summaryrefslogtreecommitdiff
path: root/sys/net80211
AgeCommit message (Collapse)Author
2008-11-13use different TSCs when sending the two MIC failure report framesDamien Miller
to our AP as we enter TKIP countermeasures by caching the TSC of the last frame to fail the MIC; prompted by and ok damien@
2008-11-13Mitigate the new WPA attack described in Beck, M. and Tews S. "PracticalDamien Miller
attacks against WEP and WPA". The attack works by using the MIC failure notification messages sent station->AP on MIC failure as an oracle to verify guesses to reverse the CRC. To stop this, we can skip sending these notify frames except when we are going into "countermeasures" mode (drop the AP association, do not process traffic for 60s). When we go into countermeasures, I send two MIC failure notifications in a row - this should force the AP into countermeasures too. ok damien@
2008-10-23Prevent a crash in ieee80211_setkeys() when unplugging an interface inMichael Knudsen
hostap mode by canceling the group rekey timeout in ieee80211_node_detach(). ok damien
2008-10-15Second pass of simple timeout_add -> timeout_add_sec conversionsBret Lambert
This should take care of the simpler ones (i.e., timeout values of integer multiples of hz). ok krw@, art@
2008-10-02First step towards cleaning up the Ethernet driver ioctl handling.Brad Smith
Move calling ether_ioctl() from the top of the ioctl function, which at the moment does absolutely nothing, to the default switch case. Thus allowing drivers to define their own ioctl handlers and then falling back on ether_ioctl(). The only functional change this results in at the moment is having all Ethernet drivers returning the proper errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown ioctl's. Shrinks the i386 kernels by.. RAMDISK - 1024 bytes RAMDISKB - 1120 bytes RAMDISKC - 832 bytes Tested by martin@/jsing@/todd@/brad@ Build tested on almost all archs by todd@/brad@ ok jsing@
2008-09-28unbreak the tree.Damien Bergamini
pointed out by deraadt@, Markus Peloquin sorry guys.
2008-09-27Initial implementation of PMKSA caching and pre-authentication.Damien Bergamini
This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication. Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
2008-09-27Add some inline functions to test the presence of optional 802.11Damien Bergamini
header fields (Sequence Control, Address 4, QoS Control, +HTC) and use them where appropriate. Add ieee80211_get_qos() inline function to extract the QoS control field of an 802.11 header instead of duplicating the same scary code everywhere (the location of this field depends on the presence of an Address 4 field). Export ieee80211_up_to_ac() so that drivers can select the access category to use based on the TID subfield of the QoS Control field. Define more QoS-related bits for the RSN Capabilities field of RSN IE (will be used later).
2008-09-08define IEEE80211_STA_ONLY if SMALL_KERNEL is defined to shrinkJonathan Gray
the size of install media. ok damien@ deraadt@
2008-09-03third parameter of ieee80211_get_assoc_req() is a management frameDamien Bergamini
subtype, not a boolean indicating assoc or reassoc. rename the parameter and use if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) instead of if (reassoc). it worked only because IEEE80211_FC0_SUBTYPE_ASSOC_REQ is equal to 0.
2008-09-01use C99 style struct initializer instead of GCC specific one (from NetBSD).Damien Bergamini
some whitespace cleanup too.
2008-09-01add ic_tid_noack bitmap to indicate a per-TID ACK policy (1=no ack,Damien Bergamini
0=normal ack). all bits are currently set to 0. use this bitmap to set the ACK policy of the QoS control field of outgoing QoS frames.
2008-09-01extend ieee80211_classify() to extract DSCP field from IPv6 packets too.Damien Bergamini
2008-09-01rework previously unused ieee80211_pwrsave() function, call it fromDamien Bergamini
ieee80211_mgmt_output() and ieee80211_encap(). use new IEEE80211_C_APPMGT capability flag where appropriate. rename ic_tim_mcast to ic_tim_mcast_pending.
2008-08-29move code to support Frequency-Hopping spread spectrum (FHSS) PHYsDamien Bergamini
to the Attic. nothing uses it in the tree and it is very unlikely that something will use it one day. the only driver supporting FHSS PHYs in the tree is ray(4) and it does not use net80211.
2008-08-29garbage collect unused capabilities and configurations flags.Damien Bergamini
add two capabilities flags: IEEE80211_C_HT for HT STAs (802.11n) and IEEE80211_C_APPMGT which indicates the capability for an AP to buffer unicast and multicast traffic for STAs in PS mode. all drivers claiming HostAP support should support that but the truth is that none of them do. most of them are still at the 802.11b-only era and do not update dynamic parts of beacons or process frames from ic_pwrsaveq.
