#
1.81 |
|
07-Mar-2022 |
stsp |
rename net80211 ioctl struct ieee80211_channel to struct ieee80211_chaninfo
ioctls should use dedicated names for their structs, but SIOCG80211ALLCHANS duplicated struct ieee80211_channel. We cannot make changes to the kernel's version of ieee80211_channel while an ioctl is squatting on the struct name.
Helpful guidance from deraadt@ Tested in a ports bulk build by sthen@, and tested by Mikhail.
ok sthen@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.80 |
|
19-Nov-2020 |
krw |
Always check for EBUSY when the return value of ic_set_key() is tested.
Fixes urtwn(4) repeated DEAUTH and subsequent loss/restoration of link. It was a great dhclient(4) stress test. Note that urtwn(4) is the first and so far only device whose *_set_key() function returns EBUSY.
Debugging hints and ok stsp@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.79 |
|
15-Jan-2020 |
phessler |
If join is connected to an AP, remove the node from the cache so we properly reconnect to the AP
OK stsp@
|
#
1.78 |
|
13-Jan-2020 |
phessler |
When we change attributes for a join essid, we should apply the change immediately instead of waiting to (randomly) switch away and switch back.
Found by martijn@ OK stsp@
|
#
1.77 |
|
11-Nov-2019 |
stsp |
Prevent a NULL deref in ieee80211_node2req() which could be triggered by an ioctl if the driver had not yet initialized the channel map. Crash reported by nayden@ ok sthen@
|
#
1.76 |
|
09-Nov-2019 |
stsp |
Trigger a background scan when root runs the 'ifconfig scan' command. This will update the list of cached APs for future invocations of the 'scan' command, and will force a search for a better AP to roam to. ok sthen@ phessler@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
02-Sep-2019 |
stsp |
branches: 1.75.4; Make net80211 expose reasons for association failures to userland and have ifconfig display them in 'scan' output and on the ieee80211 status line if the failure is applicable to an already selected AP (e.g. wrong WPA key).
This will hopefully reduce the amount of help requests for what often turn out to be trivial misconfiguration issues that were previously hard to diagnose without debug mode.
ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in sync with the kernel. A full 'make build' will do the right thing!
Very helpful input by mpi@ and deraadt@
|
#
1.74 |
|
12-May-2019 |
stsp |
Fix 'ifconfig nwflags; These flags ended up overlapping with other flags in ieee80211com's ic_flags because we haven't been paying attention to them (they're not in the same place in the code and hence easy to miss). Move them to a dedicated variable to avoid this problem in the future.
Add a new 'stayauth' nwflag which can be set to let net80211 ignore deauth frames. This can be useful when deauth frames are being persistently spoofed by an attacker. Idea from beck@
ok beck@ phessler@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.73 |
|
19-Feb-2019 |
stsp |
branches: 1.73.2; Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac. ok patrick@ mpi@
|
#
1.72 |
|
18-Jan-2019 |
phessler |
when removing the currently active network from the join list, disconnect from it as well
OK stsp@
|
#
1.71 |
|
18-Jan-2019 |
phessler |
add a len field when we delete an essid from the joinlist. this will have us properly match, instead of hoping we got lucky when selecting it.
OK stsp@
|
#
1.70 |
|
18-Jan-2019 |
phessler |
let users automatically use join to connect to any open wifi network. if a known network is visible, always prefer that instead.
requested by many, OK stsp@
|
#
1.69 |
|
25-Nov-2018 |
phessler |
print more details about the join'd networks we have saved when a user runs ifconfig if joinlist
OK stsp@
|
#
1.68 |
|
27-Oct-2018 |
phessler |
clean up accounting of the AUTO_JOIN flag by making sure it is set or cleared based on the state of the joinlist
OK stsp@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.67 |
|
10-Sep-2018 |
phessler |
do not immediately set the join'd network, the join command only updates the list.
makes /etc/netstart very fast when ran while the interface is up
OK stsp@
|
#
1.66 |
|
10-Sep-2018 |
phessler |
use the correct essid when switching during the ioctl path
pointed out by stsp@
|
#
1.65 |
|
09-Sep-2018 |
phessler |
convert the things we save in 'join' into a single ioctl. mixing related settings over multiple calls was risky and racy. Pass essid, wpa, and wep paramaters in a single ioctl and process it atomically.
no change for 'nwid' users
OK stsp@ benno@
|
#
1.64 |
|
01-Sep-2018 |
stsp |
Make 'ifconfig nwid' override 'ifconfig join'.
There was no way to override a decision made by join's network selection algorithm (apart from disabling the feature by clearing the join list). Automatic selection is based on heuristics which cannot always guess correctly so we need to provide an override.
One specific problem was that if 'nwid foo' and 'nwid bar' were both visible in the scan and only 'nwid foo' was a member of the join list, then there was no way at all to connect to 'nwid bar'. The wireless stack would keep selecting 'nwid foo' instead.
'ifconfig iwm0 nwid bar' command will now disable automatic network selection and force the use of ESSID 'bar'. Any of these commands will re-enable automatic network selection: ifconfig iwm0 -nwid ifconfig iwm0 nwid '' ifconfig iwm0 join some-network-id
ok phessler@ deraadt@
|
#
1.63 |
|
06-Aug-2018 |
benno |
make ifconfig <if> join display the list of networks configured for auto-join with feedback from florian and stsp ok florian@ phessler@ (on previous versions of the diff) stsp@
|
#
1.62 |
|
06-Aug-2018 |
stsp |
Refactor ieee80211_add_ess():
Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly from the ic to make it more obvious where this function is reading from.
nwids are binary data with an explicit length, so treat them as such instead of treating them like strings.
ok florian phessler
|
#
1.61 |
|
11-Jul-2018 |
phessler |
Introduce 'auto-join' to the wifi 802.11 stack.
This allows a system to remember which ESSIDs it wants to connect to, any relevant security configuration, and switch to it when the network we are currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if: join home wpakey password join work wpakey mekmitasdigoat join open-lounge join cafe wpakey cafe2018 join "wepnetwork" nwkey "12345" dhcp inet6 autoconf up
OK stsp@ reyk@ and enthusiasm from every hackroom I've been in for the last 3 years
|
#
1.60 |
|
26-Apr-2018 |
pirofti |
net80211: stub SIOCS80211SCAN, make ifconfig scan instant.
The following removes the functionality of the SIOCS80211SCAN ioctl. After long discussions with stps@, mpi@, and deraadt@ we decided that this was the correct way of fixing ifconfig scan from blocking the network stack.
The kernel will continue scanning in the background and filling the nodes array, but ifconfig scan commands will now basically do just a SIOCG80211ALLNODES and pretty print the array. So the output stays the same but is instant.
In fact, when the interface is freshly brought up, if you type fast enough, you can see the array being filled by running multiple ifconfig scans in sequence.
The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4) still need it around. But not for long...
Another change that this introduces is the fact that ifconfig scan no longer plays with UP and DOWN. If the interface is down it complains and exits. This is needed in order to maintain the nodes list.
Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).
Tested by mpi@, landry@, florian@, thanks! OK mpi@.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.59 |
|
19-Feb-2018 |
mpi |
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
#
1.58 |
|
27-Nov-2017 |
stsp |
Stop reporting WPA and WEP keys back to userland. The kernel is not a password database; look your wifi keys up elsewhere.
Discussed with several. ok phessler@ jca@
|
#
1.57 |
|
06-Nov-2017 |
phessler |
move a function declaration, so the whole net80211 stack can disable wep or wpa
OK stsp@
|
#
1.56 |
|
05-Nov-2017 |
phessler |
Changing nwid on a wifi network means it is a new network, so clear the WPA and WEP configuration.
OK pirofti@ stsp@ sthen@
|
#
1.55 |
|
27-Oct-2017 |
jsg |
Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009. ok stsp@ kevlo@ jca@
|
#
1.54 |
|
26-Oct-2017 |
mpi |
Move common code to add/remove multicast filters to ieee80211_ioctl(9).
ok jsg@, stsp@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.53 |
|
19-Jul-2017 |
stsp |
Plug an information leak in ieee80211_node2req(). Problem reported by Ilja Van Sprundel. ok tb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.52 |
|
23-Mar-2017 |
tb |
branches: 1.52.4; Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
#
1.51 |
|
21-Mar-2017 |
stsp |
When a new WPA key is set while WEP is enabled, disable WEP, and when a new WEP key is set while WPA is enabled, disable WPA. Prevents unusable configurations where both WEP and WPA are active and makes switching between WEP/WPA networks easier. ok deraadt@ tb@ sthen@
|
#
1.50 |
|
12-Mar-2017 |
stsp |
Introduce separate fields for supported WPA protocols and AKMs in struct ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it currently configured/enabled settings. Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi interface is not configured to use WPA (my previous commit attempted to fix the same problem but didn't make it work in all cases). ok tb@
|
#
1.49 |
|
11-Mar-2017 |
stsp |
Make 'ifconfig scan' display AP encryption correctly if WEP is configured on the local wifi interface. ifconfig was mistakenly showing the common supported subset of client and AP, rather than showing the AP's capabilities. Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means ifconfig must be recompiled to run on a new kernel. ok deraadt@ mpi@
|
#
1.48 |
|
19-Jan-2017 |
stsp |
Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1. Without this fix it was impossible to use WPA1 without also making use of the wpaciphers option to enable TKIP. Problem noticed by pirofti@. ok mpi@
|
#
1.47 |
|
31-Dec-2016 |
phessler |
When we disable WPA on an interface, wipe all of the WPA parameters, including removing the 802.1x configuration from the card.
Found while coming home from CCC Congress.
OK stsp@
|
#
1.46 |
|
20-Dec-2016 |
stsp |
Disable TKIP (WPA1) by default.
It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard.
TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute.
TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8).
Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@
|
#
1.45 |
|
18-Dec-2016 |
stsp |
While copying out channel flags to userspace, omit the HT channel flag if we're not in 11n mode. This will allow tcpdump to show the mode correctly. ok mpi@
|
#
1.44 |
|
15-Sep-2016 |
dlg |
move from RB macros to the RBT functions.
shaves about 5k off an amd64 GENERIC.MP kernel
|
#
1.43 |
|
31-Aug-2016 |
stsp |
If a driver reports RSSI in the 20-100 range, convert to a negative value. Fixes dBm values displayed by 'ifconfig scan' with several drivers. ok mpi@ jca@
|
#
1.42 |
|
15-Aug-2016 |
stsp |
Expose more 802.11n information to userspace: A flag which indicates whether HT has been negotiated with a node, and the current Tx MCS value we use for a node.
This grows struct ieee80211_nodereq. Applications using it must be recompiled.
ok mpi@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.41 |
|
28-Apr-2016 |
stsp |
branches: 1.41.2; Copy some ieee8021_node HT information to userspace. ifconfig needs to be recompiled. ok mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.40 |
|
04-Jan-2016 |
stsp |
Fix manual scan while associated in 11a mode. It would only show APs on 5GHz. Problem found by benno@ ok benno@ kettenis@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.39 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.38 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.37 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
#
1.36 |
|
12-Sep-2014 |
sthen |
Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes which have been seen but which haven't otherwise interacted with us), fixing a problem where old cached nodes are seen when doing a scan. From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
10-Jul-2014 |
stsp |
Return RSN (WPA) information to userland during wireless scan, and make ifconfig show whether a wireless network uses WEP or WPA. Since struct ieee80211_nodereq grows in size old ifconfig won't be able to scan when running on a new kernel. While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP. ok jsg@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.34 |
|
29-Sep-2010 |
kettenis |
In the implementation of the SIOCS80211DELNODE ioctl, call ieee80211_node_leave() instead of ieee80211_release_node() which screws up reference counting and leads to use after free problems elsewhere in the code. Since ieee80211_node_leave() is only available if hostap support is compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling without hostap support (e.g. on ramdisks).
ok deraadt@, damien@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE
|
#
1.33 |
|
12-Sep-2009 |
miod |
Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.32 |
|
06-Jun-2009 |
damien |
In SIOCS80211SCAN, fail if the interface is not up *and* running. There are cases where the interface can be up but not running, for instance if the driver's if_init routine fails halfway for whatever reason (firmware file not found, hardware switch turned off etc...) This is because in sys/net/if.c, the returned code of the driver is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set. netintro(4) does not say anything about values returned by SIOCSIFFLAGS, so I don't know whether it is the expected behavior or not.
pointed out by halex@ and jacekm@ who noticed it was possible to trigger a scan on wpi(4) even when the hardware switch was turned off.
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.31 |
|
15-Feb-2009 |
damien |
make "ifconfig if0 chan" list the channels supported by the device. add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too.
discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
|
#
1.30 |
|
13-Feb-2009 |
damien |
Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'. Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
|
#
1.29 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.28 |
|
14-Dec-2008 |
jsg |
txpower range checks should be inclusive. From FreeBSD via mickey in pr 6024.
ok damien@
|
#
1.27 |
|
03-Dec-2008 |
damien |
small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific flags using "nwflag".
|
#
1.26 |
|
02-Oct-2008 |
brad |
First step towards cleaning up the Ethernet driver ioctl handling. Move calling ether_ioctl() from the top of the ioctl function, which at the moment does absolutely nothing, to the default switch case. Thus allowing drivers to define their own ioctl handlers and then falling back on ether_ioctl(). The only functional change this results in at the moment is having all Ethernet drivers returning the proper errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown ioctl's.
