Revert "[wpa_supplicant] Cumulative patch from b8491ae5a"
This reverts commit 878cf7bcbf2d7d8f08c3d060b8c5fbfcf0743eda.
Reason for revert: git_master/sdk_phone_armv7-sdk
Change-Id: I6070fc5c1f9c20867f6dfce90e529e35578d572e
diff --git a/hostapd/Android.mk b/hostapd/Android.mk
index c283754..df3542a 100644
--- a/hostapd/Android.mk
+++ b/hostapd/Android.mk
@@ -280,7 +280,6 @@
OBJS += src/common/sae.c
NEED_ECC=y
NEED_DH_GROUPS=y
-NEED_DRAGONFLY=y
endif
ifdef CONFIG_OWE
@@ -474,7 +473,6 @@
OBJS += src/eap_server/eap_server_pwd.c src/eap_common/eap_pwd_common.c
NEED_SHA256=y
NEED_ECC=y
-NEED_DRAGONFLY=y
endif
ifdef CONFIG_EAP_EKE
@@ -498,16 +496,6 @@
NEED_AES_UNWRAP=y
endif
-ifdef CONFIG_EAP_TEAP
-L_CFLAGS += -DEAP_SERVER_TEAP
-OBJS += src/eap_server/eap_server_teap.c
-OBJS += src/eap_common/eap_teap_common.c
-TLS_FUNCS=y
-NEED_T_PRF=y
-NEED_SHA384=y
-NEED_AES_UNWRAP=y
-endif
-
ifdef CONFIG_WPS
L_CFLAGS += -DCONFIG_WPS -DEAP_SERVER_WSC
OBJS += src/utils/uuid.c
@@ -618,10 +606,6 @@
L_CFLAGS += -DPKCS12_FUNCS
endif
-ifdef NEED_DRAGONFLY
-OBJS += src/common/dragonfly.c
-endif
-
ifdef MS_FUNCS
OBJS += src/crypto/ms_funcs.c
NEED_DES=y
diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog
index 327ee3b..f1366b4 100644
--- a/hostapd/ChangeLog
+++ b/hostapd/ChangeLog
@@ -1,60 +1,5 @@
ChangeLog for hostapd
-2019-04-21 - v2.8
- * SAE changes
- - added support for SAE Password Identifier
- - changed default configuration to enable only group 19
- (i.e., disable groups 20, 21, 25, 26 from default configuration) and
- disable all unsuitable groups completely based on REVmd changes
- - improved anti-clogging token mechanism and SAE authentication
- frame processing during heavy CPU load; this mitigates some issues
- with potential DoS attacks trying to flood an AP with large number
- of SAE messages
- - added Finite Cyclic Group field in status code 77 responses
- - reject use of unsuitable groups based on new implementation guidance
- in REVmd (allow only FFC groups with prime >= 3072 bits and ECC
- groups with prime >= 256)
- - minimize timing and memory use differences in PWE derivation
- [https://w1.fi/security/2019-1/] (CVE-2019-9494)
- - fixed confirm message validation in error cases
- [https://w1.fi/security/2019-3/] (CVE-2019-9496)
- * EAP-pwd changes
- - minimize timing and memory use differences in PWE derivation
- [https://w1.fi/security/2019-2/] (CVE-2019-9495)
- - verify peer scalar/element
- [https://w1.fi/security/2019-4/] (CVE-2019-9497 and CVE-2019-9498)
- - fix message reassembly issue with unexpected fragment
- [https://w1.fi/security/2019-5/]
- - enforce rand,mask generation rules more strictly
- - fix a memory leak in PWE derivation
- - disallow ECC groups with a prime under 256 bits (groups 25, 26, and
- 27)
- * Hotspot 2.0 changes
- - added support for release number 3
- - reject release 2 or newer association without PMF
- * added support for RSN operating channel validation
- (CONFIG_OCV=y and configuration parameter ocv=1)
- * added Multi-AP protocol support
- * added FTM responder configuration
- * fixed build with LibreSSL
- * added FT/RRB workaround for short Ethernet frame padding
- * fixed KEK2 derivation for FILS+FT
- * added RSSI-based association rejection from OCE
- * extended beacon reporting functionality
- * VLAN changes
- - allow local VLAN management with remote RADIUS authentication
