_FORTIFY_SOURCE requires at least -O2 optimization level.
This may result in compilation warnings. Fix it.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Introduce a new configuration option, "eht_bw320_offset", which enables
devices to specify a preferred channelization for 320 MHz BSSs when
using automatic channel selection (ACS). This option is applicable only
when the channel is not already decided and the bandwidth is set to 320
MHz.
The value and meaning of the option:
0: auto-detected by ACS
1: 320 MHz-1
2: 320 MHz-2
Co-developed-by: Money Wang <money.wang@mediatek.com>
Signed-off-by: Michael-CY Lee <michael-cy.lee@mediatek.com>
If the regulatory client EIRP PSD values advertised by an AP that is a
standard power AP or indoor standard power AP are insufficient to ensure
that regulatory client limits on total EIRP are always met for all
transmission bandwidths within the bandwidth of the AP’s BSS, the AP
shall also send a TPE element in Beacon and Probe Response frames as
that depicts the regulatory client EIRP limit.
Add support for this.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add configuration options for setting the Tx Power value
in the Transmit Power Envelope for 6 GHz:
- The Tx power value for default client where the transmit
power interpretation is "Regulatory Client EIRP PSD"
- The Tx power value for subordinate client where the transmit
power interpretation is "Regulatory Client EIRP PSD"
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Update the HE regulatory information AP types based on IEEE
P802.11-REVme/D4.0. Set the default AP type to VLP. Check for valid
values when setting 'he_6ghz_reg_pwr_type' in the interface
configuration.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add a testing configuration such that the AP would be reported as
disabled in the RNR TBTT information MLD parameters included by other
affiliated APs of the AP MLD.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add support for overriding EHT Operation element puncturing mask
for testing purposes.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add a new hostapd configuration parameter sae_password_file to read SAE
passwords (i.e., the entries that use the previously added sae_password
parameter) from a separate file.
sae_password_file uses the following format for storing passphrases:
<password/credential>[|mac=<peer mac>][|vlanid=<VLAN ID>]
[|pk=<m:ECPrivateKey-base64>][|id=<identifier>]
Examples:
<password>
<password>|id=<pw identifier>
<password>|mac=02:03:04:05:06:01|vlanid=1
<password>|vlanid=3|id=<pw identifier>
Signed-off-by: Shiva Sankar Gajula <quic_sgajula@quicinc.com>
Link ID needs to be specified for MLD case when doing channel switch.
Add it to the driver command.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
Add support for reload_config hostapd_cli command as an alternative
mechanism for SIGHUP on the hostapd process.
When AP parameters such as ssid/encryption/password etc. are changed
externally in hostapd.conf, RELOAD_CONFIG cli will re-read the .conf,
update the in-memory contents and issue a change_beacon to update
beacon_ies.
For full config update, the following example sequence of commands can
be used:
hostapd_cli -i ath0 -p /var/run/hostapd-wifi0 disable
hostapd_cli -i ath0 -p /var/run/hostapd-wifi0 reload_config
hostapd_cli -i ath0 -p /var/run/hostapd-wifi0 enable
Signed-off-by: Sai Pratyusha Magam <quic_smagam@quicinc.com>
Move the hostapd and wpa_supplicant control interface handlers into a
shared functions instead of duplicated implementation.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
For AP MLD, when BSSID configuration is specified without mld_addr, the
first link address is used as the MLD MAC address as well. Though IEEE
P802.11be allows this, the current implementation and the kernel aren't
happy about it. Better avoid this.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add support for testing ML link removal to hostapd. While such support
should inherently be integrated with the underlining driver, simulate
the inclusion of the ML reconfiguration element in hostapd.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Leverage the already available control socket cmd "DRIVER_FLAGS2" and
dump the driver capab "flags2" bitmask on triggering the new CLI CMD
"driver_flags2", similar to the already existing CLI CMD "driver_flags".
$ hostapd_cli -i wlan0 driver_flags2
(OR)
$ wpa_cli -i wlan0 driver_flags2
0000000000000020:
BEACON_RATE_HE
Signed-off-by: Gokul Sivakumar <gokulkumar.sivakumar@infineon.com>
Add support for Authentication negotiated over IEEE Std 802.1X
with key derivation function using SHA-384.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This symbol was removed in an earlier commit. Remove this leftover which
was forgotten then.
Fixes: 7d2ed8bae ("Remove CONFIG_IEEE80211W build parameter")
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Allow the EAP-SIM/AKA server to be configured to use a smaller limit for
the number of times fast re-authentication can be used before falling
back to running full authentication. This is particularly useful for EAP
peer testing to cover cases when falling back from fast
re-authentication to full authentication in various different cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
While the EAP-SIM/AKA RFCs recommend against doing this, some deployed
authentication servers use the identity from the EAP-Response/Identity
directly without using an EAP method specific indication (AT_IDENTITY).
Having a capability to configure hostapd EAP server to behave in this
manner helps in increasing testing coverage for the EAP peer
implementation.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Use helper function is_zero_ether_addr() for checking empty bssid
value in hostapd_driver_init().
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
Add mld_addr configuration option to set the MLD MAC address.
The already existing bssid configuration option can be used to
control the AP MLD's link addresses.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
Add support for including multiple hostapd interfaces in the same AP
MLD, i.e., all using the same underlying driver network interface.
To do so, when a new hostapd interface is added, if there is already
another interface using the same underlying network interface, associate
the new interface with the same private data object, instead of creating
a new one.
As some of the BSSs are non-first BSSs, meaning that they reuse the
drv_priv of the initial BSS, make sure not to double free it.
