)
DEB_CXXFLAGS_MAINT_APPEND = $(shell dpkg-buildflags --get CPPFLAGS)
DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
export DEB_CFLAGS_MAINT_APPEND DEB_CXXFLAGS_MAINT_APPEND DEB_LDFLAGS_MAINT_APPEND
UCFLAGS = -MMD -Wall -fPIC $(shell dpkg-buildflags --get CPPFLAGS) $(shell dpkg-buildflags --get CFLAGS)
BINDIR = /sbin
V = 1
PKG_CONFIG ?= $(DEB_HOST_GNU_TYPE)-pkg-config
export CC BINDIR V PKG_CONFIG
DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
HOSTAPD_DOT_CONFIG := debian/config/hostapd/$(DEB_HOST_ARCH_OS)
WPASUPPLICANT_DOT_CONFIG := debian/config/wpasupplicant/$(DEB_HOST_ARCH_OS)
WPASUPPLICANT_UDEB_DOT_CONFIG := debian/config/wpasupplicant/$(DEB_HOST_ARCH_OS)-udeb
### start dh overrides
override_dh_auto_configure:
dh_auto_configure --sourcedirectory=wpa_supplicant/wpa_gui-qt4 \
--buildsystem=qmake
override_dh_auto_build:
# build documentation
dh_auto_build --sourcedirectory=wpa_supplicant/doc/docbook \
--buildsystem=makefile \
-- man
# build wpasupplicant-udeb
cp -v --remove-destination $(WPASUPPLICANT_UDEB_DOT_CONFIG) wpa_supplicant/.config
CFLAGS="$(UCFLAGS)" dh_auto_build --sourcedirectory=wpa_supplicant \
--buildsystem=makefile
mv -v wpa_supplicant/wpa_supplicant wpa_supplicant/wpa_supplicant-udeb
dh_auto_clean --sourcedirectory=wpa_supplicant \
--buildsystem=makefile
# build wpasupplicant
cp -v --remove-destination $(WPASUPPLICANT_DOT_CONFIG) wpa_supplicant/.config
dh_auto_build --sourcedirectory=wpa_supplicant \
--buildsystem=makefile
# build wpa_gui-qt4
dh_auto_build --sourcedirectory=wpa_supplicant/wpa_gui-qt4 \
--buildsystem=qmake
dh_auto_clean --sourcedirectory=src --buildsystem=makefile
# build hostapd
cp -v --remove-destination $(HOSTAPD_DOT_CONFIG) hostapd/.config
dh_auto_build --sourcedirectory=hostapd \
--buildsystem=makefile
dh_auto_clean --sourcedirectory=src --buildsystem=makefile
override_dh_auto_clean:
dh_auto_clean --sourcedirectory=wpa_supplicant/doc/docbook \
--buildsystem=makefile
dh_auto_clean --sourcedirectory=wpa_supplicant \
--buildsystem=makefile
dh_auto_clean --sourcedirectory=wpa_supplicant/wpa_gui-qt4 \
--buildsystem=qmake
-find wpa_supplicant/wpa_gui-qt4 -type d -name \.moc -exec rm -rf {} \;
-find wpa_supplicant/wpa_gui-qt4 -type d -name \.ui -exec rm -rf {} \;
-find wpa_supplicant/wpa_gui-qt4 -type d -name \.obj -exec rm -rf {} \;
dh_auto_clean --sourcedirectory=hostapd \
--buildsystem=makefile
override_dh_auto_install:
$(info Skip dh_auto_install ...)
override_dh_clean:
# make sure to remove the staging directory for the udeb
rm -rf debian/wpasupplicant-udeb
dh_clean
override_dh_install:
dh_install
# install D-Bus service activation files & configuration
install --mode=644 -D wpa_supplicant/dbus/dbus-wpa_supplicant.conf \
debian/wpasupplicant/etc/dbus-1/system.d/wpa_supplicant.conf
# Install udeb
install --mode=755 -D wpa_supplicant/wpa_supplicant-udeb \
debian/wpasupplicant-udeb/sbin/wpa_supplicant
override_dh_installchangelogs:
dh_installchangelogs --package=hostapd hostapd/ChangeLog
dh_installchangelogs --package=wpasupplicant wpa_supplicant/ChangeLog
dh_installchangelogs --package=wpagui wpa_supplicant/ChangeLog
### end dh overrides
%:
dh ${@}
get-orig-source:
chmod +x $(CURDIR)/debian/get-orig-source
$(CURDIR)/debian/get-orig-source $(CURDIR)

3
debian/source.lintian-overrides vendored
View File

@ -1,3 +0,0 @@
# there are no upstream tarballs for the hostapd.git branch at the moment,
# please use debian/rules' get-orig-source target instead
wpa source: debian-watch-file-is-missing

1
debian/source/format vendored
View File

@ -1 +0,0 @@
3.0 (native)

11
debian/system-sleep/wpasupplicant vendored
View File

@ -1,11 +0,0 @@
#!/bin/sh
set -e
[ -d /run/wpa_supplicant ] || exit 0
if [ "$2" = "suspend" ] || [ "$2" = "hybrid-sleep" ]; then
case "$1" in
pre) /sbin/wpa_cli suspend ;;
post) /sbin/wpa_cli resume ;;
esac
fi

36
debian/upstream/signing-key.asc vendored
View File

@ -1,36 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGiBDoydw4RBAC9vfqCsU+dgrxUSdGf70zrEAIBxcjeqHusovztR65XOWE0ccjm
QS2TVgJM+OzYg9FJG7DuLQZDwhR10BZKJfG97fNyZVBCoO90bEcTufn96oceJlz/
MHmy99+i6wYdIKYzvmaxcC1QPhENr1scgin9nMiW1MTPJ7sSgjDqd0QPVwCgmaZU
pzhKRusR5E/MmgI2kz73Ui0D/03lVNypkQTbuBp1q71YqT9qjO8+5kXU5QXJhel0
qUgJHcu3rdnIVaiANw1qauMM0DtnRKOtcaZntn03sFNnaJRx0JlmLa/cMP0nm1kP
nR6Q3Cruz7InJnJZDXGsGH/ku4OcYLUJ8UgqzaO0J5o66j7pxQQDo1UAs4PQaoYq
/ECbA/9B6b3TzuHdqUgS/g2AYTc5MU+i92ydrBv2g9SPuH78m/X4YicGR1HF7yNi
J/hiVa/axBUHpXE4vW0Bndj1bN4sctFeGGezGRaLiiggZkBBNnL8nF5eZebLvPrv
4kr8Cchz+lGF5UFNVyLWwi/I5CSUqUtSXOD1Q9WcXoqJcrE2brQXSm91bmkgTWFs
aW5lbiA8akB3MS5maT6IYgQTEQIAIgIbIwYLCQgHAwIEFQIIAwMWAgECHgECF4AF
AkZbB/QCGQEACgkQK270Mu/IlfpuGACfd0WargWDeja0VW+R9TSKjRIfO1cAn1A8
nkiso1bg/CvU56wSvpU4MpF6tBlKb3VuaSBNYWxpbmVuIDxqbUBraXIubnU+iF8E
ExECAB8FAkZbB5sCGyMGCwkIBwMCBBUCCAMDFgIBAh4BAheAAAoJECtu9DLvyJX6
BmAAnRSeK5z2ClLwuV5i1CtP9w2v85TkAJ9XLkaqrNqX4yDxoHqbEpHkHZ6d17Qg
Sm91bmkgTWFsaW5lbiA8am1Aam0uZXBpdGVzdC5maT6IVwQTEQIAFwUCOjJ3DgUL
BwoDBAMVAwIDFgIBAheAAAoJECtu9DLvyJX6jS8AnixjTt+aerNHx8woqO7WGGqQ
h15YAJ4iIDUXZ/vQZny1FG/ewzE/rdUVmrQiSm91bmkgTWFsaW5lbiA8amttYWxp
bmVAY2MuaHV0LmZpPohXBBMRAgAXBQI6Mn1JBQsHCgMEAxUDAgMWAgECF4AACgkQ
K270Mu/IlfqZmQCeN9xC1eqSD3xiUa/z+SMA2Gd5NvkAnRuwbogLyTyBb8HqC1Lx
ISWkTSBvuQINBDoyd1sQCAC8qbv50m22q9hhs54GMD+Xemg0dHiHuuTtVPYugJqT
SlhSS8QJBdulR8hYYDGHbTzjB/ksiQFOcISZZ+zQRIGqLbNldf6taGUTIhZkIh09
0RYLXCYoMFB8XLBOaLVRy7SMwsPXdbIRkT9v9CzMjZcTUVjwObQKRpTie0JZhc//
CUmY76scpRY5ifDXT9NOr5uMA3W5FI1AFc3d856BYhdnhcuJn+QQS+Xsj3r2vpVz
YHoS+nT0nQ9iwmqPtRHep+t1cudqEouaWT8tpXkSB0Y0MjOPyGnNDkg9om3gj5QK
zMDcQCxCVTHjqVUrmW6Bs2Rm2YVMBu/TIG4E9hEK8Ma/AAMFB/4pOot8lGbAJcov
gtSEvna6WyOnFtmC8UCXJyf1MnzzLAO6Fvf8cz16ig2o+7bgKiQeWxwd7LJEicv2
kD33fZl3OqSZbNdfsOxB9g+jtWC+vOXGKzr6Pi7fIBXgkhxF/eWbhFg7Kj4rd+jB
I9F7uK/wPyY8JivH8vy2w6Boipc3S7qcUn5Gk58w0EuZrAHSGKt9QWd/p7ppIfgg
mbc77YFWzM/z9fiMWp4+YIJkEH6unz3+91qQXUC4JGL6QMnsIoieqoAk/6rHMCTf
hFSvQxuhxpLUI+PT9sAvIBZLZta6hvIiYVpSTzZxiVmuioVHUhPVQdcpO5Mrr1VH
DwC+ZH8miEYEGBECAAYFAjoyd1sACgkQK270Mu/IlfrRCACfWEtm3et85knJeUK2
ApdQ54Evxn4AoIYi35jctzD/SfJzPiE15zTRS8NN
=UdTW
-----END PGP PUBLIC KEY BLOCK-----

28
debian/uscan-hook vendored
View File

@ -1,28 +0,0 @@
#!/bin/sh
set -e
# TODO: this script needs to be updated to work with watch file version 4
# This script is invoked by uscan after downloading a new tarball
if [ "$1" != "--upstream-version" ] || [ $# != 3 ]; then
echo "invalid arguments: $*" >&2
exit 2
fi
version="$2"
filename="$3"
rm -f "$filename" "../hostapd-${2}.tar.gz"
merged_tarball="$(./debian/get-orig-source $(pwd) ${version} | awk '/^SUCCESS: New upstream tarball has been saved at/{print $9}')"
if [ -n "${merged_tarball}" ] && [ -w "${merged_tarball}" ]; then
# write to ../tarballs/, if it exists - ../ otherwise
if [ ! -e "../wpa_${version}.orig.tar.xz" ]; then
ln -fs "${merged_tarball}" "../"
fi
echo "svn-upgrade ../$(basename ${merged_tarball}) -V ${version}" >&2
exit 0
else
echo "failed to generate merged upstream tarball" >&2
exit 3
fi

13
debian/watch vendored
View File

@ -1,13 +0,0 @@
# Find hostapd tarball in http://w1.fi/releases/.
# We need to generate a merged wpa tarball from wpa_supplicant and hostapd,
# so use our own script instead of uupdate.
version=4
#opts=pgpmode=auto http://w1.fi/releases/hostapd-([\.0-9]+)\.tar\.gz debian debian/uscan-hook
opts="mode=git, pgpmode=none, repack, compression=xz" \
git://w1.fi/hostap.git \
refs/tags/hostap_([\d]+)_([\d]+)
opts="mode=git, pgpmode=none, pretty=2.9+git%cd+%h, repack, compression=xz" \
git://w1.fi/hostap.git \
HEAD

3
debian/wpagui.install vendored
View File

@ -1,3 +0,0 @@
wpa_supplicant/wpa_gui-qt4/wpa_gui usr/sbin/
wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop usr/share/applications/
wpa_supplicant/wpa_gui-qt4/icons/wpa_gui.svg usr/share/icons/hicolor/scalable/apps/

1
debian/wpagui.manpages vendored
View File

@ -1 +0,0 @@
wpa_supplicant/doc/docbook/wpa_gui.8

550
debian/wpasupplicant.README.Debian vendored
View File

@ -1,550 +0,0 @@
Modes of Operation in wpasupplicant for Debian
==============================================
The Debian wpasupplicant package provides two (2) convenient modes of operation
that are closely integrated to the core networking infrastructure; ifupdown.
Table of Contents
=================
1. Specifying the wpa_supplicant driver backend
- Table of supported drivers
- Choosing driver backend
2. Mode #1: Managed Mode
- Examples
- Table of Common Options
- Important Notes About Managed Mode
- How It Works
3. Mode #2: Roaming Mode
- wpa_supplicant.conf
- /etc/network/interfaces
- Interacting with wpa_supplicant with wpa_cli and wpa_gui
- Controlling the Roaming Daemon with wpa_action
- Fine Tuning the Roaming Setup
- Using External Mapping Scripts (e.g. guessnet)
- /etc/network/interfaces with external mapping
4. Troubleshooting
- Hidden ssids
5. Security Considerations
- Configuration File Permissions
1. Specifying the wpa_supplicant driver backend
===============================================
The wext driver backend will be used for all interfaces that do not explicitly
set 'wpa-driver' to the driver type required for that device. Users of linux
2.4 kernels, or 2.6 kernels less than 2.6.14 will be required to specify a
wpa-driver type.
Table of supported drivers
==========================
A summary of supported drivers follows:
Driver Description
====== ===========
nl80211 Linux 802.11 netlink interface
wext Linux wireless extensions (generic)
wired driver for wired Ethernet
Choosing driver backend
=======================
Set the driver type in the interfaces(5) stanza for your device with the
'wpa-driver' option. For example:
iface eth0 inet dhcp
wpa-driver wext
. . . . . more options
If no wpa-driver configuration is supplied, the wext backend is used.
2. Mode #1: Managed Mode
========================
This mode provides the ability to establish a connection via wpa_supplicant to
one known network. It is similar to how the wireless-tools package works. Each
element required to establish the connection via wpa_supplicant is prefixed
with 'wpa-' and followed by the value that will be used for that element.
Examples
========
NOTE: the 'wpa-psk' value is only valid if:
1) It is a plaintext (ascii) string between 8 and 63 characters in
length
2) It is a hexadecimal string of 64 characters
# Connect to access point of ssid 'NyNetWork' with an encryption type of
# WPA-PSK/WPA2-PSK. It assumes the driver will use the 'wext' driver backend
# of wpa_supplicant because no wpa-driver option has been specified.
# The passphrase is given as a ASCII (plaintext) string. DHCP is used to
# obtain a network address.
#
iface wlan0 inet dhcp
wpa-ssid MyNetWork
# plaintext passphrase
wpa-psk plaintextsecret
# Connect to access point of ssid 'homezone' with an encryption type of
# WPA-PSK/WPA2-PSK, using the 'wext' driver backend of wpa_supplicant.
# The psk is given as an encoded hexadecimal string. DHCP is used to obtain
# a network address.
#
iface wlan0 inet dhcp
wpa-driver wext
wpa-ssid homezone
# hexadecimal psk is encoded from a plaintext passphrase
wpa-psk 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
# Connect to access point of ssid 'HotSpot1' and bssid of '00:1a:2b:3c:4d:5e'
# with an encryption type of WPA-PSK/WPA2-PSK, using the 'nl80211' driver
# backend of wpa_supplicant. The passphrase is given as a plaintext string.
# A static network address assignment is used.
#
iface wlan0 inet static
wpa-driver nl80211
wpa-ssid HotSpot1
wpa-bssid 00:1a:2b:3c:4d:5e
# plaintext passphrase
wpa-psk madhotspot
wpa-key-mgmt WPA-PSK
wpa-pairwise TKIP CCMP
wpa-group TKIP CCMP
wpa-proto WPA RSN
# static ip settings
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
# User supplied wpa_supplicant.conf is used for eth1. All network information
# is contained within the user supplied wpa_supplicant.conf. No wpa-driver type
# is specified, so wext is used. DHCP is used to obtain a network address.
#
iface eth1 inet dhcp
wpa-conf /path/to/wpa_supplicant.conf
Table of Common Options
=======================
A brief summary of common 'wpa-' options that may be used in the
/etc/network/interfaces stanza for a wireless device. See the
'Important Notes About Managed Mode' section for information about
valid and invalid 'wpa-' values.
NOTE: ALL values are CASE SeNsItVe
Element Example Value Description
======= ============= ===========
wpa-ssid plaintextstring sets the ssid of your network
wpa-bssid 00:1a:2b:3c:4d:5e the bssid of your AP
wpa-psk 0123456789...... your preshared wpa key. Use
wpa_passphrase(8) to generate your psk
from a passphrase and ssid pair
wpa-key-mgmt NONE, WPA-PSK, WPA-EAP, list of accepted authenticated key
IEEE8021X management protocols
wpa-group CCMP, TKIP, WEP104, list of accepted group ciphers for WPA
WEP40
wpa-pairwise CCMP, TKIP, NONE list of accepted pairwise ciphers for
WPA
wpa-auth-alg OPEN, SHARED, LEAP list of allowed IEEE 802.11
authentication algorithms
wpa-proto WPA, RSN list of accepted protocols
wpa-identity myplaintextname administrator provided username
(EAP authentication)
wpa-password myplaintextpassword your password (EAP authentication)
wpa-scan-ssid 0 or 1 toggles scanning of ssid with specific
Probe Request frames
wpa-ap-scan 0 or 1 or 2 adjusts the scanning logic of
wpa_supplicant
The complete functionality of wpa_cli(8) should be implemented. Anything
missing is considered a bug and should be reported as such. Patches are always
welcome.
Important Notes About Managed Mode
==================================
Almost all 'wpa-' options require there is at least a ssid specified. Only a
handful of options have a global effect. These are: 'wpa-ap-scan' and
'wpa-preauthenticate'.
Any 'wpa-' option given for a device in the interfaces(5) file is sufficient to
trigger the wpa_supplicant daemon into action.
The wpasupplicant ifupdown script makes assumptions about the 'type' of input
that is valid for each option. For example, it assumes that some input is
plaintext and wraps quotation marks around the input before passing it on
to wpa_cli, which then adds the input to the network block being formed via
the wpa_supplicant ctrl_interface socket. Running ifup manually with the
'--verbose' option will reveal all of the commands used to form the network
block via wpa_cli. If the value you used for any wpa-* option in
/etc/network/interfaces is surrounded by double quotes, than it has been
assumed to be of "plaintext" or "ascii" type input.
Some input is assumed to be a hexadecimal string (eg. wpa-wep-key*). The value
'type' of the wpa-psk option however, is determined via a simple check for more
than one non hexadecimal character.
How It Works
============
As mentioned earlier, each wpa_supplicant specific element is prefixed with
'wpa-'. Each element correlates to a property of wpa_supplicant described in
the wpa_supplicant.conf(5), wpa_supplicant(8) and wpa_cli(8) manpages. The
supplicant is launched without any pre-configuration whatsoever, and wpa_cli
forms a network configuration from the input provided by the 'wpa-*' lines.
Initially, wpa_supplicant/wpa_cli does not directly set the properties of the
device (like setting an essid with iwconfig, for example), rather it informs
the device of what access point is suitable to associate with. Once the device
has scanned the area, and found that the suitable access point is available for
use, these properties are set.
The scripts that do all the work are located at:
/etc/wpa_supplicant/ifupdown.sh
/etc/wpa_supplicant/functions.sh
ifupdown.sh is executed by run-parts, which in turn is invoked by ifupdown
during the 'pre-up', 'pre-down' and 'post-down' phases.
In the 'pre-up' phase, a wpa_supplicant daemon is launched followed by a series
of wpa_cli commands that set up a network configuration according to what
'wpa-' options were used in /etc/network/interfaces for the physical device.
If wpa-roam is used, a wpa_cli daemon is launched in the 'post-up' phase.
In the 'pre-down' phase, the wpa_cli daemon is terminated.
In the 'post-down' phase, the wpa_supplicant daemon is terminated.
3. Mode #2: Roaming Mode
========================
A self contained, simplistic roaming mechanism is provided by this package. It
is in the form of a wpa_cli action script, /sbin/wpa_action, and it assumes
control of ifupdown once activated. The wpa_action(8) manpage describes its
technical details in great depth.
To activate a roaming interface, adapt the following example interfaces(5)
stanza:
iface eth1 inet manual
wpa-driver wext
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
Two daemons are spawned from the above example; wpa_supplicant and wpa_cli. It
is required to provide a wpa_supplicant.conf containing a minimal amount of
global options, and any known network blocks that should be connected to
without interaction. A good starting point is provided by an example
configuration file:
# copy the template to /etc/wpa_supplicant/
cp /usr/share/doc/wpasupplicant/examples/wpa-roam.conf \
/etc/wpa_supplicant/wpa_supplicant.conf
# allow only root to read and write to file
chmod 0600 /etc/wpa_supplicant/wpa_supplicant.conf
NOTE: it is critical that the used wpa_supplicant.conf defines the location of
the 'ctrl_interface' so that a communication socket is created for the
wpa_cli (wpa-roam daemon) to attach. The mentioned example configuration,
/usr/share/doc/wpasupplicant/examples/wpa-roam.conf, has been set to a
sane default.
It is required to edit this configuration file, and add the network blocks for
all known networks. If you do not understand what this means, start reading the
wpa_supplicant.conf(5) manpage now.
For each network, you may specify a special option 'id_str'. It should be set to
a simple text string. This text string forms the basis for network profiling; it
correlates to a logical interface defined in the interfaces(5) file. When no
'id_str' is given for a network, wpa_action assumes it will use the 'default'
logical interface as fallback. The fallback interface can be chosen via the
'wpa-roam-default-iface' option.
So what does all this mean? Lets illustrate it with a small example taken from
the wpa_action(8) manpage.
wpa_supplicant.conf
===================
network={
ssid="foo"
key_mgmt=NONE
# this id_str will notify /sbin/wpa_action to 'ifup uni'
id_str="uni"
}
network={
ssid="bar"
psk=123456789...
# this id_str will notify /sbin/wpa_action to 'ifup home_static'
id_str="home_static"
}
network={
ssid=""
key_mgmt=NONE
# no 'id_str' parameter is given, /sbin/wpa_action will 'ifup default'
}
/etc/network/interfaces
=======================
# the roaming interface MUST use the manual inet method
# 'allow-hotplug' or 'auto' ensures the daemon starts automatically
allow-hotplug eth1
iface eth1 inet manual
wpa-driver wext
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
# no id_str, 'default' is used as the fallback mapping target
iface default inet dhcp
# id_str="uni"
iface uni inet dhcp
# id_str="home_static"
iface home_static inet static
address 192.168.0.20
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
A logical interface is brought up via ifup, and taken down via ifdown, as
wpa_supplicant associates and de-associates with the network associated
to it by the 'id_str' option used in the wpa_supplicant.conf configuration file.
/sbin/wpa_action's actions are logged to syslog.
Interacting with wpa_supplicant with wpa_cli and wpa_gui
========================================================
The wpa_supplicant process can be interacted with by members of the "netdev"
group if the example roaming configuration was used as is (or by whatever
group or gid specified by the GROUP= crtl_interface parameter).
# the default ctrl_interface option used in the example file
# /usr/share/doc/wpasupplicant/examples/wpa-roam.conf
ctrl_interface=DIR=/run/wpa_supplicant GROUP=netdev
To interact with the supplicant, the wpa_cli (command line) and wpa_gui (QT)
have been provided. With these you may connect, disconnect, add/delete new
network blocks, provide required interactive security information and so on.
Controlling the Roaming Daemon with wpa_action
==============================================
Once the roaming daemon is started, it assumes control of ifupdown. That is;
wpa_cli calls ifup when wpa_supplicant has successfully associated with an
access point, and calls ifdown when the connection is lost or terminated.
While the roaming daemon is active, ifupdown should not be controlled directly
by manually issued commands, rather /sbin/wpa_action is supplied to stop and
reload the roaming daemon. For example, to stop the
romaing daemon on the device 'eth1':
wpa_action eth1 stop
When it is required to update the roaming daemon with a new networks details,
it can be done without stopping it. Edit the wpa_supplicant.conf file that is
being used by the daemon with the new networks details, add optional network
settings to /etc/network/interfaces that are specific to the new network
(linked by the 'id_str') and then 'reload' the daemon like so:
wpa_action eth1 reload
For the complete technical details of what wpa_action can do, read the
wpa_action(8) manpage.
Fine Tuning the Roaming Setup
=============================
You may face situations where multiple known access points are in close
proximity. You can choose which one is preferred manually, with wpa_cli or
wpa_gui, or you can give each network its own priority. This is provided by the
'priority' option of wpa_supplicant.conf.
Using External Mapping Scripts (e.g. guessnet)
==============================================
In addition to the internal mapping of logical interfaces via 'id_str',
wpa_action can call external mapping scripts. A mapping script should return
the name of the logical interface which should be brought up. Any mapping
script that works from ifupdowns mapping mechanism (see man interfaces) should
also work when called from wpa_action.
To call a mapping script add a line 'wpa-mapping-script name-of-the-script' to
the interfaces stanza of the physical roaming device. (You may have to specify
the absolute path to the mapping script.)
The contents of lines starting with wpa-map are passed to stdin of the mapping
script. Since ifupdown allows only one wpa-map line you can append any number
to wpa-map for additional lines. For example:
iface wlan0 inet manual
wpa-driver wext
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
wpa-mapping-script guessnet-ifupdown
wpa-map0 home
wpa-map1 work
wpa-map2 school
# ... additional wpa-mapX lines as required
By default the mapping script will only be used when no 'id_str' is available
for the current network. If you want to completely disable 'id_str' matching
and use only an external mapping script, use the
'wpa-mapping-script-priority 1' option to override default behaviour.
If the mapping script returns an empty string wpa_action will fallback to using
the 'default' interface, unless an alternative is defined by the
'wpa-roam-default-iface' option.
Below is an advanced example, using guessnet-ifupdown as the external mapping
script.
/etc/network/interfaces with external mapping
=============================================
allow-hotplug wlan0
iface wlan0 inet manual
wpa-driver wext
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
wpa-roam-default-iface default-wparoam
wpa-mapping-script guessnet-ifupdown
wpa-map default: default-guessnet
wpa-map0 home_static
wpa-map1 work_static
# school can only be chosen via 'id_str' matching
iface school inet dhcp
# resolvconf
dns-nameservers 11.22.33.44 55.66.77.88
iface home_static inet static
address 192.168.0.20
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
test peer address 192.168.0.1 mac 00:01:02:03:04:05
iface work_static inet static
address 192.168.3.200
netmask 255.255.255.0
network 192.168.3.0
broadcast 192.168.3.255
gateway 192.168.3.1
test peer address 192.168.3.1 mac 00:01:02:03:04:05
iface default-guessnet inet dhcp
iface default-wparoam inet dhcp
In this example wpa_action will use guessnet for the selection of a suitable
logical interface only when no 'id_str' option has been provided for the
current network in the provided wpa_supplicant.conf.
The 'wpa-map' lines provide guessnet with the logical interfaces that are to be
tested as well as the default interface to be used when all tests fail. The
'test' lines of each logical interface are used by guessnet to determine if
we are actually connected to that network. For instance, guessnet will choose
the logical interface 'home_static' if there's a device with an IP address of
192.168.0.1 and MAC of 00:01:02:03:04:05 on the current network. If all tests
fail, the 'default-guessnet' interface will be configured.
Please, read the guessnet(8) manpage for more information.
4. Troubleshooting
==================
In order to debug connection, association and authentication problems,
increase the verbosity level of wpa_supplicant to log debug output by
adding the wpa-debug-level option to /etc/network/interfaces like in
the following example:
iface eth1 inet dhcp
wpa-debug-level 3
...
Debug level number 3 starts the supplicant with the -ddd command line option,
level 2 with -dd an level 1 with -d. Values of -1 and -2 will cause
wpa_supplicant to be started with -q and -qq options respectively (quiet mode).
Any other wpa-debug-level value will cause the supplicant to be started
with default debug level.
If wpa_supplicant is started via D-Bus, then you must edit
/usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service and
add the debugging command line option to the Exec field.
It is also possible to have wpa_supplicant write all debug output to a text
file with the -f command line option. You may specify a file to log to with
the wpa-logfile in /etc/network/interfaces if starting wpa_supplicant via
ifupdown.
Another method is to start `wpa_cli -i <interface>` in another shell before
starting the interface. Use the command 'level 0' first, to get all debug
messages sent to the control socket by wpa_supplicant.
To debug the ifupdown scripts that start wpa_supplicant and friends, use
`ifup --verbose <interface>` to get verbose messages, or set
wpa-maint-debug to any value to see shell code execution (set -x).
Hidden ssids
============
For reference, see #358137 [1]. In order to be able to associate to hidden
ssids, please try to set the option 'ap_scan=1' in the global section, and
'scan_ssid=1' in your network block section of your wpa_supplicant.conf file.
If you are using the managed mode, you can do so by these stanzas:
iface eth1 inet dhcp
wpa-ap-scan 1
wpa-scan-ssid 1
# ... additional options for your setup
According to #368770 [2], association can take a very long time under certain
circumstances. In some cases, setting the parameter 'ap_scan=2' in the
config file, (or using a 'wpa-ap-scan 2' stanza, which is equivalent) can
greatly help to speed up association. Please note that setting ap_scan to the
value of 2 also requires that all networks have a precisely defined security
policy for key_mgmt, pairwise, group and proto network policy variables.
[1] http://bugs.debian.org/358137
[2] http://bugs.debian.org/368770
5. Security Considerations
==========================
Configuration File Permissions
==============================
It is important to keep PSK's and other sensitive information concerning your
network settings private, therefore ensure that important configuration files
containing such data are only readable by their owner. For example:
chmod 0600 /etc/network/interfaces
chmod 0600 /etc/wpa_supplicant/wpa_supplicant.conf
By default, /etc/network/interfaces is world readable, and thus unsuitable for
containing secret keys and passwords.

5
debian/wpasupplicant.docs vendored
View File

@ -1,5 +0,0 @@
wpa_supplicant/README
wpa_supplicant/README-DPP
wpa_supplicant/README-HS20
wpa_supplicant/README-WPS
wpa_supplicant/README-P2P

3
debian/wpasupplicant.examples vendored
View File

@ -1,3 +0,0 @@
wpa_supplicant/wpa_supplicant.conf
wpa_supplicant/examples/*.conf
debian/examples/*.conf

12
debian/wpasupplicant.install vendored
View File

@ -1,12 +0,0 @@
debian/ifupdown/wpa_action sbin/
debian/ifupdown/action_wpa.sh etc/wpa_supplicant/
debian/ifupdown/functions.sh etc/wpa_supplicant/
debian/ifupdown/wpasupplicant/ifupdown.sh etc/wpa_supplicant/
# debian/system-sleep /lib/systemd/
wpa_supplicant/dbus/fi.*.service usr/share/dbus-1/system-services/
wpa_supplicant/examples/60_wpa_supplicant usr/lib/pm-utils/sleep.d/
wpa_supplicant/systemd/*.service lib/systemd/system/
wpa_supplicant/wpa_cli sbin/
wpa_supplicant/wpa_passphrase usr/bin/
wpa_supplicant/wpa_supplicant sbin/
debian/NetworkManager/no-mac-addr-change.conf usr/lib/NetworkManager/conf.d/

7
debian/wpasupplicant.links vendored
View File

@ -1,7 +0,0 @@
etc/wpa_supplicant/ifupdown.sh etc/network/if-pre-up.d/wpasupplicant
etc/wpa_supplicant/ifupdown.sh etc/network/if-up.d/wpasupplicant
etc/wpa_supplicant/ifupdown.sh etc/network/if-down.d/wpasupplicant
etc/wpa_supplicant/ifupdown.sh etc/network/if-post-down.d/wpasupplicant
etc/wpa_supplicant/action_wpa.sh etc/ifplugd/action.d/action_wpa
usr/share/doc/wpasupplicant usr/share/doc/wpa_supplicant
usr/share/doc/wpasupplicant/README.Debian usr/share/doc/wpasupplicant/README.modes

15
debian/wpasupplicant.lintian-overrides vendored
View File

@ -1,15 +0,0 @@
# We distribute the package under the terms of the BSD license due to the
# openssl issue, tell lintian to not complain:
wpasupplicant binary: possible-gpl-code-linked-with-openssl
# These are numerous and unlikely to be fixed anytime soon, filter them out.
wpasupplicant binary: hyphen-used-as-minus-sign
# false positive spelling complaints
wpasupplicant binary: spelling-error-in-binary sbin/wpa_supplicant ment meant
# no need for init scripts since wpa-supplicant has NM and ifupdown integration
wpasupplicant: package-supports-alternative-init-but-no-init.d-script
# this is a library
wpasupplicant: script-not-executable etc/wpa_supplicant/functions.sh

6
debian/wpasupplicant.manpages vendored
View File

@ -1,6 +0,0 @@
debian/ifupdown/wpa_action.8
wpa_supplicant/doc/docbook/wpa_background.8
wpa_supplicant/doc/docbook/wpa_cli.8
wpa_supplicant/doc/docbook/wpa_passphrase.8
wpa_supplicant/doc/docbook/wpa_supplicant.8
wpa_supplicant/doc/docbook/wpa_supplicant.conf.5

36
debian/wpasupplicant.postinst vendored
View File

@ -1,36 +0,0 @@
#!/bin/sh
# This script can be called in the following ways:
#
# After the package was installed:
# <postinst> configure <old-version>
#
#
# If prerm fails during upgrade or fails on failed upgrade:
# <old-postinst> abort-upgrade <new-version>
#
# If prerm fails during deconfiguration of a package:
# <postinst> abort-deconfigure in-favour <new-package> <version>
# removing <old-package> <version>
#
# If prerm fails during replacement due to conflict:
# <postinst> abort-remove in-favour <new-package> <version>
set -e
case "$1" in
configure)
# Add the netdev group unless it's already there
if ! getent group netdev >/dev/null; then
addgroup --quiet --system netdev || true
fi
;;
abort-upgrade|abort-deconfigure|abort-remove)
;;
*)
echo "$0 called with unknown argument \`$1'" 1>&2
exit 1
;;
esac
#DEBHELPER#
exit 0

5
hostapd/.gitignore vendored Normal file
View File

@ -0,0 +1,5 @@
.config
hostapd
hostapd_cli
hlr_auc_gw
nt_password_hash

93
hostapd/Android.mk
View File

@ -34,6 +34,10 @@ ifeq ($(BOARD_HOSTAPD_PRIVATE_LIB),)
L_CFLAGS += -DANDROID_LIB_STUB
endif
ifneq ($(BOARD_HOSTAPD_PRIVATE_LIB_EVENT),)
L_CFLAGS += -DANDROID_LIB_EVENT
endif
# Use Android specific directory for control interface sockets
L_CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_DIR=\"/data/misc/wifi/sockets\"
L_CFLAGS += -DCONFIG_CTRL_IFACE_DIR=\"/data/system/hostapd\"
@ -145,6 +149,7 @@ OBJS += src/utils/wpa_debug.c
OBJS += src/utils/wpabuf.c
OBJS += src/utils/os_$(CONFIG_OS).c
OBJS += src/utils/ip_addr.c
OBJS += src/utils/crc32.c
OBJS += src/common/ieee802_11_common.c
OBJS += src/common/wpa_common.c
@ -205,18 +210,12 @@ endif
L_CFLAGS += -DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX
ifdef CONFIG_IAPP
L_CFLAGS += -DCONFIG_IAPP
OBJS += src/ap/iapp.c
endif
ifdef CONFIG_RSN_PREAUTH
L_CFLAGS += -DCONFIG_RSN_PREAUTH
CONFIG_L2_PACKET=y
endif
ifdef CONFIG_HS20
NEED_AES_OMAC1=y
CONFIG_PROXYARP=y
endif
@ -226,8 +225,6 @@ endif
ifdef CONFIG_SUITEB
L_CFLAGS += -DCONFIG_SUITEB
NEED_SHA256=y
NEED_AES_OMAC1=y
endif
ifdef CONFIG_SUITEB192
@ -238,24 +235,14 @@ endif
ifdef CONFIG_OCV
L_CFLAGS += -DCONFIG_OCV
OBJS += src/common/ocv.c
CONFIG_IEEE80211W=y
endif
ifdef CONFIG_IEEE80211W
L_CFLAGS += -DCONFIG_IEEE80211W
NEED_SHA256=y
NEED_AES_OMAC1=y
endif
ifdef CONFIG_IEEE80211R
L_CFLAGS += -DCONFIG_IEEE80211R -DCONFIG_IEEE80211R_AP
OBJS += src/ap/wpa_auth_ft.c
NEED_SHA256=y
NEED_AES_OMAC1=y
NEED_AES_UNWRAP=y
NEED_AES_SIV=y
NEED_ETH_P_OUI=y
NEED_SHA256=y
NEED_HMAC_SHA256_KDF=y
endif
@ -267,8 +254,13 @@ endif
ifdef CONFIG_SAE
L_CFLAGS += -DCONFIG_SAE
OBJS += src/common/sae.c
ifdef CONFIG_SAE_PK
L_CFLAGS += -DCONFIG_SAE_PK
OBJS += src/common/sae_pk.c
endif
NEED_ECC=y
NEED_DH_GROUPS=y
NEED_HMAC_SHA256_KDF=y
NEED_DRAGONFLY=y
endif
@ -278,7 +270,6 @@ NEED_ECC=y
NEED_HMAC_SHA256_KDF=y
NEED_HMAC_SHA384_KDF=y
NEED_HMAC_SHA512_KDF=y
NEED_SHA256=y
NEED_SHA384=y
NEED_SHA512=y
endif
@ -299,10 +290,6 @@ L_CFLAGS += -DCONFIG_WNM -DCONFIG_WNM_AP
OBJS += src/ap/wnm_ap.c
endif
ifdef CONFIG_IEEE80211N
L_CFLAGS += -DCONFIG_IEEE80211N
endif
ifdef CONFIG_IEEE80211AC
L_CFLAGS += -DCONFIG_IEEE80211AC
endif
@ -331,6 +318,14 @@ OBJS += src/fst/fst_ctrl_iface.c
endif
endif
ifdef CONFIG_WEP
L_CFLAGS += -DCONFIG_WEP
endif
ifdef CONFIG_NO_TKIP
L_CFLAGS += -DCONFIG_NO_TKIP
endif
include $(LOCAL_PATH)/src/drivers/drivers.mk
@ -413,7 +408,6 @@ ifdef CONFIG_EAP_AKA
L_CFLAGS += -DEAP_SERVER_AKA
OBJS += src/eap_server/eap_server_aka.c
CONFIG_EAP_SIM_COMMON=y
NEED_SHA256=y
NEED_AES_CBC=y
endif
@ -424,7 +418,7 @@ endif
ifdef CONFIG_EAP_SIM_COMMON
OBJS += src/eap_common/eap_sim_common.c
# Example EAP-SIM/AKA interface for GSM/UMTS authentication. This can be
# replaced with another file implementating the interface specified in
# replaced with another file implementing the interface specified in
# eap_sim_db.h.
OBJS += src/eap_server/eap_sim_db.c
NEED_FIPS186_2_PRF=y
@ -438,7 +432,6 @@ endif
ifdef CONFIG_EAP_PSK
L_CFLAGS += -DEAP_SERVER_PSK
OBJS += src/eap_server/eap_server_psk.c src/eap_common/eap_psk_common.c
NEED_AES_OMAC1=y
NEED_AES_ENCBLOCK=y
NEED_AES_EAX=y
endif
@ -454,14 +447,11 @@ OBJS += src/eap_server/eap_server_gpsk.c src/eap_common/eap_gpsk_common.c
ifdef CONFIG_EAP_GPSK_SHA256
L_CFLAGS += -DEAP_GPSK_SHA256
endif
NEED_SHA256=y
NEED_AES_OMAC1=y
endif
ifdef CONFIG_EAP_PWD
L_CFLAGS += -DEAP_SERVER_PWD
OBJS += src/eap_server/eap_server_pwd.c src/eap_common/eap_pwd_common.c
NEED_SHA256=y
NEED_ECC=y
NEED_DRAGONFLY=y
endif
@ -494,6 +484,8 @@ OBJS += src/eap_common/eap_teap_common.c
TLS_FUNCS=y
NEED_T_PRF=y
NEED_SHA384=y
NEED_TLS_PRF_SHA256=y
NEED_TLS_PRF_SHA384=y
NEED_AES_UNWRAP=y
endif
@ -511,7 +503,6 @@ OBJS += src/wps/wps_dev_attr.c
OBJS += src/wps/wps_enrollee.c
OBJS += src/wps/wps_registrar.c
NEED_DH_GROUPS=y
NEED_SHA256=y
NEED_BASE64=y
NEED_AES_CBC=y
NEED_MODEXP=y
@ -554,21 +545,41 @@ endif
ifdef CONFIG_DPP
L_CFLAGS += -DCONFIG_DPP
OBJS += src/common/dpp.c
OBJS += src/common/dpp_auth.c
OBJS += src/common/dpp_backup.c
OBJS += src/common/dpp_crypto.c
OBJS += src/common/dpp_pkex.c
OBJS += src/common/dpp_reconfig.c
OBJS += src/common/dpp_tcp.c
OBJS += src/ap/dpp_hostapd.c
OBJS += src/ap/gas_query_ap.c
NEED_AES_SIV=y
NEED_HMAC_SHA256_KDF=y
NEED_HMAC_SHA384_KDF=y
NEED_HMAC_SHA512_KDF=y
NEED_SHA256=y
NEED_SHA384=y
NEED_SHA512=y
NEED_ECC=y
NEED_JSON=y
NEED_GAS=y
NEED_BASE64=y
NEED_ASN1=y
ifdef CONFIG_DPP2
L_CFLAGS += -DCONFIG_DPP2
endif
ifdef CONFIG_DPP3
L_CFLAGS += -DCONFIG_DPP3
endif
endif
ifdef CONFIG_PASN
L_CFLAGS += -DCONFIG_PASN
L_CFLAGS += -DCONFIG_PTKSA_CACHE
NEED_HMAC_SHA256_KDF=y
NEED_HMAC_SHA384_KDF=y
NEED_SHA256=y
NEED_SHA384=y
OBJS += src/common/ptksa_cache.c
endif
ifdef CONFIG_EAP_IKEV2
@ -639,7 +650,6 @@ endif
ifdef CONFIG_TLSV12
L_CFLAGS += -DCONFIG_TLSV12
NEED_SHA256=y
endif
ifeq ($(CONFIG_TLS), openssl)
@ -653,7 +663,6 @@ HOBJS += src/crypto/crypto_openssl.c
ifdef NEED_FIPS186_2_PRF
OBJS += src/crypto/fips_prf_openssl.c
endif
NEED_SHA256=y
NEED_TLS_PRF_SHA256=y
LIBS += -lcrypto
LIBS_h += -lcrypto
@ -705,13 +714,12 @@ OBJS += src/tls/tlsv1_cred.c
OBJS += src/tls/tlsv1_server.c
OBJS += src/tls/tlsv1_server_write.c
OBJS += src/tls/tlsv1_server_read.c
OBJS += src/tls/asn1.c
OBJS += src/tls/rsa.c
OBJS += src/tls/x509v3.c
OBJS += src/tls/pkcs1.c
OBJS += src/tls/pkcs5.c
OBJS += src/tls/pkcs8.c
NEED_SHA256=y
NEED_ASN1=y
NEED_BASE64=y
NEED_TLS_PRF=y
ifdef CONFIG_TLSV12
@ -806,12 +814,10 @@ endif
ifdef NEED_AES_EAX
AESOBJS += src/crypto/aes-eax.c
NEED_AES_CTR=y
NEED_AES_OMAC1=y
endif
ifdef NEED_AES_SIV
AESOBJS += src/crypto/aes-siv.c
NEED_AES_CTR=y
NEED_AES_OMAC1=y
endif
ifdef NEED_AES_CTR
AESOBJS += src/crypto/aes-ctr.c
@ -819,9 +825,7 @@ endif
ifdef NEED_AES_ENCBLOCK
AESOBJS += src/crypto/aes-encblock.c
endif
ifdef NEED_AES_OMAC1
AESOBJS += src/crypto/aes-omac1.c
endif
ifdef NEED_AES_UNWRAP
ifneq ($(CONFIG_TLS), openssl)
NEED_AES_DEC=y
@ -909,7 +913,6 @@ endif
endif
endif
ifdef NEED_SHA256
L_CFLAGS += -DCONFIG_SHA256
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), gnutls)
@ -923,6 +926,9 @@ endif
ifdef NEED_TLS_PRF_SHA256
OBJS += src/crypto/sha256-tlsprf.c
endif
ifdef NEED_TLS_PRF_SHA384
OBJS += src/crypto/sha384-tlsprf.c
endif
ifdef NEED_HMAC_SHA256_KDF
OBJS += src/crypto/sha256-kdf.c
endif
@ -932,7 +938,6 @@ endif
ifdef NEED_HMAC_SHA512_KDF
OBJS += src/crypto/sha512-kdf.c
endif
endif
ifdef NEED_SHA384
L_CFLAGS += -DCONFIG_SHA384
ifneq ($(CONFIG_TLS), openssl)
@ -964,6 +969,10 @@ L_CFLAGS += -DCONFIG_INTERNAL_SHA512
OBJS += src/crypto/sha512-internal.c
endif
ifdef NEED_ASN1
OBJS += src/tls/asn1.c
endif
ifdef NEED_DH_GROUPS
OBJS += src/crypto/dh_groups.c
endif
@ -1022,9 +1031,7 @@ OBJS += src/ap/hw_features.c
OBJS += src/ap/dfs.c
L_CFLAGS += -DNEED_AP_MLME
endif
ifdef CONFIG_IEEE80211N
OBJS += src/ap/ieee802_11_ht.c
endif
ifdef CONFIG_IEEE80211AC
OBJS += src/ap/ieee802_11_vht.c

