summaryrefslogtreecommitdiffstats
path: root/usr.sbin/wpa/hostapd
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin/wpa/hostapd')
-rw-r--r--usr.sbin/wpa/hostapd/Makefile114
-rw-r--r--usr.sbin/wpa/hostapd/driver_freebsd.c909
-rw-r--r--usr.sbin/wpa/hostapd/hostapd.8134
-rw-r--r--usr.sbin/wpa/hostapd/hostapd.conf.5210
4 files changed, 0 insertions, 1367 deletions
diff --git a/usr.sbin/wpa/hostapd/Makefile b/usr.sbin/wpa/hostapd/Makefile
deleted file mode 100644
index db9b1d3..0000000
--- a/usr.sbin/wpa/hostapd/Makefile
+++ /dev/null
@@ -1,114 +0,0 @@
-# $FreeBSD$
-
-.include "${.CURDIR}/../Makefile.inc"
-
-.PATH.c:${HOSTAPD_DISTDIR} \
- ${WPA_DISTDIR}/src/eap_server \
- ${WPA_DISTDIR}/src/radius \
-
-PROG= hostapd
-SRCS= accounting.c aes.c aes_wrap.c ap_list.c beacon.c common.c \
- config.c ctrl_iface.c drivers.c eapol_sm.c eap.c eap_common.c \
- eap_identity.c eap_methods.c eloop.c hostapd.c \
- hw_features.c ieee802_11.c ieee802_11_common.c ieee802_11_auth.c \
- ieee802_1x.c ip_addr.c md5.c mlme.c pmksa_cache.c radius.c \
- radius_client.c rc4.c sha1.c sta_info.c vlan_init.c wme.c \
- wpa.c wpa_auth_ie.c wpa_common.c wpa_debug.c wpabuf.c
-SRCS+= l2_packet_freebsd.c driver_freebsd.c os_unix.c
-
-MAN= hostapd.8 hostapd.conf.5
-
-.if ${MK_EXAMPLES} != "no"
-FILESDIR= ${SHAREDIR}/examples/hostapd
-.PATH: ${HOSTAPD_DISTDIR}
-FILES= hostapd.conf hostapd.eap_user hostapd.wpa_psk
-.endif
-
-CFLAGS+= -I${HOSTAPD_DISTDIR}
-
-CFLAGS+= -DCONFIG_DRIVER_BSD
-CFLAGS+= -DCONFIG_DRIVER_RADIUS_ACL
-.if ${MK_INET6} != "no"
-CFLAGS+= -DCONFIG_IPV6
-.endif
-CFLAGS+= -g
-DPADD+= ${LIBPCAP}
-LDADD+= -lpcap
-
-# User customizations for wpa_supplicant/hostapd build environment
-CFLAGS+=${HOSTAPD_CFLAGS}
-#DPADD+=${HOSTAPD_DPADD}
-LDADD+=${HOSTAPD_LDADD}
-#LDFLAGS+=${HOSTAPD_LDFLAGS}
-
-.if !empty(CFLAGS:M*-DEAP_SERVER)
-#SRCS+= eap.c eap_methods.c eap_identity.c
-
-.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH)
-
-CFLAGS+=-DEAP_TLS -DEAP_PEAP -DEAP_MSCHAPv2 -DEAP_PSK \
- -DEAP_TLS_FUNCS -DEAP_TLS_OPENSSL
-SRCS+= crypto_openssl.c
-SRCS+= eap_tls.c eap_peap.c eap_peap_common.c eap_mschapv2.c \
- eap_psk.c eap_psk_common.c \
- eap_tls_common.c tls_openssl.c ms_funcs.c chap.c
-
-CFLAGS+=-DEAP_TTLS -DEAP_MD5
-SRCS+= eap_ttls.c eap_md5.c
-
-.if !empty(CFLAGS:M*-DEAP_GTC)
-SRCS+= eap_gtc.c
-.endif
-
-.if !empty(CFLAGS:M*-DEAP_AKA)
-NEED_SIM_COMMON= true
-SRCS+= eap_aka.c
-.endif
-
-.if !empty(CFLAGS:M*-DEAP_SIM)
-NEED_SIM_COMMON= true
-SRCS+= eap_sim.c
-.endif
-
-.if defined(NEED_SIM_COMMON)
-SRCS+= eap_sim_common.c eap_sim_db.c
-.endif
-
-.if !empty(CFLAGS:M*-DEAP_GPSK)
-CFLAGS+=-DEAP_GPSK_SHA256
-SRCS+= eap_gpsk.c eap_gpsk_common.c
-NEED_SHA256= true
-.endif
-
-.if !empty(CFLAGS:M*-DEAP_PAX)
-SRCS+= eap_pax.c eap_pax_common.c
-.endif
-
-.if !empty(CFLAGS:M*-DEAP_SAKE)
-SRCS+= eap_sake.c eap_sake_common.c
-.endif
-
-DPADD+= ${LIBSSL} ${LIBCRYPTO}
-LDADD+= -lssl -lcrypto
-.else
-NEED_TLS_NONE= true
-.endif
-
-.else
-NEED_TLS_NONE= true
-.endif
-
-.if defined(NEED_SHA256)
-CFLAGS+=-DINTERNAL_SHA256
-SRCS+= sha256.c
-.endif
-
-.if defined(NEED_TLS_NONE)
-CFLAGS+= -DEAP_TLS_NONE
-CFLAGS+= -DINTERNAL_AES
-CFLAGS+= -DINTERNAL_SHA1
-CFLAGS+= -DINTERNAL_MD5
-SRCS+= tls_none.c
-.endif
-
-.include <bsd.prog.mk>
diff --git a/usr.sbin/wpa/hostapd/driver_freebsd.c b/usr.sbin/wpa/hostapd/driver_freebsd.c
deleted file mode 100644
index 89d0051..0000000
--- a/usr.sbin/wpa/hostapd/driver_freebsd.c
+++ /dev/null
@@ -1,909 +0,0 @@
-/*
- * Host AP - driver interaction with BSD net80211 layer
- * Copyright (c) 2004, Sam Leffler <sam@errno.com>
- * Copyright (c) 2004, 2Wire, Inc
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See README and COPYING for more details.
