Cumulative patch from commit 5bb7327a697108c880dd31c9e421df386c904b1a
5bb7327 Share a common helper function for restarting sched_scan
be7ebd8 wpa_supplicant: Cancel sched_scan on SELECT_NETWORK initiated scan
8b7c5b8 QCA vendor command for antenna diversity feature
61bcc85 Update ChangeLog files for v2.6
64c92c0 MBO: Do not parse reason_detail in non_pref_chan attr (AP)
4a83d4b MBO: Do not add reason_detail in non_pref_chan attr (STA)
a483c6f WNM: Add testing option to reject BSS Transition Management Request
2800ec8 MBO: Add QCA vendor option to configure driver to ignore assoc disallow
6ad37d7 MBO: Add support to ignore association disallowed set by AP
320caea Add attributes for QCA_NL80211_VENDOR_SUBCMD_LL_STATS_EXT
0df12cb IEEE P802.11ah/D10.0 PV1 CCMP test vectors
02adead Add ignore_auth_resp control interface debug parameter
ef24ad3 nl80211: Remove unnecessary duplication from nl80211_set_param()
4d584d8 nl80211: Add driver parameter force_bss_selection
04e3d81 Blacklist correct BSSID on authentication timeout
dc2744f P2P: Fix common frequencies calculation for a group
5cdd729 P2P: Fix compilation warning in p2p_supplicant.c
14220fe Flush the BSS (scan) entries when an interface becomes disabled
b223b55 doc: Remove duplicate description for -t
cee0be7 Show mode=mesh in STATUS command
0d7eba5 Define a QCA vendor command to validate encryption engine
4428194 taxonomy: Store Probe Request frames in hostapd_sta_info
04059ab Passive Client Taxonomy
5e99339 Initialize iface->sta_seen on allocation
4424aa5 P2P: Fix D-Bus persistent parameter in group started event on GO
81258ef Remove unused generation of Request Authenticator in Account-Request
ea19b39 Revert "nl80211: Remove duplicated check in nl80211_setup_ap()"
205d2d1 Fix typos in wpa_supplicant configuration parameter documentation
660103e nl80211: Use the monitor interface only without device_ap_sme support
c7f9d44 FST: Fix search for peer's "other" connection
a62dea4 Fix mistakes in definition of QCA vendor commands for indoor location
711e3ca Handle NULL return from os_zalloc() in sta_track_add()
Test: manual
Change-Id: I1d8bd5d084c3e72594004d10ceb254a2f766dfab
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog
index f266f86..30b1472 100644
--- a/hostapd/ChangeLog
+++ b/hostapd/ChangeLog
@@ -5,7 +5,7 @@
[http://w1.fi/security/2015-7/] (CVE-2015-5314)
* fixed WPS configuration update vulnerability with malformed passphrase
[http://w1.fi/security/2016-1/] (CVE-2016-4476)
- * extended channel switch support fot VHT bandwidth changes
+ * extended channel switch support for VHT bandwidth changes
* added support for configuring new ANQP-elements with
anqp_elem=<InfoID>:<hexdump of payload>
* fixed Suite B 192-bit AKM to use proper PMK length
@@ -30,6 +30,8 @@
- minimal support for PKCS #12
- support OCSP stapling (including ocsp_multi)
* added support for OpenSSL 1.1 API changes
+ - drop support for OpenSSL 0.9.8
+ - drop support for OpenSSL 1.0.0
* EAP-PEAP: support fast-connect crypto binding
* RADIUS
- fix Called-Station-Id to not escape SSID
@@ -41,18 +43,34 @@
Tunnel_password case
- update full message for interim accounting updates
- add Acct-Delay-Time into Accounting messages
+ - add require_message_authenticator configuration option to require
+ CoA/Disconnect-Request packets to be authenticated
* started to postpone WNM-Notification frame sending by 100 ms so that
the STA has some more time to configure the key before this frame is
received after the 4-way handshake
* VHT: added interoperability workaround for 80+80 and 160 MHz channels
* extended VLAN support (per-STA vif, etc.)
