Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
/*
|
|
|
|
|
* BSS table
|
2019-04-22 15:42:53 +00:00
|
|
|
* Copyright (c) 2009-2019, Jouni Malinen <j@w1.fi>
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
*
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
* This software may be distributed under the terms of the BSD license.
|
|
|
|
|
* See README for more details.
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include "utils/includes.h"
|
|
|
|
|
|
|
|
|
|
#include "utils/common.h"
|
|
|
|
|
#include "utils/eloop.h"
|
|
|
|
|
#include "common/ieee802_11_defs.h"
|
|
|
|
|
#include "drivers/driver.h"
|
2017-10-18 03:44:27 +00:00
|
|
|
#include "eap_peer/eap.h"
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
#include "wpa_supplicant_i.h"
|
|
|
|
|
#include "config.h"
|
|
|
|
|
#include "notify.h"
|
|
|
|
|
#include "scan.h"
|
|
|
|
|
#include "bss.h"
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
static void wpa_bss_set_hessid(struct wpa_bss *bss)
|
|
|
|
|
{
|
|
|
|
|
#ifdef CONFIG_INTERWORKING
|
|
|
|
|
const u8 *ie = wpa_bss_get_ie(bss, WLAN_EID_INTERWORKING);
|
|
|
|
|
if (ie == NULL || (ie[1] != 7 && ie[1] != 9)) {
|
|
|
|
|
os_memset(bss->hessid, 0, ETH_ALEN);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if (ie[1] == 7)
|
|
|
|
|
os_memcpy(bss->hessid, ie + 3, ETH_ALEN);
|
|
|
|
|
else
|
|
|
|
|
os_memcpy(bss->hessid, ie + 5, ETH_ALEN);
|
|
|
|
|
#endif /* CONFIG_INTERWORKING */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* wpa_bss_anqp_alloc - Allocate ANQP data structure for a BSS entry
|
|
|
|
|
* Returns: Allocated ANQP data structure or %NULL on failure
|
|
|
|
|
*
|
|
|
|
|
* The allocated ANQP data structure has its users count set to 1. It may be
|
|
|
|
|
* shared by multiple BSS entries and each shared entry is freed with
|
|
|
|
|
* wpa_bss_anqp_free().
|
|
|
|
|
*/
|
|
|
|
|
struct wpa_bss_anqp * wpa_bss_anqp_alloc(void)
|
|
|
|
|
{
|
|
|
|
|
struct wpa_bss_anqp *anqp;
|
|
|
|
|
anqp = os_zalloc(sizeof(*anqp));
|
|
|
|
|
if (anqp == NULL)
|
|
|
|
|
return NULL;
|
2017-10-18 03:44:27 +00:00
|
|
|
#ifdef CONFIG_INTERWORKING
|
|
|
|
|
dl_list_init(&anqp->anqp_elems);
|
|
|
|
|
#endif /* CONFIG_INTERWORKING */
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
anqp->users = 1;
|
|
|
|
|
return anqp;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* wpa_bss_anqp_clone - Clone an ANQP data structure
|
|
|
|
|
* @anqp: ANQP data structure from wpa_bss_anqp_alloc()
|
|
|
|
|
* Returns: Cloned ANQP data structure or %NULL on failure
|
|
|
|
|
*/
|
|
|
|
|
static struct wpa_bss_anqp * wpa_bss_anqp_clone(struct wpa_bss_anqp *anqp)
|
|
|
|
|
{
|
|
|
|
|
struct wpa_bss_anqp *n;
|
|
|
|
|
|
|
|
|
|
n = os_zalloc(sizeof(*n));
|
|
|
|
|
if (n == NULL)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
#define ANQP_DUP(f) if (anqp->f) n->f = wpabuf_dup(anqp->f)
|
|
|
|
|
#ifdef CONFIG_INTERWORKING
|
2017-10-18 03:44:27 +00:00
|
|
|
dl_list_init(&n->anqp_elems);
|
2015-04-18 05:04:12 +00:00
|
|
|
ANQP_DUP(capability_list);
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
ANQP_DUP(venue_name);
|
|
|
|
|
ANQP_DUP(network_auth_type);
|
|
|
|
|
ANQP_DUP(roaming_consortium);
|
|
|
|
|
ANQP_DUP(ip_addr_type_availability);
|
|
|
|
|
ANQP_DUP(nai_realm);
|
|
|
|
|
ANQP_DUP(anqp_3gpp);
|
|
|
|
|
ANQP_DUP(domain_name);
|
2018-12-06 05:04:28 +00:00
|
|
|
ANQP_DUP(fils_realm_info);
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
#endif /* CONFIG_INTERWORKING */
|
|
|
|
|
#ifdef CONFIG_HS20
|
2015-04-18 05:04:12 +00:00
|
|
|
ANQP_DUP(hs20_capability_list);
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
ANQP_DUP(hs20_operator_friendly_name);
|
|
|
|
|
ANQP_DUP(hs20_wan_metrics);
|
|
|
|
|
ANQP_DUP(hs20_connection_capability);
|
|
|
|
|
ANQP_DUP(hs20_operating_class);
|
2015-04-18 05:04:12 +00:00
|
|
|
ANQP_DUP(hs20_osu_providers_list);
|
2018-12-06 05:04:28 +00:00
|
|
|
ANQP_DUP(hs20_operator_icon_metadata);
|
|
|
|
|
ANQP_DUP(hs20_osu_providers_nai_list);
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
#endif /* CONFIG_HS20 */
|
|
|
|
|
#undef ANQP_DUP
|
|
|
|
|
|
|
|
|
|
return n;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* wpa_bss_anqp_unshare_alloc - Unshare ANQP data (if shared) in a BSS entry
|
|
|
|
|
* @bss: BSS entry
|
|
|
|
|
* Returns: 0 on success, -1 on failure
|
|
|
|
|
*
|
|
|
|
|
* This function ensures the specific BSS entry has an ANQP data structure that
|
|
|
|
|
* is not shared with any other BSS entry.
|
|
|
|
|
*/
|
|
|
|
|
int wpa_bss_anqp_unshare_alloc(struct wpa_bss *bss)
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
{
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
struct wpa_bss_anqp *anqp;
|
|
|
|
|
|
|
|
|
|
if (bss->anqp && bss->anqp->users > 1) {
|
|
|
|
|
/* allocated, but shared - clone an unshared copy */
|
|
|
|
|
anqp = wpa_bss_anqp_clone(bss->anqp);
|
|
|
|
|
if (anqp == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
anqp->users = 1;
|
|
|
|
|
bss->anqp->users--;
|
|
|
|
|
bss->anqp = anqp;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (bss->anqp)
|
|
|
|
|
return 0; /* already allocated and not shared */
|
|
|
|
|
|
|
|
|
|
/* not allocated - allocate a new storage area */
|
|
|
|
|
bss->anqp = wpa_bss_anqp_alloc();
|
|
|
|
|
return bss->anqp ? 0 : -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* wpa_bss_anqp_free - Free an ANQP data structure
|
|
|
|
|
* @anqp: ANQP data structure from wpa_bss_anqp_alloc() or wpa_bss_anqp_clone()
|
|
|
|
|
*/
|
|
|
|
|
static void wpa_bss_anqp_free(struct wpa_bss_anqp *anqp)
|
|
|
|
|
{
|
2017-10-18 03:44:27 +00:00
|
|
|
#ifdef CONFIG_INTERWORKING
|
|
|
|
|
struct wpa_bss_anqp_elem *elem;
|
|
|
|
|
#endif /* CONFIG_INTERWORKING */
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
if (anqp == NULL)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
anqp->users--;
|
|
|
|
|
if (anqp->users > 0) {
|
|
|
|
|
/* Another BSS entry holds a pointer to this ANQP info */
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef CONFIG_INTERWORKING
|
2015-04-18 05:04:12 +00:00
|
|
|
wpabuf_free(anqp->capability_list);
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
wpabuf_free(anqp->venue_name);
|
|
|
|
|
wpabuf_free(anqp->network_auth_type);
|
|
|
|
|
wpabuf_free(anqp->roaming_consortium);
|
|
|
|
|
wpabuf_free(anqp->ip_addr_type_availability);
|
|
|
|
|
wpabuf_free(anqp->nai_realm);
|
|
|
|
|
wpabuf_free(anqp->anqp_3gpp);
|
|
|
|
|
wpabuf_free(anqp->domain_name);
|
2018-12-06 05:04:28 +00:00
|
|
|
wpabuf_free(anqp->fils_realm_info);
|
2017-10-18 03:44:27 +00:00
|
|
|
|
|
|
|
|
while ((elem = dl_list_first(&anqp->anqp_elems,
|
|
|
|
|
struct wpa_bss_anqp_elem, list))) {
|
|
|
|
|
dl_list_del(&elem->list);
|
|
|
|
|
wpabuf_free(elem->payload);
|
|
|
|
|
os_free(elem);
|
|
|
|
|
}
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
#endif /* CONFIG_INTERWORKING */
|
|
|
|
|
#ifdef CONFIG_HS20
|
2015-04-18 05:04:12 +00:00
|
|
|
wpabuf_free(anqp->hs20_capability_list);
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
wpabuf_free(anqp->hs20_operator_friendly_name);
|
|
|
|
|
wpabuf_free(anqp->hs20_wan_metrics);
|
|
|
|
|
wpabuf_free(anqp->hs20_connection_capability);
|
|
|
|
|
wpabuf_free(anqp->hs20_operating_class);
|
2015-04-18 05:04:12 +00:00
|
|
|
wpabuf_free(anqp->hs20_osu_providers_list);
|
2018-12-06 05:04:28 +00:00
|
|
|
wpabuf_free(anqp->hs20_operator_icon_metadata);
|
|
|
|
|
wpabuf_free(anqp->hs20_osu_providers_nai_list);
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
#endif /* CONFIG_HS20 */
|
|
|
|
|
|
|
|
|
|
os_free(anqp);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2015-04-18 05:04:12 +00:00
|
|
|
static void wpa_bss_update_pending_connect(struct wpa_supplicant *wpa_s,
|
|
|
|
|
struct wpa_bss *old_bss,
|
|
|
|
|
struct wpa_bss *new_bss)
|
|
|
|
|
{
|
|
|
|
|
struct wpa_radio_work *work;
|
|
|
|
|
struct wpa_connect_work *cwork;
|
|
|
|
|
|
|
|
|
|
work = radio_work_pending(wpa_s, "sme-connect");