- *
- * $FreeBSD$
- */
-#include <stdlib.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <string.h>
-#include <sys/ioctl.h>
-#include <errno.h>
-
-#include <sys/socket.h>
-#include <net/if.h>
-#include <netinet/in.h>
-
-#include <net80211/ieee80211_ioctl.h>
-
-#undef RSN_VERSION
-#undef WPA_VERSION
-#undef WPA_OUI_TYPE
-#undef WME_OUI_TYPE
-
-#include "hostapd.h"
-#include "driver.h"
-#include "ieee802_1x.h"
-#include "ieee802_11_auth.h"
-#include "eloop.h"
-#include "sta_info.h"
-#include "l2_packet/l2_packet.h"
-
-#include "eapol_sm.h"
-#include "wpa.h"
-#include "radius/radius.h"
-#include "ieee802_11.h"
-#include "common.h"
-#include "hostap_common.h"
-
-struct bsd_driver_data {
- struct hostapd_data *hapd; /* back pointer */
-
- char iface[IFNAMSIZ + 1];
- unsigned int ifindex; /* interface index */
- struct l2_packet_data *sock_xmit; /* raw packet xmit socket */
- int ioctl_sock; /* socket for ioctl() use */
- int wext_sock; /* socket for wireless events */
-};
-
-static const struct wpa_driver_ops bsd_driver_ops;
-
-static int bsd_sta_deauth(void *priv, const u8 *addr, int reason_code);
-
-static int
-set80211var(struct bsd_driver_data *drv, int op, const void *arg, int arg_len)
-{
- struct ieee80211req ireq;
-
- memset(&ireq, 0, sizeof(ireq));
- strncpy(ireq.i_name, drv->iface, IFNAMSIZ);
- ireq.i_type = op;
- ireq.i_len = arg_len;
- ireq.i_data = (void *) arg;
-
- if (ioctl(drv->ioctl_sock, SIOCS80211, &ireq) < 0) {
- perror("ioctl[SIOCS80211]");
- return -1;
- }
- return 0;
-}
-
-static int
-get80211var(struct bsd_driver_data *drv, int op, void *arg, int arg_len)
-{
- struct ieee80211req ireq;
-
- memset(&ireq, 0, sizeof(ireq));
- strncpy(ireq.i_name, drv->iface, IFNAMSIZ);
- ireq.i_type = op;
- ireq.i_len = arg_len;
- ireq.i_data = arg;
-
- if (ioctl(drv->ioctl_sock, SIOCG80211, &ireq) < 0) {
- perror("ioctl[SIOCG80211]");
- return -1;
- }
- return ireq.i_len;
-}
-
-static int
-set80211param(struct bsd_driver_data *drv, int op, int arg)
-{
- struct ieee80211req ireq;
-
- memset(&ireq, 0, sizeof(ireq));
- strncpy(ireq.i_name, drv->iface, IFNAMSIZ);
- ireq.i_type = op;
- ireq.i_val = arg;
-
- if (ioctl(drv->ioctl_sock, SIOCS80211, &ireq) < 0) {
- perror("ioctl[SIOCS80211]");
- return -1;
- }
- return 0;
-}
-
-static const char *
-ether_sprintf(const u8 *addr)
-{
- static char buf[sizeof(MACSTR)];
-
- if (addr != NULL)
- snprintf(buf, sizeof(buf), MACSTR, MAC2STR(addr));
- else
- snprintf(buf, sizeof(buf), MACSTR, 0,0,0,0,0,0);
- return buf;
-}
-
-static int
-bsd_set_iface_flags(void *priv, int flags)
-{
- struct bsd_driver_data *drv = priv;
- struct hostapd_data *hapd = drv->hapd;
- struct ifreq ifr;
-
- wpa_printf(MSG_DEBUG, "%s: flags=0x%x\n", __func__, flags);
-
- if (drv->ioctl_sock < 0)
- return -1;
-
- memset(&ifr, 0, sizeof(ifr));
- snprintf(ifr.ifr_name, IFNAMSIZ, "%s", drv->iface);
-
- if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, &ifr) != 0) {
- perror("ioctl[SIOCGIFFLAGS]");
- return -1;
- }
-
- if (flags < 0) {
- flags = -flags;
- if ((ifr.ifr_flags & flags) == 0)
- return 0;
- ifr.ifr_flags &= ~flags;
- } else {
- if ((ifr.ifr_flags & flags) == flags)
- return 0;
- ifr.ifr_flags |= flags;
- }
-
- if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, &ifr) != 0) {
- perror("ioctl[SIOCSIFFLAGS]");
- return -1;
- }
- return 0;
-}
-
-static int
-bsd_commit(void *priv)
-{
- return bsd_set_iface_flags(priv, IFF_UP);
-}
-
-static int
-bsd_set_ieee8021x(const char *ifname, void *priv, int enabled)
-{
- struct bsd_driver_data *drv = priv;
- struct hostapd_data *hapd = drv->hapd;
- struct hostapd_bss_config *conf = hapd->conf;
-
- wpa_printf(MSG_DEBUG, "%s: enabled=%d\n", __func__, enabled);
-
- if (!enabled) {
- /* XXX restore state */
- return set80211param(priv, IEEE80211_IOC_AUTHMODE,
- IEEE80211_AUTH_AUTO);
- }
- if (!conf->wpa && !conf->ieee802_1x) {
- hostapd_logger(hapd, NULL, HOSTAPD_MODULE_DRIVER,
- HOSTAPD_LEVEL_WARNING, "No 802.1X or WPA enabled!");
- return -1;
- }
- if (conf->wpa && set80211param(drv, IEEE80211_IOC_WPA, conf->wpa)) {
- hostapd_logger(hapd, NULL, HOSTAPD_MODULE_DRIVER,
- HOSTAPD_LEVEL_WARNING, "Error configuring WPA state!");
- return -1;
- }
- if (set80211param(priv, IEEE80211_IOC_AUTHMODE,
- (conf->wpa ? IEEE80211_AUTH_WPA : IEEE80211_AUTH_8021X))) {
- hostapd_logger(hapd, NULL, HOSTAPD_MODULE_DRIVER,
- HOSTAPD_LEVEL_WARNING, "Error enabling WPA/802.1X!");
- return -1;
- }
- return 0;
-}
-
-static int
