diff options
Diffstat (limited to 'usr.sbin/wpa/hostapd')
-rw-r--r-- | usr.sbin/wpa/hostapd/Makefile | 114 | ||||
-rw-r--r-- | usr.sbin/wpa/hostapd/driver_freebsd.c | 909 | ||||
-rw-r--r-- | usr.sbin/wpa/hostapd/hostapd.8 | 134 | ||||
-rw-r--r-- | usr.sbin/wpa/hostapd/hostapd.conf.5 | 210 |
4 files changed, 0 insertions, 1367 deletions
diff --git a/usr.sbin/wpa/hostapd/Makefile b/usr.sbin/wpa/hostapd/Makefile deleted file mode 100644 index db9b1d3..0000000 --- a/usr.sbin/wpa/hostapd/Makefile +++ /dev/null @@ -1,114 +0,0 @@ -# $FreeBSD$ - -.include "${.CURDIR}/../Makefile.inc" - -.PATH.c:${HOSTAPD_DISTDIR} \ - ${WPA_DISTDIR}/src/eap_server \ - ${WPA_DISTDIR}/src/radius \ - -PROG= hostapd -SRCS= accounting.c aes.c aes_wrap.c ap_list.c beacon.c common.c \ - config.c ctrl_iface.c drivers.c eapol_sm.c eap.c eap_common.c \ - eap_identity.c eap_methods.c eloop.c hostapd.c \ - hw_features.c ieee802_11.c ieee802_11_common.c ieee802_11_auth.c \ - ieee802_1x.c ip_addr.c md5.c mlme.c pmksa_cache.c radius.c \ - radius_client.c rc4.c sha1.c sta_info.c vlan_init.c wme.c \ - wpa.c wpa_auth_ie.c wpa_common.c wpa_debug.c wpabuf.c -SRCS+= l2_packet_freebsd.c driver_freebsd.c os_unix.c - -MAN= hostapd.8 hostapd.conf.5 - -.if ${MK_EXAMPLES} != "no" -FILESDIR= ${SHAREDIR}/examples/hostapd -.PATH: ${HOSTAPD_DISTDIR} -FILES= hostapd.conf hostapd.eap_user hostapd.wpa_psk -.endif - -CFLAGS+= -I${HOSTAPD_DISTDIR} - -CFLAGS+= -DCONFIG_DRIVER_BSD -CFLAGS+= -DCONFIG_DRIVER_RADIUS_ACL -.if ${MK_INET6} != "no" -CFLAGS+= -DCONFIG_IPV6 -.endif -CFLAGS+= -g -DPADD+= ${LIBPCAP} -LDADD+= -lpcap - -# User customizations for wpa_supplicant/hostapd build environment -CFLAGS+=${HOSTAPD_CFLAGS} -#DPADD+=${HOSTAPD_DPADD} -LDADD+=${HOSTAPD_LDADD} -#LDFLAGS+=${HOSTAPD_LDFLAGS} - -.if !empty(CFLAGS:M*-DEAP_SERVER) -#SRCS+= eap.c eap_methods.c eap_identity.c - -.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH) - -CFLAGS+=-DEAP_TLS -DEAP_PEAP -DEAP_MSCHAPv2 -DEAP_PSK \ - -DEAP_TLS_FUNCS -DEAP_TLS_OPENSSL -SRCS+= crypto_openssl.c -SRCS+= eap_tls.c eap_peap.c eap_peap_common.c eap_mschapv2.c \ - eap_psk.c eap_psk_common.c \ - eap_tls_common.c tls_openssl.c ms_funcs.c chap.c - -CFLAGS+=-DEAP_TTLS -DEAP_MD5 -SRCS+= eap_ttls.c eap_md5.c - -.if !empty(CFLAGS:M*-DEAP_GTC) -SRCS+= eap_gtc.c -.endif - -.if !empty(CFLAGS:M*-DEAP_AKA) -NEED_SIM_COMMON= true -SRCS+= eap_aka.c -.endif - -.if !empty(CFLAGS:M*-DEAP_SIM) -NEED_SIM_COMMON= true -SRCS+= eap_sim.c -.endif - -.if defined(NEED_SIM_COMMON) -SRCS+= eap_sim_common.c eap_sim_db.c -.endif - -.if !empty(CFLAGS:M*-DEAP_GPSK) -CFLAGS+=-DEAP_GPSK_SHA256 -SRCS+= eap_gpsk.c eap_gpsk_common.c -NEED_SHA256= true -.endif - -.if !empty(CFLAGS:M*-DEAP_PAX) -SRCS+= eap_pax.c eap_pax_common.c -.endif - -.if !empty(CFLAGS:M*-DEAP_SAKE) -SRCS+= eap_sake.c eap_sake_common.c -.endif - -DPADD+= ${LIBSSL} ${LIBCRYPTO} -LDADD+= -lssl -lcrypto -.else -NEED_TLS_NONE= true -.endif - -.else -NEED_TLS_NONE= true -.endif - -.if defined(NEED_SHA256) -CFLAGS+=-DINTERNAL_SHA256 -SRCS+= sha256.c -.endif - -.if defined(NEED_TLS_NONE) -CFLAGS+= -DEAP_TLS_NONE -CFLAGS+= -DINTERNAL_AES -CFLAGS+= -DINTERNAL_SHA1 -CFLAGS+= -DINTERNAL_MD5 -SRCS+= tls_none.c -.endif - -.include <bsd.prog.mk> diff --git a/usr.sbin/wpa/hostapd/driver_freebsd.c b/usr.sbin/wpa/hostapd/driver_freebsd.c deleted file mode 100644 index 89d0051..0000000 --- a/usr.sbin/wpa/hostapd/driver_freebsd.c +++ /dev/null @@ -1,909 +0,0 @@ -/* - * Host AP - driver interaction with BSD net80211 layer - * Copyright (c) 2004, Sam Leffler <sam@errno.com> - * Copyright (c) 2004, 2Wire, Inc - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - * - * Alternatively, this software may be distributed under the terms of BSD - * license. - * - * See README and COPYING for more details. - * - * $FreeBSD$ - */ -#include <stdlib.h> -#include <stdio.h> -#include <unistd.h> -#include <string.h> -#include <sys/ioctl.h> -#include <errno.h> - -#include <sys/socket.h> -#include <net/if.h> -#include <netinet/in.h> - -#include <net80211/ieee80211_ioctl.h> - -#undef RSN_VERSION -#undef WPA_VERSION -#undef WPA_OUI_TYPE -#undef WME_OUI_TYPE - -#include "hostapd.h" -#include "driver.h" -#include "ieee802_1x.h" -#include "ieee802_11_auth.h" -#include "eloop.h" -#include "sta_info.h" -#include "l2_packet/l2_packet.h" - -#include "eapol_sm.h" -#include "wpa.h" -#include "radius/radius.h" -#include "ieee802_11.h" -#include "common.h" -#include "hostap_common.h" - -struct bsd_driver_data { - struct hostapd_data *hapd; /* back pointer */ - - char iface[IFNAMSIZ + 1]; - unsigned