hostapd/wpa_supplicant - new release v1.0
Jouni Malinen
j
Thu May 10 12:10:07 PDT 2012
New versions of wpa_supplicant and hostapd were just
released and are now available from http://w1.fi/
This release is from the v1.x release branch (hostap-1.git). Please note
that this is a change from the past releases since separate development
releases are not used anymore and all the new releases will be similar
to the stable releases in the past.
Getting a new release out took a bit longer than expected (0.7.3 was
released in September 2010; the last development release 0.7.2, i.e.,
the starting point of this new release, is from over two years ago). The
development branch used v0.8.x for a long time, but with the new
release process, this was renumbered to 1.0 (with 1.x reserved for bug
fix releases and 2.0 for the next major release).
The 1.x release branch is maintained by Angie Chinchilla and she
deserves a huge thank you for enabling a proper release to be made.
With the first release from a new release branch, the old 0.6.x branch
is consider to have reached its end-of-life. If you are still using
0.6.x or older versions, you are strongly recommended to update to the
1.0 release. I would also recommend moving from 0.7.3 to the new 1.x
branch.
There has been quite a few new features since the last 0.7.3
release. Wi-Fi P2P (Wi-Fi Direct) is clearly the largest one of these,
but there are also other noticeable new features like WSC 2.0 support
and large number of bug fixes. The ChangeLog entries below provide more
details on the changes.
hostapd:
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
TSF offset. See hostapd.conf for config info.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Allow PMKSA caching to be disabled on the Authenticator. See
hostap.conf config parameter disable_pmksa_caching.
* atheros: Add support for IEEE 802.11w configuration.
* bsd: Add support for setting HT values in IFM_MMASK.
* Allow client isolation to be configured with ap_isolate. Client
isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging
is allowed.
* Allow coexistance of HT BSSes with WEP/TKIP BSSes.
* Add require_ht config parameter, which can be used to configure
hostapd to reject association with any station that does not support
HT PHY.
* Add support for writing debug log to a file using "-f" option. Also
add relog CLI command to re-open the log file.
* Add bridge handling for WDS STA interfaces. By default they are
added to the configured bridge of the AP interface (if present),
but the user can also specify a separate bridge using cli command
wds_bridge.
* hostapd_cli:
- Add wds_bridge command for specifying bridge for WDS STA
interfaces.
- Add relog command for reopening log file.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Add wps_config ctrl_interface command for configuring AP. This
command can be used to configure the AP using the internal WPS
registrar. It works in the same way as new AP settings received
from an ER.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Add command get version, that returns hostapd version string.
* WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
notification to the STA.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* WPS:
- Send AP Settings as a wrapped Credential attribute to ctrl_iface
in WPS-NEW-AP-SETTINGS.
- Dispatch more WPS events through hostapd ctrl_iface.
- Add mechanism for indicating non-standard WPS errors.
- Change concurrent radio AP to use only one WPS UPnP instance.
- Add wps_check_pin command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Add hostap_cli get_config command to display current AP config.
- Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
runtime and support dynamic AP PIN management.
- Disable AP PIN after 10 consecutive failures. Slow down attacks
on failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing,
to be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info
to the user on how to resolve the issue.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Show SetSelectedRegistrar events as ctrl_iface events.
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Allow TDLS use or TDLS channel switching in the BSS to be
prohibited in the BSS, using config params tdls_prohibit and
tdls_prohibit_chan_switch.
* EAP server: Add support for configuring fragment size (see
fragment_size in hostapd.conf).
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See hostapd.conf for config parameters for
interworking.
* Android: Add build and runtime support for Android hostapd.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Many bugfixes.
wpa_supplicant:
* bsd: Add support for setting HT values in IFM_MMASK.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Drop oldest unknown BSS table entries first. This makes it less
likely to hit connection issues in environments with huge number
of visible APs.
* Add systemd support.
* Add support for setting the syslog facility from the config file
at build time.
* atheros: Add support for IEEE 802.11w configuration.
* AP mode: Allow enable HT20 if driver supports it, by setting the
config parameter ieee80211n.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
* nl80211:
- Support GTK rekey offload.
- Support PMKSA candidate events. This adds support for RSN
pre-authentication with nl80211 interface and drivers that handle
roaming internally.
* dbus:
- Add a DBus signal for EAP SM requests, emitted on the Interface
object.
- Export max scan ssids supported by the driver as MaxScanSSID.
- Add signal Certification for information about server certification.
- Add BSSExpireAge and BSSExpireCount interface properties and
support set/get, which allows for setting BSS cache expiration age
and expiration scan count.
- Add ConfigFile to AddInterface properties.
- Add Interface.Country property and support to get/set the value.
- Add DBus property CurrentAuthMode.
- P2P DBus API added.
- Emit property changed events (for property BSSs) when adding/
removing BSSs.
- Treat '' in SSIDs of Interface.Scan as a request for broadcast
scan, instead of ignoring it.
- Add DBus getter/setter for FastReauth.