Shrinks the i386 kernels by.. RAMDISK - 1024 bytes RAMDISKB - 1120 bytes RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@ Build tested on almost all archs by todd@/brad@
ok jsing@
|
#
1.25 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.24 |
|
29-Aug-2008 |
damien |
move code to support Frequency-Hopping spread spectrum (FHSS) PHYs to the Attic. nothing uses it in the tree and it is very unlikely that something will use it one day. the only driver supporting FHSS PHYs in the tree is ray(4) and it does not use net80211.
|
#
1.23 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.22 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.21 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.20 |
|
25-Nov-2007 |
brad |
return ENOTTY not EINVAL for an unknown ioctl.
ok reyk@ deraadt@ jsg@ dlg@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.19 |
|
18-Jul-2007 |
damien |
replace the ieee80211_wepkey structure with a more generic ieee80211_key one that can be used with other ciphers than WEP.
|
#
1.18 |
|
16-Jun-2007 |
damien |
constify
|
#
1.17 |
|
06-Jun-2007 |
damien |
The license permits us to redistribute this code under the BSD or the GPLv2. Choose the BSD license so that future enhancements will be BSD-only.
ok jsg@ reyk@ deraadt@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.16 |
|
29-Dec-2006 |
reyk |
fix the key buffer size used for software wep, this could cause problems with non-standard wep keys >= 104 bits.
thanks to Alexander Bluhm
ok mglocker@ jsg@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.15 |
|
27-Jun-2006 |
reyk |
add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode and "nwflag nobridge" to prevent inter-station communications. "hidenwid" will also work with wi(4) to replace the old -E 3 option of wicontrol.
ok damien@ jmc@
|
#
1.14 |
|
23-Jun-2006 |
reyk |
add an optional max_rssi attribute to the ieee80211com structure and allow to export the RSSI Max value with ioctls and by radiotap headers.
ok damien@ jsg@
description:
we currently use "dB" as an indication for the signal strength in ifconfig and in the radiotap headers. it means "decibel difference from an arbitrary, fixed reference". this is quite confusing, because different chipsets have different references for the dB/rssi values.
we can use the plain RSSI which is described in IEEE 802.11: "The receive signal strength indicator (RSSI) is an optional parameter that has a value of 0 through RSSI Max.". all wireless chipsets have something like a RSSI (normally as a Rx descriptor field), but the value for RSSI Max is chipset-specific.
if we know the RSSI Max, we can calculate a percentage which is much easier to understand for the user. we even don't have to use the absolute RSSI Max, we can use an average RSSI Max, figured out by monitoring and tuning the RSSI Max of the drivers. if the user gets a signal of 110%, it would mean "better than the average Max signal".
there's no need to do any RSSI calculations in the kernel, it just passes the the relative rssi and max_rssi values to userspace. this is done in the ieee80211_nodereq ioctl structure and possible with a new radiotap header. the radiotap RSSI header allows to get a flexible but common signal indicator instead of the complex and unrelated dB/dBm signal fields. it must include two 8bit values current rssi and RSSI max.
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.13 |
|
13-Sep-2005 |
reyk |
replace the node hash table with a red-black tree. this fixes some bugs in the node table (like duplicate nodes in hostap mode), we get rid of possible hash collisions, and it simplifies the code.
tested by many, ok damien@, jsg@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.12 |
|
25-May-2005 |
reyk |
add ifconfig -M option to replace wicontrol -L and -l for ap scanning and node listing. wicontrol is not supported by net80211 drivers anymore. further improvements will be done.
ok dlg@, jsg@
|
#
1.11 |
|
03-Apr-2005 |
uwe |
remove redundant suser() checks
|
#
1.10 |
|
02-Apr-2005 |
uwe |
Protect SIOCSIFMTU, too.
|
#
1.9 |
|
01-Apr-2005 |
uwe |
Protect more SIOCS* commands with suser() checks.
|
#
1.8 |
|
01-Apr-2005 |
uwe |
Fix some ioctl permission checks on the basis of what if_wi.c does.
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.7 |
|
27-Feb-2005 |
reyk |
remove dead code of unsupported ioctls from FreeBSD. we do it in a different way.
ok deraadt@, martin@
|
#
1.6 |
|
17-Feb-2005 |
reyk |
derived from NetBSD:
--- Make the node table into an LRU cache: least-recently used nodes are at the end of the node queue. Change the reference-counting discipline: ni->ni_refcnt indicates how many times net80211 has granted ni to the driver. Every node in the table with ni_refcnt=0 is eligible to be garbage-collected. The mere presence of a node in the table does not any longer indicate its auth/assoc state; nodes have a ni_state variable, now.
While I am here, patch ieee80211_find_node_for_beacon to do a "best match" by bssid/ssid/channel, not a "perfect match." This keeps net80211 from caching duplicate nodes in the table. ---
ok deraadt@ dlg@, looks good jsg@
|
#
1.5 |
|
15-Feb-2005 |
reyk |
add the manual tx power option. this is supported by some prism2/2.5/3 cards in hostap mode but it depends on the firmware version. support for other wireless chipsets will be added in the future using the net80211-framework.
ok robert@ bob@ danh@, tested by some others
|
#
1.4 |
|
25-Nov-2004 |
reyk |
compatibility ioctls for things like "wicontrol ath0 -l" to list known stations on a net80211-based ap. ok millert@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.3 |
|
28-Jun-2004 |
millert |
Don't restrict WEP keys to exactly 40 or 108 bits.
|
#
1.2 |
|
28-Jun-2004 |
millert |
Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do ap scanning via wicontrol.
|
#
1.1 |
|
22-Jun-2004 |
millert |
Import current NetBSD/FreeBSD 802.11 framework. Based in part on a diff from Matthew Gream.
|
#
1.80 |
|
19-Nov-2020 |
krw |
Always check for EBUSY when the return value of ic_set_key() is tested.
Fixes urtwn(4) repeated DEAUTH and subsequent loss/restoration of link. It was a great dhclient(4) stress test. Note that urtwn(4) is the first and so far only device whose *_set_key() function returns EBUSY.
Debugging hints and ok stsp@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.79 |
|
15-Jan-2020 |
phessler |
If join is connected to an AP, remove the node from the cache so we properly reconnect to the AP
OK stsp@
|
#
1.78 |
|
13-Jan-2020 |
phessler |
When we change attributes for a join essid, we should apply the change immediately instead of waiting to (randomly) switch away and switch back.
Found by martijn@ OK stsp@
|
#
1.77 |
|
11-Nov-2019 |
stsp |
Prevent a NULL deref in ieee80211_node2req() which could be triggered by an ioctl if the driver had not yet initialized the channel map. Crash reported by nayden@ ok sthen@
|
#
1.76 |
|
09-Nov-2019 |
stsp |
Trigger a background scan when root runs the 'ifconfig scan' command. This will update the list of cached APs for future invocations of the 'scan' command, and will force a search for a better AP to roam to. ok sthen@ phessler@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
02-Sep-2019 |
stsp |
branches: 1.75.4; Make net80211 expose reasons for association failures to userland and have ifconfig display them in 'scan' output and on the ieee80211 status line if the failure is applicable to an already selected AP (e.g. wrong WPA key).
This will hopefully reduce the amount of help requests for what often turn out to be trivial misconfiguration issues that were previously hard to diagnose without debug mode.
ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in sync with the kernel. A full 'make build' will do the right thing!
Very helpful input by mpi@ and deraadt@
|
#
1.74 |
|
12-May-2019 |
stsp |
Fix 'ifconfig nwflags; These flags ended up overlapping with other flags in ieee80211com's ic_flags because we haven't been paying attention to them (they're not in the same place in the code and hence easy to miss). Move them to a dedicated variable to avoid this problem in the future.
Add a new 'stayauth' nwflag which can be set to let net80211 ignore deauth frames. This can be useful when deauth frames are being persistently spoofed by an attacker. Idea from beck@
ok beck@ phessler@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.73 |
|
19-Feb-2019 |
stsp |
branches: 1.73.2; Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac. ok patrick@ mpi@
|
#
1.72 |
|
18-Jan-2019 |
phessler |
when removing the currently active network from the join list, disconnect from it as well
OK stsp@
|
#
1.71 |
|
18-Jan-2019 |
phessler |
add a len field when we delete an essid from the joinlist. this will have us properly match, instead of hoping we got lucky when selecting it.
OK stsp@
|
#
1.70 |
|
18-Jan-2019 |
phessler |
let users automatically use join to connect to any open wifi network. if a known network is visible, always prefer that instead.
requested by many, OK stsp@
|
#
1.69 |
|
25-Nov-2018 |
phessler |
print more details about the join'd networks we have saved when a user runs ifconfig if joinlist
OK stsp@
|
#
1.68 |
|
27-Oct-2018 |
phessler |
clean up accounting of the AUTO_JOIN flag by making sure it is set or cleared based on the state of the joinlist
OK stsp@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.67 |
|
10-Sep-2018 |
phessler |
do not immediately set the join'd network, the join command only updates the list.
makes /etc/netstart very fast when ran while the interface is up
OK stsp@
|
#
1.66 |
|
10-Sep-2018 |
phessler |
use the correct essid when switching during the ioctl path
pointed out by stsp@
|
#
1.65 |
|
09-Sep-2018 |
phessler |
convert the things we save in 'join' into a single ioctl. mixing related settings over multiple calls was risky and racy. Pass essid, wpa, and wep paramaters in a single ioctl and process it atomically.
no change for 'nwid' users
OK stsp@ benno@
|
#
1.64 |
|
01-Sep-2018 |
stsp |
Make 'ifconfig nwid' override 'ifconfig join'.
There was no way to override a decision made by join's network selection algorithm (apart from disabling the feature by clearing the join list). Automatic selection is based on heuristics which cannot always guess correctly so we need to provide an override.
One specific problem was that if 'nwid foo' and 'nwid bar' were both visible in the scan and only 'nwid foo' was a member of the join list, then there was no way at all to connect to 'nwid bar'. The wireless stack would keep selecting 'nwid foo' instead.
'ifconfig iwm0 nwid bar' command will now disable automatic network selection and force the use of ESSID 'bar'. Any of these commands will re-enable automatic network selection: ifconfig iwm0 -nwid ifconfig iwm0 nwid '' ifconfig iwm0 join some-network-id
ok phessler@ deraadt@
|
#
1.63 |
|
06-Aug-2018 |
benno |
make ifconfig <if> join display the list of networks configured for auto-join with feedback from florian and stsp ok florian@ phessler@ (on previous versions of the diff) stsp@
|
#
1.62 |
|
06-Aug-2018 |
stsp |
Refactor ieee80211_add_ess():
Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly from the ic to make it more obvious where this function is reading from.
nwids are binary data with an explicit length, so treat them as such instead of treating them like strings.
ok florian phessler
|
#
1.61 |
|
11-Jul-2018 |
phessler |
Introduce 'auto-join' to the wifi 802.11 stack.
This allows a system to remember which ESSIDs it wants to connect to, any relevant security configuration, and switch to it when the network we are currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if: join home wpakey password join work wpakey mekmitasdigoat join open-lounge join cafe wpakey cafe2018 join "wepnetwork" nwkey "12345" dhcp inet6 autoconf up
OK stsp@ reyk@ and enthusiasm from every hackroom I've been in for the last 3 years
|
#
1.60 |
|
26-Apr-2018 |
pirofti |
net80211: stub SIOCS80211SCAN, make ifconfig scan instant.
The following removes the functionality of the SIOCS80211SCAN ioctl. After long discussions with stps@, mpi@, and deraadt@ we decided that this was the correct way of fixing ifconfig scan from blocking the network stack.
The kernel will continue scanning in the background and filling the nodes array, but ifconfig scan commands will now basically do just a SIOCG80211ALLNODES and pretty print the array. So the output stays the same but is instant.
In fact, when the interface is freshly brought up, if you type fast enough, you can see the array being filled by running multiple ifconfig scans in sequence.
The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4) still need it around. But not for long...
Another change that this introduces is the fact that ifconfig scan no longer plays with UP and DOWN. If the interface is down it complains and exits. This is needed in order to maintain the nodes list.
Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).
Tested by mpi@, landry@, florian@, thanks! OK mpi@.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.59 |
|
19-Feb-2018 |
mpi |
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
#
1.58 |
|
27-Nov-2017 |
stsp |
Stop reporting WPA and WEP keys back to userland. The kernel is not a password database; look your wifi keys up elsewhere.
Discussed with several. ok phessler@ jca@
|
#
1.57 |
|
06-Nov-2017 |
phessler |
move a function declaration, so the whole net80211 stack can disable wep or wpa
OK stsp@
|
#
1.56 |
|
05-Nov-2017 |
phessler |
Changing nwid on a wifi network means it is a new network, so clear the WPA and WEP configuration.
OK pirofti@ stsp@ sthen@
|
#
1.55 |
|
27-Oct-2017 |
jsg |
Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009. ok stsp@ kevlo@ jca@
|
#
1.54 |
|
26-Oct-2017 |
mpi |
Move common code to add/remove multicast filters to ieee80211_ioctl(9).
ok jsg@, stsp@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.53 |
|
19-Jul-2017 |
stsp |
Plug an information leak in ieee80211_node2req(). Problem reported by Ilja Van Sprundel. ok tb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.52 |
|
23-Mar-2017 |
tb |
branches: 1.52.4; Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
#
1.51 |
|
21-Mar-2017 |
stsp |
When a new WPA key is set while WEP is enabled, disable WEP, and when a new WEP key is set while WPA is enabled, disable WPA. Prevents unusable configurations where both WEP and WPA are active and makes switching between WEP/WPA networks easier. ok deraadt@ tb@ sthen@
|
#
1.50 |
|
12-Mar-2017 |
stsp |
Introduce separate fields for supported WPA protocols and AKMs in struct ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it currently configured/enabled settings. Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi interface is not configured to use WPA (my previous commit attempted to fix the same problem but didn't make it work in all cases). ok tb@
|
#
1.49 |
|
11-Mar-2017 |
stsp |
Make 'ifconfig scan' display AP encryption correctly if WEP is configured on the local wifi interface. ifconfig was mistakenly showing the common supported subset of client and AP, rather than showing the AP's capabilities. Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means ifconfig must be recompiled to run on a new kernel. ok deraadt@ mpi@
|
#
1.48 |
|
19-Jan-2017 |
stsp |
Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1. Without this fix it was impossible to use WPA1 without also making use of the wpaciphers option to enable TKIP. Problem noticed by pirofti@. ok mpi@
|
#
1.47 |
|
31-Dec-2016 |
phessler |
When we disable WPA on an interface, wipe all of the WPA parameters, including removing the 802.1x configuration from the card.
Found while coming home from CCC Congress.
OK stsp@
|
#
1.46 |
|
20-Dec-2016 |
stsp |
Disable TKIP (WPA1) by default.
It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard.
TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute.
TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8).
Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@
|
#
1.45 |
|
18-Dec-2016 |
stsp |
While copying out channel flags to userspace, omit the HT channel flag if we're not in 11n mode. This will allow tcpdump to show the mode correctly. ok mpi@
|
#
1.44 |
|
15-Sep-2016 |
dlg |
move from RB macros to the RBT functions.
shaves about 5k off an amd64 GENERIC.MP kernel
|
#
1.43 |
|
31-Aug-2016 |
stsp |
If a driver reports RSSI in the 20-100 range, convert to a negative value. Fixes dBm values displayed by 'ifconfig scan' with several drivers. ok mpi@ jca@
|
#
1.42 |
|
15-Aug-2016 |
stsp |
Expose more 802.11n information to userspace: A flag which indicates whether HT has been negotiated with a node, and the current Tx MCS value we use for a node.