- - add WPA/WPA2 passphrase/PSK -based VLAN assignment
- * OpenSSL: allow systemwide policies to be overridden
- * extended PEAP to derive EMSK to enable use with ERP/FILS
- * extended WPS to allow SAE configuration to be added automatically
- for PSK (wps_cred_add_sae=1)
- * fixed FT and SA Query Action frame with AP-MLME-in-driver cases
- * OWE: allow Diffie-Hellman Parameter element to be included with DPP
- in preparation for DPP protocol extension
- * RADIUS server: started to accept ERP keyName-NAI as user identity
- automatically without matching EAP database entry
- * fixed PTK rekeying with FILS and FT
-
2018-12-02 - v2.7
* fixed WPA packet number reuse with replayed messages and key
reinstallation
diff --git a/hostapd/Makefile b/hostapd/Makefile
index 2a6bd7a..6e263c5 100644
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -313,7 +313,6 @@
NEED_ECC=y
NEED_DH_GROUPS=y
NEED_AP_MLME=y
-NEED_DRAGONFLY=y
endif
ifdef CONFIG_OWE
@@ -327,11 +326,6 @@
NEED_SHA512=y
endif
-ifdef CONFIG_AIRTIME_POLICY
-CFLAGS += -DCONFIG_AIRTIME_POLICY
-OBJS += ../src/ap/airtime_policy.o
-endif
-
ifdef CONFIG_FILS
CFLAGS += -DCONFIG_FILS
OBJS += ../src/ap/fils_hlp.o
@@ -502,7 +496,6 @@
OBJS += ../src/eap_server/eap_server_pwd.o ../src/eap_common/eap_pwd_common.o
NEED_SHA256=y
NEED_ECC=y
-NEED_DRAGONFLY=y
endif
ifdef CONFIG_EAP_EKE
@@ -526,16 +519,6 @@
NEED_AES_UNWRAP=y
endif
-ifdef CONFIG_EAP_TEAP
-CFLAGS += -DEAP_SERVER_TEAP
-OBJS += ../src/eap_server/eap_server_teap.o
-OBJS += ../src/eap_common/eap_teap_common.o
-TLS_FUNCS=y
-NEED_T_PRF=y
-NEED_SHA384=y
-NEED_AES_UNWRAP=y
-endif
-
ifdef CONFIG_WPS
CFLAGS += -DCONFIG_WPS -DEAP_SERVER_WSC
OBJS += ../src/utils/uuid.o
@@ -630,15 +613,6 @@
endif
endif
-ifdef CONFIG_MACSEC
-CFLAGS += -DCONFIG_MACSEC
-OBJS += ../src/ap/wpa_auth_kay.o
-OBJS += ../src/pae/ieee802_1x_cp.o
-OBJS += ../src/pae/ieee802_1x_kay.o
-OBJS += ../src/pae/ieee802_1x_key.o
-OBJS += ../src/pae/ieee802_1x_secy_ops.o
-endif
-
# Basic EAP functionality is needed for EAPOL
OBJS += eap_register.o
OBJS += ../src/eap_server/eap_server.o
@@ -655,10 +629,6 @@
CFLAGS += -DPKCS12_FUNCS
endif
-ifdef NEED_DRAGONFLY
-OBJS += ../src/common/dragonfly.o
-endif
-
ifdef MS_FUNCS
OBJS += ../src/crypto/ms_funcs.o
NEED_DES=y
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index df41f14..42f3b40 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2313,42 +2313,6 @@
#endif /* EAP_SERVER */
-#ifdef CONFIG_AIRTIME_POLICY
-static int add_airtime_weight(struct hostapd_bss_config *bss, char *value)
-{
- struct airtime_sta_weight *wt;
- char *pos, *next;
-
- wt = os_zalloc(sizeof(*wt));
- if (!wt)
- return -1;
-
- /* 02:01:02:03:04:05 10 */
- pos = value;
- next = os_strchr(pos, ' ');
- if (next)
- *next++ = '\0';
- if (!next || hwaddr_aton(pos, wt->addr)) {
- wpa_printf(MSG_ERROR, "Invalid station address: '%s'", pos);
- os_free(wt);
- return -1;
- }
-
- pos = next;
- wt->weight = atoi(pos);
- if (!wt->weight) {
- wpa_printf(MSG_ERROR, "Invalid weight: '%s'", pos);
- os_free(wt);
- return -1;
- }
-
- wt->next = bss->airtime_weight_list;
- bss->airtime_weight_list = wt;
- return 0;
-}
-#endif /* CONFIG_AIRTIME_POLICY */
-
-
#ifdef CONFIG_SAE
static int parse_sae_password(struct hostapd_bss_config *bss, const char *val)
{
@@ -2412,36 +2376,6 @@
#endif /* CONFIG_SAE */
-#ifdef CONFIG_DPP2