47
hostapd/ChangeLog
View File

@ -1,5 +1,48 @@
ChangeLog for hostapd
2022-01-16 - v2.10
* SAE changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
- added option send SAE Confirm immediately (sae_config_immediate=1)
after SAE Commit
- added support for the hash-to-element mechanism (sae_pwe=1 or
sae_pwe=2)
- fixed PMKSA caching with OKC
- added support for SAE-PK
* EAP-pwd changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
* fixed WPS UPnP SUBSCRIBE handling of invalid operations
[https://w1.fi/security/2020-1/]
* fixed PMF disconnection protection bypass
[https://w1.fi/security/2019-7/]
* added support for using OpenSSL 3.0
* fixed various issues in experimental support for EAP-TEAP server
* added configuration (max_auth_rounds, max_auth_rounds_short) to
increase the maximum number of EAP message exchanges (mainly to
support cases with very large certificates) for the EAP server
* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
* extended HE (IEEE 802.11ax) support, including 6 GHz support
* removed obsolete IAPP functionality
* fixed EAP-FAST server with TLS GCM/CCM ciphers
* dropped support for libnl 1.1
* added support for nl80211 control port for EAPOL frame TX/RX
* fixed OWE key derivation with groups 20 and 21; this breaks backwards
compatibility for these groups while the default group 19 remains
backwards compatible; owe_ptk_workaround=1 can be used to enabled a
a workaround for the group 20/21 backwards compatibility
* added support for Beacon protection
* added support for Extended Key ID for pairwise keys
* removed WEP support from the default build (CONFIG_WEP=y can be used
to enable it, if really needed)
* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
* added support for Transition Disable mechanism to allow the AP to
automatically disable transition mode to improve security
* added support for PASN
* added EAP-TLS server support for TLS 1.3 (disabled by default for now)
* a large number of other fixes, cleanup, and extensions
2019-08-07 - v2.9
* SAE changes
- disable use of groups using Brainpool curves
@ -362,7 +405,7 @@ ChangeLog for hostapd
* RADIUS server functionality
- add minimal RADIUS accounting server support (hostapd-as-server);
this is mainly to enable testing coverage with hwsim scripts
- allow authentication log to be written into SQLite databse
- allow authentication log to be written into SQLite database
- added option for TLS protocol testing of an EAP peer by simulating
various misbehaviors/known attacks
- MAC ACL support for testing purposes
@ -668,7 +711,7 @@ ChangeLog for hostapd
* fixed HT Capabilities IE with nl80211 drivers
* moved generic AP functionality code into src/ap
* WPS: handle Selected Registrar as union of info from all Registrars
* remove obsolte Prism54.org driver wrapper
* remove obsolete Prism54.org driver wrapper
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* EAP-FAST server: piggyback Phase 2 start with the end of Phase 1

200
hostapd/Makefile
View File

@ -1,10 +1,7 @@
ifndef CC
CC=gcc
endif
ALL=hostapd hostapd_cli
CONFIG_FILE = .config
ifndef CFLAGS
CFLAGS = -MMD -O2 -Wall -g
endif
include ../src/build.rules
ifdef LIBS
# If LIBS is set with some global build system defaults, clone those for
@ -19,6 +16,9 @@ endif
ifndef LIBS_n
LIBS_n := $(LIBS)
endif
ifndef LIBS_s
LIBS_s := $(LIBS)
endif
endif
CFLAGS += $(EXTRA_CFLAGS)
@ -27,8 +27,6 @@ CFLAGS += -I$(abspath ../src/utils)
export BINDIR ?= /usr/local/bin/
-include .config
ifndef CONFIG_NO_GITVER
# Add VERSION_STR postfix for builds from a git repository
ifeq ($(wildcard ../.git),../.git)
@ -121,6 +119,8 @@ CFLAGS += -DPACKAGE="hostapd" -DWPA_TRACE_BFD
LIBS += -lbfd -ldl -liberty -lz
LIBS_c += -lbfd -ldl -liberty -lz
LIBS_h += -lbfd -ldl -liberty -lz
LIBS_n += -lbfd -ldl -liberty -lz
LIBS_s += -lbfd -ldl -liberty -lz
endif
endif
@ -157,6 +157,7 @@ OBJS_c += ../src/utils/wpa_debug.o
OBJS += ../src/utils/wpabuf.o
OBJS += ../src/utils/os_$(CONFIG_OS).o
OBJS += ../src/utils/ip_addr.o
OBJS += ../src/utils/crc32.o
OBJS += ../src/common/ieee802_11_common.o
OBJS += ../src/common/wpa_common.o
@ -248,18 +249,12 @@ ifndef CONFIG_NO_CTRL_IFACE
CFLAGS += -DCONFIG_CTRL_IFACE
endif
ifdef CONFIG_IAPP
CFLAGS += -DCONFIG_IAPP
OBJS += ../src/ap/iapp.o
endif
ifdef CONFIG_RSN_PREAUTH
CFLAGS += -DCONFIG_RSN_PREAUTH
CONFIG_L2_PACKET=y
endif
ifdef CONFIG_HS20
NEED_AES_OMAC1=y
CONFIG_PROXYARP=y
endif
@ -269,8 +264,6 @@ endif
ifdef CONFIG_SUITEB
CFLAGS += -DCONFIG_SUITEB
NEED_SHA256=y
NEED_AES_OMAC1=y
endif
ifdef CONFIG_SUITEB192
@ -281,24 +274,14 @@ endif
ifdef CONFIG_OCV
CFLAGS += -DCONFIG_OCV
OBJS += ../src/common/ocv.o
CONFIG_IEEE80211W=y
endif
ifdef CONFIG_IEEE80211W
CFLAGS += -DCONFIG_IEEE80211W
NEED_SHA256=y
NEED_AES_OMAC1=y
endif
ifdef CONFIG_IEEE80211R
CFLAGS += -DCONFIG_IEEE80211R -DCONFIG_IEEE80211R_AP
OBJS += ../src/ap/wpa_auth_ft.o
NEED_SHA256=y
NEED_AES_OMAC1=y
NEED_AES_UNWRAP=y
NEED_AES_SIV=y
NEED_ETH_P_OUI=y
NEED_SHA256=y
NEED_HMAC_SHA256_KDF=y
endif
@ -310,8 +293,13 @@ endif
ifdef CONFIG_SAE
CFLAGS += -DCONFIG_SAE
OBJS += ../src/common/sae.o
ifdef CONFIG_SAE_PK
CFLAGS += -DCONFIG_SAE_PK
OBJS += ../src/common/sae_pk.o
endif
NEED_ECC=y
NEED_DH_GROUPS=y
NEED_HMAC_SHA256_KDF=y
NEED_AP_MLME=y
NEED_DRAGONFLY=y
endif
@ -322,7 +310,6 @@ NEED_ECC=y
NEED_HMAC_SHA256_KDF=y
NEED_HMAC_SHA384_KDF=y
NEED_HMAC_SHA512_KDF=y
NEED_SHA256=y
NEED_SHA384=y
NEED_SHA512=y
endif
@ -348,10 +335,6 @@ CFLAGS += -DCONFIG_WNM -DCONFIG_WNM_AP
OBJS += ../src/ap/wnm_ap.o
endif
ifdef CONFIG_IEEE80211N
CFLAGS += -DCONFIG_IEEE80211N
endif
ifdef CONFIG_IEEE80211AC
CFLAGS += -DCONFIG_IEEE80211AC
endif
@ -391,7 +374,6 @@ endif
ifdef CONFIG_ERP
CFLAGS += -DCONFIG_ERP
NEED_SHA256=y
NEED_HMAC_SHA256_KDF=y
endif
@ -452,7 +434,6 @@ ifdef CONFIG_EAP_AKA
CFLAGS += -DEAP_SERVER_AKA
OBJS += ../src/eap_server/eap_server_aka.o
CONFIG_EAP_SIM_COMMON=y
NEED_SHA256=y
NEED_AES_CBC=y
endif
@ -463,7 +444,7 @@ endif
ifdef CONFIG_EAP_SIM_COMMON
OBJS += ../src/eap_common/eap_sim_common.o
# Example EAP-SIM/AKA interface for GSM/UMTS authentication. This can be
# replaced with another file implementating the interface specified in
# replaced with another file implementing the interface specified in
# eap_sim_db.h.
OBJS += ../src/eap_server/eap_sim_db.o
NEED_FIPS186_2_PRF=y
@ -477,7 +458,6 @@ endif
ifdef CONFIG_EAP_PSK
CFLAGS += -DEAP_SERVER_PSK
OBJS += ../src/eap_server/eap_server_psk.o ../src/eap_common/eap_psk_common.o
NEED_AES_OMAC1=y
NEED_AES_ENCBLOCK=y
NEED_AES_EAX=y
endif
@ -493,14 +473,11 @@ OBJS += ../src/eap_server/eap_server_gpsk.o ../src/eap_common/eap_gpsk_common.o
ifdef CONFIG_EAP_GPSK_SHA256
CFLAGS += -DEAP_GPSK_SHA256
endif
NEED_SHA256=y
NEED_AES_OMAC1=y
endif
ifdef CONFIG_EAP_PWD
CFLAGS += -DEAP_SERVER_PWD
OBJS += ../src/eap_server/eap_server_pwd.o ../src/eap_common/eap_pwd_common.o
NEED_SHA256=y
NEED_ECC=y
NEED_DRAGONFLY=y
endif
@ -533,6 +510,8 @@ OBJS += ../src/eap_common/eap_teap_common.o
TLS_FUNCS=y
NEED_T_PRF=y
NEED_SHA384=y
NEED_TLS_PRF_SHA256=y
NEED_TLS_PRF_SHA384=y
NEED_AES_UNWRAP=y
endif
@ -550,7 +529,6 @@ OBJS += ../src/wps/wps_dev_attr.o
OBJS += ../src/wps/wps_enrollee.o
OBJS += ../src/wps/wps_registrar.o
NEED_DH_GROUPS=y
NEED_SHA256=y
NEED_BASE64=y
NEED_AES_CBC=y
NEED_MODEXP=y
@ -593,21 +571,41 @@ endif
ifdef CONFIG_DPP
CFLAGS += -DCONFIG_DPP
OBJS += ../src/common/dpp.o
OBJS += ../src/common/dpp_auth.o
OBJS += ../src/common/dpp_backup.o
OBJS += ../src/common/dpp_crypto.o
OBJS += ../src/common/dpp_pkex.o
OBJS += ../src/common/dpp_reconfig.o
OBJS += ../src/common/dpp_tcp.o
OBJS += ../src/ap/dpp_hostapd.o
OBJS += ../src/ap/gas_query_ap.o
NEED_AES_SIV=y
NEED_HMAC_SHA256_KDF=y
NEED_HMAC_SHA384_KDF=y
NEED_HMAC_SHA512_KDF=y
NEED_SHA256=y
NEED_SHA384=y
NEED_SHA512=y
NEED_ECC=y
NEED_JSON=y
NEED_GAS=y
NEED_BASE64=y
NEED_ASN1=y
ifdef CONFIG_DPP2
CFLAGS += -DCONFIG_DPP2
endif
ifdef CONFIG_DPP3
CFLAGS += -DCONFIG_DPP3
endif
endif
ifdef CONFIG_PASN
CFLAGS += -DCONFIG_PASN
CFLAGS += -DCONFIG_PTKSA_CACHE
NEED_HMAC_SHA256_KDF=y
NEED_HMAC_SHA384_KDF=y
NEED_SHA256=y
NEED_SHA384=y
OBJS += ../src/common/ptksa_cache.o
endif
ifdef CONFIG_EAP_IKEV2
@ -687,7 +685,6 @@ endif
ifdef CONFIG_TLSV12
CFLAGS += -DCONFIG_TLSV12
NEED_SHA256=y
endif
ifeq ($(CONFIG_TLS), wolfssl)
@ -701,7 +698,6 @@ HOBJS += ../src/crypto/crypto_wolfssl.o
ifdef NEED_FIPS186_2_PRF
OBJS += ../src/crypto/fips_prf_wolfssl.o
endif
NEED_SHA256=y
NEED_TLS_PRF_SHA256=y
LIBS += -lwolfssl -lm
LIBS_h += -lwolfssl -lm
@ -720,17 +716,19 @@ LIBS += -lssl
endif
OBJS += ../src/crypto/crypto_openssl.o
HOBJS += ../src/crypto/crypto_openssl.o
SOBJS += ../src/crypto/crypto_openssl.o
ifdef NEED_FIPS186_2_PRF
OBJS += ../src/crypto/fips_prf_openssl.o
endif
NEED_SHA256=y
NEED_TLS_PRF_SHA256=y
LIBS += -lcrypto
LIBS_h += -lcrypto
LIBS_n += -lcrypto
LIBS_s += -lcrypto
ifdef CONFIG_TLS_ADD_DL
LIBS += -ldl
LIBS_h += -ldl
LIBS_s += -ldl
endif
ifndef CONFIG_TLS_DEFAULT_CIPHERS
CONFIG_TLS_DEFAULT_CIPHERS = "DEFAULT:!EXP:!LOW"
@ -781,13 +779,12 @@ OBJS += ../src/tls/tlsv1_cred.o
OBJS += ../src/tls/tlsv1_server.o
OBJS += ../src/tls/tlsv1_server_write.o
OBJS += ../src/tls/tlsv1_server_read.o
OBJS += ../src/tls/asn1.o
OBJS += ../src/tls/rsa.o
OBJS += ../src/tls/x509v3.o
OBJS += ../src/tls/pkcs1.o
OBJS += ../src/tls/pkcs5.o
OBJS += ../src/tls/pkcs8.o
NEED_SHA256=y
NEED_ASN1=y
NEED_BASE64=y
NEED_TLS_PRF=y
ifdef CONFIG_TLSV12
@ -858,13 +855,12 @@ OBJS += ../src/tls/tlsv1_cred.o
OBJS += ../src/tls/tlsv1_server.o
OBJS += ../src/tls/tlsv1_server_write.o
OBJS += ../src/tls/tlsv1_server_read.o
OBJS += ../src/tls/asn1.o
OBJS += ../src/tls/rsa.o
OBJS += ../src/tls/x509v3.o
OBJS += ../src/tls/pkcs1.o
OBJS += ../src/tls/pkcs5.o
OBJS += ../src/tls/pkcs8.o
NEED_SHA256=y
NEED_ASN1=y
NEED_BASE64=y
NEED_TLS_PRF=y
ifdef CONFIG_TLSV12
@ -925,12 +921,10 @@ endif
ifdef NEED_AES_EAX
AESOBJS += ../src/crypto/aes-eax.o
NEED_AES_CTR=y
NEED_AES_OMAC1=y
endif
ifdef NEED_AES_SIV
AESOBJS += ../src/crypto/aes-siv.o
NEED_AES_CTR=y
NEED_AES_OMAC1=y
endif
ifdef NEED_AES_CTR
AESOBJS += ../src/crypto/aes-ctr.o
@ -938,13 +932,11 @@ endif
ifdef NEED_AES_ENCBLOCK
AESOBJS += ../src/crypto/aes-encblock.o
endif
ifdef NEED_AES_OMAC1
ifneq ($(CONFIG_TLS), linux)
ifneq ($(CONFIG_TLS), wolfssl)
AESOBJS += ../src/crypto/aes-omac1.o
endif
endif
endif
ifdef NEED_AES_UNWRAP
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), linux)
@ -1050,7 +1042,6 @@ endif
endif
endif
ifdef NEED_SHA256
CFLAGS += -DCONFIG_SHA256
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), linux)
@ -1068,6 +1059,9 @@ endif
ifdef NEED_TLS_PRF_SHA256
OBJS += ../src/crypto/sha256-tlsprf.o
endif
ifdef NEED_TLS_PRF_SHA384
OBJS += ../src/crypto/sha384-tlsprf.o
endif
ifdef NEED_HMAC_SHA256_KDF
OBJS += ../src/crypto/sha256-kdf.o
endif
@ -1077,7 +1071,6 @@ endif
ifdef NEED_HMAC_SHA512_KDF
OBJS += ../src/crypto/sha512-kdf.o
endif
endif
ifdef NEED_SHA384
CFLAGS += -DCONFIG_SHA384
ifneq ($(CONFIG_TLS), openssl)
@ -1115,6 +1108,10 @@ CFLAGS += -DCONFIG_INTERNAL_SHA512
OBJS += ../src/crypto/sha512-internal.o
endif
ifdef NEED_ASN1
OBJS += ../src/tls/asn1.o
endif
ifdef NEED_DH_GROUPS
OBJS += ../src/crypto/dh_groups.o
endif
@ -1180,9 +1177,7 @@ OBJS += ../src/ap/hw_features.o
OBJS += ../src/ap/dfs.o
CFLAGS += -DNEED_AP_MLME
endif
ifdef CONFIG_IEEE80211N
OBJS += ../src/ap/ieee802_11_ht.o
endif
ifdef CONFIG_IEEE80211AC
OBJS += ../src/ap/ieee802_11_vht.o
@ -1269,60 +1264,33 @@ OBJS += ../src/fst/fst_ctrl_iface.o
endif
endif
ALL=hostapd hostapd_cli
all: verify_config $(ALL)
Q=@
E=echo
ifeq ($(V), 1)
Q=
E=true
endif
ifeq ($(QUIET), 1)
Q=@
E=true
ifdef CONFIG_WEP
CFLAGS += -DCONFIG_WEP
endif
ifdef CONFIG_CODE_COVERAGE
%.o: %.c
@$(E) " CC " $<
$(Q)cd $(dir $@); $(CC) -c -o $(notdir $@) $(CFLAGS) $(notdir $<)
else
%.o: %.c
$(Q)$(CC) -c -o $@ $(CFLAGS) $<
@$(E) " CC " $<
ifdef CONFIG_NO_TKIP
CFLAGS += -DCONFIG_NO_TKIP
endif
verify_config:
@if [ ! -r .config ]; then \
echo 'Building hostapd requires a configuration file'; \
echo '(.config). See README for more instructions. You can'; \
echo 'run "cp defconfig .config" to create an example'; \
echo 'configuration.'; \
exit 1; \
fi
$(DESTDIR)$(BINDIR)/%: %
install -D $(<) $(@)
install: $(addprefix $(DESTDIR)$(BINDIR)/,$(ALL))
../src/drivers/build.hostapd:
@if [ -f ../src/drivers/build.wpa_supplicant ]; then \
$(MAKE) -C ../src/drivers clean; \
fi
@touch ../src/drivers/build.hostapd
_OBJS_VAR := OBJS
include ../src/objs.mk
BCHECK=../src/drivers/build.hostapd
hostapd: $(BCHECK) $(OBJS)
hostapd: $(OBJS)
$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
@$(E) " LD " $@
ifdef CONFIG_WPA_TRACE
OBJS_c += ../src/utils/trace.o
endif
_OBJS_VAR := OBJS_c
include ../src/objs.mk
hostapd_cli: $(OBJS_c)
$(Q)$(CC) $(LDFLAGS) -o hostapd_cli $(OBJS_c) $(LIBS_c)
@$(E) " LD " $@
@ -1345,7 +1313,6 @@ NOBJS += ../src/utils/wpa_debug.o
NOBJS += ../src/utils/wpabuf.o
ifdef CONFIG_WPA_TRACE
NOBJS += ../src/utils/trace.o
LIBS_n += -lbfd
endif
HOBJS += hlr_auc_gw.o ../src/utils/common.o ../src/utils/wpa_debug.o ../src/utils/os_$(CONFIG_OS).o ../src/utils/wpabuf.o ../src/crypto/milenage.o
@ -1358,6 +1325,35 @@ ifeq ($(CONFIG_TLS), linux)
HOBJS += ../src/crypto/crypto_linux.o
endif
SOBJS += sae_pk_gen.o
SOBJS += ../src/utils/common.o
SOBJS += ../src/utils/os_$(CONFIG_OS).o
SOBJS += ../src/utils/base64.o
SOBJS += ../src/utils/wpa_debug.o
SOBJS += ../src/utils/wpabuf.o
ifdef CONFIG_WPA_TRACE
SOBJS += ../src/utils/trace.o
endif
SOBJS += ../src/common/ieee802_11_common.o
SOBJS += ../src/common/sae.o
SOBJS += ../src/common/sae_pk.o
SOBJS += ../src/common/dragonfly.o
SOBJS += $(AESOBJS)
SOBJS += ../src/crypto/sha256-prf.o
SOBJS += ../src/crypto/sha384-prf.o
SOBJS += ../src/crypto/sha512-prf.o
SOBJS += ../src/crypto/dh_groups.o
SOBJS += ../src/crypto/sha256-kdf.o
SOBJS += ../src/crypto/sha384-kdf.o
SOBJS += ../src/crypto/sha512-kdf.o
_OBJS_VAR := NOBJS
include ../src/objs.mk
_OBJS_VAR := HOBJS
include ../src/objs.mk
_OBJS_VAR := SOBJS
include ../src/objs.mk
nt_password_hash: $(NOBJS)
$(Q)$(CC) $(LDFLAGS) -o nt_password_hash $(NOBJS) $(LIBS_n)
@$(E) " LD " $@
@ -1366,15 +1362,17 @@ hlr_auc_gw: $(HOBJS)
$(Q)$(CC) $(LDFLAGS) -o hlr_auc_gw $(HOBJS) $(LIBS_h)
@$(E) " LD " $@
sae_pk_gen: $(SOBJS)
$(Q)$(CC) $(LDFLAGS) -o sae_pk_gen $(SOBJS) $(LIBS_s)
@$(E) " LD " $@
.PHONY: lcov-html
lcov-html:
lcov -c -d .. > lcov.info
lcov -c -d $(BUILDDIR) > lcov.info
genhtml lcov.info --output-directory lcov-html
clean:
$(MAKE) -C ../src clean
rm -f core *~ *.o hostapd hostapd_cli nt_password_hash hlr_auc_gw
rm -f *.d *.gcno *.gcda *.gcov
clean: common-clean
rm -f core *~ nt_password_hash hlr_auc_gw
rm -f sae_pk_gen
rm -f lcov.info
rm -rf lcov-html
-include $(OBJS:%.o=%.d)

2
hostapd/README
View File

@ -2,7 +2,7 @@ hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP
Authenticator and RADIUS authentication server
================================================================
Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi> and contributors
Copyright (c) 2002-2022, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved.
This program is licensed under the BSD license (the one with

25
hostapd/android.config
View File

@ -28,6 +28,9 @@ CONFIG_LIBNL20=y
# QCA vendor extensions to nl80211
CONFIG_DRIVER_NL80211_QCA=y
# Broadcom vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_BRCM=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
@ -38,18 +41,9 @@ CONFIG_DRIVER_NL80211_QCA=y
# Driver interface for no driver (e.g., RADIUS server only)
#CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
#CONFIG_IAPP=y
# WPA2/IEEE 802.11i RSN pre-authentication
#CONFIG_RSN_PREAUTH=y
# IEEE 802.11w (management frame protection)
# This version is an experimental implementation based on IEEE 802.11w/D1.0
# draft and is subject to change since the standard has not yet been finalized.
# Driver support is also needed for IEEE 802.11w.
CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
@ -134,9 +128,6 @@ CONFIG_IPV6=y
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
CONFIG_IEEE80211N=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
# code is not needed.
@ -196,7 +187,7 @@ CONFIG_AP=y
#CONFIG_FST=y
# Multiband Operation support
# These extentions facilitate efficient use of multiple frequency bands
# These extensions facilitate efficient use of multiple frequency bands
# available to the AP and the devices that may associate with it.
#CONFIG_MBO=y
@ -213,3 +204,11 @@ CONFIG_WPA_CLI_EDIT=y
# /dev/urandom earlier in boot' seeds /dev/urandom with that entropy before
# either wpa_supplicant or hostapd are run.
CONFIG_NO_RANDOM_POOL=y
# Wired equivalent privacy (WEP)
# WEP is an obsolete cryptographic data confidentiality algorithm that is not
# considered secure. It should not be used for anything anymore. The
# functionality needed to use WEP is available in the current hostapd
# release under this optional build parameter. This functionality is subject to
# be completely removed in a future release.
CONFIG_WEP=y