|
|
|
|
|
if (!work)
|
|
|
|
|
work = radio_work_pending(wpa_s, "connect");
|
|
|
|
|
if (!work)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
cwork = work->ctx;
|
|
|
|
|
if (cwork->bss != old_bss)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
|
"Update BSS pointer for the pending connect radio work");
|
|
|
|
|
cwork->bss = new_bss;
|
|
|
|
|
if (!new_bss)
|
|
|
|
|
cwork->bss_removed = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2017-10-18 03:44:27 +00:00
|
|
|
void wpa_bss_remove(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
|
|
|
|
|
const char *reason)
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
{
|
|
|
|
|
if (wpa_s->last_scan_res) {
|
|
|
|
|
unsigned int i;
|
|
|
|
|
for (i = 0; i < wpa_s->last_scan_res_used; i++) {
|
|
|
|
|
if (wpa_s->last_scan_res[i] == bss) {
|
|
|
|
|
os_memmove(&wpa_s->last_scan_res[i],
|
|
|
|
|
&wpa_s->last_scan_res[i + 1],
|
|
|
|
|
(wpa_s->last_scan_res_used - i - 1)
|
|
|
|
|
* sizeof(struct wpa_bss *));
|
|
|
|
|
wpa_s->last_scan_res_used--;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-04-18 05:04:12 +00:00
|
|
|
wpa_bss_update_pending_connect(wpa_s, bss, NULL);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
dl_list_del(&bss->list);
|
|
|
|
|
dl_list_del(&bss->list_id);
|
|
|
|
|
wpa_s->num_bss--;
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Remove id %u BSSID " MACSTR
|
|
|
|
|
" SSID '%s' due to %s", bss->id, MAC2STR(bss->bssid),
|
|
|
|
|
wpa_ssid_txt(bss->ssid, bss->ssid_len), reason);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
wpas_notify_bss_removed(wpa_s, bss->bssid, bss->id);
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
wpa_bss_anqp_free(bss->anqp);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
os_free(bss);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
/**
|
|
|
|
|
* wpa_bss_get - Fetch a BSS table entry based on BSSID and SSID
|
|
|
|
|
* @wpa_s: Pointer to wpa_supplicant data
|
|
|
|
|
* @bssid: BSSID
|
|
|
|
|
* @ssid: SSID
|
|
|
|
|
* @ssid_len: Length of @ssid
|
|
|
|
|
* Returns: Pointer to the BSS entry or %NULL if not found
|
|
|
|
|
*/
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
struct wpa_bss * wpa_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid,
|
|
|
|
|
const u8 *ssid, size_t ssid_len)
|
|
|
|
|
{
|
|
|
|
|
struct wpa_bss *bss;
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
|
|
|
|
|
return NULL;
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
|
|
|
|
|
if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0 &&
|
|
|
|
|
bss->ssid_len == ssid_len &&
|
|
|
|
|
os_memcmp(bss->ssid, ssid, ssid_len) == 0)
|
|
|
|
|
return bss;
|
|
|
|
|
}
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2018-12-06 05:04:28 +00:00
|
|
|
void calculate_update_time(const struct os_reltime *fetch_time,
|
|
|
|
|
unsigned int age_ms,
|
|
|
|
|
struct os_reltime *update_time)
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
{
|
|
|
|
|
os_time_t usec;
|
|
|
|
|
|
2015-04-18 05:04:12 +00:00
|
|
|
update_time->sec = fetch_time->sec;
|
|
|
|
|
update_time->usec = fetch_time->usec;
|
|
|
|
|
update_time->sec -= age_ms / 1000;
|
|
|
|
|
usec = (age_ms % 1000) * 1000;
|
|
|
|
|
if (update_time->usec < usec) {
|
|
|
|
|
update_time->sec--;
|
|
|
|
|
update_time->usec += 1000000;
|
|
|
|
|
}
|
|
|
|
|
update_time->usec -= usec;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src,
|
|
|
|
|
struct os_reltime *fetch_time)
|
|
|
|
|
{
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
dst->flags = src->flags;
|
|
|
|
|
os_memcpy(dst->bssid, src->bssid, ETH_ALEN);
|
|
|
|
|
dst->freq = src->freq;
|
|
|
|
|
dst->beacon_int = src->beacon_int;
|
|
|
|
|
dst->caps = src->caps;
|
|
|
|
|
dst->qual = src->qual;
|
|
|
|
|
dst->noise = src->noise;
|
|
|
|
|
dst->level = src->level;
|
|
|
|
|
dst->tsf = src->tsf;
|
2015-04-18 05:04:12 +00:00
|
|
|
dst->est_throughput = src->est_throughput;
|
|
|
|
|
dst->snr = src->snr;
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
|
2015-04-18 05:04:12 +00:00
|
|
|
calculate_update_time(fetch_time, src->age, &dst->last_update);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2017-10-18 03:44:27 +00:00
|
|
|
static int wpa_bss_is_wps_candidate(struct wpa_supplicant *wpa_s,
|
|
|
|
|
struct wpa_bss *bss)
|
|
|
|
|
{
|
|
|
|
|
#ifdef CONFIG_WPS
|
|
|
|
|
struct wpa_ssid *ssid;
|
|
|
|
|
struct wpabuf *wps_ie;
|
|
|
|
|
int pbc = 0, ret;
|
|
|
|
|
|
|
|
|
|
wps_ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
|
|
|
|
|
if (!wps_ie)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
if (wps_is_selected_pbc_registrar(wps_ie)) {
|
|
|
|
|
pbc = 1;
|
|
|
|
|
} else if (!wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1)) {
|
|
|
|
|
wpabuf_free(wps_ie);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
|
|
|
|
|
if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS))
|
|
|
|
|
continue;
|
|
|
|
|
if (ssid->ssid_len &&
|
|
|
|
|
(ssid->ssid_len != bss->ssid_len ||
|
|
|
|
|
os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) != 0))
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
if (pbc)
|
|
|
|
|
ret = eap_is_wps_pbc_enrollee(&ssid->eap);
|
|
|
|
|
else
|
|
|
|
|
ret = eap_is_wps_pin_enrollee(&ssid->eap);
|
|
|
|
|
wpabuf_free(wps_ie);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
wpabuf_free(wps_ie);
|
|
|
|
|
#endif /* CONFIG_WPS */
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2021-03-19 03:13:37 +00:00
|
|
|
static bool is_p2p_pending_bss(struct wpa_supplicant *wpa_s,
|
|
|
|
|
struct wpa_bss *bss)
|
|
|
|
|
{
|
|
|
|
|
#ifdef CONFIG_P2P
|
|
|
|
|
u8 addr[ETH_ALEN];
|
|
|
|
|
|
|
|
|
|
if (os_memcmp(bss->bssid, wpa_s->pending_join_iface_addr,
|
|
|
|
|
ETH_ALEN) == 0)
|
|
|
|
|
return true;
|
|
|
|
|
if (!is_zero_ether_addr(wpa_s->pending_join_dev_addr) &&
|
|
|
|
|
p2p_parse_dev_addr(wpa_bss_ie_ptr(bss), bss->ie_len, addr) == 0 &&
|
|
|
|
|
os_memcmp(addr, wpa_s->pending_join_dev_addr, ETH_ALEN) == 0)
|
|
|
|
|
return true;
|
|
|
|
|
#endif /* CONFIG_P2P */
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
static int wpa_bss_known(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
|
|
|
|
|
{
|
|
|
|
|
struct wpa_ssid *ssid;
|
|
|
|
|
|
2021-03-19 03:13:37 +00:00
|
|
|
if (is_p2p_pending_bss(wpa_s, bss))
|
|
|
|
|
return 1;
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
|
|
|
|
|
if (ssid->ssid == NULL || ssid->ssid_len == 0)
|
|
|
|
|
continue;
|
|
|
|
|
if (ssid->ssid_len == bss->ssid_len &&
|
|
|
|
|
os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) == 0)
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int wpa_bss_in_use(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
|
|
|
|
|
{
|
2015-10-14 04:30:17 +00:00
|
|
|
if (bss == wpa_s->current_bss)
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
if (wpa_s->current_bss &&
|
|
|
|
|
(bss->ssid_len != wpa_s->current_bss->ssid_len ||
|
|
|
|
|
os_memcmp(bss->ssid, wpa_s->current_bss->ssid,
|
|
|
|
|
bss->ssid_len) != 0))
|
|
|
|
|
return 0; /* SSID has changed */
|
|
|
|
|
|
|
|
|
|
return !is_zero_ether_addr(bss->bssid) &&
|
|
|
|
|
(os_memcmp(bss->bssid, wpa_s->bssid, ETH_ALEN) == 0 ||
|
|
|
|
|
os_memcmp(bss->bssid, wpa_s->pending_bssid, ETH_ALEN) == 0);
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int wpa_bss_remove_oldest_unknown(struct wpa_supplicant *wpa_s)
|
|
|
|
|
{
|
|
|
|
|
struct wpa_bss *bss;
|
|
|
|
|
|
|
|
|
|
dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
|
2017-10-18 03:44:27 +00:00
|
|
|
if (!wpa_bss_known(wpa_s, bss) &&
|
|
|
|
|
!wpa_bss_is_wps_candidate(wpa_s, bss)) {
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
wpa_bss_remove(wpa_s, bss, __func__);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int wpa_bss_remove_oldest(struct wpa_supplicant *wpa_s)
|
|
|
|
|
{
|
|
|
|
|
struct wpa_bss *bss;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Remove the oldest entry that does not match with any configured
|
|
|
|
|
* network.
