Jouni Malinen [Sun, 23 Mar 2014 21:50:37 +0000 (23:50 +0200)]
Allow hostapd to advertise 40 MHz intolerant HT capability
ht_capab=[40-INTOLERANT] can now be used to advertise that the BSS is 40
MHz intolerant to prevent other 20/40 MHz co-ex compliant APs from using
40 MHz channel bandwidth.
Jouni Malinen [Sun, 23 Mar 2014 16:13:03 +0000 (18:13 +0200)]
FT: Add support for postponing FT response
If the PMK-R1 needs to be pulled for the R0KH, the previous
implementation ended up rejecting the over-the-air authentication and
over-the-DS action frame unnecessarily while waiting for the RRB
response. Improve this by postponing the Authentication/Action frame
response until the pull response is received.
Jouni Malinen [Sun, 23 Mar 2014 09:59:43 +0000 (11:59 +0200)]
tests: Allow test cases to receive additional parameters
The optional third argument to the test case functions can now be used
to receive additional parameters from run-tests.py. As the initial
parameter, logdir value is provided so that test cases can use it to
review the debug logs from the test run.
Jouni Malinen [Sat, 22 Mar 2014 21:31:39 +0000 (23:31 +0200)]
WPS: Comment out unused AP WEP config write with WPS 2.0
The main WPS code rejects WEP parameters, so this code is not used and
can be commented out from WPS 2.0 builds. This is similar to the earlier
commit that commented out in-memory update.
Arif Hussain [Sat, 22 Mar 2014 19:50:55 +0000 (12:50 -0700)]
P2P: Update op_reg_class in random social channel case
Commit 94b84bc7253680a2b201d5c88d36ada91a3e20b4 missed one path where
p2p->op_reg_class should have been updated. Set this to 81 during
operating channel selection from 2.4 GHz.
Amar Singhal [Sat, 22 Mar 2014 19:31:15 +0000 (21:31 +0200)]
hostapd: Check driver DFS offload capability for channel disablement
If the driver supports full offloading of DFS operations, do not disable
a channel marked for radar detection. The driver will handle the needed
operations for such channels.
Arif Hussain [Fri, 21 Mar 2014 07:38:23 +0000 (00:38 -0700)]
P2P: Avoid unsafe pre-configured channel as channel preference
Do not select pre-configured channel as operating channel preference if
it is unavailable maybe due to interference or possible known
co-existence constraints, and try to select random available channel.
Pawel Kulakowski [Fri, 21 Mar 2014 07:18:00 +0000 (08:18 +0100)]
Don't overwrite channel on hostapd config reload
There was possibility that the current channel in Beacon information
element was incorrectly set. This problem was easily observed when
primary and secondary channel were switched and then some of hostapd
settings (for example password) were changed using WPS External
Registrar. This caused hostapd_reload_config() function overwrite the
current channel information from config file.
This patch prevents this situation and does not allow to overwrite
channel and some other settings when config is reloaded.
Eduardo Abinader [Thu, 20 Mar 2014 12:43:31 +0000 (08:43 -0400)]
P2P: Fix GO failed interface init
Whenever an ongoing GO Neg has failed, due to interface init, the P2P
Device should cancel timeouts and issue wpas_p2p_group_formation_failed,
so the other peer detects faster group formation has failed.
Jouni Malinen [Thu, 20 Mar 2014 15:01:37 +0000 (17:01 +0200)]
WPS: Clear WPS data on init failure
It was possible for hapd->wps_beacon_ie and hapd->wps_probe_resp_ie to
be set if WPS initialization in hostapd failed after having set these
parameters (e.g., during UPnP configuration). In addition, many of the
other WPS configuration parameters that were allocated during the first
part of the initialization were not properly freed on error paths.
Jouni Malinen [Thu, 20 Mar 2014 13:13:48 +0000 (15:13 +0200)]
WPS: Do not advertise WPA/WPA2-Enterprise Auth Type Flags
While the device itself may support WPA/WPA2-Enterprise, enrollment of
credentials for EAP authentication is not supported through WPS. As
such, there is no need to claim support for these capabilities within
WPS information.
Jouni Malinen [Tue, 18 Mar 2014 20:45:07 +0000 (22:45 +0200)]
nl80211: Do not indicate scan started event on scan_for_auth
The scan_for_auth workaround for cfg80211 missing a BSS entry for the
target BSS during authentication uses a single channel scan controlled
within driver_nl80211.c. This operation does not indicate
EVENT_SCAN_RESULTS to the upper layer code. However, it did report
EVENT_SCAN_STARTED and this resulted in the radio work protection code
assuming that an external program triggered a scan, but that scan never
completed. This resulted in all new radio work items getting stuck
waiting for this scan to complete.
Fix this by handling the scan_for_auth situation consistently within
driver_nl80211.c by filtering both the EVENT_SCAN_STARTED and
EVENT_SCAN_RESULTS.
Jouni Malinen [Mon, 17 Mar 2014 22:03:59 +0000 (00:03 +0200)]
HS 2.0R2: Do not mandate OCSP response for EST operations
OCSP validation is required only for the OSU operations and since the
EST server may use a different server certificate, it may not
necessarily support OCSP.
Jouni Malinen [Mon, 17 Mar 2014 21:46:12 +0000 (23:46 +0200)]
HS 2.0R2: Configure OSU client trust root more consistently
Some of the code paths could have ended up ignoring CA file name from
command line due to overly complex way of setting ctx->ca_fname.
Configure this more consistently in osu_client.c as soon as the CA file
name has been determined.