-static int hostapd_dpp_controller_parse(struct hostapd_bss_config *bss,
- const char *pos)
-{
- struct dpp_controller_conf *conf;
- char *val;
-
- conf = os_zalloc(sizeof(*conf));
- if (!conf)
- return -1;
- val = get_param(pos, "ipaddr=");
- if (!val || hostapd_parse_ip_addr(val, &conf->ipaddr))
- goto fail;
- os_free(val);
- val = get_param(pos, "pkhash=");
- if (!val || os_strlen(val) != 2 * SHA256_MAC_LEN ||
- hexstr2bin(val, conf->pkhash, SHA256_MAC_LEN) < 0)
- goto fail;
- os_free(val);
- conf->next = bss->dpp_controller;
- bss->dpp_controller = conf;
- return 0;
-fail:
- os_free(val);
- os_free(conf);
- return -1;
-}
-#endif /* CONFIG_DPP2 */
-
-
static int hostapd_config_fill(struct hostapd_config *conf,
struct hostapd_bss_config *bss,
const char *buf, char *pos, int line)
@@ -2562,11 +2496,7 @@
} else if (os_strcmp(buf, "eapol_version") == 0) {
int eapol_version = atoi(pos);
-#ifdef CONFIG_MACSEC
- if (eapol_version < 1 || eapol_version > 3) {
-#else /* CONFIG_MACSEC */
if (eapol_version < 1 || eapol_version > 2) {
-#endif /* CONFIG_MACSEC */
wpa_printf(MSG_ERROR,
"Line %d: invalid EAPOL version (%d): '%s'.",
line, eapol_version, pos);
@@ -2589,21 +2519,12 @@
} else if (os_strcmp(buf, "server_cert") == 0) {
os_free(bss->server_cert);
bss->server_cert = os_strdup(pos);
- } else if (os_strcmp(buf, "server_cert2") == 0) {
- os_free(bss->server_cert2);
- bss->server_cert2 = os_strdup(pos);
} else if (os_strcmp(buf, "private_key") == 0) {
os_free(bss->private_key);
bss->private_key = os_strdup(pos);
- } else if (os_strcmp(buf, "private_key2") == 0) {
- os_free(bss->private_key2);
- bss->private_key2 = os_strdup(pos);
} else if (os_strcmp(buf, "private_key_passwd") == 0) {
os_free(bss->private_key_passwd);
bss->private_key_passwd = os_strdup(pos);
- } else if (os_strcmp(buf, "private_key_passwd2") == 0) {
- os_free(bss->private_key_passwd2);
- bss->private_key_passwd2 = os_strdup(pos);
} else if (os_strcmp(buf, "check_cert_subject") == 0) {
if (!pos[0]) {
wpa_printf(MSG_ERROR, "Line %d: unknown check_cert_subject '%s'",
@@ -2684,20 +2605,6 @@
} else if (os_strcmp(buf, "pac_key_refresh_time") == 0) {
bss->pac_key_refresh_time = atoi(pos);
#endif /* EAP_SERVER_FAST */
-#ifdef EAP_SERVER_TEAP
- } else if (os_strcmp(buf, "eap_teap_auth") == 0) {
- int val = atoi(pos);
-
- if (val < 0 || val > 1) {
- wpa_printf(MSG_ERROR,
- "Line %d: Invalid eap_teap_auth value",
- line);
- return 1;
- }
- bss->eap_teap_auth = val;
- } else if (os_strcmp(buf, "eap_teap_pac_no_inner") == 0) {
- bss->eap_teap_pac_no_inner = atoi(pos);
-#endif /* EAP_SERVER_TEAP */
#ifdef EAP_SERVER_SIM
} else if (os_strcmp(buf, "eap_sim_db") == 0) {
os_free(bss->eap_sim_db);
@@ -3535,8 +3442,6 @@
conf->he_op.he_twt_required = atoi(pos);
} else if (os_strcmp(buf, "he_rts_threshold") == 0) {
conf->he_op.he_rts_threshold = atoi(pos);
- } else if (os_strcmp(buf, "he_basic_mcs_nss_set") == 0) {
- conf->he_op.he_basic_mcs_nss_set = atoi(pos);
} else if (os_strcmp(buf, "he_mu_edca_qos_info_param_count") == 0) {
conf->he_mu_edca.he_qos_info |=
set_he_cap(atoi(pos), HE_QOS_INFO_EDCA_PARAM_SET_COUNT);
@@ -3621,20 +3526,6 @@
} else if (os_strcmp(buf, "he_mu_edca_ac_vo_timer") == 0) {
conf->he_mu_edca.he_mu_ac_vo_param[HE_MU_AC_PARAM_TIMER_IDX] =
atoi(pos) & 0xff;
- } else if (os_strcmp(buf, "he_spr_sr_control") == 0) {
- conf->spr.sr_control = atoi(pos) & 0xff;
