As of hostap 2.10, WEP is disabled by default. This of course is not a
bad thing but requires some planning and an announcment to remove WEP
support by default. A possible src.conf knob or letting users know they
should use the port instead might different options.
MFC after: 3 days
Disable P2P in WPS as it is not supported by FreeBSD. Also, it is not
enabled in wpa_supplicant so the WPS P2P code is redundant.
PR: 264238
Reported by: adrian
MFC after: 3 days
When scan_ssid=1 the list of configured SSIDs is available to
eavesdroppers. Note this in the man page.
PR: 194122
Reviewed by: debdrup, Pau Amma
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34576
This reverts commit a30e8044aa.
WITHOUT_OPENSSL build is a subset of WITHOUT_CRYPT build. It was
incorrect to label this patch as fixing WITHOUT_CRYPT when in fact
it fixes WITHOUT_OPENSSL. The build failure will be addressed in a
fix for WITHOUT_OPENSSL build.
MFC after: 1 week
Global options are defined in usr.sbin/wpa/Makefile.inc. Those in
usr.sbin/wpa/src/crypto/Makefile are duplicates of those found above.
Remove them.
MFC after: 1 week
PASN requires CRYPT and when built WITHOUT_CRYPT buildworld
fails. Only enable PASN when MK_CRYPT is enabled (default).
PR: 259517
Reported by: emaste
Fixes: c1d255d3ff
MFC after: 1 week
RSN Preauthentication allows a station autnetnicate to an AP that
it is not associated with yet while associated with a different AP.
This allows athentication to multiple APs simulteneously.
Tested by: philip
MFC after: 2 months
Enable WiFi 6 MBO (Multi Band Operation). MBO is a prereq to 802.11ax.
MBO allows the efficient use of multiple frequency bands (channels).
To facilitate MBO, WNM (Wireless Network Monitoring) is a prerequisite.
It is required to build.
Tested by: philip
MFC after: 2 months
Though not all include file search directories are presently needed,
add them to the search list. This is required for the next update to
wpa.
No functional change intended.
MFC after: 1 week
Incorrectly linked built-in wpa functions resulted in overwriting
sm->ctx->set_rekey_offload with garbage. It was initialized correctly
however it changed after wpa_supplicant became a daemon.
No SIGBUS violations reported by dhw@ were experienced during testing
of the original commit by msyelf or philip@.
Reported by: dhw
Tested by: dhw
MFC after: 2 months
X-MFC with: 25ecdc7d52
The current WPA build assumes a flat namespace. However the latest sources
from w1.fi now have a duplicate config.c, in two separate subdirectories.
The flat namespace will overwrite config.o with the output from the most
recently modified config.c, of which there are two of them.
This commit resolves this problem by building each component in
wpa's src subdirectory tree into its own .a archive, just as the w1.fi
upstream build as used by the port does. The advantages of this approach
are:
1. Duplicate source file names, i.e. config.c in the wpa_supplicant
direcory and another config.c in src/utils in the next wpa
will result in both compiles writing to the same .o file.
2. This restructure simplifies maintanence. A develper needs only to add
new files as identified by git status in the vendor branch to the
appropriate Makefile within the usr.sbin/wpa tree. This also reduces
time required to prepare a new import and should reduce error.
3. The new wpa build structure more closely represents the build as
performed by the upstream tarball.
This is in preparation for the next wpa update from w1.fi.
Reviewed by: philip
Tested by: philip
MFC after: 2 months
Differential Revision: https://reviews.freebsd.org/D30372
b51f459a20 resulted in a mismerge
due to having to do a remerge because my tree was over a week out of
date. Changes that were made to fix the build were lost in the remerge
resulting in build errors that were fixed a week ago.
nids(4) was a clever idea in the early 2000's when the market was
flooded with 10/100 NICs with Windows-only drivers, but that hasn't been
the case for ages and the driver has had no meaningful maintenance in
ages. It only supports Windows-XP era drivers.
Also remove:
- ndis support from wpa_supplicant
- ndiscvt(8)
Reviewed By: emaste, bcr (manpages)
Differential Revision: https://reviews.freebsd.org/D27609
is enabled.
This builds wpa_supplicant / hostpad using internal encryption routines
rather than using libcrypt.
This has been supported in wpa for years now, however since we use
local makefiles for this, we bitrotted dependencies and configuration
options.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D27958
The current default is provided in various Makefile.inc in some top-level
directories and covers a good portion of the tree, but doesn't cover parts
of the build a little deeper (e.g. libcasper).
Provide a default in src.sys.mk and set WARNS to it in bsd.sys.mk if that
variable is defined. This lets us relatively cleanly provide a default WARNS
no matter where you're building in the src tree without breaking things
outside of the tree.
Crunchgen has been updated as a bootstrap tool to work on this change
because it needs r365605 at a minimum to succeed. The cleanup necessary to
successfully walk over this change on WITHOUT_CLEAN builds has been added.
There is a supplemental project to this to list all of the warnings that are
encountered when the environment has WARNS=6 NO_WERROR=yes:
https://warns.kevans.dev -- this project will hopefully eventually go away
in favor of CI doing a much better job than it.
Reviewed by: emaste, brooks, ngie (all earlier version)
Reviewed by: emaste, arichardson (depend-cleanup.sh change)
Differential Revision: https://reviews.freebsd.org/D26455
If the interfaces on which wpa_supplicant is to run are not known or do
not exist, wpa_supplicant can match an interface when it arrives. Each
matched interface is separated with -M argument and the -i argument now
allows for pattern matching.
As an example, the following command would start wpa_supplicant for a
specific wired interface called lan0, any interface starting with wlan
and lastly any other interface. Each match has its own configuration
file, and for the wired interface a specific driver has also been given.
wpa_supplicant \
-M -c wpa_wired.conf -ilan0 -D wired \
-M -c wpa1.conf -iwlan* \
-M -c wpa2.conf
PR: 247177
Reported by: greg@unrelenting.technology
MFC after: 1 month
Related to: ports r540412
The build failure was discoved by Michael Dexter's recent Build Options
Survey run, at https://callfortesting.org/results/bos-2020-01-16/\
WITHOUT_WPA_SUPPLICANT_EAPOL-small.txt.
Reported by: Michael Dexter <editor@callfortesting.org> via emaste
MFC after: 2 weeks
Leaf directories that have dependencies impacted
by options need a Makefile.depend.options file
to avoid churn in Makefile.depend
DIRDEPS for cases such as OPENSSL, TCP_WRAPPERS etc
can be set in local.dirdeps-options.mk
which can add to those set in Makefile.depend.options
See share/mk/dirdeps-options.mk
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D22469
Move the hostapd related files from FreeBSD-runtime to a new package n
FreeBSD-hostapd
The FreeBSD runtime is only intended to have everything for a working
FreeBSD installation and hostapd isn't needed for that.
Reviewed by: bapt, gjb
Differential Revision: https://reviews.freebsd.org/D20958
Move the wpa related files from FreeBSD-runtime to a new package named
FreeBSD-wpa
The FreeBSD runtime is only intended to have everything for a working
FreeBSD installation and wpa isn't needed for that.
Reviewed by: bapt, gjb
Differential Revision: https://reviews.freebsd.org/D20957
Since these things are more completely controlled by the MK_OPENSSL knob, remove
RELEASE_CRUNCH here. It's no longer needed for the release and other users can
use the more proper knob if they so desire.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
Initially, only tag files that use BSD 4-Clause "Original" license.
RelNotes: yes
Differential Revision: https://reviews.freebsd.org/D13133