This grows struct ieee80211_nodereq. Applications using it must be recompiled.
ok mpi@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.41 |
|
28-Apr-2016 |
stsp |
branches: 1.41.2; Copy some ieee8021_node HT information to userspace. ifconfig needs to be recompiled. ok mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.40 |
|
04-Jan-2016 |
stsp |
Fix manual scan while associated in 11a mode. It would only show APs on 5GHz. Problem found by benno@ ok benno@ kettenis@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.39 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.38 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.37 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
#
1.36 |
|
12-Sep-2014 |
sthen |
Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes which have been seen but which haven't otherwise interacted with us), fixing a problem where old cached nodes are seen when doing a scan. From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
10-Jul-2014 |
stsp |
Return RSN (WPA) information to userland during wireless scan, and make ifconfig show whether a wireless network uses WEP or WPA. Since struct ieee80211_nodereq grows in size old ifconfig won't be able to scan when running on a new kernel. While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP. ok jsg@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.34 |
|
29-Sep-2010 |
kettenis |
In the implementation of the SIOCS80211DELNODE ioctl, call ieee80211_node_leave() instead of ieee80211_release_node() which screws up reference counting and leads to use after free problems elsewhere in the code. Since ieee80211_node_leave() is only available if hostap support is compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling without hostap support (e.g. on ramdisks).
ok deraadt@, damien@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE
|
#
1.33 |
|
12-Sep-2009 |
miod |
Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.32 |
|
06-Jun-2009 |
damien |
In SIOCS80211SCAN, fail if the interface is not up *and* running. There are cases where the interface can be up but not running, for instance if the driver's if_init routine fails halfway for whatever reason (firmware file not found, hardware switch turned off etc...) This is because in sys/net/if.c, the returned code of the driver is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set. netintro(4) does not say anything about values returned by SIOCSIFFLAGS, so I don't know whether it is the expected behavior or not.
pointed out by halex@ and jacekm@ who noticed it was possible to trigger a scan on wpi(4) even when the hardware switch was turned off.
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.31 |
|
15-Feb-2009 |
damien |
make "ifconfig if0 chan" list the channels supported by the device. add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too.
discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
|
#
1.30 |
|
13-Feb-2009 |
damien |
Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'. Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
|
#
1.29 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.28 |
|
14-Dec-2008 |
jsg |
txpower range checks should be inclusive. From FreeBSD via mickey in pr 6024.
ok damien@
|
#
1.27 |
|
03-Dec-2008 |
damien |
small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific flags using "nwflag".
|
#
1.26 |
|
02-Oct-2008 |
brad |
First step towards cleaning up the Ethernet driver ioctl handling. Move calling ether_ioctl() from the top of the ioctl function, which at the moment does absolutely nothing, to the default switch case. Thus allowing drivers to define their own ioctl handlers and then falling back on ether_ioctl(). The only functional change this results in at the moment is having all Ethernet drivers returning the proper errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown ioctl's.
Shrinks the i386 kernels by.. RAMDISK - 1024 bytes RAMDISKB - 1120 bytes RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@ Build tested on almost all archs by todd@/brad@
ok jsing@
|
#
1.25 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.24 |
|
29-Aug-2008 |
damien |
move code to support Frequency-Hopping spread spectrum (FHSS) PHYs to the Attic. nothing uses it in the tree and it is very unlikely that something will use it one day. the only driver supporting FHSS PHYs in the tree is ray(4) and it does not use net80211.
|
#
1.23 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.22 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.21 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.20 |
|
25-Nov-2007 |
brad |
return ENOTTY not EINVAL for an unknown ioctl.
ok reyk@ deraadt@ jsg@ dlg@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.19 |
|
18-Jul-2007 |
damien |
replace the ieee80211_wepkey structure with a more generic ieee80211_key one that can be used with other ciphers than WEP.
|
#
1.18 |
|
16-Jun-2007 |
damien |
constify
|
#
1.17 |
|
06-Jun-2007 |
damien |
The license permits us to redistribute this code under the BSD or the GPLv2. Choose the BSD license so that future enhancements will be BSD-only.
ok jsg@ reyk@ deraadt@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.16 |
|
29-Dec-2006 |
reyk |
fix the key buffer size used for software wep, this could cause problems with non-standard wep keys >= 104 bits.
thanks to Alexander Bluhm
ok mglocker@ jsg@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.15 |
|
27-Jun-2006 |
reyk |
add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode and "nwflag nobridge" to prevent inter-station communications. "hidenwid" will also work with wi(4) to replace the old -E 3 option of wicontrol.
ok damien@ jmc@
|
#
1.14 |
|
23-Jun-2006 |
reyk |
add an optional max_rssi attribute to the ieee80211com structure and allow to export the RSSI Max value with ioctls and by radiotap headers.
ok damien@ jsg@
description:
we currently use "dB" as an indication for the signal strength in ifconfig and in the radiotap headers. it means "decibel difference from an arbitrary, fixed reference". this is quite confusing, because different chipsets have different references for the dB/rssi values.
we can use the plain RSSI which is described in IEEE 802.11: "The receive signal strength indicator (RSSI) is an optional parameter that has a value of 0 through RSSI Max.". all wireless chipsets have something like a RSSI (normally as a Rx descriptor field), but the value for RSSI Max is chipset-specific.
if we know the RSSI Max, we can calculate a percentage which is much easier to understand for the user. we even don't have to use the absolute RSSI Max, we can use an average RSSI Max, figured out by monitoring and tuning the RSSI Max of the drivers. if the user gets a signal of 110%, it would mean "better than the average Max signal".
there's no need to do any RSSI calculations in the kernel, it just passes the the relative rssi and max_rssi values to userspace. this is done in the ieee80211_nodereq ioctl structure and possible with a new radiotap header. the radiotap RSSI header allows to get a flexible but common signal indicator instead of the complex and unrelated dB/dBm signal fields. it must include two 8bit values current rssi and RSSI max.
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.13 |
|
13-Sep-2005 |
reyk |
replace the node hash table with a red-black tree. this fixes some bugs in the node table (like duplicate nodes in hostap mode), we get rid of possible hash collisions, and it simplifies the code.
tested by many, ok damien@, jsg@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.12 |
|
25-May-2005 |
reyk |
add ifconfig -M option to replace wicontrol -L and -l for ap scanning and node listing. wicontrol is not supported by net80211 drivers anymore. further improvements will be done.
ok dlg@, jsg@
|
#
1.11 |
|
03-Apr-2005 |
uwe |
remove redundant suser() checks
|
#
1.10 |
|
02-Apr-2005 |
uwe |
Protect SIOCSIFMTU, too.
|
#
1.9 |
|
01-Apr-2005 |
uwe |
Protect more SIOCS* commands with suser() checks.
|
#
1.8 |
|
01-Apr-2005 |
uwe |
Fix some ioctl permission checks on the basis of what if_wi.c does.
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.7 |
|
27-Feb-2005 |
reyk |
remove dead code of unsupported ioctls from FreeBSD. we do it in a different way.
ok deraadt@, martin@
|
#
1.6 |
|
17-Feb-2005 |
reyk |
derived from NetBSD:
--- Make the node table into an LRU cache: least-recently used nodes are at the end of the node queue. Change the reference-counting discipline: ni->ni_refcnt indicates how many times net80211 has granted ni to the driver. Every node in the table with ni_refcnt=0 is eligible to be garbage-collected. The mere presence of a node in the table does not any longer indicate its auth/assoc state; nodes have a ni_state variable, now.
While I am here, patch ieee80211_find_node_for_beacon to do a "best match" by bssid/ssid/channel, not a "perfect match." This keeps net80211 from caching duplicate nodes in the table. ---
ok deraadt@ dlg@, looks good jsg@
|
#
1.5 |
|
15-Feb-2005 |
reyk |
add the manual tx power option. this is supported by some prism2/2.5/3 cards in hostap mode but it depends on the firmware version. support for other wireless chipsets will be added in the future using the net80211-framework.
ok robert@ bob@ danh@, tested by some others
|
#
1.4 |
|
25-Nov-2004 |
reyk |
compatibility ioctls for things like "wicontrol ath0 -l" to list known stations on a net80211-based ap. ok millert@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.3 |
|
28-Jun-2004 |
millert |
Don't restrict WEP keys to exactly 40 or 108 bits.
|
#
1.2 |
|
28-Jun-2004 |
millert |
Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do ap scanning via wicontrol.
|
#
1.1 |
|
22-Jun-2004 |
millert |
Import current NetBSD/FreeBSD 802.11 framework. Based in part on a diff from Matthew Gream.
|
#
1.79 |
|
15-Jan-2020 |
phessler |
If join is connected to an AP, remove the node from the cache so we properly reconnect to the AP
OK stsp@
|
#
1.78 |
|
13-Jan-2020 |
phessler |
When we change attributes for a join essid, we should apply the change immediately instead of waiting to (randomly) switch away and switch back.
Found by martijn@ OK stsp@
|
#
1.77 |
|
11-Nov-2019 |
stsp |
Prevent a NULL deref in ieee80211_node2req() which could be triggered by an ioctl if the driver had not yet initialized the channel map. Crash reported by nayden@ ok sthen@
|
#
1.76 |
|
09-Nov-2019 |
stsp |
Trigger a background scan when root runs the 'ifconfig scan' command. This will update the list of cached APs for future invocations of the 'scan' command, and will force a search for a better AP to roam to. ok sthen@ phessler@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
02-Sep-2019 |
stsp |
branches: 1.75.4; Make net80211 expose reasons for association failures to userland and have ifconfig display them in 'scan' output and on the ieee80211 status line if the failure is applicable to an already selected AP (e.g. wrong WPA key).
This will hopefully reduce the amount of help requests for what often turn out to be trivial misconfiguration issues that were previously hard to diagnose without debug mode.
ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in sync with the kernel. A full 'make build' will do the right thing!
Very helpful input by mpi@ and deraadt@
|
#
1.74 |
|
12-May-2019 |
stsp |
Fix 'ifconfig nwflags; These flags ended up overlapping with other flags in ieee80211com's ic_flags because we haven't been paying attention to them (they're not in the same place in the code and hence easy to miss). Move them to a dedicated variable to avoid this problem in the future.
Add a new 'stayauth' nwflag which can be set to let net80211 ignore deauth frames. This can be useful when deauth frames are being persistently spoofed by an attacker. Idea from beck@
ok beck@ phessler@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.73 |
|
19-Feb-2019 |
stsp |
branches: 1.73.2; Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac. ok patrick@ mpi@
|
#
1.72 |
|
18-Jan-2019 |
phessler |
when removing the currently active network from the join list, disconnect from it as well
OK stsp@
|
#
1.71 |
|
18-Jan-2019 |
phessler |
add a len field when we delete an essid from the joinlist. this will have us properly match, instead of hoping we got lucky when selecting it.
OK stsp@
|
#
1.70 |
|
18-Jan-2019 |
phessler |
let users automatically use join to connect to any open wifi network. if a known network is visible, always prefer that instead.
requested by many, OK stsp@
|
#
1.69 |
|
25-Nov-2018 |
phessler |
print more details about the join'd networks we have saved when a user runs ifconfig if joinlist
OK stsp@
|
#
1.68 |
|
27-Oct-2018 |
phessler |
clean up accounting of the AUTO_JOIN flag by making sure it is set or cleared based on the state of the joinlist
OK stsp@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.67 |
|
10-Sep-2018 |
phessler |
do not immediately set the join'd network, the join command only updates the list.
makes /etc/netstart very fast when ran while the interface is up
OK stsp@
|
#
1.66 |
|
10-Sep-2018 |
phessler |
use the correct essid when switching during the ioctl path
pointed out by stsp@
|
#
1.65 |
|
09-Sep-2018 |
phessler |
convert the things we save in 'join' into a single ioctl. mixing related settings over multiple calls was risky and racy. Pass essid, wpa, and wep paramaters in a single ioctl and process it atomically.
no change for 'nwid' users
OK stsp@ benno@
|
#
1.64 |
|
01-Sep-2018 |
stsp |
Make 'ifconfig nwid' override 'ifconfig join'.
There was no way to override a decision made by join's network selection algorithm (apart from disabling the feature by clearing the join list). Automatic selection is based on heuristics which cannot always guess correctly so we need to provide an override.
One specific problem was that if 'nwid foo' and 'nwid bar' were both visible in the scan and only 'nwid foo' was a member of the join list, then there was no way at all to connect to 'nwid bar'. The wireless stack would keep selecting 'nwid foo' instead.
'ifconfig iwm0 nwid bar' command will now disable automatic network selection and force the use of ESSID 'bar'. Any of these commands will re-enable automatic network selection: ifconfig iwm0 -nwid ifconfig iwm0 nwid '' ifconfig iwm0 join some-network-id
ok phessler@ deraadt@
|
#
1.63 |
|
06-Aug-2018 |
benno |
make ifconfig <if> join display the list of networks configured for auto-join with feedback from florian and stsp ok florian@ phessler@ (on previous versions of the diff) stsp@
|
#
1.62 |
|
06-Aug-2018 |
stsp |
Refactor ieee80211_add_ess():
Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly from the ic to make it more obvious where this function is reading from.
nwids are binary data with an explicit length, so treat them as such instead of treating them like strings.
ok florian phessler
|
#
1.61 |
|
11-Jul-2018 |
phessler |
Introduce 'auto-join' to the wifi 802.11 stack.
This allows a system to remember which ESSIDs it wants to connect to, any relevant security configuration, and switch to it when the network we are currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if: join home wpakey password join work wpakey mekmitasdigoat join open-lounge join cafe wpakey cafe2018 join "wepnetwork" nwkey "12345" dhcp inet6 autoconf up
OK stsp@ reyk@ and enthusiasm from every hackroom I've been in for the last 3 years
|
#
1.60 |
|
26-Apr-2018 |
pirofti |
net80211: stub SIOCS80211SCAN, make ifconfig scan instant.
The following removes the functionality of the SIOCS80211SCAN ioctl. After long discussions with stps@, mpi@, and deraadt@ we decided that this was the correct way of fixing ifconfig scan from blocking the network stack.