488
hostapd/config_file.c
View File

@ -13,7 +13,9 @@
#include "utils/common.h"
#include "utils/uuid.h"
#include "utils/crc32.h"
#include "common/ieee802_11_defs.h"
#include "common/sae.h"
#include "crypto/sha256.h"
#include "crypto/tls.h"
#include "drivers/driver.h"
@ -340,7 +342,7 @@ static int hostapd_config_read_eap_user(const char *fname,
struct hostapd_radius_attr *attr, *a;
attr = hostapd_parse_radius_attr(buf + 19);
if (attr == NULL) {
wpa_printf(MSG_ERROR, "Invalid radius_auth_req_attr: %s",
wpa_printf(MSG_ERROR, "Invalid radius_accept_attr: %s",
buf + 19);
user = NULL; /* already in the BSS list */
goto failed;
@ -711,12 +713,10 @@ static int hostapd_config_parse_key_mgmt(int line, const char *value)
val |= WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
#endif /* CONFIG_SHA384 */
#endif /* CONFIG_IEEE80211R_AP */
#ifdef CONFIG_IEEE80211W
else if (os_strcmp(start, "WPA-PSK-SHA256") == 0)
val |= WPA_KEY_MGMT_PSK_SHA256;
else if (os_strcmp(start, "WPA-EAP-SHA256") == 0)
val |= WPA_KEY_MGMT_IEEE8021X_SHA256;
#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_SAE
else if (os_strcmp(start, "SAE") == 0)
val |= WPA_KEY_MGMT_SAE;
@ -755,6 +755,10 @@ static int hostapd_config_parse_key_mgmt(int line, const char *value)
else if (os_strcmp(start, "OSEN") == 0)
val |= WPA_KEY_MGMT_OSEN;
#endif /* CONFIG_HS20 */
#ifdef CONFIG_PASN
else if (os_strcmp(start, "PASN") == 0)
val |= WPA_KEY_MGMT_PASN;
#endif /* CONFIG_PASN */
else {
wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'",
line, start);
@ -795,6 +799,7 @@ static int hostapd_config_parse_cipher(int line, const char *value)
}
#ifdef CONFIG_WEP
static int hostapd_config_read_wep(struct hostapd_wep_keys *wep, int keyidx,
char *val)
{
@ -845,6 +850,7 @@ static int hostapd_config_read_wep(struct hostapd_wep_keys *wep, int keyidx,
return 0;
}
#endif /* CONFIG_WEP */
static int hostapd_parse_chanlist(struct hostapd_config *conf, char *val)
@ -942,104 +948,6 @@ static int hostapd_config_bss(struct hostapd_config *conf, const char *ifname)
}
/* convert floats with one decimal place to value*10 int, i.e.,
* "1.5" will return 15 */
static int hostapd_config_read_int10(const char *value)
{
int i, d;
char *pos;
i = atoi(value);
pos = os_strchr(value, '.');
d = 0;
if (pos) {
pos++;
if (*pos >= '0' && *pos <= '9')
d = *pos - '0';
}
return i * 10 + d;
}
static int valid_cw(int cw)
{
return (cw == 1 || cw == 3 || cw == 7 || cw == 15 || cw == 31 ||
cw == 63 || cw == 127 || cw == 255 || cw == 511 || cw == 1023 ||
cw == 2047 || cw == 4095 || cw == 8191 || cw == 16383 ||
cw == 32767);
}
enum {
IEEE80211_TX_QUEUE_DATA0 = 0, /* used for EDCA AC_VO data */
IEEE80211_TX_QUEUE_DATA1 = 1, /* used for EDCA AC_VI data */
IEEE80211_TX_QUEUE_DATA2 = 2, /* used for EDCA AC_BE data */
IEEE80211_TX_QUEUE_DATA3 = 3 /* used for EDCA AC_BK data */
};
static int hostapd_config_tx_queue(struct hostapd_config *conf,
const char *name, const char *val)
{
int num;
const char *pos;
struct hostapd_tx_queue_params *queue;
/* skip 'tx_queue_' prefix */
pos = name + 9;
if (os_strncmp(pos, "data", 4) == 0 &&
pos[4] >= '0' && pos[4] <= '9' && pos[5] == '_') {
num = pos[4] - '0';
pos += 6;
} else if (os_strncmp(pos, "after_beacon_", 13) == 0 ||
os_strncmp(pos, "beacon_", 7) == 0) {
wpa_printf(MSG_INFO, "DEPRECATED: '%s' not used", name);
return 0;
} else {
wpa_printf(MSG_ERROR, "Unknown tx_queue name '%s'", pos);
return -1;
}
if (num >= NUM_TX_QUEUES) {
/* for backwards compatibility, do not trigger failure */
wpa_printf(MSG_INFO, "DEPRECATED: '%s' not used", name);
return 0;
}
queue = &conf->tx_queue[num];
if (os_strcmp(pos, "aifs") == 0) {
queue->aifs = atoi(val);
if (queue->aifs < 0 || queue->aifs > 255) {
wpa_printf(MSG_ERROR, "Invalid AIFS value %d",
queue->aifs);
return -1;
}
} else if (os_strcmp(pos, "cwmin") == 0) {
queue->cwmin = atoi(val);
if (!valid_cw(queue->cwmin)) {
wpa_printf(MSG_ERROR, "Invalid cwMin value %d",
queue->cwmin);
return -1;
}
} else if (os_strcmp(pos, "cwmax") == 0) {
queue->cwmax = atoi(val);
if (!valid_cw(queue->cwmax)) {
wpa_printf(MSG_ERROR, "Invalid cwMax value %d",
queue->cwmax);
return -1;
}
} else if (os_strcmp(pos, "burst") == 0) {
queue->burst = hostapd_config_read_int10(val);
} else {
wpa_printf(MSG_ERROR, "Unknown tx_queue field '%s'", pos);
return -1;
}
return 0;
}
#ifdef CONFIG_IEEE80211R_AP
static int rkh_derive_key(const char *pos, u8 *key, size_t key_len)
@ -1153,7 +1061,6 @@ static int add_r1kh(struct hostapd_bss_config *bss, char *value)
#endif /* CONFIG_IEEE80211R_AP */
#ifdef CONFIG_IEEE80211N
static int hostapd_config_ht_capab(struct hostapd_config *conf,
const char *capab)
{
@ -1173,14 +1080,6 @@ static int hostapd_config_ht_capab(struct hostapd_config *conf,
}
if (!os_strstr(capab, "[HT40+]") && !os_strstr(capab, "[HT40-]"))
conf->secondary_channel = 0;
if (os_strstr(capab, "[SMPS-STATIC]")) {
conf->ht_capab &= ~HT_CAP_INFO_SMPS_MASK;
conf->ht_capab |= HT_CAP_INFO_SMPS_STATIC;
}
if (os_strstr(capab, "[SMPS-DYNAMIC]")) {
conf->ht_capab &= ~HT_CAP_INFO_SMPS_MASK;
conf->ht_capab |= HT_CAP_INFO_SMPS_DYNAMIC;
}
if (os_strstr(capab, "[GF]"))
conf->ht_capab |= HT_CAP_INFO_GREEN_FIELD;
if (os_strstr(capab, "[SHORT-GI-20]"))
@ -1214,7 +1113,6 @@ static int hostapd_config_ht_capab(struct hostapd_config *conf,
return 0;
}
#endif /* CONFIG_IEEE80211N */
#ifdef CONFIG_IEEE80211AC
@ -1323,6 +1221,32 @@ static u8 set_he_cap(int val, u8 mask)
return (u8) (mask & (val << find_bit_offset(mask)));
}
static int hostapd_parse_he_srg_bitmap(u8 *bitmap, char *val)
{
int bitpos;
char *pos, *end;
os_memset(bitmap, 0, 8);
pos = val;
while (*pos != '\0') {
end = os_strchr(pos, ' ');
if (end)
*end = '\0';
bitpos = atoi(pos);
if (bitpos < 0 || bitpos > 64)
return -1;
bitmap[bitpos / 8] |= BIT(bitpos % 8);
if (!end)
break;
pos = end + 1;
}
return 0;
}
#endif /* CONFIG_IEEE80211AX */
@ -2300,6 +2224,35 @@ static int parse_sae_password(struct hostapd_bss_config *bss, const char *val)
pw->vlan_id = atoi(pos2);
}
#ifdef CONFIG_SAE_PK
pos2 = os_strstr(pos, "|pk=");
if (pos2) {
const char *epos;
char *tmp;
if (!end)
end = pos2;
pos2 += 4;
epos = os_strchr(pos2, '|');
if (epos) {
tmp = os_malloc(epos - pos2 + 1);
if (!tmp)
goto fail;
os_memcpy(tmp, pos2, epos - pos2);
tmp[epos - pos2] = '\0';
} else {
tmp = os_strdup(pos2);
if (!tmp)
goto fail;
}
pw->pk = sae_parse_pk(tmp);
str_clear_free(tmp);
if (!pw->pk)
goto fail;
}
#endif /* CONFIG_SAE_PK */
pos2 = os_strstr(pos, "|id=");
if (pos2) {
if (!end)
@ -2322,6 +2275,18 @@ static int parse_sae_password(struct hostapd_bss_config *bss, const char *val)
pw->password[end - val] = '\0';
}
#ifdef CONFIG_SAE_PK
if (pw->pk &&
#ifdef CONFIG_TESTING_OPTIONS
!bss->sae_pk_password_check_skip &&
#endif /* CONFIG_TESTING_OPTIONS */
!sae_pk_valid_password(pw->password)) {
wpa_printf(MSG_INFO,
"Invalid SAE password for a SAE-PK sae_password entry");
goto fail;
}
#endif /* CONFIG_SAE_PK */
pw->next = bss->sae_passwords;
bss->sae_passwords = pw;
@ -2329,6 +2294,9 @@ static int parse_sae_password(struct hostapd_bss_config *bss, const char *val)
fail:
str_clear_free(pw->password);
os_free(pw->identifier);
#ifdef CONFIG_SAE_PK
sae_deinit_pk(pw->pk);
#endif /* CONFIG_SAE_PK */
os_free(pw);
return -1;
}
@ -2365,6 +2333,22 @@ fail:
#endif /* CONFIG_DPP2 */
static int get_hex_config(u8 *buf, size_t max_len, int line,
const char *field, const char *val)
{
size_t hlen = os_strlen(val), len = hlen / 2;
u8 tmp[EXT_CAPA_MAX_LEN];
os_memset(tmp, 0, EXT_CAPA_MAX_LEN);
if (hlen & 1 || len > EXT_CAPA_MAX_LEN || hexstr2bin(val, tmp, len)) {
wpa_printf(MSG_ERROR, "Line %d: Invalid %s", line, field);
return -1;
}
os_memcpy(buf, tmp, EXT_CAPA_MAX_LEN);
return 0;
}
static int hostapd_config_fill(struct hostapd_config *conf,
struct hostapd_bss_config *bss,
const char *buf, char *pos, int line)
@ -2413,16 +2397,19 @@ static int hostapd_config_fill(struct hostapd_config *conf,
wpa_printf(MSG_INFO, "Line %d: DEPRECATED: 'dump_file' configuration variable is not used anymore",
line);
} else if (os_strcmp(buf, "ssid") == 0) {
bss->ssid.ssid_len = os_strlen(pos);
if (bss->ssid.ssid_len > SSID_MAX_LEN ||
bss->ssid.ssid_len < 1) {
struct hostapd_ssid *ssid = &bss->ssid;
ssid->ssid_len = os_strlen(pos);
if (ssid->ssid_len > SSID_MAX_LEN || ssid->ssid_len < 1) {
wpa_printf(MSG_ERROR, "Line %d: invalid SSID '%s'",
line, pos);
return 1;
}
os_memcpy(bss->ssid.ssid, pos, bss->ssid.ssid_len);
bss->ssid.ssid_set = 1;
os_memcpy(ssid->ssid, pos, ssid->ssid_len);
ssid->ssid_set = 1;
ssid->short_ssid = crc32(ssid->ssid, ssid->ssid_len);
} else if (os_strcmp(buf, "ssid2") == 0) {
struct hostapd_ssid *ssid = &bss->ssid;
size_t slen;
char *str = wpa_config_parse_string(pos, &slen);
if (str == NULL || slen < 1 || slen > SSID_MAX_LEN) {
@ -2431,9 +2418,10 @@ static int hostapd_config_fill(struct hostapd_config *conf,
os_free(str);
return 1;
}
os_memcpy(bss->ssid.ssid, str, slen);
bss->ssid.ssid_len = slen;
bss->ssid.ssid_set = 1;
os_memcpy(ssid->ssid, str, slen);
ssid->ssid_len = slen;
ssid->ssid_set = 1;
ssid->short_ssid = crc32(ssid->ssid, ssid->ssid_len);
os_free(str);
} else if (os_strcmp(buf, "utf8_ssid") == 0) {
bss->ssid.utf8_ssid = atoi(pos) > 0;
@ -2473,6 +2461,13 @@ static int hostapd_config_fill(struct hostapd_config *conf,
} else if (os_strcmp(buf, "skip_inactivity_poll") == 0) {
bss->skip_inactivity_poll = atoi(pos);
} else if (os_strcmp(buf, "country_code") == 0) {
if (pos[0] < 'A' || pos[0] > 'Z' ||
pos[1] < 'A' || pos[1] > 'Z') {
wpa_printf(MSG_ERROR,
"Line %d: Invalid country_code '%s'",
line, pos);
return 1;
}
os_memcpy(conf->country, pos, 2);
} else if (os_strcmp(buf, "country3") == 0) {
conf->country[2] = strtol(pos, NULL, 16);
@ -2484,12 +2479,13 @@ static int hostapd_config_fill(struct hostapd_config *conf,
bss->ieee802_1x = atoi(pos);
} else if (os_strcmp(buf, "eapol_version") == 0) {
int eapol_version = atoi(pos);
#ifdef CONFIG_MACSEC
if (eapol_version < 1 || eapol_version > 3) {
int max_ver = 3;
#else /* CONFIG_MACSEC */
if (eapol_version < 1 || eapol_version > 2) {
int max_ver = 2;
#endif /* CONFIG_MACSEC */
if (eapol_version < 1 || eapol_version > max_ver) {
wpa_printf(MSG_ERROR,
"Line %d: invalid EAPOL version (%d): '%s'.",
line, eapol_version, pos);
@ -2547,6 +2543,10 @@ static int hostapd_config_fill(struct hostapd_config *conf,
bss->tls_session_lifetime = atoi(pos);
} else if (os_strcmp(buf, "tls_flags") == 0) {
bss->tls_flags = parse_tls_flags(pos);
} else if (os_strcmp(buf, "max_auth_rounds") == 0) {
bss->max_auth_rounds = atoi(pos);
} else if (os_strcmp(buf, "max_auth_rounds_short") == 0) {
bss->max_auth_rounds_short = atoi(pos);
} else if (os_strcmp(buf, "ocsp_stapling_response") == 0) {
os_free(bss->ocsp_stapling_response);
bss->ocsp_stapling_response = os_strdup(pos);
@ -2611,7 +2611,7 @@ static int hostapd_config_fill(struct hostapd_config *conf,
} else if (os_strcmp(buf, "eap_teap_auth") == 0) {
int val = atoi(pos);
if (val < 0 || val > 1) {
if (val < 0 || val > 2) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid eap_teap_auth value",
line);
@ -2620,6 +2620,10 @@ static int hostapd_config_fill(struct hostapd_config *conf,
bss->eap_teap_auth = val;
} else if (os_strcmp(buf, "eap_teap_pac_no_inner") == 0) {
bss->eap_teap_pac_no_inner = atoi(pos);
} else if (os_strcmp(buf, "eap_teap_separate_result") == 0) {
bss->eap_teap_separate_result = atoi(pos);
} else if (os_strcmp(buf, "eap_teap_id") == 0) {
bss->eap_teap_id = atoi(pos);
#endif /* EAP_SERVER_TEAP */
#ifdef EAP_SERVER_SIM
} else if (os_strcmp(buf, "eap_sim_db") == 0) {
@ -2668,6 +2672,7 @@ static int hostapd_config_fill(struct hostapd_config *conf,
} else if (os_strcmp(buf, "erp_domain") == 0) {
os_free(bss->erp_domain);
bss->erp_domain = os_strdup(pos);
#ifdef CONFIG_WEP
} else if (os_strcmp(buf, "wep_key_len_broadcast") == 0) {
int val = atoi(pos);
@ -2695,6 +2700,7 @@ static int hostapd_config_fill(struct hostapd_config *conf,
line, bss->wep_rekeying_period);
return 1;
}
#endif /* CONFIG_WEP */
} else if (os_strcmp(buf, "eap_reauth_period") == 0) {
bss->eap_reauth_period = atoi(pos);
if (bss->eap_reauth_period < 0) {
@ -2706,8 +2712,7 @@ static int hostapd_config_fill(struct hostapd_config *conf,
bss->eapol_key_index_workaround = atoi(pos);
#ifdef CONFIG_IAPP
} else if (os_strcmp(buf, "iapp_interface") == 0) {
bss->ieee802_11f = 1;
os_strlcpy(bss->iapp_iface, pos, sizeof(bss->iapp_iface));
wpa_printf(MSG_INFO, "DEPRECATED: iapp_interface not used");
#endif /* CONFIG_IAPP */
} else if (os_strcmp(buf, "own_ip_addr") == 0) {
if (hostapd_parse_ip_addr(pos, &bss->own_ip_addr)) {
@ -2728,6 +2733,9 @@ static int hostapd_config_fill(struct hostapd_config *conf,
return 1;
}
bss->radius->force_client_addr = 1;
} else if (os_strcmp(buf, "radius_client_dev") == 0) {
os_free(bss->radius->force_client_dev);
bss->radius->force_client_dev = os_strdup(pos);
} else if (os_strcmp(buf, "auth_server_addr") == 0) {
if (hostapd_config_read_radius_addr(
&bss->radius->auth_servers,
@ -2870,6 +2878,16 @@ static int hostapd_config_fill(struct hostapd_config *conf,
}
} else if (os_strcmp(buf, "wpa") == 0) {
bss->wpa = atoi(pos);
} else if (os_strcmp(buf, "extended_key_id") == 0) {
int val = atoi(pos);
if (val < 0 || val > 2) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid extended_key_id=%d; allowed range 0..2",
line, val);
return 1;
}
bss->extended_key_id = val;
} else if (os_strcmp(buf, "wpa_group_rekey") == 0) {
bss->wpa_group_rekey = atoi(pos);
bss->wpa_group_rekey_set = 1;
@ -2879,6 +2897,15 @@ static int hostapd_config_fill(struct hostapd_config *conf,
bss->wpa_gmk_rekey = atoi(pos);
} else if (os_strcmp(buf, "wpa_ptk_rekey") == 0) {
bss->wpa_ptk_rekey = atoi(pos);
} else if (os_strcmp(buf, "wpa_deny_ptk0_rekey") == 0) {
bss->wpa_deny_ptk0_rekey = atoi(pos);
if (bss->wpa_deny_ptk0_rekey < 0 ||
bss->wpa_deny_ptk0_rekey > 2) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid wpa_deny_ptk0_rekey=%d; allowed range 0..2",
line, bss->wpa_deny_ptk0_rekey);
return 1;
}
} else if (os_strcmp(buf, "wpa_group_update_count") == 0) {
char *endp;
unsigned long val = strtoul(pos, &endp, 0);
@ -3131,6 +3158,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
}
} else if (os_strcmp(buf, "acs_exclude_dfs") == 0) {
conf->acs_exclude_dfs = atoi(pos);
} else if (os_strcmp(buf, "op_class") == 0) {
conf->op_class = atoi(pos);
} else if (os_strcmp(buf, "channel") == 0) {
if (os_strcmp(pos, "acs_survey") == 0) {
#ifndef CONFIG_ACS
@ -3145,12 +3174,35 @@ static int hostapd_config_fill(struct hostapd_config *conf,
conf->channel = atoi(pos);
conf->acs = conf->channel == 0;
}
} else if (os_strcmp(buf, "edmg_channel") == 0) {
conf->edmg_channel = atoi(pos);
} else if (os_strcmp(buf, "enable_edmg") == 0) {
conf->enable_edmg = atoi(pos);
} else if (os_strcmp(buf, "chanlist") == 0) {
if (hostapd_parse_chanlist(conf, pos)) {
wpa_printf(MSG_ERROR, "Line %d: invalid channel list",
line);
return 1;
}
} else if (os_strcmp(buf, "freqlist") == 0) {
if (freq_range_list_parse(&conf->acs_freq_list, pos)) {
wpa_printf(MSG_ERROR, "Line %d: invalid frequency list",
line);
return 1;
}
conf->acs_freq_list_present = 1;
} else if (os_strcmp(buf, "acs_exclude_6ghz_non_psc") == 0) {
conf->acs_exclude_6ghz_non_psc = atoi(pos);
} else if (os_strcmp(buf, "min_tx_power") == 0) {
int val = atoi(pos);
if (val < 0 || val > 255) {
wpa_printf(MSG_ERROR,
"Line %d: invalid min_tx_power %d (expected 0..255)",
line, val);
return 1;
}
conf->min_tx_power = val;
} else if (os_strcmp(buf, "beacon_int") == 0) {
int val = atoi(pos);
/* MIB defines range as 1..65535, but very small values
@ -3272,6 +3324,16 @@ static int hostapd_config_fill(struct hostapd_config *conf,
}
conf->rate_type = BEACON_RATE_VHT;
conf->beacon_rate = val;
} else if (os_strncmp(pos, "he:", 3) == 0) {
val = atoi(pos + 3);
if (val < 0 || val > 11) {
wpa_printf(MSG_ERROR,
"Line %d: invalid beacon_rate HE-MCS %d",
line, val);
return 1;
}
conf->rate_type = BEACON_RATE_HE;
conf->beacon_rate = val;
} else {
val = atoi(pos);
if (val < 10 || val > 10000) {
@ -3292,6 +3354,7 @@ static int hostapd_config_fill(struct hostapd_config *conf,
bss->ignore_broadcast_ssid = atoi(pos);
} else if (os_strcmp(buf, "no_probe_resp_if_max_sta") == 0) {
bss->no_probe_resp_if_max_sta = atoi(pos);
#ifdef CONFIG_WEP
} else if (os_strcmp(buf, "wep_default_key") == 0) {
bss->ssid.wep.idx = atoi(pos);
if (bss->ssid.wep.idx > 3) {
@ -3310,6 +3373,7 @@ static int hostapd_config_fill(struct hostapd_config *conf,
line, buf);
return 1;
}
#endif /* CONFIG_WEP */
#ifndef CONFIG_NO_VLAN
} else if (os_strcmp(buf, "dynamic_vlan") == 0) {
bss->ssid.dynamic_vlan = atoi(pos);
@ -3341,7 +3405,7 @@ static int hostapd_config_fill(struct hostapd_config *conf,
} else if (os_strcmp(buf, "ap_table_expiration_time") == 0) {
conf->ap_table_expiration_time = atoi(pos);
} else if (os_strncmp(buf, "tx_queue_", 9) == 0) {
if (hostapd_config_tx_queue(conf, buf, pos)) {
if (hostapd_config_tx_queue(conf->tx_queue, buf, pos)) {
wpa_printf(MSG_ERROR, "Line %d: invalid TX queue item",
line);
return 1;
@ -3372,7 +3436,6 @@ static int hostapd_config_fill(struct hostapd_config *conf,
}
} else if (os_strcmp(buf, "use_driver_iface_addr") == 0) {
conf->use_driver_iface_addr = atoi(pos);
#ifdef CONFIG_IEEE80211W
} else if (os_strcmp(buf, "ieee80211w") == 0) {
bss->ieee80211w = atoi(pos);
} else if (os_strcmp(buf, "group_mgmt_cipher") == 0) {
@ -3389,6 +3452,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
line, pos);
return 1;
}
} else if (os_strcmp(buf, "beacon_prot") == 0) {
bss->beacon_prot = atoi(pos);
} else if (os_strcmp(buf, "assoc_sa_query_max_timeout") == 0) {
bss->assoc_sa_query_max_timeout = atoi(pos);
if (bss->assoc_sa_query_max_timeout == 0) {
@ -3403,14 +3468,12 @@ static int hostapd_config_fill(struct hostapd_config *conf,
line);
return 1;
}
#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_OCV
} else if (os_strcmp(buf, "ocv") == 0) {
bss->ocv = atoi(pos);
if (bss->ocv && !bss->ieee80211w)
bss->ieee80211w = 1;
#endif /* CONFIG_OCV */
#ifdef CONFIG_IEEE80211N
} else if (os_strcmp(buf, "ieee80211n") == 0) {
conf->ieee80211n = atoi(pos);
} else if (os_strcmp(buf, "ht_capab") == 0) {
@ -3423,7 +3486,6 @@ static int hostapd_config_fill(struct hostapd_config *conf,
conf->require_ht = atoi(pos);
} else if (os_strcmp(buf, "obss_interval") == 0) {
conf->obss_interval = atoi(pos);
#endif /* CONFIG_IEEE80211N */
#ifdef CONFIG_IEEE80211AC
} else if (os_strcmp(buf, "ieee80211ac") == 0) {
conf->ieee80211ac = atoi(pos);
@ -3456,13 +3518,20 @@ static int hostapd_config_fill(struct hostapd_config *conf,
} else if (os_strcmp(buf, "he_mu_beamformer") == 0) {
conf->he_phy_capab.he_mu_beamformer = atoi(pos);
} else if (os_strcmp(buf, "he_bss_color") == 0) {
conf->he_op.he_bss_color = atoi(pos);
conf->he_op.he_bss_color = atoi(pos) & 0x3f;
conf->he_op.he_bss_color_disabled = 0;
} else if (os_strcmp(buf, "he_bss_color_partial") == 0) {
conf->he_op.he_bss_color_partial = atoi(pos);
} else if (os_strcmp(buf, "he_default_pe_duration") == 0) {
conf->he_op.he_default_pe_duration = atoi(pos);
} else if (os_strcmp(buf, "he_twt_required") == 0) {
conf->he_op.he_twt_required = atoi(pos);
} else if (os_strcmp(buf, "he_twt_responder") == 0) {
conf->he_op.he_twt_responder = atoi(pos);
} else if (os_strcmp(buf, "he_rts_threshold") == 0) {
conf->he_op.he_rts_threshold = atoi(pos);
} else if (os_strcmp(buf, "he_er_su_disable") == 0) {
conf->he_op.he_er_su_disable = atoi(pos);
} else if (os_strcmp(buf, "he_basic_mcs_nss_set") == 0) {
conf->he_op.he_basic_mcs_nss_set = atoi(pos);
} else if (os_strcmp(buf, "he_mu_edca_qos_info_param_count") == 0) {
@ -3550,19 +3619,53 @@ static int hostapd_config_fill(struct hostapd_config *conf,
conf->he_mu_edca.he_mu_ac_vo_param[HE_MU_AC_PARAM_TIMER_IDX] =
atoi(pos) & 0xff;
} else if (os_strcmp(buf, "he_spr_sr_control") == 0) {
conf->spr.sr_control = atoi(pos) & 0xff;
conf->spr.sr_control = atoi(pos) & 0x1f;
} else if (os_strcmp(buf, "he_spr_non_srg_obss_pd_max_offset") == 0) {
conf->spr.non_srg_obss_pd_max_offset = atoi(pos);
} else if (os_strcmp(buf, "he_spr_srg_obss_pd_min_offset") == 0) {
conf->spr.srg_obss_pd_min_offset = atoi(pos);
} else if (os_strcmp(buf, "he_spr_srg_obss_pd_max_offset") == 0) {
conf->spr.srg_obss_pd_max_offset = atoi(pos);
} else if (os_strcmp(buf, "he_spr_srg_bss_colors") == 0) {
if (hostapd_parse_he_srg_bitmap(
conf->spr.srg_bss_color_bitmap, pos)) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid srg bss colors list '%s'",
line, pos);
return 1;
}
} else if (os_strcmp(buf, "he_spr_srg_partial_bssid") == 0) {
if (hostapd_parse_he_srg_bitmap(
conf->spr.srg_partial_bssid_bitmap, pos)) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid srg partial bssid list '%s'",
line, pos);
return 1;
}
} else if (os_strcmp(buf, "he_oper_chwidth") == 0) {
conf->he_oper_chwidth = atoi(pos);
} else if (os_strcmp(buf, "he_oper_centr_freq_seg0_idx") == 0) {
conf->he_oper_centr_freq_seg0_idx = atoi(pos);
} else if (os_strcmp(buf, "he_oper_centr_freq_seg1_idx") == 0) {
conf->he_oper_centr_freq_seg1_idx = atoi(pos);
} else if (os_strcmp(buf, "he_6ghz_max_mpdu") == 0) {
conf->he_6ghz_max_mpdu = atoi(pos);
} else if (os_strcmp(buf, "he_6ghz_max_ampdu_len_exp") == 0) {
conf->he_6ghz_max_ampdu_len_exp = atoi(pos);
} else if (os_strcmp(buf, "he_6ghz_rx_ant_pat") == 0) {
conf->he_6ghz_rx_ant_pat = atoi(pos);
} else if (os_strcmp(buf, "he_6ghz_tx_ant_pat") == 0) {
conf->he_6ghz_tx_ant_pat = atoi(pos);
} else if (os_strcmp(buf, "unsol_bcast_probe_resp_interval") == 0) {
int val = atoi(pos);
if (val < 0 || val > 20) {
wpa_printf(MSG_ERROR,
"Line %d: invalid unsol_bcast_probe_resp_interval value",
line);
return 1;
}
bss->unsol_bcast_probe_resp_interval = val;
#endif /* CONFIG_IEEE80211AX */
} else if (os_strcmp(buf, "max_listen_interval") == 0) {
bss->max_listen_interval = atoi(pos);
@ -3744,6 +3847,9 @@ static int hostapd_config_fill(struct hostapd_config *conf,
} else if (os_strcmp(buf, "server_id") == 0) {
os_free(bss->server_id);
bss->server_id = os_strdup(pos);
} else if (os_strcmp(buf, "wps_application_ext") == 0) {
wpabuf_free(bss->wps_application_ext);
bss->wps_application_ext = wpabuf_parse_bin(pos);
#ifdef CONFIG_WPS_NFC
} else if (os_strcmp(buf, "wps_nfc_dev_pw_id") == 0) {
bss->wps_nfc_dev_pw_id = atoi(pos);
@ -4144,9 +4250,53 @@ static int hostapd_config_fill(struct hostapd_config *conf,
bss->own_ie_override = tmp;
} else if (os_strcmp(buf, "sae_reflection_attack") == 0) {
bss->sae_reflection_attack = atoi(pos);
} else if (os_strcmp(buf, "sae_commit_status") == 0) {
bss->sae_commit_status = atoi(pos);
} else if (os_strcmp(buf, "sae_pk_omit") == 0) {
bss->sae_pk_omit = atoi(pos);
} else if (os_strcmp(buf, "sae_pk_password_check_skip") == 0) {
bss->sae_pk_password_check_skip = atoi(pos);
} else if (os_strcmp(buf, "sae_commit_override") == 0) {
wpabuf_free(bss->sae_commit_override);
bss->sae_commit_override = wpabuf_parse_bin(pos);
} else if (os_strcmp(buf, "rsne_override_eapol") == 0) {
wpabuf_free(bss->rsne_override_eapol);
bss->rsne_override_eapol = wpabuf_parse_bin(pos);
} else if (os_strcmp(buf, "rsnxe_override_eapol") == 0) {
wpabuf_free(bss->rsnxe_override_eapol);
bss->rsnxe_override_eapol = wpabuf_parse_bin(pos);
} else if (os_strcmp(buf, "rsne_override_ft") == 0) {
wpabuf_free(bss->rsne_override_ft);
bss->rsne_override_ft = wpabuf_parse_bin(pos);
} else if (os_strcmp(buf, "rsnxe_override_ft") == 0) {
wpabuf_free(bss->rsnxe_override_ft);
bss->rsnxe_override_ft = wpabuf_parse_bin(pos);
} else if (os_strcmp(buf, "gtk_rsc_override") == 0) {
wpabuf_free(bss->gtk_rsc_override);
bss->gtk_rsc_override = wpabuf_parse_bin(pos);
} else if (os_strcmp(buf, "igtk_rsc_override") == 0) {
wpabuf_free(bss->igtk_rsc_override);
bss->igtk_rsc_override = wpabuf_parse_bin(pos);
} else if (os_strcmp(buf, "no_beacon_rsnxe") == 0) {
bss->no_beacon_rsnxe = atoi(pos);
} else if (os_strcmp(buf, "skip_prune_assoc") == 0) {
bss->skip_prune_assoc = atoi(pos);
} else if (os_strcmp(buf, "ft_rsnxe_used") == 0) {
bss->ft_rsnxe_used = atoi(pos);
} else if (os_strcmp(buf, "oci_freq_override_eapol_m3") == 0) {
bss->oci_freq_override_eapol_m3 = atoi(pos);
} else if (os_strcmp(buf, "oci_freq_override_eapol_g1") == 0) {
bss->oci_freq_override_eapol_g1 = atoi(pos);
} else if (os_strcmp(buf, "oci_freq_override_saquery_req") == 0) {
bss->oci_freq_override_saquery_req = atoi(pos);
} else if (os_strcmp(buf, "oci_freq_override_saquery_resp") == 0) {
bss->oci_freq_override_saquery_resp = atoi(pos);
} else if (os_strcmp(buf, "oci_freq_override_ft_assoc") == 0) {
bss->oci_freq_override_ft_assoc = atoi(pos);
} else if (os_strcmp(buf, "oci_freq_override_fils_assoc") == 0) {
bss->oci_freq_override_fils_assoc = atoi(pos);
} else if (os_strcmp(buf, "oci_freq_override_wnm_sleep") == 0) {
bss->oci_freq_override_wnm_sleep = atoi(pos);
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_SAE
} else if (os_strcmp(buf, "sae_password") == 0) {
@ -4162,8 +4312,9 @@ static int hostapd_config_fill(struct hostapd_config *conf,
} else if (os_strcmp(buf, "assocresp_elements") == 0) {
if (parse_wpabuf_hex(line, buf, &bss->assocresp_elements, pos))
return 1;
} else if (os_strcmp(buf, "sae_anti_clogging_threshold") == 0) {
bss->sae_anti_clogging_threshold = atoi(pos);
} else if (os_strcmp(buf, "sae_anti_clogging_threshold") == 0 ||
os_strcmp(buf, "anti_clogging_threshold") == 0) {
bss->anti_clogging_threshold = atoi(pos);
} else if (os_strcmp(buf, "sae_sync") == 0) {
bss->sae_sync = atoi(pos);
} else if (os_strcmp(buf, "sae_groups") == 0) {
@ -4175,6 +4326,10 @@ static int hostapd_config_fill(struct hostapd_config *conf,
}
} else if (os_strcmp(buf, "sae_require_mfp") == 0) {
bss->sae_require_mfp = atoi(pos);
} else if (os_strcmp(buf, "sae_confirm_immediate") == 0) {
bss->sae_confirm_immediate = atoi(pos);
} else if (os_strcmp(buf, "sae_pwe") == 0) {
bss->sae_pwe = atoi(pos);
} else if (os_strcmp(buf, "local_pwr_constraint") == 0) {
int val = atoi(pos);
if (val < 0 || val > 255) {
@ -4318,12 +4473,24 @@ static int hostapd_config_fill(struct hostapd_config *conf,
bss->dhcp_server_port = atoi(pos);
} else if (os_strcmp(buf, "dhcp_relay_port") == 0) {
bss->dhcp_relay_port = atoi(pos);
} else if (os_strcmp(buf, "fils_discovery_min_interval") == 0) {
bss->fils_discovery_min_int = atoi(pos);
} else if (os_strcmp(buf, "fils_discovery_max_interval") == 0) {
bss->fils_discovery_max_int = atoi(pos);
#endif /* CONFIG_FILS */
} else if (os_strcmp(buf, "multicast_to_unicast") == 0) {
bss->multicast_to_unicast = atoi(pos);
} else if (os_strcmp(buf, "broadcast_deauth") == 0) {
bss->broadcast_deauth = atoi(pos);
} else if (os_strcmp(buf, "notify_mgmt_frames") == 0) {
bss->notify_mgmt_frames = atoi(pos);
#ifdef CONFIG_DPP
} else if (os_strcmp(buf, "dpp_name") == 0) {
os_free(bss->dpp_name);
bss->dpp_name = os_strdup(pos);
} else if (os_strcmp(buf, "dpp_mud_url") == 0) {
os_free(bss->dpp_mud_url);
bss->dpp_mud_url = os_strdup(pos);
} else if (os_strcmp(buf, "dpp_connector") == 0) {
os_free(bss->dpp_connector);
bss->dpp_connector = os_strdup(pos);
@ -4339,6 +4506,18 @@ static int hostapd_config_fill(struct hostapd_config *conf,
} else if (os_strcmp(buf, "dpp_controller") == 0) {
if (hostapd_dpp_controller_parse(bss, pos))
return 1;
} else if (os_strcmp(buf, "dpp_configurator_connectivity") == 0) {
bss->dpp_configurator_connectivity = atoi(pos);
} else if (os_strcmp(buf, "dpp_pfs") == 0) {
int val = atoi(pos);
if (val < 0 || val > 2) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid dpp_pfs value '%s'",
line, pos);
return -1;
}
bss->dpp_pfs = val;
#endif /* CONFIG_DPP2 */
#endif /* CONFIG_DPP */
#ifdef CONFIG_OWE
@ -4372,9 +4551,11 @@ static int hostapd_config_fill(struct hostapd_config *conf,
line, pos);
return 1;
}
} else if (os_strcmp(buf, "owe_ptk_workaround") == 0) {
bss->owe_ptk_workaround = atoi(pos);
#endif /* CONFIG_OWE */
} else if (os_strcmp(buf, "coloc_intf_reporting") == 0) {
bss->coloc_intf_reporting = atoi(pos);
#endif /* CONFIG_OWE */
} else if (os_strcmp(buf, "multi_ap") == 0) {
int val = atoi(pos);
@ -4389,8 +4570,12 @@ static int hostapd_config_fill(struct hostapd_config *conf,
conf->rssi_reject_assoc_rssi = atoi(pos);
} else if (os_strcmp(buf, "rssi_reject_assoc_timeout") == 0) {
conf->rssi_reject_assoc_timeout = atoi(pos);
} else if (os_strcmp(buf, "rssi_ignore_probe_request") == 0) {
conf->rssi_ignore_probe_request = atoi(pos);
} else if (os_strcmp(buf, "pbss") == 0) {
bss->pbss = atoi(pos);
} else if (os_strcmp(buf, "transition_disable") == 0) {
bss->transition_disable = strtol(pos, NULL, 16);
#ifdef CONFIG_AIRTIME_POLICY
} else if (os_strcmp(buf, "airtime_mode") == 0) {
int val = atoi(pos);
@ -4506,6 +4691,39 @@ static int hostapd_config_fill(struct hostapd_config *conf,
}
bss->mka_psk_set |= MKA_PSK_SET_CKN;
#endif /* CONFIG_MACSEC */
} else if (os_strcmp(buf, "disable_11n") == 0) {
bss->disable_11n = !!atoi(pos);
} else if (os_strcmp(buf, "disable_11ac") == 0) {
bss->disable_11ac = !!atoi(pos);
} else if (os_strcmp(buf, "disable_11ax") == 0) {
bss->disable_11ax = !!atoi(pos);
#ifdef CONFIG_PASN
#ifdef CONFIG_TESTING_OPTIONS
} else if (os_strcmp(buf, "force_kdk_derivation") == 0) {
bss->force_kdk_derivation = atoi(pos);
} else if (os_strcmp(buf, "pasn_corrupt_mic") == 0) {
bss->pasn_corrupt_mic = atoi(pos);
#endif /* CONFIG_TESTING_OPTIONS */
} else if (os_strcmp(buf, "pasn_groups") == 0) {
if (hostapd_parse_intlist(&bss->pasn_groups, pos)) {
wpa_printf(MSG_ERROR,
"Line %d: Invalid pasn_groups value '%s'",
line, pos);
return 1;
}
} else if (os_strcmp(buf, "pasn_comeback_after") == 0) {
bss->pasn_comeback_after = atoi(pos);
#endif /* CONFIG_PASN */
} else if (os_strcmp(buf, "ext_capa_mask") == 0) {
if (get_hex_config(bss->ext_capa_mask, EXT_CAPA_MAX_LEN,
line, "ext_capa_mask", pos))
return 1;
} else if (os_strcmp(buf, "ext_capa") == 0) {
if (get_hex_config(bss->ext_capa, EXT_CAPA_MAX_LEN,
line, "ext_capa", pos))
return 1;
} else if (os_strcmp(buf, "rnr") == 0) {
bss->rnr = atoi(pos);
} else {
wpa_printf(MSG_ERROR,
"Line %d: unknown configuration item '%s'",

959
hostapd/ctrl_iface.c
View File

File diff suppressed because it is too large Load Diff

43
hostapd/defconfig
View File

@ -44,15 +44,9 @@ CONFIG_LIBNL32=y
# Driver interface for no driver (e.g., RADIUS server only)
#CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
CONFIG_IAPP=y
# WPA2/IEEE 802.11i RSN pre-authentication
CONFIG_RSN_PREAUTH=y
# IEEE 802.11w (management frame protection)
CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
@ -154,9 +148,6 @@ CONFIG_IPV6=y
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
#CONFIG_IEEE80211N=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
@ -355,12 +346,12 @@ CONFIG_IPV6=y
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
# https://wireless.wiki.kernel.org/en/users/documentation/acs
#
#CONFIG_ACS=y
# Multiband Operation support
# These extentions facilitate efficient use of multiple frequency bands
# These extensions facilitate efficient use of multiple frequency bands
# available to the AP and the devices that may associate with it.
#CONFIG_MBO=y
@ -389,3 +380,33 @@ CONFIG_IPV6=y
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
# Wired equivalent privacy (WEP)
# WEP is an obsolete cryptographic data confidentiality algorithm that is not
# considered secure. It should not be used for anything anymore. The
# functionality needed to use WEP is available in the current hostapd
# release under this optional build parameter. This functionality is subject to
# be completely removed in a future release.
#CONFIG_WEP=y
# Remove all TKIP functionality
# TKIP is an old cryptographic data confidentiality algorithm that is not
# considered secure. It should not be used anymore. For now, the default hostapd
# build includes this to allow mixed mode WPA+WPA2 networks to be enabled, but
# that functionality is subject to be removed in the future.
#CONFIG_NO_TKIP=y
# Pre-Association Security Negotiation (PASN)
# Experimental implementation based on IEEE P802.11z/D2.6 and the protocol
# design is still subject to change. As such, this should not yet be enabled in
# production use.
# This requires CONFIG_IEEE80211W=y to be enabled, too.
#CONFIG_PASN=y
# Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect)
CONFIG_DPP=y
# DPP version 2 support
CONFIG_DPP2=y
# DPP version 3 support (experimental and still changing; do not enable for
# production use)
#CONFIG_DPP3=y

2
hostapd/hlr_auc_gw.milenage_db
View File

@ -3,7 +3,7 @@
# 4.3.20 Test Set 20. SQN is the last used SQN value.
# These values can be used for both UMTS (EAP-AKA) and GSM (EAP-SIM)
# authentication. In case of GSM/EAP-SIM, AMF and SQN values are not used, but
# dummy values will need to be included in this file.
# stub values will need to be included in this file.
# IMSI Ki OPc AMF SQN [RES_len]
232010000000000 90dca4eda45b53cf0f12d7c9c3bc6a89 cb9cccc4b9258e6dca4760379fb82581 61df 000000000000