Jouni Malinen [Mon, 17 Mar 2014 21:12:25 +0000 (23:12 +0200)]
HS 2.0R2: Clean up debug from libcurl
Do not truncate CURLINFO entries on first linefeed to get full IN/OUT
headers and data into debug log. Use wpa_hexdump_ascii() if any
non-displayable characters are included. Remove the separate header/data
debug dumps since all that information is now available from the debug
callback.
Jouni Malinen [Mon, 17 Mar 2014 16:23:13 +0000 (18:23 +0200)]
Fix AP mode default TXOP Limit values for AC_VI and AC_VO
These were previous set to 3.0 and 1.5 ms which ended up using values 93
and 46 in 36 usec inits. However, the default values for these are
actually defined as 3.008 ms and 1.504 ms (94/47) and those values are
also listed in the hostapd.conf example.
Jouni Malinen [Sun, 16 Mar 2014 10:28:49 +0000 (12:28 +0200)]
TLS testing: Add new test cases for RSA-DHE primes
test-tls-4: Short 511-bit RSA-DHE prime
test-tls-5: Short 767-bit RSA-DHE prime
test-tls-6: Bogus RSA-DHE "prime" 15
test-tls-7: Very short 58-bit RSA-DHE prime in a long container
test-tls-8: Non-prime as RSA-DHE prime
Jouni Malinen [Sat, 15 Mar 2014 14:42:29 +0000 (16:42 +0200)]
Fix HT40 co-ex scan for some pri/sec channel switches
Secondary channel was compared incorrectly (-4/4 vs. actual channel
number) which broke matching neighboring 40 MHz BSSes and only the
no-beacons-on-secondary-channel rule was applied in practice. Once
sec_chan was fixed, this triggered another issue in this function where
both rules to switch pri/sec channels could end up getting applied in a
way that effectively canceled the switch.
Jouni Malinen [Sat, 15 Mar 2014 10:38:08 +0000 (12:38 +0200)]
tests: Go to listen state in go_neg_pin_authorized
Previusly, the responding device was left in p2p_find state as a
consequence of using discover_peer() if the peer was not already known.
This was not the sequence that was supposed to be used here. Go to
listen-only state when waiting for the peer to initiate a previously
authorized GO Negotiation.
Jouni Malinen [Fri, 14 Mar 2014 19:10:47 +0000 (21:10 +0200)]
Fix hostapd_add_iface error path to deinit partially initialized BSS
It was possible for the control interface and some of the BSS setup to
be left partially initialized in failure cases while the BSS structures
were still freed. Fix this by properly cleaning up anything that may
have passed initialization successfully before freeing memory.
Jouni Malinen [Fri, 14 Mar 2014 18:33:56 +0000 (20:33 +0200)]
Fix external radio_work deinit path
The radio_work type was stored within the dynamically allocated
wpa_radio_work buffer and that buffer ended up getting freed before the
final use of the type string within radio_work_done(). This resulted in
freed memory being used for a debug print. Avoid this by freeing the
wpa_external_work instance after having completed radio_work_done() for
the related work.
Jouni Malinen [Wed, 12 Mar 2014 18:26:37 +0000 (20:26 +0200)]
Allow management group cipher to be configured
This allows hostapd to set a different management group cipher than the
previously hardcoded default BIP (AES-128-CMAC). The new configuration
file parameter group_mgmt_cipher can be set to BIP-GMAC-128,
BIP-GMAC-256, or BIP-CMAC-256 to select one of the ciphers defined in
IEEE Std 802.11ac-2013.
Paul Stewart [Fri, 14 Mar 2014 04:33:43 +0000 (21:33 -0700)]
wpa_supplicant: Apply VHT_OVERRIDES to wpas_start_assoc_cb()
A previous patch "Support VHT capability overrides" missed one
place where HT overrides were being applied and where it would
also be useful to apply VHT overrides.
Paul Stewart [Wed, 12 Mar 2014 22:28:39 +0000 (15:28 -0700)]
hostapd: Supply default parameters for OBSS scan
For some client OBSS implementations that are performed in
firmware, all OBSS parameters need to be set to valid values.
Do this, as well as supplying the "20/40 Coex Mgmt Support"
flag in the extended capabilities IE.
Johannes Berg [Fri, 14 Mar 2014 14:48:13 +0000 (16:48 +0200)]
tests: Verify VHT20 with center freq seq0 set to zero
This was found through a mac80211 bug which didn't correctly accept a
center segment 0 value of zero, so the test will fail until the mac80211
bug is fixed.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Fri, 14 Mar 2014 14:45:21 +0000 (16:45 +0200)]
hostapd: For VHT 20/40, allow center segment 0 to be zero
The 802.11ac amendment specifies that that the center segment 0 field
is reserved, so it should be zero. Hostapd previously required it to
be set, which is likely a good idea for interoperability, but allow it
to be unset. However, don't allow it to be set to a random value, only
allow zero and the correct channel.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Thu, 13 Mar 2014 19:12:39 +0000 (21:12 +0200)]
GAS server: Remove incomplete remote ANQP processing
Some of the remote ANQP server concepts were introduces into gas_serv.c,
but these were not completed. Remote the unused implementation for now.
It can be added back if support for remote ANQP server is added at some
point.
Jouni Malinen [Thu, 13 Mar 2014 11:26:21 +0000 (13:26 +0200)]
WPS: Extend per-station PSK to support ER case as well
When wpa_psk_file is used instead of wpa_psk/wpa_passphrase, each WPS
Enrollee was given a unique PSK. This did not work for the
station-as-Registrar case where ER would learn the current AP settings
instead of enrolling itself (i.e., when using the AP PIN instead of
station PIN). That case can be covered with a similar design, so
generate a per-device PSK when building M7 as an AP in wpa_psk_file
configuration.
projects / thirdparty / hostap.git / log