-bsd_set_privacy(const char *ifname, void *priv, int enabled)
-{
- struct bsd_driver_data *drv = priv;
- struct hostapd_data *hapd = drv->hapd;
-
- wpa_printf(MSG_DEBUG, "%s: enabled=%d\n", __func__, enabled);
-
- return set80211param(priv, IEEE80211_IOC_PRIVACY, enabled);
-}
-
-static int
-bsd_set_sta_authorized(void *priv, const u8 *addr, int authorized)
-{
- struct bsd_driver_data *drv = priv;
- struct hostapd_data *hapd = drv->hapd;
- struct ieee80211req_mlme mlme;
-
- wpa_printf(MSG_DEBUG, "%s: addr=%s authorized=%d\n",
- __func__, ether_sprintf(addr), authorized);
-
- if (authorized)
- mlme.im_op = IEEE80211_MLME_AUTHORIZE;
- else
- mlme.im_op = IEEE80211_MLME_UNAUTHORIZE;
- mlme.im_reason = 0;
- memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
- return set80211var(priv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme));
-}
-
-static int
-bsd_sta_set_flags(void *priv, const u8 *addr, int total_flags,
- int flags_or, int flags_and)
-{
- /* For now, only support setting Authorized flag */
- if (flags_or & WLAN_STA_AUTHORIZED)
- return bsd_set_sta_authorized(priv, addr, 1);
- if (!(flags_and & WLAN_STA_AUTHORIZED))
- return bsd_set_sta_authorized(priv, addr, 0);
- return 0;
-}
-
-static int
-bsd_del_key(void *priv, const unsigned char *addr, int key_idx)
-{
- struct bsd_driver_data *drv = priv;
- struct hostapd_data *hapd = drv->hapd;
- struct ieee80211req_del_key wk;
-
- wpa_printf(MSG_DEBUG, "%s: addr=%s key_idx=%d\n",
- __func__, ether_sprintf(addr), key_idx);
-
- memset(&wk, 0, sizeof(wk));
- if (addr != NULL) {
- memcpy(wk.idk_macaddr, addr, IEEE80211_ADDR_LEN);
- wk.idk_keyix = (u_int8_t) IEEE80211_KEYIX_NONE; /* XXX */
- } else {
- wk.idk_keyix = key_idx;
- }
-
- return set80211var(priv, IEEE80211_IOC_DELKEY, &wk, sizeof(wk));
-}
-
-static int
-bsd_set_key(const char *ifname, void *priv, const char *alg,
- const u8 *addr, int key_idx,
- const u8 *key, size_t key_len, int txkey)
-{
- struct bsd_driver_data *drv = priv;
- struct hostapd_data *hapd = drv->hapd;
- struct ieee80211req_key wk;
- u_int8_t cipher;
-
- if (strcmp(alg, "none") == 0)
- return bsd_del_key(priv, addr, key_idx);
-
- wpa_printf(MSG_DEBUG, "%s: alg=%s addr=%s key_idx=%d\n",
- __func__, alg, ether_sprintf(addr), key_idx);
-
- if (strcmp(alg, "WEP") == 0)
- cipher = IEEE80211_CIPHER_WEP;
- else if (strcmp(alg, "TKIP") == 0)
- cipher = IEEE80211_CIPHER_TKIP;
- else if (strcmp(alg, "CCMP") == 0)
- cipher = IEEE80211_CIPHER_AES_CCM;
- else {
- printf("%s: unknown/unsupported algorithm %s\n",
- __func__, alg);
- return -1;
- }
-
- if (key_len > sizeof(wk.ik_keydata)) {
- printf("%s: key length %d too big\n", __func__, key_len);
- return -3;
- }
-
- memset(&wk, 0, sizeof(wk));
- wk.ik_type = cipher;
- if (addr == NULL) {
- memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN);
- wk.ik_keyix = key_idx;
- wk.ik_flags = IEEE80211_KEY_XMIT
- | IEEE80211_KEY_GROUP
- | IEEE80211_KEY_DEFAULT;
- } else {
- memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN);
- wk.ik_keyix = IEEE80211_KEYIX_NONE;
- wk.ik_flags = IEEE80211_KEY_RECV | IEEE80211_KEY_XMIT;
- }
- wk.ik_keylen = key_len;
- memcpy(wk.ik_keydata, key, key_len);
-
- return set80211var(priv, IEEE80211_IOC_WPAKEY, &wk, sizeof(wk));
-}
-
-
-static int
-bsd_get_seqnum(const char *ifname, void *priv, const u8 *addr, int idx,
- u8 *seq)
-{
- struct bsd_driver_data *drv = priv;
- struct hostapd_data *hapd = drv->hapd;
- struct ieee80211req_key wk;
-
- wpa_printf(MSG_DEBUG, "%s: addr=%s idx=%d\n",
- __func__, ether_sprintf(addr), idx);
-
- memset(&wk, 0, sizeof(wk));
- if (addr == NULL)
- memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN);
- else
- memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN);
- wk.ik_keyix = idx;
-
- if (get80211var(drv, IEEE80211_IOC_WPAKEY, &wk, sizeof(wk)) < 0) {
- printf("Failed to get encryption.\n");
- return -1;
- } else {
- /* NB: upper layer expects tsc in network order */
- wk.ik_keytsc = htole64(wk.ik_keytsc);
- memcpy(seq, &wk.ik_keytsc, sizeof(wk.ik_keytsc));
- return 0;
- }
-}
-
-
-static int
-bsd_flush(void *priv)
-{
- u8 allsta[IEEE80211_ADDR_LEN];
-
- memset(allsta, 0xff, IEEE80211_ADDR_LEN);
- return bsd_sta_deauth(priv, allsta, IEEE80211_REASON_AUTH_LEAVE);
-}
-
-
-static int
-bsd_read_sta_driver_data(void *priv, struct hostap_sta_driver_data *data,
- const u8 *addr)
-{
- struct bsd_driver_data *drv = priv;
- struct ieee80211req_sta_stats stats;
-
- memcpy(stats.is_u.macaddr, addr, IEEE80211_ADDR_LEN);
