Age | Commit message (Collapse) | Author |
|
to our AP as we enter TKIP countermeasures by caching the TSC of
the last frame to fail the MIC; prompted by and ok damien@
|
|
attacks against WEP and WPA". The attack works by using the MIC failure
notification messages sent station->AP on MIC failure as an oracle to
verify guesses to reverse the CRC.
To stop this, we can skip sending these notify frames except when we
are going into "countermeasures" mode (drop the AP association, do not
process traffic for 60s). When we go into countermeasures, I send two
MIC failure notifications in a row - this should force the AP into
countermeasures too.
ok damien@
|
|
hostap mode by canceling the group rekey timeout in ieee80211_node_detach().
ok damien
|
|
This should take care of the simpler ones (i.e., timeout values of
integer multiples of hz).
ok krw@, art@
|
|
Move calling ether_ioctl() from the top of the ioctl function, which
at the moment does absolutely nothing, to the default switch case.
Thus allowing drivers to define their own ioctl handlers and then
falling back on ether_ioctl(). The only functional change this results
in at the moment is having all Ethernet drivers returning the proper
errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown
ioctl's.
Shrinks the i386 kernels by..
RAMDISK - 1024 bytes
RAMDISKB - 1120 bytes
RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@
Build tested on almost all archs by todd@/brad@
ok jsing@
|
|
pointed out by deraadt@, Markus Peloquin
sorry guys.
|
|
This will be required for future WPA-Enterprise support (802.1X).
Add ieee80211_needs_auth() function (not implemented yet) to
notify the userland 802.1X PACP machine when an 802.1X port
becomes enabled (that is after successfull 802.11 Open System
authentication).
Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the
PACP state machine can kick the 802.11 key state machine and
install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw).
This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC
for data integrity, and AES Key Wrap for data protection of EAPOL-Key
frames. An OpenBSD AP will always advertise this capability and an
OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based
ones if both are supported by an AP.
|
|
header fields (Sequence Control, Address 4, QoS Control, +HTC) and
use them where appropriate.
Add ieee80211_get_qos() inline function to extract the QoS control
field of an 802.11 header instead of duplicating the same scary
code everywhere (the location of this field depends on the presence
of an Address 4 field).
Export ieee80211_up_to_ac() so that drivers can select the access
category to use based on the TID subfield of the QoS Control field.
Define more QoS-related bits for the RSN Capabilities field of RSN IE
(will be used later).
|
|
the size of install media.
ok damien@ deraadt@
|
|
subtype, not a boolean indicating assoc or reassoc.
rename the parameter and use if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ)
instead of if (reassoc).
it worked only because IEEE80211_FC0_SUBTYPE_ASSOC_REQ is equal to 0.
|
|
some whitespace cleanup too.
|
|
0=normal ack). all bits are currently set to 0.
use this bitmap to set the ACK policy of the QoS control field of
outgoing QoS frames.
|
|
|
|
ieee80211_mgmt_output() and ieee80211_encap().
use new IEEE80211_C_APPMGT capability flag where appropriate.
rename ic_tim_mcast to ic_tim_mcast_pending.
|
|
to the Attic. nothing uses it in the tree and it is very unlikely
that something will use it one day.
the only driver supporting FHSS PHYs in the tree is ray(4) and it
does not use net80211.
|
|
add two capabilities flags: IEEE80211_C_HT for HT STAs (802.11n)
and IEEE80211_C_APPMGT which indicates the capability for an AP
to buffer unicast and multicast traffic for STAs in PS mode.
all drivers claiming HostAP support should support that but the
truth is that none of them do.
most of them are still at the 802.11b-only era and do not update
dynamic parts of beacons or process frames from ic_pwrsaveq.
|
|
|
|
that ieee80211.h contains only definitions that are part of the
802.11 standard and not constants used internally by net80211.
because channels attributes are exported to userland through the
radiotap BPF interface, add the definitions to ieee80211_radiotap.h
too (which must be kept in sync with what is used in net80211).
also, do not export combinations of channel attributes to userland
so that noone get stupid ideas.
|
|
use it in drivers that leave the 802.11 FCS in frames
passed to radiotap BPF. otherwise, userland has no way
to know if FCS is included or not as it depends on drivers.
this is required by some ports (aircrack).
requested by dhill@
|
|
remove IBSS and HostAP support from net80211 and 802.11 drivers.
it can be used to shrink RAMDISK kernels for instance (like what
was done for wi(4)).
it also has the benefit of highlighting what is specific to IBSS
and HostAP modes in the code.
the cost is that we now have two code paths to maintain.
|
|
|
|
|
|
|
|
to a separate ieee80211_deliver_data() function.
this will later be called by the A-MSDU deaggregation routine.
|
|
when acting as an access point instead of having each driver doing the
job.
tested by krw@ (ral AP) and me with several drivers.
|
|
|
|
have a variable length. use LLC_SNAPFRAMELEN instead (which happen
to be equal to sizeof(struct llc)) as we only deal with LLC+SNAP
headers.
some indentation tweaks while i'm here.
no binary change.
|
|
fix a test on the mbuf length and one on the descriptor version.
remove redundant checking of GTK KDE length.
|
|
|
|
|
|
from MMIE etc...
this code can't be triggered as no drivers claim MFP capability yet.
|
|
|
|
|
|
more IEs.
|
|
|
|
frames, new IEs etc...)
|
|
|
|
|
|
|
|
add support for MFP negotiation during association.
|
|
instead of hard-coding values.
for RSN IE, request space for Group Integrity Cipher Suite.
|
|
MIC is computed using AES-128-CMAC instead of HMAC-SHA1).
add a SHA-256 based key derivation function (not used yet).
|
|
|
|
|
|
and IEEE80211_C_MFP capability bit (driver supports MFP).
|
|
|
|
of the frame so that it is a multiple of 8 bytes before encryption.
So we must reserve up to 15 bytes in the mbuf for the worst case, not 8.
|
|
if MFP was negotiated with the peer (not possible yet).
|
|
indices 0-3 will be used for group data keys while indices 4-5 will
be used for integrity group keys.
add a ic_rsngroupmgmtcipher field too.
|
|
using CCMP. use the right replay counter in this case.
|