int ifindex; /* interface index */ - struct l2_packet_data *sock_xmit; /* raw packet xmit socket */ - int ioctl_sock; /* socket for ioctl() use */ - int wext_sock; /* socket for wireless events */ -}; - -static const struct wpa_driver_ops bsd_driver_ops; - -static int bsd_sta_deauth(void *priv, const u8 *addr, int reason_code); - -static int -set80211var(struct bsd_driver_data *drv, int op, const void *arg, int arg_len) -{ - struct ieee80211req ireq; - - memset(&ireq, 0, sizeof(ireq)); - strncpy(ireq.i_name, drv->iface, IFNAMSIZ); - ireq.i_type = op; - ireq.i_len = arg_len; - ireq.i_data = (void *) arg; - - if (ioctl(drv->ioctl_sock, SIOCS80211, &ireq) < 0) { - perror("ioctl[SIOCS80211]"); - return -1; - } - return 0; -} - -static int -get80211var(struct bsd_driver_data *drv, int op, void *arg, int arg_len) -{ - struct ieee80211req ireq; - - memset(&ireq, 0, sizeof(ireq)); - strncpy(ireq.i_name, drv->iface, IFNAMSIZ); - ireq.i_type = op; - ireq.i_len = arg_len; - ireq.i_data = arg; - - if (ioctl(drv->ioctl_sock, SIOCG80211, &ireq) < 0) { - perror("ioctl[SIOCG80211]"); - return -1; - } - return ireq.i_len; -} - -static int -set80211param(struct bsd_driver_data *drv, int op, int arg) -{ - struct ieee80211req ireq; - - memset(&ireq, 0, sizeof(ireq)); - strncpy(ireq.i_name, drv->iface, IFNAMSIZ); - ireq.i_type = op; - ireq.i_val = arg; - - if (ioctl(drv->ioctl_sock, SIOCS80211, &ireq) < 0) { - perror("ioctl[SIOCS80211]"); - return -1; - } - return 0; -} - -static const char * -ether_sprintf(const u8 *addr) -{ - static char buf[sizeof(MACSTR)]; - - if (addr != NULL) - snprintf(buf, sizeof(buf), MACSTR, MAC2STR(addr)); - else - snprintf(buf, sizeof(buf), MACSTR, 0,0,0,0,0,0); - return buf; -} - -static int -bsd_set_iface_flags(void *priv, int flags) -{ - struct bsd_driver_data *drv = priv; - struct hostapd_data *hapd = drv->hapd; - struct ifreq ifr; - - wpa_printf(MSG_DEBUG, "%s: flags=0x%x\n", __func__, flags); - - if (drv->ioctl_sock < 0) - return -1; - - memset(&ifr, 0, sizeof(ifr)); - snprintf(ifr.ifr_name, IFNAMSIZ, "%s", drv->iface); - - if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, &ifr) != 0) { - perror("ioctl[SIOCGIFFLAGS]"); - return -1; - } - - if (flags < 0) { - flags = -flags; - if ((ifr.ifr_flags & flags) == 0) - return 0; - ifr.ifr_flags &= ~flags; - } else { - if ((ifr.ifr_flags & flags) == flags) - return 0; - ifr.ifr_flags |= flags; - } - - if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, &ifr) != 0) { - perror("ioctl[SIOCSIFFLAGS]"); - return -1; - } - return 0; -} - -static int -bsd_commit(void *priv) -{ - return bsd_set_iface_flags(priv, IFF_UP); -} - -static int -bsd_set_ieee8021x(const char *ifname, void *priv, int enabled) -{ - struct bsd_driver_data *drv = priv; - struct hostapd_data *hapd = drv->hapd; - struct hostapd_bss_config *conf = hapd->conf; - - wpa_printf(MSG_DEBUG, "%s: enabled=%d\n", __func__, enabled); - - if (!enabled) { - /* XXX restore state */ - return set80211param(priv, IEEE80211_IOC_AUTHMODE, - IEEE80211_AUTH_AUTO); - } - if (!conf->wpa && !conf->ieee802_1x) { - hostapd_logger(hapd, NULL, HOSTAPD_MODULE_DRIVER, - HOSTAPD_LEVEL_WARNING, "No 802.1X or WPA enabled!"); - return -1; - } - if (conf->wpa && set80211param(drv, IEEE80211_IOC_WPA, conf->wpa)) { - hostapd_logger(hapd, NULL, HOSTAPD_MODULE_DRIVER, - HOSTAPD_LEVEL_WARNING, "Error configuring WPA state!"); - return -1; - } - if (set80211param(priv, IEEE80211_IOC_AUTHMODE, - (conf->wpa ? IEEE80211_AUTH_WPA : IEEE80211_AUTH_8021X))) { - hostapd_logger(hapd, NULL, HOSTAPD_MODULE_DRIVER, - HOSTAPD_LEVEL_WARNING, "Error enabling WPA/802.1X!"); - return -1; - } - return 0; -} - -static int -bsd_set_privacy(const char *ifname, void *priv, int enabled) -{ - struct bsd_driver_data *drv = priv; - struct hostapd_data *hapd = drv->hapd; - - wpa_printf(MSG_DEBUG, "%s: enabled=%d\n", __func__, enabled); - - return set80211param(priv, IEEE80211_IOC_PRIVACY, enabled); -} - -static int -bsd_set_sta_authorized(void *priv, const u8 *addr, int authorized) -{ - struct bsd_driver_data *drv = priv; - struct hostapd_data *hapd = drv->hapd; - struct ieee80211req_mlme mlme; - - wpa_printf(MSG_DEBUG, "%s: addr=%s authorized=%d\n", - __func__, ether_sprintf(addr), authorized); - - if (authorized) - mlme.im_op = IEEE80211_MLME_AUTHORIZE; - else - mlme.im_op = IEEE80211_MLME_UNAUTHORIZE; - mlme.im_reason = 0; - memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN); - return set80211var(priv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme)); -} - -static int -bsd_sta_set_flags(void *priv, const u8 *addr, int total_flags, - int flags_or, int flags_and) -{ - /* For now, only support setting Authorized flag */ - if (flags_or & WLAN_STA_AUTHORIZED) - return bsd_set_sta_authorized(priv, addr, 1); - if (!