The kernel will continue scanning in the background and filling the nodes array, but ifconfig scan commands will now basically do just a SIOCG80211ALLNODES and pretty print the array. So the output stays the same but is instant.
In fact, when the interface is freshly brought up, if you type fast enough, you can see the array being filled by running multiple ifconfig scans in sequence.
The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4) still need it around. But not for long...
Another change that this introduces is the fact that ifconfig scan no longer plays with UP and DOWN. If the interface is down it complains and exits. This is needed in order to maintain the nodes list.
Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).
Tested by mpi@, landry@, florian@, thanks! OK mpi@.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.59 |
|
19-Feb-2018 |
mpi |
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
#
1.58 |
|
27-Nov-2017 |
stsp |
Stop reporting WPA and WEP keys back to userland. The kernel is not a password database; look your wifi keys up elsewhere.
Discussed with several. ok phessler@ jca@
|
#
1.57 |
|
06-Nov-2017 |
phessler |
move a function declaration, so the whole net80211 stack can disable wep or wpa
OK stsp@
|
#
1.56 |
|
05-Nov-2017 |
phessler |
Changing nwid on a wifi network means it is a new network, so clear the WPA and WEP configuration.
OK pirofti@ stsp@ sthen@
|
#
1.55 |
|
27-Oct-2017 |
jsg |
Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009. ok stsp@ kevlo@ jca@
|
#
1.54 |
|
26-Oct-2017 |
mpi |
Move common code to add/remove multicast filters to ieee80211_ioctl(9).
ok jsg@, stsp@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.53 |
|
19-Jul-2017 |
stsp |
Plug an information leak in ieee80211_node2req(). Problem reported by Ilja Van Sprundel. ok tb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.52 |
|
23-Mar-2017 |
tb |
branches: 1.52.4; Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
#
1.51 |
|
21-Mar-2017 |
stsp |
When a new WPA key is set while WEP is enabled, disable WEP, and when a new WEP key is set while WPA is enabled, disable WPA. Prevents unusable configurations where both WEP and WPA are active and makes switching between WEP/WPA networks easier. ok deraadt@ tb@ sthen@
|
#
1.50 |
|
12-Mar-2017 |
stsp |
Introduce separate fields for supported WPA protocols and AKMs in struct ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it currently configured/enabled settings. Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi interface is not configured to use WPA (my previous commit attempted to fix the same problem but didn't make it work in all cases). ok tb@
|
#
1.49 |
|
11-Mar-2017 |
stsp |
Make 'ifconfig scan' display AP encryption correctly if WEP is configured on the local wifi interface. ifconfig was mistakenly showing the common supported subset of client and AP, rather than showing the AP's capabilities. Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means ifconfig must be recompiled to run on a new kernel. ok deraadt@ mpi@
|
#
1.48 |
|
19-Jan-2017 |
stsp |
Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1. Without this fix it was impossible to use WPA1 without also making use of the wpaciphers option to enable TKIP. Problem noticed by pirofti@. ok mpi@
|
#
1.47 |
|
31-Dec-2016 |
phessler |
When we disable WPA on an interface, wipe all of the WPA parameters, including removing the 802.1x configuration from the card.
Found while coming home from CCC Congress.
OK stsp@
|
#
1.46 |
|
20-Dec-2016 |
stsp |
Disable TKIP (WPA1) by default.
It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard.
TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute.
TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8).
Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@
|
#
1.45 |
|
18-Dec-2016 |
stsp |
While copying out channel flags to userspace, omit the HT channel flag if we're not in 11n mode. This will allow tcpdump to show the mode correctly. ok mpi@
|
#
1.44 |
|
15-Sep-2016 |
dlg |
move from RB macros to the RBT functions.
shaves about 5k off an amd64 GENERIC.MP kernel
|
#
1.43 |
|
31-Aug-2016 |
stsp |
If a driver reports RSSI in the 20-100 range, convert to a negative value. Fixes dBm values displayed by 'ifconfig scan' with several drivers. ok mpi@ jca@
|
#
1.42 |
|
15-Aug-2016 |
stsp |
Expose more 802.11n information to userspace: A flag which indicates whether HT has been negotiated with a node, and the current Tx MCS value we use for a node.
This grows struct ieee80211_nodereq. Applications using it must be recompiled.
ok mpi@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.41 |
|
28-Apr-2016 |
stsp |
branches: 1.41.2; Copy some ieee8021_node HT information to userspace. ifconfig needs to be recompiled. ok mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.40 |
|
04-Jan-2016 |
stsp |
Fix manual scan while associated in 11a mode. It would only show APs on 5GHz. Problem found by benno@ ok benno@ kettenis@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.39 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.38 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.37 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
#
1.36 |
|
12-Sep-2014 |
sthen |
Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes which have been seen but which haven't otherwise interacted with us), fixing a problem where old cached nodes are seen when doing a scan. From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
10-Jul-2014 |
stsp |
Return RSN (WPA) information to userland during wireless scan, and make ifconfig show whether a wireless network uses WEP or WPA. Since struct ieee80211_nodereq grows in size old ifconfig won't be able to scan when running on a new kernel. While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP. ok jsg@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.34 |
|
29-Sep-2010 |
kettenis |
In the implementation of the SIOCS80211DELNODE ioctl, call ieee80211_node_leave() instead of ieee80211_release_node() which screws up reference counting and leads to use after free problems elsewhere in the code. Since ieee80211_node_leave() is only available if hostap support is compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling without hostap support (e.g. on ramdisks).
ok deraadt@, damien@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE
|
#
1.33 |
|
12-Sep-2009 |
miod |
Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.32 |
|
06-Jun-2009 |
damien |
In SIOCS80211SCAN, fail if the interface is not up *and* running. There are cases where the interface can be up but not running, for instance if the driver's if_init routine fails halfway for whatever reason (firmware file not found, hardware switch turned off etc...) This is because in sys/net/if.c, the returned code of the driver is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set. netintro(4) does not say anything about values returned by SIOCSIFFLAGS, so I don't know whether it is the expected behavior or not.
pointed out by halex@ and jacekm@ who noticed it was possible to trigger a scan on wpi(4) even when the hardware switch was turned off.
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.31 |
|
15-Feb-2009 |
damien |
make "ifconfig if0 chan" list the channels supported by the device. add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too.
discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
|
#
1.30 |
|
13-Feb-2009 |
damien |
Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'. Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
|
#
1.29 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.28 |
|
14-Dec-2008 |
jsg |
txpower range checks should be inclusive. From FreeBSD via mickey in pr 6024.
ok damien@
|
#
1.27 |
|
03-Dec-2008 |
damien |
small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific flags using "nwflag".
|
#
1.26 |
|
02-Oct-2008 |
brad |
First step towards cleaning up the Ethernet driver ioctl handling. Move calling ether_ioctl() from the top of the ioctl function, which at the moment does absolutely nothing, to the default switch case. Thus allowing drivers to define their own ioctl handlers and then falling back on ether_ioctl(). The only functional change this results in at the moment is having all Ethernet drivers returning the proper errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown ioctl's.
Shrinks the i386 kernels by.. RAMDISK - 1024 bytes RAMDISKB - 1120 bytes RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@ Build tested on almost all archs by todd@/brad@
ok jsing@
|
#
1.25 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.24 |
|
29-Aug-2008 |
damien |
move code to support Frequency-Hopping spread spectrum (FHSS) PHYs to the Attic. nothing uses it in the tree and it is very unlikely that something will use it one day. the only driver supporting FHSS PHYs in the tree is ray(4) and it does not use net80211.
|
#
1.23 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.22 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.21 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.20 |
|
25-Nov-2007 |
brad |
return ENOTTY not EINVAL for an unknown ioctl.
ok reyk@ deraadt@ jsg@ dlg@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.19 |
|
18-Jul-2007 |
damien |
replace the ieee80211_wepkey structure with a more generic ieee80211_key one that can be used with other ciphers than WEP.
|
#
1.18 |
|
16-Jun-2007 |
damien |
constify
|
#
1.17 |
|
06-Jun-2007 |
damien |
The license permits us to redistribute this code under the BSD or the GPLv2. Choose the BSD license so that future enhancements will be BSD-only.
ok jsg@ reyk@ deraadt@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.16 |
|
29-Dec-2006 |
reyk |
fix the key buffer size used for software wep, this could cause problems with non-standard wep keys >= 104 bits.
thanks to Alexander Bluhm
ok mglocker@ jsg@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.15 |
|
27-Jun-2006 |
reyk |
add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode and "nwflag nobridge" to prevent inter-station communications. "hidenwid" will also work with wi(4) to replace the old -E 3 option of wicontrol.
ok damien@ jmc@
|
#
1.14 |
|
23-Jun-2006 |
reyk |
add an optional max_rssi attribute to the ieee80211com structure and allow to export the RSSI Max value with ioctls and by radiotap headers.
ok damien@ jsg@
description:
we currently use "dB" as an indication for the signal strength in ifconfig and in the radiotap headers. it means "decibel difference from an arbitrary, fixed reference". this is quite confusing, because different chipsets have different references for the dB/rssi values.
we can use the plain RSSI which is described in IEEE 802.11: "The receive signal strength indicator (RSSI) is an optional parameter that has a value of 0 through RSSI Max.". all wireless chipsets have something like a RSSI (normally as a Rx descriptor field), but the value for RSSI Max is chipset-specific.
if we know the RSSI Max, we can calculate a percentage which is much easier to understand for the user. we even don't have to use the absolute RSSI Max, we can use an average RSSI Max, figured out by monitoring and tuning the RSSI Max of the drivers. if the user gets a signal of 110%, it would mean "better than the average Max signal".
there's no need to do any RSSI calculations in the kernel, it just passes the the relative rssi and max_rssi values to userspace. this is done in the ieee80211_nodereq ioctl structure and possible with a new radiotap header. the radiotap RSSI header allows to get a flexible but common signal indicator instead of the complex and unrelated dB/dBm signal fields. it must include two 8bit values current rssi and RSSI max.
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.13 |
|
13-Sep-2005 |
reyk |
replace the node hash table with a red-black tree. this fixes some bugs in the node table (like duplicate nodes in hostap mode), we get rid of possible hash collisions, and it simplifies the code.
tested by many, ok damien@, jsg@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.12 |
|
25-May-2005 |
reyk |
add ifconfig -M option to replace wicontrol -L and -l for ap scanning and node listing. wicontrol is not supported by net80211 drivers anymore. further improvements will be done.
ok dlg@, jsg@
|
#
1.11 |
|
03-Apr-2005 |
uwe |
remove redundant suser() checks
|
#
1.10 |
|
02-Apr-2005 |
uwe |
Protect SIOCSIFMTU, too.
|
#
1.9 |
|
01-Apr-2005 |
uwe |
Protect more SIOCS* commands with suser() checks.
|
#
1.8 |
|
01-Apr-2005 |
uwe |
Fix some ioctl permission checks on the basis of what if_wi.c does.
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.7 |
|
27-Feb-2005 |
reyk |
remove dead code of unsupported ioctls from FreeBSD. we do it in a different way.
ok deraadt@, martin@
|
#
1.6 |
|
17-Feb-2005 |
reyk |
derived from NetBSD:
--- Make the node table into an LRU cache: least-recently used nodes are at the end of the node queue. Change the reference-counting discipline: ni->ni_refcnt indicates how many times net80211 has granted ni to the driver. Every node in the table with ni_refcnt=0 is eligible to be garbage-collected. The mere presence of a node in the table does not any longer indicate its auth/assoc state; nodes have a ni_state variable, now.
While I am here, patch ieee80211_find_node_for_beacon to do a "best match" by bssid/ssid/channel, not a "perfect match." This keeps net80211 from caching duplicate nodes in the table. ---
ok deraadt@ dlg@, looks good jsg@
|
#
1.5 |
|
15-Feb-2005 |
reyk |
add the manual tx power option. this is supported by some prism2/2.5/3 cards in hostap mode but it depends on the firmware version. support for other wireless chipsets will be added in the future using the net80211-framework.
ok robert@ bob@ danh@, tested by some others
|
#
1.4 |
|
25-Nov-2004 |
reyk |
compatibility ioctls for things like "wicontrol ath0 -l" to list known stations on a net80211-based ap. ok millert@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.3 |
|
28-Jun-2004 |
millert |
Don't restrict WEP keys to exactly 40 or 108 bits.
|
#
1.2 |
|
28-Jun-2004 |
millert |
Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do ap scanning via wicontrol.
|
#
1.1 |
|
22-Jun-2004 |
millert |
Import current NetBSD/FreeBSD 802.11 framework. Based in part on a diff from Matthew Gream.
|
#
1.78 |
|
13-Jan-2020 |
phessler |
When we change attributes for a join essid, we should apply the change immediately instead of waiting to (randomly) switch away and switch back.
Found by martijn@ OK stsp@
|
#
1.77 |
|
11-Nov-2019 |
stsp |
Prevent a NULL deref in ieee80211_node2req() which could be triggered by an ioctl if the driver had not yet initialized the channel map. Crash reported by nayden@ ok sthen@
|
#
1.76 |
|
09-Nov-2019 |
stsp |
Trigger a background scan when root runs the 'ifconfig scan' command. This will update the list of cached APs for future invocations of the 'scan' command, and will force a search for a better AP to roam to. ok sthen@ phessler@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
02-Sep-2019 |
stsp |
branches: 1.75.4; Make net80211 expose reasons for association failures to userland and have ifconfig display them in 'scan' output and on the ieee80211 status line if the failure is applicable to an already selected AP (e.g. wrong WPA key).
This will hopefully reduce the amount of help requests for what often turn out to be trivial misconfiguration issues that were previously hard to diagnose without debug mode.
ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in sync with the kernel. A full 'make build' will do the right thing!
Very helpful input by mpi@ and deraadt@
|
#
1.74 |
|
12-May-2019 |
stsp |
Fix 'ifconfig nwflags; These flags ended up overlapping with other flags in ieee80211com's ic_flags because we haven't been paying attention to them (they're not in the same place in the code and hence easy to miss). Move them to a dedicated variable to avoid this problem in the future.