- if (get80211var(drv, IEEE80211_IOC_STA_STATS, &stats, sizeof(stats)) > 0) {
- /* XXX? do packets counts include non-data frames? */
- data->rx_packets = stats.is_stats.ns_rx_data;
- data->rx_bytes = stats.is_stats.ns_rx_bytes;
- data->tx_packets = stats.is_stats.ns_tx_data;
- data->tx_bytes = stats.is_stats.ns_tx_bytes;
- }
- return 0;
-}
-
-static int
-bsd_sta_clear_stats(void *priv, const u8 *addr)
-{
- struct bsd_driver_data *drv = priv;
- struct hostapd_data *hapd = drv->hapd;
- struct ieee80211req_sta_stats stats;
-
- wpa_printf(MSG_DEBUG, "%s: addr=%s\n", __func__, ether_sprintf(addr));
-
- /* zero station statistics */
- memset(&stats, 0, sizeof(stats));
- memcpy(stats.is_u.macaddr, addr, IEEE80211_ADDR_LEN);
- return set80211var(drv, IEEE80211_IOC_STA_STATS, &stats, sizeof(stats));
-}
-
-static int
-bsd_set_opt_ie(const char *ifname, void *priv, const u8 *ie, size_t ie_len)
-{
- struct bsd_driver_data *drv = priv;
- struct hostapd_data *hapd = drv->hapd;
- struct ieee80211req ireq;
-
- memset(&ireq, 0, sizeof(ireq));
- strncpy(ireq.i_name, drv->iface, IFNAMSIZ);
- ireq.i_type = IEEE80211_IOC_APPIE;
- ireq.i_val = IEEE80211_APPIE_WPA;
- ireq.i_data = (void *) ie;
- ireq.i_len = ie_len;
-
- wpa_printf(MSG_DEBUG, "%s: set WPA+RSN ie (len %d)\n",
- __func__, ie_len);
- if (ioctl(drv->ioctl_sock, SIOCS80211, &ireq) < 0) {
- printf("Unable to set WPA+RSN ie\n");
- return -1;
- }
- return 0;
-}
-
-static int
-bsd_sta_deauth(void *priv, const u8 *addr, int reason_code)
-{
- struct bsd_driver_data *drv = priv;
- struct hostapd_data *hapd = drv->hapd;
- struct ieee80211req_mlme mlme;
-
- wpa_printf(MSG_DEBUG, "%s: addr=%s reason_code=%d\n",
- __func__, ether_sprintf(addr), reason_code);
-
- mlme.im_op = IEEE80211_MLME_DEAUTH;
- mlme.im_reason = reason_code;
- memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
- return set80211var(priv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme));
-}
-
-static int
-bsd_sta_disassoc(void *priv, const u8 *addr, int reason_code)
-{
- struct bsd_driver_data *drv = priv;
- struct hostapd_data *hapd = drv->hapd;
- struct ieee80211req_mlme mlme;
-
- wpa_printf(MSG_DEBUG, "%s: addr=%s reason_code=%d\n",
- __func__, ether_sprintf(addr), reason_code);
-
- mlme.im_reason = reason_code;
- memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
- return set80211var(priv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme));
-}
-
-static int
-bsd_del_sta(struct bsd_driver_data *drv, u8 addr[IEEE80211_ADDR_LEN])
-{
- struct hostapd_data *hapd = drv->hapd;
- struct hostapd_bss_config *conf = hapd->conf;
- struct sta_info *sta;
-
- hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
- HOSTAPD_LEVEL_INFO, "deassociated");
-
- sta = ap_get_sta(hapd, addr);
- if (sta != NULL) {
- sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
- if (conf->wpa)
- wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC);
- sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
- ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
- ap_free_sta(hapd, sta);
- }
- return 0;
-}
-
-static int
-bsd_new_sta(struct bsd_driver_data *drv, u8 addr[IEEE80211_ADDR_LEN])
-{
- struct hostapd_data *hapd = drv->hapd;
- struct hostapd_bss_config *conf = hapd->conf;
- struct sta_info *sta;
- struct ieee80211req_wpaie ie;
- int new_assoc, ielen, res;
-
- hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
- HOSTAPD_LEVEL_INFO, "associated");
-
- sta = ap_sta_add(hapd, addr);
- if (sta == NULL)
- return -1;
- /*
- * Fetch and validate any negotiated WPA/RSN parameters.
- */
- if (conf->wpa) {
- memset(&ie, 0, sizeof(ie));
- memcpy(ie.wpa_macaddr, addr, IEEE80211_ADDR_LEN);
- if (get80211var(drv, IEEE80211_IOC_WPAIE, &ie, sizeof(ie)) < 0) {
- printf("Failed to get WPA/RSN information element.\n");
- return -1; /* XXX not right */
- }
- if (ie.wpa_ie[1] == 0) {
- printf("No WPA/RSN information element for station!\n");
- return -1; /* XXX not right */
- }
- if (sta->wpa_sm == NULL)
- sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
- sta->addr);
- if (sta->wpa_sm == NULL) {
- printf("Failed to initialize WPA state machine\n");
- return -1;
- }
- ielen = 2 + ie.wpa_ie[1];
- res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
- ie.wpa_ie, ielen, NULL, 0);
- if (res != WPA_IE_OK) {
- printf("WPA/RSN information element rejected? "
- "(res %u)\n", res);
- return -1;
- }
- }
-
- /*
- * Now that the internal station state is setup
- * kick the authenticator into action.