(flags_and & WLAN_STA_AUTHORIZED)) - return bsd_set_sta_authorized(priv, addr, 0); - return 0; -} - -static int -bsd_del_key(void *priv, const unsigned char *addr, int key_idx) -{ - struct bsd_driver_data *drv = priv; - struct hostapd_data *hapd = drv->hapd; - struct ieee80211req_del_key wk; - - wpa_printf(MSG_DEBUG, "%s: addr=%s key_idx=%d\n", - __func__, ether_sprintf(addr), key_idx); - - memset(&wk, 0, sizeof(wk)); - if (addr != NULL) { - memcpy(wk.idk_macaddr, addr, IEEE80211_ADDR_LEN); - wk.idk_keyix = (u_int8_t) IEEE80211_KEYIX_NONE; /* XXX */ - } else { - wk.idk_keyix = key_idx; - } - - return set80211var(priv, IEEE80211_IOC_DELKEY, &wk, sizeof(wk)); -} - -static int -bsd_set_key(const char *ifname, void *priv, const char *alg, - const u8 *addr, int key_idx, - const u8 *key, size_t key_len, int txkey) -{ - struct bsd_driver_data *drv = priv; - struct hostapd_data *hapd = drv->hapd; - struct ieee80211req_key wk; - u_int8_t cipher; - - if (strcmp(alg, "none") == 0) - return bsd_del_key(priv, addr, key_idx); - - wpa_printf(MSG_DEBUG, "%s: alg=%s addr=%s key_idx=%d\n", - __func__, alg, ether_sprintf(addr), key_idx); - - if (strcmp(alg, "WEP") == 0) - cipher = IEEE80211_CIPHER_WEP; - else if (strcmp(alg, "TKIP") == 0) - cipher = IEEE80211_CIPHER_TKIP; - else if (strcmp(alg, "CCMP") == 0) - cipher = IEEE80211_CIPHER_AES_CCM; - else { - printf("%s: unknown/unsupported algorithm %s\n", - __func__, alg); - return -1; - } - - if (key_len > sizeof(wk.ik_keydata)) { - printf("%s: key length %d too big\n", __func__, key_len); - return -3; - } - - memset(&wk, 0, sizeof(wk)); - wk.ik_type = cipher; - if (addr == NULL) { - memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN); - wk.ik_keyix = key_idx; - wk.ik_flags = IEEE80211_KEY_XMIT - | IEEE80211_KEY_GROUP - | IEEE80211_KEY_DEFAULT; - } else { - memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN); - wk.ik_keyix = IEEE80211_KEYIX_NONE; - wk.ik_flags = IEEE80211_KEY_RECV | IEEE80211_KEY_XMIT; - } - wk.ik_keylen = key_len; - memcpy(wk.ik_keydata, key, key_len); - - return set80211var(priv, IEEE80211_IOC_WPAKEY, &wk, sizeof(wk)); -} - - -static int -bsd_get_seqnum(const char *ifname, void *priv, const u8 *addr, int idx, - u8 *seq) -{ - struct bsd_driver_data *drv = priv; - struct hostapd_data *hapd = drv->hapd; - struct ieee80211req_key wk; - - wpa_printf(MSG_DEBUG, "%s: addr=%s idx=%d\n", - __func__, ether_sprintf(addr), idx); - - memset(&wk, 0, sizeof(wk)); - if (addr == NULL) - memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN); - else - memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN); - wk.ik_keyix = idx; - - if (get80211var(drv, IEEE80211_IOC_WPAKEY, &wk, sizeof(wk)) < 0) { - printf("Failed to get encryption.\n"); - return -1; - } else { - /* NB: upper layer expects tsc in network order */ - wk.ik_keytsc = htole64(wk.ik_keytsc); - memcpy(seq, &wk.ik_keytsc, sizeof(wk.ik_keytsc)); - return 0; - } -} - - -static int -bsd_flush(void *priv) -{ - u8 allsta[IEEE80211_ADDR_LEN]; - - memset(allsta, 0xff, IEEE80211_ADDR_LEN); - return bsd_sta_deauth(priv, allsta, IEEE80211_REASON_AUTH_LEAVE); -} - - -static int -bsd_read_sta_driver_data(void *priv, struct hostap_sta_driver_data *data, - const u8 *addr) -{ - struct bsd_driver_data *drv = priv; - struct ieee80211req_sta_stats stats; - - memcpy(stats.is_u.macaddr, addr, IEEE80211_ADDR_LEN); - if (get80211var(drv, IEEE80211_IOC_STA_STATS, &stats, sizeof(stats)) > 0) { - /* XXX? do packets counts include non-data frames? */ - data->rx_packets = stats.is_stats.ns_rx_data; - data->rx_bytes = stats.is_stats.ns_rx_bytes; - data->tx_packets = stats.is_stats.ns_tx_data; - data->tx_bytes = stats.is_stats.ns_tx_bytes; - } - return 0; -} - -static int -bsd_sta_clear_stats(void *priv, const u8 *addr) -{ - struct bsd_driver_data *drv = priv; - struct hostapd_data *hapd = drv->hapd; - struct ieee80211req_sta_stats stats; - - wpa_printf(MSG_DEBUG, "%s: addr=%s\n", __func__, ether_sprintf(addr)); - - /* zero station statistics */ - memset(&stats, 0, sizeof(stats)); - memcpy(stats.is_u.macaddr, addr, IEEE80211_ADDR_LEN); - return set80211var(drv, IEEE80211_IOC_STA_STATS, &stats, sizeof(stats)); -} - -static int -bsd_set_opt_ie(const char *ifname, void *priv, const u8 *ie, size_t ie_len) -{ - struct bsd_driver_data *drv = priv; - struct hostapd_data *hapd = drv->hapd; - struct ieee80211req ireq; - - memset(&ireq, 0, sizeof(ireq)); - strncpy(ireq.i_name, drv->iface, IFNAMSIZ); - ireq.i_type = IEEE80211_IOC_APPIE; - ireq.i_val = IEEE80211_APPIE_WPA; - ireq.i_data = (void *) ie; - ireq.i_len = ie_len; - - wpa_printf(MSG_DEBUG, "%s: set WPA+RSN ie (len %d)\n", - __func__, ie_len); - if (ioctl(drv->ioctl_sock, SIOCS80211, &ireq) < 0) { - printf("Unable to set WPA+RSN ie\n"); - return -1; - } - return 0; -} - -static int -bsd_sta_deauth(void *priv, const u8 *addr, int reason_code) -{ - struct bsd_driver_data *drv = priv; - struct hostapd_data *hapd = drv->hapd; - struct ieee80211req_mlme mlme; - - wpa_printf(MSG_DEBUG, "%s: addr=%s reason_code=%d\n", - __func__, ether_sprintf(addr), reason_code); - - mlme.im_op = IEEE80211_MLME_DEAUTH; - mlme.im_reason = reason_code; - memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN); - return set80211var(priv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme)); -} - -static int -bsd_sta_disassoc(void *priv, const u8 *addr, int reason_code) -{ - struct bsd_driver_data *drv = priv; - struct hostapd_data *hapd = drv->hapd; - struct ieee80211req_mlme mlme; - - wpa_printf(MSG_DEBUG, "%s: addr=%s reason_code=%d\n", - __func__, ether_sprintf(addr), reason_code); - - mlme.im_reason = reason_code; - memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN); - return set80211var(priv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme)); -} - -static int -bsd_del_sta(struct bsd_driver_data *drv, u8 addr[IEEE80211_ADDR_LEN]) -{ - struct hostapd_data *hapd = drv->hapd; - struct hostapd_bss_config *conf = hapd->conf; - struct sta_info *sta; - - hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, - HOSTAPD_LEVEL_INFO, "deassociated"); - - sta = ap_get_sta(hapd, addr); - if (sta != NULL) { - sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); - if (conf->wpa) - wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC); - sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; - ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); - ap_free_sta(hapd, sta); - } - return 0; -} - -static int -bsd_new_sta(struct bsd_driver_data *drv, u8 addr[IEEE80211_ADDR_LEN]) -{ - struct hostapd_data *hapd = drv->hapd; - struct hostapd_bss_config *conf = hapd->conf; - struct sta_info *sta; - struct ieee80211req_wpaie ie; - int new_assoc, ielen, res; - - hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, - HOSTAPD_LEVEL_INFO, "associated"); - - sta = ap_sta_add(hapd, addr); - if (sta == NULL) - return -1; - /* - * Fetch and validate any negotiated WPA/RSN parameters. - */ - if (conf->wpa) { - memset(&ie, 0, sizeof(ie)); - memcpy(ie.wpa_macaddr, addr, IEEE80211_ADDR_LEN); - if (get80211var(drv, IEEE80211_IOC_WPAIE, &ie, sizeof(ie)) < 0) { - printf("Failed to get WPA/RSN information element.\n"); - return -1; /* XXX not right */ - } - if (ie.wpa_ie[1] == 0) { - printf("No WPA/RSN information element for station!\n"); - return -1; /* XXX not right */ - } - if (sta->wpa_sm == NULL) - sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, - sta->addr); - if (sta->wpa_sm == NULL) { - printf("Failed to initialize WPA state machine\n"); - return -1; - } - ielen = 2 + ie.wpa_ie[1]; - res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm, - ie.wpa_ie, ielen, NULL, 0); - if (res != WPA_IE_OK) { - printf("WPA/RSN information element rejected? " - "(res %u)\n", res); - return -1; - } - } - - /* - * Now that the internal station state is setup - * kick the authenticator into action. - */ - new_assoc = (sta->flags & WLAN_STA_ASSOC) == 0; - sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC; - wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC); - hostapd_new_assoc_sta(hapd, sta, !new_assoc); - ieee802_1x_notify_port_enabled(sta->eapol_sm, 1); - - return 0; -} - -#include <net/route.h> -#include <net80211/ieee80211_freebsd.h> - -static void -bsd_wireless_event_receive(int sock, void *ctx, void *sock_ctx) -{ - struct bsd_driver_data *drv = ctx; - struct hostapd_data *hapd = drv->hapd; - char buf[2048]; - struct if_announcemsghdr *ifan; - struct rt_msghdr *rtm; - struct ieee80211_michael_event *mic; - struct ieee80211_join_event *join; - struct ieee80211_leave_event *leave; -#ifdef CONFIG_DRIVER_RADIUS_ACL - struct ieee80211_auth_event *auth; -#endif - int n; - - n = read(sock, buf, sizeof(buf)); - if (n < 0) { - if (errno != EINTR && errno != EAGAIN) - perror("read(PF_ROUTE)"); - return; - } - - rtm = (struct rt_msghdr *) buf; - if (rtm->rtm_version != RTM_VERSION) { - wpa_printf(MSG_DEBUG, "Routing