Add a new 'stayauth' nwflag which can be set to let net80211 ignore deauth frames. This can be useful when deauth frames are being persistently spoofed by an attacker. Idea from beck@
ok beck@ phessler@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.73 |
|
19-Feb-2019 |
stsp |
branches: 1.73.2; Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac. ok patrick@ mpi@
|
#
1.72 |
|
18-Jan-2019 |
phessler |
when removing the currently active network from the join list, disconnect from it as well
OK stsp@
|
#
1.71 |
|
18-Jan-2019 |
phessler |
add a len field when we delete an essid from the joinlist. this will have us properly match, instead of hoping we got lucky when selecting it.
OK stsp@
|
#
1.70 |
|
18-Jan-2019 |
phessler |
let users automatically use join to connect to any open wifi network. if a known network is visible, always prefer that instead.
requested by many, OK stsp@
|
#
1.69 |
|
25-Nov-2018 |
phessler |
print more details about the join'd networks we have saved when a user runs ifconfig if joinlist
OK stsp@
|
#
1.68 |
|
27-Oct-2018 |
phessler |
clean up accounting of the AUTO_JOIN flag by making sure it is set or cleared based on the state of the joinlist
OK stsp@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.67 |
|
10-Sep-2018 |
phessler |
do not immediately set the join'd network, the join command only updates the list.
makes /etc/netstart very fast when ran while the interface is up
OK stsp@
|
#
1.66 |
|
10-Sep-2018 |
phessler |
use the correct essid when switching during the ioctl path
pointed out by stsp@
|
#
1.65 |
|
09-Sep-2018 |
phessler |
convert the things we save in 'join' into a single ioctl. mixing related settings over multiple calls was risky and racy. Pass essid, wpa, and wep paramaters in a single ioctl and process it atomically.
no change for 'nwid' users
OK stsp@ benno@
|
#
1.64 |
|
01-Sep-2018 |
stsp |
Make 'ifconfig nwid' override 'ifconfig join'.
There was no way to override a decision made by join's network selection algorithm (apart from disabling the feature by clearing the join list). Automatic selection is based on heuristics which cannot always guess correctly so we need to provide an override.
One specific problem was that if 'nwid foo' and 'nwid bar' were both visible in the scan and only 'nwid foo' was a member of the join list, then there was no way at all to connect to 'nwid bar'. The wireless stack would keep selecting 'nwid foo' instead.
'ifconfig iwm0 nwid bar' command will now disable automatic network selection and force the use of ESSID 'bar'. Any of these commands will re-enable automatic network selection: ifconfig iwm0 -nwid ifconfig iwm0 nwid '' ifconfig iwm0 join some-network-id
ok phessler@ deraadt@
|
#
1.63 |
|
06-Aug-2018 |
benno |
make ifconfig <if> join display the list of networks configured for auto-join with feedback from florian and stsp ok florian@ phessler@ (on previous versions of the diff) stsp@
|
#
1.62 |
|
06-Aug-2018 |
stsp |
Refactor ieee80211_add_ess():
Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly from the ic to make it more obvious where this function is reading from.
nwids are binary data with an explicit length, so treat them as such instead of treating them like strings.
ok florian phessler
|
#
1.61 |
|
11-Jul-2018 |
phessler |
Introduce 'auto-join' to the wifi 802.11 stack.
This allows a system to remember which ESSIDs it wants to connect to, any relevant security configuration, and switch to it when the network we are currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if: join home wpakey password join work wpakey mekmitasdigoat join open-lounge join cafe wpakey cafe2018 join "wepnetwork" nwkey "12345" dhcp inet6 autoconf up
OK stsp@ reyk@ and enthusiasm from every hackroom I've been in for the last 3 years
|
#
1.60 |
|
26-Apr-2018 |
pirofti |
net80211: stub SIOCS80211SCAN, make ifconfig scan instant.
The following removes the functionality of the SIOCS80211SCAN ioctl. After long discussions with stps@, mpi@, and deraadt@ we decided that this was the correct way of fixing ifconfig scan from blocking the network stack.
The kernel will continue scanning in the background and filling the nodes array, but ifconfig scan commands will now basically do just a SIOCG80211ALLNODES and pretty print the array. So the output stays the same but is instant.
In fact, when the interface is freshly brought up, if you type fast enough, you can see the array being filled by running multiple ifconfig scans in sequence.
The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4) still need it around. But not for long...
Another change that this introduces is the fact that ifconfig scan no longer plays with UP and DOWN. If the interface is down it complains and exits. This is needed in order to maintain the nodes list.
Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).
Tested by mpi@, landry@, florian@, thanks! OK mpi@.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.59 |
|
19-Feb-2018 |
mpi |
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
#
1.58 |
|
27-Nov-2017 |
stsp |
Stop reporting WPA and WEP keys back to userland. The kernel is not a password database; look your wifi keys up elsewhere.
Discussed with several. ok phessler@ jca@
|
#
1.57 |
|
06-Nov-2017 |
phessler |
move a function declaration, so the whole net80211 stack can disable wep or wpa
OK stsp@
|
#
1.56 |
|
05-Nov-2017 |
phessler |
Changing nwid on a wifi network means it is a new network, so clear the WPA and WEP configuration.
OK pirofti@ stsp@ sthen@
|
#
1.55 |
|
27-Oct-2017 |
jsg |
Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009. ok stsp@ kevlo@ jca@
|
#
1.54 |
|
26-Oct-2017 |
mpi |
Move common code to add/remove multicast filters to ieee80211_ioctl(9).
ok jsg@, stsp@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.53 |
|
19-Jul-2017 |
stsp |
Plug an information leak in ieee80211_node2req(). Problem reported by Ilja Van Sprundel. ok tb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.52 |
|
23-Mar-2017 |
tb |
branches: 1.52.4; Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
#
1.51 |
|
21-Mar-2017 |
stsp |
When a new WPA key is set while WEP is enabled, disable WEP, and when a new WEP key is set while WPA is enabled, disable WPA. Prevents unusable configurations where both WEP and WPA are active and makes switching between WEP/WPA networks easier. ok deraadt@ tb@ sthen@
|
#
1.50 |
|
12-Mar-2017 |
stsp |
Introduce separate fields for supported WPA protocols and AKMs in struct ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it currently configured/enabled settings. Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi interface is not configured to use WPA (my previous commit attempted to fix the same problem but didn't make it work in all cases). ok tb@
|
#
1.49 |
|
11-Mar-2017 |
stsp |
Make 'ifconfig scan' display AP encryption correctly if WEP is configured on the local wifi interface. ifconfig was mistakenly showing the common supported subset of client and AP, rather than showing the AP's capabilities. Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means ifconfig must be recompiled to run on a new kernel. ok deraadt@ mpi@
|
#
1.48 |
|
19-Jan-2017 |
stsp |
Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1. Without this fix it was impossible to use WPA1 without also making use of the wpaciphers option to enable TKIP. Problem noticed by pirofti@. ok mpi@
|
#
1.47 |
|
31-Dec-2016 |
phessler |
When we disable WPA on an interface, wipe all of the WPA parameters, including removing the 802.1x configuration from the card.
Found while coming home from CCC Congress.
OK stsp@
|
#
1.46 |
|
20-Dec-2016 |
stsp |
Disable TKIP (WPA1) by default.
It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard.
TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute.
TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8).
Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@
|
#
1.45 |
|
18-Dec-2016 |
stsp |
While copying out channel flags to userspace, omit the HT channel flag if we're not in 11n mode. This will allow tcpdump to show the mode correctly. ok mpi@
|
#
1.44 |
|
15-Sep-2016 |
dlg |
move from RB macros to the RBT functions.
shaves about 5k off an amd64 GENERIC.MP kernel
|
#
1.43 |
|
31-Aug-2016 |
stsp |
If a driver reports RSSI in the 20-100 range, convert to a negative value. Fixes dBm values displayed by 'ifconfig scan' with several drivers. ok mpi@ jca@
|
#
1.42 |
|
15-Aug-2016 |
stsp |
Expose more 802.11n information to userspace: A flag which indicates whether HT has been negotiated with a node, and the current Tx MCS value we use for a node.
This grows struct ieee80211_nodereq. Applications using it must be recompiled.
ok mpi@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.41 |
|
28-Apr-2016 |
stsp |
branches: 1.41.2; Copy some ieee8021_node HT information to userspace. ifconfig needs to be recompiled. ok mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.40 |
|
04-Jan-2016 |
stsp |
Fix manual scan while associated in 11a mode. It would only show APs on 5GHz. Problem found by benno@ ok benno@ kettenis@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.39 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.38 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.37 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
#
1.36 |
|
12-Sep-2014 |
sthen |
Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes which have been seen but which haven't otherwise interacted with us), fixing a problem where old cached nodes are seen when doing a scan. From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
10-Jul-2014 |
stsp |
Return RSN (WPA) information to userland during wireless scan, and make ifconfig show whether a wireless network uses WEP or WPA. Since struct ieee80211_nodereq grows in size old ifconfig won't be able to scan when running on a new kernel. While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP. ok jsg@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.34 |
|
29-Sep-2010 |
kettenis |
In the implementation of the SIOCS80211DELNODE ioctl, call ieee80211_node_leave() instead of ieee80211_release_node() which screws up reference counting and leads to use after free problems elsewhere in the code. Since ieee80211_node_leave() is only available if hostap support is compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling without hostap support (e.g. on ramdisks).
ok deraadt@, damien@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE
|
#
1.33 |
|
12-Sep-2009 |
miod |
Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.32 |
|
06-Jun-2009 |
damien |
In SIOCS80211SCAN, fail if the interface is not up *and* running. There are cases where the interface can be up but not running, for instance if the driver's if_init routine fails halfway for whatever reason (firmware file not found, hardware switch turned off etc...) This is because in sys/net/if.c, the returned code of the driver is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set. netintro(4) does not say anything about values returned by SIOCSIFFLAGS, so I don't know whether it is the expected behavior or not.
pointed out by halex@ and jacekm@ who noticed it was possible to trigger a scan on wpi(4) even when the hardware switch was turned off.
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.31 |
|
15-Feb-2009 |
damien |
make "ifconfig if0 chan" list the channels supported by the device. add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too.
discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
|
#
1.30 |
|
13-Feb-2009 |
damien |
Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'. Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
|
#
1.29 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.28 |
|
14-Dec-2008 |
jsg |
txpower range checks should be inclusive. From FreeBSD via mickey in pr 6024.
ok damien@
|
#
1.27 |
|
03-Dec-2008 |
damien |
small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific flags using "nwflag".
|
#
1.26 |
|
02-Oct-2008 |
brad |
First step towards cleaning up the Ethernet driver ioctl handling. Move calling ether_ioctl() from the top of the ioctl function, which at the moment does absolutely nothing, to the default switch case. Thus allowing drivers to define their own ioctl handlers and then falling back on ether_ioctl(). The only functional change this results in at the moment is having all Ethernet drivers returning the proper errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown ioctl's.
Shrinks the i386 kernels by.. RAMDISK - 1024 bytes RAMDISKB - 1120 bytes RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@ Build tested on almost all archs by todd@/brad@
ok jsing@
|
#
1.25 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.24 |
|
29-Aug-2008 |
damien |
move code to support Frequency-Hopping spread spectrum (FHSS) PHYs to the Attic. nothing uses it in the tree and it is very unlikely that something will use it one day. the only driver supporting FHSS PHYs in the tree is ray(4) and it does not use net80211.
|
#
1.23 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.22 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.21 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.20 |
|
25-Nov-2007 |
brad |
return ENOTTY not EINVAL for an unknown ioctl.
ok reyk@ deraadt@ jsg@ dlg@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.19 |
|
18-Jul-2007 |
damien |
replace the ieee80211_wepkey structure with a more generic ieee80211_key one that can be used with other ciphers than WEP.
|
#
1.18 |
|
16-Jun-2007 |
damien |
constify
|
#
1.17 |
|
06-Jun-2007 |
damien |
The license permits us to redistribute this code under the BSD or the GPLv2. Choose the BSD license so that future enhancements will be BSD-only.
ok jsg@ reyk@ deraadt@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.16 |
|
29-Dec-2006 |
reyk |
fix the key buffer size used for software wep, this could cause problems with non-standard wep keys >= 104 bits.
thanks to Alexander Bluhm
ok mglocker@ jsg@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.15 |
|
27-Jun-2006 |
reyk |
add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode and "nwflag nobridge" to prevent inter-station communications. "hidenwid" will also work with wi(4) to replace the old -E 3 option of wicontrol.
ok damien@ jmc@
|
#
1.14 |
|
23-Jun-2006 |
reyk |
add an optional max_rssi attribute to the ieee80211com structure and allow to export the RSSI Max value with ioctls and by radiotap headers.
ok damien@ jsg@
description:
we currently use "dB" as an indication for the signal strength in ifconfig and in the radiotap headers. it means "decibel difference from an arbitrary, fixed reference". this is quite confusing, because different chipsets have different references for the dB/rssi values.
we can use the plain RSSI which is described in IEEE 802.11: "The receive signal strength indicator (RSSI) is an optional parameter that has a value of 0 through RSSI Max.". all wireless chipsets have something like a RSSI (normally as a Rx descriptor field), but the value for RSSI Max is chipset-specific.
if we know the RSSI Max, we can calculate a percentage which is much easier to understand for the user. we even don't have to use the absolute RSSI Max, we can use an average RSSI Max, figured out by monitoring and tuning the RSSI Max of the drivers. if the user gets a signal of 110%, it would mean "better than the average Max signal".
there's no need to do any RSSI calculations in the kernel, it just passes the the relative rssi and max_rssi values to userspace. this is done in the ieee80211_nodereq ioctl structure and possible with a new radiotap header. the radiotap RSSI header allows to get a flexible but common signal indicator instead of the complex and unrelated dB/dBm signal fields. it must include two 8bit values current rssi and RSSI max.
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.13 |
|
13-Sep-2005 |
reyk |
replace the node hash table with a red-black tree. this fixes some bugs in the node table (like duplicate nodes in hostap mode), we get rid of possible hash collisions, and it simplifies the code.
tested by many, ok damien@, jsg@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.12 |
|
25-May-2005 |
reyk |
add ifconfig -M option to replace wicontrol -L and -l for ap scanning and node listing. wicontrol is not supported by net80211 drivers anymore. further improvements will be done.
ok dlg@, jsg@
|
#
1.11 |
|
03-Apr-2005 |
uwe |
remove redundant suser() checks
|
#
1.10 |
|
02-Apr-2005 |
uwe |
Protect SIOCSIFMTU, too.
|
#
1.9 |
|
01-Apr-2005 |
uwe |
Protect more SIOCS* commands with suser() checks.
|
#
1.8 |
|
01-Apr-2005 |
uwe |
Fix some ioctl permission checks on the basis of what if_wi.c does.
