Rajkumar Manoharan | 27 Feb 17:49 2015

[PATCH] hostapd: Disable VHT caps for STAs when no valid VHT MCS set

Disable VHT caps for STAs for which there is not even a single
allowed MCS in any supported number of streams. i.e STA is
advertising 3 (not supported) as VHT MCS rates for all supported
streams.

Signed-off-by: Rajkumar Manoharan <rmanohar <at> qti.qualcomm.com>
---
 src/ap/ieee802_11_vht.c | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/src/ap/ieee802_11_vht.c b/src/ap/ieee802_11_vht.c
index 159693f..fc84ade 100644
--- a/src/ap/ieee802_11_vht.c
+++ b/src/ap/ieee802_11_vht.c
 <at>  <at>  -93,6 +93,11  <at>  <at>  u8 * hostapd_eid_vht_operation(struct hostapd_data *hapd, u8 *eid)
 u16 copy_sta_vht_capab(struct hostapd_data *hapd, struct sta_info *sta,
 		       const u8 *vht_capab, size_t vht_capab_len)
 {
+	struct hostapd_hw_modes *mode = hapd->iface->current_mode;
+	struct ieee80211_vht_capabilities *vht_cap, ap_vht_cap;
+	u16 sta_rx_mcs_set, ap_tx_mcs_set;
+	int i, valid_mcs = 0;
+
 	/* Disable VHT caps for STAs associated to no-VHT BSSes. */
 	if (!vht_capab ||
 	    vht_capab_len < sizeof(struct ieee80211_vht_capabilities) ||
 <at>  <at>  -103,6 +108,35  <at>  <at>  u16 copy_sta_vht_capab(struct hostapd_data *hapd, struct sta_info *sta,
 		return WLAN_STATUS_SUCCESS;
 	}

(Continue reading)

Bartlomiej Grzeskowiak | 26 Feb 15:55 2015
Picon

ap_scan=1 is not stored after calling "wpa_cli save"

Hi, 
I have following test scenario:

1. Start wpa_supplicant with wpa_supplicant.conf file:
#cat /etc/wlan/wpa_supplicant.conf
ctrl_interface=/var/run/wpa_supplicant
ap_scan=1
update_config=1
2. #wpa_cli save 
3. #cat /mnt/persistence/network/wpa_supplicant.conf 
ctrl_interface=/var/run/wpa_supplicant
update_config=1

wpa_supplicant v2.3
Copyright (c) 2003-2014, Jouni Malinen <j <at> w1.fi> and contributors

Is it correct behavior ?

BR
Bartlomiej Grzeskowiak
_______________________________________________
HostAP mailing list
HostAP <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
Sourav | 26 Feb 07:28 2015

wpa supplicant auto roaming

Is auto roaming currently supported by wpa_supplicant .....if so then 
what is the logic that it follows for roaming from one AP to another?
Also is roaming between 2 APs with different SSIDs supported? Can you 
point me to the code where auto roaming is implemented in wpa_supplicant 
codebase?

--

-- 
Warm Regards,
Sourav

______________________________________________________________________
This communication contains information which may be confidential or privileged. The information is
intended solely for the use of the individual or entity named above.  If you are not the intended recipient,
be aware that any disclosure, copying, distribution or use of the contents of this information is
prohibited.  If you have received this communication in error, please notify me by telephone immediately.
______________________________________________________________________
Petros Aggelatos | 25 Feb 21:13 2015
Picon

Driver support for RTL8188{C,CU,CUS} wifi chips

Hi,

I have an Edimax wifi adapter which uses the RTL8188CU chipset but it doesn't work in AP mode with the current hostapd/wpa_supplicant.

This is the error I'm getting:

nl80211: Driver does not support authentication/association or connect commands
nl80211: Remove monitor interface: refcount=0
netlink: Operstate: ifindex=4 linkmode=0 (kernel-control), operstate=6 (IF_OPER_UP)
nl80211: Set mode ifindex 4 iftype 2 (STATION)
nl80211: Failed to set interface 4 to mode 2: -19 (No such device)
nl80211 driver initialization failed.

After looking around it turns out Realtek had once released a modified hostapd (back in version 0.8.0) that indeed makes the chipset work. I also found a Github repo of just the patches modified to work with modern versions of hostapd [1].

My question is if accepting these patches upstream is something that you want. I'm currently trying to make them work with the latest git tree because I need it for a project I work on and it would be really nice if this chipset was supported out of the box.

What do you think?

Best regards,
Petros Angelatos

_______________________________________________
HostAP mailing list
HostAP <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
Sarah Thomas | 25 Feb 08:07 2015
Picon

EAP methods list

Hi,

 I would like to know where I can find the list of all EAP methods present.