* fixed PMKID derivation with SAE
- * nl80211: added support for full station state operations
+ * nl80211
+ - added support for full station state operations
+ - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use
+ unencrypted EAPOL frames
* added initial MBO support; number of extensions to WNM BSS Transition
Management
* added initial functionality for location related operations
* added assocresp_elements parameter to allow vendor specific elements
to be added into (Re)Association Response frames
+ * improved Public Action frame addressing
+ - use Address 3 = wildcard BSSID in GAS response if a query from an
+ unassociated STA used that address
+ - fix TX status processing for Address 3 = wildcard BSSID
+ - add gas_address3 configuration parameter to control Address 3
+ behavior
+ * added command line parameter -i to override interface parameter in
+ hostapd.conf
+ * added command completion support to hostapd_cli
+ * added passive client taxonomy determination (CONFIG_TAXONOMY=y
+ compile option and "SIGNATURE <addr>" control interface command)
* number of small fixes
2015-09-27 - v2.5
diff --git a/hostapd/Makefile b/hostapd/Makefile
index ba094ba..46dffe5 100644
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -100,6 +100,11 @@
OBJS += ../src/drivers/drivers.o
CFLAGS += -DHOSTAPD
+ifdef CONFIG_TAXONOMY
+CFLAGS += -DCONFIG_TAXONOMY
+OBJS += ../src/ap/taxonomy.o
+endif
+
ifdef CONFIG_MODULE_TESTS
CFLAGS += -DCONFIG_MODULE_TESTS
OBJS += hapd_module_tests.o
diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index 5f3d6bd..d7db4a7 100644
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -2367,6 +2367,11 @@
} else if (os_strncmp(buf, "DISASSOCIATE ", 13) == 0) {
if (hostapd_ctrl_iface_disassociate(hapd, buf + 13))
reply_len = -1;
+#ifdef CONFIG_TAXONOMY
+ } else if (os_strncmp(buf, "SIGNATURE ", 10) == 0) {
+ reply_len = hostapd_ctrl_iface_signature(hapd, buf + 10,
+ reply, reply_size);
+#endif /* CONFIG_TAXONOMY */
} else if (os_strncmp(buf, "POLL_STA ", 9) == 0) {
if (hostapd_ctrl_iface_poll_sta(hapd, buf + 9))
reply_len = -1;
diff --git a/hostapd/defconfig b/hostapd/defconfig
index f7b60e0..4659dd1 100644
--- a/hostapd/defconfig
+++ b/hostapd/defconfig
@@ -337,3 +337,9 @@
# These extentions facilitate efficient use of multiple frequency bands
# available to the AP and the devices that may associate with it.
#CONFIG_MBO=y
+
+# Client Taxonomy
+# Has the AP retain the Probe Request and (Re)Association Request frames from
+# a client, from which a signature can be produced which can identify the model
+# of client device like "Nexus 6P" or "iPhone 5s".
+#CONFIG_TAXONOMY=y
diff --git a/hostapd/hostapd_cli.c b/hostapd/hostapd_cli.c
index 04819d1..5e62542 100644
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
@@ -366,6 +366,22 @@
}
+#ifdef CONFIG_TAXONOMY
+static int hostapd_cli_cmd_signature(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ char buf[64];
+
+ if (argc != 1) {
+ printf("Invalid 'signature' command - exactly one argument, STA address, is required.\n");
+ return -1;
+ }
+ os_snprintf(buf, sizeof(buf), "SIGNATURE %s", argv[0]);
+ return wpa_ctrl_command(ctrl, buf);
+}
+#endif /* CONFIG_TAXONOMY */
+
+
#ifdef CONFIG_IEEE80211W
static int hostapd_cli_cmd_sa_query(struct wpa_ctrl *ctrl, int argc,
char *argv[])
@@ -1271,6 +1287,10 @@
{ "disassociate", hostapd_cli_cmd_disassociate,
hostapd_complete_disassociate,
"<addr> = disassociate a station" },
+#ifdef CONFIG_TAXONOMY
+ { "signature", hostapd_cli_cmd_signature, NULL,
+ "<addr> = get taxonomy signature for a station" },
+#endif /* CONFIG_TAXONOMY */
#ifdef CONFIG_IEEE80211W
{ "sa_query", hostapd_cli_cmd_sa_query, NULL,
"<addr> = send SA Query to a station" },