- */
- new_assoc = (sta->flags & WLAN_STA_ASSOC) == 0;
- sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC;
- wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC);
- hostapd_new_assoc_sta(hapd, sta, !new_assoc);
- ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
-
- return 0;
-}
-
-#include <net/route.h>
-#include <net80211/ieee80211_freebsd.h>
-
-static void
-bsd_wireless_event_receive(int sock, void *ctx, void *sock_ctx)
-{
- struct bsd_driver_data *drv = ctx;
- struct hostapd_data *hapd = drv->hapd;
- char buf[2048];
- struct if_announcemsghdr *ifan;
- struct rt_msghdr *rtm;
- struct ieee80211_michael_event *mic;
- struct ieee80211_join_event *join;
- struct ieee80211_leave_event *leave;
-#ifdef CONFIG_DRIVER_RADIUS_ACL
- struct ieee80211_auth_event *auth;
-#endif
- int n;
-
- n = read(sock, buf, sizeof(buf));
- if (n < 0) {
- if (errno != EINTR && errno != EAGAIN)
- perror("read(PF_ROUTE)");
- return;
- }
-
- rtm = (struct rt_msghdr *) buf;
- if (rtm->rtm_version != RTM_VERSION) {
- wpa_printf(MSG_DEBUG, "Routing message version %d not "
- "understood\n", rtm->rtm_version);
- return;
- }
- ifan = (struct if_announcemsghdr *) rtm;
- if (ifan->ifan_index != drv->ifindex) {
- wpa_printf(MSG_DEBUG, "Discard routing message to if#%d "
- "(not for us %d)\n",
- ifan->ifan_index, drv->ifindex);
- return;
- }
- switch (rtm->rtm_type) {
- case RTM_IEEE80211:
- switch (ifan->ifan_what) {
- case RTM_IEEE80211_ASSOC:
- case RTM_IEEE80211_REASSOC:
- case RTM_IEEE80211_DISASSOC:
- case RTM_IEEE80211_SCAN:
- break;
- case RTM_IEEE80211_LEAVE:
- leave = (struct ieee80211_leave_event *) &ifan[1];
- bsd_del_sta(drv, leave->iev_addr);
- break;
- case RTM_IEEE80211_JOIN:
-#ifdef RTM_IEEE80211_REJOIN
- case RTM_IEEE80211_REJOIN:
-#endif
- join = (struct ieee80211_join_event *) &ifan[1];
- bsd_new_sta(drv, join->iev_addr);
- break;
- case RTM_IEEE80211_REPLAY:
- /* ignore */
- break;
- case RTM_IEEE80211_MICHAEL:
- mic = (struct ieee80211_michael_event *) &ifan[1];
- wpa_printf(MSG_DEBUG,
- "Michael MIC failure wireless event: "
- "keyix=%u src_addr=" MACSTR, mic->iev_keyix,
- MAC2STR(mic->iev_src));
- ieee80211_michael_mic_failure(hapd, mic->iev_src, 1);
- break;
-#ifdef CONFIG_DRIVER_RADIUS_ACL
- case RTM_IEEE80211_AUTH:
- auth = (struct ieee80211_auth_event *) &ifan[1];
- wpa_printf(MSG_DEBUG, "802.11 AUTH, STA = " MACSTR,
- MAC2STR(auth->iev_addr));
- n = hostapd_allowed_address(hapd, auth->iev_addr,
- NULL, 0, NULL, NULL, NULL);
- switch (n) {
- case HOSTAPD_ACL_ACCEPT:
- case HOSTAPD_ACL_REJECT:
- hostapd_set_radius_acl_auth(hapd,
- auth->iev_addr, n, 0);
- wpa_printf(MSG_DEBUG,
- "802.11 AUTH, STA = " MACSTR " hostapd says: %s",
- MAC2STR(auth->iev_addr),
- (n == HOSTAPD_ACL_ACCEPT ?
- "ACCEPT" : "REJECT" ));
- break;
- case HOSTAPD_ACL_PENDING:
- wpa_printf(MSG_DEBUG,
- "802.11 AUTH, STA = " MACSTR " pending",
- MAC2STR(auth->iev_addr));
- break;
- }
- break;
-#endif /* CONFIG_DRIVER_RADIUS_ACL */
- }
- break;
- }
-}
-
-static int
-bsd_wireless_event_init(void *priv)
-{
- struct bsd_driver_data *drv = priv;
- int s;
-
- drv->wext_sock = -1;
-
- s = socket(PF_ROUTE, SOCK_RAW, 0);
- if (s < 0) {
- perror("socket(PF_ROUTE,SOCK_RAW)");
- return -1;
- }
- eloop_register_read_sock(s, bsd_wireless_event_receive, drv, NULL);
- drv->wext_sock = s;
-
- return 0;
-}
-
-static void
-bsd_wireless_event_deinit(void *priv)
-{
- struct bsd_driver_data *drv = priv;
-
- if (drv != NULL) {
- if (drv->wext_sock < 0)
- return;
- eloop_unregister_read_sock(drv->wext_sock);
- close(drv->wext_sock);
- }
-}
-
-
-static int
-bsd_send_eapol(void *priv, const u8 *addr, const u8 *data, size_t data_len,
- int encrypt, const u8 *own_addr)
-{
- struct bsd_driver_data *drv = priv;
- struct hostapd_data *hapd = drv->hapd;
- unsigned char buf[3000];
- unsigned char *bp = buf;
- struct l2_ethhdr *eth;
- size_t len;
- int status;
-
- /*
- * Prepend the Etherent header. If the caller left us
- * space at the front we could just insert it but since
- * we don't know we copy to a local buffer. Given the frequency
- * and size of frames this probably doesn't matter.