I found the below list of EAP methods. But in the list i dont see, EAP_IKEv2 , EAP-EKE, EAP-PWD. Is  there a link/RFC , where all of them are listed?

Does IKev2 , EKE, PWD from the hostapd implementation map to something in the below list?

1. Identity
2 Notification
3 NAK
4 MD5-Challenge
5 OTP
6 GTC
9 RSA Public Key Authentication
10 DSS Unilateral
11 KEA
12 KEA-VALIDATE
13 EAP-TLS
14 Defender Token (AXENT)
15 RSA Security SecureID EAP
16 Arcot Systems EAP
17 EAP-Cisco Wireless
18 GSM Subscriber Identity Modules (EAP-SIM)
19 SRP-SHA1
21 EAP-TTLS
22 Remote Access Service
23 EAP-AKA Authentication
24 EAP-3Com Wireless
25 PEAP
26 MS-EAP-Authentication
27 Mutual Authentication w/Key Exchange (MAKE)
28 CRYPTOCard
29 EAP-MSCHAP-V2
30 DynamID
31 Rob EAP
32 Protected One-Time Password
33 MS-Authentication-TLV
34 SentriNET
35 EAP-Actiontec Wireless
36 Cogent Systems Biometrics Authentication EAP
37 AirFortress EAP
38 EAP-HTTP Digest
39 SecureSuite EAP
40 DeviceConnect EAP
41 EAP-SPEKE
42 EAP-MOBAC
43 EAP-FAST [RFC4851]
44 ZoneLabs EAP (ZLXEAP)
45 EAP-Link
46 EAP-PAX
47 EAP-PSK
48 EAP-SAKE
254 Expanded Types
255 Experimental use

Thanks,
Sarah.
_______________________________________________
HostAP mailing list
HostAP <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
Ranadeep B | 24 Feb 10:58 2015
Picon

Apple devices having problem connecting to hostapd hotspot

Log from hostapd's stdout : 

root <at> arm:/home/ubuntu# hostapd -t /etc/hostapd/sampleconf.conf
1423567840.173144: Configuration file: /etc/hostapd/sampleconf.conf
1423567840.202746: Using interface wlan0 with hwaddr 00:13:ef:70:2e:cf and ssid "HUB234"
1423567840.353574: random: Cannot read from /dev/random: Resource temporarily unavailable
1423567840.355572: random: Only 0/20 bytes of strong random data available from /dev/random
1423567840.356901: random: Not enough entropy pool available for secure operations
1423567840.358385: WPA: Not enough entropy in random pool for secure operations - update keys later when the first station connects
1423567840.404354: wlan0: interface state UNINITIALIZED->ENABLED
1423567840.406378: wlan0: AP-ENABLED
1423567849.897591: 1423567849.897622: wlan0: STA 2c:f0:ee:1a:e5:5a IEEE 802.11: authenticated
1423567849.906751: 1423567849.906783: wlan0: STA 2c:f0:ee:1a:e5:5a IEEE 802.11: associated (aid 1)
1423567849.919651: random: Cannot read from /dev/random: Resource temporarily unavailable
1423567849.923317: random: Only 0/20 bytes of strong random data available from /dev/random
1423567849.925632: random: Not enough entropy pool available for secure operations
1423567849.926074: WPA: Not enough entropy in random pool to proceed - reject first 4-way handshake
1423567850.375713: 1423567850.375743: wlan0: STA 2c:f0:ee:1a:e5:5a IEEE 802.11: authenticated
1423567850.388893: 1423567850.388923: wlan0: STA 2c:f0:ee:1a:e5:5a IEEE 802.11: associated (aid 1)
1423567850.400293: random: Cannot read from /dev/random: Resource temporarily unavailable
1423567850.404228: random: Only 0/20 bytes of strong random data available from /dev/random
1423567850.406103: random: Not enough entropy pool available for secure operations
1423567850.406540: WPA: Not enough entropy in random pool to proceed - reject first 4-way handshake
1423567853.987188: 1423567853.987219: wlan0: STA 2c:f0:ee:1a:e5:5a IEEE 802.11: authenticated
1423567853.995932: 1423567853.995961: wlan0: STA 2c:f0:ee:1a:e5:5a IEEE 802.11: associated (aid 1)
1423567854.007381: random: Cannot read from /dev/random: Resource temporarily unavailable
1423567854.010972: random: Only 0/20 bytes of strong random data available from /dev/random
1423567854.012770: random: Allow operation to proceed based on internal entropy
1423567854.080908: wlan0: AP-STA-CONNECTED 2c:f0:ee:1a:e5:5a
1423567854.085798: 1423567854.085830: wlan0: STA 2c:f0:ee:1a:e5:5a RADIUS: starting accounting session 54D9EBE0-00000000
1423567854.091264: 1423567854.091298: wlan0: STA 2c:f0:ee:1a:e5:5a WPA: pairwise key handshake completed (RSN)
1423567856.703080: wlan0: AP-STA-DISCONNECTED 2c:f0:ee:1a:e5:5a
1423567856.706900: 1423567856.706930: wlan0: STA 2c:f0:ee:1a:e5:5a IEEE 802.11: disassociated
1423567857.716982: 1423567857.717014: wlan0: STA 2c:f0:ee:1a:e5:5a IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
1423567864.330095: 1423567864.330125: wlan0: STA 2c:f0:ee:1a:e5:5a IEEE 802.11: authenticated
1423567864.340560: 1423567864.340590: wlan0: STA 2c:f0:ee:1a:e5:5a IEEE 802.11: associated (aid 1)
1423567864.381004: wlan0: AP-STA-CONNECTED 2c:f0:ee:1a:e5:5a
1423567864.385871: 1423567864.385902: wlan0: STA 2c:f0:ee:1a:e5:5a RADIUS: starting accounting session 54D9EBE0-00000001
1423567864.391197: 1423567864.391227: wlan0: STA 2c:f0:ee:1a:e5:5a WPA: pairwise key handshake completed (RSN)
1423567866.714049: wlan0: AP-STA-DISCONNECTED 2c:f0:ee:1a:e5:5a
1423567866.717722: 1423567866.717753: wlan0: STA 2c:f0:ee:1a:e5:5a IEEE 802.11: disassociated
1423567867.725936: 1423567867.725969: wlan0: STA 2c:f0:ee:1a:e5:5a IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)

