| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Small parts of code for this feature were already present but unused.
A node becomes inactive after not sending or receiving a frame within
5 minutes. Inactive cached nodes (not authenticated or associated) are
automatically cleared from the cache once every hour, making room for
new nodes. If the node cache is full and room must be made for a new node,
clean either a cached node (active or inactive), or an inactive
authenticated or associated node.
Also, do not send de-auth frames to nodes which never authenticated,
and only send a de-auth frame once for a given node.
This part was contributed by Steven Chamberlain, thanks!
Tested by myself, krw@, edd@, Steven Chamberlain, and Markus Schatzl.
ok deraadt@
|
| |
|
|
|
|
| |
of defining it unconditionnaly.
although the HT code is not ready yet, making it compile on
GENERIC kernels will help catch regressions/bugs if any.
|
| |
|
|
|
| |
the SA Query Transaction Identifier field is now a 16-bit non-negative
counter value instead of a 128-bit random value.
|
| |
|
|
|
|
|
|
|
|
| |
Maintain state for both originator and recipient roles separately.
Do not allocate receive reordering buffer in addba_request().
Test the "initiator" bit in incoming DELBA frames and set it appropriately
in outgoing DELBA frames.
Separate callbacks for Tx/Rx too.
no binary change since all this is #ifdef'ed out.
|
| |
|
|
|
| |
instead of resorting to horrid hacks/casts.
Restore the ieee80211_node structure back to its original state.
|
| |
|
|
|
|
|
| |
this way we can avoid putting a full node structure (which is huge)
on the stack in ieee80211_find_node().
this is a bit tricky but the RB_FIND macro wants an "elem" structure,
not a field of "elem".
|
| |
|
|
|
|
|
| |
this reduces memory footprint and avoids a stack usage warning in
ieee80211_find_node() that breaks amd64 build.
pointed out by landry@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- implement A-MPDU frames buffering and reordering
- implement A-MSDU decapsulation
- process/send ADDBA Request, ADDBA Response and DELBA action frames
- process Block Ack Request control frames (including MTBAR)
- implement PBAC support (Protected Block Ack)
- add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0:
- implement SA Query procedure (both AP and STA)
- cleanup BIP
Fix some bugs:
- fix check for WEP key length that otherwise caused a stack smash in
ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc)
- properly stop EAPOL timeout: fixes a panic that occured in HostAP mode
when turning the interface down while a 4-way handshake is in progress
(pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined)
because they won't be ready until after the next release and I didn't
want to grow the kernel or to inadvertently introduce new bugs.
They are here such that other people can look at the code.
Notice that I had to add an extra parameter to ic_send_mgmt() for
action frames, that is why there are small changes in drivers defining
their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in
my tree for too long now.
|
| |
|
|
|
| |
every DTIM in HostAP mode.
Flushes all group addressed MSDUs buffered at the AP for power management.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will be required for future WPA-Enterprise support (802.1X).
Add ieee80211_needs_auth() function (not implemented yet) to
notify the userland 802.1X PACP machine when an 802.1X port
becomes enabled (that is after successfull 802.11 Open System
authentication).
Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the
PACP state machine can kick the 802.11 key state machine and
install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw).
This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC
for data integrity, and AES Key Wrap for data protection of EAPOL-Key
frames. An OpenBSD AP will always advertise this capability and an
OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based
ones if both are supported by an AP.
|
| |
|
|
|
|
|
| |
to the Attic. nothing uses it in the tree and it is very unlikely
that something will use it one day.
the only driver supporting FHSS PHYs in the tree is ray(4) and it
does not use net80211.
|
| |
|
|
| |
if MFP was negotiated with the peer (not possible yet).
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
WPA is on and RX protection for TA is on.
Keep track of the TX/RX protection for each node when WPA is on.
tested by djm@ (ral+wpa), ckuethe@ (ath-noenc) and krw@ (wpi<->ral+wpa).
hints from bluhm@
has been in snaps for a few days.
pointed out by bluhm@ something like 1 year ago but we did not have
the right infrastructure to fix it properly at that time.
ok deraadt@
|
| |
|
|
|
|
|
| |
make sure drivers pass a contiguous header, check header length earlier.
fix checking of frames sequence number for frames containing an Address 4
field (required for future work).
fix processing of control frames (only pspoll for now).
|
| |
|
|
|
| |
move ieee80211_setup_rates() to ieee80211_node.c
move some prototypes from ieee80211_proto.h to ieee80211_crypto.h
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@
ok deraadt@
|
| |
|
|
|
| |
ieee80211_plcp2rate() because I've got a late feedback from Damien that
he dislike the implementation method a lot.
|
| |
|
|
| |
Help and OK reyk@
|
| |
|
|
| |
add some RSNA authenticator state machine bits.
|
| |
|
|
|
|
|
|
|
|
| |
message 2/4 of the 4-way handshake because the authenticator must
derive the PTK first (the MIC is computed using the KCK).