- */
- len = data_len + sizeof(struct l2_ethhdr);
- if (len > sizeof(buf)) {
- bp = malloc(len);
- if (bp == NULL) {
- printf("EAPOL frame discarded, cannot malloc temp "
- "buffer of size %u!\n", len);
- return -1;
- }
- }
- eth = (struct l2_ethhdr *) bp;
- memcpy(eth->h_dest, addr, ETH_ALEN);
- memcpy(eth->h_source, own_addr, ETH_ALEN);
- eth->h_proto = htons(ETH_P_EAPOL);
- memcpy(eth+1, data, data_len);
-
- wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", bp, len);
-
- status = l2_packet_send(drv->sock_xmit, addr, ETH_P_EAPOL, bp, len);
-
- if (bp != buf)
- free(bp);
- return status;
-}
-
-static void
-handle_read(void *ctx, const u8 *src_addr, const u8 *buf, size_t len)
-{
- struct bsd_driver_data *drv = ctx;
- struct hostapd_data *hapd = drv->hapd;
- struct sta_info *sta;
-
- sta = ap_get_sta(hapd, src_addr);
- if (!sta || !(sta->flags & WLAN_STA_ASSOC)) {
- printf("Data frame from not associated STA %s\n",
- ether_sprintf(src_addr));
- /* XXX cannot happen */
- return;
- }
- ieee802_1x_receive(hapd, src_addr, buf + sizeof(struct l2_ethhdr),
- len - sizeof(struct l2_ethhdr));
-}
-
-static int
-bsd_get_ssid(const char *ifname, void *priv, u8 *buf, int len)
-{
- struct bsd_driver_data *drv = priv;
- struct hostapd_data *hapd = drv->hapd;
- int ssid_len = get80211var(priv, IEEE80211_IOC_SSID, buf, len);
-
- wpa_printf(MSG_DEBUG, "%s: ssid=\"%.*s\"\n", __func__, ssid_len, buf);
-
- return ssid_len;
-}
-
-static int
-bsd_set_ssid(const char *ifname, void *priv, const u8 *buf, int len)
-{
- struct bsd_driver_data *drv = priv;
- struct hostapd_data *hapd = drv->hapd;
-
- wpa_printf(MSG_DEBUG, "%s: ssid=\"%.*s\"\n", __func__, len, buf);
-
- return set80211var(priv, IEEE80211_IOC_SSID, buf, len);
-}
-
-static int
-bsd_set_countermeasures(void *priv, int enabled)
-{
- struct bsd_driver_data *drv = priv;
-
- wpa_printf(MSG_DEBUG, "%s: enabled=%d", __FUNCTION__, enabled);
- return set80211param(drv, IEEE80211_IOC_COUNTERMEASURES, enabled);
-}
-
-#ifdef CONFIG_DRIVER_RADIUS_ACL
-static int
-bsd_set_radius_acl_auth(void *priv, const u8 *mac, int accepted,
- u32 session_timeout)
-{
- struct bsd_driver_data *drv = priv;
- struct hostapd_data *hapd = drv->hapd;
- struct ieee80211req_mlme mlme;
-
- switch (accepted) {
- case HOSTAPD_ACL_ACCEPT_TIMEOUT:
- wpa_printf(MSG_DEBUG, "[%s] STA " MACSTR
- " has been accepted by RADIUS ACL with timeout "
- "of %d.\n", hapd->conf->iface, MAC2STR(mac),
- session_timeout);
- mlme.im_reason = IEEE80211_STATUS_SUCCESS;
- break;
- case HOSTAPD_ACL_ACCEPT:
- wpa_printf(MSG_DEBUG, "[%s] STA " MACSTR
- " has been accepted by RADIUS ACL.\n",
- hapd->conf->iface, MAC2STR(mac));
- mlme.im_reason = IEEE80211_STATUS_SUCCESS;
- break;
- case HOSTAPD_ACL_REJECT:
- wpa_printf(MSG_DEBUG, "[%s] STA " MACSTR
- " has been rejected by RADIUS ACL.\n",
- hapd->conf->iface, MAC2STR(mac));
- mlme.im_reason = IEEE80211_STATUS_UNSPECIFIED;
- break;
- default:
- wpa_printf(MSG_ERROR, "[%s] STA " MACSTR
- " has unknown status (%d) by RADIUS ACL. "
- "Nothing to do...\n", hapd->conf->iface,
- MAC2STR(mac), accepted);
- return 0;
- }
- memset(&mlme, 0, sizeof(mlme));
- mlme.im_op = IEEE80211_MLME_AUTH;
- memcpy(mlme.im_macaddr, mac, IEEE80211_ADDR_LEN);
- return set80211var(drv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme));
-}
-
-static int
-bsd_set_radius_acl_expire(void *priv, const u8 *mac)
-{
- struct bsd_driver_data *drv = priv;
- struct hostapd_data *hapd = drv->hapd;
-
- /*
- * The expiry of the MAC address from RADIUS ACL cache doesn't mean
- * that we should kick off the client. Our current approach doesn't
- * require adding/removing entries from an allow/deny list; so this
- * function is likely unecessary
- */
- wpa_printf(MSG_DEBUG, "[%s] STA " MACSTR " radius acl cache "
- "expired; nothing to do...", hapd->conf->iface,
- MAC2STR(mac));
- return 0;
-}
-#endif /* CONFIG_DRIVER_RADIUS_ACL */
-
-static void *
-bsd_init(struct hostapd_data *hapd)
-{
- struct bsd_driver_data *drv;
-
- drv = malloc(sizeof(struct bsd_driver_data));
- if (drv == NULL) {
- printf("Could not allocate memory for bsd driver data\n");
- goto bad;
- }
-
- memset(drv, 0, sizeof(*drv));
- drv->hapd = hapd;
- drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
- if (drv->ioctl_sock < 0) {
- perror("socket[PF_INET,SOCK_DGRAM]");
- goto bad;
- }
- memcpy(drv->iface, hapd->conf->iface, sizeof(drv->iface));
- /*
- * NB: We require the interface name be mappable to an index.
- * This implies we do not support having wpa_supplicant
- * wait for an interface to appear. This seems ok; that
- * doesn't belong here; it's really the job of devd.
- * XXXSCW: devd is FreeBSD-specific.