|
|
|
|
|
*/
|
|
|
|
|
if (wpa_bss_remove_oldest_unknown(wpa_s) == 0)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Remove the oldest entry that isn't currently in use.
|
|
|
|
|
*/
|
|
|
|
|
dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
|
|
|
|
|
if (!wpa_bss_in_use(wpa_s, bss)) {
|
|
|
|
|
wpa_bss_remove(wpa_s, bss, __func__);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static struct wpa_bss * wpa_bss_add(struct wpa_supplicant *wpa_s,
|
|
|
|
|
const u8 *ssid, size_t ssid_len,
|
2015-04-18 05:04:12 +00:00
|
|
|
struct wpa_scan_res *res,
|
|
|
|
|
struct os_reltime *fetch_time)
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
{
|
|
|
|
|
struct wpa_bss *bss;
|
2019-08-22 02:58:49 +00:00
|
|
|
char extra[50];
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
|
|
|
|
|
bss = os_zalloc(sizeof(*bss) + res->ie_len + res->beacon_ie_len);
|
|
|
|
|
if (bss == NULL)
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
return NULL;
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
bss->id = wpa_s->bss_next_id++;
|
|
|
|
|
bss->last_update_idx = wpa_s->bss_update_idx;
|
2015-04-18 05:04:12 +00:00
|
|
|
wpa_bss_copy_res(bss, res, fetch_time);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
os_memcpy(bss->ssid, ssid, ssid_len);
|
|
|
|
|
bss->ssid_len = ssid_len;
|
|
|
|
|
bss->ie_len = res->ie_len;
|
|
|
|
|
bss->beacon_ie_len = res->beacon_ie_len;
|
2021-03-19 03:13:37 +00:00
|
|
|
os_memcpy(bss->ies, res + 1, res->ie_len + res->beacon_ie_len);
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
wpa_bss_set_hessid(bss);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
|
2015-04-18 05:04:12 +00:00
|
|
|
if (wpa_s->num_bss + 1 > wpa_s->conf->bss_max_count &&
|
|
|
|
|
wpa_bss_remove_oldest(wpa_s) != 0) {
|
|
|
|
|
wpa_printf(MSG_ERROR, "Increasing the MAX BSS count to %d "
|
|
|
|
|
"because all BSSes are in use. We should normally "
|
|
|
|
|
"not get here!", (int) wpa_s->num_bss + 1);
|
|
|
|
|
wpa_s->conf->bss_max_count = wpa_s->num_bss + 1;
|
|
|
|
|
}
|
|
|
|
|
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
dl_list_add_tail(&wpa_s->bss, &bss->list);
|
|
|
|
|
dl_list_add_tail(&wpa_s->bss_id, &bss->list_id);
|
|
|
|
|
wpa_s->num_bss++;
|
2019-08-22 02:58:49 +00:00
|
|
|
if (!is_zero_ether_addr(bss->hessid))
|
|
|
|
|
os_snprintf(extra, sizeof(extra), " HESSID " MACSTR,
|
|
|
|
|
MAC2STR(bss->hessid));
|
|
|
|
|
else
|
|
|
|
|
extra[0] = '\0';
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Add new id %u BSSID " MACSTR
|
2019-08-22 02:58:49 +00:00
|
|
|
" SSID '%s' freq %d%s",
|
2015-10-14 04:30:17 +00:00
|
|
|
bss->id, MAC2STR(bss->bssid), wpa_ssid_txt(ssid, ssid_len),
|
2019-08-22 02:58:49 +00:00
|
|
|
bss->freq, extra);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
wpas_notify_bss_added(wpa_s, bss->bssid, bss->id);
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
return bss;
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int are_ies_equal(const struct wpa_bss *old,
|
2015-10-14 04:30:17 +00:00
|
|
|
const struct wpa_scan_res *new_res, u32 ie)
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
{
|
|
|
|
|
const u8 *old_ie, *new_ie;
|
|
|
|
|
struct wpabuf *old_ie_buff = NULL;
|
|
|
|
|
struct wpabuf *new_ie_buff = NULL;
|
|
|
|
|
int new_ie_len, old_ie_len, ret, is_multi;
|
|
|
|
|
|
|
|
|
|
switch (ie) {
|
|
|
|
|
case WPA_IE_VENDOR_TYPE:
|
|
|
|
|
old_ie = wpa_bss_get_vendor_ie(old, ie);
|
2015-10-14 04:30:17 +00:00
|
|
|
new_ie = wpa_scan_get_vendor_ie(new_res, ie);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
is_multi = 0;
|
|
|
|
|
break;
|
|
|
|
|
case WPS_IE_VENDOR_TYPE:
|
|
|
|
|
old_ie_buff = wpa_bss_get_vendor_ie_multi(old, ie);
|
2015-10-14 04:30:17 +00:00
|
|
|
new_ie_buff = wpa_scan_get_vendor_ie_multi(new_res, ie);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
is_multi = 1;
|
|
|
|
|
break;
|
|
|
|
|
case WLAN_EID_RSN:
|
|
|
|
|
case WLAN_EID_SUPP_RATES:
|
|
|
|
|
case WLAN_EID_EXT_SUPP_RATES:
|
|
|
|
|
old_ie = wpa_bss_get_ie(old, ie);
|
2015-10-14 04:30:17 +00:00
|
|
|
new_ie = wpa_scan_get_ie(new_res, ie);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
is_multi = 0;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
wpa_printf(MSG_DEBUG, "bss: %s: cannot compare IEs", __func__);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (is_multi) {
|
|
|
|
|
/* in case of multiple IEs stored in buffer */
|
|
|
|
|
old_ie = old_ie_buff ? wpabuf_head_u8(old_ie_buff) : NULL;
|
|
|
|
|
new_ie = new_ie_buff ? wpabuf_head_u8(new_ie_buff) : NULL;
|
|
|
|
|
old_ie_len = old_ie_buff ? wpabuf_len(old_ie_buff) : 0;
|
|
|
|
|
new_ie_len = new_ie_buff ? wpabuf_len(new_ie_buff) : 0;
|
|
|
|
|
} else {
|
|
|
|
|
/* in case of single IE */
|
|
|
|
|
old_ie_len = old_ie ? old_ie[1] + 2 : 0;
|
|
|
|
|
new_ie_len = new_ie ? new_ie[1] + 2 : 0;
|
|
|
|
|
}
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
if (!old_ie || !new_ie)
|
|
|
|
|
ret = !old_ie && !new_ie;
|
|
|
|
|
else
|
|
|
|
|
ret = (old_ie_len == new_ie_len &&
|
|
|
|
|
os_memcmp(old_ie, new_ie, old_ie_len) == 0);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
|
|
|
|
|
wpabuf_free(old_ie_buff);
|
|
|
|
|
wpabuf_free(new_ie_buff);
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static u32 wpa_bss_compare_res(const struct wpa_bss *old,
|
2015-10-14 04:30:17 +00:00
|
|
|
const struct wpa_scan_res *new_res)
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
{
|
|
|
|
|
u32 changes = 0;
|
2015-10-14 04:30:17 +00:00
|
|
|
int caps_diff = old->caps ^ new_res->caps;
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
|
2015-10-14 04:30:17 +00:00
|
|
|
if (old->freq != new_res->freq)
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
changes |= WPA_BSS_FREQ_CHANGED_FLAG;
|
|
|
|
|
|
2015-10-14 04:30:17 +00:00
|
|
|
if (old->level != new_res->level)
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
changes |= WPA_BSS_SIGNAL_CHANGED_FLAG;
|
|
|
|
|
|
|
|
|
|
if (caps_diff & IEEE80211_CAP_PRIVACY)
|
|
|
|
|
changes |= WPA_BSS_PRIVACY_CHANGED_FLAG;
|
|
|
|
|
|
|
|
|
|
if (caps_diff & IEEE80211_CAP_IBSS)
|
|
|
|
|
changes |= WPA_BSS_MODE_CHANGED_FLAG;
|
|
|
|
|
|
2015-10-14 04:30:17 +00:00
|
|
|
if (old->ie_len == new_res->ie_len &&
|
2021-03-19 03:13:37 +00:00
|
|
|
os_memcmp(wpa_bss_ie_ptr(old), new_res + 1, old->ie_len) == 0)
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
return changes;
|
|
|
|
|
changes |= WPA_BSS_IES_CHANGED_FLAG;
|
|
|
|
|
|
2015-10-14 04:30:17 +00:00
|
|
|
if (!are_ies_equal(old, new_res, WPA_IE_VENDOR_TYPE))
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
changes |= WPA_BSS_WPAIE_CHANGED_FLAG;
|
|
|
|
|
|
2015-10-14 04:30:17 +00:00
|
|
|
if (!are_ies_equal(old, new_res, WLAN_EID_RSN))
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
changes |= WPA_BSS_RSNIE_CHANGED_FLAG;
|
|
|
|
|
|
2015-10-14 04:30:17 +00:00
|
|
|
if (!are_ies_equal(old, new_res, WPS_IE_VENDOR_TYPE))
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
changes |= WPA_BSS_WPS_CHANGED_FLAG;
|
|
|
|
|
|
2015-10-14 04:30:17 +00:00
|
|
|
if (!are_ies_equal(old, new_res, WLAN_EID_SUPP_RATES) ||
|
|
|
|
|
!are_ies_equal(old, new_res, WLAN_EID_EXT_SUPP_RATES))
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
changes |= WPA_BSS_RATES_CHANGED_FLAG;
|
|
|
|
|
|
|
|
|
|
return changes;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2021-03-19 03:13:37 +00:00
|
|
|
void notify_bss_changes(struct wpa_supplicant *wpa_s, u32 changes,
|
|
|
|
|
const struct wpa_bss *bss)
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
{
|
|
|
|
|
if (changes & WPA_BSS_FREQ_CHANGED_FLAG)
|
|
|
|
|
wpas_notify_bss_freq_changed(wpa_s, bss->id);
|
|
|
|
|
|
|
|
|
|
if (changes & WPA_BSS_SIGNAL_CHANGED_FLAG)
|
|
|
|
|
wpas_notify_bss_signal_changed(wpa_s, bss->id);
|
|
|
|
|
|
|
|
|
|
if (changes & WPA_BSS_PRIVACY_CHANGED_FLAG)
|
|
|
|
|
wpas_notify_bss_privacy_changed(wpa_s, bss->id);
|
|
|
|
|
|
|
|
|
|
if (changes & WPA_BSS_MODE_CHANGED_FLAG)
|
|
|
|
|
wpas_notify_bss_mode_changed(wpa_s, bss->id);
|
|
|
|
|
|
|
|
|
|
if (changes & WPA_BSS_WPAIE_CHANGED_FLAG)
|
|
|
|
|
wpas_notify_bss_wpaie_changed(wpa_s, bss->id);
|
|
|
|
|
|
|
|
|
|
if (changes & WPA_BSS_RSNIE_CHANGED_FLAG)
|
|
|
|
|
wpas_notify_bss_rsnie_changed(wpa_s, bss->id);
|
|
|
|
|
|
|
|
|
|
if (changes & WPA_BSS_WPS_CHANGED_FLAG)
|
|
|
|
|
wpas_notify_bss_wps_changed(wpa_s, bss->id);
|
|
|
|
|
|
|
|
|
|
if (changes & WPA_BSS_IES_CHANGED_FLAG)
|
|
|
|
|
wpas_notify_bss_ies_changed(wpa_s, bss->id);
|
|
|
|
|
|
|
|
|
|
if (changes & WPA_BSS_RATES_CHANGED_FLAG)
|
|
|
|
|
wpas_notify_bss_rates_changed(wpa_s, bss->id);
|
2015-04-18 05:04:12 +00:00
|
|
|
|
|
|
|
|
wpas_notify_bss_seen(wpa_s, bss->id);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
static struct wpa_bss *
|
|
|
|
|
wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
|
2015-04-18 05:04:12 +00:00
|
|
|
struct wpa_scan_res *res, struct os_reltime *fetch_time)
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
{
|
|
|
|
|
u32 changes;
|
|
|
|
|
|
2018-12-06 05:04:28 +00:00
|
|
|
if (bss->last_update_idx == wpa_s->bss_update_idx) {
|
|
|
|
|
struct os_reltime update_time;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Some drivers (e.g., cfg80211) include multiple BSS entries
|
|
|
|
|
* for the same BSS if that BSS's channel changes. The BSS list
|
|
|
|
|
* implementation in wpa_supplicant does not do that and we need
|
|
|
|
|
* to filter out the obsolete results here to make sure only the
|
|
|
|
|
* most current BSS information remains in the table.