Move calls to ieee80211_eapol_key_check_mic() - and as a consequence
ieee80211_eapol_key_decrypt() - directly in the
ieee80211_recv_{group,4way}_msg*() functions.
Unconstify the first parameter since checking the MIC modifies the
frame. Remove ni->ni_ptk_ok field while i'm here.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
a station is using WPA1 or RSN descriptors.
make sure that a station that advertises WPA1 capability in an IE
uses the WPA1 EAPOL-Key descriptor type and not the RSN one.
fix construction of EAPOL-Key frames for WPA1.
i can now successfuly complete a 4-way and group-key handshake
with both a WPA1 and a WPA2 access point.
add some TKIP encapsulation code (no SW crypto yet).
ok deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
can handle multiple ciphers (the key to use is determined automatically
by these functions based on the frame's destination address).
add ieee80211_ccmp_encrypt() and ieee80211_ccmp_decrypt().
those two functions only do encapsulation/decapsulation of CCMP frames
for now (they don't do SW crypto). they will help to test things with
drivers that can do HW crypto.
add a ni_pairwise_key field to struct ieee80211_node to actually install
the pairwise transient key.
install the GTK in ic_nw_keys[].
|
| |
|
|
|
|
|
| |
when using WPA-PSK).
add a ni_replaycnt_ok flag to struct ieee80211_node to mark the replay
counter as valid. the replay counter is marked valid only when message
3 of the 4-way handshake is received since message 1 contains no MIC.
|
| |
|
|
|
|
|
|
|
|
| |
states. those fields will be put in a separate structure (ieee80211_rsna)
in a future cleanup phase to save some space.
add a ni_port_valid field to manage PAE state.
in pre-RSNA networks, this field will be set to 1 after a successful
open authentication. in RSNA networks, this field will be set to 1
after a successful 4-way handshake.
|
| |
|
|
|
| |
it has been #if 0'd since 3.9 and we have never supported this mode (no
ifconfig option etc...).
|
| | |
|
| |
|
|
|
| |
ieee80211_node structure.
add a flag to indicate whether a STA is a QSTA or not.
|
| |
|
|
| |
remove prototype in .h and ref in man pages.
|
| | |
|
| |
|
|
|
|
|
| |
definitions.
remove comments about "lock order reversals" that are specific to freebsd.
ok reyk@ jsg@ mglocker@
|
| |
|
|
|
|
| |
Choose the BSD license so that future enhancements will be BSD-only.
ok jsg@ reyk@ deraadt@
|
| |
|
|
|
| |
the standard rates, use some defined by net80211 itself. kernel shrinks a bit
ok jsg mglocker
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
with IEEE Std 802.11g-2003 standard:
- add ERP Information Element in probe responses and beacons
- keep track of the number of associated non-ERP STAs and non-short slot
time capable STAs in the BSS
- enable use of RTS/CTS or CTS-to-self protection when required by the BSS
- add a ic_updateslot() callback to notify drivers of slot time changes
- cleanup computation of mgmt frames sizes in ieee80211_output.c
- nuke unnecessary <sys/cdefs.h> includes
- remove an unused macro (LOGICALLY_EQUAL) while i'm here
From {free,net}bsd, with additional fixes.
ok brad@, reyk@
|
| |
|
|
|
|
|
| |
bugs in the node table (like duplicate nodes in hostap mode), we get
rid of possible hash collisions, and it simplifies the code.
tested by many, ok damien@, jsg@
|
| |
|
|
| |
ok jsg@
|
| |
|
|
| |
ok jsg@
|
| |
|
|
|
| |
doing a wholesale merge with them in future.
very enthusiastic ok from reyk@
|
| |
|
|
|
|
|
| |
and node listing. wicontrol is not supported by net80211 drivers
anymore. further improvements will be done.
ok dlg@, jsg@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
---
Make the node table into an LRU cache: least-recently used nodes
are at the end of the node queue. Change the reference-counting
discipline: ni->ni_refcnt indicates how many times net80211 has
granted ni to the driver. Every node in the table with ni_refcnt=0
is eligible to be garbage-collected. The mere presence of a node
in the table does not any longer indicate its auth/assoc state;
nodes have a ni_state variable, now.
While I am here, patch ieee80211_find_node_for_beacon to do a "best
match" by bssid/ssid/channel, not a "perfect match." This keeps
net80211 from caching duplicate nodes in the table.
---
ok deraadt@ dlg@, looks good jsg@
|
| |
|
|
|
|
| |
by sdr (software defined radios).
ok deraadt@ millert@ damien@
|
|
|
Based in part on a diff from Matthew Gream.
|
stsp
damien
mglocker
deraadt
reyk
jsg
millert