- */
- drv->ifindex = if_nametoindex(drv->iface);
- if (drv->ifindex == 0) {
- printf("%s: interface %s does not exist", __func__, drv->iface);
- goto bad;
- }
-
- drv->sock_xmit = l2_packet_init(drv->iface, NULL, ETH_P_EAPOL,
- handle_read, drv, 1);
- if (drv->sock_xmit == NULL)
- goto bad;
- if (l2_packet_get_own_addr(drv->sock_xmit, hapd->own_addr))
- goto bad;
-
- bsd_set_iface_flags(drv, -IFF_UP); /* mark down during setup */
-
- return drv;
-bad:
- if (drv != NULL) {
- if (drv->sock_xmit != NULL)
- l2_packet_deinit(drv->sock_xmit);
- if (drv->ioctl_sock >= 0)
- close(drv->ioctl_sock);
- free(drv);
- }
- return NULL;
-}
-
-
-static void
-bsd_deinit(void *priv)
-{
- struct bsd_driver_data *drv = priv;
-
- (void) bsd_set_iface_flags(drv, -IFF_UP);
- if (drv->ioctl_sock >= 0)
- close(drv->ioctl_sock);
- if (drv->sock_xmit != NULL)
- l2_packet_deinit(drv->sock_xmit);
- free(drv);
-}
-
-const struct wpa_driver_ops wpa_driver_bsd_ops = {
- .name = "bsd",
- .init = bsd_init,
- .deinit = bsd_deinit,
- .set_ieee8021x = bsd_set_ieee8021x,
- .set_privacy = bsd_set_privacy,
- .set_encryption = bsd_set_key,
- .get_seqnum = bsd_get_seqnum,
- .flush = bsd_flush,
- .set_generic_elem = bsd_set_opt_ie,
- .wireless_event_init = bsd_wireless_event_init,
- .wireless_event_deinit = bsd_wireless_event_deinit,
- .sta_set_flags = bsd_sta_set_flags,
- .read_sta_data = bsd_read_sta_driver_data,
- .send_eapol = bsd_send_eapol,
- .sta_disassoc = bsd_sta_disassoc,
- .sta_deauth = bsd_sta_deauth,
- .set_ssid = bsd_set_ssid,
- .get_ssid = bsd_get_ssid,
- .set_countermeasures = bsd_set_countermeasures,
- .sta_clear_stats = bsd_sta_clear_stats,
- .commit = bsd_commit,
-#ifdef CONFIG_DRIVER_RADIUS_ACL
- .set_radius_acl_auth = bsd_set_radius_acl_auth,
- .set_radius_acl_expire = bsd_set_radius_acl_expire,
-#endif
-};
diff --git a/usr.sbin/wpa/hostapd/hostapd.8 b/usr.sbin/wpa/hostapd/hostapd.8
deleted file mode 100644
index 7fb14d3..0000000
--- a/usr.sbin/wpa/hostapd/hostapd.8
+++ /dev/null
@@ -1,134 +0,0 @@
-.\" Copyright (c) 2005 Sam Leffler <sam@errno.com>
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $FreeBSD$
-.\"
-.Dd October 26, 2007
-.Dt HOSTAPD 8
-.Os
-.Sh NAME
-.Nm hostapd
-.Nd "authenticator for IEEE 802.11 networks"
-.Sh SYNOPSIS
-.Nm
-.Op Fl BdhKtv
-.Op Fl P Ar pidfile
-.Ar config-file ...
-.Sh DESCRIPTION
-The
-.Nm
-utility
-is an authenticator for IEEE 802.11 networks.
-It provides full support for WPA/IEEE 802.11i and
-can also act as an IEEE 802.1X Authenticator with a suitable
-backend Authentication Server (typically
-.Tn FreeRADIUS ) .
-The
-.Nm
-utility
-implements the authentication protocols that piggyback on top
-of the normal IEEE 802.11 protocol mechanisms.
-To use
-.Nm
-as an authenticator, the underlying device must support some
-basic functionality such as the ability to set security information
-in the 802.11 management frames.
-Beware that not all devices have this support.
-.Pp
-The
-.Nm
-utility
-is designed to be a
-.Dq daemon
-program that runs in the
-background and acts as the backend component controlling
-the wireless connection.
-It supports separate frontend programs such as the
-text-based frontend,
-.Xr hostapd_cli 8 .
-.Pp
-The following arguments must be specified on the command line:
-.Bl -tag -width indent
-.It Ar config-file
-Use the settings in the specified configuration file; the name of
-the specified wireless interface is contained in this file.
-See
-.Xr hostapd.conf 5
-for a description of the configuration file syntax.
-.Pp
-Changes to the configuration file can be reloaded by sending a
-.Dv SIGHUP
-to the
-.Nm
-processor or with the
-.Xr hostapd_cli 8
-utility, using
-.Dq Li "hostapd_cli reconfigure" .
-.El
-.Sh OPTIONS
-The options are as follows:
-.Bl -tag -width indent
-.It Fl d
-Enable debugging messages.
-If this option is supplied twice, more verbose messages are displayed.
-.It Fl h
-Show help text.
-.It Fl t
-Include timestamps in debugging output.
-.It Fl v
-Display version information on the terminal and exit.
-.It Fl B
-Detach from the controlling terminal and run as a daemon process
-in the background.
-.It Fl K
-Include key information in debugging output.
-.It Fl P Ar pidfile
-Store PID in
-.Ar pidfile .
-.El
-.Sh SEE ALSO
-.Xr ath 4 ,
-.Xr ipw 4 ,
-.Xr iwi 4 ,
-.Xr ral 4 ,
-.Xr ural 4 ,
-.Xr wi 4 ,
-.Xr hostapd.conf 5 ,
-.Xr hostapd_cli 8 ,
-.Xr ifconfig 8
-.Sh HISTORY
-The
-.Nm
-utility first appeared in
-.Fx 6.0 .
-.Sh AUTHORS
-The
-.Nm
-utility was written by
-.An Jouni Malinen Aq j@w1.fi .
-This manual page is derived from the
-.Pa README
-file included in the
-.Nm
-distribution.
diff --git a/usr.sbin/wpa/hostapd/hostapd.conf.5 b/usr.sbin/wpa/hostapd/hostapd.conf.5
deleted file mode 100644
index a460801..0000000
--- a/usr.sbin/wpa/hostapd/hostapd.conf.5
+++ /dev/null
@@ -1,210 +0,0 @@
-.\" Copyright (c) 2005 Sam Leffler <sam@errno.com>
-.\" Copyright (c) 2006 Rui Paulo
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $FreeBSD$
-.\"
-.Dd September 2, 2006
-.Dt HOSTAPD.CONF 5
-.Os
-.Sh NAME
-.Nm hostapd.conf
-.Nd configuration file for
-.Xr hostapd 8
-utility
-.Sh DESCRIPTION
-The
-.Xr hostapd 8
-utility
-is an authenticator for IEEE 802.11 networks.