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.7 |
|
27-Feb-2005 |
reyk |
remove dead code of unsupported ioctls from FreeBSD. we do it in a different way.
ok deraadt@, martin@
|
#
1.6 |
|
17-Feb-2005 |
reyk |
derived from NetBSD:
--- Make the node table into an LRU cache: least-recently used nodes are at the end of the node queue. Change the reference-counting discipline: ni->ni_refcnt indicates how many times net80211 has granted ni to the driver. Every node in the table with ni_refcnt=0 is eligible to be garbage-collected. The mere presence of a node in the table does not any longer indicate its auth/assoc state; nodes have a ni_state variable, now.
While I am here, patch ieee80211_find_node_for_beacon to do a "best match" by bssid/ssid/channel, not a "perfect match." This keeps net80211 from caching duplicate nodes in the table. ---
ok deraadt@ dlg@, looks good jsg@
|
#
1.5 |
|
15-Feb-2005 |
reyk |
add the manual tx power option. this is supported by some prism2/2.5/3 cards in hostap mode but it depends on the firmware version. support for other wireless chipsets will be added in the future using the net80211-framework.
ok robert@ bob@ danh@, tested by some others
|
#
1.4 |
|
25-Nov-2004 |
reyk |
compatibility ioctls for things like "wicontrol ath0 -l" to list known stations on a net80211-based ap. ok millert@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.3 |
|
28-Jun-2004 |
millert |
Don't restrict WEP keys to exactly 40 or 108 bits.
|
#
1.2 |
|
28-Jun-2004 |
millert |
Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do ap scanning via wicontrol.
|
#
1.1 |
|
22-Jun-2004 |
millert |
Import current NetBSD/FreeBSD 802.11 framework. Based in part on a diff from Matthew Gream.
|
#
1.77 |
|
11-Nov-2019 |
stsp |
Prevent a NULL deref in ieee80211_node2req() which could be triggered by an ioctl if the driver had not yet initialized the channel map. Crash reported by nayden@ ok sthen@
|
#
1.76 |
|
09-Nov-2019 |
stsp |
Trigger a background scan when root runs the 'ifconfig scan' command. This will update the list of cached APs for future invocations of the 'scan' command, and will force a search for a better AP to roam to. ok sthen@ phessler@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
02-Sep-2019 |
stsp |
Make net80211 expose reasons for association failures to userland and have ifconfig display them in 'scan' output and on the ieee80211 status line if the failure is applicable to an already selected AP (e.g. wrong WPA key).
This will hopefully reduce the amount of help requests for what often turn out to be trivial misconfiguration issues that were previously hard to diagnose without debug mode.
ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in sync with the kernel. A full 'make build' will do the right thing!
Very helpful input by mpi@ and deraadt@
|
#
1.74 |
|
12-May-2019 |
stsp |
Fix 'ifconfig nwflags; These flags ended up overlapping with other flags in ieee80211com's ic_flags because we haven't been paying attention to them (they're not in the same place in the code and hence easy to miss). Move them to a dedicated variable to avoid this problem in the future.
Add a new 'stayauth' nwflag which can be set to let net80211 ignore deauth frames. This can be useful when deauth frames are being persistently spoofed by an attacker. Idea from beck@
ok beck@ phessler@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.73 |
|
19-Feb-2019 |
stsp |
Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac. ok patrick@ mpi@
|
#
1.72 |
|
18-Jan-2019 |
phessler |
when removing the currently active network from the join list, disconnect from it as well
OK stsp@
|
#
1.71 |
|
18-Jan-2019 |
phessler |
add a len field when we delete an essid from the joinlist. this will have us properly match, instead of hoping we got lucky when selecting it.
OK stsp@
|
#
1.70 |
|
18-Jan-2019 |
phessler |
let users automatically use join to connect to any open wifi network. if a known network is visible, always prefer that instead.
requested by many, OK stsp@
|
#
1.69 |
|
25-Nov-2018 |
phessler |
print more details about the join'd networks we have saved when a user runs ifconfig if joinlist
OK stsp@
|
#
1.68 |
|
27-Oct-2018 |
phessler |
clean up accounting of the AUTO_JOIN flag by making sure it is set or cleared based on the state of the joinlist
OK stsp@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.67 |
|
10-Sep-2018 |
phessler |
do not immediately set the join'd network, the join command only updates the list.
makes /etc/netstart very fast when ran while the interface is up
OK stsp@
|
#
1.66 |
|
10-Sep-2018 |
phessler |
use the correct essid when switching during the ioctl path
pointed out by stsp@
|
#
1.65 |
|
09-Sep-2018 |
phessler |
convert the things we save in 'join' into a single ioctl. mixing related settings over multiple calls was risky and racy. Pass essid, wpa, and wep paramaters in a single ioctl and process it atomically.
no change for 'nwid' users
OK stsp@ benno@
|
#
1.64 |
|
01-Sep-2018 |
stsp |
Make 'ifconfig nwid' override 'ifconfig join'.
There was no way to override a decision made by join's network selection algorithm (apart from disabling the feature by clearing the join list). Automatic selection is based on heuristics which cannot always guess correctly so we need to provide an override.
One specific problem was that if 'nwid foo' and 'nwid bar' were both visible in the scan and only 'nwid foo' was a member of the join list, then there was no way at all to connect to 'nwid bar'. The wireless stack would keep selecting 'nwid foo' instead.
'ifconfig iwm0 nwid bar' command will now disable automatic network selection and force the use of ESSID 'bar'. Any of these commands will re-enable automatic network selection: ifconfig iwm0 -nwid ifconfig iwm0 nwid '' ifconfig iwm0 join some-network-id
ok phessler@ deraadt@
|
#
1.63 |
|
06-Aug-2018 |
benno |
make ifconfig <if> join display the list of networks configured for auto-join with feedback from florian and stsp ok florian@ phessler@ (on previous versions of the diff) stsp@
|
#
1.62 |
|
06-Aug-2018 |
stsp |
Refactor ieee80211_add_ess():
Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly from the ic to make it more obvious where this function is reading from.
nwids are binary data with an explicit length, so treat them as such instead of treating them like strings.
ok florian phessler
|
#
1.61 |
|
11-Jul-2018 |
phessler |
Introduce 'auto-join' to the wifi 802.11 stack.
This allows a system to remember which ESSIDs it wants to connect to, any relevant security configuration, and switch to it when the network we are currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if: join home wpakey password join work wpakey mekmitasdigoat join open-lounge join cafe wpakey cafe2018 join "wepnetwork" nwkey "12345" dhcp inet6 autoconf up
OK stsp@ reyk@ and enthusiasm from every hackroom I've been in for the last 3 years
|
#
1.60 |
|
26-Apr-2018 |
pirofti |
net80211: stub SIOCS80211SCAN, make ifconfig scan instant.
The following removes the functionality of the SIOCS80211SCAN ioctl. After long discussions with stps@, mpi@, and deraadt@ we decided that this was the correct way of fixing ifconfig scan from blocking the network stack.
The kernel will continue scanning in the background and filling the nodes array, but ifconfig scan commands will now basically do just a SIOCG80211ALLNODES and pretty print the array. So the output stays the same but is instant.
In fact, when the interface is freshly brought up, if you type fast enough, you can see the array being filled by running multiple ifconfig scans in sequence.
The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4) still need it around. But not for long...
Another change that this introduces is the fact that ifconfig scan no longer plays with UP and DOWN. If the interface is down it complains and exits. This is needed in order to maintain the nodes list.
Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).
Tested by mpi@, landry@, florian@, thanks! OK mpi@.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.59 |
|
19-Feb-2018 |
mpi |
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
#
1.58 |
|
27-Nov-2017 |
stsp |
Stop reporting WPA and WEP keys back to userland. The kernel is not a password database; look your wifi keys up elsewhere.
Discussed with several. ok phessler@ jca@
|
#
1.57 |
|
06-Nov-2017 |
phessler |
move a function declaration, so the whole net80211 stack can disable wep or wpa
OK stsp@
|
#
1.56 |
|
05-Nov-2017 |
phessler |
Changing nwid on a wifi network means it is a new network, so clear the WPA and WEP configuration.
OK pirofti@ stsp@ sthen@
|
#
1.55 |
|
27-Oct-2017 |
jsg |
Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009. ok stsp@ kevlo@ jca@
|
#
1.54 |
|
26-Oct-2017 |
mpi |
Move common code to add/remove multicast filters to ieee80211_ioctl(9).
ok jsg@, stsp@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.53 |
|
19-Jul-2017 |
stsp |
Plug an information leak in ieee80211_node2req(). Problem reported by Ilja Van Sprundel. ok tb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.52 |
|
23-Mar-2017 |
tb |
branches: 1.52.4; Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
#
1.51 |
|
21-Mar-2017 |
stsp |
When a new WPA key is set while WEP is enabled, disable WEP, and when a new WEP key is set while WPA is enabled, disable WPA. Prevents unusable configurations where both WEP and WPA are active and makes switching between WEP/WPA networks easier. ok deraadt@ tb@ sthen@
|
#
1.50 |
|
12-Mar-2017 |
stsp |
Introduce separate fields for supported WPA protocols and AKMs in struct ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it currently configured/enabled settings. Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi interface is not configured to use WPA (my previous commit attempted to fix the same problem but didn't make it work in all cases). ok tb@
|
#
1.49 |
|
11-Mar-2017 |
stsp |
Make 'ifconfig scan' display AP encryption correctly if WEP is configured on the local wifi interface. ifconfig was mistakenly showing the common supported subset of client and AP, rather than showing the AP's capabilities. Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means ifconfig must be recompiled to run on a new kernel. ok deraadt@ mpi@
|
#
1.48 |
|
19-Jan-2017 |
stsp |
Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1. Without this fix it was impossible to use WPA1 without also making use of the wpaciphers option to enable TKIP. Problem noticed by pirofti@. ok mpi@
|
#
1.47 |
|
31-Dec-2016 |
phessler |
When we disable WPA on an interface, wipe all of the WPA parameters, including removing the 802.1x configuration from the card.
Found while coming home from CCC Congress.
OK stsp@
|
#
1.46 |
|
20-Dec-2016 |
stsp |
Disable TKIP (WPA1) by default.
It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard.
TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute.
TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8).
Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@
|
#
1.45 |
|
18-Dec-2016 |
stsp |
While copying out channel flags to userspace, omit the HT channel flag if we're not in 11n mode. This will allow tcpdump to show the mode correctly. ok mpi@
|
#
1.44 |
|
15-Sep-2016 |
dlg |
move from RB macros to the RBT functions.
shaves about 5k off an amd64 GENERIC.MP kernel
|
#
1.43 |
|
31-Aug-2016 |
stsp |
If a driver reports RSSI in the 20-100 range, convert to a negative value. Fixes dBm values displayed by 'ifconfig scan' with several drivers. ok mpi@ jca@
|
#
1.42 |
|
15-Aug-2016 |
stsp |
Expose more 802.11n information to userspace: A flag which indicates whether HT has been negotiated with a node, and the current Tx MCS value we use for a node.
This grows struct ieee80211_nodereq. Applications using it must be recompiled.
ok mpi@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.41 |
|
28-Apr-2016 |
stsp |
branches: 1.41.2; Copy some ieee8021_node HT information to userspace. ifconfig needs to be recompiled. ok mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.40 |
|
04-Jan-2016 |
stsp |
Fix manual scan while associated in 11a mode. It would only show APs on 5GHz. Problem found by benno@ ok benno@ kettenis@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.39 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.38 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.37 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
#
1.36 |
|
12-Sep-2014 |
sthen |
Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes which have been seen but which haven't otherwise interacted with us), fixing a problem where old cached nodes are seen when doing a scan. From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
10-Jul-2014 |
stsp |
Return RSN (WPA) information to userland during wireless scan, and make ifconfig show whether a wireless network uses WEP or WPA. Since struct ieee80211_nodereq grows in size old ifconfig won't be able to scan when running on a new kernel. While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP. ok jsg@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.34 |
|
29-Sep-2010 |
kettenis |
In the implementation of the SIOCS80211DELNODE ioctl, call ieee80211_node_leave() instead of ieee80211_release_node() which screws up reference counting and leads to use after free problems elsewhere in the code. Since ieee80211_node_leave() is only available if hostap support is compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling without hostap support (e.g. on ramdisks).
ok deraadt@, damien@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE
|
#
1.33 |
|
12-Sep-2009 |
miod |
Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.32 |
|
06-Jun-2009 |
damien |
In SIOCS80211SCAN, fail if the interface is not up *and* running. There are cases where the interface can be up but not running, for instance if the driver's if_init routine fails halfway for whatever reason (firmware file not found, hardware switch turned off etc...) This is because in sys/net/if.c, the returned code of the driver is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set. netintro(4) does not say anything about values returned by SIOCSIFFLAGS, so I don't know whether it is the expected behavior or not.
pointed out by halex@ and jacekm@ who noticed it was possible to trigger a scan on wpi(4) even when the hardware switch was turned off.
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.31 |
|
15-Feb-2009 |
damien |
make "ifconfig if0 chan" list the channels supported by the device. add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too.
discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
|
#
1.30 |
|
13-Feb-2009 |
damien |
Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'. Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
|
#
1.29 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.28 |
|
14-Dec-2008 |
jsg |
txpower range checks should be inclusive. From FreeBSD via mickey in pr 6024.
ok damien@
|
#
1.27 |
|
03-Dec-2008 |
damien |
small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific flags using "nwflag".
|
#
1.26 |
|
02-Oct-2008 |
brad |
First step towards cleaning up the Ethernet driver ioctl handling. Move calling ether_ioctl() from the top of the ioctl function, which at the moment does absolutely nothing, to the default switch case. Thus allowing drivers to define their own ioctl handlers and then falling back on ether_ioctl(). The only functional change this results in at the moment is having all Ethernet drivers returning the proper errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown ioctl's.