message version %d not " - "understood\n", rtm->rtm_version); - return; - } - ifan = (struct if_announcemsghdr *) rtm; - if (ifan->ifan_index != drv->ifindex) { - wpa_printf(MSG_DEBUG, "Discard routing message to if#%d " - "(not for us %d)\n", - ifan->ifan_index, drv->ifindex); - return; - } - switch (rtm->rtm_type) { - case RTM_IEEE80211: - switch (ifan->ifan_what) { - case RTM_IEEE80211_ASSOC: - case RTM_IEEE80211_REASSOC: - case RTM_IEEE80211_DISASSOC: - case RTM_IEEE80211_SCAN: - break; - case RTM_IEEE80211_LEAVE: - leave = (struct ieee80211_leave_event *) &ifan[1]; - bsd_del_sta(drv, leave->iev_addr); - break; - case RTM_IEEE80211_JOIN: -#ifdef RTM_IEEE80211_REJOIN - case RTM_IEEE80211_REJOIN: -#endif - join = (struct ieee80211_join_event *) &ifan[1]; - bsd_new_sta(drv, join->iev_addr); - break; - case RTM_IEEE80211_REPLAY: - /* ignore */ - break; - case RTM_IEEE80211_MICHAEL: - mic = (struct ieee80211_michael_event *) &ifan[1]; - wpa_printf(MSG_DEBUG, - "Michael MIC failure wireless event: " - "keyix=%u src_addr=" MACSTR, mic->iev_keyix, - MAC2STR(mic->iev_src)); - ieee80211_michael_mic_failure(hapd, mic->iev_src, 1); - break; -#ifdef CONFIG_DRIVER_RADIUS_ACL - case RTM_IEEE80211_AUTH: - auth = (struct ieee80211_auth_event *) &ifan[1]; - wpa_printf(MSG_DEBUG, "802.11 AUTH, STA = " MACSTR, - MAC2STR(auth->iev_addr)); - n = hostapd_allowed_address(hapd, auth->iev_addr, - NULL, 0, NULL, NULL, NULL); - switch (n) { - case HOSTAPD_ACL_ACCEPT: - case HOSTAPD_ACL_REJECT: - hostapd_set_radius_acl_auth(hapd, - auth->iev_addr, n, 0); - wpa_printf(MSG_DEBUG, - "802.11 AUTH, STA = " MACSTR " hostapd says: %s", - MAC2STR(auth->iev_addr), - (n == HOSTAPD_ACL_ACCEPT ? - "ACCEPT" : "REJECT" )); - break; - case HOSTAPD_ACL_PENDING: - wpa_printf(MSG_DEBUG, - "802.11 AUTH, STA = " MACSTR " pending", - MAC2STR(auth->iev_addr)); - break; - } - break; -#endif /* CONFIG_DRIVER_RADIUS_ACL */ - } - break; - } -} - -static int -bsd_wireless_event_init(void *priv) -{ - struct bsd_driver_data *drv = priv; - int s; - - drv->wext_sock = -1; - - s = socket(PF_ROUTE, SOCK_RAW, 0); - if (s < 0) { - perror("socket(PF_ROUTE,SOCK_RAW)"); - return -1; - } - eloop_register_read_sock(s, bsd_wireless_event_receive, drv, NULL); - drv->wext_sock = s; - - return 0; -} - -static void -bsd_wireless_event_deinit(void *priv) -{ - struct bsd_driver_data *drv = priv; - - if (drv != NULL) { - if (drv->wext_sock < 0) - return; - eloop_unregister_read_sock(drv->wext_sock); - close(drv->wext_sock); - } -} - - -static int -bsd_send_eapol(void *priv, const u8 *addr, const u8 *data, size_t data_len, - int encrypt, const u8 *own_addr) -{ - struct bsd_driver_data *drv = priv; - struct hostapd_data *hapd = drv->hapd; - unsigned char buf[3000]; - unsigned char *bp = buf; - struct l2_ethhdr *eth; - size_t len; - int status; - - /* - * Prepend the Etherent header. If the caller left us - * space at the front we could just insert it but since - * we don't know we copy to a local buffer. Given the frequency - * and size of frames this probably doesn't matter. - */ - len = data_len + sizeof(struct l2_ethhdr); - if (len > sizeof(buf)) { - bp = malloc(len); - if (bp == NULL) { - printf("EAPOL frame discarded, cannot malloc temp " - "buffer of size %u!\n", len); - return -1; - } - } - eth = (struct l2_ethhdr *) bp; - memcpy(eth->h_dest, addr, ETH_ALEN); - memcpy(eth->h_source, own_addr, ETH_ALEN); - eth->h_proto = htons(ETH_P_EAPOL); - memcpy(eth+1, data, data_len); - - wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", bp, len); - - status = l2_packet_send(drv->sock_xmit, addr, ETH_P_EAPOL, bp, len); - - if (bp != buf) - free(bp); - return status; -} - -static void -handle_read(void *ctx, const u8 *src_addr, const u8 *buf, size_t len) -{ - struct bsd_driver_data *drv = ctx; - struct hostapd_data *hapd = drv->hapd; - struct sta_info *sta; - - sta = ap_get_sta(hapd, src_addr); - if (!sta || !(sta->flags & WLAN_STA_ASSOC)) { - printf("Data frame from not associated STA %s\n", - ether_sprintf(src_addr)); - /* XXX cannot happen */ - return; - } - ieee802_1x_receive(hapd, src_addr, buf + sizeof(struct l2_ethhdr), - len - sizeof(struct l2_ethhdr)); -} - -static int -bsd_get_ssid(const char *ifname, void *priv, u8 *buf, int len) -{ - struct bsd_driver_data *drv = priv; - struct hostapd_data *hapd = drv->hapd; - int ssid_len = get80211var(priv, IEEE80211_IOC_SSID, buf, len); - - wpa_printf(MSG_DEBUG, "%s: ssid=\"%.