- } else if (os_strcmp(buf, "he_spr_non_srg_obss_pd_max_offset") == 0) {
- conf->spr.non_srg_obss_pd_max_offset = atoi(pos);
- } else if (os_strcmp(buf, "he_spr_srg_obss_pd_min_offset") == 0) {
- conf->spr.srg_obss_pd_min_offset = atoi(pos);
- } else if (os_strcmp(buf, "he_spr_srg_obss_pd_max_offset") == 0) {
- conf->spr.srg_obss_pd_max_offset = atoi(pos);
- } else if (os_strcmp(buf, "he_oper_chwidth") == 0) {
- conf->he_oper_chwidth = atoi(pos);
- } else if (os_strcmp(buf, "he_oper_centr_freq_seg0_idx") == 0) {
- conf->he_oper_centr_freq_seg0_idx = atoi(pos);
- } else if (os_strcmp(buf, "he_oper_centr_freq_seg1_idx") == 0) {
- conf->he_oper_centr_freq_seg1_idx = atoi(pos);
#endif /* CONFIG_IEEE80211AX */
} else if (os_strcmp(buf, "max_listen_interval") == 0) {
bss->max_listen_interval = atoi(pos);
@@ -4407,11 +4298,6 @@
} else if (os_strcmp(buf, "dpp_csign") == 0) {
if (parse_wpabuf_hex(line, buf, &bss->dpp_csign, pos))
return 1;
-#ifdef CONFIG_DPP2
- } else if (os_strcmp(buf, "dpp_controller") == 0) {
- if (hostapd_dpp_controller_parse(bss, pos))
- return 1;
-#endif /* CONFIG_DPP2 */
#endif /* CONFIG_DPP */
#ifdef CONFIG_OWE
} else if (os_strcmp(buf, "owe_transition_bssid") == 0) {
@@ -4463,121 +4349,6 @@
conf->rssi_reject_assoc_timeout = atoi(pos);
} else if (os_strcmp(buf, "pbss") == 0) {
bss->pbss = atoi(pos);
-#ifdef CONFIG_AIRTIME_POLICY
- } else if (os_strcmp(buf, "airtime_mode") == 0) {
- int val = atoi(pos);
-
- if (val < 0 || val > AIRTIME_MODE_MAX) {
- wpa_printf(MSG_ERROR, "Line %d: Unknown airtime_mode",
- line);
- return 1;
- }
- conf->airtime_mode = val;
- } else if (os_strcmp(buf, "airtime_update_interval") == 0) {
- conf->airtime_update_interval = atoi(pos);
- } else if (os_strcmp(buf, "airtime_bss_weight") == 0) {
- bss->airtime_weight = atoi(pos);
- } else if (os_strcmp(buf, "airtime_bss_limit") == 0) {
- int val = atoi(pos);
-
- if (val < 0 || val > 1) {
- wpa_printf(MSG_ERROR,
- "Line %d: Invalid airtime_bss_limit (must be 0 or 1)",
- line);
- return 1;
- }
- bss->airtime_limit = val;
- } else if (os_strcmp(buf, "airtime_sta_weight") == 0) {
- if (add_airtime_weight(bss, pos) < 0) {
- wpa_printf(MSG_ERROR,
- "Line %d: Invalid airtime weight '%s'",
- line, pos);
- return 1;
- }
-#endif /* CONFIG_AIRTIME_POLICY */
-#ifdef CONFIG_MACSEC
- } else if (os_strcmp(buf, "macsec_policy") == 0) {
- int macsec_policy = atoi(pos);
-
- if (macsec_policy < 0 || macsec_policy > 1) {
- wpa_printf(MSG_ERROR,
- "Line %d: invalid macsec_policy (%d): '%s'.",
- line, macsec_policy, pos);
- return 1;
- }
- bss->macsec_policy = macsec_policy;
- } else if (os_strcmp(buf, "macsec_integ_only") == 0) {
- int macsec_integ_only = atoi(pos);
-
- if (macsec_integ_only < 0 || macsec_integ_only > 1) {
- wpa_printf(MSG_ERROR,
- "Line %d: invalid macsec_integ_only (%d): '%s'.",
- line, macsec_integ_only, pos);
- return 1;
- }
- bss->macsec_integ_only = macsec_integ_only;
- } else if (os_strcmp(buf, "macsec_replay_protect") == 0) {
- int macsec_replay_protect = atoi(pos);
-
- if (macsec_replay_protect < 0 || macsec_replay_protect > 1) {
- wpa_printf(MSG_ERROR,
- "Line %d: invalid macsec_replay_protect (%d): '%s'.",
- line, macsec_replay_protect, pos);
- return 1;
- }
- bss->macsec_replay_protect = macsec_replay_protect;
- } else if (os_strcmp(buf, "macsec_replay_window") == 0) {
- bss->macsec_replay_window = atoi(pos);