|
|
|
|
|
*/
|
|
|
|
|
wpa_printf(MSG_DEBUG, "BSS: " MACSTR
|
|
|
|
|
" has multiple entries in the scan results - select the most current one",
|
|
|
|
|
MAC2STR(bss->bssid));
|
|
|
|
|
calculate_update_time(fetch_time, res->age, &update_time);
|
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
|
"Previous last_update: %u.%06u (freq %d%s)",
|
|
|
|
|
(unsigned int) bss->last_update.sec,
|
|
|
|
|
(unsigned int) bss->last_update.usec,
|
|
|
|
|
bss->freq,
|
|
|
|
|
(bss->flags & WPA_BSS_ASSOCIATED) ? " assoc" : "");
|
|
|
|
|
wpa_printf(MSG_DEBUG, "New last_update: %u.%06u (freq %d%s)",
|
|
|
|
|
(unsigned int) update_time.sec,
|
|
|
|
|
(unsigned int) update_time.usec,
|
|
|
|
|
res->freq,
|
|
|
|
|
(res->flags & WPA_SCAN_ASSOCIATED) ? " assoc" : "");
|
|
|
|
|
if ((bss->flags & WPA_BSS_ASSOCIATED) ||
|
|
|
|
|
(!(res->flags & WPA_SCAN_ASSOCIATED) &&
|
|
|
|
|
!os_reltime_before(&bss->last_update, &update_time))) {
|
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
|
"Ignore this BSS entry since the previous update looks more current");
|
|
|
|
|
return bss;
|
|
|
|
|
}
|
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
|
"Accept this BSS entry since it looks more current than the previous update");
|
|
|
|
|
}
|
|
|
|
|
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
changes = wpa_bss_compare_res(bss, res);
|
2015-10-14 04:30:17 +00:00
|
|
|
if (changes & WPA_BSS_FREQ_CHANGED_FLAG)
|
|
|
|
|
wpa_printf(MSG_DEBUG, "BSS: " MACSTR " changed freq %d --> %d",
|
|
|
|
|
MAC2STR(bss->bssid), bss->freq, res->freq);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
bss->scan_miss_count = 0;
|
|
|
|
|
bss->last_update_idx = wpa_s->bss_update_idx;
|
2015-04-18 05:04:12 +00:00
|
|
|
wpa_bss_copy_res(bss, res, fetch_time);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
/* Move the entry to the end of the list */
|
|
|
|
|
dl_list_del(&bss->list);
|
2015-04-18 05:04:12 +00:00
|
|
|
#ifdef CONFIG_P2P
|
|
|
|
|
if (wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) &&
|
|
|
|
|
!wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE)) {
|
|
|
|
|
/*
|
|
|
|
|
* This can happen when non-P2P station interface runs a scan
|
|
|
|
|
* without P2P IE in the Probe Request frame. P2P GO would reply
|
|
|
|
|
* to that with a Probe Response that does not include P2P IE.
|
|
|
|
|
* Do not update the IEs in this BSS entry to avoid such loss of
|
|
|
|
|
* information that may be needed for P2P operations to
|
|
|
|
|
* determine group information.
|
|
|
|
|
*/
|
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Do not update scan IEs for "
|
|
|
|
|
MACSTR " since that would remove P2P IE information",
|
|
|
|
|
MAC2STR(bss->bssid));
|
|
|
|
|
} else
|
|
|
|
|
#endif /* CONFIG_P2P */
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
if (bss->ie_len + bss->beacon_ie_len >=
|
|
|
|
|
res->ie_len + res->beacon_ie_len) {
|
2021-03-19 03:13:37 +00:00
|
|
|
os_memcpy(bss->ies, res + 1, res->ie_len + res->beacon_ie_len);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
bss->ie_len = res->ie_len;
|
|
|
|
|
bss->beacon_ie_len = res->beacon_ie_len;
|
|
|
|
|
} else {
|
|
|
|
|
struct wpa_bss *nbss;
|
|
|
|
|
struct dl_list *prev = bss->list_id.prev;
|
|
|
|
|
dl_list_del(&bss->list_id);
|
|
|
|
|
nbss = os_realloc(bss, sizeof(*bss) + res->ie_len +
|
|
|
|
|
res->beacon_ie_len);
|
|
|
|
|
if (nbss) {
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
unsigned int i;
|
|
|
|
|
for (i = 0; i < wpa_s->last_scan_res_used; i++) {
|
|
|
|
|
if (wpa_s->last_scan_res[i] == bss) {
|
|
|
|
|
wpa_s->last_scan_res[i] = nbss;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (wpa_s->current_bss == bss)
|
|
|
|
|
wpa_s->current_bss = nbss;
|
2015-04-18 05:04:12 +00:00
|
|
|
wpa_bss_update_pending_connect(wpa_s, bss, nbss);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
bss = nbss;
|
2021-03-19 03:13:37 +00:00
|
|
|
os_memcpy(bss->ies, res + 1,
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
res->ie_len + res->beacon_ie_len);
|
|
|
|
|
bss->ie_len = res->ie_len;
|
|
|
|
|
bss->beacon_ie_len = res->beacon_ie_len;
|
|
|
|
|
}
|
|
|
|
|
dl_list_add(prev, &bss->list_id);
|
|
|
|
|
}
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
if (changes & WPA_BSS_IES_CHANGED_FLAG)
|
|
|
|
|
wpa_bss_set_hessid(bss);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
dl_list_add_tail(&wpa_s->bss, &bss->list);
|
|
|
|
|
|
|
|
|
|
notify_bss_changes(wpa_s, changes, bss);
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
return bss;
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
/**
|
|
|
|
|
* wpa_bss_update_start - Start a BSS table update from scan results
|
|
|
|
|
* @wpa_s: Pointer to wpa_supplicant data
|
|
|
|
|
*
|
|
|
|
|
* This function is called at the start of each BSS table update round for new
|
|
|
|
|
* scan results. The actual scan result entries are indicated with calls to
|
|
|
|
|
* wpa_bss_update_scan_res() and the update round is finished with a call to
|
|
|
|
|
* wpa_bss_update_end().
|
|
|
|
|
*/
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
void wpa_bss_update_start(struct wpa_supplicant *wpa_s)
|
|
|
|
|
{
|
|
|
|
|
wpa_s->bss_update_idx++;
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Start scan result update %u",
|
|
|
|
|
wpa_s->bss_update_idx);
|
|
|
|
|
wpa_s->last_scan_res_used = 0;
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
/**
|
|
|
|
|
* wpa_bss_update_scan_res - Update a BSS table entry based on a scan result
|
|
|
|
|
* @wpa_s: Pointer to wpa_supplicant data
|
|
|
|
|
* @res: Scan result
|
2015-04-18 05:04:12 +00:00
|
|
|
* @fetch_time: Time when the result was fetched from the driver
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
*
|
|
|
|
|
* This function updates a BSS table entry (or adds one) based on a scan result.
|
|
|
|
|
* This is called separately for each scan result between the calls to
|
|
|
|
|
* wpa_bss_update_start() and wpa_bss_update_end().