*s\"\n", __func__, ssid_len, buf); - - return ssid_len; -} - -static int -bsd_set_ssid(const char *ifname, void *priv, const u8 *buf, int len) -{ - struct bsd_driver_data *drv = priv; - struct hostapd_data *hapd = drv->hapd; - - wpa_printf(MSG_DEBUG, "%s: ssid=\"%.*s\"\n", __func__, len, buf); - - return set80211var(priv, IEEE80211_IOC_SSID, buf, len); -} - -static int -bsd_set_countermeasures(void *priv, int enabled) -{ - struct bsd_driver_data *drv = priv; - - wpa_printf(MSG_DEBUG, "%s: enabled=%d", __FUNCTION__, enabled); - return set80211param(drv, IEEE80211_IOC_COUNTERMEASURES, enabled); -} - -#ifdef CONFIG_DRIVER_RADIUS_ACL -static int -bsd_set_radius_acl_auth(void *priv, const u8 *mac, int accepted, - u32 session_timeout) -{ - struct bsd_driver_data *drv = priv; - struct hostapd_data *hapd = drv->hapd; - struct ieee80211req_mlme mlme; - - switch (accepted) { - case HOSTAPD_ACL_ACCEPT_TIMEOUT: - wpa_printf(MSG_DEBUG, "[%s] STA " MACSTR - " has been accepted by RADIUS ACL with timeout " - "of %d.\n", hapd->conf->iface, MAC2STR(mac), - session_timeout); - mlme.im_reason = IEEE80211_STATUS_SUCCESS; - break; - case HOSTAPD_ACL_ACCEPT: - wpa_printf(MSG_DEBUG, "[%s] STA " MACSTR - " has been accepted by RADIUS ACL.\n", - hapd->conf->iface, MAC2STR(mac)); - mlme.im_reason = IEEE80211_STATUS_SUCCESS; - break; - case HOSTAPD_ACL_REJECT: - wpa_printf(MSG_DEBUG, "[%s] STA " MACSTR - " has been rejected by RADIUS ACL.\n", - hapd->conf->iface, MAC2STR(mac)); - mlme.im_reason = IEEE80211_STATUS_UNSPECIFIED; - break; - default: - wpa_printf(MSG_ERROR, "[%s] STA " MACSTR - " has unknown status (%d) by RADIUS ACL. " - "Nothing to do...\n", hapd->conf->iface, - MAC2STR(mac), accepted); - return 0; - } - memset(&mlme, 0, sizeof(mlme)); - mlme.im_op = IEEE80211_MLME_AUTH; - memcpy(mlme.im_macaddr, mac, IEEE80211_ADDR_LEN); - return set80211var(drv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme)); -} - -static int -bsd_set_radius_acl_expire(void *priv, const u8 *mac) -{ - struct bsd_driver_data *drv = priv; - struct hostapd_data *hapd = drv->hapd; - - /* - * The expiry of the MAC address from RADIUS ACL cache doesn't mean - * that we should kick off the client. Our current approach doesn't - * require adding/removing entries from an allow/deny list; so this - * function is likely unecessary - */ - wpa_printf(MSG_DEBUG, "[%s] STA " MACSTR " radius acl cache " - "expired; nothing to do...", hapd->conf->iface, - MAC2STR(mac)); - return 0; -} -#endif /* CONFIG_DRIVER_RADIUS_ACL */ - -static void * -bsd_init(struct hostapd_data *hapd) -{ - struct bsd_driver_data *drv; - - drv = malloc(sizeof(struct bsd_driver_data)); - if (drv == NULL) { - printf("Could not allocate memory for bsd driver data\n"); - goto bad; - } - - memset(drv, 0, sizeof(*drv)); - drv->hapd = hapd; - drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); - if (drv->ioctl_sock < 0) { - perror("socket[PF_INET,SOCK_DGRAM]"); - goto bad; - } - memcpy(drv->iface, hapd->conf->iface, sizeof(drv->iface)); - /* - * NB: We require the interface name be mappable to an index. - * This implies we do not support having wpa_supplicant - * wait for an interface to appear. This seems ok; that - * doesn't belong here; it's really the job of devd. - * XXXSCW: devd is FreeBSD-specific. - */ - drv->ifindex = if_nametoindex(drv->iface); - if (drv->ifindex == 0) { - printf("%s: interface %s does not exist", __func__, drv->iface); - goto bad; - } - - drv->sock_xmit = l2_packet_init(drv->iface, NULL, ETH_P_EAPOL, - handle_read, drv, 1); - if (drv->sock_xmit == NULL) - goto bad; - if (l2_packet_get_own_addr(drv->sock_xmit, hapd->own_addr)) - goto bad; - - bsd_set_iface_flags(drv, -IFF_UP); /* mark down during setup */ - - return drv; -bad: - if (drv != NULL) { - if (drv->sock_xmit != NULL) - l2_packet_deinit(drv->sock_xmit); - if (drv->ioctl_sock >= 0) - close(drv->ioctl_sock); - free(drv); - } - return NULL; -} - - -static void -bsd_deinit(void *priv) -{ - struct bsd_driver_data *drv = priv; - - (void) bsd_set_iface_flags(drv, -IFF_UP); - if (drv->ioctl_sock >= 0) - close(drv->ioctl_sock); - if (drv->sock_xmit != NULL) - l2_packet_deinit(drv->sock_xmit); - free(drv); -} - -const struct wpa_driver_ops wpa_driver_bsd_ops = { - .name = "bsd", - .init = bsd_init, - .deinit = bsd_deinit, - .set_ieee8021x = bsd_set_ieee8021x, - .set_privacy = bsd_set_privacy, - .set_encryption = bsd_set_key, - .get_seqnum = bsd_get_seqnum, - .flush = bsd_flush, - .set_generic_elem = bsd_set_opt_ie, - .wireless_event_init = bsd_wireless_event_init, - .wireless_event_deinit = bsd_wireless_event_deinit, - .sta_set_flags = bsd_sta_set_flags, - .read_sta_data = bsd_read_sta_driver_data, - .send_eapol = bsd_send_eapol, - .sta_disassoc = bsd_sta_disassoc, - .sta_deauth = bsd_sta_deauth, - .set_ssid = bsd_set_ssid, - .get_ssid = bsd_get_ssid, - .set_countermeasures = bsd_set_countermeasures, - .sta_clear_stats = bsd_sta_clear_stats, - .commit = bsd_commit, -#ifdef CONFIG_DRIVER_RADIUS_ACL - .set_radius_acl_auth = bsd_set_radius_acl_auth, - .set_radius_acl_expire = bsd_set_radius_acl_expire, -#endif -}; diff --git a/usr.sbin/wpa/hostapd/hostapd.8 b/usr.sbin/wpa/hostapd/hostapd.8 deleted file mode 100644 index 7fb14d3..0000000 --- a/usr.sbin/wpa/hostapd/hostapd.8 +++ /dev/null @@ -1,134 +0,0 @@ -.