And the config i am using is :

interface=wlan0
driver=nl80211
ssid=HUB234
hw_mode=g
channel=1
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=12345678
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
disassoc_low_ack=0

Android Wifi clients, wifi dongles, windows systems dont have any problem connecting to the hotspot but only the apple devices have . I even tried setting disassoc_low_ack=0 but it doesnt seem to work .
_______________________________________________
HostAP mailing list
HostAP <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
Mike Gerow | 22 Feb 01:37 2015
Picon

[PATCH] Treat pkcs11 TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED as a transient failure.

This can get returned by modules that simply aren't ready yet, so just throwing
away the pkcs11 pin doesn't really make sense.

This also addresses a problem where an error condition isn't communicated to the
caller appropriately in this specific case.
---
 src/eap_peer/eap_tls_common.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index 8710781..78f33c2 100644
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
 <at>  <at>  -198,12 +198,12  <at>  <at>  static int eap_tls_init_connection(struct eap_sm *sm,
 	res = tls_connection_set_params(data->ssl_ctx, data->conn, params);
 	if (res == TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED) {
 		/*
-		 * At this point with the pkcs11 engine the PIN might be wrong.
-		 * We reset the PIN in the configuration to be sure to not use
-		 * it again and the calling function must request a new one.
+		 * This generally means whatever we're talking to through
+		 * PKCS#11 simply isn't ready and should be treated as a
+		 * transient failure.
 		 */
-		os_free(config->pin);
-		config->pin = NULL;
+		sm->ignore = TRUE;
+		return -1;
 	} else if (res == TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED) {
 		wpa_printf(MSG_INFO, "TLS: Failed to load private key");
 		/*
--

-- 
2.2.0.rc0.207.ga3a616c
Jouni Malinen | 21 Feb 15:47 2015
Picon

Re: [PATCH v4 2/2] hwsim tests: add test to check disconnect in powersave

On Fri, Jan 09, 2015 at 07:55:45PM +0100, Johannes Berg wrote:
> The kernel had two bugs (one in hwsim and one more important
> one in mac80211) in this area, add a test to make sure we can
> disconnect without any kernel issues while in powersave.
> 
> Also make sure that the TIM bit gets set and cleared again
> (by checking with tshark.)

Thanks, applied.

--

-- 
Jouni Malinen                                            PGP id EFC895FA
Sarah Thomas | 20 Feb 12:05 2015
Picon

Preferred EAP method for wired set up

Hi,

 Which is a good EAP method to be used for Wired set up? This is considering using 802.1x inside automotive.

So, its going to be local authentication at the switch. Deployment of certificates and validating the certificate might also be difficult because of connectivity issue with outside world.

In this scenario, which of the 40 EAP methods would be suggested?