|
|
|
|
|
*/
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s,
|
2015-04-18 05:04:12 +00:00
|
|
|
struct wpa_scan_res *res,
|
|
|
|
|
struct os_reltime *fetch_time)
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
{
|
2015-04-18 05:04:12 +00:00
|
|
|
const u8 *ssid, *p2p, *mesh;
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
struct wpa_bss *bss;
|
|
|
|
|
|
2015-04-18 05:04:12 +00:00
|
|
|
if (wpa_s->conf->ignore_old_scan_res) {
|
|
|
|
|
struct os_reltime update;
|
|
|
|
|
calculate_update_time(fetch_time, res->age, &update);
|
|
|
|
|
if (os_reltime_before(&update, &wpa_s->scan_trigger_time)) {
|
|
|
|
|
struct os_reltime age;
|
|
|
|
|
os_reltime_sub(&wpa_s->scan_trigger_time, &update,
|
|
|
|
|
&age);
|
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Ignore driver BSS "
|
|
|
|
|
"table entry that is %u.%06u seconds older "
|
|
|
|
|
"than our scan trigger",
|
|
|
|
|
(unsigned int) age.sec,
|
|
|
|
|
(unsigned int) age.usec);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
ssid = wpa_scan_get_ie(res, WLAN_EID_SSID);
|
|
|
|
|
if (ssid == NULL) {
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "BSS: No SSID IE included for "
|
|
|
|
|
MACSTR, MAC2STR(res->bssid));
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
return;
|
|
|
|
|
}
|
2015-10-14 04:30:17 +00:00
|
|
|
if (ssid[1] > SSID_MAX_LEN) {
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Too long SSID IE included for "
|
|
|
|
|
MACSTR, MAC2STR(res->bssid));
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
p2p = wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE);
|
|
|
|
|
#ifdef CONFIG_P2P
|
|
|
|
|
if (p2p == NULL &&
|
|
|
|
|
wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE) {
|
|
|
|
|
/*
|
|
|
|
|
* If it's a P2P specific interface, then don't update
|
|
|
|
|
* the scan result without a P2P IE.
|
|
|
|
|
*/
|
|
|
|
|
wpa_printf(MSG_DEBUG, "BSS: No P2P IE - skipping BSS " MACSTR
|
|
|
|
|
" update for P2P interface", MAC2STR(res->bssid));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
#endif /* CONFIG_P2P */
|
|
|
|
|
if (p2p && ssid[1] == P2P_WILDCARD_SSID_LEN &&
|
|
|
|
|
os_memcmp(ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) == 0)
|
|
|
|
|
return; /* Skip P2P listen discovery results here */
|
|
|
|
|
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
/* TODO: add option for ignoring BSSes we are not interested in
|
|
|
|
|
* (to save memory) */
|
2015-04-18 05:04:12 +00:00
|
|
|
|
|
|
|
|
mesh = wpa_scan_get_ie(res, WLAN_EID_MESH_ID);
|
2015-10-14 04:30:17 +00:00
|
|
|
if (mesh && mesh[1] <= SSID_MAX_LEN)
|
2015-04-18 05:04:12 +00:00
|
|
|
ssid = mesh;
|
|
|
|
|
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
bss = wpa_bss_get(wpa_s, res->bssid, ssid + 2, ssid[1]);
|
|
|
|
|
if (bss == NULL)
|
2015-04-18 05:04:12 +00:00
|
|
|
bss = wpa_bss_add(wpa_s, ssid + 2, ssid[1], res, fetch_time);
|
|
|
|
|
else {
|
|
|
|
|
bss = wpa_bss_update(wpa_s, bss, res, fetch_time);
|
|
|
|
|
if (wpa_s->last_scan_res) {
|
|
|
|
|
unsigned int i;
|
|
|
|
|
for (i = 0; i < wpa_s->last_scan_res_used; i++) {
|
|
|
|
|
if (bss == wpa_s->last_scan_res[i]) {
|
|
|
|
|
/* Already in the list */
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
|
|
|
|
|
if (bss == NULL)
|
|
|
|
|
return;
|
|
|
|
|
if (wpa_s->last_scan_res_used >= wpa_s->last_scan_res_size) {
|
|
|
|
|
struct wpa_bss **n;
|
|
|
|
|
unsigned int siz;
|
|
|
|
|
if (wpa_s->last_scan_res_size == 0)
|
|
|
|
|
siz = 32;
|
|
|
|
|
else
|
|
|
|
|
siz = wpa_s->last_scan_res_size * 2;
|
|
|
|
|
n = os_realloc_array(wpa_s->last_scan_res, siz,
|
|
|
|
|
sizeof(struct wpa_bss *));
|
|
|
|
|
if (n == NULL)
|
|
|
|
|
return;
|
|
|
|
|
wpa_s->last_scan_res = n;
|
|
|
|
|
wpa_s->last_scan_res_size = siz;
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-18 05:04:12 +00:00
|
|
|
if (wpa_s->last_scan_res)
|
|
|
|
|
wpa_s->last_scan_res[wpa_s->last_scan_res_used++] = bss;
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int wpa_bss_included_in_scan(const struct wpa_bss *bss,
|
|
|
|
|
const struct scan_info *info)
|
|
|
|
|
{
|
|
|
|
|
int found;
|
|
|
|
|
size_t i;
|
|
|
|
|
|
|
|
|
|
if (info == NULL)
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
if (info->num_freqs) {
|
|
|
|
|
found = 0;
|
|
|
|
|
for (i = 0; i < info->num_freqs; i++) {
|
|
|
|
|
if (bss->freq == info->freqs[i]) {
|
|
|
|
|
found = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!found)
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (info->num_ssids) {
|
|
|
|
|
found = 0;
|
|
|
|
|
for (i = 0; i < info->num_ssids; i++) {
|
|
|
|
|
const struct wpa_driver_scan_ssid *s = &info->ssids[i];
|
|
|
|
|
if ((s->ssid == NULL || s->ssid_len == 0) ||
|
|
|
|
|
(s->ssid_len == bss->ssid_len &&
|
|
|
|
|
os_memcmp(s->ssid, bss->ssid, bss->ssid_len) ==
|
|
|
|
|
0)) {
|
|
|
|
|
found = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!found)
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
/**
|
|
|
|
|
* wpa_bss_update_end - End a BSS table update from scan results
|
|
|
|
|
* @wpa_s: Pointer to wpa_supplicant data
|
|
|
|
|
* @info: Information about scan parameters
|
|
|
|
|
* @new_scan: Whether this update round was based on a new scan
|
|
|
|
|
*
|
|
|
|
|
* This function is called at the end of each BSS table update round for new
|
|
|
|
|
* scan results. The start of the update was indicated with a call to
|
|
|
|
|
* wpa_bss_update_start().
|
|
|
|
|
*/
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
void wpa_bss_update_end(struct wpa_supplicant *wpa_s, struct scan_info *info,
|
|
|
|
|
int new_scan)
|
|
|
|
|
{
|
|
|
|
|
struct wpa_bss *bss, *n;
|
|
|
|
|
|
2015-04-18 05:04:12 +00:00
|
|
|
os_get_reltime(&wpa_s->last_scan);
|
2017-10-18 03:44:27 +00:00
|
|
|
if ((info && info->aborted) || !new_scan)
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
return; /* do not expire entries without new scan */
|
|
|
|
|
|
|
|
|
|
dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
|
|
|
|
|
if (wpa_bss_in_use(wpa_s, bss))
|
|
|
|
|
continue;
|
|
|
|
|
if (!wpa_bss_included_in_scan(bss, info))
|
|
|
|
|
continue; /* expire only BSSes that were scanned */
|
|
|
|
|
if (bss->last_update_idx < wpa_s->bss_update_idx)
|
|
|
|
|
bss->scan_miss_count++;
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
if (bss->scan_miss_count >=
|
|
|
|
|
wpa_s->conf->bss_expiration_scan_count) {
|
|
|
|
|
wpa_bss_remove(wpa_s, bss, "no match in scan");
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
}
|
|
|
|
|
}
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
|
2021-03-19 03:13:37 +00:00
|
|
|
wpa_printf(MSG_DEBUG, "BSS: last_scan_res_used=%zu/%zu",
|
2015-04-18 05:04:12 +00:00
|
|
|
wpa_s->last_scan_res_used, wpa_s->last_scan_res_size);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
/**
|
|
|
|
|
* wpa_bss_flush_by_age - Flush old BSS entries
|
|
|
|
|
* @wpa_s: Pointer to wpa_supplicant data
|
|
|
|
|
* @age: Maximum entry age in seconds
|
|
|
|
|
*
|
|
|
|
|
* Remove BSS entries that have not been updated during the last @age seconds.
|
|
|
|
|
*/
|
|
|
|
|
void wpa_bss_flush_by_age(struct wpa_supplicant *wpa_s, int age)
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
{
|
|
|
|
|
struct wpa_bss *bss, *n;
|
2015-04-18 05:04:12 +00:00
|
|
|
struct os_reltime t;
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
|
|
|
|
|
if (dl_list_empty(&wpa_s->bss))
|
|
|
|
|
return;
|
|
|
|
|
|
2015-04-18 05:04:12 +00:00
|
|
|
os_get_reltime(&t);
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
t.sec -= age;
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
|
|
|
|
|
dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
|
|
|
|
|
if (wpa_bss_in_use(wpa_s, bss))
|
|
|
|
|
continue;
|
|
|
|
|
|
2015-04-18 05:04:12 +00:00
|
|
|
if (os_reltime_before(&bss->last_update, &t)) {
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
wpa_bss_remove(wpa_s, bss, __func__);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
} else
|
|
|
|
|
break;
|
|
|
|
|
}
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* wpa_bss_init - Initialize BSS table
|
|
|
|
|
* @wpa_s: Pointer to wpa_supplicant data
|
|
|
|
|
* Returns: 0 on success, -1 on failure
|
|
|
|
|
*
|
|
|
|
|
* This prepares BSS table lists and timer for periodic updates. The BSS table
|
|
|
|
|
* is deinitialized with wpa_bss_deinit() once not needed anymore.