- } else if (os_strcmp(buf, "macsec_port") == 0) {
- int macsec_port = atoi(pos);
-
- if (macsec_port < 1 || macsec_port > 65534) {
- wpa_printf(MSG_ERROR,
- "Line %d: invalid macsec_port (%d): '%s'.",
- line, macsec_port, pos);
- return 1;
- }
- bss->macsec_port = macsec_port;
- } else if (os_strcmp(buf, "mka_priority") == 0) {
- int mka_priority = atoi(pos);
-
- if (mka_priority < 0 || mka_priority > 255) {
- wpa_printf(MSG_ERROR,
- "Line %d: invalid mka_priority (%d): '%s'.",
- line, mka_priority, pos);
- return 1;
- }
- bss->mka_priority = mka_priority;
- } else if (os_strcmp(buf, "mka_cak") == 0) {
- size_t len = os_strlen(pos);
-
- if (len > 2 * MACSEC_CAK_MAX_LEN ||
- (len != 2 * 16 && len != 2 * 32) ||
- hexstr2bin(pos, bss->mka_cak, len / 2)) {
- wpa_printf(MSG_ERROR, "Line %d: Invalid MKA-CAK '%s'.",
- line, pos);
- return 1;
- }
- bss->mka_cak_len = len / 2;
- bss->mka_psk_set |= MKA_PSK_SET_CAK;
- } else if (os_strcmp(buf, "mka_ckn") == 0) {
- size_t len = os_strlen(pos);
-
- if (len > 2 * MACSEC_CKN_MAX_LEN || /* too long */
- len < 2 || /* too short */
- len % 2 != 0 /* not an integral number of bytes */) {
- wpa_printf(MSG_ERROR, "Line %d: Invalid MKA-CKN '%s'.",
- line, pos);
- return 1;
- }
- bss->mka_ckn_len = len / 2;
- if (hexstr2bin(pos, bss->mka_ckn, bss->mka_ckn_len)) {
- wpa_printf(MSG_ERROR, "Line %d: Invalid MKA-CKN '%s'.",
- line, pos);
- return -1;
- }
- bss->mka_psk_set |= MKA_PSK_SET_CKN;
-#endif /* CONFIG_MACSEC */
} else {
wpa_printf(MSG_ERROR,
"Line %d: unknown configuration item '%s'",
diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index 0f6dfa1..e4b16e6 100644
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -1830,40 +1830,26 @@
struct iphdr ip;
const u8 *pos;
unsigned int i;
- char extra[30];
- if (len < sizeof(*eth) + sizeof(ip) || len > HWSIM_PACKETLEN) {
- wpa_printf(MSG_DEBUG,
- "test data: RX - ignore unexpected length %d",
- (int) len);
+ if (len != HWSIM_PACKETLEN)
return;
- }
eth = (const struct ether_header *) buf;
os_memcpy(&ip, eth + 1, sizeof(ip));
pos = &buf[sizeof(*eth) + sizeof(ip)];
if (ip.ihl != 5 || ip.version != 4 ||
- ntohs(ip.tot_len) > HWSIM_IP_LEN) {
- wpa_printf(MSG_DEBUG,
- "test data: RX - ignore unexpect IP header");
+ ntohs(ip.tot_len) != HWSIM_IP_LEN)
return;
- }
- for (i = 0; i < ntohs(ip.tot_len) - sizeof(ip); i++) {
- if (*pos != (u8) i) {
- wpa_printf(MSG_DEBUG,
- "test data: RX - ignore mismatching payload");
+ for (i = 0; i < HWSIM_IP_LEN - sizeof(ip); i++) {
+ if (*pos != (u8) i)
return;
- }
pos++;
}
- extra[0] = '\0';
- if (ntohs(ip.tot_len) != HWSIM_IP_LEN)
- os_snprintf(extra, sizeof(extra), " len=%d", ntohs(ip.tot_len));
- wpa_msg(hapd->msg_ctx, MSG_INFO, "DATA-TEST-RX " MACSTR " " MACSTR "%s",
- MAC2STR(eth->ether_dhost), MAC2STR(eth->ether_shost), extra);
+ wpa_msg(hapd->msg_ctx, MSG_INFO, "DATA-TEST-RX " MACSTR " " MACSTR,
+ MAC2STR(eth->ether_dhost), MAC2STR(eth->ether_shost));
}
@@ -1908,7 +1894,7 @@
static int hostapd_ctrl_iface_data_test_tx(struct hostapd_data *hapd, char *cmd)
{
u8 dst[ETH_ALEN], src[ETH_ALEN];
- char *pos, *pos2;
+ char *pos;
int used;
long int val;
u8 tos;
@@ -1917,12 +1903,11 @@
struct iphdr *ip;
u8 *dpos;
unsigned int i;
- size_t send_len = HWSIM_IP_LEN;
if (hapd->l2_test == NULL)
return -1;
- /* format: <dst> <src> <tos> [len=<length>] */
+ /* format: <dst> <src> <tos> */
pos = cmd;