\" Copyright (c) 2005 Sam Leffler <sam@errno.com> -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd October 26, 2007 -.Dt HOSTAPD 8 -.Os -.Sh NAME -.Nm hostapd -.Nd "authenticator for IEEE 802.11 networks" -.Sh SYNOPSIS -.Nm -.Op Fl BdhKtv -.Op Fl P Ar pidfile -.Ar config-file ... -.Sh DESCRIPTION -The -.Nm -utility -is an authenticator for IEEE 802.11 networks. -It provides full support for WPA/IEEE 802.11i and -can also act as an IEEE 802.1X Authenticator with a suitable -backend Authentication Server (typically -.Tn FreeRADIUS ) . -The -.Nm -utility -implements the authentication protocols that piggyback on top -of the normal IEEE 802.11 protocol mechanisms. -To use -.Nm -as an authenticator, the underlying device must support some -basic functionality such as the ability to set security information -in the 802.11 management frames. -Beware that not all devices have this support. -.Pp -The -.Nm -utility -is designed to be a -.Dq daemon -program that runs in the -background and acts as the backend component controlling -the wireless connection. -It supports separate frontend programs such as the -text-based frontend, -.Xr hostapd_cli 8 . -.Pp -The following arguments must be specified on the command line: -.Bl -tag -width indent -.It Ar config-file -Use the settings in the specified configuration file; the name of -the specified wireless interface is contained in this file. -See -.Xr hostapd.conf 5 -for a description of the configuration file syntax. -.Pp -Changes to the configuration file can be reloaded by sending a -.Dv SIGHUP -to the -.Nm -processor or with the -.Xr hostapd_cli 8 -utility, using -.Dq Li "hostapd_cli reconfigure" . -.El -.Sh OPTIONS -The options are as follows: -.Bl -tag -width indent -.It Fl d -Enable debugging messages. -If this option is supplied twice, more verbose messages are displayed. -.It Fl h -Show help text. -.It Fl t -Include timestamps in debugging output. -.It Fl v -Display version information on the terminal and exit. -.It Fl B -Detach from the controlling terminal and run as a daemon process -in the background. -.It Fl K -Include key information in debugging output. -.It Fl P Ar pidfile -Store PID in -.Ar pidfile . -.El -.Sh SEE ALSO -.Xr ath 4 , -.Xr ipw 4 , -.Xr iwi 4 , -.Xr ral 4 , -.Xr ural 4 , -.Xr wi 4 , -.Xr hostapd.conf 5 , -.Xr hostapd_cli 8 , -.Xr ifconfig 8 -.Sh HISTORY -The -.Nm -utility first appeared in -.Fx 6.0 . -.Sh AUTHORS -The -.Nm -utility was written by -.An Jouni Malinen Aq j@w1.fi . -This manual page is derived from the -.Pa README -file included in the -.Nm -distribution. diff --git a/usr.sbin/wpa/hostapd/hostapd.conf.5 b/usr.sbin/wpa/hostapd/hostapd.conf.5 deleted file mode 100644 index a460801..0000000 --- a/usr.sbin/wpa/hostapd/hostapd.conf.5 +++ /dev/null @@ -1,210 +0,0 @@ -.\" Copyright (c) 2005 Sam Leffler <sam@errno.com> -.\" Copyright (c) 2006 Rui Paulo -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd September 2, 2006 -.Dt HOSTAPD.CONF 5 -.Os -.Sh NAME -.Nm hostapd.conf -.Nd configuration file for -.Xr hostapd 8 -utility -.Sh DESCRIPTION -The -.Xr hostapd 8 -utility -is an authenticator for IEEE 802.11 networks. -It provides full support for WPA/IEEE 802.11i and -can also act as an IEEE 802.1X Authenticator with a suitable -backend Authentication Server (typically -.Tn FreeRADIUS ) . -.Pp -The configuration file consists of global parameters and domain -specific configuration: -.Bl -bullet -offset indent -compact -.It -IEEE 802.1X-2004 -.\" XXX not yet -.\" .It -.\" Integrated EAP server -.\" .It -.