|
|
|
|
|
*/
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
int wpa_bss_init(struct wpa_supplicant *wpa_s)
|
|
|
|
|
{
|
|
|
|
|
dl_list_init(&wpa_s->bss);
|
|
|
|
|
dl_list_init(&wpa_s->bss_id);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
/**
|
|
|
|
|
* wpa_bss_flush - Flush all unused BSS entries
|
|
|
|
|
* @wpa_s: Pointer to wpa_supplicant data
|
|
|
|
|
*/
|
|
|
|
|
void wpa_bss_flush(struct wpa_supplicant *wpa_s)
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
{
|
|
|
|
|
struct wpa_bss *bss, *n;
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
|
2015-04-18 05:04:12 +00:00
|
|
|
wpa_s->clear_driver_scan_cache = 1;
|
|
|
|
|
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
if (wpa_s->bss.next == NULL)
|
|
|
|
|
return; /* BSS table not yet initialized */
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
|
|
|
|
|
dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
|
|
|
|
|
if (wpa_bss_in_use(wpa_s, bss))
|
|
|
|
|
continue;
|
|
|
|
|
wpa_bss_remove(wpa_s, bss, __func__);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* wpa_bss_deinit - Deinitialize BSS table
|
|
|
|
|
* @wpa_s: Pointer to wpa_supplicant data
|
|
|
|
|
*/
|
|
|
|
|
void wpa_bss_deinit(struct wpa_supplicant *wpa_s)
|
|
|
|
|
{
|
|
|
|
|
wpa_bss_flush(wpa_s);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
/**
|
|
|
|
|
* wpa_bss_get_bssid - Fetch a BSS table entry based on BSSID
|
|
|
|
|
* @wpa_s: Pointer to wpa_supplicant data
|
|
|
|
|
* @bssid: BSSID
|
|
|
|
|
* Returns: Pointer to the BSS entry or %NULL if not found
|
|
|
|
|
*/
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
struct wpa_bss * wpa_bss_get_bssid(struct wpa_supplicant *wpa_s,
|
|
|
|
|
const u8 *bssid)
|
|
|
|
|
{
|
|
|
|
|
struct wpa_bss *bss;
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
|
|
|
|
|
return NULL;
|
|
|
|
|
dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0)
|
|
|
|
|
return bss;
|
|
|
|
|
}
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2015-04-18 05:04:12 +00:00
|
|
|
/**
|
|
|
|
|
* wpa_bss_get_bssid_latest - Fetch the latest BSS table entry based on BSSID
|
|
|
|
|
* @wpa_s: Pointer to wpa_supplicant data
|
|
|
|
|
* @bssid: BSSID
|
|
|
|
|
* Returns: Pointer to the BSS entry or %NULL if not found
|
|
|
|
|
*
|
|
|
|
|
* This function is like wpa_bss_get_bssid(), but full BSS table is iterated to
|
|
|
|
|
* find the entry that has the most recent update. This can help in finding the
|
|
|
|
|
* correct entry in cases where the SSID of the AP may have changed recently
|
|
|
|
|
* (e.g., in WPS reconfiguration cases).
|
|
|
|
|
*/
|
|
|
|
|
struct wpa_bss * wpa_bss_get_bssid_latest(struct wpa_supplicant *wpa_s,
|
|
|
|
|
const u8 *bssid)
|
|
|
|
|
{
|
|
|
|
|
struct wpa_bss *bss, *found = NULL;
|
|
|
|
|
if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
|
|
|
|
|
return NULL;
|
|
|
|
|
dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
|
|
|
|
|
if (os_memcmp(bss->bssid, bssid, ETH_ALEN) != 0)
|
|
|
|
|
continue;
|
|
|
|
|
if (found == NULL ||
|
|
|
|
|
os_reltime_before(&found->last_update, &bss->last_update))
|
|
|
|
|
found = bss;
|
|
|
|
|
}
|
|
|
|
|
return found;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
#ifdef CONFIG_P2P
|
|
|
|
|
/**
|
2021-03-19 03:13:37 +00:00
|
|
|
* wpa_bss_get_p2p_dev_addr - Fetch the latest BSS table entry based on P2P Device Addr
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
* @wpa_s: Pointer to wpa_supplicant data
|
|
|
|
|
* @dev_addr: P2P Device Address of the GO
|
|
|
|
|
* Returns: Pointer to the BSS entry or %NULL if not found
|
2021-03-19 03:13:37 +00:00
|
|
|
*
|
|
|
|
|
* This function tries to find the entry that has the most recent update. This
|
|
|
|
|
* can help in finding the correct entry in cases where the SSID of the P2P
|
|
|
|
|
* Device may have changed recently.
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
*/
|
|
|
|
|
struct wpa_bss * wpa_bss_get_p2p_dev_addr(struct wpa_supplicant *wpa_s,
|
|
|
|
|
const u8 *dev_addr)
|
|
|
|
|
{
|
2021-03-19 03:13:37 +00:00
|
|
|
struct wpa_bss *bss, *found = NULL;
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
|
|
|
|
|
u8 addr[ETH_ALEN];
|
2021-03-19 03:13:37 +00:00
|
|
|
if (p2p_parse_dev_addr(wpa_bss_ie_ptr(bss), bss->ie_len,
|
|
|
|
|
addr) != 0 ||
|
|
|
|
|
os_memcmp(addr, dev_addr, ETH_ALEN) != 0)
|
|
|
|
|
continue;
|
|
|
|
|
if (!found ||
|
|
|
|
|
os_reltime_before(&found->last_update, &bss->last_update))
|
|
|
|
|
found = bss;
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
}
|
2021-03-19 03:13:37 +00:00
|
|
|
return found;
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
}
|
|
|
|
|
#endif /* CONFIG_P2P */
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* wpa_bss_get_id - Fetch a BSS table entry based on identifier
|
|
|
|
|
* @wpa_s: Pointer to wpa_supplicant data
|
|
|
|
|
* @id: Unique identifier (struct wpa_bss::id) assigned for the entry
|
|
|
|
|
* Returns: Pointer to the BSS entry or %NULL if not found
|
|
|
|
|
*/
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
struct wpa_bss * wpa_bss_get_id(struct wpa_supplicant *wpa_s, unsigned int id)
|
|
|
|
|
{
|
|
|
|
|
struct wpa_bss *bss;
|
|
|
|
|
dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
|
|
|
|
|
if (bss->id == id)
|
|
|
|
|
return bss;
|
|
|
|
|
}
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2015-04-18 05:04:12 +00:00
|
|
|
/**
|
|
|
|
|
* wpa_bss_get_id_range - Fetch a BSS table entry based on identifier range
|
|
|
|
|
* @wpa_s: Pointer to wpa_supplicant data
|
|
|
|
|
* @idf: Smallest allowed identifier assigned for the entry
|
|
|
|
|
* @idf: Largest allowed identifier assigned for the entry
|
|
|
|
|
* Returns: Pointer to the BSS entry or %NULL if not found
|
|
|
|
|
*
|
|
|
|
|
* This function is similar to wpa_bss_get_id() but allows a BSS entry with the
|
|
|
|
|
* smallest id value to be fetched within the specified range without the
|
|
|
|
|
* caller having to know the exact id.
|
|
|
|
|
*/
|
|
|
|
|
struct wpa_bss * wpa_bss_get_id_range(struct wpa_supplicant *wpa_s,
|
|
|
|
|
unsigned int idf, unsigned int idl)
|
|
|
|
|
{
|
|
|
|
|
struct wpa_bss *bss;
|
|
|
|
|
dl_list_for_each(bss, &wpa_s->bss_id, struct wpa_bss, list_id) {
|
|
|
|
|
if (bss->id >= idf && bss->id <= idl)
|
|
|
|
|
return bss;
|
|
|
|
|
}
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
/**
|
|
|
|
|
* wpa_bss_get_ie - Fetch a specified information element from a BSS entry
|
|
|
|
|
* @bss: BSS table entry
|
|
|
|
|
* @ie: Information element identitifier (WLAN_EID_*)
|
|
|
|
|
* Returns: Pointer to the information element (id field) or %NULL if not found
|
|
|
|
|
*
|
|
|
|
|
* This function returns the first matching information element in the BSS
|
|
|
|
|
* entry.
|
|
|
|
|
*/
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
const u8 * wpa_bss_get_ie(const struct wpa_bss *bss, u8 ie)
|
|
|
|
|
{
|
2021-03-19 03:13:37 +00:00
|
|
|
return get_ie(wpa_bss_ie_ptr(bss), bss->ie_len, ie);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* wpa_bss_get_ie_ext - Fetch a specified extended IE from a BSS entry
|
|
|
|
|
* @bss: BSS table entry
|
|
|
|
|
* @ext: Information element extension identifier (WLAN_EID_EXT_*)
|
|
|
|
|
* Returns: Pointer to the information element (id field) or %NULL if not found
|
|
|
|
|
*
|
|
|
|
|
* This function returns the first matching information element in the BSS
|
|
|
|
|
* entry.
|
|
|
|
|
*/
|
|
|
|
|
const u8 * wpa_bss_get_ie_ext(const struct wpa_bss *bss, u8 ext)
|
|
|
|
|
{
|
|
|
|
|
return get_ie_ext(wpa_bss_ie_ptr(bss), bss->ie_len, ext);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
/**
|
|
|
|
|
* wpa_bss_get_vendor_ie - Fetch a vendor information element from a BSS entry
|
|
|
|
|
* @bss: BSS table entry
|
|
|
|
|
* @vendor_type: Vendor type (four octets starting the IE payload)
|
|
|
|
|
* Returns: Pointer to the information element (id field) or %NULL if not found
|
|
|
|
|
*
|
|
|
|
|
* This function returns the first matching information element in the BSS
|
|
|
|
|
* entry.