381
hostapd/hostapd.conf
View File

@ -41,7 +41,6 @@ interface=wlan0
# bit 2 (4) = RADIUS
# bit 3 (8) = WPA
# bit 4 (16) = driver interface
# bit 5 (32) = IAPP
# bit 6 (64) = MLME
#
# Levels (minimum value for logged events):
@ -73,7 +72,7 @@ ctrl_interface=/var/run/hostapd
# run as non-root users. However, since the control interface can be used to
# change the network configuration, this access needs to be protected in many
# cases. By default, hostapd is configured to use gid 0 (root). If you
# want to allow non-root users to use the contron interface, add a new group
# want to allow non-root users to use the control interface, add a new group
# and change this value to match with that group. Add users that should have
# control interface access to this group.
#
@ -147,7 +146,8 @@ ssid=test
# Operation mode (a = IEEE 802.11a (5 GHz), b = IEEE 802.11b (2.4 GHz),
# g = IEEE 802.11g (2.4 GHz), ad = IEEE 802.11ad (60 GHz); a/g options are used
# with IEEE 802.11n (HT), too, to specify band). For IEEE 802.11ac (VHT), this
# needs to be set to hw_mode=a. When using ACS (see channel parameter), a
# needs to be set to hw_mode=a. For IEEE 802.11ax (HE) on 6 GHz this needs
# to be set to hw_mode=a. When using ACS (see channel parameter), a
# special value "any" can be used to indicate that any support band can be used.
# This special case is currently supported only with drivers with which
# offloaded ACS is used.
@ -164,8 +164,14 @@ hw_mode=g
# which will enable the ACS survey based algorithm.
channel=1
# Global operating class (IEEE 802.11, Annex E, Table E-4)
# This option allows hostapd to specify the operating class of the channel
# configured with the channel parameter. channel and op_class together can
# uniquely identify channels across different bands, including the 6 GHz band.
#op_class=131
# ACS tuning - Automatic Channel Selection
# See: http://wireless.kernel.org/en/users/Documentation/acs
# See: https://wireless.wiki.kernel.org/en/users/documentation/acs
#
# You can customize the ACS survey algorithm with following variables:
#
@ -199,11 +205,30 @@ channel=1
#chanlist=100 104 108 112 116
#chanlist=1 6 11-13
# Frequency list restriction. This option allows hostapd to select one of the
# provided frequencies when a frequency should be automatically selected.
# Frequency list can be provided as range using hyphen ('-') or individual
# frequencies can be specified by comma (',') separated values
# Default: all frequencies allowed in selected hw_mode
#freqlist=2437,5955,5975
#freqlist=2437,5985-6105
# Exclude DFS channels from ACS
# This option can be used to exclude all DFS channels from the ACS channel list
# in cases where the driver supports DFS channels.
#acs_exclude_dfs=1
# Include only preferred scan channels from 6 GHz band for ACS
# This option can be used to include only preferred scan channels in the 6 GHz
# band. This can be useful in particular for devices that operate only a 6 GHz
# BSS without a collocated 2.4/5 GHz BSS.
# Default behavior is to include all PSC and non-PSC channels.
#acs_exclude_6ghz_non_psc=1
# Set minimum permitted max TX power (in dBm) for ACS and DFS channel selection.
# (default 0, i.e., not constraint)
#min_tx_power=20
# Beacon interval in kus (1.024 ms) (default: 100; range 15..65535)
beacon_int=100
@ -258,6 +283,8 @@ fragm_threshold=-1
# beacon_rate=ht:<HT MCS>
# VHT:
# beacon_rate=vht:<VHT MCS>
# HE:
# beacon_rate=he:<HE MCS>
#
# For example, beacon_rate=10 for 1 Mbps or beacon_rate=60 for 6 Mbps (OFDM).
#beacon_rate=10
@ -550,6 +577,10 @@ wmm_ac_vo_acm=0
# Default: 1 (enabled)
#broadcast_deauth=1
# Get notifications for received Management frames on control interface
# Default: 0 (disabled)
#notify_mgmt_frames=0
##### IEEE 802.11n related configuration ######################################
# ieee80211n: Whether IEEE 802.11n (HT) is enabled
@ -559,6 +590,9 @@ wmm_ac_vo_acm=0
# Note: hw_mode=g (2.4 GHz) and hw_mode=a (5 GHz) is used to specify the band.
#ieee80211n=1
# disable_11n: Boolean (0/1) to disable HT for a specific BSS
#disable_11n=0
# ht_capab: HT capabilities (list of flags)
# LDPC coding capability: [LDPC] = supported
# Supported channel width set: [HT40-] = both 20 MHz and 40 MHz with secondary
@ -577,8 +611,6 @@ wmm_ac_vo_acm=0
# channels if needed or creation of 40 MHz channel maybe rejected based
# on overlapping BSSes. These changes are done automatically when hostapd
# is setting up the 40 MHz channel.
# Spatial Multiplexing (SM) Power Save: [SMPS-STATIC] or [SMPS-DYNAMIC]
# (SMPS disabled if neither is set)
# HT-greenfield: [GF] (disabled if not set)
# Short GI for 20 MHz: [SHORT-GI-20] (disabled if not set)
# Short GI for 40 MHz: [SHORT-GI-40] (disabled if not set)
@ -613,6 +645,9 @@ wmm_ac_vo_acm=0
# Note: hw_mode=a is used to specify that 5 GHz band is used with VHT.
#ieee80211ac=1
# disable_11ac: Boolean (0/1) to disable VHT for a specific BSS
#disable_11ac=0
# vht_capab: VHT capabilities (list of flags)
#
# vht_max_mpdu_len: [MAX-MPDU-7991] [MAX-MPDU-11454]
@ -767,6 +802,9 @@ wmm_ac_vo_acm=0
# 1 = enabled
#ieee80211ax=1
# disable_11ax: Boolean (0/1) to disable HE for a specific BSS
#disable_11ax=0
#he_su_beamformer: HE single user beamformer support
# 0 = not supported (default)
# 1 = supported
@ -785,6 +823,9 @@ wmm_ac_vo_acm=0
# he_bss_color: BSS color (1-63)
#he_bss_color=1
# he_bss_color_partial: BSS color AID equation
#he_bss_color_partial=0
#he_default_pe_duration: The duration of PE field in an HE PPDU in us
# Possible values are 0 us (default), 4 us, 8 us, 12 us, and 16 us
#he_default_pe_duration=0
@ -794,12 +835,32 @@ wmm_ac_vo_acm=0
# 1 = required
#he_twt_required=0
#he_twt_responder: Whether TWT (HE) responder is enabled
# 0 = disabled
# 1 = enabled if supported by the driver (default)
#he_twt_responder=1
#he_rts_threshold: Duration of STA transmission
# 0 = not set (default)
# unsigned integer = duration in units of 16 us
#he_rts_threshold=0
#he_er_su_disable: Disable 242-tone HE ER SU PPDU reception by the AP
# 0 = enable reception (default)
# 1 = disable reception
#he_er_su_disable=0
# HE operating channel information; see matching vht_* parameters for details.
# he_oper_centr_freq_seg0_idx field is used to indicate center frequency of 80
# and 160 MHz bandwidth operation. In 80+80 MHz operation, it is the center
# frequency of the lower frequency segment. he_oper_centr_freq_seg1_idx field
# is used only with 80+80 MHz bandwidth operation and it is used to transmit
# the center frequency of the second segment.
# On the 6 GHz band the center freq calculation starts from 5.950 GHz offset.
# For example idx=3 would result in 5965 MHz center frequency. In addition,
# he_oper_chwidth is ignored, and the channel width is derived from the
# configured operating class or center frequency indexes (see
# IEEE P802.11ax/D6.1 Annex E, Table E-4).
#he_oper_chwidth
#he_oper_centr_freq_seg0_idx
#he_oper_centr_freq_seg1_idx
@ -835,10 +896,82 @@ wmm_ac_vo_acm=0
#he_mu_edca_ac_vo_timer=255
# Spatial Reuse Parameter Set
#
# SR Control field value
# B0 = PSR Disallowed
# B1 = Non-SRG OBSS PD SR Disallowed
# B2 = Non-SRG Offset Present
# B3 = SRG Information Present
# B4 = HESIGA_Spatial_reuse_value15_allowed
#he_spr_sr_control
#
# Non-SRG OBSS PD Max Offset (included if he_spr_sr_control B2=1)
#he_spr_non_srg_obss_pd_max_offset
# SRG OBSS PD Min Offset (included if he_spr_sr_control B3=1)
#he_spr_srg_obss_pd_min_offset
#
# SRG OBSS PD Max Offset (included if he_spr_sr_control B3=1)
#he_spr_srg_obss_pd_max_offset
#
# SPR SRG BSS Color (included if he_spr_sr_control B3=1)
# This config represents SRG BSS Color Bitmap field of Spatial Reuse Parameter
# Set element that indicates the BSS color values used by members of the
# SRG of which the transmitting STA is a member. The value is in range of 0-63.
#he_spr_srg_bss_colors=1 2 10 63
#
# SPR SRG Partial BSSID (included if he_spr_sr_control B3=1)
# This config represents SRG Partial BSSID Bitmap field of Spatial Reuse
# Parameter Set element that indicates the Partial BSSID values used by members
# of the SRG of which the transmitting STA is a member. The value range
# corresponds to one of the 64 possible values of BSSID[39:44], where the lowest
# numbered bit corresponds to Partial BSSID value 0 and the highest numbered bit
# corresponds to Partial BSSID value 63.
#he_spr_srg_partial_bssid=0 1 3 63
#
#he_6ghz_max_mpdu: Maximum MPDU Length of HE 6 GHz band capabilities.
# Indicates maximum MPDU length
# 0 = 3895 octets
# 1 = 7991 octets
# 2 = 11454 octets (default)
#he_6ghz_max_mpdu=2
#
#he_6ghz_max_ampdu_len_exp: Maximum A-MPDU Length Exponent of HE 6 GHz band
# capabilities. Indicates the maximum length of A-MPDU pre-EOF padding that
# the STA can receive. This field is an integer in the range of 0 to 7.
# The length defined by this field is equal to
# 2 pow(13 + Maximum A-MPDU Length Exponent) -1 octets
# 0 = AMPDU length of 8k
# 1 = AMPDU length of 16k
# 2 = AMPDU length of 32k
# 3 = AMPDU length of 65k
# 4 = AMPDU length of 131k
# 5 = AMPDU length of 262k
# 6 = AMPDU length of 524k
# 7 = AMPDU length of 1048k (default)
#he_6ghz_max_ampdu_len_exp=7
#
#he_6ghz_rx_ant_pat: Rx Antenna Pattern Consistency of HE 6 GHz capability.
# Indicates the possibility of Rx antenna pattern change
# 0 = Rx antenna pattern might change during the lifetime of an association
# 1 = Rx antenna pattern does not change during the lifetime of an association
# (default)
#he_6ghz_rx_ant_pat=1
#
#he_6ghz_tx_ant_pat: Tx Antenna Pattern Consistency of HE 6 GHz capability.
# Indicates the possibility of Tx antenna pattern change
# 0 = Tx antenna pattern might change during the lifetime of an association
# 1 = Tx antenna pattern does not change during the lifetime of an association
# (default)
#he_6ghz_tx_ant_pat=1
# Unsolicited broadcast Probe Response transmission settings
# This is for the 6 GHz band only. If the interval is set to a non-zero value,
# the AP schedules unsolicited broadcast Probe Response frames to be
# transmitted for in-band discovery. Refer to
# IEEE P802.11ax/D8.0 26.17.2.3.2, AP behavior for fast passive scanning.
# Valid range: 0..20 TUs; default is 0 (disabled)
#unsol_bcast_probe_resp_interval=0
##### IEEE 802.1X-2004 related configuration ##################################
@ -877,6 +1010,8 @@ eapol_key_index_workaround=0
# EAP reauthentication period in seconds (default: 3600 seconds; 0 = disable
# reauthentication).
# Note: Reauthentications may enforce a disconnection, check the related
# parameter wpa_deny_ptk0_rekey for details.
#eap_reauth_period=3600
# Use PAE group address (01:80:c2:00:00:03) instead of individual target
@ -1012,7 +1147,7 @@ eap_server=0
#check_crl=1
# Specify whether to ignore certificate CRL validity time mismatches with
# errors X509_V_ERR_CERT_HAS_EXPIRED and X509_V_ERR_CERT_NOT_YET_VALID.
# errors X509_V_ERR_CRL_HAS_EXPIRED and X509_V_ERR_CRL_NOT_YET_VALID.
#
# 0 = ignore errors
# 1 = do not ignore errors (default)
@ -1081,6 +1216,12 @@ eap_server=0
# [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default)
#tls_flags=[flag1][flag2]...
# Maximum number of EAP message rounds with data (default: 100)
#max_auth_rounds=100
# Maximum number of short EAP message rounds (default: 50)
#max_auth_rounds_short=50
# Cached OCSP stapling response (DER encoded)
# If set, this file is sent as a certificate status response by the EAP server
# if the EAP peer requests certificate status in the ClientHello message.
@ -1167,7 +1308,7 @@ eap_server=0
# should be unique across all issuing servers. In theory, this is a variable
# length field, but due to some existing implementations requiring A-ID to be
# 16 octets in length, it is strongly recommended to use that length for the
# field to provid interoperability with deployed peer implementations. This
# field to provide interoperability with deployed peer implementations. This
# field is configured in hex format.
#eap_fast_a_id=101112131415161718191a1b1c1d1e1f
@ -1194,6 +1335,8 @@ eap_server=0
# EAP-TEAP authentication type
# 0 = inner EAP (default)
# 1 = Basic-Password-Auth
# 2 = Do not require Phase 2 authentication if client can be authenticated
# during Phase 1
#eap_teap_auth=0
# EAP-TEAP authentication behavior when using PAC
@ -1201,6 +1344,20 @@ eap_server=0
# 1 = skip inner authentication (inner EAP/Basic-Password-Auth)
#eap_teap_pac_no_inner=0
# EAP-TEAP behavior with Result TLV
# 0 = include with Intermediate-Result TLV (default)
# 1 = send in a separate message (for testing purposes)
#eap_teap_separate_result=0
# EAP-TEAP identities
# 0 = allow any identity type (default)
# 1 = require user identity
# 2 = require machine identity
# 3 = request user identity; accept either user or machine identity
# 4 = request machine identity; accept either user or machine identity
# 5 = require both user and machine identity
#eap_teap_id=0
# EAP-SIM and EAP-AKA protected success/failure indication using AT_RESULT_IND
# (default: 0 = disabled).
#eap_sim_aka_result_ind=1
@ -1223,11 +1380,6 @@ eap_server=0
# Whether to enable ERP on the EAP server.
#eap_server_erp=1
##### IEEE 802.11f - Inter-Access Point Protocol (IAPP) #######################
# Interface to be used for IAPP broadcast packets
#iapp_interface=eth0
##### RADIUS client configuration #############################################
# for IEEE 802.1X with external Authentication Server, IEEE 802.11
@ -1261,6 +1413,12 @@ own_ip_addr=127.0.0.1
# used, e.g., when the device has multiple IP addresses.
#radius_client_addr=127.0.0.1
# RADIUS client forced local interface. Helps run properly with VRF
# Default is none set which allows the network stack to pick the appropriate
# interface automatically.
# Example below binds to eth0
#radius_client_dev=eth0
# RADIUS authentication server
#auth_server_addr=127.0.0.1
#auth_server_port=1812
@ -1466,6 +1624,17 @@ own_ip_addr=127.0.0.1
# wpa_key_mgmt=SAE for WPA3-Personal instead of wpa_key_mgmt=WPA-PSK).
#wpa=2
# Extended Key ID support for Individually Addressed frames
#
# Extended Key ID allows to rekey PTK keys without the impacts the "normal"
# PTK rekeying with only a single Key ID 0 has. It can only be used when the
# driver supports it and RSN/WPA2 is used with a CCMP/GCMP pairwise cipher.
#
# 0 = force off, i.e., use only Key ID 0 (default)
# 1 = enable and use Extended Key ID support when possible
# 2 = identical to 1 but start with Key ID 1 when possible
#extended_key_id=0
# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit
# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase
# (8..63 characters) that will be converted to PSK. This conversion uses SSID
@ -1566,8 +1735,26 @@ own_ip_addr=127.0.0.1
# Maximum lifetime for PTK in seconds. This can be used to enforce rekeying of
# PTK to mitigate some attacks against TKIP deficiencies.
# Warning: PTK rekeying is buggy with many drivers/devices and with such
# devices, the only secure method to rekey the PTK without Extended Key ID
# support requires a disconnection. Check the related parameter
# wpa_deny_ptk0_rekey for details.
#wpa_ptk_rekey=600
# Workaround for PTK rekey issues
#
# PTK0 rekeys (rekeying the PTK without "Extended Key ID for Individually
# Addressed Frames") can degrade the security and stability with some cards.
# To avoid such issues hostapd can replace those PTK rekeys (including EAP
# reauthentications) with disconnects.
#
# Available options:
# 0 = always rekey when configured/instructed (default)
# 1 = only rekey when the local driver is explicitly indicating it can perform
# this operation without issues
# 2 = never allow PTK0 rekeys
#wpa_deny_ptk0_rekey=0
# The number of times EAPOL-Key Message 1/4 and Message 3/4 in the RSN 4-Way
# Handshake are retried per 4-Way Handshake attempt.
# (dot11RSNAConfigPairwiseUpdateCount)
@ -1618,6 +1805,12 @@ own_ip_addr=127.0.0.1
# 1 = optional
# 2 = required
#ieee80211w=0
# The most common configuration options for this based on the PMF (protected
# management frames) certification program are:
# PMF enabled: ieee80211w=1 and wpa_key_mgmt=WPA-EAP WPA-EAP-SHA256
# PMF required: ieee80211w=2 and wpa_key_mgmt=WPA-EAP-SHA256
# (and similarly for WPA-PSK and WPA-PSK-SHA256 if WPA2-Personal is used)
# WPA3-Personal-only mode: ieee80211w=2 and wpa_key_mgmt=SAE
# Group management cipher suite
# Default: AES-128-CMAC (BIP)
@ -1630,6 +1823,13 @@ own_ip_addr=127.0.0.1
# available in deployed devices.
#group_mgmt_cipher=AES-128-CMAC
# Beacon Protection (management frame protection for Beacon frames)
# This depends on management frame protection being enabled (ieee80211w != 0)
# and beacon protection support indication from the driver.
# 0 = disabled (default)
# 1 = enabled
#beacon_prot=0
# Association SA Query maximum timeout (in TU = 1.024 ms; for MFP)
# (maximum time to wait for a SA Query response)
# dot11AssociationSAQueryMaximumTimeout, 1...4294967295
@ -1641,10 +1841,26 @@ own_ip_addr=127.0.0.1
#assoc_sa_query_retry_timeout=201
# ocv: Operating Channel Validation
# This is a countermeasure against multi-channel man-in-the-middle attacks.
# This is a countermeasure against multi-channel on-path attacks.
# Enabling this depends on the driver's support for OCV when the driver SME is
# used. If hostapd SME is used, this will be enabled just based on this
# configuration.
# Enabling this automatically also enables ieee80211w, if not yet enabled.
# 0 = disabled (default)
# 1 = enabled
# 2 = enabled in workaround mode - Allow STA that claims OCV capability to
# connect even if the STA doesn't send OCI or negotiate PMF. This
# workaround is to improve interoperability with legacy STAs which are
# wrongly copying reserved bits of RSN capabilities from the AP's
# RSNE into (Re)Association Request frames. When this configuration is
# enabled, the AP considers STA is OCV capable only when the STA indicates
# MFP capability in (Re)Association Request frames and sends OCI in
# EAPOL-Key msg 2/4/FT Reassociation Request frame/FILS (Re)Association
# Request frame; otherwise, the AP disables OCV for the current connection
# with the STA. Enabling this workaround mode reduced OCV protection to
# some extend since it allows misbehavior to go through. As such, this
# should be enabled only if interoperability with misbehaving STAs is
# needed.
#ocv=1
# disable_pmksa_caching: Disable PMKSA caching
@ -1676,7 +1892,7 @@ own_ip_addr=127.0.0.1
# be followed by optional peer MAC address (dot11RSNAConfigPasswordPeerMac) and
# by optional password identifier (dot11RSNAConfigPasswordIdentifier). In
# addition, an optional VLAN ID specification can be used to bind the station
# to the specified VLAN whenver the specific SAE password entry is used.
# to the specified VLAN whenever the specific SAE password entry is used.
#
# If the peer MAC address is not included or is set to the wildcard address
# (ff:ff:ff:ff:ff:ff), the entry is available for any station to use. If a
@ -1691,7 +1907,8 @@ own_ip_addr=127.0.0.1
# special meaning of removing all previously added entries.
#
# sae_password uses the following encoding:
#<password/credential>[|mac=<peer mac>][|vlanid=<VLAN ID>][|id=<identifier>]
#<password/credential>[|mac=<peer mac>][|vlanid=<VLAN ID>]
#[|pk=<m:ECPrivateKey-base64>][|id=<identifier>]
# Examples:
#sae_password=secret
#sae_password=really secret|mac=ff:ff:ff:ff:ff:ff
@ -1701,10 +1918,11 @@ own_ip_addr=127.0.0.1
# SAE threshold for anti-clogging mechanism (dot11RSNASAEAntiCloggingThreshold)
# This parameter defines how many open SAE instances can be in progress at the
# same time before the anti-clogging mechanism is taken into use.
#sae_anti_clogging_threshold=5
#sae_anti_clogging_threshold=5 (deprecated)
#anti_clogging_threshold=5
# Maximum number of SAE synchronization errors (dot11RSNASAESync)
# The offending SAe peer will be disconnected if more than this many
# The offending SAE peer will be disconnected if more than this many
# synchronization errors happen.
#sae_sync=5
@ -1729,6 +1947,23 @@ own_ip_addr=127.0.0.1
# MFP while SAE stations are required to negotiate MFP if sae_require_mfp=1.
#sae_require_mfp=0
# SAE Confirm behavior
# By default, AP will send out only SAE Commit message in response to a received
# SAE Commit message. This parameter can be set to 1 to override that behavior
# to send both SAE Commit and SAE Confirm messages without waiting for the STA
# to send its SAE Confirm message first.
#sae_confirm_immediate=0
# SAE mechanism for PWE derivation
# 0 = hunting-and-pecking loop only (default without password identifier)
# 1 = hash-to-element only (default with password identifier)
# 2 = both hunting-and-pecking loop and hash-to-element enabled
# Note: The default value is likely to change from 0 to 2 once the new
# hash-to-element mechanism has received more interoperability testing.
# When using SAE password identifier, the hash-to-element mechanism is used
# regardless of the sae_pwe parameter value.
#sae_pwe=0
# FILS Cache Identifier (16-bit value in hexdump format)
#fils_cache_id=0011
@ -1753,6 +1988,19 @@ own_ip_addr=127.0.0.1
# http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xml#ipsec-registry-10
#owe_groups=19 20 21
# OWE PTK derivation workaround
# Initial OWE implementation used SHA256 when deriving the PTK for all OWE
# groups. This was supposed to change to SHA384 for group 20 and SHA512 for
# group 21. This parameter can be used to enable workaround for interoperability
# with stations that use SHA256 with groups 20 and 21. By default (0) only the
# appropriate hash function is accepted. When workaround is enabled (1), the
# appropriate hash function is tried first and if that fails, SHA256-based PTK
# derivation is attempted. This workaround can result in reduced security for
# groups 20 and 21, but is required for interoperability with older
# implementations. There is no impact to group 19 behavior. The workaround is
# disabled by default and can be enabled by uncommenting the following line.
#owe_ptk_workaround=1
# OWE transition mode configuration
# Pointer to the matching open/OWE BSS
#owe_transition_bssid=<bssid>
@ -1790,6 +2038,45 @@ own_ip_addr=127.0.0.1
# default: 30 TUs (= 30.72 milliseconds)
#fils_hlp_wait_time=30
# FILS Discovery frame transmission minimum and maximum interval settings.
# If fils_discovery_max_interval is non-zero, the AP enables FILS Discovery
# frame transmission. These values use TUs as the unit and have allowed range
# of 0-10000. fils_discovery_min_interval defaults to 20.
#fils_discovery_min_interval=20
#fils_discovery_max_interval=0
# Transition Disable indication
# The AP can notify authenticated stations to disable transition mode in their
# network profiles when the network has completed transition steps, i.e., once
# sufficiently large number of APs in the ESS have been updated to support the
# more secure alternative. When this indication is used, the stations are
# expected to automatically disable transition mode and less secure security
# options. This includes use of WEP, TKIP (including use of TKIP as the group
# cipher), and connections without PMF.
# Bitmap bits:
# bit 0 (0x01): WPA3-Personal (i.e., disable WPA2-Personal = WPA-PSK and only
# allow SAE to be used)
# bit 1 (0x02): SAE-PK (disable SAE without use of SAE-PK)
# bit 2 (0x04): WPA3-Enterprise (move to requiring PMF)
# bit 3 (0x08): Enhanced Open (disable use of open network; require OWE)
# (default: 0 = do not include Transition Disable KDE)
#transition_disable=0x01
# PASN ECDH groups
# PASN implementations are required to support group 19 (NIST P-256). If this
# parameter is not set, only group 19 is supported by default. This
# configuration parameter can be used to specify a limited set of allowed
# groups. The group values are listed in the IANA registry:
# http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xml#ipsec-registry-10
#pasn_groups=19 20 21
# PASN comeback after time in TUs
# In case the AP is temporarily unable to handle a PASN authentication exchange
# due to a too large number of parallel operations, this value indicates to the
# peer after how many TUs it can try the PASN exchange again.
# (default: 10 TUs)
#pasn_comeback_after=10
##### IEEE 802.11r configuration ##############################################
# Mobility Domain identifier (dot11FTMobilityDomainID, MDID)
@ -1833,7 +2120,7 @@ own_ip_addr=127.0.0.1
# Wildcard entry:
# Upon receiving a response from R0KH, it will be added to this list, so
# subsequent requests won't be broadcast. If R0KH does not reply, it will be
# blacklisted.
# temporarily blocked (see rkh_neg_timeout).
#r0kh=ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff
# List of R1KHs in the same Mobility Domain
@ -1889,7 +2176,7 @@ own_ip_addr=127.0.0.1
#ft_psk_generate_local=0
##### Neighbor table ##########################################################
# Maximum number of entries kept in AP table (either for neigbor table or for
# Maximum number of entries kept in AP table (either for neighbor table or for
# detecting Overlapping Legacy BSS Condition). The oldest entry will be
# removed when adding a new entry that would make the list grow over this
# limit. Note! WFA certification for IEEE 802.11g requires that OLBC is
@ -2143,6 +2430,13 @@ own_ip_addr=127.0.0.1
#wps_nfc_dh_privkey: Hexdump of DH Private Key
#wps_nfc_dev_pw: Hexdump of Device Password
# Application Extension attribute for Beacon and Probe Response frames
# This parameter can be used to add application extension into WPS IE. The
# contents of this parameter starts with 16-octet (32 hexdump characters) of
# UUID to identify the specific application and that is followed by the actual
# application specific data.
#wps_application_ext=<hexdump>
##### Wi-Fi Direct (P2P) ######################################################
# Enable P2P Device management
@ -2151,6 +2445,31 @@ own_ip_addr=127.0.0.1
# Allow cross connection
#allow_cross_connection=1
##### Device Provisioning Protocol (DPP) ######################################
# Name for Enrollee's DPP Configuration Request
#dpp_name=Test
# MUD URL for Enrollee's DPP Configuration Request (optional)
#dpp_mud_url=https://example.com/mud
#dpp_connector
#dpp_netaccesskey
#dpp_netaccesskey_expiry
#dpp_csign
#dpp_controller
# Configurator Connectivity indication
# 0: no Configurator is currently connected (default)
# 1: advertise that a Configurator is available
#dpp_configurator_connectivity=0
# DPP PFS
# 0: allow PFS to be used or not used (default)
# 1: require PFS to be used (note: not compatible with DPP R1)
# 2: do not allow PFS to be used
#dpp_pfs=0
#### TDLS (IEEE 802.11z-2010) #################################################
# Prohibit use of TDLS in this BSS
@ -2531,7 +2850,7 @@ own_ip_addr=127.0.0.1
# Default is 0 = OCE disabled
#oce=0
# RSSI-based assocition rejection
# RSSI-based association rejection
#
# Reject STA association if RSSI is below given threshold (in dBm)
# Allowed range: -60 to -90 dBm; default = 0 (rejection disabled)
@ -2546,6 +2865,10 @@ own_ip_addr=127.0.0.1
# threshold (range: 0..255, default=30).
#rssi_reject_assoc_timeout=30
# Ignore Probe Request frames if RSSI is below given threshold (in dBm)
# Allowed range: -60 to -90 dBm; default = 0 (rejection disabled)
#rssi_ignore_probe_request=-75
##### Fast Session Transfer (FST) support #####################################
#
# The options in this section are only available when the build configuration
@ -2602,6 +2925,9 @@ own_ip_addr=127.0.0.1
# that allows sending of such data. Default: 0.
#stationary_ap=0
# Enable reduced neighbor reporting (RNR)
#rnr=0
##### Airtime policy configuration ###########################################
# Set the airtime policy operating mode:
@ -2638,6 +2964,19 @@ own_ip_addr=127.0.0.1
# airtime.
#airtime_bss_limit=1
##### EDMG support ############################################################
#
# Enable EDMG capability for AP mode in the 60 GHz band. Default value is false.
# To configure channel bonding for an EDMG AP use edmg_channel below.
# If enable_edmg is set and edmg_channel is not set, EDMG CB1 will be
# configured.
#enable_edmg=1
#
# Configure channel bonding for AP mode in the 60 GHz band.
# This parameter is relevant only if enable_edmg is set.
# Default value is 0 (no channel bonding).
#edmg_channel=9
##### TESTING OPTIONS #########################################################
#
# The options in this section are only available when the build configuration

6
hostapd/hostapd.wpa_psk
View File

@ -7,9 +7,15 @@
# keyid=<keyid_string>
# An optional VLAN ID can be specified by prefixing the line with
# vlanid=<VLAN ID>.
# An optional WPS tag can be added by prefixing the line with
# wps=<0/1> (default: 0). Any matching entry with that tag will be used when
# generating a PSK for a WPS Enrollee instead of generating a new random
# per-Enrollee PSK.
00:00:00:00:00:00 secret passphrase
00:11:22:33:44:55 another passphrase
00:22:33:44:55:66 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
keyid=example_id 00:11:22:33:44:77 passphrase with keyid
vlanid=3 00:00:00:00:00:00 passphrase with vlanid
wps=1 00:00:00:00:00:00 passphrase for WPS
wps=1 11:22:33:44:55:00 dev-specific passphrase for WPS
00:00:00:00:00:00 another passphrase for all STAs

134
hostapd/hostapd_cli.c
View File

@ -1,6 +1,6 @@
/*
* hostapd - command line interface for hostapd daemon
* Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>
* Copyright (c) 2004-2022, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@ -21,7 +21,7 @@
static const char *const hostapd_cli_version =
"hostapd_cli v" VERSION_STR "\n"
"Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi> and contributors";
"Copyright (c) 2004-2022, Jouni Malinen <j@w1.fi> and contributors";
static struct wpa_ctrl *ctrl_conn;
static int hostapd_cli_quit = 0;
@ -54,7 +54,7 @@ static void usage(void)
fprintf(stderr, "%s\n", hostapd_cli_version);
fprintf(stderr,
"\n"
"usage: hostapd_cli [-p<path>] [-i<ifname>] [-hvB] "
"usage: hostapd_cli [-p<path>] [-i<ifname>] [-hvBr] "
"[-a<path>] \\\n"
" [-P<pid file>] [-G<ping interval>] [command..]\n"
"\n"
@ -68,6 +68,9 @@ static void usage(void)
" -a<file> run in daemon mode executing the action file "
"based on events\n"
" from hostapd\n"
" -r try to reconnect when client socket is "
"disconnected.\n"
" This is useful only when used with -a.\n"
" -B run a daemon in the background\n"
" -i<ifname> Interface to listen on (default: first "
"interface found in the\n"
@ -401,7 +404,6 @@ static int hostapd_cli_cmd_signature(struct wpa_ctrl *ctrl, int argc,
#endif /* CONFIG_TAXONOMY */
#ifdef CONFIG_IEEE80211W
static int hostapd_cli_cmd_sa_query(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
@ -414,7 +416,6 @@ static int hostapd_cli_cmd_sa_query(struct wpa_ctrl *ctrl, int argc,
snprintf(buf, sizeof(buf), "SA_QUERY %s", argv[0]);
return wpa_ctrl_command(ctrl, buf);
}
#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_WPS
@ -974,7 +975,7 @@ static void hostapd_cli_list_interfaces(struct wpa_ctrl *ctrl)
dir = opendir(ctrl_iface_dir);
if (dir == NULL) {
printf("Control interface directory '%s' could not be "
"openned.\n", ctrl_iface_dir);
"opened.\n", ctrl_iface_dir);
return;
}
@ -1047,7 +1048,7 @@ static char ** hostapd_complete_set(const char *str, int pos)
int arg = get_cmd_arg_num(str, pos);
const char *fields[] = {
#ifdef CONFIG_WPS_TESTING
"wps_version_number", "wps_testing_dummy_cred",
"wps_version_number", "wps_testing_stub_cred",
"wps_corrupt_pkhash",
#endif /* CONFIG_WPS_TESTING */
#ifdef CONFIG_INTERWORKING
@ -1226,14 +1227,15 @@ static int hostapd_cli_cmd_vendor(struct wpa_ctrl *ctrl, int argc, char *argv[])
char cmd[256];
int res;
if (argc < 2 || argc > 3) {
if (argc < 2 || argc > 4) {
printf("Invalid vendor command\n"
"usage: <vendor id> <command id> [<hex formatted command argument>]\n");
"usage: <vendor id> <command id> [<hex formatted command argument>] [nested=<0|1>]\n");
return -1;
}
res = os_snprintf(cmd, sizeof(cmd), "VENDOR %s %s %s", argv[0], argv[1],
argc == 3 ? argv[2] : "");
res = os_snprintf(cmd, sizeof(cmd), "VENDOR %s %s %s%s%s", argv[0],
argv[1], argc >= 3 ? argv[2] : "",
argc == 4 ? " " : "", argc == 4 ? argv[3] : "");
if (os_snprintf_error(sizeof(cmd), res)) {
printf("Too long VENDOR command.\n");
return -1;
@ -1311,24 +1313,17 @@ static int hostapd_cli_cmd_set_neighbor(struct wpa_ctrl *ctrl, int argc,
}
static int hostapd_cli_cmd_show_neighbor(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
return wpa_ctrl_command(ctrl, "SHOW_NEIGHBOR");
}
static int hostapd_cli_cmd_remove_neighbor(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
char cmd[400];
int res;
if (argc != 2) {
printf("Invalid remove_neighbor command: needs 2 arguments\n");
return -1;
}
res = os_snprintf(cmd, sizeof(cmd), "REMOVE_NEIGHBOR %s %s",
argv[0], argv[1]);
if (os_snprintf_error(sizeof(cmd), res)) {
printf("Too long REMOVE_NEIGHBOR command.\n");
return -1;
}
return wpa_ctrl_command(ctrl, cmd);
return hostapd_cli_cmd(ctrl, "REMOVE_NEIGHBOR", 1, argc, argv);
}
@ -1408,6 +1403,13 @@ static int hostapd_cli_cmd_dpp_bootstrap_info(struct wpa_ctrl *ctrl, int argc,
}
static int hostapd_cli_cmd_dpp_bootstrap_set(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
return hostapd_cli_cmd(ctrl, "DPP_BOOTSTRAP_SET", 1, argc, argv);
}
static int hostapd_cli_cmd_dpp_auth_init(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
@ -1470,6 +1472,37 @@ static int hostapd_cli_cmd_dpp_pkex_remove(struct wpa_ctrl *ctrl, int argc,
return hostapd_cli_cmd(ctrl, "DPP_PKEX_REMOVE", 1, argc, argv);
}
#ifdef CONFIG_DPP2
static int hostapd_cli_cmd_dpp_controller_start(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
return hostapd_cli_cmd(ctrl, "DPP_CONTROLLER_START", 1, argc, argv);
}
static int hostapd_cli_cmd_dpp_controller_stop(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
return wpa_ctrl_command(ctrl, "DPP_CONTROLLER_STOP");
}
static int hostapd_cli_cmd_dpp_chirp(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
return hostapd_cli_cmd(ctrl, "DPP_CHIRP", 1, argc, argv);
}
static int hostapd_cli_cmd_dpp_stop_chirp(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
return wpa_ctrl_command(ctrl, "DPP_STOP_CHIRP");
}
#endif /* CONFIG_DPP2 */
#endif /* CONFIG_DPP */
@ -1508,6 +1541,14 @@ static int hostapd_cli_cmd_reload_wpa_psk(struct wpa_ctrl *ctrl, int argc,
}
#ifdef ANDROID
static int hostapd_cli_cmd_driver(struct wpa_ctrl *ctrl, int argc, char *argv[])
{
return hostapd_cli_cmd(ctrl, "DRIVER", 1, argc, argv);
}
#endif /* ANDROID */
struct hostapd_cli_cmd {
const char *cmd;
int (*handler)(struct wpa_ctrl *ctrl, int argc, char *argv[]);
@ -1542,10 +1583,8 @@ static const struct hostapd_cli_cmd hostapd_cli_commands[] = {
{ "signature", hostapd_cli_cmd_signature, hostapd_complete_stations,
"<addr> = get taxonomy signature for a station" },
#endif /* CONFIG_TAXONOMY */
#ifdef CONFIG_IEEE80211W
{ "sa_query", hostapd_cli_cmd_sa_query, hostapd_complete_stations,
"<addr> = send SA Query to a station" },
#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_WPS
{ "wps_pin", hostapd_cli_cmd_wps_pin, NULL,
"<uuid> <pin> [timeout] [addr] = add WPS Enrollee PIN" },
@ -1637,8 +1676,10 @@ static const struct hostapd_cli_cmd hostapd_cli_commands[] = {
{ "set_neighbor", hostapd_cli_cmd_set_neighbor, NULL,
"<addr> <ssid=> <nr=> [lci=] [civic=] [stat]\n"
" = add AP to neighbor database" },
{ "show_neighbor", hostapd_cli_cmd_show_neighbor, NULL,
" = show neighbor database entries" },
{ "remove_neighbor", hostapd_cli_cmd_remove_neighbor, NULL,
"<addr> <ssid=> = remove AP from neighbor database" },
"<addr> [ssid=<hex>] = remove AP from neighbor database" },
{ "req_lci", hostapd_cli_cmd_req_lci, hostapd_complete_stations,
"<addr> = send LCI request to a station"},
{ "req_range", hostapd_cli_cmd_req_range, NULL,
@ -1656,6 +1697,8 @@ static const struct hostapd_cli_cmd hostapd_cli_commands[] = {
"<id> = get DPP bootstrap URI" },
{ "dpp_bootstrap_info", hostapd_cli_cmd_dpp_bootstrap_info, NULL,
"<id> = show DPP bootstrap information" },
{ "dpp_bootstrap_set", hostapd_cli_cmd_dpp_bootstrap_set, NULL,
"<id> [conf=..] [ssid=<SSID>] [ssid_charset=#] [psk=<PSK>] [pass=<passphrase>] [configurator=<id>] [conn_status=#] [akm_use_selector=<0|1>] [group_id=..] [expiry=#] [csrattrs=..] = set DPP configurator parameters" },
{ "dpp_auth_init", hostapd_cli_cmd_dpp_auth_init, NULL,
"peer=<id> [own=<id>] = initiate DPP bootstrapping" },
{ "dpp_listen", hostapd_cli_cmd_dpp_listen, NULL,
@ -1676,6 +1719,16 @@ static const struct hostapd_cli_cmd hostapd_cli_commands[] = {
"add PKEX code" },
{ "dpp_pkex_remove", hostapd_cli_cmd_dpp_pkex_remove, NULL,
"*|<id> = remove DPP pkex information" },
#ifdef CONFIG_DPP2
{ "dpp_controller_start", hostapd_cli_cmd_dpp_controller_start, NULL,
"[tcp_port=<port>] [role=..] = start DPP controller" },
{ "dpp_controller_stop", hostapd_cli_cmd_dpp_controller_stop, NULL,
"= stop DPP controller" },
{ "dpp_chirp", hostapd_cli_cmd_dpp_chirp, NULL,
"own=<BI ID> iter=<count> = start DPP chirp" },
{ "dpp_stop_chirp", hostapd_cli_cmd_dpp_stop_chirp, NULL,
"= stop DPP chirp" },
#endif /* CONFIG_DPP2 */
#endif /* CONFIG_DPP */
{ "accept_acl", hostapd_cli_cmd_accept_macacl, NULL,
"=Add/Delete/Show/Clear accept MAC ACL" },
@ -1687,6 +1740,10 @@ static const struct hostapd_cli_cmd hostapd_cli_commands[] = {
"<addr> [req_mode=] <measurement request hexdump> = send a Beacon report request to a station" },
{ "reload_wpa_psk", hostapd_cli_cmd_reload_wpa_psk, NULL,
"= reload wpa_psk_file only" },
#ifdef ANDROID
{ "driver", hostapd_cli_cmd_driver, NULL,
"<driver sub command> [<hex formatted data>] = send driver command data" },
#endif /* ANDROID */
{ NULL, NULL, NULL, NULL }
};
@ -2011,12 +2068,13 @@ int main(int argc, char *argv[])
int warning_displayed = 0;
int c;
int daemonize = 0;
int reconnect = 0;
if (os_program_init())
return -1;
for (;;) {
c = getopt(argc, argv, "a:BhG:i:p:P:s:v");
c = getopt(argc, argv, "a:BhG:i:p:P:rs:v");
if (c < 0)
break;
switch (c) {
@ -2045,6 +2103,9 @@ int main(int argc, char *argv[])
case 'P':
pid_file = optarg;
break;
case 'r':
reconnect = 1;
break;
case 's':
client_socket_dir = optarg;
break;
@ -2087,8 +2148,7 @@ int main(int argc, char *argv[])
printf("Connection established.\n");
break;
}
if (!interactive) {
if (!interactive && !reconnect) {
perror("Failed to connect to hostapd - "
"wpa_ctrl_open");
return -1;
@ -2106,8 +2166,14 @@ int main(int argc, char *argv[])
return -1;
if (daemonize && os_daemonize(pid_file) && eloop_sock_requeue())
return -1;
if (interactive)
if (reconnect && action_file && ctrl_ifname) {
while (!hostapd_cli_quit) {
if (ctrl_conn)
hostapd_cli_action(ctrl_conn);
os_sleep(1, 0);
hostapd_cli_reconnect(ctrl_ifname);
}
} else if (interactive)
hostapd_cli_interactive();
else if (action_file)
hostapd_cli_action(ctrl_conn);

26
hostapd/main.c
View File

@ -1,6 +1,6 @@
/*
* hostapd / main()
* Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi>
* Copyright (c) 2002-2022, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@ -81,9 +81,6 @@ static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module,
case HOSTAPD_MODULE_DRIVER:
module_str = "DRIVER";
break;
case HOSTAPD_MODULE_IAPP:
module_str = "IAPP";
break;
case HOSTAPD_MODULE_MLME:
module_str = "MLME";
break;
@ -221,7 +218,7 @@ static int hostapd_driver_init(struct hostapd_iface *iface)
struct wowlan_triggers *triggs;
iface->drv_flags = capa.flags;
iface->smps_modes = capa.smps_modes;
iface->drv_flags2 = capa.flags2;
iface->probe_resp_offloads = capa.probe_resp_offloads;
/*
* Use default extended capa values from per-radio information
@ -263,7 +260,7 @@ hostapd_interface_init(struct hapd_interfaces *interfaces, const char *if_name,
struct hostapd_iface *iface;
int k;
wpa_printf(MSG_ERROR, "Configuration file: %s", config_fname);
wpa_printf(MSG_DEBUG, "Configuration file: %s", config_fname);
iface = hostapd_init(interfaces, config_fname);
if (!iface)
return NULL;
@ -454,11 +451,12 @@ static int hostapd_global_run(struct hapd_interfaces *ifaces, int daemonize,
static void show_version(void)
{
fprintf(stderr,
"hostapd v" VERSION_STR "\n"
"hostapd v%s\n"
"User space daemon for IEEE 802.11 AP management,\n"
"IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n"
"Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi> "
"and contributors\n");
"Copyright (c) 2002-2022, Jouni Malinen <j@w1.fi> "
"and contributors\n",
VERSION_STR);
}
@ -676,7 +674,10 @@ int main(int argc, char *argv[])
#endif /* CONFIG_ETH_P_OUI */
#ifdef CONFIG_DPP
os_memset(&dpp_conf, 0, sizeof(dpp_conf));
/* TODO: dpp_conf.msg_ctx? */
dpp_conf.cb_ctx = &interfaces;
#ifdef CONFIG_DPP2
dpp_conf.remove_bi = hostapd_dpp_remove_bi;
#endif /* CONFIG_DPP2 */
interfaces.dpp = dpp_global_init(&dpp_conf);
if (!interfaces.dpp)
return -1;
@ -771,7 +772,7 @@ int main(int argc, char *argv[])
if (log_file)
wpa_debug_open_file(log_file);
else
if (!log_file && !wpa_debug_syslog)
wpa_debug_setup_stdout();
#ifdef CONFIG_DEBUG_SYSLOG
if (wpa_debug_syslog)
@ -905,8 +906,11 @@ int main(int argc, char *argv[])
!!(interfaces.iface[i]->drv_flags &
WPA_DRIVER_FLAGS_AP_TEARDOWN_SUPPORT);
hostapd_interface_deinit_free(interfaces.iface[i]);
interfaces.iface[i] = NULL;
}
os_free(interfaces.iface);
interfaces.iface = NULL;
interfaces.count = 0;
#ifdef CONFIG_DPP
dpp_global_deinit(interfaces.dpp);

196
hostapd/sae_pk_gen.c Normal file
View File

@ -0,0 +1,196 @@
/*
* SAE-PK password/modifier generator
* Copyright (c) 2020, The Linux Foundation
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
#include "utils/includes.h"
#include "utils/common.h"
#include "utils/base64.h"
#include "crypto/crypto.h"
#include "common/sae.h"
int main(int argc, char *argv[])
{
char *der = NULL;
size_t der_len;
struct crypto_ec_key *key = NULL;
struct wpabuf *pub = NULL;
u8 *data = NULL, *m;
size_t data_len;
char *b64 = NULL, *pw = NULL, *pos, *src;
int sec, j;
int ret = -1;
u8 hash[SAE_MAX_HASH_LEN];
char hash_hex[2 * SAE_MAX_HASH_LEN + 1];
u8 pw_base_bin[SAE_MAX_HASH_LEN];
u8 *dst;
int group;
size_t hash_len;
unsigned long long i, expected;
char m_hex[2 * SAE_PK_M_LEN + 1];
u32 sec_1b, val20;
wpa_debug_level = MSG_INFO;
if (os_program_init() < 0)
goto fail;
if (argc != 4) {
fprintf(stderr,
"usage: sae_pk_gen <DER ECPrivateKey file> <Sec:3|5> <SSID>\n");
goto fail;
}
sec = atoi(argv[2]);
if (sec != 3 && sec != 5) {
fprintf(stderr,
"Invalid Sec value (allowed values: 3 and 5)\n");
goto fail;
}
sec_1b = sec == 3;
expected = 1;
for (j = 0; j < sec; j++)
expected *= 256;
der = os_readfile(argv[1], &der_len);
if (!der) {
fprintf(stderr, "Could not read %s: %s\n",
argv[1], strerror(errno));
goto fail;
}
key = crypto_ec_key_parse_priv((u8 *) der, der_len);
if (!key) {
fprintf(stderr, "Could not parse ECPrivateKey\n");
goto fail;
}
pub = crypto_ec_key_get_subject_public_key(key);
if (!pub) {
fprintf(stderr, "Failed to build SubjectPublicKey\n");
goto fail;
}
group = crypto_ec_key_group(key);
switch (group) {
case 19:
hash_len = 32;
break;
case 20:
hash_len = 48;
break;
case 21:
hash_len = 64;
break;
default:
fprintf(stderr, "Unsupported private key group\n");
goto fail;
}
data_len = os_strlen(argv[3]) + SAE_PK_M_LEN + wpabuf_len(pub);
data = os_malloc(data_len);
if (!data) {
fprintf(stderr, "No memory for data buffer\n");
goto fail;
}
os_memcpy(data, argv[3], os_strlen(argv[3]));
m = data + os_strlen(argv[3]);
if (os_get_random(m, SAE_PK_M_LEN) < 0) {
fprintf(stderr, "Could not generate random Modifier M\n");
goto fail;
}
os_memcpy(m + SAE_PK_M_LEN, wpabuf_head(pub), wpabuf_len(pub));
fprintf(stderr, "Searching for a suitable Modifier M value\n");
for (i = 0;; i++) {
if (sae_hash(hash_len, data, data_len, hash) < 0) {
fprintf(stderr, "Hash failed\n");
goto fail;
}
if (hash[0] == 0 && hash[1] == 0) {
if ((hash[2] & 0xf0) == 0)
fprintf(stderr, "\r%3.2f%%",
100.0 * (double) i / (double) expected);
for (j = 2; j < sec; j++) {
if (hash[j])
break;
}
if (j == sec)
break;
}
inc_byte_array(m, SAE_PK_M_LEN);
}
if (wpa_snprintf_hex(m_hex, sizeof(m_hex), m, SAE_PK_M_LEN) < 0 ||
wpa_snprintf_hex(hash_hex, sizeof(hash_hex), hash, hash_len) < 0)
goto fail;
fprintf(stderr, "\nFound a valid hash in %llu iterations: %s\n",
i + 1, hash_hex);
b64 = base64_encode(der, der_len, NULL);
if (!b64)
goto fail;
src = pos = b64;
while (*src) {
if (*src != '\n')
*pos++ = *src;
src++;
}
*pos = '\0';
/* Skip 8*Sec bits and add Sec_1b as the every 20th bit starting with
* one. */
os_memset(pw_base_bin, 0, sizeof(pw_base_bin));
dst = pw_base_bin;
for (j = 0; j < 8 * (int) hash_len / 20; j++) {
val20 = sae_pk_get_be19(hash + sec);
val20 |= sec_1b << 19;
sae_pk_buf_shift_left_19(hash + sec, hash_len - sec);
if (j & 1) {
*dst |= (val20 >> 16) & 0x0f;
dst++;
*dst++ = (val20 >> 8) & 0xff;
*dst++ = val20 & 0xff;
} else {
*dst++ = (val20 >> 12) & 0xff;
*dst++ = (val20 >> 4) & 0xff;
*dst = (val20 << 4) & 0xf0;
}
}
if (wpa_snprintf_hex(hash_hex, sizeof(hash_hex),
pw_base_bin, hash_len - sec) >= 0)
fprintf(stderr, "PasswordBase binary data for base32: %s",
hash_hex);
pw = sae_pk_base32_encode(pw_base_bin, 20 * 3 - 5);
if (!pw)
goto fail;
printf("# SAE-PK password/M/private key for Sec=%d.\n", sec);
printf("sae_password=%s|pk=%s:%s\n", pw, m_hex, b64);
printf("# Longer passwords can be used for improved security at the cost of usability:\n");
for (j = 4; j <= ((int) hash_len * 8 + 5 - 8 * sec) / 19; j++) {
os_free(pw);
pw = sae_pk_base32_encode(pw_base_bin, 20 * j - 5);
if (pw)
printf("# %s\n", pw);
}
ret = 0;
fail:
os_free(der);
wpabuf_free(pub);
crypto_ec_key_deinit(key);
os_free(data);
os_free(b64);
os_free(pw);
os_program_deinit();
return ret;
}