Thanks,
Sarah.
_______________________________________________
HostAP mailing list
HostAP <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
Janusz Dziedzic | 19 Feb 07:15 2015

[PATCH 1/4] ibss: add fixed freq ssid param

Add fixed freq param and pass to driver.
After we will set this flag, IBSS should not try
to look for other networks on different channels.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic <at> tieto.com>
---
 src/drivers/driver.h            | 7 +++++++
 src/drivers/driver_nl80211.c    | 6 ++++++
 wpa_supplicant/config.c         | 1 +
 wpa_supplicant/config_ssid.h    | 5 +++++
 wpa_supplicant/wpa_supplicant.c | 1 +
 5 files changed, 20 insertions(+)

diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index c9e860f..6d0d6f3 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
 <at>  <at>  -767,6 +767,13  <at>  <at>  struct wpa_driver_associate_params {
 	int fixed_bssid;

 	/**
+	 * fixed_freq - fix control channel in IBSS mode
+	 * 1 = fix control channel
+	 * 0 = don't fix control channel
+	 */
+	int fixed_freq;
+
+	/**
 	 * disable_ht - Disable HT (IEEE 802.11n) for this connection
 	 */
 	int disable_ht;
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 9d93cc9..396fdd9 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
 <at>  <at>  -4374,6 +4374,12  <at>  <at>  retry:
 			goto fail;
 	}

+	if (params->fixed_freq) {
+		wpa_printf(MSG_DEBUG, "  * fixed_freq");
+		if (nla_put_flag(msg, NL80211_ATTR_FREQ_FIXED))
+			goto fail;
+	}
+
 	if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
 	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
 	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index ea633a6..4dc7a8d 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
 <at>  <at>  -1896,6 +1896,7  <at>  <at>  static const struct parse_data ssid_fields[] = {
 	{ INT_RANGE(peerkey, 0, 1) },
 	{ INT_RANGE(mixed_cell, 0, 1) },
 	{ INT_RANGE(frequency, 0, 65000) },
+	{ INT_RANGE(fixed_freq, 0, 1) },
 #ifdef CONFIG_MESH
 	{ FUNC(mesh_basic_rates) },
 	{ INT(dot11MeshMaxRetries) },
diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index f744895..9e68525 100644
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
 <at>  <at>  -420,6 +420,11  <at>  <at>  struct wpa_ssid {
 	int frequency;

 	/**
+	 * fixed_freq - use fixed frequency for IBSS
+	 */
+	int fixed_freq;
+
+	/**
 	 * mesh_basic_rates - BSS Basic rate set for mesh network
 	 *
 	 */
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 5f67e55..2a0bf39 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
 <at>  <at>  -2122,6 +2122,7  <at>  <at>  static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
 		ibss_mesh_setup_freq(wpa_s, ssid, &params.freq);

 	if (ssid->mode == WPAS_MODE_IBSS) {
+		params.fixed_freq = ssid->fixed_freq;
 		if (ssid->beacon_int)
 			params.beacon_int = ssid->beacon_int;
 		else
--

-- 
1.9.1
r.sperling | 18 Feb 16:35 2015
Picon

wpa_supplicant: Work around Linux packet socket regression


Hi,

I've been taking a closer look at the workaround for WDS interfaces in a
bridge that respects RFC2863 operational states and found an issue with
this patch. The problem is that the workaround gets disabled by EAPOLs
forwarded by the linux bridge while the interface is not in dormant state.
This is primary the case during group rekeying. In addition, there is a
possible race condition until the netdevice entirely arrived in dormant
state and the first reception of an EAPOL of the 4-way handshake by the
kernel/supplicant. This may happen e.g. in loaded condition if the WLAN
driver has already connected to the AP but the dormant state is yet not
fully set. Hence, in both cases the workaround gets disabled although it is
still needed later on e.g. in case of a reconnection.

This faulty deactivation of the workaround may be prevented by additionally
checking the the current interface status flags for dormant state. Only if
the latter one is really set the workaround should be disabled.

Nevertheless, as already discussed on the list, this workaround is not a
really nice one including possible drawbacks like performance regression.
Hence I would like to add two other solutions as basis for discussion.

1. Most of the WLAN drivers stop all traffic if the connection is not
authorized. In addition, with older kernel version the dormant state was
ignored anyway. So we could completely remove setting dormant state in the
supplicant for the drivers.
2. If we stay with the workaround we can also consider just to enabled it
if the devices is currently in dormant state. As a result, there would be
not influence if the connection is successfully established.

Best regards and looking forward to your comments,
Robert Sperling

Gmane