|
|
|
|
|
*/
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
const u8 * wpa_bss_get_vendor_ie(const struct wpa_bss *bss, u32 vendor_type)
|
|
|
|
|
{
|
2021-03-19 03:13:37 +00:00
|
|
|
const u8 *ies;
|
|
|
|
|
const struct element *elem;
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
|
2021-03-19 03:13:37 +00:00
|
|
|
ies = wpa_bss_ie_ptr(bss);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
|
2021-03-19 03:13:37 +00:00
|
|
|
for_each_element_id(elem, WLAN_EID_VENDOR_SPECIFIC, ies, bss->ie_len) {
|
|
|
|
|
if (elem->datalen >= 4 &&
|
|
|
|
|
vendor_type == WPA_GET_BE32(elem->data))
|
|
|
|
|
return &elem->id;
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2015-04-18 05:04:12 +00:00
|
|
|
/**
|
|
|
|
|
* wpa_bss_get_vendor_ie_beacon - Fetch a vendor information from a BSS entry
|
|
|
|
|
* @bss: BSS table entry
|
|
|
|
|
* @vendor_type: Vendor type (four octets starting the IE payload)
|
|
|
|
|
* Returns: Pointer to the information element (id field) or %NULL if not found
|
|
|
|
|
*
|
|
|
|
|
* This function returns the first matching information element in the BSS
|
|
|
|
|
* entry.
|
|
|
|
|
*
|
|
|
|
|
* This function is like wpa_bss_get_vendor_ie(), but uses IE buffer only
|
|
|
|
|
* from Beacon frames instead of either Beacon or Probe Response frames.
|
|
|
|
|
*/
|
|
|
|
|
const u8 * wpa_bss_get_vendor_ie_beacon(const struct wpa_bss *bss,
|
|
|
|
|
u32 vendor_type)
|
|
|
|
|
{
|
2021-03-19 03:13:37 +00:00
|
|
|
const u8 *ies;
|
|
|
|
|
const struct element *elem;
|
2015-04-18 05:04:12 +00:00
|
|
|
|
|
|
|
|
if (bss->beacon_ie_len == 0)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
2021-03-19 03:13:37 +00:00
|
|
|
ies = wpa_bss_ie_ptr(bss);
|
|
|
|
|
ies += bss->ie_len;
|
2015-04-18 05:04:12 +00:00
|
|
|
|
2021-03-19 03:13:37 +00:00
|
|
|
for_each_element_id(elem, WLAN_EID_VENDOR_SPECIFIC, ies,
|
|
|
|
|
bss->beacon_ie_len) {
|
|
|
|
|
if (elem->datalen >= 4 &&
|
|
|
|
|
vendor_type == WPA_GET_BE32(elem->data))
|
|
|
|
|
return &elem->id;
|
2015-04-18 05:04:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
/**
|
|
|
|
|
* wpa_bss_get_vendor_ie_multi - Fetch vendor IE data from a BSS entry
|
|
|
|
|
* @bss: BSS table entry
|
|
|
|
|
* @vendor_type: Vendor type (four octets starting the IE payload)
|
|
|
|
|
* Returns: Pointer to the information element payload or %NULL if not found
|
|
|
|
|
*
|
|
|
|
|
* This function returns concatenated payload of possibly fragmented vendor
|
|
|
|
|
* specific information elements in the BSS entry. The caller is responsible for
|
|
|
|
|
* freeing the returned buffer.
|
|
|
|
|
*/
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
struct wpabuf * wpa_bss_get_vendor_ie_multi(const struct wpa_bss *bss,
|
|
|
|
|
u32 vendor_type)
|
|
|
|
|
{
|
|
|
|
|
struct wpabuf *buf;
|
|
|
|
|
const u8 *end, *pos;
|
|
|
|
|
|
|
|
|
|
buf = wpabuf_alloc(bss->ie_len);
|
|
|
|
|
if (buf == NULL)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
2021-03-19 03:13:37 +00:00
|
|
|
pos = wpa_bss_ie_ptr(bss);
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
end = pos + bss->ie_len;
|
|
|
|
|
|
2017-10-18 03:44:27 +00:00
|
|
|
while (end - pos > 1) {
|
2021-03-19 03:13:37 +00:00
|
|
|
u8 ie, len;
|
|
|
|
|
|
|
|
|
|
ie = pos[0];
|
|
|
|
|
len = pos[1];
|
|
|
|
|
if (len > end - pos - 2)
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
break;
|
2021-03-19 03:13:37 +00:00
|
|
|
pos += 2;
|
|
|
|
|
if (ie == WLAN_EID_VENDOR_SPECIFIC && len >= 4 &&
|
|
|
|
|
vendor_type == WPA_GET_BE32(pos))
|
|
|
|
|
wpabuf_put_data(buf, pos + 4, len - 4);
|
|
|
|
|
pos += len;
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (wpabuf_len(buf) == 0) {
|
|
|
|
|
wpabuf_free(buf);
|
|
|
|
|
buf = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return buf;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
/**
|
|
|
|
|
* wpa_bss_get_vendor_ie_multi_beacon - Fetch vendor IE data from a BSS entry
|
|
|
|
|
* @bss: BSS table entry
|
|
|
|
|
* @vendor_type: Vendor type (four octets starting the IE payload)
|
|
|
|
|
* Returns: Pointer to the information element payload or %NULL if not found
|
|
|
|
|
*
|
|
|
|
|
* This function returns concatenated payload of possibly fragmented vendor
|
|
|
|
|
* specific information elements in the BSS entry. The caller is responsible for
|
|
|
|
|
* freeing the returned buffer.
|
|
|
|
|
*
|
|
|
|
|
* This function is like wpa_bss_get_vendor_ie_multi(), but uses IE buffer only
|
|
|
|
|
* from Beacon frames instead of either Beacon or Probe Response frames.
|
|
|
|
|
*/
|
|
|
|
|
struct wpabuf * wpa_bss_get_vendor_ie_multi_beacon(const struct wpa_bss *bss,
|
|
|
|
|
u32 vendor_type)
|
|
|
|
|
{
|
|
|
|
|
struct wpabuf *buf;
|
|
|
|
|
const u8 *end, *pos;
|
|
|
|
|
|
|
|
|
|
buf = wpabuf_alloc(bss->beacon_ie_len);
|
|
|
|
|
if (buf == NULL)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
2021-03-19 03:13:37 +00:00
|
|
|
pos = wpa_bss_ie_ptr(bss);
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
pos += bss->ie_len;
|
|
|
|
|
end = pos + bss->beacon_ie_len;
|
|
|
|
|
|
2017-10-18 03:44:27 +00:00
|
|
|
while (end - pos > 1) {
|
|
|
|
|
if (2 + pos[1] > end - pos)
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
break;
|
|
|
|
|
if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
|
|
|
|
|
vendor_type == WPA_GET_BE32(&pos[2]))
|
|
|
|
|
wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4);
|
|
|
|
|
pos += 2 + pos[1];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (wpabuf_len(buf) == 0) {
|
|
|
|
|
wpabuf_free(buf);
|
|
|
|
|
buf = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return buf;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* wpa_bss_get_max_rate - Get maximum legacy TX rate supported in a BSS
|
|
|
|
|
* @bss: BSS table entry
|
|
|
|
|
* Returns: Maximum legacy rate in units of 500 kbps
|
|
|
|
|
*/
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
int wpa_bss_get_max_rate(const struct wpa_bss *bss)
|
|
|
|
|
{
|
|
|
|
|
int rate = 0;
|
|
|
|
|
const u8 *ie;
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
|
|
|
|
|
for (i = 0; ie && i < ie[1]; i++) {
|
|
|
|
|
if ((ie[i + 2] & 0x7f) > rate)
|
|
|
|
|
rate = ie[i + 2] & 0x7f;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ie = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES);
|
|
|
|
|
for (i = 0; ie && i < ie[1]; i++) {
|
|
|
|
|
if ((ie[i + 2] & 0x7f) > rate)
|
|
|
|
|
rate = ie[i + 2] & 0x7f;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return rate;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
Import wpa_supplicant / hostapd 2.0.
2013-01-12 - v2.0
* added AP-STA-DISCONNECTED ctrl_iface event
* improved debug logging (human readable event names, interface name
included in more entries)
* added number of small changes to make it easier for static analyzers
to understand the implementation
* added a workaround for Windows 7 Michael MIC failure reporting and
use of the Secure bit in EAPOL-Key msg 3/4
* fixed number of small bugs (see git logs for more details)
* changed OpenSSL to read full certificate chain from server_cert file
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands
- additional information for driver-based AP SME
* EAP-pwd:
- fix KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using hostapd SME/MLME)
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* fixed WPS operation stopping on dual concurrent AP
* added wps_rf_bands configuration parameter for overriding RF Bands
value for WPS
* added support for getting per-device PSK from RADIUS Tunnel-Password
* added support for libnl 3.2 and newer
* increased initial group key handshake retransmit timeout to 500 ms
* added a workaround for 4-way handshake to update SNonce even after
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
implementations that can change SNonce for each EAP-Key 2/4
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
WPA2 mode (some deployed stations use WPA type in that message)
* added a WPS workaround for mixed mode AP Settings with Windows 7
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
consecutive failures in addition to using the exponential lockout
period
* added support for WFA Hotspot 2.0
- GAS/ANQP advertisement of network information
- disable_dgaf parameter to disable downstream group-addressed
forwarding
* simplified licensing terms by selecting the BSD license as the only
alternative
* EAP-SIM: fixed re-authentication not to update pseudonym
* EAP-SIM: use Notification round before EAP-Failure
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
* EAP-AKA': fixed identity for MK derivation
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
* changed ANonce to be a random number instead of Counter-based
* added support for canceling WPS operations with hostapd_cli wps_cancel
* fixed EAP/WPS to PSK transition on reassociation in cases where
deauthentication is missed
* hlr_auc_gw enhancements:
- a new command line parameter -u can be used to enable updating of
SQN in Milenage file
- use 5 bit IND for SQN updates
- SQLite database can now be used to store Milenage information
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
and reauth data
* added support for Chargeable-User-Identity (RFC 4372)
* added radius_auth_req_attr and radius_acct_req_attr configuration
parameters to allow adding/overriding of RADIUS attributes in
Access-Request and Accounting-Request packets
* added support for RADIUS dynamic authorization server (RFC 5176)
* added initial support for WNM operations
- BSS max idle period
- WNM-Sleep Mode
* added new WPS NFC ctrl_iface mechanism
- removed obsoleted WPS_OOB command (including support for deprecated
UFD config_method)
* added FT support for drivers that implement MLME internally
* added SA Query support for drivers that implement MLME internally
* removed default ACM=1 from AC_VO and AC_VI
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
specific elements to be added to the Beacon and Probe Response frames
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for 256-bit AES with internal TLS implementation
* changed EAPOL transmission to use AC_VO if WMM is active
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
correctly; invalid messages could have caused the hostapd process to
terminate before this fix [CVE-2012-4445]
* limit number of active wildcard PINs for WPS Registrar to one to avoid
confusing behavior with multiple wildcard PINs
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added support for using SQLite for the eap_user database
* added Acct-Session-Id attribute into Access-Request messages
* fixed EAPOL frame transmission to non-QoS STAs with nl80211
(do not send QoS frames if the STA did not negotiate use of QoS for
this association)
2012-05-10 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
2013-06-25 02:47:41 +00:00
|
|
|
/**
|
|
|
|
|
* wpa_bss_get_bit_rates - Get legacy TX rates supported in a BSS
|
|
|
|
|
* @bss: BSS table entry
|
|
|
|
|
* @rates: Buffer for returning a pointer to the rates list (units of 500 kbps)
|
|
|
|
|
* Returns: number of legacy TX rates or -1 on failure
|
|
|
|
|
*
|
|
|
|
|
* The caller is responsible for freeing the returned buffer with os_free() in
|
|
|
|
|
* case of success.