55
hs20/client/Makefile
View File

@ -1,28 +1,6 @@
all: hs20-osu-client
ALL=hs20-osu-client
ifndef CC
CC=gcc
endif
ifndef LDO
LDO=$(CC)
endif
ifeq ($(QUIET), 1)
Q=@
E=true
else
Q=@
E=echo
ifeq ($(V), 1)
Q=
E=true
endif
endif
ifndef CFLAGS
CFLAGS = -MMD -O2 -Wall -g
endif
include ../../src/build.rules
CFLAGS += -I../../src/utils
CFLAGS += -I../../src/common
@ -30,8 +8,17 @@ CFLAGS += -I../../src
ifndef CONFIG_NO_BROWSER
ifndef CONFIG_BROWSER_SYSTEM
TEST_WK := $(shell pkg-config --silence-errors --cflags webkitgtk-3.0)
ifeq ($(TEST_WK),)
# Try webkit2
GTKCFLAGS := $(shell pkg-config --cflags gtk+-3.0 webkit2gtk-4.0)
GTKLIBS := $(shell pkg-config --libs gtk+-3.0 webkit2gtk-4.0)
CFLAGS += -DUSE_WEBKIT2
else
GTKCFLAGS := $(shell pkg-config --cflags gtk+-3.0 webkitgtk-3.0)
GTKLIBS := $(shell pkg-config --libs gtk+-3.0 webkitgtk-3.0)
endif
CFLAGS += $(GTKCFLAGS)
LIBS += $(GTKLIBS)
endif
@ -84,23 +71,11 @@ CFLAGS += -DEAP_TLS_OPENSSL
OBJS += ../../src/crypto/tls_openssl_ocsp.o
LIBS += -lssl -lcrypto
_OBJS_VAR := OBJS
include ../../src/objs.mk
hs20-osu-client: $(OBJS)
$(Q)$(LDO) $(LDFLAGS) -o hs20-osu-client $(OBJS) $(LIBS)
@$(E) " LD " $@
%.o: %.c
$(Q)$(CC) -c -o $@ $(CFLAGS) $<
@$(E) " CC " $<
clean:
rm -f core *~ *.o *.d hs20-osu-client
rm -f ../../src/utils/*.o
rm -f ../../src/utils/*.d
rm -f ../../src/common/*.o
rm -f ../../src/common/*.d
rm -f ../../src/crypto/*.o
rm -f ../../src/crypto/*.d
rm -f ../../src/wps/*.o
rm -f ../../src/wps/*.d
-include $(OBJS:%.o=%.d)
clean: common-clean
rm -f core *~

7
hs20/client/est.c
View File

@ -158,7 +158,7 @@ int est_load_cacerts(struct hs20_osu_client *ctx, const char *url)
return -1;
}
pkcs7 = base64_decode((unsigned char *) resp, resp_len, &pkcs7_len);
pkcs7 = base64_decode(resp, resp_len, &pkcs7_len);
if (pkcs7 && pkcs7_len < resp_len / 2) {
wpa_printf(MSG_INFO, "Too short base64 decode (%u bytes; downloaded %u bytes) - assume this was binary",
(unsigned int) pkcs7_len, (unsigned int) resp_len);
@ -639,8 +639,7 @@ int est_build_csr(struct hs20_osu_client *ctx, const char *url)
return -1;
}
attrs = base64_decode((unsigned char *) resp, resp_len,
&attrs_len);
attrs = base64_decode(resp, resp_len, &attrs_len);
os_free(resp);
if (attrs == NULL) {
@ -734,7 +733,7 @@ int est_simple_enroll(struct hs20_osu_client *ctx, const char *url,
}
wpa_printf(MSG_DEBUG, "EST simpleenroll response: %s", resp);
pkcs7 = base64_decode((unsigned char *) resp, resp_len, &pkcs7_len);
pkcs7 = base64_decode(resp, resp_len, &pkcs7_len);
if (pkcs7 == NULL) {
wpa_printf(MSG_INFO, "EST workaround - Could not decode base64, assume this is DER encoded PKCS7");
pkcs7 = os_malloc(resp_len);

2
hs20/client/oma_dm_client.c
View File

@ -407,7 +407,7 @@ static int oma_dm_exec_browser(struct hs20_osu_client *ctx, xml_node_t *exec)
wpa_printf(MSG_INFO, "Data: %s", data);
wpa_printf(MSG_INFO, "Launch browser to URI '%s'", data);
write_summary(ctx, "Launch browser to URI '%s'", data);
res = hs20_web_browser(data);
res = hs20_web_browser(data, 1);
xml_node_get_text_free(ctx->xml, data);
if (res > 0) {
wpa_printf(MSG_INFO, "User response in browser completed successfully");

27
hs20/client/osu_client.c
View File

@ -310,7 +310,7 @@ static int download_cert(struct hs20_osu_client *ctx, xml_node_t *params,
size_t len;
u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
int res;
unsigned char *b64;
char *b64;
FILE *f;
url_node = get_node(ctx->xml, params, "CertURL");
@ -364,7 +364,7 @@ static int download_cert(struct hs20_osu_client *ctx, xml_node_t *params,
return -1;
}
b64 = base64_encode((unsigned char *) cert, len, NULL);
b64 = base64_encode(cert, len, NULL);
os_free(cert);
if (b64 == NULL)
return -1;
@ -2233,7 +2233,7 @@ static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
wpa_ctrl_close(mon);
if (res < 0) {
wpa_printf(MSG_INFO, "Could not connect");
wpa_printf(MSG_INFO, "Could not connect to OSU network");
write_summary(ctx, "Could not connect to OSU network");
wpa_printf(MSG_INFO, "Remove OSU network connection");
snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
@ -2406,7 +2406,7 @@ static int cmd_osu_select(struct hs20_osu_client *ctx, const char *dir,
snprintf(fname, sizeof(fname), "file://%s/osu-providers.html", dir);
write_summary(ctx, "Start web browser with OSU provider selection page");
ret = hs20_web_browser(fname);
ret = hs20_web_browser(fname, 0);
selected:
if (ret > 0 && (size_t) ret <= osu_count) {
@ -2907,7 +2907,7 @@ static char * get_hostname(const char *url)
static int osu_cert_cb(void *_ctx, struct http_cert *cert)
{
struct hs20_osu_client *ctx = _ctx;
unsigned int i, j;
size_t i, j;
int found;
char *host = NULL;
@ -3002,7 +3002,7 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert)
size_t name_len = os_strlen(name);
wpa_printf(MSG_INFO,
"[%i] Looking for icon file name '%s' match",
"[%zu] Looking for icon file name '%s' match",
j, name);
for (i = 0; i < cert->num_logo; i++) {
struct http_logo *logo = &cert->logo[i];
@ -3010,7 +3010,7 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert)
char *pos;
wpa_printf(MSG_INFO,
"[%i] Comparing to '%s' uri_len=%d name_len=%d",
"[%zu] Comparing to '%s' uri_len=%d name_len=%d",
i, logo->uri, (int) uri_len, (int) name_len);
if (uri_len < 1 + name_len) {
wpa_printf(MSG_INFO, "URI Length is too short");
@ -3044,7 +3044,7 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert)
if (logo->hash_len != 32) {
wpa_printf(MSG_INFO,
"[%i][%i] Icon hash length invalid (should be 32): %d",
"[%zu][%zu] Icon hash length invalid (should be 32): %d",
j, i, (int) logo->hash_len);
continue;
}
@ -3054,7 +3054,7 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert)
}
wpa_printf(MSG_DEBUG,
"[%u][%u] Icon hash did not match", j, i);
"[%zu][%zu] Icon hash did not match", j, i);
wpa_hexdump_ascii(MSG_DEBUG, "logo->hash",
logo->hash, 32);
wpa_hexdump_ascii(MSG_DEBUG, "ctx->icon_hash[j]",
@ -3152,7 +3152,7 @@ static void check_workarounds(struct hs20_osu_client *ctx)
static void usage(void)
{
printf("usage: hs20-osu-client [-dddqqKt] [-S<station ifname>] \\\n"
printf("usage: hs20-osu-client [-dddqqKtT] [-S<station ifname>] \\\n"
" [-w<wpa_supplicant ctrl_iface dir>] "
"[-r<result file>] [-f<debug file>] \\\n"
" [-s<summary file>] \\\n"
@ -3198,7 +3198,7 @@ int main(int argc, char *argv[])
return -1;
for (;;) {
c = getopt(argc, argv, "df:hKNo:O:qr:s:S:tw:x:");
c = getopt(argc, argv, "df:hKNo:O:qr:s:S:tTw:x:");
if (c < 0)
break;
switch (c) {
@ -3236,6 +3236,9 @@ int main(int argc, char *argv[])
case 't':
wpa_debug_timestamp++;
break;
case 'T':
ctx.ignore_tls = 1;
break;
case 'w':
wpas_ctrl_path = optarg;
break;
@ -3403,7 +3406,7 @@ int main(int argc, char *argv[])
wpa_printf(MSG_INFO, "Launch web browser to URL %s",
argv[optind + 1]);
ret = hs20_web_browser(argv[optind + 1]);
ret = hs20_web_browser(argv[optind + 1], ctx.ignore_tls);
wpa_printf(MSG_INFO, "Web browser result: %d", ret);
} else if (strcmp(argv[optind], "parse_cert") == 0) {
if (argc - optind < 2) {

2
hs20/client/osu_client.h
View File

@ -50,6 +50,8 @@ struct hs20_osu_client {
const char *osu_ssid; /* Enforced OSU_SSID for testing purposes */
#define WORKAROUND_OCSP_OPTIONAL 0x00000001
unsigned long int workarounds;
int ignore_tls; /* whether to ignore TLS validation issues with HTTPS
* server certificate */
};

2
hs20/client/spp_client.c
View File

@ -547,7 +547,7 @@ static int hs20_spp_exec(struct hs20_osu_client *ctx, xml_node_t *exec,
}
wpa_printf(MSG_INFO, "Launch browser to URI '%s'", uri);
write_summary(ctx, "Launch browser to URI '%s'", uri);
res = hs20_web_browser(uri);
res = hs20_web_browser(uri, 1);
xml_node_get_text_free(ctx->xml, uri);
if (res > 0) {
wpa_printf(MSG_INFO, "User response in browser completed successfully - sessionid='%s'",

1
hs20/server/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
hs20_spp_server

26
hs20/server/Makefile
View File

@ -1,16 +1,6 @@
all: hs20_spp_server
ALL=hs20_spp_server
ifndef CC
CC=gcc
endif
ifndef LDO
LDO=$(CC)
endif
ifndef CFLAGS
CFLAGS = -MMD -O2 -Wall -g
endif
include ../../src/build.rules
CFLAGS += -I../../src
CFLAGS += -I../../src/utils
@ -43,14 +33,10 @@ CFLAGS += $(shell xml2-config --cflags)
LIBS += $(shell xml2-config --libs)
OBJS += ../../src/utils/xml_libxml2.o
_OBJS_VAR := OBJS
include ../../src/objs.mk
hs20_spp_server: $(OBJS)
$(LDO) $(LDFLAGS) -o hs20_spp_server $(OBJS) $(LIBS)
clean:
rm -f core *~ *.o *.d hs20_spp_server
rm -f ../../src/utils/*.o
rm -f ../../src/utils/*.d
rm -f ../../src/crypto/*.o
rm -f ../../src/crypto/*.d
-include $(OBJS:%.o=%.d)
clean: common-clean
rm -f core *~

2
hs20/server/ca/ocsp-responder.sh
View File

@ -1,3 +1,3 @@
#!/bin/sh
openssl ocsp -index demoCA/index.txt -port 8888 -nmin 5 -rsigner ocsp.pem -rkey ocsp.key -CA demoCA/cacert.pem -text
openssl ocsp -index demoCA/index.txt -port 8888 -nmin 5 -rsigner ocsp.pem -rkey ocsp.key -CA demoCA/cacert.pem -text -ignore_err

1
hs20/server/ca/ocsp-update-cache.sh
View File

@ -1,5 +1,6 @@
#!/bin/sh
# NOTE: You may need to replace 'localhost' with your OCSP server hostname.
openssl ocsp \
-no_nonce \
-CAfile ca.pem \

2
hs20/server/hs20_spp_server.c
View File

@ -176,7 +176,7 @@ int main(int argc, char *argv[])
ctx.root_dir = optarg;
break;
case 'v':
printf("hs20_spp_server v" VERSION_STR "\n");
printf("hs20_spp_server v%s\n", VERSION_STR);
return 0;
default:
usage();

5
hs20/server/spp_server.c
View File

@ -633,7 +633,7 @@ static xml_node_t * build_username_password(struct hs20_svc *ctx,
add_text_node(ctx, node, "Username", user);
b64 = (char *) base64_encode((unsigned char *) pw, strlen(pw), NULL);
b64 = base64_encode(pw, strlen(pw), NULL);
if (b64 == NULL)
return NULL;
len = os_strlen(b64);
@ -1602,8 +1602,7 @@ static xml_node_t * spp_exec_get_certificate(struct hs20_svc *ctx,
xml_node_create_text(ctx->xml, enroll, ns, "estUserID", user);
b64 = (char *) base64_encode((unsigned char *) password,
strlen(password), NULL);
b64 = base64_encode(password, strlen(password), NULL);
if (b64 == NULL) {
xml_node_free(ctx->xml, spp_node);
return NULL;

4
src/Makefile
View File

@ -5,8 +5,8 @@ all:
for d in $(SUBDIRS); do [ -d $$d ] && $(MAKE) -C $$d; done
clean:
for d in $(SUBDIRS); do [ -d $$d ] && $(MAKE) -C $$d clean; done
rm -f *~
$(Q)for d in $(SUBDIRS); do [ -d $$d ] && $(MAKE) -C $$d clean; done
$(Q)rm -f *~
install:
for d in $(SUBDIRS); do [ -d $$d ] && $(MAKE) -C $$d install; done

18
src/ap/Makefile
View File

@ -1,13 +1,3 @@
all: libap.a
clean:
rm -f *~ *.o *.d *.gcno *.gcda *.gcov libap.a
install:
@echo Nothing to be made.
include ../lib.rules
CFLAGS += -DHOSTAPD
CFLAGS += -DNEED_AP_MLME
CFLAGS += -DCONFIG_ETH_P_OUI
@ -15,11 +5,9 @@ CFLAGS += -DCONFIG_HS20
CFLAGS += -DCONFIG_INTERWORKING
CFLAGS += -DCONFIG_IEEE80211R
CFLAGS += -DCONFIG_IEEE80211R_AP
CFLAGS += -DCONFIG_IEEE80211W
CFLAGS += -DCONFIG_WPS
CFLAGS += -DCONFIG_PROXYARP
CFLAGS += -DCONFIG_IPV6
CFLAGS += -DCONFIG_IAPP
CFLAGS += -DCONFIG_AIRTIME_POLICY
LIB_OBJS= \
@ -42,7 +30,6 @@ LIB_OBJS= \
hostapd.o \
hs20.o \
hw_features.o \
iapp.o \
ieee802_11_auth.o \
ieee802_11.o \
ieee802_11_ht.o \
@ -70,7 +57,4 @@ LIB_OBJS= \
wps_hostapd.o \
x_snoop.o
libap.a: $(LIB_OBJS)
$(AR) crT $@ $?
-include $(OBJS:%.o=%.d)
include ../lib.rules

370
src/ap/acs.c
View File

@ -261,13 +261,13 @@ static void acs_clean_chan_surveys(struct hostapd_channel_data *chan)
}
void acs_cleanup(struct hostapd_iface *iface)
static void acs_cleanup_mode(struct hostapd_hw_modes *mode)
{
int i;
struct hostapd_channel_data *chan;
for (i = 0; i < iface->current_mode->num_channels; i++) {
chan = &iface->current_mode->channels[i];
for (i = 0; i < mode->num_channels; i++) {
chan = &mode->channels[i];
if (chan->flag & HOSTAPD_CHAN_SURVEY_LIST_INITIALIZED)
acs_clean_chan_surveys(chan);
@ -276,6 +276,15 @@ void acs_cleanup(struct hostapd_iface *iface)
chan->flag |= HOSTAPD_CHAN_SURVEY_LIST_INITIALIZED;
chan->min_nf = 0;
}
}
void acs_cleanup(struct hostapd_iface *iface)
{
int i;
for (i = 0; i < iface->num_hw_features; i++)
acs_cleanup_mode(&iface->hw_features[i]);
iface->chans_surveyed = 0;
iface->acs_num_completed_scans = 0;
@ -300,8 +309,6 @@ acs_survey_interference_factor(struct freq_survey *survey, s8 min_nf)
else if (survey->filled & SURVEY_HAS_CHAN_TIME_RX)
busy = survey->channel_time_rx;
else {
/* This shouldn't really happen as survey data is checked in
* acs_sanity_check() */
wpa_printf(MSG_ERROR, "ACS: Survey data missing");
return 0;
}
@ -363,40 +370,47 @@ acs_survey_chan_interference_factor(struct hostapd_iface *iface,
}
static int acs_usable_ht40_chan(const struct hostapd_channel_data *chan)
static int acs_usable_bw40_chan(const struct hostapd_channel_data *chan)
{
const int allowed[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149,
157, 184, 192 };
const int allowed[] = { 5180, 5220, 5260, 5300, 5500, 5540, 5580, 5620,
5660, 5745, 5785, 4920, 4960, 5955, 5995, 6035,
6075, 6115, 6155, 6195, 6235, 6275, 6315, 6355,
6395, 6435, 6475, 6515, 6555, 6595, 6635, 6675,
6715, 6755, 6795, 6835, 6875, 6915, 6955, 6995,
7035, 7075 };
unsigned int i;
for (i = 0; i < ARRAY_SIZE(allowed); i++)
if (chan->chan == allowed[i])
if (chan->freq == allowed[i])
return 1;
return 0;
}
static int acs_usable_vht80_chan(const struct hostapd_channel_data *chan)
static int acs_usable_bw80_chan(const struct hostapd_channel_data *chan)
{
const int allowed[] = { 36, 52, 100, 116, 132, 149 };
const int allowed[] = { 5180, 5260, 5500, 5580, 5660, 5745, 5955, 6035,
6115, 6195, 6275, 6355, 6435, 6515, 6595, 6675,
6755, 6835, 6915, 6995 };
unsigned int i;
for (i = 0; i < ARRAY_SIZE(allowed); i++)
if (chan->chan == allowed[i])
if (chan->freq == allowed[i])
return 1;
return 0;
}
static int acs_usable_vht160_chan(const struct hostapd_channel_data *chan)
static int acs_usable_bw160_chan(const struct hostapd_channel_data *chan)
{
const int allowed[] = { 36, 100 };
const int allowed[] = { 5180, 5500, 5955, 6115, 6275, 6435, 6595, 6755,
6915 };
unsigned int i;
for (i = 0; i < ARRAY_SIZE(allowed); i++)
if (chan->chan == allowed[i])
if (chan->freq == allowed[i])
return 1;
return 0;
@ -453,21 +467,35 @@ static int acs_survey_list_is_sufficient(struct hostapd_channel_data *chan)
}
static int acs_surveys_are_sufficient(struct hostapd_iface *iface)
static int acs_surveys_are_sufficient_mode(struct hostapd_hw_modes *mode)
{
int i;
struct hostapd_channel_data *chan;
int valid = 0;
for (i = 0; i < iface->current_mode->num_channels; i++) {
chan = &iface->current_mode->channels[i];
for (i = 0; i < mode->num_channels; i++) {
chan = &mode->channels[i];
if (!(chan->flag & HOSTAPD_CHAN_DISABLED) &&
acs_survey_list_is_sufficient(chan))
valid++;
return 1;
}
/* We need at least survey data for one channel */
return !!valid;
return 0;
}
static int acs_surveys_are_sufficient(struct hostapd_iface *iface)
{
int i;
struct hostapd_hw_modes *mode;
for (i = 0; i < iface->num_hw_features; i++) {
mode = &iface->hw_features[i];
if (!hostapd_hw_skip_mode(iface, mode) &&
acs_surveys_are_sufficient_mode(mode))
return 1;
}
return 0;
}
@ -489,14 +517,25 @@ static int is_in_chanlist(struct hostapd_iface *iface,
}
static void acs_survey_all_chans_intereference_factor(
struct hostapd_iface *iface)
static int is_in_freqlist(struct hostapd_iface *iface,
struct hostapd_channel_data *chan)
{
if (!iface->conf->acs_freq_list.num)
return 1;
return freq_range_list_includes(&iface->conf->acs_freq_list,
chan->freq);
}
static void acs_survey_mode_interference_factor(
struct hostapd_iface *iface, struct hostapd_hw_modes *mode)
{
int i;
struct hostapd_channel_data *chan;
for (i = 0; i < iface->current_mode->num_channels; i++) {
chan = &iface->current_mode->channels[i];
for (i = 0; i < mode->num_channels; i++) {
chan = &mode->channels[i];
if (!acs_usable_chan(chan))
continue;
@ -504,6 +543,12 @@ static void acs_survey_all_chans_intereference_factor(
if (!is_in_chanlist(iface, chan))
continue;
if (!is_in_freqlist(iface, chan))
continue;
if (chan->max_tx_power < iface->conf->min_tx_power)
continue;
wpa_printf(MSG_DEBUG, "ACS: Survey analysis for channel %d (%d MHz)",
chan->chan, chan->freq);
@ -515,14 +560,28 @@ static void acs_survey_all_chans_intereference_factor(
}
static struct hostapd_channel_data *acs_find_chan(struct hostapd_iface *iface,
int freq)
static void acs_survey_all_chans_interference_factor(
struct hostapd_iface *iface)
{
int i;
struct hostapd_hw_modes *mode;
for (i = 0; i < iface->num_hw_features; i++) {
mode = &iface->hw_features[i];
if (!hostapd_hw_skip_mode(iface, mode))
acs_survey_mode_interference_factor(iface, mode);
}
}
static struct hostapd_channel_data *
acs_find_chan_mode(struct hostapd_hw_modes *mode, int freq)
{
struct hostapd_channel_data *chan;
int i;
for (i = 0; i < iface->current_mode->num_channels; i++) {
chan = &iface->current_mode->channels[i];
for (i = 0; i < mode->num_channels; i++) {
chan = &mode->channels[i];
if (chan->flag & HOSTAPD_CHAN_DISABLED)
continue;
@ -535,6 +594,26 @@ static struct hostapd_channel_data *acs_find_chan(struct hostapd_iface *iface,
}
static struct hostapd_channel_data *
acs_find_chan(struct hostapd_iface *iface, int freq)
{
int i;
struct hostapd_hw_modes *mode;
struct hostapd_channel_data *chan;
for (i = 0; i < iface->num_hw_features; i++) {
mode = &iface->hw_features[i];
if (!hostapd_hw_skip_mode(iface, mode)) {
chan = acs_find_chan_mode(mode, freq);
if (chan)
return chan;
}
}
return NULL;
}
static int is_24ghz_mode(enum hostapd_hw_mode mode)
{
return mode == HOSTAPD_MODE_IEEE80211B ||
@ -565,58 +644,24 @@ static int is_common_24ghz_chan(int chan)
#define ACS_24GHZ_PREFER_1_6_11 0.8
#endif /* ACS_24GHZ_PREFER_1_6_11 */
/*
* At this point it's assumed chan->interface_factor has been computed.
* This function should be reusable regardless of interference computation
* option (survey, BSS, spectral, ...). chan->interference factor must be
* summable (i.e., must be always greater than zero).
*/
static struct hostapd_channel_data *
acs_find_ideal_chan(struct hostapd_iface *iface)
static void
acs_find_ideal_chan_mode(struct hostapd_iface *iface,
struct hostapd_hw_modes *mode,
int n_chans, u32 bw,
struct hostapd_channel_data **rand_chan,
struct hostapd_channel_data **ideal_chan,
long double *ideal_factor)
{
struct hostapd_channel_data *chan, *adj_chan, *ideal_chan = NULL,
*rand_chan = NULL;
long double factor, ideal_factor = 0;
struct hostapd_channel_data *chan, *adj_chan = NULL;
long double factor;
int i, j;
int n_chans = 1;
u32 bw;
unsigned int k;
/* TODO: HT40- support */
if (iface->conf->ieee80211n &&
iface->conf->secondary_channel == -1) {
wpa_printf(MSG_ERROR, "ACS: HT40- is not supported yet. Please try HT40+");
return NULL;
}
if (iface->conf->ieee80211n &&
iface->conf->secondary_channel)
n_chans = 2;
if (iface->conf->ieee80211ac || iface->conf->ieee80211ax) {
switch (hostapd_get_oper_chwidth(iface->conf)) {
case CHANWIDTH_80MHZ:
n_chans = 4;
break;
case CHANWIDTH_160MHZ:
n_chans = 8;
break;
}
}
bw = num_chan_to_bw(n_chans);
/* TODO: VHT/HE80+80. Update acs_adjust_center_freq() too. */
wpa_printf(MSG_DEBUG,
"ACS: Survey analysis for selected bandwidth %d MHz", bw);
for (i = 0; i < iface->current_mode->num_channels; i++) {
for (i = 0; i < mode->num_channels; i++) {
double total_weight;
struct acs_bias *bias, tmp_bias;
chan = &iface->current_mode->channels[i];
chan = &mode->channels[i];
/* Since in the current ACS implementation the first channel is
* always a primary channel, skip channels not available as
@ -628,6 +673,12 @@ acs_find_ideal_chan(struct hostapd_iface *iface)
if (!is_in_chanlist(iface, chan))
continue;
if (!is_in_freqlist(iface, chan))
continue;
if (chan->max_tx_power < iface->conf->min_tx_power)
continue;
if (!chan_bw_allowed(chan, bw, 1, 1)) {
wpa_printf(MSG_DEBUG,
"ACS: Channel %d: BW %u is not supported",
@ -637,31 +688,33 @@ acs_find_ideal_chan(struct hostapd_iface *iface)
/* HT40 on 5 GHz has a limited set of primary channels as per
* 11n Annex J */
if (iface->current_mode->mode == HOSTAPD_MODE_IEEE80211A &&
iface->conf->ieee80211n &&
iface->conf->secondary_channel &&
!acs_usable_ht40_chan(chan)) {
wpa_printf(MSG_DEBUG, "ACS: Channel %d: not allowed as primary channel for HT40",
if (mode->mode == HOSTAPD_MODE_IEEE80211A &&
((iface->conf->ieee80211n &&
iface->conf->secondary_channel) ||
is_6ghz_freq(chan->freq)) &&
!acs_usable_bw40_chan(chan)) {
wpa_printf(MSG_DEBUG,
"ACS: Channel %d: not allowed as primary channel for 40 MHz bandwidth",
chan->chan);
continue;
}
if (iface->current_mode->mode == HOSTAPD_MODE_IEEE80211A &&
if (mode->mode == HOSTAPD_MODE_IEEE80211A &&
(iface->conf->ieee80211ac || iface->conf->ieee80211ax)) {
if (hostapd_get_oper_chwidth(iface->conf) ==
CHANWIDTH_80MHZ &&
!acs_usable_vht80_chan(chan)) {
!acs_usable_bw80_chan(chan)) {
wpa_printf(MSG_DEBUG,
"ACS: Channel %d: not allowed as primary channel for VHT80",
"ACS: Channel %d: not allowed as primary channel for 80 MHz bandwidth",
chan->chan);
continue;
}
if (hostapd_get_oper_chwidth(iface->conf) ==
CHANWIDTH_160MHZ &&
!acs_usable_vht160_chan(chan)) {
!acs_usable_bw160_chan(chan)) {
wpa_printf(MSG_DEBUG,
"ACS: Channel %d: not allowed as primary channel for VHT160",
"ACS: Channel %d: not allowed as primary channel for 160 MHz bandwidth",
chan->chan);
continue;
}
@ -698,7 +751,7 @@ acs_find_ideal_chan(struct hostapd_iface *iface)
/* 2.4 GHz has overlapping 20 MHz channels. Include adjacent
* channel interference factor. */
if (is_24ghz_mode(iface->current_mode->mode)) {
if (is_24ghz_mode(mode->mode)) {
for (j = 0; j < n_chans; j++) {
adj_chan = acs_find_chan(iface, chan->freq +
(j * 20) - 5);
@ -744,7 +797,7 @@ acs_find_ideal_chan(struct hostapd_iface *iface)
break;
bias = NULL;
}
} else if (is_24ghz_mode(iface->current_mode->mode) &&
} else if (is_24ghz_mode(mode->mode) &&
is_common_24ghz_chan(chan->chan)) {
tmp_bias.channel = chan->chan;
tmp_bias.bias = ACS_24GHZ_PREFER_1_6_11;
@ -763,14 +816,78 @@ acs_find_ideal_chan(struct hostapd_iface *iface)
}
if (acs_usable_chan(chan) &&
(!ideal_chan || factor < ideal_factor)) {
ideal_factor = factor;
ideal_chan = chan;
(!*ideal_chan || factor < *ideal_factor)) {
*ideal_factor = factor;
*ideal_chan = chan;
}
/* This channel would at least be usable */
if (!rand_chan)
rand_chan = chan;
if (!(*rand_chan))
*rand_chan = chan;
}
}
/*
* At this point it's assumed chan->interference_factor has been computed.
* This function should be reusable regardless of interference computation
* option (survey, BSS, spectral, ...). chan->interference factor must be
* summable (i.e., must be always greater than zero).
*/
static struct hostapd_channel_data *
acs_find_ideal_chan(struct hostapd_iface *iface)
{
struct hostapd_channel_data *ideal_chan = NULL,
*rand_chan = NULL;
long double ideal_factor = 0;
int i;
int n_chans = 1;
u32 bw;
struct hostapd_hw_modes *mode;
if (is_6ghz_op_class(iface->conf->op_class)) {
bw = op_class_to_bandwidth(iface->conf->op_class);
n_chans = bw / 20;
goto bw_selected;
}
/* TODO: HT40- support */
if (iface->conf->ieee80211n &&
iface->conf->secondary_channel == -1) {
wpa_printf(MSG_ERROR, "ACS: HT40- is not supported yet. Please try HT40+");
return NULL;
}
if (iface->conf->ieee80211n &&
iface->conf->secondary_channel)
n_chans = 2;
if (iface->conf->ieee80211ac || iface->conf->ieee80211ax) {
switch (hostapd_get_oper_chwidth(iface->conf)) {
case CHANWIDTH_80MHZ:
n_chans = 4;
break;
case CHANWIDTH_160MHZ:
n_chans = 8;
break;
}
}
bw = num_chan_to_bw(n_chans);
bw_selected:
/* TODO: VHT/HE80+80. Update acs_adjust_center_freq() too. */
wpa_printf(MSG_DEBUG,
"ACS: Survey analysis for selected bandwidth %d MHz", bw);
for (i = 0; i < iface->num_hw_features; i++) {
mode = &iface->hw_features[i];
if (!hostapd_hw_skip_mode(iface, mode))
acs_find_ideal_chan_mode(iface, mode, n_chans, bw,
&rand_chan, &ideal_chan,
&ideal_factor);
}
if (ideal_chan) {
@ -826,7 +943,7 @@ static int acs_study_survey_based(struct hostapd_iface *iface)
return -1;
}
acs_survey_all_chans_intereference_factor(iface);
acs_survey_all_chans_interference_factor(iface);
return 0;
}
@ -862,6 +979,7 @@ static void acs_study(struct hostapd_iface *iface)
}
iface->conf->channel = ideal_chan->chan;
iface->freq = ideal_chan->freq;
if (iface->conf->ieee80211ac || iface->conf->ieee80211ax)
acs_adjust_center_freq(iface);
@ -917,31 +1035,70 @@ fail:
}
static int acs_request_scan(struct hostapd_iface *iface)
static int * acs_request_scan_add_freqs(struct hostapd_iface *iface,
struct hostapd_hw_modes *mode,
int *freq)
{
struct wpa_driver_scan_params params;
struct hostapd_channel_data *chan;
int i, *freq;
int i;
os_memset(&params, 0, sizeof(params));
params.freqs = os_calloc(iface->current_mode->num_channels + 1,
sizeof(params.freqs[0]));
if (params.freqs == NULL)
return -1;
freq = params.freqs;
for (i = 0; i < iface->current_mode->num_channels; i++) {
chan = &iface->current_mode->channels[i];
for (i = 0; i < mode->num_channels; i++) {
chan = &mode->channels[i];
if (chan->flag & HOSTAPD_CHAN_DISABLED)
continue;
if (!is_in_chanlist(iface, chan))
continue;
if (!is_in_freqlist(iface, chan))
continue;
if (chan->max_tx_power < iface->conf->min_tx_power)
continue;
*freq++ = chan->freq;
}
return freq;
}
static int acs_request_scan(struct hostapd_iface *iface)
{
struct wpa_driver_scan_params params;
int i, *freq;
int num_channels;
struct hostapd_hw_modes *mode;
os_memset(&params, 0, sizeof(params));
num_channels = 0;
for (i = 0; i < iface->num_hw_features; i++) {
mode = &iface->hw_features[i];
if (!hostapd_hw_skip_mode(iface, mode))
num_channels += mode->num_channels;
}
params.freqs = os_calloc(num_channels + 1, sizeof(params.freqs[0]));
if (params.freqs == NULL)
return -1;
freq = params.freqs;
for (i = 0; i < iface->num_hw_features; i++) {
mode = &iface->hw_features[i];
if (!hostapd_hw_skip_mode(iface, mode))
freq = acs_request_scan_add_freqs(iface, mode, freq);
}
*freq = 0;
if (params.freqs == freq) {
wpa_printf(MSG_ERROR, "ACS: No available channels found");
os_free(params.freqs);
return -1;
}
iface->scan_cb = acs_scan_complete;
wpa_printf(MSG_DEBUG, "ACS: Scanning %d / %d",
@ -971,7 +1128,8 @@ enum hostapd_chan_status acs_init(struct hostapd_iface *iface)
return HOSTAPD_CHAN_ACS;
}
if (!iface->current_mode)
if (!iface->current_mode &&
iface->conf->hw_mode != HOSTAPD_MODE_IEEE80211ANY)
return HOSTAPD_CHAN_INVALID;
acs_cleanup(iface);

12
src/ap/airtime_policy.c
View File

@ -79,6 +79,10 @@ static void count_backlogged_sta(struct hostapd_data *hapd)
for (sta = hapd->sta_list; sta; sta = sta->next) {
if (hostapd_drv_read_sta_data(hapd, &data, sta->addr))
continue;
#ifdef CONFIG_TESTING_OPTIONS
if (hapd->force_backlog_bytes)
data.backlog_bytes = 1;
#endif /* CONFIG_TESTING_OPTIONS */
if (data.backlog_bytes > 0)
set_new_backlog_time(hapd, sta, &now);
@ -134,8 +138,8 @@ static void update_airtime_weights(void *eloop_data, void *user_data)
unsigned int num_sta_min = 0, num_sta_prod = 1, num_sta_sum = 0,
wt_sum = 0;
unsigned int quantum;
Boolean all_div_min = TRUE;
Boolean apply_limit = iface->conf->airtime_mode == AIRTIME_MODE_DYNAMIC;
bool all_div_min = true;
bool apply_limit = iface->conf->airtime_mode == AIRTIME_MODE_DYNAMIC;
int wt, num_bss = 0, max_wt = 0;
size_t i;
@ -169,7 +173,7 @@ static void update_airtime_weights(void *eloop_data, void *user_data)
* integers. */
if (bss->num_backlogged_sta &&
bss->num_backlogged_sta % num_sta_min > 0)
all_div_min = FALSE;
all_div_min = false;
/* If we're in LIMIT mode, we only apply the weight
* scaling when the BSS(es) marked as limited would a
@ -178,7 +182,7 @@ static void update_airtime_weights(void *eloop_data, void *user_data)
if (!apply_limit && bss->conf->airtime_limit) {
if (bss->num_backlogged_sta * wt_sum >
bss->conf->airtime_weight * num_sta_sum)
apply_limit = TRUE;
apply_limit = true;
}
}
if (all_div_min)