Shrinks the i386 kernels by.. RAMDISK - 1024 bytes RAMDISKB - 1120 bytes RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@ Build tested on almost all archs by todd@/brad@
ok jsing@
|
#
1.25 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.24 |
|
29-Aug-2008 |
damien |
move code to support Frequency-Hopping spread spectrum (FHSS) PHYs to the Attic. nothing uses it in the tree and it is very unlikely that something will use it one day. the only driver supporting FHSS PHYs in the tree is ray(4) and it does not use net80211.
|
#
1.23 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.22 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.21 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.20 |
|
25-Nov-2007 |
brad |
return ENOTTY not EINVAL for an unknown ioctl.
ok reyk@ deraadt@ jsg@ dlg@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.19 |
|
18-Jul-2007 |
damien |
replace the ieee80211_wepkey structure with a more generic ieee80211_key one that can be used with other ciphers than WEP.
|
#
1.18 |
|
16-Jun-2007 |
damien |
constify
|
#
1.17 |
|
06-Jun-2007 |
damien |
The license permits us to redistribute this code under the BSD or the GPLv2. Choose the BSD license so that future enhancements will be BSD-only.
ok jsg@ reyk@ deraadt@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.16 |
|
29-Dec-2006 |
reyk |
fix the key buffer size used for software wep, this could cause problems with non-standard wep keys >= 104 bits.
thanks to Alexander Bluhm
ok mglocker@ jsg@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.15 |
|
27-Jun-2006 |
reyk |
add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode and "nwflag nobridge" to prevent inter-station communications. "hidenwid" will also work with wi(4) to replace the old -E 3 option of wicontrol.
ok damien@ jmc@
|
#
1.14 |
|
23-Jun-2006 |
reyk |
add an optional max_rssi attribute to the ieee80211com structure and allow to export the RSSI Max value with ioctls and by radiotap headers.
ok damien@ jsg@
description:
we currently use "dB" as an indication for the signal strength in ifconfig and in the radiotap headers. it means "decibel difference from an arbitrary, fixed reference". this is quite confusing, because different chipsets have different references for the dB/rssi values.
we can use the plain RSSI which is described in IEEE 802.11: "The receive signal strength indicator (RSSI) is an optional parameter that has a value of 0 through RSSI Max.". all wireless chipsets have something like a RSSI (normally as a Rx descriptor field), but the value for RSSI Max is chipset-specific.
if we know the RSSI Max, we can calculate a percentage which is much easier to understand for the user. we even don't have to use the absolute RSSI Max, we can use an average RSSI Max, figured out by monitoring and tuning the RSSI Max of the drivers. if the user gets a signal of 110%, it would mean "better than the average Max signal".
there's no need to do any RSSI calculations in the kernel, it just passes the the relative rssi and max_rssi values to userspace. this is done in the ieee80211_nodereq ioctl structure and possible with a new radiotap header. the radiotap RSSI header allows to get a flexible but common signal indicator instead of the complex and unrelated dB/dBm signal fields. it must include two 8bit values current rssi and RSSI max.
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.13 |
|
13-Sep-2005 |
reyk |
replace the node hash table with a red-black tree. this fixes some bugs in the node table (like duplicate nodes in hostap mode), we get rid of possible hash collisions, and it simplifies the code.
tested by many, ok damien@, jsg@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.12 |
|
25-May-2005 |
reyk |
add ifconfig -M option to replace wicontrol -L and -l for ap scanning and node listing. wicontrol is not supported by net80211 drivers anymore. further improvements will be done.
ok dlg@, jsg@
|
#
1.11 |
|
03-Apr-2005 |
uwe |
remove redundant suser() checks
|
#
1.10 |
|
02-Apr-2005 |
uwe |
Protect SIOCSIFMTU, too.
|
#
1.9 |
|
01-Apr-2005 |
uwe |
Protect more SIOCS* commands with suser() checks.
|
#
1.8 |
|
01-Apr-2005 |
uwe |
Fix some ioctl permission checks on the basis of what if_wi.c does.
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.7 |
|
27-Feb-2005 |
reyk |
remove dead code of unsupported ioctls from FreeBSD. we do it in a different way.
ok deraadt@, martin@
|
#
1.6 |
|
17-Feb-2005 |
reyk |
derived from NetBSD:
--- Make the node table into an LRU cache: least-recently used nodes are at the end of the node queue. Change the reference-counting discipline: ni->ni_refcnt indicates how many times net80211 has granted ni to the driver. Every node in the table with ni_refcnt=0 is eligible to be garbage-collected. The mere presence of a node in the table does not any longer indicate its auth/assoc state; nodes have a ni_state variable, now.
While I am here, patch ieee80211_find_node_for_beacon to do a "best match" by bssid/ssid/channel, not a "perfect match." This keeps net80211 from caching duplicate nodes in the table. ---
ok deraadt@ dlg@, looks good jsg@
|
#
1.5 |
|
15-Feb-2005 |
reyk |
add the manual tx power option. this is supported by some prism2/2.5/3 cards in hostap mode but it depends on the firmware version. support for other wireless chipsets will be added in the future using the net80211-framework.
ok robert@ bob@ danh@, tested by some others
|
#
1.4 |
|
25-Nov-2004 |
reyk |
compatibility ioctls for things like "wicontrol ath0 -l" to list known stations on a net80211-based ap. ok millert@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.3 |
|
28-Jun-2004 |
millert |
Don't restrict WEP keys to exactly 40 or 108 bits.
|
#
1.2 |
|
28-Jun-2004 |
millert |
Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do ap scanning via wicontrol.
|
#
1.1 |
|
22-Jun-2004 |
millert |
Import current NetBSD/FreeBSD 802.11 framework. Based in part on a diff from Matthew Gream.
|
#
1.76 |
|
09-Nov-2019 |
stsp |
Trigger a background scan when root runs the 'ifconfig scan' command. This will update the list of cached APs for future invocations of the 'scan' command, and will force a search for a better AP to roam to. ok sthen@ phessler@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
02-Sep-2019 |
stsp |
Make net80211 expose reasons for association failures to userland and have ifconfig display them in 'scan' output and on the ieee80211 status line if the failure is applicable to an already selected AP (e.g. wrong WPA key).
This will hopefully reduce the amount of help requests for what often turn out to be trivial misconfiguration issues that were previously hard to diagnose without debug mode.
ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in sync with the kernel. A full 'make build' will do the right thing!
Very helpful input by mpi@ and deraadt@
|
#
1.74 |
|
12-May-2019 |
stsp |
Fix 'ifconfig nwflags; These flags ended up overlapping with other flags in ieee80211com's ic_flags because we haven't been paying attention to them (they're not in the same place in the code and hence easy to miss). Move them to a dedicated variable to avoid this problem in the future.
Add a new 'stayauth' nwflag which can be set to let net80211 ignore deauth frames. This can be useful when deauth frames are being persistently spoofed by an attacker. Idea from beck@
ok beck@ phessler@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.73 |
|
19-Feb-2019 |
stsp |
Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac. ok patrick@ mpi@
|
#
1.72 |
|
18-Jan-2019 |
phessler |
when removing the currently active network from the join list, disconnect from it as well
OK stsp@
|
#
1.71 |
|
18-Jan-2019 |
phessler |
add a len field when we delete an essid from the joinlist. this will have us properly match, instead of hoping we got lucky when selecting it.
OK stsp@
|
#
1.70 |
|
18-Jan-2019 |
phessler |
let users automatically use join to connect to any open wifi network. if a known network is visible, always prefer that instead.
requested by many, OK stsp@
|
#
1.69 |
|
25-Nov-2018 |
phessler |
print more details about the join'd networks we have saved when a user runs ifconfig if joinlist
OK stsp@
|
#
1.68 |
|
27-Oct-2018 |
phessler |
clean up accounting of the AUTO_JOIN flag by making sure it is set or cleared based on the state of the joinlist
OK stsp@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.67 |
|
10-Sep-2018 |
phessler |
do not immediately set the join'd network, the join command only updates the list.
makes /etc/netstart very fast when ran while the interface is up
OK stsp@
|
#
1.66 |
|
10-Sep-2018 |
phessler |
use the correct essid when switching during the ioctl path
pointed out by stsp@
|
#
1.65 |
|
09-Sep-2018 |
phessler |
convert the things we save in 'join' into a single ioctl. mixing related settings over multiple calls was risky and racy. Pass essid, wpa, and wep paramaters in a single ioctl and process it atomically.
no change for 'nwid' users
OK stsp@ benno@
|
#
1.64 |
|
01-Sep-2018 |
stsp |
Make 'ifconfig nwid' override 'ifconfig join'.
There was no way to override a decision made by join's network selection algorithm (apart from disabling the feature by clearing the join list). Automatic selection is based on heuristics which cannot always guess correctly so we need to provide an override.
One specific problem was that if 'nwid foo' and 'nwid bar' were both visible in the scan and only 'nwid foo' was a member of the join list, then there was no way at all to connect to 'nwid bar'. The wireless stack would keep selecting 'nwid foo' instead.
'ifconfig iwm0 nwid bar' command will now disable automatic network selection and force the use of ESSID 'bar'. Any of these commands will re-enable automatic network selection: ifconfig iwm0 -nwid ifconfig iwm0 nwid '' ifconfig iwm0 join some-network-id
ok phessler@ deraadt@
|
#
1.63 |
|
06-Aug-2018 |
benno |
make ifconfig <if> join display the list of networks configured for auto-join with feedback from florian and stsp ok florian@ phessler@ (on previous versions of the diff) stsp@
|
#
1.62 |
|
06-Aug-2018 |
stsp |
Refactor ieee80211_add_ess():
Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly from the ic to make it more obvious where this function is reading from.
nwids are binary data with an explicit length, so treat them as such instead of treating them like strings.
ok florian phessler
|
#
1.61 |
|
11-Jul-2018 |
phessler |
Introduce 'auto-join' to the wifi 802.11 stack.
This allows a system to remember which ESSIDs it wants to connect to, any relevant security configuration, and switch to it when the network we are currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if: join home wpakey password join work wpakey mekmitasdigoat join open-lounge join cafe wpakey cafe2018 join "wepnetwork" nwkey "12345" dhcp inet6 autoconf up
OK stsp@ reyk@ and enthusiasm from every hackroom I've been in for the last 3 years
|
#
1.60 |
|
26-Apr-2018 |
pirofti |
net80211: stub SIOCS80211SCAN, make ifconfig scan instant.
The following removes the functionality of the SIOCS80211SCAN ioctl. After long discussions with stps@, mpi@, and deraadt@ we decided that this was the correct way of fixing ifconfig scan from blocking the network stack.
The kernel will continue scanning in the background and filling the nodes array, but ifconfig scan commands will now basically do just a SIOCG80211ALLNODES and pretty print the array. So the output stays the same but is instant.
In fact, when the interface is freshly brought up, if you type fast enough, you can see the array being filled by running multiple ifconfig scans in sequence.
The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4) still need it around. But not for long...
Another change that this introduces is the fact that ifconfig scan no longer plays with UP and DOWN. If the interface is down it complains and exits. This is needed in order to maintain the nodes list.
Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).
Tested by mpi@, landry@, florian@, thanks! OK mpi@.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.59 |
|
19-Feb-2018 |
mpi |
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
#
1.58 |
|
27-Nov-2017 |
stsp |
Stop reporting WPA and WEP keys back to userland. The kernel is not a password database; look your wifi keys up elsewhere.
Discussed with several. ok phessler@ jca@
|
#
1.57 |
|
06-Nov-2017 |
phessler |
move a function declaration, so the whole net80211 stack can disable wep or wpa
OK stsp@
|
#
1.56 |
|
05-Nov-2017 |
phessler |
Changing nwid on a wifi network means it is a new network, so clear the WPA and WEP configuration.
OK pirofti@ stsp@ sthen@
|
#
1.55 |
|
27-Oct-2017 |
jsg |
Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009. ok stsp@ kevlo@ jca@
|
#
1.54 |
|
26-Oct-2017 |
mpi |
Move common code to add/remove multicast filters to ieee80211_ioctl(9).
ok jsg@, stsp@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.53 |
|
19-Jul-2017 |
stsp |
Plug an information leak in ieee80211_node2req(). Problem reported by Ilja Van Sprundel. ok tb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.52 |
|
23-Mar-2017 |
tb |
branches: 1.52.4; Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
#
1.51 |
|
21-Mar-2017 |
stsp |
When a new WPA key is set while WEP is enabled, disable WEP, and when a new WEP key is set while WPA is enabled, disable WPA. Prevents unusable configurations where both WEP and WPA are active and makes switching between WEP/WPA networks easier. ok deraadt@ tb@ sthen@
|
#
1.50 |
|
12-Mar-2017 |
stsp |
Introduce separate fields for supported WPA protocols and AKMs in struct ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it currently configured/enabled settings. Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi interface is not configured to use WPA (my previous commit attempted to fix the same problem but didn't make it work in all cases). ok tb@
|
#
1.49 |
|
11-Mar-2017 |
stsp |
Make 'ifconfig scan' display AP encryption correctly if WEP is configured on the local wifi interface. ifconfig was mistakenly showing the common supported subset of client and AP, rather than showing the AP's capabilities. Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means ifconfig must be recompiled to run on a new kernel. ok deraadt@ mpi@
|
#
1.48 |
|
19-Jan-2017 |
stsp |
Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1. Without this fix it was impossible to use WPA1 without also making use of the wpaciphers option to enable TKIP. Problem noticed by pirofti@. ok mpi@
|
#
1.47 |
|
31-Dec-2016 |
phessler |
When we disable WPA on an interface, wipe all of the WPA parameters, including removing the 802.1x configuration from the card.
Found while coming home from CCC Congress.
OK stsp@
|
#
1.46 |
|
20-Dec-2016 |
stsp |
Disable TKIP (WPA1) by default.
It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard.
TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute.
TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8).
Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@
|
#
1.45 |
|
18-Dec-2016 |
stsp |
While copying out channel flags to userspace, omit the HT channel flag if we're not in 11n mode. This will allow tcpdump to show the mode correctly. ok mpi@
|
#
1.44 |
|
15-Sep-2016 |
dlg |
move from RB macros to the RBT functions.
shaves about 5k off an amd64 GENERIC.MP kernel
|
#
1.43 |
|
31-Aug-2016 |
stsp |
If a driver reports RSSI in the 20-100 range, convert to a negative value. Fixes dBm values displayed by 'ifconfig scan' with several drivers. ok mpi@ jca@
|
#
1.42 |
|
15-Aug-2016 |
stsp |
Expose more 802.11n information to userspace: A flag which indicates whether HT has been negotiated with a node, and the current Tx MCS value we use for a node.