\" IEEE 802.11f - Inter-Access Point Protocol (IAPP) -.It -RADIUS client -.It -RADIUS authentication server -.It -WPA/IEEE 802.11i -.El -.Sh GLOBAL PARAMETERS -The following parameters are recognized: -.Bl -tag -width indent -.It Va interface -Interface name. -Should be set in -.Dq hostap -mode. -.It Va debug -Debugging mode: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps, 4 = -excessive. -.It Va dump_file -Dump file for state information (on -.Dv SIGUSR1 ) . -.It Va ctrl_interface -The pathname of the directory in which -.Xr hostapd 8 -creates -.Ux -domain socket files for communication -with frontend programs such as -.Xr hostapd_cli 8 . -.It Va ctrl_interface_group -A group name or group ID to use in setting protection on the -control interface file. -This can be set to allow non-root users to access the -control interface files. -If no group is specified, the group ID of the control interface -is not modified and will, typically, be the -group ID of the directory in which the socket is created. -.El -.Sh IEEE 802.1X-2004 PARAMETERS -The following parameters are recognized: -.Bl -tag -width indent -.It Va ieee8021x -Require IEEE 802.1X authorization. -.It Va eap_message -Optional displayable message sent with EAP Request-Identity. -.It Va wep_key_len_broadcast -Key lengths for broadcast keys. -.It Va wep_key_len_unicast -Key lengths for unicast keys. -.It Va wep_rekey_period -Rekeying period in seconds. -.It Va eapol_key_index_workaround -EAPOL-Key index workaround (set bit7) for WinXP Supplicant. -.It Va eap_reauth_period -EAP reauthentication period in seconds. -To disable reauthentication, -use -.Dq 0 . -.\" XXX not yet -.\" .It Va use_pae_group_addr -.El -.\" XXX not yet -.\" .Sh IEEE 802.11f - IAPP PARAMETERS -.\" The following parameters are recognized: -.\" .Bl -tag -width indent -.\" .It Va iapp_interface -.\" Interface to be used for IAPP broadcast packets -.\" .El -.Sh RADIUS CLIENT PARAMETERS -The following parameters are recognized: -.Bl -tag -width indent -.It Va own_ip_addr -The own IP address of the access point (used as NAS-IP-Address). -.It Va nas_identifier -Optional NAS-Identifier string for RADIUS messages. -.It Va auth_server_addr , auth_server_port , auth_server_shared_secret -RADIUS authentication server parameters. -Can be defined twice for secondary servers to be used if primary one -does not reply to RADIUS packets. -.It Va acct_server_addr , acct_server_port , acct_server_shared_secret -RADIUS accounting server parameters. -Can be defined twice for secondary servers to be used if primary one -does not reply to RADIUS packets. -.It Va radius_retry_primary_interval -Retry interval for trying to return to the primary RADIUS server (in -seconds). -.It Va radius_acct_interim_interval -Interim accounting update interval. -If this is set (larger than 0) and acct_server is configured, -.Xr hostapd 8 -will send interim accounting updates every N seconds. -.El -.Sh RADIUS AUTHENTICATION SERVER PARAMETERS -The following parameters are recognized: -.Bl -tag -width indent -.It Va radius_server_clients -File name of the RADIUS clients configuration for the RADIUS server. -If this is commented out, RADIUS server is disabled. -.It Va radius_server_auth_port -The UDP port number for the RADIUS authentication server. -.It Va radius_server_ipv6 -Use IPv6 with RADIUS server. -.El -.Sh WPA/IEEE 802.11i PARAMETERS -The following parameters are recognized: -.Bl -tag -width indent -.It Va wpa -Enable WPA. -Setting this variable configures the AP to require WPA (either -WPA-PSK or WPA-RADIUS/EAP based on other configuration). -.It Va wpa_psk , wpa_passphrase -WPA pre-shared keys for WPA-PSK. -This can be either entered as a 256-bit secret in hex format (64 hex -digits), wpa_psk, or as an ASCII passphrase (8..63 characters) that -will be converted to PSK. -This conversion uses SSID so the PSK changes when ASCII passphrase is -used and the SSID is changed. -.It Va wpa_psk_file -Optionally, WPA PSKs can be read from a separate text file (containing a -list of (PSK,MAC address) pairs. -.It Va wpa_key_mgmt -Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). -.It Va wpa_pairwise -Set of accepted cipher suites (encryption algorithms) for pairwise keys -(unicast packets). -See the example file for more information. -.It Va wpa_group_rekey -Time interval for rekeying GTK (broadcast/multicast encryption keys) in -seconds. -.It Va wpa_strict_rekey -Rekey GTK when any STA that possesses the current GTK is leaving the -BSS. -.It Va wpa_gmk_rekey -Time interval for rekeying GMK (master key used internally to generate GTKs), -in seconds. -.El -.Sh SEE ALSO -.Xr hostapd 8 , -.Xr hostapd_cli 8 -.Sh HISTORY -The -.Nm -manual page and -.Xr hostapd 8 -functionality first appeared in -.Fx 6.0 . -.Sh AUTHORS -This manual page is derived from the -.Pa README -and -.Pa hostapd.conf -files in the -.Nm hostapd -distribution provided by -.An Jouni Malinen Aq j@w1.fi . |