-It provides full support for WPA/IEEE 802.11i and
-can also act as an IEEE 802.1X Authenticator with a suitable
-backend Authentication Server (typically
-.Tn FreeRADIUS ) .
-.Pp
-The configuration file consists of global parameters and domain
-specific configuration:
-.Bl -bullet -offset indent -compact
-.It
-IEEE 802.1X-2004
-.\" XXX not yet
-.\" .It
-.\" Integrated EAP server
-.\" .It
-.\" IEEE 802.11f - Inter-Access Point Protocol (IAPP)
-.It
-RADIUS client
-.It
-RADIUS authentication server
-.It
-WPA/IEEE 802.11i
-.El
-.Sh GLOBAL PARAMETERS
-The following parameters are recognized:
-.Bl -tag -width indent
-.It Va interface
-Interface name.
-Should be set in
-.Dq hostap
-mode.
-.It Va debug
-Debugging mode: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps, 4 =
-excessive.
-.It Va dump_file
-Dump file for state information (on
-.Dv SIGUSR1 ) .
-.It Va ctrl_interface
-The pathname of the directory in which
-.Xr hostapd 8
-creates
-.Ux
-domain socket files for communication
-with frontend programs such as
-.Xr hostapd_cli 8 .
-.It Va ctrl_interface_group
-A group name or group ID to use in setting protection on the
-control interface file.
-This can be set to allow non-root users to access the
-control interface files.
-If no group is specified, the group ID of the control interface
-is not modified and will, typically, be the
-group ID of the directory in which the socket is created.
-.El
-.Sh IEEE 802.1X-2004 PARAMETERS
-The following parameters are recognized:
-.Bl -tag -width indent
-.It Va ieee8021x
-Require IEEE 802.1X authorization.
-.It Va eap_message
-Optional displayable message sent with EAP Request-Identity.
-.It Va wep_key_len_broadcast
-Key lengths for broadcast keys.
-.It Va wep_key_len_unicast
-Key lengths for unicast keys.
-.It Va wep_rekey_period
-Rekeying period in seconds.
-.It Va eapol_key_index_workaround
-EAPOL-Key index workaround (set bit7) for WinXP Supplicant.
-.It Va eap_reauth_period
-EAP reauthentication period in seconds.
-To disable reauthentication,
-use
-.Dq 0 .
-.\" XXX not yet
-.\" .It Va use_pae_group_addr
-.El
-.\" XXX not yet
-.\" .Sh IEEE 802.11f - IAPP PARAMETERS
-.\" The following parameters are recognized:
-.\" .Bl -tag -width indent
-.\" .It Va iapp_interface
-.\" Interface to be used for IAPP broadcast packets
-.\" .El
-.Sh RADIUS CLIENT PARAMETERS
-The following parameters are recognized:
-.Bl -tag -width indent
-.It Va own_ip_addr
-The own IP address of the access point (used as NAS-IP-Address).
-.It Va nas_identifier
-Optional NAS-Identifier string for RADIUS messages.
-.It Va auth_server_addr , auth_server_port , auth_server_shared_secret
-RADIUS authentication server parameters.
-Can be defined twice for secondary servers to be used if primary one
-does not reply to RADIUS packets.
-.It Va acct_server_addr , acct_server_port , acct_server_shared_secret
-RADIUS accounting server parameters.
-Can be defined twice for secondary servers to be used if primary one
-does not reply to RADIUS packets.
-.It Va radius_retry_primary_interval
-Retry interval for trying to return to the primary RADIUS server (in
-seconds).
-.It Va radius_acct_interim_interval
-Interim accounting update interval.
-If this is set (larger than 0) and acct_server is configured,
-.Xr hostapd 8
-will send interim accounting updates every N seconds.
-.El
-.Sh RADIUS AUTHENTICATION SERVER PARAMETERS
-The following parameters are recognized:
-.Bl -tag -width indent
-.It Va radius_server_clients
-File name of the RADIUS clients configuration for the RADIUS server.
-If this is commented out, RADIUS server is disabled.
-.It Va radius_server_auth_port
-The UDP port number for the RADIUS authentication server.
-.It Va radius_server_ipv6
-Use IPv6 with RADIUS server.
-.El
-.Sh WPA/IEEE 802.11i PARAMETERS
-The following parameters are recognized:
-.Bl -tag -width indent
-.It Va wpa
-Enable WPA.
-Setting this variable configures the AP to require WPA (either
-WPA-PSK or WPA-RADIUS/EAP based on other configuration).
-.It Va wpa_psk , wpa_passphrase
-WPA pre-shared keys for WPA-PSK.
-This can be either entered as a 256-bit secret in hex format (64 hex
-digits), wpa_psk, or as an ASCII passphrase (8..63 characters) that
-will be converted to PSK.
-This conversion uses SSID so the PSK changes when ASCII passphrase is
-used and the SSID is changed.
-.It Va wpa_psk_file
-Optionally, WPA PSKs can be read from a separate text file (containing a
-list of (PSK,MAC address) pairs.
-.It Va wpa_key_mgmt
-Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both).
-.It Va wpa_pairwise
-Set of accepted cipher suites (encryption algorithms) for pairwise keys
-(unicast packets).
-See the example file for more information.
-.It Va wpa_group_rekey
-Time interval for rekeying GTK (broadcast/multicast encryption keys) in
-seconds.
-.It Va wpa_strict_rekey
-Rekey GTK when any STA that possesses the current GTK is leaving the
-BSS.
-.It Va wpa_gmk_rekey
-Time interval for rekeying GMK (master key used internally to generate GTKs),
-in seconds.
-.El
-.Sh SEE ALSO
-.Xr hostapd 8 ,
-.Xr hostapd_cli 8
-.Sh HISTORY
-The
-.Nm
-manual page and
-.Xr hostapd 8
-functionality first appeared in
-.Fx 6.0 .
-.Sh AUTHORS
-This manual page is derived from the
-.Pa README
-and
-.Pa hostapd.conf
-files in the
-.Nm hostapd
-distribution provided by
-.An Jouni Malinen Aq j@w1.fi .
OpenPOWER on IntegriCloud