used = hwaddr_aton2(pos, dst);
@@ -1936,19 +1921,11 @@
return -1;
pos += used;
- val = strtol(pos, &pos2, 0);
+ val = strtol(pos, NULL, 0);
if (val < 0 || val > 0xff)
return -1;
tos = val;
- pos = os_strstr(pos2, " len=");
- if (pos) {
- i = atoi(pos + 5);
- if (i < sizeof(*ip) || i > HWSIM_IP_LEN)
- return -1;
- send_len = i;
- }
-
eth = (struct ether_header *) &buf[2];
os_memcpy(eth->ether_dhost, dst, ETH_ALEN);
os_memcpy(eth->ether_shost, src, ETH_ALEN);
@@ -1959,17 +1936,17 @@
ip->version = 4;
ip->ttl = 64;
ip->tos = tos;
- ip->tot_len = htons(send_len);
+ ip->tot_len = htons(HWSIM_IP_LEN);
ip->protocol = 1;
ip->saddr = htonl(192U << 24 | 168 << 16 | 1 << 8 | 1);
ip->daddr = htonl(192U << 24 | 168 << 16 | 1 << 8 | 2);
ip->check = ipv4_hdr_checksum(ip, sizeof(*ip));
dpos = (u8 *) (ip + 1);
- for (i = 0; i < send_len - sizeof(*ip); i++)
+ for (i = 0; i < HWSIM_IP_LEN - sizeof(*ip); i++)
*dpos++ = i;
if (l2_packet_send(hapd->l2_test, dst, ETHERTYPE_IP, &buf[2],
- sizeof(struct ether_header) + send_len) < 0)
+ HWSIM_PACKETLEN) < 0)
return -1;
wpa_dbg(hapd->msg_ctx, MSG_DEBUG, "test data: TX dst=" MACSTR
diff --git a/hostapd/defconfig b/hostapd/defconfig
index 01871c9..ea5e2c9 100644
--- a/hostapd/defconfig
+++ b/hostapd/defconfig
@@ -108,18 +108,11 @@
#CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
+# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
+# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
+# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
#CONFIG_EAP_FAST=y
-# EAP-TEAP for the integrated EAP server
-# Note: The current EAP-TEAP implementation is experimental and should not be
-# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
-# of conflicting statements and missing details and the implementation has
-# vendor specific workarounds for those and as such, may not interoperate with
-# any other implementation. This should not be used for anything else than
-# experimentation and interoperability testing until those issues has been
-# resolved.
-#CONFIG_EAP_TEAP=y
-
# Wi-Fi Protected Setup (WPS)
#CONFIG_WPS=y
# Enable UPnP support for external WPS Registrars
@@ -383,9 +376,6 @@
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
-# Airtime policy support
-#CONFIG_AIRTIME_POLICY=y
-
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
diff --git a/hostapd/eap_register.c b/hostapd/eap_register.c
index 3e870c7..8477c21 100644
--- a/hostapd/eap_register.c
+++ b/hostapd/eap_register.c
@@ -121,11 +121,6 @@
ret = eap_server_fast_register();
#endif /* EAP_SERVER_FAST */
-#ifdef EAP_SERVER_TEAP
- if (ret == 0)
- ret = eap_server_teap_register();
-#endif /* EAP_SERVER_TEAP */
-
#ifdef EAP_SERVER_WSC
if (ret == 0)
ret = eap_server_wsc_register();
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index f2d5873..f8caa56 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -782,8 +782,10 @@
# 1 = supported
#he_mu_beamformer=1
-# he_bss_color: BSS color (1-63)
-#he_bss_color=1
+# he_bss_color: BSS color
+# 0 = no BSS color (default)
+# unsigned integer = BSS color
+#he_bss_color=0
#he_default_pe_duration: The duration of PE field in an HE PPDU in us
# Possible values are 0 us (default), 4 us, 8 us, 12 us, and 16 us
@@ -799,17 +801,6 @@
# unsigned integer = duration in units of 16 us
#he_rts_threshold=0
-# HE operating channel information; see matching vht_* parameters for details.