Currently multiple BSS entries are not supported so always use bss[0]
for MLD.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Per IEEE P802.11az/D7.0, 12.12.3.2 (PASN Frame Construction and
Processing), responder should REFUSE PASN authentication frame 1 with
Base AKM as PASN AKM if dot11NoAuthPASNActivated is false. That
configuration was not previously available and hostapd was hardcoded
with dot11NoAuthPASNActivated being true.
Allow this to be configured and reject PASN authentication frame 1 from
initiator if pasn_noauth=0 and Base AKM in RSNE of this frame is PASN.
The default value for pasn_noauth is 1 to maintain previous
functionality even though the dot11NoAuthPASNActivated is defined to
have default value of false.
Signed-off-by: Sai Pratyusha Magam <quic_smagam@quicinc.com>
The hostapd_cli command to initiate DPP push button mode mandates at
least one argument to be provided. Arguments provided to the command
are used to optionally supply configuration options when running in
this mode. They are not strictly required for DPP push button mode to
start. This patch removes the min requirement check on the command.
Signed-off-by: Andrew Pope (andrew.pope@morsemicro.com)
Add validatation of center frequency, and filling of appropriate
bandwidth in the channel switch wrapper when the channel switch is done
to a 320 MHz channel.
Signed-off-by: Ramya Gnanasekar <quic_rgnanase@quicinc.com>
The following command does not return FAIL, but it fails to update the
beacon since the center frequency used in the command is not valid for
80 MHz bandwidth.
hostapd_cli -i wlan0 chan_switch 5 6315 sec_channel_offset=1 \
center_freq1=6345 bandwidth=80 he
Add condition check to validate the center frequency.
Also, if user doesn't provide HE parameter in the hostapd_cli
chan_switch command, by default HE should be enabled for 6 GHz
frequency range. This is because, 6 GHz does not support legacy
mode.
Signed-off-by: Anilkumar Kolli <quic_akolli@quicinc.com>
Co-developed-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
hostapd_cli did not clean up the sockets and attachments to receive
hostapd events when SIGTERM was used to terminate it in action script
mode.
Do proper cleanup by convering the action script processing
functionality to use eloop similarly to the wpa_cli changes in commit
13f6f617ee ("wpa_cli: Fix process termination in wpa_cli action mode
case") and by registering the process termination signal handler for all
cases instead of just for the interactive mode.
Signed-off-by: Sai Pratyusha Magam <quic_smagam@quicinc.com>
Add a new option 'punct_acs_threshold' where the value indicates
the percentage of ideal channel average interference factor above
which a channel should be punctured. Default is set to 0 which disables
the puncturing for ACS.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Add a new option to configure the disabled subchannel bitmap as per
IEEE P802.11be/D3.0, Figure 9-1002c (EHT Operation Information
field format).
Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
FILS discovery frame generation currently assumes HE support for
calculating the number of spatial streams. Add a check to reject
the configuration if the feature is enabled without enabling HE.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
"multicast_to_unicast" and "hairpin_mode" are usually set outside of
hostapd. However, DFS channel change events pull the BSS out of the
bridge causing these attributes to be lost. Make these settings tunable
within hostapd so they are retained after the BSS is brought up again.
Signed-off-by: Anthony Refuerzo <anthony96922@gmail.com>
Currently when using ACCEPT_ACL or DENY_ACL, no error is reported if
the rest of the command is unknown (e.g. 'ACCEPT_ACL FOOBAR' reports
'OK').
On the other hand, hostapd_cli makes it possible to use 'accept_acl'
and 'deny_acl' in lowercase, but the rest of the command (i.e. 'SHOW',
'ADD_MAC', 'CLEAR', etc) must be in uppercase.
As a result, the command 'accept_acl clear' could seem valid when
using hostapd_cli (as it reports 'OK'), while it actually does not do
anything (because 'clear' must be in uppercase).
To let users know whether the command really succeeded or not, report
an error when the command was not understood.
Note that this is also consistent with the way it is currently
implemented in wpa_supplicant.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Add the ability to require HE, advertising that via the
BSS membership selector as well as rejecting association
without HE.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Retrieve driver capabilities for the maximum number of interfaces for
MBSSID and the maximum allowed profile periodicity for enhanced MBSSID
advertisement.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Add configuration option 'mbssid' used to enable multiple BSSID (MBSSID)
and enhanced multiple BSSID advertisements (EMA) features.
Reject the configuration if any of the BSSes have hidden SSID enabled.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Co-developed-by: John Crispin <john@phrozen.org>
Signed-off-by: John Crispin <john@phrozen.org>
Add a testing option to delay EAPOL-Key messages 1/4 and 3/4. By setting
delay_eapol_tx=1, the actual EAPOL Tx will occur on the last possible
attempt (wpa_pairwise_update_count) thus all previous attempts will fail
on timeout which is the wanted delay.
In addition, add an hwsim test that uses this testing option to verify
that non protected Robust Action frames are dropped prior to keys
installation in MFP.
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Include the start of the next EAP method in an EAP Payload TLV in the
same message with the Crypto-Binding TLV for the previous EAP method to
get rid of one roundtrip when using more than a single EAP
authentication method within the tunnel. The previous, not optimized,
sequence can still be used with eap_teap_method_sequence=1 for more
complete testing coverage.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When using multiple BSSes on a single radio, it is sometimes desirable
to reconfigure one BSS, without disconnecting the stations already
connected to other BSSes on the same radio.
When a BSS is reconfigured using the SET command, there is no "old"
configuration we can compare to (so we cannot compare a hash of the
configuration for example).
One possible solution would be to make the current RELOAD command
reload only the current BSS. However, that could break the workflow of
existing users. Instead, introduce a new RELOAD_BSS command, which
reloads only the current BSS.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
The description of how to use radius_accept_attr did not provide the
details on how the value is set. Extend it to cover the more complete
syntax.
Signed-off-by: Morten Brørup <mb@smartsharesystems.com>