307
src/ap/ap_config.c
View File

@ -16,6 +16,7 @@
#include "common/ieee802_1x_defs.h"
#include "common/eapol_common.h"
#include "common/dhcp.h"
#include "common/sae.h"
#include "eap_common/eap_wsc_common.h"
#include "eap_server/eap.h"
#include "wpa_auth.h"
@ -53,23 +54,33 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
bss->logger_syslog = (unsigned int) -1;
bss->logger_stdout = (unsigned int) -1;
#ifdef CONFIG_WEP
bss->auth_algs = WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED;
bss->wep_rekeying_period = 300;
/* use key0 in individual key and key1 in broadcast key */
bss->broadcast_key_idx_min = 1;
bss->broadcast_key_idx_max = 2;
#else /* CONFIG_WEP */
bss->auth_algs = WPA_AUTH_ALG_OPEN;
#endif /* CONFIG_WEP */
bss->eap_reauth_period = 3600;
bss->wpa_group_rekey = 600;
bss->wpa_gmk_rekey = 86400;
bss->wpa_deny_ptk0_rekey = PTK0_REKEY_ALLOW_ALWAYS;
bss->wpa_group_update_count = 4;
bss->wpa_pairwise_update_count = 4;
bss->wpa_disable_eapol_key_retries =
DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES;
bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
#ifdef CONFIG_NO_TKIP
bss->wpa_pairwise = WPA_CIPHER_CCMP;
bss->wpa_group = WPA_CIPHER_CCMP;
#else /* CONFIG_NO_TKIP */
bss->wpa_pairwise = WPA_CIPHER_TKIP;
bss->wpa_group = WPA_CIPHER_TKIP;
#endif /* CONFIG_NO_TKIP */
bss->rsn_pairwise = 0;
bss->max_num_sta = MAX_STA_COUNT;
@ -86,11 +97,9 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
bss->pwd_group = 19; /* ECC: GF(p=256) */
#ifdef CONFIG_IEEE80211W
bss->assoc_sa_query_max_timeout = 1000;
bss->assoc_sa_query_retry_timeout = 201;
bss->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
#endif /* CONFIG_IEEE80211W */
#ifdef EAP_SERVER_FAST
/* both anonymous and authenticated provisioning */
bss->eap_fast_prov = 3;
@ -112,7 +121,7 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
bss->radius_das_time_window = 300;
bss->sae_anti_clogging_threshold = 5;
bss->anti_clogging_threshold = 5;
bss->sae_sync = 5;
bss->gas_frag_limit = 1400;
@ -122,6 +131,7 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
bss->fils_hlp_wait_time = 30;
bss->dhcp_server_port = DHCP_SERVER_PORT;
bss->dhcp_relay_port = DHCP_SERVER_PORT;
bss->fils_discovery_min_int = 20;
#endif /* CONFIG_FILS */
bss->broadcast_deauth = 1;
@ -135,6 +145,9 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
* completed and tested with other implementations. */
bss->tls_flags = TLS_CONN_DISABLE_TLSv1_3;
bss->max_auth_rounds = 100;
bss->max_auth_rounds_short = 50;
bss->send_probe_response = 1;
#ifdef CONFIG_HS20
@ -148,6 +161,15 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
/* Default to strict CRL checking. */
bss->check_crl_strict = 1;
#ifdef CONFIG_TESTING_OPTIONS
bss->sae_commit_status = -1;
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_PASN
/* comeback after 10 TUs */
bss->pasn_comeback_after = 10;
#endif /* CONFIG_PASN */
}
@ -249,6 +271,14 @@ struct hostapd_config * hostapd_config_defaults(void)
HE_OPERATION_RTS_THRESHOLD_OFFSET;
/* Set default basic MCS/NSS set to single stream MCS 0-7 */
conf->he_op.he_basic_mcs_nss_set = 0xfffc;
conf->he_op.he_bss_color_disabled = 1;
conf->he_op.he_bss_color_partial = 0;
conf->he_op.he_bss_color = os_random() % 63 + 1;
conf->he_op.he_twt_responder = 1;
conf->he_6ghz_max_mpdu = 2;
conf->he_6ghz_max_ampdu_len_exp = 7;
conf->he_6ghz_rx_ant_pat = 1;
conf->he_6ghz_tx_ant_pat = 1;
#endif /* CONFIG_IEEE80211AX */
/* The third octet of the country string uses an ASCII space character
@ -299,6 +329,7 @@ static int hostapd_config_read_wpa_psk(const char *fname,
while (fgets(buf, sizeof(buf), f)) {
int vlan_id = 0;
int wps = 0;
line++;
@ -329,6 +360,8 @@ static int hostapd_config_read_wpa_psk(const char *fname,
value = "";
if (!os_strcmp(name, "keyid")) {
keyid = value;
} else if (!os_strcmp(name, "wps")) {
wps = atoi(value);
} else if (!os_strcmp(name, "vlanid")) {
vlan_id = atoi(value);
} else {
@ -346,8 +379,9 @@ static int hostapd_config_read_wpa_psk(const char *fname,
if (!token)
token = "";
if (hwaddr_aton(token, addr)) {
wpa_printf(MSG_ERROR, "Invalid MAC address '%s' on "
"line %d in '%s'", token, line, fname);
wpa_printf(MSG_ERROR,
"Invalid MAC address '%s' on line %d in '%s'",
token, line, fname);
ret = -1;
break;
}
@ -375,16 +409,17 @@ static int hostapd_config_read_wpa_psk(const char *fname,
ok = 0;
len = os_strlen(pos);
if (len == 64 && hexstr2bin(pos, psk->psk, PMK_LEN) == 0)
if (len == 2 * PMK_LEN &&
hexstr2bin(pos, psk->psk, PMK_LEN) == 0)
ok = 1;
else if (len >= 8 && len < 64) {
pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len,
4096, psk->psk, PMK_LEN);
else if (len >= 8 && len < 64 &&
pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len,
4096, psk->psk, PMK_LEN) == 0)
ok = 1;
}
if (!ok) {
wpa_printf(MSG_ERROR, "Invalid PSK '%s' on line %d in "
"'%s'", pos, line, fname);
wpa_printf(MSG_ERROR,
"Invalid PSK '%s' on line %d in '%s'",
pos, line, fname);
os_free(psk);
ret = -1;
break;
@ -402,6 +437,8 @@ static int hostapd_config_read_wpa_psk(const char *fname,
}
}
psk->wps = wps;
psk->next = ssid->wpa_psk;
ssid->wpa_psk = psk;
}
@ -433,10 +470,53 @@ static int hostapd_derive_psk(struct hostapd_ssid *ssid)
}
int hostapd_setup_sae_pt(struct hostapd_bss_config *conf)
{
#ifdef CONFIG_SAE
struct hostapd_ssid *ssid = &conf->ssid;
struct sae_password_entry *pw;
if ((conf->sae_pwe == 0 && !hostapd_sae_pw_id_in_use(conf) &&
!hostapd_sae_pk_in_use(conf)) ||
conf->sae_pwe == 3 ||
!wpa_key_mgmt_sae(conf->wpa_key_mgmt))
return 0; /* PT not needed */
sae_deinit_pt(ssid->pt);
ssid->pt = NULL;
if (ssid->wpa_passphrase) {
ssid->pt = sae_derive_pt(conf->sae_groups, ssid->ssid,
ssid->ssid_len,
(const u8 *) ssid->wpa_passphrase,
os_strlen(ssid->wpa_passphrase),
NULL);
if (!ssid->pt)
return -1;
}
for (pw = conf->sae_passwords; pw; pw = pw->next) {
sae_deinit_pt(pw->pt);
pw->pt = sae_derive_pt(conf->sae_groups, ssid->ssid,
ssid->ssid_len,
(const u8 *) pw->password,
os_strlen(pw->password),
pw->identifier);
if (!pw->pt)
return -1;
}
#endif /* CONFIG_SAE */
return 0;
}
int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
{
struct hostapd_ssid *ssid = &conf->ssid;
if (hostapd_setup_sae_pt(conf) < 0)
return -1;
if (ssid->wpa_passphrase != NULL) {
if (ssid->wpa_psk != NULL) {
wpa_printf(MSG_DEBUG, "Using pre-configured WPA PSK "
@ -581,6 +661,7 @@ void hostapd_config_free_eap_users(struct hostapd_eap_user *user)
}
#ifdef CONFIG_WEP
static void hostapd_config_free_wep(struct hostapd_wep_keys *keys)
{
int i;
@ -589,6 +670,7 @@ static void hostapd_config_free_wep(struct hostapd_wep_keys *keys)
keys->key[i] = NULL;
}
}
#endif /* CONFIG_WEP */
void hostapd_config_clear_wpa_psk(struct hostapd_wpa_psk **l)
@ -642,6 +724,12 @@ static void hostapd_config_free_sae_passwords(struct hostapd_bss_config *conf)
pw = pw->next;
str_clear_free(tmp->password);
os_free(tmp->identifier);
#ifdef CONFIG_SAE
sae_deinit_pt(tmp->pt);
#endif /* CONFIG_SAE */
#ifdef CONFIG_SAE_PK
sae_deinit_pk(tmp->pk);
#endif /* CONFIG_SAE_PK */
os_free(tmp);
}
}
@ -674,10 +762,15 @@ void hostapd_config_free_bss(struct hostapd_bss_config *conf)
str_clear_free(conf->ssid.wpa_passphrase);
os_free(conf->ssid.wpa_psk_file);
#ifdef CONFIG_WEP
hostapd_config_free_wep(&conf->ssid.wep);
#endif /* CONFIG_WEP */
#ifdef CONFIG_FULL_DYNAMIC_VLAN
os_free(conf->ssid.vlan_tagged_interface);
#endif /* CONFIG_FULL_DYNAMIC_VLAN */
#ifdef CONFIG_SAE
sae_deinit_pt(conf->ssid.pt);
#endif /* CONFIG_SAE */
hostapd_config_free_eap_users(conf->eap_user);
os_free(conf->eap_user_sqlite);
@ -692,6 +785,7 @@ void hostapd_config_free_bss(struct hostapd_bss_config *conf)
conf->radius->num_auth_servers);
hostapd_config_free_radius(conf->radius->acct_servers,
conf->radius->num_acct_servers);
os_free(conf->radius->force_client_dev);
}
hostapd_config_free_radius_attr(conf->radius_auth_req_attr);
hostapd_config_free_radius_attr(conf->radius_acct_req_attr);
@ -765,6 +859,7 @@ void hostapd_config_free_bss(struct hostapd_bss_config *conf)
os_free(conf->upc);
for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++)
wpabuf_free(conf->wps_vendor_ext[i]);
wpabuf_free(conf->wps_application_ext);
wpabuf_free(conf->wps_nfc_dh_pubkey);
wpabuf_free(conf->wps_nfc_dh_privkey);
wpabuf_free(conf->wps_nfc_dev_pw);
@ -832,6 +927,12 @@ void hostapd_config_free_bss(struct hostapd_bss_config *conf)
#ifdef CONFIG_TESTING_OPTIONS
wpabuf_free(conf->own_ie_override);
wpabuf_free(conf->sae_commit_override);
wpabuf_free(conf->rsne_override_eapol);
wpabuf_free(conf->rsnxe_override_eapol);
wpabuf_free(conf->rsne_override_ft);
wpabuf_free(conf->rsnxe_override_ft);
wpabuf_free(conf->gtk_rsc_override);
wpabuf_free(conf->igtk_rsc_override);
#endif /* CONFIG_TESTING_OPTIONS */
os_free(conf->no_probe_resp_if_seen_on);
@ -840,6 +941,8 @@ void hostapd_config_free_bss(struct hostapd_bss_config *conf)
hostapd_config_free_fils_realms(conf);
#ifdef CONFIG_DPP
os_free(conf->dpp_name);
os_free(conf->dpp_mud_url);
os_free(conf->dpp_connector);
wpabuf_free(conf->dpp_netaccesskey);
wpabuf_free(conf->dpp_csign);
@ -864,6 +967,10 @@ void hostapd_config_free_bss(struct hostapd_bss_config *conf)
}
#endif /* CONFIG_AIRTIME_POLICY */
#ifdef CONFIG_PASN
os_free(conf->pasn_groups);
#endif /* CONFIG_PASN */
os_free(conf);
}
@ -885,6 +992,7 @@ void hostapd_config_free(struct hostapd_config *conf)
os_free(conf->supported_rates);
os_free(conf->basic_rates);
os_free(conf->acs_ch_list.range);
os_free(conf->acs_freq_list.range);
os_free(conf->driver_params);
#ifdef CONFIG_ACS
os_free(conf->acs_chan_bias);
@ -1027,10 +1135,85 @@ const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
}
#ifdef CONFIG_SAE_PK
static bool hostapd_sae_pk_password_without_pk(struct hostapd_bss_config *bss)
{
struct sae_password_entry *pw;
bool res = false;
if (bss->ssid.wpa_passphrase &&
#ifdef CONFIG_TESTING_OPTIONS
!bss->sae_pk_password_check_skip &&
#endif /* CONFIG_TESTING_OPTIONS */
sae_pk_valid_password(bss->ssid.wpa_passphrase))
res = true;
for (pw = bss->sae_passwords; pw; pw = pw->next) {
if (!pw->pk &&
#ifdef CONFIG_TESTING_OPTIONS
!bss->sae_pk_password_check_skip &&
#endif /* CONFIG_TESTING_OPTIONS */
sae_pk_valid_password(pw->password))
return true;
if (bss->ssid.wpa_passphrase && res && pw->pk &&
os_strcmp(bss->ssid.wpa_passphrase, pw->password) == 0)
res = false;
}
return res;
}
#endif /* CONFIG_SAE_PK */
static bool hostapd_config_check_bss_6g(struct hostapd_bss_config *bss)
{
if (bss->wpa != WPA_PROTO_RSN) {
wpa_printf(MSG_ERROR,
"Pre-RSNA security methods are not allowed in 6 GHz");
return false;
}
if (bss->ieee80211w != MGMT_FRAME_PROTECTION_REQUIRED) {
wpa_printf(MSG_ERROR,
"Management frame protection is required in 6 GHz");
return false;
}
if (bss->wpa_key_mgmt & (WPA_KEY_MGMT_PSK |
WPA_KEY_MGMT_FT_PSK |
WPA_KEY_MGMT_PSK_SHA256)) {
wpa_printf(MSG_ERROR, "Invalid AKM suite for 6 GHz");
return false;
}
if (bss->rsn_pairwise & (WPA_CIPHER_WEP40 |
WPA_CIPHER_WEP104 |
WPA_CIPHER_TKIP)) {
wpa_printf(MSG_ERROR,
"Invalid pairwise cipher suite for 6 GHz");
return false;
}
if (bss->wpa_group & (WPA_CIPHER_WEP40 |
WPA_CIPHER_WEP104 |
WPA_CIPHER_TKIP)) {
wpa_printf(MSG_ERROR, "Invalid group cipher suite for 6 GHz");
return false;
}
return true;
}
static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
struct hostapd_config *conf,
int full_config)
{
if (full_config && is_6ghz_op_class(conf->op_class) &&
!hostapd_config_check_bss_6g(bss))
return -1;
if (full_config && bss->ieee802_1x && !bss->eap_server &&
!bss->radius->auth_servers) {
wpa_printf(MSG_ERROR, "Invalid IEEE 802.1X configuration (no "
@ -1038,6 +1221,7 @@ static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
return -1;
}
#ifdef CONFIG_WEP
if (bss->wpa) {
int wep, i;
@ -1055,6 +1239,7 @@ static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
return -1;
}
}
#endif /* CONFIG_WEP */
if (full_config && bss->wpa &&
bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&
@ -1102,52 +1287,75 @@ static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
}
#endif /* CONFIG_IEEE80211R_AP */
#ifdef CONFIG_IEEE80211N
if (full_config && conf->ieee80211n &&
conf->hw_mode == HOSTAPD_MODE_IEEE80211B) {
bss->disable_11n = 1;
bss->disable_11n = true;
wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) in 11b mode is not "
"allowed, disabling HT capabilities");
}
#ifdef CONFIG_WEP
if (full_config && conf->ieee80211n &&
bss->ssid.security_policy == SECURITY_STATIC_WEP) {
bss->disable_11n = 1;
bss->disable_11n = true;
wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WEP is not "
"allowed, disabling HT capabilities");
}
#endif /* CONFIG_WEP */
if (full_config && conf->ieee80211n && bss->wpa &&
!(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
!(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
{
bss->disable_11n = 1;
bss->disable_11n = true;
wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WPA/WPA2 "
"requires CCMP/GCMP to be enabled, disabling HT "
"capabilities");
}
#endif /* CONFIG_IEEE80211N */
#ifdef CONFIG_IEEE80211AC
#ifdef CONFIG_WEP
if (full_config && conf->ieee80211ac &&
bss->ssid.security_policy == SECURITY_STATIC_WEP) {
bss->disable_11ac = 1;
bss->disable_11ac = true;
wpa_printf(MSG_ERROR,
"VHT (IEEE 802.11ac) with WEP is not allowed, disabling VHT capabilities");
}
#endif /* CONFIG_WEP */
if (full_config && conf->ieee80211ac && bss->wpa &&
!(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
!(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
{
bss->disable_11ac = 1;
bss->disable_11ac = true;
wpa_printf(MSG_ERROR,
"VHT (IEEE 802.11ac) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling VHT capabilities");
}
#endif /* CONFIG_IEEE80211AC */
#ifdef CONFIG_IEEE80211AX
#ifdef CONFIG_WEP
if (full_config && conf->ieee80211ax &&
bss->ssid.security_policy == SECURITY_STATIC_WEP) {
bss->disable_11ax = true;
wpa_printf(MSG_ERROR,
"HE (IEEE 802.11ax) with WEP is not allowed, disabling HE capabilities");
}
#endif /* CONFIG_WEP */
if (full_config && conf->ieee80211ax && bss->wpa &&
!(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
!(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
{
bss->disable_11ax = true;
wpa_printf(MSG_ERROR,
"HE (IEEE 802.11ax) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling HE capabilities");
}
#endif /* CONFIG_IEEE80211AX */
#ifdef CONFIG_WPS
if (full_config && bss->wps_state && bss->ignore_broadcast_ssid) {
wpa_printf(MSG_INFO, "WPS: ignore_broadcast_ssid "
@ -1155,12 +1363,14 @@ static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
bss->wps_state = 0;
}
#ifdef CONFIG_WEP
if (full_config && bss->wps_state &&
bss->ssid.wep.keys_set && bss->wpa == 0) {
wpa_printf(MSG_INFO, "WPS: WEP configuration forced WPS to be "
"disabled");
bss->wps_state = 0;
}
#endif /* CONFIG_WEP */
if (full_config && bss->wps_state && bss->wpa &&
(!(bss->wpa & 2) ||
@ -1204,6 +1414,24 @@ static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
}
#endif /* CONFIG_OCV */
#ifdef CONFIG_SAE_PK
if (full_config && hostapd_sae_pk_in_use(bss) &&
hostapd_sae_pk_password_without_pk(bss)) {
wpa_printf(MSG_ERROR,
"SAE-PK: SAE password uses SAE-PK style, but does not have PK configured");
return -1;
}
#endif /* CONFIG_SAE_PK */
#ifdef CONFIG_FILS
if (full_config && bss->fils_discovery_min_int &&
bss->unsol_bcast_probe_resp_interval) {
wpa_printf(MSG_ERROR,
"Cannot enable both FILS discovery and unsolicited broadcast Probe Response at the same time");
return -1;
}
#endif /* CONFIG_FILS */
return 0;
}
@ -1284,11 +1512,13 @@ int hostapd_config_check(struct hostapd_config *conf, int full_config)
void hostapd_set_security_params(struct hostapd_bss_config *bss,
int full_config)
{
#ifdef CONFIG_WEP
if (bss->individual_wep_key_len == 0) {
/* individual keys are not use; can use key idx0 for
* broadcast keys */
bss->broadcast_key_idx_min = 0;
}
#endif /* CONFIG_WEP */
if ((bss->wpa & 2) && bss->rsn_pairwise == 0)
bss->rsn_pairwise = bss->wpa_pairwise;
@ -1314,6 +1544,7 @@ void hostapd_set_security_params(struct hostapd_bss_config *bss,
} else if (bss->ieee802_1x) {
int cipher = WPA_CIPHER_NONE;
bss->ssid.security_policy = SECURITY_IEEE_802_1X;
#ifdef CONFIG_WEP
bss->ssid.wep.default_len = bss->default_wep_key_len;
if (full_config && bss->default_wep_key_len) {
cipher = bss->default_wep_key_len >= 13 ?
@ -1324,11 +1555,13 @@ void hostapd_set_security_params(struct hostapd_bss_config *bss,
else
cipher = WPA_CIPHER_WEP40;
}
#endif /* CONFIG_WEP */
bss->wpa_group = cipher;
bss->wpa_pairwise = cipher;
bss->rsn_pairwise = cipher;
if (full_config)
bss->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
#ifdef CONFIG_WEP
} else if (bss->ssid.wep.keys_set) {
int cipher = WPA_CIPHER_WEP40;
if (bss->ssid.wep.len[0] >= 13)
@ -1339,6 +1572,7 @@ void hostapd_set_security_params(struct hostapd_bss_config *bss,
bss->rsn_pairwise = cipher;
if (full_config)
bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
#endif /* CONFIG_WEP */
} else if (bss->osen) {
bss->ssid.security_policy = SECURITY_OSEN;
bss->wpa_group = WPA_CIPHER_CCMP;
@ -1377,3 +1611,38 @@ int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf)
return 2;
return with_id;
}
bool hostapd_sae_pk_in_use(struct hostapd_bss_config *conf)
{
#ifdef CONFIG_SAE_PK
struct sae_password_entry *pw;
for (pw = conf->sae_passwords; pw; pw = pw->next) {
if (pw->pk)
return true;
}
#endif /* CONFIG_SAE_PK */
return false;
}
#ifdef CONFIG_SAE_PK
bool hostapd_sae_pk_exclusively(struct hostapd_bss_config *conf)
{
bool with_pk = false;
struct sae_password_entry *pw;
if (conf->ssid.wpa_passphrase)
return false;
for (pw = conf->sae_passwords; pw; pw = pw->next) {
if (!pw->pk)
return false;
with_pk = true;
}
return with_pk;
}
#endif /* CONFIG_SAE_PK */

141
src/ap/ap_config.h
View File

@ -51,6 +51,7 @@ struct mesh_conf {
int dot11MeshRetryTimeout; /* msec */
int dot11MeshConfirmTimeout; /* msec */
int dot11MeshHoldingTimeout; /* msec */
int mesh_fwding;
};
#define MAX_STA_COUNT 2007
@ -67,6 +68,7 @@ struct hostapd_radius_servers;
struct ft_remote_r0kh;
struct ft_remote_r1kh;
#ifdef CONFIG_WEP
#define NUM_WEP_KEYS 4
struct hostapd_wep_keys {
u8 idx;
@ -75,10 +77,13 @@ struct hostapd_wep_keys {
int keys_set;
size_t default_len; /* key length used for dynamic key generation */
};
#endif /* CONFIG_WEP */
typedef enum hostap_security_policy {
SECURITY_PLAINTEXT = 0,
#ifdef CONFIG_WEP
SECURITY_STATIC_WEP = 1,
#endif /* CONFIG_WEP */
SECURITY_IEEE_802_1X = 2,
SECURITY_WPA_PSK = 3,
SECURITY_WPA = 4,
@ -88,6 +93,7 @@ typedef enum hostap_security_policy {
struct hostapd_ssid {
u8 ssid[SSID_MAX_LEN];
size_t ssid_len;
u32 short_ssid;
unsigned int ssid_set:1;
unsigned int utf8_ssid:1;
unsigned int wpa_passphrase_set:1;
@ -99,8 +105,11 @@ struct hostapd_ssid {
struct hostapd_wpa_psk *wpa_psk;
char *wpa_passphrase;
char *wpa_psk_file;
struct sae_pt *pt;
#ifdef CONFIG_WEP
struct hostapd_wep_keys wep;
#endif /* CONFIG_WEP */
#define DYNAMIC_VLAN_DISABLED 0
#define DYNAMIC_VLAN_OPTIONAL 1
@ -150,6 +159,7 @@ struct hostapd_wpa_psk {
struct hostapd_wpa_psk *next;
int group;
char keyid[KEYID_LEN];
int wps;
u8 psk[PMK_LEN];
u8 addr[ETH_ALEN];
u8 p2p_dev_addr[ETH_ALEN];
@ -188,15 +198,6 @@ struct hostapd_radius_attr {
#define NUM_TX_QUEUES 4
struct hostapd_tx_queue_params {
int aifs;
int cwmin;
int cwmax;
int burst; /* maximum burst time in 0.1 ms, i.e., 10 = 1 ms */
};
#define MAX_ROAMING_CONSORTIUM_LEN 15
struct hostapd_roaming_consortium {
@ -251,6 +252,8 @@ struct sae_password_entry {
char *identifier;
u8 peer_addr[ETH_ALEN];
int vlan_id;
struct sae_pt *pt;
struct sae_pk *pk;
};
struct dpp_controller_conf {
@ -265,6 +268,8 @@ struct airtime_sta_weight {
u8 addr[ETH_ALEN];
};
#define EXT_CAPA_MAX_LEN 15
/**
* struct hostapd_bss_config - Per-BSS configuration
*/
@ -317,18 +322,16 @@ struct hostapd_bss_config {
size_t eap_req_id_text_len;
int eapol_key_index_workaround;
#ifdef CONFIG_WEP
size_t default_wep_key_len;
int individual_wep_key_len;
int wep_rekeying_period;
int broadcast_key_idx_min, broadcast_key_idx_max;
#endif /* CONFIG_WEP */
int eap_reauth_period;
int erp_send_reauth_start;
char *erp_domain;
int ieee802_11f; /* use IEEE 802.11f (IAPP) */
char iapp_iface[IFNAMSIZ + 1]; /* interface used with IAPP broadcast
* frames */
enum macaddr_acl {
ACCEPT_UNLESS_DENIED = 0,
DENY_UNLESS_ACCEPTED = 1,
@ -346,15 +349,15 @@ struct hostapd_bss_config {
* algorithms, WPA_AUTH_ALG_{OPEN,SHARED,LEAP} */
int wpa; /* bitfield of WPA_PROTO_WPA, WPA_PROTO_RSN */
int extended_key_id;
int wpa_key_mgmt;
#ifdef CONFIG_IEEE80211W
enum mfp_options ieee80211w;
int group_mgmt_cipher;
int beacon_prot;
/* dot11AssociationSAQueryMaximumTimeout (in TUs) */
unsigned int assoc_sa_query_max_timeout;
/* dot11AssociationSAQueryRetryTimeout (in TUs) */
int assoc_sa_query_retry_timeout;
#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_OCV
int ocv; /* Operating Channel Validation */
#endif /* CONFIG_OCV */
@ -371,6 +374,7 @@ struct hostapd_bss_config {
int wpa_strict_rekey;
int wpa_gmk_rekey;
int wpa_ptk_rekey;
enum ptk0_rekey_handling wpa_deny_ptk0_rekey;
u32 wpa_group_update_count;
u32 wpa_pairwise_update_count;
int wpa_disable_eapol_key_retries;
@ -415,6 +419,8 @@ struct hostapd_bss_config {
unsigned int crl_reload_interval;
unsigned int tls_session_lifetime;
unsigned int tls_flags;
unsigned int max_auth_rounds;
unsigned int max_auth_rounds_short;
char *ocsp_stapling_response;
char *ocsp_stapling_response_multi;
char *dh_file;
@ -429,6 +435,8 @@ struct hostapd_bss_config {
int pac_key_refresh_time;
int eap_teap_auth;
int eap_teap_pac_no_inner;
int eap_teap_separate_result;
int eap_teap_id;
int eap_sim_aka_result_ind;
int eap_sim_id;
int tnc;
@ -497,6 +505,7 @@ struct hostapd_bss_config {
char *model_url;
char *upc;
struct wpabuf *wps_vendor_ext[MAX_WPS_VENDOR_EXTENSIONS];
struct wpabuf *wps_application_ext;
int wps_nfc_pw_from_config;
int wps_nfc_dev_pw_id;
struct wpabuf *wps_nfc_dh_pubkey;
@ -525,8 +534,9 @@ struct hostapd_bss_config {
#define TDLS_PROHIBIT BIT(0)
#define TDLS_PROHIBIT_CHAN_SWITCH BIT(1)
int tdls;
int disable_11n;
int disable_11ac;
bool disable_11n;
bool disable_11ac;
bool disable_11ax;
/* IEEE 802.11v */
int time_advertisement;
@ -648,9 +658,11 @@ struct hostapd_bss_config {
struct wpabuf *vendor_elements;
struct wpabuf *assocresp_elements;
unsigned int sae_anti_clogging_threshold;
unsigned int anti_clogging_threshold;
unsigned int sae_sync;
int sae_require_mfp;
int sae_confirm_immediate;
int sae_pwe;
int *sae_groups;
struct sae_password_entry *sae_passwords;
@ -661,11 +673,31 @@ struct hostapd_bss_config {
u8 bss_load_test_set;
struct wpabuf *own_ie_override;
int sae_reflection_attack;
int sae_commit_status;
int sae_pk_omit;
int sae_pk_password_check_skip;
struct wpabuf *sae_commit_override;
struct wpabuf *rsne_override_eapol;
struct wpabuf *rsnxe_override_eapol;
struct wpabuf *rsne_override_ft;
struct wpabuf *rsnxe_override_ft;
struct wpabuf *gtk_rsc_override;
struct wpabuf *igtk_rsc_override;
int no_beacon_rsnxe;
int skip_prune_assoc;
int ft_rsnxe_used;
unsigned int oci_freq_override_eapol_m3;
unsigned int oci_freq_override_eapol_g1;
unsigned int oci_freq_override_saquery_req;
unsigned int oci_freq_override_saquery_resp;
unsigned int oci_freq_override_ft_assoc;
unsigned int oci_freq_override_fils_assoc;
unsigned int oci_freq_override_wnm_sleep;
#endif /* CONFIG_TESTING_OPTIONS */
#define MESH_ENABLED BIT(0)
int mesh;
int mesh_fwding;
u8 radio_measurements[RRM_CAPABILITIES_IE_LEN];
@ -702,19 +734,27 @@ struct hostapd_bss_config {
unsigned int fils_hlp_wait_time;
u16 dhcp_server_port;
u16 dhcp_relay_port;
u32 fils_discovery_min_int;
u32 fils_discovery_max_int;
#endif /* CONFIG_FILS */
int multicast_to_unicast;
int broadcast_deauth;
int notify_mgmt_frames;
#ifdef CONFIG_DPP
char *dpp_name;
char *dpp_mud_url;
char *dpp_connector;
struct wpabuf *dpp_netaccesskey;
unsigned int dpp_netaccesskey_expiry;
struct wpabuf *dpp_csign;
#ifdef CONFIG_DPP2
struct dpp_controller_conf *dpp_controller;
int dpp_configurator_connectivity;
int dpp_pfs;
#endif /* CONFIG_DPP2 */
#endif /* CONFIG_DPP */
@ -724,12 +764,15 @@ struct hostapd_bss_config {
size_t owe_transition_ssid_len;
char owe_transition_ifname[IFNAMSIZ + 1];
int *owe_groups;
int owe_ptk_workaround;
#endif /* CONFIG_OWE */
int coloc_intf_reporting;
u8 send_probe_response;
u8 transition_disable;
#define BACKHAUL_BSS 1
#define FRONTHAUL_BSS 2
int multi_ap; /* bitmap of BACKHAUL_BSS, FRONTHAUL_BSS */
@ -827,15 +870,43 @@ struct hostapd_bss_config {
*/
u8 mka_psk_set;
#endif /* CONFIG_MACSEC */
#ifdef CONFIG_PASN
#ifdef CONFIG_TESTING_OPTIONS
/*
* Normally, KDK should be derived if and only if both sides support
* secure LTF. Allow forcing KDK derivation for testing purposes.
*/
int force_kdk_derivation;
/* If set, corrupt the MIC in the 2nd Authentication frame of PASN */
int pasn_corrupt_mic;
#endif /* CONFIG_TESTING_OPTIONS */
int *pasn_groups;
/*
* The time in TUs after which the non-AP STA is requested to retry the
* PASN authentication in case there are too many parallel operations.
*/
u16 pasn_comeback_after;
#endif /* CONFIG_PASN */
unsigned int unsol_bcast_probe_resp_interval;
u8 ext_capa_mask[EXT_CAPA_MAX_LEN];
u8 ext_capa[EXT_CAPA_MAX_LEN];
u8 rnr;
};
/**
* struct he_phy_capabilities_info - HE PHY capabilities
*/
struct he_phy_capabilities_info {
Boolean he_su_beamformer;
Boolean he_su_beamformee;
Boolean he_mu_beamformer;
bool he_su_beamformer;
bool he_su_beamformee;
bool he_mu_beamformer;
};
/**
@ -843,9 +914,13 @@ struct he_phy_capabilities_info {
*/
struct he_operation {
u8 he_bss_color;
u8 he_bss_color_disabled;
u8 he_bss_color_partial;
u8 he_default_pe_duration;
u8 he_twt_required;
u8 he_twt_responder;
u16 he_rts_threshold;
u8 he_er_su_disable;
u16 he_basic_mcs_nss_set;
};
@ -857,8 +932,8 @@ struct spatial_reuse {
u8 non_srg_obss_pd_max_offset;
u8 srg_obss_pd_min_offset;
u8 srg_obss_pd_max_offset;
u8 srg_obss_color_bitmap;
u8 srg_obss_color_partial_bitmap;
u8 srg_bss_color_bitmap[8];
u8 srg_partial_bssid_bitmap[8];
};
/**
@ -871,11 +946,18 @@ struct hostapd_config {
u16 beacon_int;
int rts_threshold;
int fragm_threshold;
u8 op_class;
u8 channel;
int enable_edmg;
u8 edmg_channel;
u8 acs;
struct wpa_freq_range_list acs_ch_list;
struct wpa_freq_range_list acs_freq_list;
u8 acs_freq_list_present;
int acs_exclude_dfs;
u8 min_tx_power;
enum hostapd_hw_mode hw_mode; /* HOSTAPD_MODE_IEEE80211A, .. */
int acs_exclude_6ghz_non_psc;
enum {
LONG_PREAMBLE = 0,
SHORT_PREAMBLE = 1
@ -987,6 +1069,10 @@ struct hostapd_config {
u8 he_oper_chwidth;
u8 he_oper_centr_freq_seg0_idx;
u8 he_oper_centr_freq_seg1_idx;
u8 he_6ghz_max_mpdu;
u8 he_6ghz_max_ampdu_len_exp;
u8 he_6ghz_rx_ant_pat;
u8 he_6ghz_tx_ant_pat;
#endif /* CONFIG_IEEE80211AX */
/* VHT enable/disable config from CHAN_SWITCH */
@ -994,8 +1080,14 @@ struct hostapd_config {
#define CH_SWITCH_VHT_DISABLED BIT(1)
unsigned int ch_switch_vht_config;
/* HE enable/disable config from CHAN_SWITCH */
#define CH_SWITCH_HE_ENABLED BIT(0)
#define CH_SWITCH_HE_DISABLED BIT(1)
unsigned int ch_switch_he_config;
int rssi_reject_assoc_rssi;
int rssi_reject_assoc_timeout;
int rssi_ignore_probe_request;
#ifdef CONFIG_AIRTIME_POLICY
enum {
@ -1100,5 +1192,8 @@ int hostapd_config_check(struct hostapd_config *conf, int full_config);
void hostapd_set_security_params(struct hostapd_bss_config *bss,
int full_config);
int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf);
bool hostapd_sae_pk_in_use(struct hostapd_bss_config *conf);
bool hostapd_sae_pk_exclusively(struct hostapd_bss_config *conf);
int hostapd_setup_sae_pt(struct hostapd_bss_config *conf);
#endif /* HOSTAPD_CONFIG_H */

157
src/ap/ap_drv_ops.c
View File

@ -10,6 +10,7 @@
#include "utils/common.h"
#include "common/ieee802_11_defs.h"
#include "common/ieee802_11_common.h"
#include "common/hw_features_common.h"
#include "wps/wps.h"
#include "p2p/p2p.h"
@ -107,6 +108,10 @@ int hostapd_build_ap_extra_ies(struct hostapd_data *hapd,
goto fail;
#endif /* CONFIG_FILS */
pos = hostapd_eid_rsnxe(hapd, buf, sizeof(buf));
if (add_buf_data(&assocresp, buf, pos - buf) < 0)
goto fail;
if (add_buf(&beacon, hapd->wps_beacon_ie) < 0 ||
add_buf(&proberesp, hapd->wps_probe_resp_ie) < 0)
goto fail;
@ -305,9 +310,7 @@ int hostapd_set_drv_ieee8021x(struct hostapd_data *hapd, const char *ifname,
params.wpa_pairwise = hapd->conf->wpa_pairwise;
params.wpa_key_mgmt = hapd->conf->wpa_key_mgmt;
params.rsn_preauth = hapd->conf->rsn_preauth;
#ifdef CONFIG_IEEE80211W
params.ieee80211w = hapd->conf->ieee80211w;
#endif /* CONFIG_IEEE80211W */
}
return hostapd_set_ieee8021x(hapd, &params);
}
@ -348,7 +351,7 @@ int hostapd_add_sta_node(struct hostapd_data *hapd, const u8 *addr,
u16 auth_alg)
{
if (hapd->driver == NULL || hapd->driver->add_sta_node == NULL)
return 0;
return -EOPNOTSUPP;
return hapd->driver->add_sta_node(hapd->drv_priv, addr, auth_alg);
}
@ -415,6 +418,7 @@ int hostapd_sta_add(struct hostapd_data *hapd,
const struct ieee80211_vht_capabilities *vht_capab,
const struct ieee80211_he_capabilities *he_capab,
size_t he_capab_len,
const struct ieee80211_he_6ghz_band_cap *he_6ghz_capab,
u32 flags, u8 qosinfo, u8 vht_opmode, int supp_p2p_ps,
int set)
{
@ -436,6 +440,7 @@ int hostapd_sta_add(struct hostapd_data *hapd,
params.vht_capabilities = vht_capab;
params.he_capab = he_capab;
params.he_capab_len = he_capab_len;
params.he_6ghz_capab = he_6ghz_capab;
params.vht_opmode_enabled = !!(flags & WLAN_STA_VHT_OPMODE_ENABLED);
params.vht_opmode = vht_opmode;
params.flags = hostapd_sta_flags_to_drv(flags);
@ -540,7 +545,8 @@ int hostapd_flush(struct hostapd_data *hapd)
int hostapd_set_freq(struct hostapd_data *hapd, enum hostapd_hw_mode mode,
int freq, int channel, int ht_enabled, int vht_enabled,
int freq, int channel, int edmg, u8 edmg_channel,
int ht_enabled, int vht_enabled,
int he_enabled,
int sec_channel_offset, int oper_chwidth,
int center_segment0, int center_segment1)
@ -548,7 +554,8 @@ int hostapd_set_freq(struct hostapd_data *hapd, enum hostapd_hw_mode mode,
struct hostapd_freq_params data;
struct hostapd_hw_modes *cmode = hapd->iface->current_mode;
if (hostapd_set_freq_params(&data, mode, freq, channel, ht_enabled,
if (hostapd_set_freq_params(&data, mode, freq, channel, edmg,
edmg_channel, ht_enabled,
vht_enabled, he_enabled, sec_channel_offset,
oper_chwidth,
center_segment0, center_segment1,
@ -583,7 +590,7 @@ int hostapd_set_frag(struct hostapd_data *hapd, int frag)
int hostapd_sta_set_flags(struct hostapd_data *hapd, u8 *addr,
int total_flags, int flags_or, int flags_and)
{
if (hapd->driver == NULL || hapd->driver->sta_set_flags == NULL)
if (!hapd->driver || !hapd->drv_priv || !hapd->driver->sta_set_flags)
return 0;
return hapd->driver->sta_set_flags(hapd->drv_priv, addr, total_flags,
flags_or, flags_and);
@ -645,6 +652,12 @@ int hostapd_drv_none(struct hostapd_data *hapd)
}
bool hostapd_drv_nl80211(struct hostapd_data *hapd)
{
return hapd->driver && os_strcmp(hapd->driver->name, "nl80211") == 0;
}
int hostapd_driver_scan(struct hostapd_data *hapd,
struct wpa_driver_scan_params *params)
{
@ -675,36 +688,41 @@ int hostapd_driver_set_noa(struct hostapd_data *hapd, u8 count, int start,
int hostapd_drv_set_key(const char *ifname, struct hostapd_data *hapd,
enum wpa_alg alg, const u8 *addr,
int key_idx, int set_tx,
int key_idx, int vlan_id, int set_tx,
const u8 *seq, size_t seq_len,
const u8 *key, size_t key_len)
const u8 *key, size_t key_len, enum key_flag key_flag)
{
struct wpa_driver_set_key_params params;
if (hapd->driver == NULL || hapd->driver->set_key == NULL)
return 0;
return hapd->driver->set_key(ifname, hapd->drv_priv, alg, addr,
key_idx, set_tx, seq, seq_len, key,
key_len);
os_memset(&params, 0, sizeof(params));
params.ifname = ifname;
params.alg = alg;
params.addr = addr;
params.key_idx = key_idx;
params.set_tx = set_tx;
params.seq = seq;
params.seq_len = seq_len;
params.key = key;
params.key_len = key_len;
params.vlan_id = vlan_id;
params.key_flag = key_flag;
return hapd->driver->set_key(hapd->drv_priv, &params);
}
int hostapd_drv_send_mlme(struct hostapd_data *hapd,
const void *msg, size_t len, int noack)
const void *msg, size_t len, int noack,
const u16 *csa_offs, size_t csa_offs_len,
int no_encrypt)
{
if (!hapd->driver || !hapd->driver->send_mlme || !hapd->drv_priv)
return 0;
return hapd->driver->send_mlme(hapd->drv_priv, msg, len, noack, 0,
NULL, 0);
}
int hostapd_drv_send_mlme_csa(struct hostapd_data *hapd,
const void *msg, size_t len, int noack,
const u16 *csa_offs, size_t csa_offs_len)
{
if (hapd->driver == NULL || hapd->driver->send_mlme == NULL)
return 0;
return hapd->driver->send_mlme(hapd->drv_priv, msg, len, noack, 0,
csa_offs, csa_offs_len);
csa_offs, csa_offs_len, no_encrypt, 0);
}
@ -810,7 +828,8 @@ int hostapd_start_dfs_cac(struct hostapd_iface *iface,
return -1;
}
if (hostapd_set_freq_params(&data, mode, freq, channel, ht_enabled,
if (hostapd_set_freq_params(&data, mode, freq, channel, 0, 0,
ht_enabled,
vht_enabled, he_enabled, sec_channel_offset,
oper_chwidth, center_segment0,
center_segment1,
@ -850,12 +869,27 @@ static void hostapd_get_hw_mode_any_channels(struct hostapd_data *hapd,
for (i = 0; i < mode->num_channels; i++) {
struct hostapd_channel_data *chan = &mode->channels[i];
if ((acs_ch_list_all ||
freq_range_list_includes(&hapd->iface->conf->acs_ch_list,
chan->chan)) &&
!(chan->flag & HOSTAPD_CHAN_DISABLED) &&
if (!acs_ch_list_all &&
(hapd->iface->conf->acs_freq_list.num &&
!freq_range_list_includes(
&hapd->iface->conf->acs_freq_list,
chan->freq)))
continue;
if (!acs_ch_list_all &&
(!hapd->iface->conf->acs_freq_list_present &&
hapd->iface->conf->acs_ch_list.num &&
!freq_range_list_includes(
&hapd->iface->conf->acs_ch_list,
chan->chan)))
continue;
if (is_6ghz_freq(chan->freq) &&
hapd->iface->conf->acs_exclude_6ghz_non_psc &&
!is_6ghz_psc_frequency(chan->freq))
continue;
if (!(chan->flag & HOSTAPD_CHAN_DISABLED) &&
!(hapd->iface->conf->acs_exclude_dfs &&
(chan->flag & HOSTAPD_CHAN_RADAR)))
(chan->flag & HOSTAPD_CHAN_RADAR)) &&
!(chan->max_tx_power < hapd->iface->conf->min_tx_power))
int_array_add_unique(freq_list, chan->freq);
}
}
@ -879,10 +913,9 @@ int hostapd_drv_do_acs(struct hostapd_data *hapd)
{
struct drv_acs_params params;
int ret, i, acs_ch_list_all = 0;
u8 *channels = NULL;
unsigned int num_channels = 0;
struct hostapd_hw_modes *mode;
int *freq_list = NULL;
enum hostapd_hw_mode selected_mode;
if (hapd->driver == NULL || hapd->driver->do_acs == NULL)
return 0;
@ -894,42 +927,27 @@ int hostapd_drv_do_acs(struct hostapd_data *hapd)
* If no chanlist config parameter is provided, include all enabled
* channels of the selected hw_mode.
*/
if (!hapd->iface->conf->acs_ch_list.num)
acs_ch_list_all = 1;
if (hapd->iface->conf->acs_freq_list_present)
acs_ch_list_all = !hapd->iface->conf->acs_freq_list.num;
else
acs_ch_list_all = !hapd->iface->conf->acs_ch_list.num;
mode = hapd->iface->current_mode;
if (mode) {
channels = os_malloc(mode->num_channels);
if (channels == NULL)
return -1;
if (hapd->iface->current_mode)
selected_mode = hapd->iface->current_mode->mode;
else
selected_mode = HOSTAPD_MODE_IEEE80211ANY;
for (i = 0; i < mode->num_channels; i++) {
struct hostapd_channel_data *chan = &mode->channels[i];
if (!acs_ch_list_all &&
!freq_range_list_includes(
&hapd->iface->conf->acs_ch_list,
chan->chan))
continue;
if (hapd->iface->conf->acs_exclude_dfs &&
(chan->flag & HOSTAPD_CHAN_RADAR))
continue;
if (!(chan->flag & HOSTAPD_CHAN_DISABLED)) {
channels[num_channels++] = chan->chan;
int_array_add_unique(&freq_list, chan->freq);
}
}
} else {
for (i = 0; i < hapd->iface->num_hw_features; i++) {
mode = &hapd->iface->hw_features[i];
hostapd_get_hw_mode_any_channels(hapd, mode,
acs_ch_list_all,
&freq_list);
}
for (i = 0; i < hapd->iface->num_hw_features; i++) {
mode = &hapd->iface->hw_features[i];
if (selected_mode != HOSTAPD_MODE_IEEE80211ANY &&
selected_mode != mode->mode)
continue;
hostapd_get_hw_mode_any_channels(hapd, mode, acs_ch_list_all,
&freq_list);
}
params.ch_list = channels;
params.ch_list_len = num_channels;
params.freq_list = freq_list;
params.edmg_enabled = hapd->iface->conf->enable_edmg;
params.ht_enabled = !!(hapd->iface->conf->ieee80211n);
params.ht40_enabled = !!(hapd->iface->conf->ht_capab &
@ -953,8 +971,11 @@ int hostapd_drv_do_acs(struct hostapd_data *hapd)
params.ch_width = 160;
}
if (hapd->iface->conf->op_class)
params.ch_width = op_class_to_bandwidth(
hapd->iface->conf->op_class);
ret = hapd->driver->do_acs(hapd->drv_priv, &params);
os_free(channels);
os_free(freq_list);
return ret;
}
@ -968,3 +989,11 @@ int hostapd_drv_update_dh_ie(struct hostapd_data *hapd, const u8 *peer,
return hapd->driver->update_dh_ie(hapd->drv_priv, peer, reason_code,
ie, ielen);
}
int hostapd_drv_dpp_listen(struct hostapd_data *hapd, bool enable)
{
if (!hapd->driver || !hapd->driver->dpp_listen || !hapd->drv_priv)
return 0;
return hapd->driver->dpp_listen(hapd->drv_priv, enable);
}

