| Age | Commit message (Collapse) | Author |
|---|
|
wrong. hard-code 0xf for now. will be fixed post-release.
|
|
copy m_pkthdr.len and m_flags before and use that after to update
the statistics.
from altq(4) man page and for consistency with what is done in
other parts of the tree.
|
|
|
|
|
|
WPA is on and RX protection for TA is on.
Keep track of the TX/RX protection for each node when WPA is on.
tested by djm@ (ral+wpa), ckuethe@ (ath-noenc) and krw@ (wpi<->ral+wpa).
hints from bluhm@
has been in snaps for a few days.
pointed out by bluhm@ something like 1 year ago but we did not have
the right infrastructure to fix it properly at that time.
ok deraadt@
|
|
keep track of the number of associated STAs in PS mode.
|
|
fix IEEE80211_DEBUG builds.
|
|
make sure drivers pass a contiguous header, check header length earlier.
fix checking of frames sequence number for frames containing an Address 4
field (required for future work).
fix processing of control frames (only pspoll for now).
|
|
automatically prepend __func__ to output.
deobfuscates debug messages a bit.
no binary change unless compiled with IEEE80211_DEBUG.
|
|
remove clause 3 of license while I'm here (from FreeBSD).
|
|
|
|
|
|
remove useless #includes.
|
|
properly handle frames with an address 4 field (required for future work).
remove useless #includes.
|
|
The bug was added on 04/16 but it started to show up only after 06/12 when
the value of MINCLSIZE was changed to something different from MHLEN + 1.
Thanks to dlg@ and giovanni (qgiovanni at gmail dot com) for putting me
on the right track.
Tested by giovanni.
Should fix system/5881 too.
|
|
this must not be included by drivers.
|
|
|
|
pass a pointer to an ieee80211_rxinfo structure containing those two
fields plus an extra flags field that indicates whether the frame was
decrypted by hardware or not.
required for a future fix.
|
|
constified.
|
|
ok deraadt@
|
|
|
|
|
|
do not parse RSN IE from beacons/probe responses if not scanning.
|
|
|
|
move ieee80211_setup_rates() to ieee80211_node.c
move some prototypes from ieee80211_proto.h to ieee80211_crypto.h
|
|
|
|
- add a ieee80211_recv_action() function (will be used later)
- some cleanup, remove unused prototypes, get rid of the
IEEE80211_VERIFY_* macros
|
|
4-way handshake, regardless of what protocol the supplicant is using.
Ignore the IEs we don't care about instead of deauthenticating with a
reason code of 'RSN_DIFFERENT_IE'.
|
|
crc in addition to the existing "oneshot" mode and use them to replace
ieee80211_crc_update() with the new ether_crc32_le_update(). Saves 1k
kernel bss + some code.
Mark the new ether_crc32_[lb]e_update functions as __pure for a
~25x speedup (on my i386 at least).
feedback and ok damien@
|
|
attaches instead of at every attach.
discussed with deraadt@
|
|
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@
ok deraadt@
|
|
ok reyk@ deraadt@ jsg@ dlg@
|
|
plcp2rate functions use plcp codes in most-significant-bit-first format
(R4-R1).
some drivers like wpi(4) and iwn(4) want plcp codes in lsb-first format
so they can't use those functions.
also the IEEE standard uses R1-R4 notation so this can be a bit confusing
for those refering to it.
use u_int8_t for plcp code and rate instead of int.
|
|
convert the PLCP header signal field to a rate value and vice versa.
This implementation has been discussed with Damien and doesn't change
any existing net80211 structures.
ok damien@
|
|
ieee80211_plcp2rate() because I've got a late feedback from Damien that
he dislike the implementation method a lot.
|
|
Help and OK reyk@
|
|
ok krw@
|
|
Diff has been done in co-work with damien@, jsg@, reyk@, and claudio@.
OK damien@
|
|
"looks ok" markus@
|
|
|
|
|
|
|
|
|
|
- discard all EAPOL-Key frames with an unknown descriptor version.
- when receiving message 3/4 of the 4-way handshake, do not install
the PTK if the INSTALL bit is not set. this fixes 4-way handshake
with APs using group keys only.
- similarly, do not mark the 802.1X port as valid if the SECURE bit
is not set (it will be marked as valid after group key handshake).
|
|
add some RSNA authenticator state machine bits.
|
|
message 2/4 of the 4-way handshake because the authenticator must
derive the PTK first (the MIC is computed using the KCK).
Move calls to ieee80211_eapol_key_check_mic() - and as a consequence
ieee80211_eapol_key_decrypt() - directly in the
ieee80211_recv_{group,4way}_msg*() functions.
Unconstify the first parameter since checking the MIC modifies the
frame. Remove ni->ni_ptk_ok field while i'm here.
|
|
information element in a management frame.
the authenticator has to make a copy of the RSN/WPA1 IE from
(Re)Association requests so that it can be compared with the
one included in message 2/4 of the 4-way handshake.
|
|
of a management or data frame (check if the i_qos, i_ht or i_addr4
are present).
|
|
message 4 based on the EAPOL-Key frame secure bit.
the only thing that differentiate these messages is the presence of
the RSN/WPA1 IE in the EAPOL-Key frame data field.
only message 2/4 contains this IE.
|
|
|