2008-08-28unbreak IEEE80211_DEBUGDamien Bergamini
2008-08-27move definitions of channels attributes away from ieee80211.h suchDamien Bergamini
that ieee80211.h contains only definitions that are part of the 802.11 standard and not constants used internally by net80211. because channels attributes are exported to userland through the radiotap BPF interface, add the definitions to ieee80211_radiotap.h too (which must be kept in sync with what is used in net80211). also, do not export combinations of channel attributes to userland so that noone get stupid ideas.
2008-08-27add IEEE80211_RADIOTAP_F_FCS radiotap flag from NetBSD.Damien Bergamini
use it in drivers that leave the 802.11 FCS in frames passed to radiotap BPF. otherwise, userland has no way to know if FCS is included or not as it depends on drivers. this is required by some ports (aircrack). requested by dhill@
2008-08-27introduce new IEEE80211_STA_ONLY kernel option that can be set toDamien Bergamini
remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
2008-08-15use LLC_SNAPFRAMELEN here too.Damien Bergamini
2008-08-14ieee80211_derive_pmkid() is not used eitherDamien Bergamini
2008-08-14#ifdef notyet ieee80211_kdf() as it is not used yet (shrink kernel a bit)Damien Bergamini
2008-08-14move the HostAP bridge code and the delivery of data frames to ether_inputDamien Bergamini
to a separate ieee80211_deliver_data() function. this will later be called by the A-MSDU deaggregation routine.
2008-08-14in ieee80211_input(), call if_start() after enqueuing frames in if_sndDamien Bergamini
when acting as an access point instead of having each driver doing the job. tested by krw@ (ral AP) and me with several drivers.
2008-08-14put ieee80211_dump_pkt() under #ifdef IEEE80211_DEBUGDamien Bergamini
2008-08-13one should never use sizeof(struct llc) since 802.2 LLC headersDamien Bergamini
have a variable length. use LLC_SNAPFRAMELEN instead (which happen to be equal to sizeof(struct llc)) as we only deal with LLC+SNAP headers. some indentation tweaks while i'm here. no binary change.
2008-08-13do not increment is_rx_eapol_key twice for each frame.Damien Bergamini
fix a test on the mbuf length and one on the descriptor version. remove redundant checking of GTK KDE length.
2008-08-12adopt the integrity group cipher of the AP at association time.Damien Bergamini
2008-08-12nuke unused fields.Damien Bergamini
2008-08-12add the code to encrypt/decrypt management frames, retrieve key idDamien Bergamini
from MMIE etc... this code can't be triggered as no drivers claim MFP capability yet.
2008-08-12reserves the correct number of bytes in ieee80211_send_4way_msg2().Damien Bergamini
2008-08-12clear Tx_Rx protection bits properly.Damien Bergamini
2008-08-12do not drop frames that have an invalid IE, just stop processingDamien Bergamini
more IEs.
2008-08-12populate ieee80211_recv_action(), does nothing yet.Damien Bergamini
2008-08-12add a couple of new definitions (action frames, new subtypes for controlDamien Bergamini
frames, new IEs etc...)
2008-08-12missing SHA-256 bits.Damien Bergamini
2008-08-12v3 descriptors use AES Key Wrap too.Damien Bergamini
2008-08-12new SHA-256 based AKMPs.Damien Bergamini
2008-08-12add/process group integrity cipher suite in RSN IEs.Damien Bergamini
add support for MFP negotiation during association.
2008-08-12add IEEE80211_RSNIE_MAXLEN and IEEE80211_WPAIE_MAXLEN definitionsDamien Bergamini
instead of hard-coding values. for RSN IE, request space for Group Integrity Cipher Suite.
2008-08-12add support for EAPOL-Key v3 descriptors (similar to v2 except that theDamien Bergamini
MIC is computed using AES-128-CMAC instead of HMAC-SHA1). add a SHA-256 based key derivation function (not used yet).
2008-08-12the only integrity group cipher currently supported is AES-128-CMAC.Damien Bergamini
2008-08-12generate a random IGTK in HostAP mode if we're MFP-capable.Damien Bergamini
2008-08-12add IEEE80211_F_MFPR config flags (management frame protection required)Damien Bergamini
and IEEE80211_C_MFP capability bit (driver supports MFP).
2008-08-12add definitions for RSN capabilities field (RSN IE).Damien Bergamini
2008-08-12AES Key Wrap adds a 64-bit MIC to the payload but we pad the contentDamien Bergamini
of the frame so that it is a multiple of 8 bytes before encryption. So we must reserve up to 15 bytes in the mbuf for the worst case, not 8.
2008-08-12process IGTK KDEs in EAPOL-Key frames and install integrity group keysDamien Bergamini
if MFP was negotiated with the peer (not possible yet).
2008-08-12extend the ic_nw_keys[] array to 6 elements.Damien Bergamini
indices 0-3 will be used for group data keys while indices 4-5 will be used for integrity group keys. add a ic_rsngroupmgmtcipher field too.
2008-08-12in a near future, unicast management frames will be encrypted/decryptedDamien Bergamini
using CCMP. use the right replay counter in this case.