51
src/ap/ap_drv_ops.h
View File

@ -43,6 +43,7 @@ int hostapd_sta_add(struct hostapd_data *hapd,
const struct ieee80211_vht_capabilities *vht_capab,
const struct ieee80211_he_capabilities *he_capab,
size_t he_capab_len,
const struct ieee80211_he_6ghz_band_cap *he_6ghz_capab,
u32 flags, u8 qosinfo, u8 vht_opmode, int supp_p2p_ps,
int set);
int hostapd_set_privacy(struct hostapd_data *hapd, int enabled);
@ -62,7 +63,8 @@ int hostapd_get_seqnum(const char *ifname, struct hostapd_data *hapd,
const u8 *addr, int idx, u8 *seq);
int hostapd_flush(struct hostapd_data *hapd);
int hostapd_set_freq(struct hostapd_data *hapd, enum hostapd_hw_mode mode,
int freq, int channel, int ht_enabled, int vht_enabled,
int freq, int channel, int edmg, u8 edmg_channel,
int ht_enabled, int vht_enabled,
int he_enabled, int sec_channel_offset, int oper_chwidth,
int center_segment0, int center_segment1);
int hostapd_set_rts(struct hostapd_data *hapd, int rts);
@ -79,6 +81,7 @@ hostapd_get_hw_feature_data(struct hostapd_data *hapd, u16 *num_modes,
u16 *flags, u8 *dfs_domain);
int hostapd_driver_commit(struct hostapd_data *hapd);
int hostapd_drv_none(struct hostapd_data *hapd);
bool hostapd_drv_nl80211(struct hostapd_data *hapd);
int hostapd_driver_scan(struct hostapd_data *hapd,
struct wpa_driver_scan_params *params);
struct wpa_scan_results * hostapd_driver_get_scan_results(
@ -88,14 +91,13 @@ int hostapd_driver_set_noa(struct hostapd_data *hapd, u8 count, int start,
int hostapd_drv_set_key(const char *ifname,
struct hostapd_data *hapd,
enum wpa_alg alg, const u8 *addr,
int key_idx, int set_tx,
int key_idx, int vlan_id, int set_tx,
const u8 *seq, size_t seq_len,
const u8 *key, size_t key_len);
const u8 *key, size_t key_len, enum key_flag key_flag);
int hostapd_drv_send_mlme(struct hostapd_data *hapd,
const void *msg, size_t len, int noack);
int hostapd_drv_send_mlme_csa(struct hostapd_data *hapd,
const void *msg, size_t len, int noack,
const u16 *csa_offs, size_t csa_offs_len);
const void *msg, size_t len, int noack,
const u16 *csa_offs, size_t csa_offs_len,
int no_encrypt);
int hostapd_drv_sta_deauth(struct hostapd_data *hapd,
const u8 *addr, int reason);
int hostapd_drv_sta_disassoc(struct hostapd_data *hapd,
@ -132,6 +134,7 @@ int hostapd_start_dfs_cac(struct hostapd_iface *iface,
int hostapd_drv_do_acs(struct hostapd_data *hapd);
int hostapd_drv_update_dh_ie(struct hostapd_data *hapd, const u8 *peer,
u16 reason_code, const u8 *ie, size_t ielen);
int hostapd_drv_dpp_listen(struct hostapd_data *hapd, bool enable);
#include "drivers/driver.h"
@ -348,12 +351,13 @@ static inline int hostapd_drv_br_set_net_param(struct hostapd_data *hapd,
static inline int hostapd_drv_vendor_cmd(struct hostapd_data *hapd,
int vendor_id, int subcmd,
const u8 *data, size_t data_len,
enum nested_attr nested_attr_flag,
struct wpabuf *buf)
{
if (hapd->driver == NULL || hapd->driver->vendor_cmd == NULL)
return -1;
return hapd->driver->vendor_cmd(hapd->drv_priv, vendor_id, subcmd, data,
data_len, buf);
data_len, nested_attr_flag, buf);
}
static inline int hostapd_drv_stop_ap(struct hostapd_data *hapd)
@ -381,4 +385,35 @@ hostapd_drv_send_external_auth_status(struct hostapd_data *hapd,
return hapd->driver->send_external_auth_status(hapd->drv_priv, params);
}
static inline int
hostapd_drv_set_band(struct hostapd_data *hapd, u32 band_mask)
{
if (!hapd->driver || !hapd->drv_priv || !hapd->driver->set_band)
return -1;
return hapd->driver->set_band(hapd->drv_priv, band_mask);
}
#ifdef ANDROID
static inline int hostapd_drv_driver_cmd(struct hostapd_data *hapd,
char *cmd, char *buf, size_t buf_len)
{
if (!hapd->driver->driver_cmd)
return -1;
return hapd->driver->driver_cmd(hapd->drv_priv, cmd, buf, buf_len);
}
#endif /* ANDROID */
#ifdef CONFIG_TESTING_OPTIONS
static inline int
hostapd_drv_register_frame(struct hostapd_data *hapd, u16 type,
const u8 *match, size_t match_len,
bool multicast)
{
if (!hapd->driver || !hapd->drv_priv || !hapd->driver->register_frame)
return -1;
return hapd->driver->register_frame(hapd->drv_priv, type, match,
match_len, multicast);
}
#endif /* CONFIG_TESTING_OPTIONS */
#endif /* AP_DRV_OPS */

4
src/ap/ap_list.c
View File

@ -228,7 +228,6 @@ void ap_list_process_beacon(struct hostapd_iface *iface,
set_beacon++;
}
#ifdef CONFIG_IEEE80211N
if (!iface->olbc_ht && !ap->ht_support &&
(ap->channel == 0 ||
ap->channel == iface->conf->channel ||
@ -241,7 +240,6 @@ void ap_list_process_beacon(struct hostapd_iface *iface,
MAC2STR(ap->addr), ap->channel);
set_beacon++;
}
#endif /* CONFIG_IEEE80211N */
if (set_beacon)
ieee802_11_update_beacons(iface);
@ -285,14 +283,12 @@ void ap_list_timer(struct hostapd_iface *iface)
iface->olbc = 0;
set_beacon++;
}
#ifdef CONFIG_IEEE80211N
if (!olbc_ht && iface->olbc_ht) {
wpa_printf(MSG_DEBUG, "OLBC HT not detected anymore");
iface->olbc_ht = 0;
hostapd_ht_operation_update(iface);
set_beacon++;
}
#endif /* CONFIG_IEEE80211N */
}
if (set_beacon)

87
src/ap/authsrv.c
View File

@ -110,28 +110,10 @@ static int hostapd_setup_radius_srv(struct hostapd_data *hapd)
srv.auth_port = conf->radius_server_auth_port;
srv.acct_port = conf->radius_server_acct_port;
srv.conf_ctx = hapd;
srv.eap_sim_db_priv = hapd->eap_sim_db_priv;
srv.ssl_ctx = hapd->ssl_ctx;
srv.msg_ctx = hapd->msg_ctx;
srv.pac_opaque_encr_key = conf->pac_opaque_encr_key;
srv.eap_fast_a_id = conf->eap_fast_a_id;
srv.eap_fast_a_id_len = conf->eap_fast_a_id_len;
srv.eap_fast_a_id_info = conf->eap_fast_a_id_info;
srv.eap_fast_prov = conf->eap_fast_prov;
srv.pac_key_lifetime = conf->pac_key_lifetime;
srv.pac_key_refresh_time = conf->pac_key_refresh_time;
srv.eap_teap_auth = conf->eap_teap_auth;
srv.eap_teap_pac_no_inner = conf->eap_teap_pac_no_inner;
srv.eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
srv.eap_sim_id = conf->eap_sim_id;
srv.tnc = conf->tnc;
srv.wps = hapd->wps;
srv.ipv6 = conf->radius_server_ipv6;
srv.get_eap_user = hostapd_radius_get_eap_user;
srv.eap_req_id_text = conf->eap_req_id_text;
srv.eap_req_id_text_len = conf->eap_req_id_text_len;
srv.pwd_group = conf->pwd_group;
srv.server_id = conf->server_id ? conf->server_id : "hostapd";
srv.sqlite_file = conf->eap_user_sqlite;
#ifdef CONFIG_RADIUS_TEST
srv.dump_msk_file = conf->dump_msk_file;
@ -142,10 +124,8 @@ static int hostapd_setup_radius_srv(struct hostapd_data *hapd)
srv.hs20_sim_provisioning_url = conf->hs20_sim_provisioning_url;
srv.t_c_server_url = conf->t_c_server_url;
#endif /* CONFIG_HS20 */
srv.erp = conf->eap_server_erp;
srv.erp_domain = conf->erp_domain;
srv.tls_session_lifetime = conf->tls_session_lifetime;
srv.tls_flags = conf->tls_flags;
srv.eap_cfg = hapd->eap_cfg;
hapd->radius_srv = radius_server_init(&srv);
if (hapd->radius_srv == NULL) {
@ -193,6 +173,60 @@ static void authsrv_tls_event(void *ctx, enum tls_event ev,
#endif /* EAP_TLS_FUNCS */
static struct eap_config * authsrv_eap_config(struct hostapd_data *hapd)
{
struct eap_config *cfg;
cfg = os_zalloc(sizeof(*cfg));
if (!cfg)
return NULL;
cfg->eap_server = hapd->conf->eap_server;
cfg->ssl_ctx = hapd->ssl_ctx;
cfg->msg_ctx = hapd->msg_ctx;
cfg->eap_sim_db_priv = hapd->eap_sim_db_priv;
cfg->tls_session_lifetime = hapd->conf->tls_session_lifetime;
cfg->tls_flags = hapd->conf->tls_flags;
cfg->max_auth_rounds = hapd->conf->max_auth_rounds;
cfg->max_auth_rounds_short = hapd->conf->max_auth_rounds_short;
if (hapd->conf->pac_opaque_encr_key)
cfg->pac_opaque_encr_key =
os_memdup(hapd->conf->pac_opaque_encr_key, 16);
if (hapd->conf->eap_fast_a_id) {
cfg->eap_fast_a_id = os_memdup(hapd->conf->eap_fast_a_id,
hapd->conf->eap_fast_a_id_len);
cfg->eap_fast_a_id_len = hapd->conf->eap_fast_a_id_len;
}
if (hapd->conf->eap_fast_a_id_info)
cfg->eap_fast_a_id_info =
os_strdup(hapd->conf->eap_fast_a_id_info);
cfg->eap_fast_prov = hapd->conf->eap_fast_prov;
cfg->pac_key_lifetime = hapd->conf->pac_key_lifetime;
cfg->pac_key_refresh_time = hapd->conf->pac_key_refresh_time;
cfg->eap_teap_auth = hapd->conf->eap_teap_auth;
cfg->eap_teap_pac_no_inner = hapd->conf->eap_teap_pac_no_inner;
cfg->eap_teap_separate_result = hapd->conf->eap_teap_separate_result;
cfg->eap_teap_id = hapd->conf->eap_teap_id;
cfg->eap_sim_aka_result_ind = hapd->conf->eap_sim_aka_result_ind;
cfg->eap_sim_id = hapd->conf->eap_sim_id;
cfg->tnc = hapd->conf->tnc;
cfg->wps = hapd->wps;
cfg->fragment_size = hapd->conf->fragment_size;
cfg->pwd_group = hapd->conf->pwd_group;
cfg->pbc_in_m1 = hapd->conf->pbc_in_m1;
if (hapd->conf->server_id) {
cfg->server_id = (u8 *) os_strdup(hapd->conf->server_id);
cfg->server_id_len = os_strlen(hapd->conf->server_id);
} else {
cfg->server_id = (u8 *) os_strdup("hostapd");
cfg->server_id_len = 7;
}
cfg->erp = hapd->conf->eap_server_erp;
return cfg;
}
int authsrv_init(struct hostapd_data *hapd)
{
#ifdef EAP_TLS_FUNCS
@ -273,6 +307,14 @@ int authsrv_init(struct hostapd_data *hapd)
}
#endif /* EAP_SIM_DB */
hapd->eap_cfg = authsrv_eap_config(hapd);
if (!hapd->eap_cfg) {
wpa_printf(MSG_ERROR,
"Failed to build EAP server configuration");
authsrv_deinit(hapd);
return -1;
}
#ifdef RADIUS_SERVER
if (hapd->conf->radius_server_clients &&
hostapd_setup_radius_srv(hapd))
@ -303,4 +345,7 @@ void authsrv_deinit(struct hostapd_data *hapd)
hapd->eap_sim_db_priv = NULL;
}
#endif /* EAP_SIM_DB */
eap_server_config_free(hapd->eap_cfg);
hapd->eap_cfg = NULL;
}

686
src/ap/beacon.c
View File

@ -36,27 +36,6 @@
#ifdef NEED_AP_MLME
static u8 * hostapd_eid_rm_enabled_capab(struct hostapd_data *hapd, u8 *eid,
size_t len)
{
size_t i;
for (i = 0; i < RRM_CAPABILITIES_IE_LEN; i++) {
if (hapd->conf->radio_measurements[i])
break;
}
if (i == RRM_CAPABILITIES_IE_LEN || len < 2 + RRM_CAPABILITIES_IE_LEN)
return eid;
*eid++ = WLAN_EID_RRM_ENABLED_CAPABILITIES;
*eid++ = RRM_CAPABILITIES_IE_LEN;
os_memcpy(eid, hapd->conf->radio_measurements, RRM_CAPABILITIES_IE_LEN);
return eid + RRM_CAPABILITIES_IE_LEN;
}
static u8 * hostapd_eid_bss_load(struct hostapd_data *hapd, u8 *eid, size_t len)
{
if (len < 2 + 5)
@ -287,17 +266,101 @@ static u8 * hostapd_eid_country(struct hostapd_data *hapd, u8 *eid,
}
static u8 * hostapd_eid_wpa(struct hostapd_data *hapd, u8 *eid, size_t len)
const u8 * hostapd_wpa_ie(struct hostapd_data *hapd, u8 eid)
{
const u8 *ies;
size_t ies_len;
ies = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ies_len);
if (!ies)
return NULL;
return get_ie(ies, ies_len, eid);
}
static const u8 * hostapd_vendor_wpa_ie(struct hostapd_data *hapd,
u32 vendor_type)
{
const u8 *ies;
size_t ies_len;
ies = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ies_len);
if (!ies)
return NULL;
return get_vendor_ie(ies, ies_len, vendor_type);
}
static u8 * hostapd_get_rsne(struct hostapd_data *hapd, u8 *pos, size_t len)
{
const u8 *ie;
size_t ielen;
ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ielen);
if (ie == NULL || ielen > len)
return eid;
ie = hostapd_wpa_ie(hapd, WLAN_EID_RSN);
if (!ie || 2U + ie[1] > len)
return pos;
os_memcpy(eid, ie, ielen);
return eid + ielen;
os_memcpy(pos, ie, 2 + ie[1]);
return pos + 2 + ie[1];
}
static u8 * hostapd_get_mde(struct hostapd_data *hapd, u8 *pos, size_t len)
{
const u8 *ie;
ie = hostapd_wpa_ie(hapd, WLAN_EID_MOBILITY_DOMAIN);
if (!ie || 2U + ie[1] > len)
return pos;
os_memcpy(pos, ie, 2 + ie[1]);
return pos + 2 + ie[1];
}
static u8 * hostapd_get_rsnxe(struct hostapd_data *hapd, u8 *pos, size_t len)
{
const u8 *ie;
#ifdef CONFIG_TESTING_OPTIONS
if (hapd->conf->no_beacon_rsnxe) {
wpa_printf(MSG_INFO, "TESTING: Do not add RSNXE into Beacon");
return pos;
}
#endif /* CONFIG_TESTING_OPTIONS */
ie = hostapd_wpa_ie(hapd, WLAN_EID_RSNX);
if (!ie || 2U + ie[1] > len)
return pos;
os_memcpy(pos, ie, 2 + ie[1]);
return pos + 2 + ie[1];
}
static u8 * hostapd_get_wpa_ie(struct hostapd_data *hapd, u8 *pos, size_t len)
{
const u8 *ie;
ie = hostapd_vendor_wpa_ie(hapd, WPA_IE_VENDOR_TYPE);
if (!ie || 2U + ie[1] > len)
return pos;
os_memcpy(pos, ie, 2 + ie[1]);
return pos + 2 + ie[1];
}
static u8 * hostapd_get_osen_ie(struct hostapd_data *hapd, u8 *pos, size_t len)
{
const u8 *ie;
ie = hostapd_vendor_wpa_ie(hapd, OSEN_IE_VENDOR_TYPE);
if (!ie || 2U + ie[1] > len)
return pos;
os_memcpy(pos, ie, 2 + ie[1]);
return pos + 2 + ie[1];
}
@ -395,16 +458,21 @@ static u8 * hostapd_gen_probe_resp(struct hostapd_data *hapd,
}
#ifdef CONFIG_IEEE80211AX
if (hapd->iconf->ieee80211ax) {
if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) {
buflen += 3 + sizeof(struct ieee80211_he_capabilities) +
3 + sizeof(struct ieee80211_he_operation) +
3 + sizeof(struct ieee80211_he_mu_edca_parameter_set) +
3 + sizeof(struct ieee80211_spatial_reuse);
if (is_6ghz_op_class(hapd->iconf->op_class))
buflen += sizeof(struct ieee80211_he_6ghz_oper_info) +
3 + sizeof(struct ieee80211_he_6ghz_band_cap);
}
#endif /* CONFIG_IEEE80211AX */
buflen += hostapd_eid_rnr_len(hapd, WLAN_FC_STYPE_PROBE_RESP);
buflen += hostapd_mbo_ie_len(hapd);
buflen += hostapd_eid_owe_trans_len(hapd);
buflen += hostapd_eid_dpp_cc_len(hapd);
resp = os_zalloc(buflen);
if (resp == NULL)
@ -455,13 +523,10 @@ static u8 * hostapd_gen_probe_resp(struct hostapd_data *hapd,
/* Extended supported rates */
pos = hostapd_eid_ext_supp_rates(hapd, pos);
/* RSN, MDIE */
if (hapd->conf->wpa != WPA_PROTO_WPA)
pos = hostapd_eid_wpa(hapd, pos, epos - pos);
pos = hostapd_get_rsne(hapd, pos, epos - pos);
pos = hostapd_eid_bss_load(hapd, pos, epos - pos);
pos = hostapd_eid_rm_enabled_capab(hapd, pos, epos - pos);
pos = hostapd_get_mde(hapd, pos, epos - pos);
/* eCSA IE */
csa_pos = hostapd_eid_ecsa(hapd, pos);
@ -470,15 +535,8 @@ static u8 * hostapd_gen_probe_resp(struct hostapd_data *hapd,
pos = csa_pos;
pos = hostapd_eid_supported_op_classes(hapd, pos);
#ifdef CONFIG_IEEE80211N
/* Secondary Channel Offset element */
/* TODO: The standard doesn't specify a position for this element. */
pos = hostapd_eid_secondary_channel(hapd, pos);
pos = hostapd_eid_ht_capabilities(hapd, pos);
pos = hostapd_eid_ht_operation(hapd, pos);
#endif /* CONFIG_IEEE80211N */
pos = hostapd_eid_ext_capab(hapd, pos);
@ -498,22 +556,33 @@ static u8 * hostapd_gen_probe_resp(struct hostapd_data *hapd,
#endif /* CONFIG_FST */
#ifdef CONFIG_IEEE80211AC
if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac) {
if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac &&
!is_6ghz_op_class(hapd->iconf->op_class)) {
pos = hostapd_eid_vht_capabilities(hapd, pos, 0);
pos = hostapd_eid_vht_operation(hapd, pos);
pos = hostapd_eid_txpower_envelope(hapd, pos);
pos = hostapd_eid_wb_chsw_wrapper(hapd, pos);
}
#endif /* CONFIG_IEEE80211AC */
#ifdef CONFIG_IEEE80211AX
if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax &&
is_6ghz_op_class(hapd->iconf->op_class))
pos = hostapd_eid_txpower_envelope(hapd, pos);
#endif /* CONFIG_IEEE80211AX */
pos = hostapd_eid_wb_chsw_wrapper(hapd, pos);
pos = hostapd_eid_rnr(hapd, pos, WLAN_FC_STYPE_PROBE_RESP);
pos = hostapd_eid_fils_indic(hapd, pos, 0);
pos = hostapd_get_rsnxe(hapd, pos, epos - pos);
#ifdef CONFIG_IEEE80211AX
if (hapd->iconf->ieee80211ax) {
if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) {
pos = hostapd_eid_he_capab(hapd, pos, IEEE80211_MODE_AP);
pos = hostapd_eid_he_operation(hapd, pos);
pos = hostapd_eid_he_mu_edca_parameter_set(hapd, pos);
pos = hostapd_eid_spatial_reuse(hapd, pos);
pos = hostapd_eid_he_mu_edca_parameter_set(hapd, pos);
pos = hostapd_eid_he_6ghz_band_cap(hapd, pos);
}
#endif /* CONFIG_IEEE80211AX */
@ -522,9 +591,9 @@ static u8 * hostapd_gen_probe_resp(struct hostapd_data *hapd,
pos = hostapd_eid_vendor_vht(hapd, pos);
#endif /* CONFIG_IEEE80211AC */
/* WPA */
if (hapd->conf->wpa == WPA_PROTO_WPA)
pos = hostapd_eid_wpa(hapd, pos, epos - pos);
/* WPA / OSEN */
pos = hostapd_get_wpa_ie(hapd, pos, epos - pos);
pos = hostapd_get_osen_ie(hapd, pos, epos - pos);
/* Wi-Fi Alliance WMM */
pos = hostapd_eid_wmm(hapd, pos);
@ -553,11 +622,11 @@ static u8 * hostapd_gen_probe_resp(struct hostapd_data *hapd,
#ifdef CONFIG_HS20
pos = hostapd_eid_hs20_indication(hapd, pos);
pos = hostapd_eid_osen(hapd, pos);
#endif /* CONFIG_HS20 */
pos = hostapd_eid_mbo(hapd, pos, (u8 *) resp + buflen - pos);
pos = hostapd_eid_owe_trans(hapd, pos, (u8 *) resp + buflen - pos);
pos = hostapd_eid_dpp_cc(hapd, pos, (u8 *) resp + buflen - pos);
if (hapd->conf->vendor_elements) {
os_memcpy(pos, wpabuf_head(hapd->conf->vendor_elements),
@ -573,16 +642,21 @@ static u8 * hostapd_gen_probe_resp(struct hostapd_data *hapd,
enum ssid_match_result {
NO_SSID_MATCH,
EXACT_SSID_MATCH,
WILDCARD_SSID_MATCH
WILDCARD_SSID_MATCH,
CO_LOCATED_SSID_MATCH,
};
static enum ssid_match_result ssid_match(struct hostapd_data *hapd,
const u8 *ssid, size_t ssid_len,
const u8 *ssid_list,
size_t ssid_list_len)
size_t ssid_list_len,
const u8 *short_ssid_list,
size_t short_ssid_list_len)
{
const u8 *pos, *end;
struct hostapd_iface *iface = hapd->iface;
int wildcard = 0;
size_t i, j;
if (ssid_len == 0)
wildcard = 1;
@ -590,23 +664,59 @@ static enum ssid_match_result ssid_match(struct hostapd_data *hapd,
os_memcmp(ssid, hapd->conf->ssid.ssid, ssid_len) == 0)
return EXACT_SSID_MATCH;
if (ssid_list == NULL)
return wildcard ? WILDCARD_SSID_MATCH : NO_SSID_MATCH;
pos = ssid_list;
end = ssid_list + ssid_list_len;
while (end - pos >= 2) {
if (2 + pos[1] > end - pos)
break;
if (pos[1] == 0)
wildcard = 1;
if (pos[1] == hapd->conf->ssid.ssid_len &&
os_memcmp(pos + 2, hapd->conf->ssid.ssid, pos[1]) == 0)
return EXACT_SSID_MATCH;
pos += 2 + pos[1];
if (ssid_list) {
pos = ssid_list;
end = ssid_list + ssid_list_len;
while (end - pos >= 2) {
if (2 + pos[1] > end - pos)
break;
if (pos[1] == 0)
wildcard = 1;
if (pos[1] == hapd->conf->ssid.ssid_len &&
os_memcmp(pos + 2, hapd->conf->ssid.ssid,
pos[1]) == 0)
return EXACT_SSID_MATCH;
pos += 2 + pos[1];
}
}
return wildcard ? WILDCARD_SSID_MATCH : NO_SSID_MATCH;
if (short_ssid_list) {
pos = short_ssid_list;
end = short_ssid_list + short_ssid_list_len;
while (end - pos >= 4) {
if (hapd->conf->ssid.short_ssid == WPA_GET_LE32(pos))
return EXACT_SSID_MATCH;
pos += 4;
}
}
if (wildcard)
return WILDCARD_SSID_MATCH;
if (!iface->interfaces || iface->interfaces->count <= 1 ||
is_6ghz_op_class(hapd->iconf->op_class))
return NO_SSID_MATCH;
for (i = 0; i < iface->interfaces->count; i++) {
struct hostapd_iface *colocated;
colocated = iface->interfaces->iface[i];
if (colocated == iface ||
!is_6ghz_op_class(colocated->conf->op_class))
continue;
for (j = 0; j < colocated->num_bss; j++) {
struct hostapd_bss_config *conf;
conf = colocated->bss[j]->conf;
if (ssid_len == conf->ssid.ssid_len &&
os_memcmp(ssid, conf->ssid.ssid, ssid_len) == 0)
return CO_LOCATED_SSID_MATCH;
}
}
return NO_SSID_MATCH;
}
@ -741,11 +851,11 @@ void handle_probe_req(struct hostapd_data *hapd,
int ret;
u16 csa_offs[2];
size_t csa_offs_len;
u32 session_timeout, acct_interim_interval;
struct vlan_description vlan_id;
struct hostapd_sta_wpa_psk_short *psk = NULL;
char *identity = NULL;
char *radius_cui = NULL;
struct radius_sta rad_info;
if (hapd->iconf->rssi_ignore_probe_request && ssi_signal &&
ssi_signal < hapd->iconf->rssi_ignore_probe_request)
return;
if (len < IEEE80211_HDRLEN)
return;
@ -754,10 +864,8 @@ void handle_probe_req(struct hostapd_data *hapd,
sta_track_add(hapd->iface, mgmt->sa, ssi_signal);
ie_len = len - IEEE80211_HDRLEN;
ret = ieee802_11_allowed_address(hapd, mgmt->sa, (const u8 *) mgmt, len,
&session_timeout,
&acct_interim_interval, &vlan_id,
&psk, &identity, &radius_cui, 1);
ret = hostapd_allowed_address(hapd, mgmt->sa, (const u8 *) mgmt, len,
&rad_info, 1);
if (ret == HOSTAPD_ACL_REJECT) {
wpa_msg(hapd->msg_ctx, MSG_DEBUG,
"Ignore Probe Request frame from " MACSTR
@ -836,7 +944,7 @@ void handle_probe_req(struct hostapd_data *hapd,
#endif /* CONFIG_P2P */
if (hapd->conf->ignore_broadcast_ssid && elems.ssid_len == 0 &&
elems.ssid_list_len == 0) {
elems.ssid_list_len == 0 && elems.short_ssid_list_len == 0) {
wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR " for "
"broadcast SSID ignored", MAC2STR(mgmt->sa));
return;
@ -868,7 +976,8 @@ void handle_probe_req(struct hostapd_data *hapd,
#endif /* CONFIG_TAXONOMY */
res = ssid_match(hapd, elems.ssid, elems.ssid_len,
elems.ssid_list, elems.ssid_list_len);
elems.ssid_list, elems.ssid_list_len,
elems.short_ssid_list, elems.short_ssid_list_len);
if (res == NO_SSID_MATCH) {
if (!(mgmt->da[0] & 0x01)) {
wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR
@ -881,6 +990,12 @@ void handle_probe_req(struct hostapd_data *hapd,
return;
}
if (hapd->conf->ignore_broadcast_ssid && res == WILDCARD_SSID_MATCH) {
wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR " for "
"broadcast SSID ignored", MAC2STR(mgmt->sa));
return;
}
#ifdef CONFIG_INTERWORKING
if (hapd->conf->interworking &&
elems.interworking && elems.interworking_len >= 1) {
@ -985,9 +1100,9 @@ void handle_probe_req(struct hostapd_data *hapd,
hapd->cs_c_off_ecsa_proberesp;
}
ret = hostapd_drv_send_mlme_csa(hapd, resp, resp_len, noack,
csa_offs_len ? csa_offs : NULL,
csa_offs_len);
ret = hostapd_drv_send_mlme(hapd, resp, resp_len, noack,
csa_offs_len ? csa_offs : NULL,
csa_offs_len, 0);
if (ret < 0)
wpa_printf(MSG_INFO, "handle_probe_req: send failed");
@ -1038,6 +1153,23 @@ static u8 * hostapd_probe_resp_offloads(struct hostapd_data *hapd,
#endif /* NEED_AP_MLME */
#ifdef CONFIG_IEEE80211AX
/* Unsolicited broadcast Probe Response transmission, 6 GHz only */
static u8 * hostapd_unsol_bcast_probe_resp(struct hostapd_data *hapd,
struct wpa_driver_ap_params *params)
{
if (!is_6ghz_op_class(hapd->iconf->op_class))
return NULL;
params->unsol_bcast_probe_resp_interval =
hapd->conf->unsol_bcast_probe_resp_interval;
return hostapd_gen_probe_resp(hapd, NULL, 0,
&params->unsol_bcast_probe_resp_tmpl_len);
}
#endif /* CONFIG_IEEE80211AX */
void sta_track_del(struct hostapd_sta_info *info)
{
#ifdef CONFIG_TAXONOMY
@ -1048,6 +1180,247 @@ void sta_track_del(struct hostapd_sta_info *info)
}
#ifdef CONFIG_FILS
static u16 hostapd_fils_discovery_cap(struct hostapd_data *hapd)
{
u16 cap_info, phy_index = 0;
u8 chwidth = FD_CAP_BSS_CHWIDTH_20, mcs_nss_size = 4;
struct hostapd_hw_modes *mode = hapd->iface->current_mode;
cap_info = FD_CAP_ESS;
if (hapd->conf->wpa)
cap_info |= FD_CAP_PRIVACY;
if (is_6ghz_op_class(hapd->iconf->op_class)) {
phy_index = FD_CAP_PHY_INDEX_HE;
switch (hapd->iconf->op_class) {
case 135:
mcs_nss_size += 4;
/* fallthrough */
case 134:
mcs_nss_size += 4;
chwidth = FD_CAP_BSS_CHWIDTH_160_80_80;
break;
case 133:
chwidth = FD_CAP_BSS_CHWIDTH_80;
break;
case 132:
chwidth = FD_CAP_BSS_CHWIDTH_40;
break;
}
} else {
switch (hostapd_get_oper_chwidth(hapd->iconf)) {
case CHANWIDTH_80P80MHZ:
mcs_nss_size += 4;
/* fallthrough */
case CHANWIDTH_160MHZ:
mcs_nss_size += 4;
chwidth = FD_CAP_BSS_CHWIDTH_160_80_80;
break;
case CHANWIDTH_80MHZ:
chwidth = FD_CAP_BSS_CHWIDTH_80;
break;
case CHANWIDTH_USE_HT:
if (hapd->iconf->secondary_channel)
chwidth = FD_CAP_BSS_CHWIDTH_40;
else
chwidth = FD_CAP_BSS_CHWIDTH_20;
break;
}
#ifdef CONFIG_IEEE80211AX
if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax)
phy_index = FD_CAP_PHY_INDEX_HE;
#endif /* CONFIG_IEEE80211AX */
#ifdef CONFIG_IEEE80211AC
if (!phy_index &&
hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac)
phy_index = FD_CAP_PHY_INDEX_VHT;
#endif /* CONFIG_IEEE80211AC */
if (!phy_index &&
hapd->iconf->ieee80211n && !hapd->conf->disable_11n)
phy_index = FD_CAP_PHY_INDEX_HT;
}
cap_info |= phy_index << FD_CAP_PHY_INDEX_SHIFT;
cap_info |= chwidth << FD_CAP_BSS_CHWIDTH_SHIFT;
if (mode) {
u16 *mcs = (u16 *) mode->he_capab[IEEE80211_MODE_AP].mcs;
int i;
u16 nss = 0;
for (i = 0; i < HE_NSS_MAX_STREAMS; i++) {
u16 nss_mask = 0x3 << (i * 2);
if (mcs_nss_size == 4 &&
(((mcs[0] & nss_mask) == nss_mask) ||
((mcs[1] & nss_mask) == nss_mask)))
continue;
if (mcs_nss_size == 8 &&
(((mcs[2] & nss_mask) == nss_mask) ||
((mcs[3] & nss_mask) == nss_mask)))
continue;
if (mcs_nss_size == 12 &&
(((mcs[4] & nss_mask) == nss_mask) ||
((mcs[5] & nss_mask) == nss_mask)))
continue;
nss++;
}
if (nss > 4)
cap_info |= FD_CAP_NSS_5_8 << FD_CAP_NSS_SHIFT;
else if (nss)
cap_info |= (nss - 1) << FD_CAP_NSS_SHIFT;
}
return cap_info;
}
static u8 * hostapd_gen_fils_discovery(struct hostapd_data *hapd, size_t *len)
{
struct ieee80211_mgmt *head;
const u8 *mobility_domain;
u8 *pos, *length_pos, buf[200];
u16 ctl = 0;
u8 fd_rsn_info[5];
size_t total_len, buf_len;
total_len = 24 + 2 + 12;
/* FILS Discovery Frame Control */
ctl = (sizeof(hapd->conf->ssid.short_ssid) - 1) |
FD_FRAME_CTL_SHORT_SSID_PRESENT |
FD_FRAME_CTL_LENGTH_PRESENT |
FD_FRAME_CTL_CAP_PRESENT;
total_len += 4 + 1 + 2;
/* Check for optional subfields and calculate length */
if (wpa_auth_write_fd_rsn_info(hapd->wpa_auth, fd_rsn_info)) {
ctl |= FD_FRAME_CTL_RSN_INFO_PRESENT;
total_len += sizeof(fd_rsn_info);
}
mobility_domain = hostapd_wpa_ie(hapd, WLAN_EID_MOBILITY_DOMAIN);
if (mobility_domain) {
ctl |= FD_FRAME_CTL_MD_PRESENT;
total_len += 3;
}
total_len += hostapd_eid_rnr_len(hapd, WLAN_FC_STYPE_ACTION);
pos = hostapd_eid_fils_indic(hapd, buf, 0);
buf_len = pos - buf;
total_len += buf_len;
head = os_zalloc(total_len);
if (!head)
return NULL;
head->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
WLAN_FC_STYPE_ACTION);
os_memset(head->da, 0xff, ETH_ALEN);
os_memcpy(head->sa, hapd->own_addr, ETH_ALEN);
os_memcpy(head->bssid, hapd->own_addr, ETH_ALEN);
head->u.action.category = WLAN_ACTION_PUBLIC;
head->u.action.u.public_action.action = WLAN_PA_FILS_DISCOVERY;
pos = &head->u.action.u.public_action.variable[0];
/* FILS Discovery Information field */
/* FILS Discovery Frame Control */
WPA_PUT_LE16(pos, ctl);
pos += 2;
/* Hardware or low-level driver will fill in the Timestamp value */
pos += 8;
/* Beacon Interval */
WPA_PUT_LE16(pos, hapd->iconf->beacon_int);
pos += 2;
/* Short SSID */
WPA_PUT_LE32(pos, hapd->conf->ssid.short_ssid);
pos += sizeof(hapd->conf->ssid.short_ssid);
/* Store position of FILS discovery information element Length field */
length_pos = pos++;
/* FD Capability */
WPA_PUT_LE16(pos, hostapd_fils_discovery_cap(hapd));
pos += 2;
/* Operating Class - not present */
/* Primary Channel - not present */
/* AP Configuration Sequence Number - not present */
/* Access Network Options - not present */
/* FD RSN Information */
if (ctl & FD_FRAME_CTL_RSN_INFO_PRESENT) {
os_memcpy(pos, fd_rsn_info, sizeof(fd_rsn_info));
pos += sizeof(fd_rsn_info);
}
/* Channel Center Frequency Segment 1 - not present */
/* Mobility Domain */
if (ctl & FD_FRAME_CTL_MD_PRESENT) {
os_memcpy(pos, &mobility_domain[2], 3);
pos += 3;
}
/* Fill in the Length field value */
*length_pos = pos - (length_pos + 1);
pos = hostapd_eid_rnr(hapd, pos, WLAN_FC_STYPE_ACTION);
/* FILS Indication element */
if (buf_len) {
os_memcpy(pos, buf, buf_len);
pos += buf_len;
}
*len = pos - (u8 *) head;
wpa_hexdump(MSG_DEBUG, "FILS Discovery frame template",
head, pos - (u8 *) head);
return (u8 *) head;
}
/* Configure FILS Discovery frame transmission parameters */
static u8 * hostapd_fils_discovery(struct hostapd_data *hapd,
struct wpa_driver_ap_params *params)
{
params->fd_max_int = hapd->conf->fils_discovery_max_int;
if (is_6ghz_op_class(hapd->iconf->op_class) &&
params->fd_max_int > FD_MAX_INTERVAL_6GHZ)
params->fd_max_int = FD_MAX_INTERVAL_6GHZ;
params->fd_min_int = hapd->conf->fils_discovery_min_int;
if (params->fd_min_int > params->fd_max_int)
params->fd_min_int = params->fd_max_int;
if (params->fd_max_int)
return hostapd_gen_fils_discovery(hapd,
&params->fd_frame_tmpl_len);
return NULL;
}
#endif /* CONFIG_FILS */
int ieee802_11_build_ap_params(struct hostapd_data *hapd,
struct wpa_driver_ap_params *params)
{
@ -1058,7 +1431,7 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
size_t resp_len = 0;
#ifdef NEED_AP_MLME
u16 capab_info;
u8 *pos, *tailpos, *csa_pos;
u8 *pos, *tailpos, *tailend, *csa_pos;
#define BEACON_HEAD_BUF_SIZE 256
#define BEACON_TAIL_BUF_SIZE 512
@ -1087,16 +1460,21 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
#endif /* CONFIG_IEEE80211AC */
#ifdef CONFIG_IEEE80211AX
if (hapd->iconf->ieee80211ax) {
if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) {
tail_len += 3 + sizeof(struct ieee80211_he_capabilities) +
3 + sizeof(struct ieee80211_he_operation) +
3 + sizeof(struct ieee80211_he_mu_edca_parameter_set) +
3 + sizeof(struct ieee80211_spatial_reuse);
if (is_6ghz_op_class(hapd->iconf->op_class))
tail_len += sizeof(struct ieee80211_he_6ghz_oper_info) +
3 + sizeof(struct ieee80211_he_6ghz_band_cap);
}
#endif /* CONFIG_IEEE80211AX */
tail_len += hostapd_eid_rnr_len(hapd, WLAN_FC_STYPE_BEACON);
tail_len += hostapd_mbo_ie_len(hapd);
tail_len += hostapd_eid_owe_trans_len(hapd);
tail_len += hostapd_eid_dpp_cc_len(hapd);
tailpos = tail = os_malloc(tail_len);
if (head == NULL || tail == NULL) {
@ -1105,6 +1483,7 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
os_free(tail);
return -1;
}
tailend = tail + tail_len;
head->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
WLAN_FC_STYPE_BEACON);
@ -1145,8 +1524,7 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
head_len = pos - (u8 *) head;
tailpos = hostapd_eid_country(hapd, tailpos,
tail + BEACON_TAIL_BUF_SIZE - tailpos);
tailpos = hostapd_eid_country(hapd, tailpos, tailend - tailpos);
/* Power Constraint element */
tailpos = hostapd_eid_pwr_constraint(hapd, tailpos);
@ -1163,18 +1541,11 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
/* Extended supported rates */
tailpos = hostapd_eid_ext_supp_rates(hapd, tailpos);
/* RSN, MDIE */
if (hapd->conf->wpa != WPA_PROTO_WPA)
tailpos = hostapd_eid_wpa(hapd, tailpos,
tail + BEACON_TAIL_BUF_SIZE -
tailpos);
tailpos = hostapd_get_rsne(hapd, tailpos, tailend - tailpos);
tailpos = hostapd_eid_bss_load(hapd, tailpos, tailend - tailpos);
tailpos = hostapd_eid_rm_enabled_capab(hapd, tailpos,
tail + BEACON_TAIL_BUF_SIZE -
tailpos);
tailpos = hostapd_eid_bss_load(hapd, tailpos,
tail + BEACON_TAIL_BUF_SIZE - tailpos);
tailend - tailpos);
tailpos = hostapd_get_mde(hapd, tailpos, tailend - tailpos);
/* eCSA IE */
csa_pos = hostapd_eid_ecsa(hapd, tailpos);
@ -1183,15 +1554,8 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
tailpos = csa_pos;
tailpos = hostapd_eid_supported_op_classes(hapd, tailpos);
#ifdef CONFIG_IEEE80211N
/* Secondary Channel Offset element */
/* TODO: The standard doesn't specify a position for this element. */
tailpos = hostapd_eid_secondary_channel(hapd, tailpos);
tailpos = hostapd_eid_ht_capabilities(hapd, tailpos);
tailpos = hostapd_eid_ht_operation(hapd, tailpos);
#endif /* CONFIG_IEEE80211N */
tailpos = hostapd_eid_ext_capab(hapd, tailpos);
@ -1214,23 +1578,34 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
#endif /* CONFIG_FST */
#ifdef CONFIG_IEEE80211AC
if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac) {
if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac &&
!is_6ghz_op_class(hapd->iconf->op_class)) {
tailpos = hostapd_eid_vht_capabilities(hapd, tailpos, 0);
tailpos = hostapd_eid_vht_operation(hapd, tailpos);
tailpos = hostapd_eid_txpower_envelope(hapd, tailpos);
tailpos = hostapd_eid_wb_chsw_wrapper(hapd, tailpos);
}
#endif /* CONFIG_IEEE80211AC */
#ifdef CONFIG_IEEE80211AX
if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax &&
is_6ghz_op_class(hapd->iconf->op_class))
tailpos = hostapd_eid_txpower_envelope(hapd, tailpos);
#endif /* CONFIG_IEEE80211AX */
tailpos = hostapd_eid_wb_chsw_wrapper(hapd, tailpos);
tailpos = hostapd_eid_rnr(hapd, tailpos, WLAN_FC_STYPE_BEACON);
tailpos = hostapd_eid_fils_indic(hapd, tailpos, 0);
tailpos = hostapd_get_rsnxe(hapd, tailpos, tailend - tailpos);
#ifdef CONFIG_IEEE80211AX
if (hapd->iconf->ieee80211ax) {
if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) {
tailpos = hostapd_eid_he_capab(hapd, tailpos,
IEEE80211_MODE_AP);
tailpos = hostapd_eid_he_operation(hapd, tailpos);
tailpos = hostapd_eid_he_mu_edca_parameter_set(hapd, tailpos);
tailpos = hostapd_eid_spatial_reuse(hapd, tailpos);
tailpos = hostapd_eid_he_mu_edca_parameter_set(hapd, tailpos);
tailpos = hostapd_eid_he_6ghz_band_cap(hapd, tailpos);
}
#endif /* CONFIG_IEEE80211AX */
@ -1239,11 +1614,9 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
tailpos = hostapd_eid_vendor_vht(hapd, tailpos);
#endif /* CONFIG_IEEE80211AC */
/* WPA */
if (hapd->conf->wpa == WPA_PROTO_WPA)
tailpos = hostapd_eid_wpa(hapd, tailpos,
tail + BEACON_TAIL_BUF_SIZE -
tailpos);
/* WPA / OSEN */
tailpos = hostapd_get_wpa_ie(hapd, tailpos, tailend - tailpos);
tailpos = hostapd_get_osen_ie(hapd, tailpos, tailend - tailpos);
/* Wi-Fi Alliance WMM */
tailpos = hostapd_eid_wmm(hapd, tailpos);
@ -1271,12 +1644,12 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
#ifdef CONFIG_HS20
tailpos = hostapd_eid_hs20_indication(hapd, tailpos);
tailpos = hostapd_eid_osen(hapd, tailpos);
#endif /* CONFIG_HS20 */
tailpos = hostapd_eid_mbo(hapd, tailpos, tail + tail_len - tailpos);
tailpos = hostapd_eid_owe_trans(hapd, tailpos,
tail + tail_len - tailpos);
tailpos = hostapd_eid_dpp_cc(hapd, tailpos, tail + tail_len - tailpos);
if (hapd->conf->vendor_elements) {
os_memcpy(tailpos, wpabuf_head(hapd->conf->vendor_elements),
@ -1315,10 +1688,13 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
params->key_mgmt_suites = hapd->conf->wpa_key_mgmt;
params->auth_algs = hapd->conf->auth_algs;
params->wpa_version = hapd->conf->wpa;
params->privacy = hapd->conf->ssid.wep.keys_set || hapd->conf->wpa ||
params->privacy = hapd->conf->wpa;
#ifdef CONFIG_WEP
params->privacy |= hapd->conf->ssid.wep.keys_set ||
(hapd->conf->ieee802_1x &&
(hapd->conf->default_wep_key_len ||
hapd->conf->individual_wep_key_len));
#endif /* CONFIG_WEP */
switch (hapd->conf->ignore_broadcast_ssid) {
case 0:
params->hide_ssid = NO_SSID_HIDING;
@ -1331,7 +1707,6 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
break;
}
params->isolate = hapd->conf->isolate;
params->smps_mode = hapd->iconf->ht_capab & HT_CAP_INFO_SMPS_MASK;
#ifdef NEED_AP_MLME
params->cts_protect = !!(ieee802_11_erp_info(hapd) &
ERP_INFO_USE_PROTECTION);
@ -1390,10 +1765,18 @@ void ieee802_11_free_ap_params(struct wpa_driver_ap_params *params)
params->head = NULL;
os_free(params->proberesp);
params->proberesp = NULL;
#ifdef CONFIG_FILS
os_free(params->fd_frame_tmpl);
params->fd_frame_tmpl = NULL;
#endif /* CONFIG_FILS */
#ifdef CONFIG_IEEE80211AX
os_free(params->unsol_bcast_probe_resp_tmpl);
params->unsol_bcast_probe_resp_tmpl = NULL;
#endif /* CONFIG_IEEE80211AX */
}
int ieee802_11_set_beacon(struct hostapd_data *hapd)
static int __ieee802_11_set_beacon(struct hostapd_data *hapd)
{
struct wpa_driver_ap_params params;
struct hostapd_freq_params freq;
@ -1403,6 +1786,11 @@ int ieee802_11_set_beacon(struct hostapd_data *hapd)
struct wpabuf *beacon, *proberesp, *assocresp;
int res, ret = -1;
if (!hapd->drv_priv) {
wpa_printf(MSG_ERROR, "Interface is disabled");
return -1;
}
if (hapd->csa_in_progress) {
wpa_printf(MSG_ERROR, "Cannot set beacons during CSA period");
return -1;
@ -1421,11 +1809,41 @@ int ieee802_11_set_beacon(struct hostapd_data *hapd)
params.proberesp_ies = proberesp;
params.assocresp_ies = assocresp;
params.reenable = hapd->reenable_beacon;
#ifdef CONFIG_IEEE80211AX
params.he_spr_ctrl = hapd->iface->conf->spr.sr_control;
params.he_spr_non_srg_obss_pd_max_offset =
hapd->iface->conf->spr.non_srg_obss_pd_max_offset;
params.he_spr_srg_obss_pd_min_offset =
hapd->iface->conf->spr.srg_obss_pd_min_offset;
params.he_spr_srg_obss_pd_max_offset =
hapd->iface->conf->spr.srg_obss_pd_max_offset;
os_memcpy(params.he_spr_bss_color_bitmap,
hapd->iface->conf->spr.srg_bss_color_bitmap, 8);
os_memcpy(params.he_spr_partial_bssid_bitmap,
hapd->iface->conf->spr.srg_partial_bssid_bitmap, 8);
params.he_bss_color_disabled =
hapd->iface->conf->he_op.he_bss_color_disabled;
params.he_bss_color_partial =
hapd->iface->conf->he_op.he_bss_color_partial;
params.he_bss_color = hapd->iface->conf->he_op.he_bss_color;
params.twt_responder = hostapd_get_he_twt_responder(hapd,
IEEE80211_MODE_AP);
params.unsol_bcast_probe_resp_tmpl =
hostapd_unsol_bcast_probe_resp(hapd, &params);
#endif /* CONFIG_IEEE80211AX */
hapd->reenable_beacon = 0;
#ifdef CONFIG_SAE
params.sae_pwe = hapd->conf->sae_pwe;
#endif /* CONFIG_SAE */
#ifdef CONFIG_FILS
params.fd_frame_tmpl = hostapd_fils_discovery(hapd, &params);
#endif /* CONFIG_FILS */
if (cmode &&
hostapd_set_freq_params(&freq, iconf->hw_mode, iface->freq,
iconf->channel, iconf->ieee80211n,
iconf->channel, iconf->enable_edmg,
iconf->edmg_channel, iconf->ieee80211n,
iconf->ieee80211ac, iconf->ieee80211ax,
iconf->secondary_channel,
hostapd_get_oper_chwidth(iconf),
@ -1447,6 +1865,42 @@ fail:
}
int ieee802_11_set_beacon(struct hostapd_data *hapd)
{
struct hostapd_iface *iface = hapd->iface;
int ret;
size_t i, j;
bool is_6g;
ret = __ieee802_11_set_beacon(hapd);
if (ret != 0)
return ret;
if (!iface->interfaces || iface->interfaces->count <= 1)
return 0;
/* Update Beacon frames in case of 6 GHz colocation */
is_6g = is_6ghz_op_class(iface->conf->op_class);
for (j = 0; j < iface->interfaces->count; j++) {
struct hostapd_iface *colocated;
colocated = iface->interfaces->iface[j];
if (colocated == iface || !colocated || !colocated->conf)
continue;
if (is_6g == is_6ghz_op_class(colocated->conf->op_class))
continue;
for (i = 0; i < colocated->num_bss; i++) {
if (colocated->bss[i] && colocated->bss[i]->started)
__ieee802_11_set_beacon(colocated->bss[i]);
}
}
return 0;
}
int ieee802_11_set_beacons(struct hostapd_iface *iface)
{
size_t i;