|
|
|
|
|
*/
|
Import wpa_supplicant / hostapd 0.7.3.
Changes:
2010-09-07 - v0.7.3
* fixed fallback from failed PMKSA caching into full EAP authentication
[Bug 355]
* fixed issue with early D-Bus signals during initialization
* fixed X.509 name handling in internal TLS
* fixed WPS ER to use corrent Enrollee MAC Address in Credential
* fixed scanning routines ot improve AP selection for WPS
* added WPS workaround for open networks
* fixed WPS Diffie-Hellman derivation to use correct public key length
* fixed wpa_supplicant AP mode operations to ignore Supplicant and
scan result events
* improved SME operations with nl80211
* fixed WPS ER event_id handling in some cases
* fixed some issues with bgscan simple to avoid unnecessary scans
* fixed issue with l2_packet_ndis overlapped writes corrupting stack
[Bug 328]
* updated WinPcap to the latest stable version 4.1.2 in Windows
installer
2010-04-18 - v0.7.2
* nl80211: fixed number of issues with roaming
* avoid unnecessary roaming if multiple APs with similar signal
strength are present in scan results
* add TLS client events and server probing to ease design of
automatic detection of EAP parameters
* add option for server certificate matching (SHA256 hash of the
certificate) instead of trusted CA certificate configuration
* bsd: Cleaned up driver wrapper and added various low-level
configuration options
* wpa_gui-qt4: do not show too frequent WPS AP available events as
tray messages
* TNC: fixed issues with fragmentation
* EAP-TNC: add Flags field into fragment acknowledgement (needed to
interoperate with other implementations; may potentially breaks
compatibility with older wpa_supplicant/hostapd versions)
* wpa_cli: added option for using a separate process to receive event
messages to reduce latency in showing these
(CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this)
* maximum BSS table size can now be configured (bss_max_count)
* BSSes to be included in the BSS table can be filtered based on
configured SSIDs to save memory (filter_ssids)
* fix number of issues with IEEE 802.11r/FT; this version is not
backwards compatible with old versions
* nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
and over-the-DS)
* add freq_list network configuration parameter to allow the AP
selection to filter out entries based on the operating channel
* add signal strength change events for bgscan; this allows more
dynamic changes to background scanning interval based on changes in
the signal strength with the current AP; this improves roaming within
ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network
configuration block to request background scans less frequently when
signal strength remains good and to automatically trigger background
scans whenever signal strength drops noticeably
(this is currently only available with nl80211)
* add BSSID and reason code (if available) to disconnect event messages
* wpa_gui-qt4: more complete support for translating the GUI with
linguist and add German translation
* fix DH padding with internal crypto code (mainly, for WPS)
* do not trigger initial scan automatically anymore if there are no
enabled networks
2010-01-16 - v0.7.1
* cleaned up driver wrapper API (struct wpa_driver_ops); the new API
is not fully backwards compatible, so out-of-tree driver wrappers
will need modifications
* cleaned up various module interfaces
* merge hostapd and wpa_supplicant developers' documentation into a
single document
* nl80211: use explicit deauthentication to clear cfg80211 state to
avoid issues when roaming between APs
* dbus: major design changes in the new D-Bus API
(fi.w1.wpa_supplicant1)
* nl80211: added support for IBSS networks
* added internal debugging mechanism with backtrace support and memory
allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
* added WPS ER unsubscription command to more cleanly unregister from
receiving UPnP events when ER is terminated
* cleaned up AP mode operations to avoid need for virtual driver_ops
wrapper
* added BSS table to maintain more complete scan result information
over multiple scans (that may include only partial results)
* wpa_gui-qt4: update Peers dialog information more dynamically while
the dialog is kept open
* fixed PKCS#12 use with OpenSSL 1.0.0
* driver_wext: Added cfg80211-specific optimization to avoid some
unnecessary scans and to speed up association
2009-11-21 - v0.7.0
* increased wpa_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* fixed scan buffer processing with WEXT to handle up to 65535
byte result buffer (previously, limited to 32768 bytes)
* allow multiple driver wrappers to be specified on command line
(e.g., -Dnl80211,wext); the first one that is able to initialize the
interface will be used
* added support for multiple SSIDs per scan request to optimize
scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
SSIDs); this requires driver support and can currently be used only
with nl80211
* added support for WPS USBA out-of-band mechanism with USB Flash
Drives (UFD) (CONFIG_WPS_UFD=y)
* driver_ndis: add PAE group address to the multicast address list to
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
* fixed SHA-256 based key derivation function to match with the
standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
(note: this breaks interoperability with previous version) [Bug 307]
* use shared driver wrapper files with hostapd
* added AP mode functionality (CONFIG_AP=y) with mode=2 in the network
block; this can be used for open and WPA2-Personal networks
(optionally, with WPS); this links in parts of hostapd functionality
into wpa_supplicant
* wpa_gui-qt4: added new Peers dialog to show information about peers
(other devices, including APs and stations, etc. in the neighborhood)
* added support for WPS External Registrar functionality (configure APs
and enroll new devices); can be used with wpa_gui-qt4 Peers dialog
and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin,
wps_er_pbc, wps_er_learn
(this can also be used with a new 'none' driver wrapper if no
wireless device or IEEE 802.1X on wired is needed)
* driver_nl80211: multiple updates to provide support for new Linux
nl80211/mac80211 functionality
* updated management frame protection to use IEEE Std 802.11w-2009
* fixed number of small WPS issues and added workarounds to
interoperate with common deployed broken implementations
* added support for NFC out-of-band mechanism with WPS
* driver_ndis: fixed wired IEEE 802.1X authentication with PAE group
address frames
* added preliminary support for IEEE 802.11r RIC processing
* added support for specifying subset of enabled frequencies to scan
(scan_freq option in the network configuration block); this can speed
up scanning process considerably if it is known that only a small
subset of channels is actually used in the network (this is currently
supported only with -Dnl80211)
* added a workaround for race condition between receiving the
association event and the following EAPOL-Key
* added background scan and roaming infrastructure to allow
network-specific optimizations to be used to improve roaming within
an ESS (same SSID)
* added new DBus interface (fi.w1.wpa_supplicant1)
2010-10-29 08:01:21 +00:00
|
|
|
int wpa_bss_get_bit_rates(const struct wpa_bss *bss, u8 **rates)
|
|
|
|
|
{
|
|
|
|
|
const u8 *ie, *ie2;
|
|
|
|
|
int i, j;
|
|
|
|
|
unsigned int len;
|
|
|
|
|
u8 *r;
|
|
|
|
|
|
|
|
|
|
ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
|
|
|
|
|
ie2 = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES);
|
|
|
|
|
|
|
|
|
|
len = (ie ? ie[1] : 0) + (ie2 ? ie2[1] : 0);
|
|
|
|
|
|
|
|
|
|
r = os_malloc(len);
|
|
|
|
|
if (!r)
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
for (i = 0; ie && i < ie[1]; i++)
|
|
|
|
|
r[i] = ie[i + 2] & 0x7f;
|
|
|
|
|
|
|
|
|
|
for (j = 0; ie2 && j < ie2[1]; j++)
|
|
|
|
|
r[i + j] = ie2[j + 2] & 0x7f;
|
|
|
|
|
|
|
|
|
|
*rates = r;
|
|
|
|
|
return len;
|
|
|
|
|
}
|
2018-12-06 05:04:28 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef CONFIG_FILS
|
2021-03-19 03:13:37 +00:00
|
|
|
const u8 * wpa_bss_get_fils_cache_id(const struct wpa_bss *bss)
|
2018-12-06 05:04:28 +00:00
|
|
|
{
|
|
|
|
|
const u8 *ie;
|
|
|
|
|
|
|
|
|
|
if (bss) {
|
|
|
|
|
ie = wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION);
|
|
|
|
|
if (ie && ie[1] >= 4 && WPA_GET_LE16(ie + 2) & BIT(7))
|
|
|
|
|
return ie + 4;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
#endif /* CONFIG_FILS */
|
2019-04-22 15:42:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
int wpa_bss_ext_capab(const struct wpa_bss *bss, unsigned int capab)
|
|
|
|
|
{
|
2021-03-19 03:13:37 +00:00
|
|
|
if (!bss)
|
|
|
|
|
return 0;
|
2019-04-22 15:42:53 +00:00
|
|
|
return ieee802_11_ext_capab(wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB),
|
|
|
|
|
capab);
|
|
|
|
|
}
|