- Raise PropertiesChanged on org.freedesktop.DBus.Properties.
* wpa_cli:
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Make second argument to set command optional. This can be used to
indicate a zero length value.
- Add signal_poll command.
- Add bss_expire_age and bss_expire_count commands to set/get BSS
cache expiration age and expiration scan count.
- Add ability to set scan interval (the time in seconds wpa_s waits
before requesting a new scan after failing to find a suitable
network in scan results) using scan_interval command.
- Add event CTRL-EVENT-ASSOC-REJECT for association rejected.
- Add command get version, that returns wpa_supplicant version string.
- Add command sta_autoconnect for disabling automatic reconnection
on receiving disconnection event.
- Setting bssid parameter to an empty string "" or any can now be
used to clear the bssid_set flag in a network block, i.e., to remove
bssid filtering.
- Add tdls_testing command to add a special testing feature for
changing TDLS behavior. Build param CONFIG_TDLS_TESTING must be
enabled as well.
- For interworking, add wpa_cli commands interworking_select,
interworking_connect, anqp_get, fetch_anqp, and stop_fetch_anqp.
- Many P2P commands were added. See README-P2P.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Allow set command to change global config parameters.
- Add log_level command, which can be used to display the current
debugging level and to change the log level during run time.
- Add note command, which can be used to insert notes to the debug
log.
- Add internal line edit implementation. CONFIG_WPA_CLI_EDIT=y
can now be used to build wpa_cli with internal implementation of
line editing and history support. This can be used as a replacement
for CONFIG_READLINE=y.
* AP mode: Add max_num_sta config option, which can be used to limit
the number of stations allowed to connect to the AP.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
config file.
* wext: Increase scan timeout from 5 to 10 seconds.
* Add blacklist command, allowing an external program to
manage the BSS blacklist and display its current contents.
* WPS:
- Add wpa_cli wps_pin get command for generating random PINs. This can
be used in a UI to generate a PIN without starting WPS (or P2P)
operation.
- Set RF bands based on driver capabilities, instead of hardcoding
them.
- Add mechanism for indicating non-standard WPS errors.
- Add CONFIG_WPS_REG_DISABLE_OPEN=y option to disable open networks
by default.
- Add wps_ap_pin cli command for wpa_supplicant AP mode.
- Add wps_check_pin cli command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Cancel WPS operation on PBC session overlap detection.
- New wps_cancel command in wpa_cli will cancel a pending WPS
operation.
- wpa_cli action: Add WPS_EVENT_SUCCESS and WPS_EVENT_FAIL handlers.
- Trigger WPS config update on Manufacturer, Model Name, Model
Number, and Serial Number changes.
- Fragment size is now configurable for EAP-WSC peer. Use
wpa_cli set wps_fragment_size <val>.
- Disable AP PIN after 10 consecutive failures. Slow down attacks on
failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing, to
be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info to the
user on how to resolve the issue.
- Label and Display config methods are not allowed to be enabled
at the same time, since it is unclear which PIN to use if both
methods are advertised.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
all interfaces
* WPS ER:
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
- Show SetSelectedRegistrar events as ctrl_iface events
- Add wps_er_set_config to enroll a network based on a local
network configuration block instead of having to (re-)learn the
current AP settings with wps_er_learn.
- Allow AP filtering based on IP address, add ctrl_iface event for
learned AP settings, add wps_er_config command to configure an AP.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
workarounds.
- Add support for AuthorizedMACs attribute.
* TDLS:
- Propogate TDLS related nl80211 capability flags from kernel and
add them as driver capability flags. If the driver doesn't support
capabilities, assume TDLS is supported internally. When TDLS is
explicitly not supported, disable all user facing TDLS operations.
- Allow TDLS to be disabled at runtime (mostly for testing).
Use set tdls_disabled.
- Honor AP TDLS settings that prohibit/allow TDLS.
- Add a special testing feature for changing TDLS behavior. Use
CONFIG_TDLS_TESTING build param to enable. Configure at runtime
with tdls_testing cli command.
- Add support for TDLS 802.11z.
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See wpa_supplicant.conf for config parameters
for interworking. wpa_cli commands added to support this are
interworking_select, interworking_connect, anqp_get, fetch_anqp,
and stop_fetch_anqp.
* Android: Add build and runtime support for Android wpa_supplicant.
* bgscan learn: Add new bgscan that learns BSS information based on
previous scans, and uses that information to dynamically generate
the list of channels for background scans.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
CONFIG_TLSV11.
- Add domainComponent parser for X.509 names.
* Linux: Add RFKill support by adding an interface state "disabled".
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Solaris: Add support for wired 802.1X client.
* Wi-Fi Direct support. See README-P2P for more information.
* Many bugfixes.
git-shortlog for 0.7.2 -> 1.0:
Well.. There was more than 1500 commits, so the list would be a bit too
long for this email. Anyway, if you are interested in the details, they
are available in the hostap-1.git repository.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list