2
src/ap/beacon.h
View File

@ -30,4 +30,6 @@ sta_track_seen_on(struct hostapd_iface *iface, const u8 *addr,
void sta_track_claim_taxonomy_info(struct hostapd_iface *iface, const u8 *addr,
struct wpabuf **probe_ie_taxonomy);
const u8 * hostapd_wpa_ie(struct hostapd_data *hapd, u8 eid);
#endif /* BEACON_H */

141
src/ap/ctrl_iface_ap.c
View File

@ -50,9 +50,35 @@ static size_t hostapd_write_ht_mcs_bitmask(char *buf, size_t buflen,
}
static int hostapd_get_sta_tx_rx(struct hostapd_data *hapd,
struct sta_info *sta,
char *buf, size_t buflen)
static int hostapd_get_sta_conn_time(struct sta_info *sta,
struct hostap_sta_driver_data *data,
char *buf, size_t buflen)
{
struct os_reltime age;
unsigned long secs;
int ret;
if (sta->connected_time.sec) {
/* Locally maintained time in AP mode */
os_reltime_age(&sta->connected_time, &age);
secs = (unsigned long) age.sec;
} else if (data->flags & STA_DRV_DATA_CONN_TIME) {
/* Time from the driver in mesh mode */
secs = data->connected_sec;
} else {
return 0;
}
ret = os_snprintf(buf, buflen, "connected_time=%lu\n", secs);
if (os_snprintf_error(buflen, ret))
return 0;
return ret;
}
static int hostapd_get_sta_info(struct hostapd_data *hapd,
struct sta_info *sta,
char *buf, size_t buflen)
{
struct hostap_sta_driver_data data;
int ret;
@ -160,29 +186,12 @@ static int hostapd_get_sta_tx_rx(struct hostapd_data *hapd,
len += ret;
}
len += hostapd_get_sta_conn_time(sta, &data, buf + len, buflen - len);
return len;
}
static int hostapd_get_sta_conn_time(struct sta_info *sta,
char *buf, size_t buflen)
{
struct os_reltime age;
int ret;
if (!sta->connected_time.sec)
return 0;
os_reltime_age(&sta->connected_time, &age);
ret = os_snprintf(buf, buflen, "connected_time=%u\n",
(unsigned int) age.sec);
if (os_snprintf_error(buflen, ret))
return 0;
return ret;
}
static const char * timeout_next_str(int val)
{
switch (val) {
@ -263,8 +272,7 @@ static int hostapd_ctrl_iface_sta_mib(struct hostapd_data *hapd,
if (res >= 0)
len += res;
len += hostapd_get_sta_tx_rx(hapd, sta, buf + len, buflen - len);
len += hostapd_get_sta_conn_time(sta, buf + len, buflen - len);
len += hostapd_get_sta_info(hapd, sta, buf + len, buflen - len);
#ifdef CONFIG_SAE
if (sta->sae && sta->sae->state == SAE_ACCEPTED) {
@ -273,6 +281,36 @@ static int hostapd_ctrl_iface_sta_mib(struct hostapd_data *hapd,
if (!os_snprintf_error(buflen - len, res))
len += res;
}
if (sta->sae && sta->sae->tmp) {
const u8 *pos;
unsigned int j, count;
struct wpabuf *groups = sta->sae->tmp->peer_rejected_groups;
res = os_snprintf(buf + len, buflen - len,
"sae_rejected_groups=");
if (!os_snprintf_error(buflen - len, res))
len += res;
if (groups) {
pos = wpabuf_head(groups);
count = wpabuf_len(groups) / 2;
} else {
pos = NULL;
count = 0;
}
for (j = 0; pos && j < count; j++) {
res = os_snprintf(buf + len, buflen - len, "%s%d",
j == 0 ? "" : " ", WPA_GET_LE16(pos));
if (!os_snprintf_error(buflen - len, res))
len += res;
pos += 2;
}
res = os_snprintf(buf + len, buflen - len, "\n");
if (!os_snprintf_error(buflen - len, res))
len += res;
}
#endif /* CONFIG_SAE */
if (sta->vlan_id > 0) {
@ -315,7 +353,6 @@ static int hostapd_ctrl_iface_sta_mib(struct hostapd_data *hapd,
}
#endif /* CONFIG_IEEE80211AC */
#ifdef CONFIG_IEEE80211N
if ((sta->flags & WLAN_STA_HT) && sta->ht_capabilities) {
res = os_snprintf(buf + len, buflen - len,
"ht_caps_info=0x%04x\n",
@ -324,7 +361,6 @@ static int hostapd_ctrl_iface_sta_mib(struct hostapd_data *hapd,
if (!os_snprintf_error(buflen - len, res))
len += res;
}
#endif /* CONFIG_IEEE80211N */
if (sta->ext_capability &&
buflen - len > (unsigned) (11 + 2 * sta->ext_capability[0])) {
@ -432,9 +468,6 @@ static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
int ret;
u8 *pos;
if (!hapd->drv_priv || !hapd->driver->send_frame)
return -1;
mgmt = os_zalloc(sizeof(*mgmt) + 100);
if (mgmt == NULL)
return -1;
@ -468,8 +501,8 @@ static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
pos += 2;
*pos++ = minor_reason_code;
ret = hapd->driver->send_frame(hapd->drv_priv, (u8 *) mgmt,
pos - (u8 *) mgmt, 1);
ret = hostapd_drv_send_mlme(hapd, mgmt, pos - (u8 *) mgmt, 0, NULL, 0,
0);
os_free(mgmt);
return ret < 0 ? -1 : 0;
@ -499,8 +532,7 @@ int hostapd_ctrl_iface_deauthenticate(struct hostapd_data *hapd,
if (pos) {
struct ieee80211_mgmt mgmt;
int encrypt;
if (!hapd->drv_priv || !hapd->driver->send_frame)
return -1;
pos += 6;
encrypt = atoi(pos);
os_memset(&mgmt, 0, sizeof(mgmt));
@ -510,10 +542,10 @@ int hostapd_ctrl_iface_deauthenticate(struct hostapd_data *hapd,
os_memcpy(mgmt.sa, hapd->own_addr, ETH_ALEN);
os_memcpy(mgmt.bssid, hapd->own_addr, ETH_ALEN);
mgmt.u.deauth.reason_code = host_to_le16(reason);
if (hapd->driver->send_frame(hapd->drv_priv, (u8 *) &mgmt,
IEEE80211_HDRLEN +
sizeof(mgmt.u.deauth),
encrypt) < 0)
if (hostapd_drv_send_mlme(hapd, (u8 *) &mgmt,
IEEE80211_HDRLEN +
sizeof(mgmt.u.deauth),
0, NULL, 0, !encrypt) < 0)
return -1;
return 0;
}
@ -562,8 +594,7 @@ int hostapd_ctrl_iface_disassociate(struct hostapd_data *hapd,
if (pos) {
struct ieee80211_mgmt mgmt;
int encrypt;
if (!hapd->drv_priv || !hapd->driver->send_frame)
return -1;
pos += 6;
encrypt = atoi(pos);
os_memset(&mgmt, 0, sizeof(mgmt));
@ -573,10 +604,10 @@ int hostapd_ctrl_iface_disassociate(struct hostapd_data *hapd,
os_memcpy(mgmt.sa, hapd->own_addr, ETH_ALEN);
os_memcpy(mgmt.bssid, hapd->own_addr, ETH_ALEN);
mgmt.u.disassoc.reason_code = host_to_le16(reason);
if (hapd->driver->send_frame(hapd->drv_priv, (u8 *) &mgmt,
IEEE80211_HDRLEN +
sizeof(mgmt.u.deauth),
encrypt) < 0)
if (hostapd_drv_send_mlme(hapd, (u8 *) &mgmt,
IEEE80211_HDRLEN +
sizeof(mgmt.u.deauth),
0, NULL, 0, !encrypt) < 0)
return -1;
return 0;
}
@ -709,6 +740,8 @@ int hostapd_ctrl_iface_status(struct hostapd_data *hapd, char *buf,
ret = os_snprintf(buf + len, buflen - len,
"channel=%u\n"
"edmg_enable=%d\n"
"edmg_channel=%d\n"
"secondary_channel=%d\n"
"ieee80211n=%d\n"
"ieee80211ac=%d\n"
@ -716,17 +749,36 @@ int hostapd_ctrl_iface_status(struct hostapd_data *hapd, char *buf,
"beacon_int=%u\n"
"dtim_period=%d\n",
iface->conf->channel,
iface->conf->enable_edmg,
iface->conf->edmg_channel,
iface->conf->ieee80211n && !hapd->conf->disable_11n ?
iface->conf->secondary_channel : 0,
iface->conf->ieee80211n && !hapd->conf->disable_11n,
iface->conf->ieee80211ac &&
!hapd->conf->disable_11ac,
iface->conf->ieee80211ax,
iface->conf->ieee80211ax &&
!hapd->conf->disable_11ax,
iface->conf->beacon_int,
hapd->conf->dtim_period);
if (os_snprintf_error(buflen - len, ret))
return len;
len += ret;
#ifdef CONFIG_IEEE80211AX
if (iface->conf->ieee80211ax && !hapd->conf->disable_11ax) {
ret = os_snprintf(buf + len, buflen - len,
"he_oper_chwidth=%d\n"
"he_oper_centr_freq_seg0_idx=%d\n"
"he_oper_centr_freq_seg1_idx=%d\n",
iface->conf->he_oper_chwidth,
iface->conf->he_oper_centr_freq_seg0_idx,
iface->conf->he_oper_centr_freq_seg1_idx);
if (os_snprintf_error(buflen - len, ret))
return len;
len += ret;
}
#endif /* CONFIG_IEEE80211AX */
if (iface->conf->ieee80211ac && !hapd->conf->disable_11ac) {
ret = os_snprintf(buf + len, buflen - len,
"vht_oper_chwidth=%d\n"
@ -865,6 +917,7 @@ int hostapd_parse_csa_settings(const char *pos,
SET_CSA_SETTING(sec_channel_offset);
settings->freq_params.ht_enabled = !!os_strstr(pos, " ht");
settings->freq_params.vht_enabled = !!os_strstr(pos, " vht");
settings->freq_params.he_enabled = !!os_strstr(pos, " he");
settings->block_tx = !!os_strstr(pos, " blocktx");
#undef SET_CSA_SETTING

331
src/ap/dfs.c
View File

@ -81,17 +81,17 @@ static int dfs_is_chan_allowed(struct hostapd_channel_data *chan, int n_chans)
* We will also choose this first channel as the control one.
*/
int allowed_40[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
184, 192 };
165, 173, 184, 192 };
/*
* VHT80, valid channels based on center frequency:
* 42, 58, 106, 122, 138, 155
* 42, 58, 106, 122, 138, 155, 171
*/
int allowed_80[] = { 36, 52, 100, 116, 132, 149 };
int allowed_80[] = { 36, 52, 100, 116, 132, 149, 165 };
/*
* VHT160 valid channels based on center frequency:
* 50, 114
* 50, 114, 163
*/
int allowed_160[] = { 36, 100 };
int allowed_160[] = { 36, 100, 149 };
int *allowed = allowed_40;
unsigned int i, allowed_no = 0;
@ -144,30 +144,44 @@ static int dfs_chan_range_available(struct hostapd_hw_modes *mode,
int i;
u32 bw = num_chan_to_bw(num_chans);
if (first_chan_idx + num_chans > mode->num_channels)
if (first_chan_idx + num_chans > mode->num_channels) {
wpa_printf(MSG_DEBUG,
"DFS: some channels in range not defined");
return 0;
}
first_chan = &mode->channels[first_chan_idx];
/* hostapd DFS implementation assumes the first channel as primary.
* If it's not allowed to use the first channel as primary, decline the
* whole channel range. */
if (!chan_pri_allowed(first_chan))
if (!chan_pri_allowed(first_chan)) {
wpa_printf(MSG_DEBUG, "DFS: primary chanenl not allowed");
return 0;
}
for (i = 0; i < num_chans; i++) {
chan = dfs_get_chan_data(mode, first_chan->freq + i * 20,
first_chan_idx);
if (!chan)
if (!chan) {
wpa_printf(MSG_DEBUG, "DFS: no channel data for %d",
first_chan->freq + i * 20);
return 0;
}
/* HT 40 MHz secondary channel availability checked only for
* primary channel */
if (!chan_bw_allowed(chan, bw, 1, !i))
if (!chan_bw_allowed(chan, bw, 1, !i)) {
wpa_printf(MSG_DEBUG, "DFS: bw now allowed for %d",
first_chan->freq + i * 20);
return 0;
}
if (!dfs_channel_available(chan, skip_radar))
if (!dfs_channel_available(chan, skip_radar)) {
wpa_printf(MSG_DEBUG, "DFS: channel not available %d",
first_chan->freq + i * 20);
return 0;
}
}
return 1;
@ -210,22 +224,39 @@ static int dfs_find_channel(struct hostapd_iface *iface,
if (iface->conf->ieee80211n &&
iface->conf->secondary_channel &&
(!dfs_is_chan_allowed(chan, n_chans) ||
!(chan->allowed_bw & HOSTAPD_CHAN_WIDTH_40P)))
!(chan->allowed_bw & HOSTAPD_CHAN_WIDTH_40P))) {
wpa_printf(MSG_DEBUG,
"DFS: channel %d (%d) is incompatible",
chan->freq, chan->chan);
continue;
}
/* Skip incompatible chandefs */
if (!dfs_chan_range_available(mode, i, n_chans, skip_radar))
if (!dfs_chan_range_available(mode, i, n_chans, skip_radar)) {
wpa_printf(MSG_DEBUG,
"DFS: range not available for %d (%d)",
chan->freq, chan->chan);
continue;
}
if (!is_in_chanlist(iface, chan))
if (!is_in_chanlist(iface, chan)) {
wpa_printf(MSG_DEBUG,
"DFS: channel %d (%d) not in chanlist",
chan->freq, chan->chan);
continue;
}
if (chan->max_tx_power < iface->conf->min_tx_power)
continue;
if (ret_chan && idx == channel_idx) {
wpa_printf(MSG_DEBUG, "Selected ch. #%d", chan->chan);
wpa_printf(MSG_DEBUG, "Selected channel %d (%d)",
chan->freq, chan->chan);
*ret_chan = chan;
return idx;
}
wpa_printf(MSG_DEBUG, "Adding channel: %d", chan->chan);
wpa_printf(MSG_DEBUG, "Adding channel %d (%d)",
chan->freq, chan->chan);
channel_idx++;
}
return channel_idx;
@ -235,6 +266,7 @@ static int dfs_find_channel(struct hostapd_iface *iface,
static void dfs_adjust_center_freq(struct hostapd_iface *iface,
struct hostapd_channel_data *chan,
int secondary_channel,
int sec_chan_idx_80p80,
u8 *oper_centr_freq_seg0_idx,
u8 *oper_centr_freq_seg1_idx)
{
@ -261,8 +293,14 @@ static void dfs_adjust_center_freq(struct hostapd_iface *iface,
case CHANWIDTH_160MHZ:
*oper_centr_freq_seg0_idx = chan->chan + 14;
break;
case CHANWIDTH_80P80MHZ:
*oper_centr_freq_seg0_idx = chan->chan + 6;
*oper_centr_freq_seg1_idx = sec_chan_idx_80p80 + 6;
break;
default:
wpa_printf(MSG_INFO, "DFS only VHT20/40/80/160 is supported now");
wpa_printf(MSG_INFO,
"DFS: Unsupported channel width configuration");
*oper_centr_freq_seg0_idx = 0;
break;
}
@ -441,8 +479,11 @@ dfs_get_valid_channel(struct hostapd_iface *iface,
{
struct hostapd_hw_modes *mode;
struct hostapd_channel_data *chan = NULL;
struct hostapd_channel_data *chan2 = NULL;
int num_available_chandefs;
int chan_idx;
int chan_idx, chan_idx2;
int sec_chan_idx_80p80 = -1;
int i;
u32 _rand;
wpa_printf(MSG_DEBUG, "DFS: Selecting random channel");
@ -459,6 +500,8 @@ dfs_get_valid_channel(struct hostapd_iface *iface,
/* Get the count first */
num_available_chandefs = dfs_find_channel(iface, NULL, 0, skip_radar);
wpa_printf(MSG_DEBUG, "DFS: num_available_chandefs=%d",
num_available_chandefs);
if (num_available_chandefs == 0)
return NULL;
@ -466,6 +509,12 @@ dfs_get_valid_channel(struct hostapd_iface *iface,
return NULL;
chan_idx = _rand % num_available_chandefs;
dfs_find_channel(iface, &chan, chan_idx, skip_radar);
if (!chan) {
wpa_printf(MSG_DEBUG, "DFS: no random channel found");
return NULL;
}
wpa_printf(MSG_DEBUG, "DFS: got random channel %d (%d)",
chan->freq, chan->chan);
/* dfs_find_channel() calculations assume HT40+ */
if (iface->conf->secondary_channel)
@ -473,8 +522,45 @@ dfs_get_valid_channel(struct hostapd_iface *iface,
else
*secondary_channel = 0;
/* Get secondary channel for HT80P80 */
if (hostapd_get_oper_chwidth(iface->conf) == CHANWIDTH_80P80MHZ) {
if (num_available_chandefs <= 1) {
wpa_printf(MSG_ERROR,
"only 1 valid chan, can't support 80+80");
return NULL;
}
/*
* Loop all channels except channel1 to find a valid channel2
* that is not adjacent to channel1.
*/
for (i = 0; i < num_available_chandefs - 1; i++) {
/* start from chan_idx + 1, end when chan_idx - 1 */
chan_idx2 = (chan_idx + 1 + i) % num_available_chandefs;
dfs_find_channel(iface, &chan2, chan_idx2, skip_radar);
if (chan2 && abs(chan2->chan - chan->chan) > 12) {
/* two channels are not adjacent */
sec_chan_idx_80p80 = chan2->chan;
wpa_printf(MSG_DEBUG,
"DFS: got second chan: %d (%d)",
chan2->freq, chan2->chan);
break;
}
}
/* Check if we got a valid secondary channel which is not
* adjacent to the first channel.
*/
if (sec_chan_idx_80p80 == -1) {
wpa_printf(MSG_INFO,
"DFS: failed to get chan2 for 80+80");
return NULL;
}
}
dfs_adjust_center_freq(iface, chan,
*secondary_channel,
sec_chan_idx_80p80,
oper_centr_freq_seg0_idx,
oper_centr_freq_seg1_idx);
@ -515,6 +601,7 @@ static int set_dfs_state(struct hostapd_iface *iface, int freq, int ht_enabled,
int n_chans = 1, i;
struct hostapd_hw_modes *mode;
int frequency = freq;
int frequency2 = 0;
int ret = 0;
mode = iface->current_mode;
@ -542,6 +629,11 @@ static int set_dfs_state(struct hostapd_iface *iface, int freq, int ht_enabled,
n_chans = 4;
frequency = cf1 - 30;
break;
case CHAN_WIDTH_80P80:
n_chans = 4;
frequency = cf1 - 30;
frequency2 = cf2 - 30;
break;
case CHAN_WIDTH_160:
n_chans = 8;
frequency = cf1 - 70;
@ -557,6 +649,11 @@ static int set_dfs_state(struct hostapd_iface *iface, int freq, int ht_enabled,
for (i = 0; i < n_chans; i++) {
ret += set_dfs_state_freq(iface, frequency, state);
frequency = frequency + 20;
if (chan_width == CHAN_WIDTH_80P80) {
ret += set_dfs_state_freq(iface, frequency2, state);
frequency2 = frequency2 + 20;
}
}
return ret;
@ -662,6 +759,9 @@ int hostapd_handle_dfs(struct hostapd_iface *iface)
int res, n_chans, n_chans1, start_chan_idx, start_chan_idx1;
int skip_radar = 0;
if (is_6ghz_freq(iface->freq))
return 1;
if (!iface->current_mode) {
/*
* This can happen with drivers that do not provide mode
@ -759,7 +859,7 @@ int hostapd_handle_dfs(struct hostapd_iface *iface)
}
static int hostapd_config_dfs_chan_available(struct hostapd_iface *iface)
int hostapd_is_dfs_chan_available(struct hostapd_iface *iface)
{
int n_chans, n_chans1, start_chan_idx, start_chan_idx1;
@ -807,7 +907,7 @@ int hostapd_dfs_complete_cac(struct hostapd_iface *iface, int success, int freq,
* another radio.
*/
if (iface->state != HAPD_IFACE_ENABLED &&
hostapd_config_dfs_chan_available(iface)) {
hostapd_is_dfs_chan_available(iface)) {
hostapd_setup_interface_complete(iface, 0);
iface->cac_started = 0;
}
@ -837,6 +937,44 @@ int hostapd_dfs_pre_cac_expired(struct hostapd_iface *iface, int freq,
}
static struct hostapd_channel_data *
dfs_downgrade_bandwidth(struct hostapd_iface *iface, int *secondary_channel,
u8 *oper_centr_freq_seg0_idx,
u8 *oper_centr_freq_seg1_idx, int *skip_radar)
{
struct hostapd_channel_data *channel;
for (;;) {
channel = dfs_get_valid_channel(iface, secondary_channel,
oper_centr_freq_seg0_idx,
oper_centr_freq_seg1_idx,
*skip_radar);
if (channel) {
wpa_printf(MSG_DEBUG, "DFS: Selected channel: %d",
channel->chan);
return channel;
}
if (*skip_radar) {
*skip_radar = 0;
} else {
int oper_chwidth;
oper_chwidth = hostapd_get_oper_chwidth(iface->conf);
if (oper_chwidth == CHANWIDTH_USE_HT)
break;
*skip_radar = 1;
hostapd_set_oper_chwidth(iface->conf, oper_chwidth - 1);
}
}
wpa_printf(MSG_INFO,
"%s: no DFS channels left, waiting for NOP to finish",
__func__);
return NULL;
}
static int hostapd_dfs_start_channel_switch_cac(struct hostapd_iface *iface)
{
struct hostapd_channel_data *channel;
@ -854,8 +992,14 @@ static int hostapd_dfs_start_channel_switch_cac(struct hostapd_iface *iface)
skip_radar);
if (!channel) {
wpa_printf(MSG_ERROR, "No valid channel available");
return err;
channel = dfs_downgrade_bandwidth(iface, &secondary_channel,
&oper_centr_freq_seg0_idx,
&oper_centr_freq_seg1_idx,
&skip_radar);
if (!channel) {
wpa_printf(MSG_ERROR, "No valid channel available");
return err;
}
}
wpa_printf(MSG_DEBUG, "DFS will switch to a new channel %d",
@ -884,11 +1028,14 @@ static int hostapd_dfs_start_channel_switch(struct hostapd_iface *iface)
int secondary_channel;
u8 oper_centr_freq_seg0_idx;
u8 oper_centr_freq_seg1_idx;
u8 new_vht_oper_chwidth;
int skip_radar = 1;
struct csa_settings csa_settings;
unsigned int i;
int err = 1;
struct hostapd_hw_modes *cmode = iface->current_mode;
u8 current_vht_oper_chwidth = hostapd_get_oper_chwidth(iface->conf);
int ieee80211_mode = IEEE80211_MODE_AP;
wpa_printf(MSG_DEBUG, "%s called (CAC active: %s, CSA active: %s)",
__func__, iface->cac_started ? "yes" : "no",
@ -922,28 +1069,33 @@ static int hostapd_dfs_start_channel_switch(struct hostapd_iface *iface)
* requires to perform a CAC first.
*/
skip_radar = 0;
channel = dfs_get_valid_channel(iface, &secondary_channel,
&oper_centr_freq_seg0_idx,
&oper_centr_freq_seg1_idx,
skip_radar);
channel = dfs_downgrade_bandwidth(iface, &secondary_channel,
&oper_centr_freq_seg0_idx,
&oper_centr_freq_seg1_idx,
&skip_radar);
if (!channel) {
wpa_printf(MSG_INFO,
"%s: no DFS channels left, waiting for NOP to finish",
__func__);
return err;
/*
* Toggle interface state to enter DFS state
* until NOP is finished.
*/
hostapd_disable_iface(iface);
hostapd_enable_iface(iface);
return 0;
}
iface->freq = channel->freq;
iface->conf->channel = channel->chan;
iface->conf->secondary_channel = secondary_channel;
hostapd_set_oper_centr_freq_seg0_idx(iface->conf,
oper_centr_freq_seg0_idx);
hostapd_set_oper_centr_freq_seg1_idx(iface->conf,
oper_centr_freq_seg1_idx);
if (!skip_radar) {
iface->freq = channel->freq;
iface->conf->channel = channel->chan;
iface->conf->secondary_channel = secondary_channel;
hostapd_set_oper_centr_freq_seg0_idx(
iface->conf, oper_centr_freq_seg0_idx);
hostapd_set_oper_centr_freq_seg1_idx(
iface->conf, oper_centr_freq_seg1_idx);
hostapd_disable_iface(iface);
hostapd_enable_iface(iface);
return 0;
hostapd_disable_iface(iface);
hostapd_enable_iface(iface);
return 0;
}
}
wpa_printf(MSG_DEBUG, "DFS will switch to a new channel %d",
@ -952,23 +1104,32 @@ static int hostapd_dfs_start_channel_switch(struct hostapd_iface *iface)
"freq=%d chan=%d sec_chan=%d", channel->freq,
channel->chan, secondary_channel);
new_vht_oper_chwidth = hostapd_get_oper_chwidth(iface->conf);
hostapd_set_oper_chwidth(iface->conf, current_vht_oper_chwidth);
/* Setup CSA request */
os_memset(&csa_settings, 0, sizeof(csa_settings));
csa_settings.cs_count = 5;
csa_settings.block_tx = 1;
#ifdef CONFIG_MESH
if (iface->mconf)
ieee80211_mode = IEEE80211_MODE_MESH;
#endif /* CONFIG_MESH */
err = hostapd_set_freq_params(&csa_settings.freq_params,
iface->conf->hw_mode,
channel->freq,
channel->chan,
iface->conf->enable_edmg,
iface->conf->edmg_channel,
iface->conf->ieee80211n,
iface->conf->ieee80211ac,
iface->conf->ieee80211ax,
secondary_channel,
hostapd_get_oper_chwidth(iface->conf),
new_vht_oper_chwidth,
oper_centr_freq_seg0_idx,
oper_centr_freq_seg1_idx,
cmode->vht_capab,
&cmode->he_capab[IEEE80211_MODE_AP]);
&cmode->he_capab[ieee80211_mode]);
if (err) {
wpa_printf(MSG_ERROR, "DFS failed to calculate CSA freq params");
@ -988,6 +1149,7 @@ static int hostapd_dfs_start_channel_switch(struct hostapd_iface *iface)
iface->freq = channel->freq;
iface->conf->channel = channel->chan;
iface->conf->secondary_channel = secondary_channel;
hostapd_set_oper_chwidth(iface->conf, new_vht_oper_chwidth);
hostapd_set_oper_centr_freq_seg0_idx(iface->conf,
oper_centr_freq_seg0_idx);
hostapd_set_oper_centr_freq_seg1_idx(iface->conf,
@ -1024,8 +1186,10 @@ int hostapd_dfs_radar_detected(struct hostapd_iface *iface, int freq,
return 0;
/* mark radar frequency as invalid */
set_dfs_state(iface, freq, ht_enabled, chan_offset, chan_width,
cf1, cf2, HOSTAPD_CHAN_DFS_UNAVAILABLE);
res = set_dfs_state(iface, freq, ht_enabled, chan_offset, chan_width,
cf1, cf2, HOSTAPD_CHAN_DFS_UNAVAILABLE);
if (!res)
return 0;
/* Skip if reported radar event not overlapped our channels */
res = dfs_are_channels_overlapped(iface, freq, chan_width, cf1, cf2);
@ -1067,7 +1231,9 @@ int hostapd_is_dfs_required(struct hostapd_iface *iface)
{
int n_chans, n_chans1, start_chan_idx, start_chan_idx1, res;
if (!iface->conf->ieee80211h || !iface->current_mode ||
if ((!(iface->drv_flags & WPA_DRIVER_FLAGS_DFS_OFFLOAD) &&
!iface->conf->ieee80211h) ||
!iface->current_mode ||
iface->current_mode->mode != HOSTAPD_MODE_IEEE80211A)
return 0;
@ -1093,11 +1259,18 @@ int hostapd_dfs_start_cac(struct hostapd_iface *iface, int freq,
int ht_enabled, int chan_offset, int chan_width,
int cf1, int cf2)
{
/* This is called when the driver indicates that an offloaded DFS has
* started CAC. */
hostapd_set_state(iface, HAPD_IFACE_DFS);
/* TODO: How to check CAC time for ETSI weather channels? */
iface->dfs_cac_ms = 60000;
wpa_msg(iface->bss[0]->msg_ctx, MSG_INFO, DFS_EVENT_CAC_START
"freq=%d chan=%d chan_offset=%d width=%d seg0=%d "
"seg1=%d cac_time=%ds",
freq, (freq - 5000) / 5, chan_offset, chan_width, cf1, cf2, 60);
freq, (freq - 5000) / 5, chan_offset, chan_width, cf1, cf2,
iface->dfs_cac_ms / 1000);
iface->cac_started = 1;
os_get_reltime(&iface->dfs_cac_start);
return 0;
}
@ -1111,6 +1284,8 @@ int hostapd_dfs_start_cac(struct hostapd_iface *iface, int freq,
*/
int hostapd_handle_dfs_offload(struct hostapd_iface *iface)
{
int dfs_res;
wpa_printf(MSG_DEBUG, "%s: iface->cac_started: %d",
__func__, iface->cac_started);
@ -1126,10 +1301,11 @@ int hostapd_handle_dfs_offload(struct hostapd_iface *iface)
return 1;
}
if (ieee80211_is_dfs(iface->freq, iface->hw_features,
iface->num_hw_features)) {
wpa_printf(MSG_DEBUG, "%s: freq %d MHz requires DFS",
__func__, iface->freq);
dfs_res = hostapd_is_dfs_required(iface);
if (dfs_res > 0) {
wpa_printf(MSG_DEBUG,
"%s: freq %d MHz requires DFS for %d chans",
__func__, iface->freq, dfs_res);
return 0;
}
@ -1138,3 +1314,60 @@ int hostapd_handle_dfs_offload(struct hostapd_iface *iface)
__func__, iface->freq);
return 2;
}
int hostapd_is_dfs_overlap(struct hostapd_iface *iface, enum chan_width width,
int center_freq)
{
struct hostapd_channel_data *chan;
struct hostapd_hw_modes *mode = iface->current_mode;
int half_width;
int res = 0;
int i;
if (!iface->conf->ieee80211h || !mode ||
mode->mode != HOSTAPD_MODE_IEEE80211A)
return 0;
switch (width) {
case CHAN_WIDTH_20_NOHT:
case CHAN_WIDTH_20:
half_width = 10;
break;
case CHAN_WIDTH_40:
half_width = 20;
break;
case CHAN_WIDTH_80:
case CHAN_WIDTH_80P80:
half_width = 40;
break;
case CHAN_WIDTH_160:
half_width = 80;
break;
default:
wpa_printf(MSG_WARNING, "DFS chanwidth %d not supported",
width);
return 0;
}
for (i = 0; i < mode->num_channels; i++) {
chan = &mode->channels[i];
if (!(chan->flag & HOSTAPD_CHAN_RADAR))
continue;
if ((chan->flag & HOSTAPD_CHAN_DFS_MASK) ==
HOSTAPD_CHAN_DFS_AVAILABLE)
continue;
if (center_freq - chan->freq < half_width &&
chan->freq - center_freq < half_width)
res++;
}
wpa_printf(MSG_DEBUG, "DFS CAC required: (%d, %d): in range: %s",
center_freq - half_width, center_freq + half_width,
res ? "yes" : "no");
return res;
}

Some files were not shown because too many files have changed in this diff Show More