-#he_oper_chwidth
-#he_oper_centr_freq_seg0_idx
-#he_oper_centr_freq_seg1_idx
-
-#he_basic_mcs_nss_set: Basic NSS/MCS set
-# 16-bit combination of 2-bit values of Max HE-MCS For 1..8 SS; each 2-bit
-# value having following meaning:
-# 0 = HE-MCS 0-7, 1 = HE-MCS 0-9, 2 = HE-MCS 0-11, 3 = not supported
-#he_basic_mcs_nss_set
-
#he_mu_edca_qos_info_param_count
#he_mu_edca_qos_info_q_ack
#he_mu_edca_qos_info_queue_request=1
@@ -834,12 +825,6 @@
#he_mu_edca_ac_vo_ecwmax=15
#he_mu_edca_ac_vo_timer=255
-# Spatial Reuse Parameter Set
-#he_spr_sr_control
-#he_spr_non_srg_obss_pd_max_offset
-#he_spr_srg_obss_pd_min_offset
-#he_spr_srg_obss_pd_max_offset
-
##### IEEE 802.1X-2004 related configuration ##################################
# Require IEEE 802.1X authorization
@@ -851,8 +836,6 @@
# the new version number correctly (they seem to drop the frames completely).
# In order to make hostapd interoperate with these clients, the version number
# can be set to the older version (1) with this configuration value.
-# Note: When using MACsec, eapol_version shall be set to 3, which is
-# defined in IEEE Std 802.1X-2010.
#eapol_version=2
# Optional displayable message sent with EAP Request-Identity. The first \0
@@ -896,54 +879,6 @@
# ERP is enabled (eap_server_erp=1).
#erp_domain=example.com
-##### MACsec ##################################################################
-
-# macsec_policy: IEEE 802.1X/MACsec options
-# This determines how sessions are secured with MACsec (only for MACsec
-# drivers).
-# 0: MACsec not in use (default)
-# 1: MACsec enabled - Should secure, accept key server's advice to
-# determine whether to use a secure session or not.
-#
-# macsec_integ_only: IEEE 802.1X/MACsec transmit mode
-# This setting applies only when MACsec is in use, i.e.,
-# - macsec_policy is enabled
-# - the key server has decided to enable MACsec
-# 0: Encrypt traffic (default)
-# 1: Integrity only
-#
-# macsec_replay_protect: IEEE 802.1X/MACsec replay protection
-# This setting applies only when MACsec is in use, i.e.,
-# - macsec_policy is enabled
-# - the key server has decided to enable MACsec
-# 0: Replay protection disabled (default)
-# 1: Replay protection enabled
-#
-# macsec_replay_window: IEEE 802.1X/MACsec replay protection window
-# This determines a window in which replay is tolerated, to allow receipt
-# of frames that have been misordered by the network.
-# This setting applies only when MACsec replay protection active, i.e.,
-# - macsec_replay_protect is enabled
-# - the key server has decided to enable MACsec
-# 0: No replay window, strict check (default)
-# 1..2^32-1: number of packets that could be misordered
-#
-# macsec_port: IEEE 802.1X/MACsec port
-# Port component of the SCI
-# Range: 1-65534 (default: 1)
-#
-# mka_priority (Priority of MKA Actor)
-# Range: 0..255 (default: 255)
-#
-# mka_cak, mka_ckn, and mka_priority: IEEE 802.1X/MACsec pre-shared key mode
-# This allows to configure MACsec with a pre-shared key using a (CAK,CKN) pair.
-# In this mode, instances of hostapd can act as MACsec peers. The peer
-# with lower priority will become the key server and start distributing SAKs.
-# mka_cak (CAK = Secure Connectivity Association Key) takes a 16-byte (128-bit)
-# hex-string (32 hex-digits) or a 32-byte (256-bit) hex-string (64 hex-digits)
-# mka_ckn (CKN = CAK Name) takes a 1..32-bytes (8..256 bit) hex-string
-# (2..64 hex-digits)
-
##### Integrated EAP server ###################################################
# Optionally, hostapd can be configured to use an integrated EAP server
@@ -977,23 +912,6 @@
# Passphrase for private key
#private_key_passwd=secret passphrase
-# An alternative server certificate and private key can be configured with the
-# following parameters (with values just like the parameters above without the
-# '2' suffix). The ca_cert file (in PEM encoding) is used to add the trust roots
-# for both server certificates and/or client certificates).
-#
-# The main use case for this alternative server certificate configuration is to
-# enable both RSA and ECC public keys. The server will pick which one to use
-# based on the client preferences for the cipher suite (in the TLS ClientHello
-# message). It should be noted that number of deployed EAP peer implementations
-# do not filter out the cipher suite list based on their local configuration and
-# as such, configuration of alternative types of certificates on the server may
-# result in interoperability issues.
-#server_cert2=/etc/hostapd.server-ecc.pem
-#private_key2=/etc/hostapd.server-ecc.prv
-#private_key_passwd2=secret passphrase
-
-
# Server identity
# EAP methods that provide mechanism for authenticated server identity delivery
# use this value. If not set, "hostapd" is used as a default.
@@ -1191,16 +1109,6 @@
# (or fewer) of the lifetime remains.
#pac_key_refresh_time=86400
-# EAP-TEAP authentication type
-# 0 = inner EAP (default)
-# 1 = Basic-Password-Auth
-#eap_teap_auth=0
-
-# EAP-TEAP authentication behavior when using PAC
-# 0 = perform inner authentication (default)
-# 1 = skip inner authentication (inner EAP/Basic-Password-Auth)
-#eap_teap_pac_no_inner=0
-
# EAP-SIM and EAP-AKA protected success/failure indication using AT_RESULT_IND
# (default: 0 = disabled).
#eap_sim_aka_result_ind=1
@@ -2584,42 +2492,6 @@
# that allows sending of such data. Default: 0.
#stationary_ap=0
-##### Airtime policy configuration ###########################################
-
-# Set the airtime policy operating mode:
-# 0 = disabled (default)
-# 1 = static config
-# 2 = per-BSS dynamic config
-# 3 = per-BSS limit mode
-#airtime_mode=0
-
-# Interval (in milliseconds) to poll the kernel for updated station activity in
-# dynamic and limit modes
-#airtime_update_interval=200
-
-# Static configuration of station weights (when airtime_mode=1). Kernel default
-# weight is 256; set higher for larger airtime share, lower for smaller share.
-# Each entry is a MAC address followed by a weight.
-#airtime_sta_weight=02:01:02:03:04:05 256
-#airtime_sta_weight=02:01:02:03:04:06 512
-
-# Per-BSS airtime weight. In multi-BSS mode, set for each BSS and hostapd will
-# configure station weights to enforce the correct ratio between BSS weights
-# depending on the number of active stations. The *ratios* between different
-# BSSes is what's important, not the absolute numbers.
-# Must be set for all BSSes if airtime_mode=2 or 3, has no effect otherwise.
-#airtime_bss_weight=1
-
-# Whether the current BSS should be limited (when airtime_mode=3).
-#
-# If set, the BSS weight ratio will be applied in the case where the current BSS
-# would exceed the share defined by the BSS weight ratio. E.g., if two BSSes are
-# set to the same weights, and one is set to limited, the limited BSS will get
-# no more than half the available airtime, but if the non-limited BSS has more
-# stations active, that *will* be allowed to exceed its half of the available
-# airtime.
-#airtime_bss_limit=1
-
##### TESTING OPTIONS #########################################################
#
# The options in this section are only available when the build configuration
diff --git a/hostapd/hostapd_cli.c b/hostapd/hostapd_cli.c
index 0460243..23c592a 100644
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
@@ -1214,13 +1214,6 @@
}
-static int hostapd_cli_cmd_update_beacon(struct wpa_ctrl *ctrl, int argc,
- char *argv[])
-{
- return wpa_ctrl_command(ctrl, "UPDATE_BEACON");
-}
-
-
static int hostapd_cli_cmd_vendor(struct wpa_ctrl *ctrl, int argc, char *argv[])
{
char cmd[256];
@@ -1624,8 +1617,6 @@
"= reload configuration for current interface" },
{ "disable", hostapd_cli_cmd_disable, NULL,
"= disable hostapd on current interface" },
- { "update_beacon", hostapd_cli_cmd_update_beacon, NULL,
- "= update Beacon frame contents\n"},
{ "erp_flush", hostapd_cli_cmd_erp_flush, NULL,
"= drop all ERP keys"},
{ "log_level", hostapd_cli_cmd_log_level, NULL,
diff --git a/hostapd/main.c b/hostapd/main.c
index 11a1515..b9df584 100644
--- a/hostapd/main.c
+++ b/hostapd/main.c
@@ -655,9 +655,6 @@
int start_ifaces_in_sync = 0;
char **if_names = NULL;
size_t if_names_size = 0;
-#ifdef CONFIG_DPP
- struct dpp_global_config dpp_conf;
-#endif /* CONFIG_DPP */
if (os_program_init())
return -1;
@@ -677,9 +674,7 @@
dl_list_init(&interfaces.eth_p_oui);
#endif /* CONFIG_ETH_P_OUI */
#ifdef CONFIG_DPP
- os_memset(&dpp_conf, 0, sizeof(dpp_conf));
- /* TODO: dpp_conf.msg_ctx? */
- interfaces.dpp = dpp_global_init(&dpp_conf);
+ interfaces.dpp = dpp_global_init();
if (!interfaces.dpp)
return -1;
#endif /* CONFIG_DPP */