This grows struct ieee80211_nodereq. Applications using it must be recompiled.
ok mpi@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.41 |
|
28-Apr-2016 |
stsp |
branches: 1.41.2; Copy some ieee8021_node HT information to userspace. ifconfig needs to be recompiled. ok mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.40 |
|
04-Jan-2016 |
stsp |
Fix manual scan while associated in 11a mode. It would only show APs on 5GHz. Problem found by benno@ ok benno@ kettenis@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.39 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.38 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.37 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
#
1.36 |
|
12-Sep-2014 |
sthen |
Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes which have been seen but which haven't otherwise interacted with us), fixing a problem where old cached nodes are seen when doing a scan. From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
10-Jul-2014 |
stsp |
Return RSN (WPA) information to userland during wireless scan, and make ifconfig show whether a wireless network uses WEP or WPA. Since struct ieee80211_nodereq grows in size old ifconfig won't be able to scan when running on a new kernel. While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP. ok jsg@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.34 |
|
29-Sep-2010 |
kettenis |
In the implementation of the SIOCS80211DELNODE ioctl, call ieee80211_node_leave() instead of ieee80211_release_node() which screws up reference counting and leads to use after free problems elsewhere in the code. Since ieee80211_node_leave() is only available if hostap support is compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling without hostap support (e.g. on ramdisks).
ok deraadt@, damien@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE
|
#
1.33 |
|
12-Sep-2009 |
miod |
Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.32 |
|
06-Jun-2009 |
damien |
In SIOCS80211SCAN, fail if the interface is not up *and* running. There are cases where the interface can be up but not running, for instance if the driver's if_init routine fails halfway for whatever reason (firmware file not found, hardware switch turned off etc...) This is because in sys/net/if.c, the returned code of the driver is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set. netintro(4) does not say anything about values returned by SIOCSIFFLAGS, so I don't know whether it is the expected behavior or not.
pointed out by halex@ and jacekm@ who noticed it was possible to trigger a scan on wpi(4) even when the hardware switch was turned off.
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.31 |
|
15-Feb-2009 |
damien |
make "ifconfig if0 chan" list the channels supported by the device. add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too.
discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
|
#
1.30 |
|
13-Feb-2009 |
damien |
Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'. Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
|
#
1.29 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.28 |
|
14-Dec-2008 |
jsg |
txpower range checks should be inclusive. From FreeBSD via mickey in pr 6024.
ok damien@
|
#
1.27 |
|
03-Dec-2008 |
damien |
small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific flags using "nwflag".
|
#
1.26 |
|
02-Oct-2008 |
brad |
First step towards cleaning up the Ethernet driver ioctl handling. Move calling ether_ioctl() from the top of the ioctl function, which at the moment does absolutely nothing, to the default switch case. Thus allowing drivers to define their own ioctl handlers and then falling back on ether_ioctl(). The only functional change this results in at the moment is having all Ethernet drivers returning the proper errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown ioctl's.
Shrinks the i386 kernels by.. RAMDISK - 1024 bytes RAMDISKB - 1120 bytes RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@ Build tested on almost all archs by todd@/brad@
ok jsing@
|
#
1.25 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.24 |
|
29-Aug-2008 |
damien |
move code to support Frequency-Hopping spread spectrum (FHSS) PHYs to the Attic. nothing uses it in the tree and it is very unlikely that something will use it one day. the only driver supporting FHSS PHYs in the tree is ray(4) and it does not use net80211.
|
#
1.23 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.22 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.21 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.20 |
|
25-Nov-2007 |
brad |
return ENOTTY not EINVAL for an unknown ioctl.
ok reyk@ deraadt@ jsg@ dlg@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.19 |
|
18-Jul-2007 |
damien |
replace the ieee80211_wepkey structure with a more generic ieee80211_key one that can be used with other ciphers than WEP.
|
#
1.18 |
|
16-Jun-2007 |
damien |
constify
|
#
1.17 |
|
06-Jun-2007 |
damien |
The license permits us to redistribute this code under the BSD or the GPLv2. Choose the BSD license so that future enhancements will be BSD-only.
ok jsg@ reyk@ deraadt@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.16 |
|
29-Dec-2006 |
reyk |
fix the key buffer size used for software wep, this could cause problems with non-standard wep keys >= 104 bits.
thanks to Alexander Bluhm
ok mglocker@ jsg@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.15 |
|
27-Jun-2006 |
reyk |
add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode and "nwflag nobridge" to prevent inter-station communications. "hidenwid" will also work with wi(4) to replace the old -E 3 option of wicontrol.
ok damien@ jmc@
|
#
1.14 |
|
23-Jun-2006 |
reyk |
add an optional max_rssi attribute to the ieee80211com structure and allow to export the RSSI Max value with ioctls and by radiotap headers.
ok damien@ jsg@
description:
we currently use "dB" as an indication for the signal strength in ifconfig and in the radiotap headers. it means "decibel difference from an arbitrary, fixed reference". this is quite confusing, because different chipsets have different references for the dB/rssi values.
we can use the plain RSSI which is described in IEEE 802.11: "The receive signal strength indicator (RSSI) is an optional parameter that has a value of 0 through RSSI Max.". all wireless chipsets have something like a RSSI (normally as a Rx descriptor field), but the value for RSSI Max is chipset-specific.
if we know the RSSI Max, we can calculate a percentage which is much easier to understand for the user. we even don't have to use the absolute RSSI Max, we can use an average RSSI Max, figured out by monitoring and tuning the RSSI Max of the drivers. if the user gets a signal of 110%, it would mean "better than the average Max signal".
there's no need to do any RSSI calculations in the kernel, it just passes the the relative rssi and max_rssi values to userspace. this is done in the ieee80211_nodereq ioctl structure and possible with a new radiotap header. the radiotap RSSI header allows to get a flexible but common signal indicator instead of the complex and unrelated dB/dBm signal fields. it must include two 8bit values current rssi and RSSI max.
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.13 |
|
13-Sep-2005 |
reyk |
replace the node hash table with a red-black tree. this fixes some bugs in the node table (like duplicate nodes in hostap mode), we get rid of possible hash collisions, and it simplifies the code.
tested by many, ok damien@, jsg@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.12 |
|
25-May-2005 |
reyk |
add ifconfig -M option to replace wicontrol -L and -l for ap scanning and node listing. wicontrol is not supported by net80211 drivers anymore. further improvements will be done.
ok dlg@, jsg@
|
#
1.11 |
|
03-Apr-2005 |
uwe |
remove redundant suser() checks
|
#
1.10 |
|
02-Apr-2005 |
uwe |
Protect SIOCSIFMTU, too.
|
#
1.9 |
|
01-Apr-2005 |
uwe |
Protect more SIOCS* commands with suser() checks.
|
#
1.8 |
|
01-Apr-2005 |
uwe |
Fix some ioctl permission checks on the basis of what if_wi.c does.
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.7 |
|
27-Feb-2005 |
reyk |
remove dead code of unsupported ioctls from FreeBSD. we do it in a different way.
ok deraadt@, martin@
|
#
1.6 |
|
17-Feb-2005 |
reyk |
derived from NetBSD:
--- Make the node table into an LRU cache: least-recently used nodes are at the end of the node queue. Change the reference-counting discipline: ni->ni_refcnt indicates how many times net80211 has granted ni to the driver. Every node in the table with ni_refcnt=0 is eligible to be garbage-collected. The mere presence of a node in the table does not any longer indicate its auth/assoc state; nodes have a ni_state variable, now.
While I am here, patch ieee80211_find_node_for_beacon to do a "best match" by bssid/ssid/channel, not a "perfect match." This keeps net80211 from caching duplicate nodes in the table. ---
ok deraadt@ dlg@, looks good jsg@
|
#
1.5 |
|
15-Feb-2005 |
reyk |
add the manual tx power option. this is supported by some prism2/2.5/3 cards in hostap mode but it depends on the firmware version. support for other wireless chipsets will be added in the future using the net80211-framework.
ok robert@ bob@ danh@, tested by some others
|
#
1.4 |
|
25-Nov-2004 |
reyk |
compatibility ioctls for things like "wicontrol ath0 -l" to list known stations on a net80211-based ap. ok millert@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.3 |
|
28-Jun-2004 |
millert |
Don't restrict WEP keys to exactly 40 or 108 bits.
|
#
1.2 |
|
28-Jun-2004 |
millert |
Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do ap scanning via wicontrol.
|
#
1.1 |
|
22-Jun-2004 |
millert |
Import current NetBSD/FreeBSD 802.11 framework. Based in part on a diff from Matthew Gream.
|
#
1.75 |
|
02-Sep-2019 |
stsp |
Make net80211 expose reasons for association failures to userland and have ifconfig display them in 'scan' output and on the ieee80211 status line if the failure is applicable to an already selected AP (e.g. wrong WPA key).
This will hopefully reduce the amount of help requests for what often turn out to be trivial misconfiguration issues that were previously hard to diagnose without debug mode.
ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in sync with the kernel. A full 'make build' will do the right thing!
Very helpful input by mpi@ and deraadt@
|
#
1.74 |
|
12-May-2019 |
stsp |
Fix 'ifconfig nwflags; These flags ended up overlapping with other flags in ieee80211com's ic_flags because we haven't been paying attention to them (they're not in the same place in the code and hence easy to miss). Move them to a dedicated variable to avoid this problem in the future.
Add a new 'stayauth' nwflag which can be set to let net80211 ignore deauth frames. This can be useful when deauth frames are being persistently spoofed by an attacker. Idea from beck@
ok beck@ phessler@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.73 |
|
19-Feb-2019 |
stsp |
Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac. ok patrick@ mpi@
|
#
1.72 |
|
18-Jan-2019 |
phessler |
when removing the currently active network from the join list, disconnect from it as well
OK stsp@
|
#
1.71 |
|
18-Jan-2019 |
phessler |
add a len field when we delete an essid from the joinlist. this will have us properly match, instead of hoping we got lucky when selecting it.
OK stsp@
|
#
1.70 |
|
18-Jan-2019 |
phessler |
let users automatically use join to connect to any open wifi network. if a known network is visible, always prefer that instead.
requested by many, OK stsp@
|
#
1.69 |
|
25-Nov-2018 |
phessler |
print more details about the join'd networks we have saved when a user runs ifconfig if joinlist
OK stsp@
|
#
1.68 |
|
27-Oct-2018 |
phessler |
clean up accounting of the AUTO_JOIN flag by making sure it is set or cleared based on the state of the joinlist
OK stsp@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.67 |
|
10-Sep-2018 |
phessler |
do not immediately set the join'd network, the join command only updates the list.
makes /etc/netstart very fast when ran while the interface is up
OK stsp@
|
#
1.66 |
|
10-Sep-2018 |
phessler |
use the correct essid when switching during the ioctl path
pointed out by stsp@
|
#
1.65 |
|
09-Sep-2018 |
phessler |
convert the things we save in 'join' into a single ioctl. mixing related settings over multiple calls was risky and racy. Pass essid, wpa, and wep paramaters in a single ioctl and process it atomically.
no change for 'nwid' users
OK stsp@ benno@
|
#
1.64 |
|
01-Sep-2018 |
stsp |
Make 'ifconfig nwid' override 'ifconfig join'.
There was no way to override a decision made by join's network selection algorithm (apart from disabling the feature by clearing the join list). Automatic selection is based on heuristics which cannot always guess correctly so we need to provide an override.
One specific problem was that if 'nwid foo' and 'nwid bar' were both visible in the scan and only 'nwid foo' was a member of the join list, then there was no way at all to connect to 'nwid bar'. The wireless stack would keep selecting 'nwid foo' instead.
'ifconfig iwm0 nwid bar' command will now disable automatic network selection and force the use of ESSID 'bar'. Any of these commands will re-enable automatic network selection: ifconfig iwm0 -nwid ifconfig iwm0 nwid '' ifconfig iwm0 join some-network-id
ok phessler@ deraadt@
|
#
1.63 |
|
06-Aug-2018 |
benno |
make ifconfig <if> join display the list of networks configured for auto-join with feedback from florian and stsp ok florian@ phessler@ (on previous versions of the diff) stsp@
|
#
1.62 |
|
06-Aug-2018 |
stsp |
Refactor ieee80211_add_ess():
Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly from the ic to make it more obvious where this function is reading from.
nwids are binary data with an explicit length, so treat them as such instead of treating them like strings.
ok florian phessler
|
#
1.61 |
|
11-Jul-2018 |
phessler |
Introduce 'auto-join' to the wifi 802.11 stack.
This allows a system to remember which ESSIDs it wants to connect to, any relevant security configuration, and switch to it when the network we are currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if: join home wpakey password join work wpakey mekmitasdigoat join open-lounge join cafe wpakey cafe2018 join "wepnetwork" nwkey "12345" dhcp inet6 autoconf up
OK stsp@ reyk@ and enthusiasm from every hackroom I've been in for the last 3 years
|
#
1.60 |
|
26-Apr-2018 |
pirofti |
net80211: stub SIOCS80211SCAN, make ifconfig scan instant.
The following removes the functionality of the SIOCS80211SCAN ioctl. After long discussions with stps@, mpi@, and deraadt@ we decided that this was the correct way of fixing ifconfig scan from blocking the network stack.
The kernel will continue scanning in the background and filling the nodes array, but ifconfig scan commands will now basically do just a SIOCG80211ALLNODES and pretty print the array. So the output stays the same but is instant.
In fact, when the interface is freshly brought up, if you type fast enough, you can see the array being filled by running multiple ifconfig scans in sequence.
The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4) still need it around. But not for long...
Another change that this introduces is the fact that ifconfig scan no longer plays with UP and DOWN. If the interface is down it complains and exits. This is needed in order to maintain the nodes list.
Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).
Tested by mpi@, landry@, florian@, thanks! OK mpi@.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.59 |
|
19-Feb-2018 |
mpi |
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
#
1.58 |
|
27-Nov-2017 |
stsp |
Stop reporting WPA and WEP keys back to userland. The kernel is not a password database; look your wifi keys up elsewhere.
Discussed with several. ok phessler@ jca@
|
#
1.57 |
|
06-Nov-2017 |
phessler |
move a function declaration, so the whole net80211 stack can disable wep or wpa
OK stsp@
|
#
1.56 |
|
05-Nov-2017 |
phessler |
Changing nwid on a wifi network means it is a new network, so clear the WPA and WEP configuration.
OK pirofti@ stsp@ sthen@
|
#
1.55 |
|
27-Oct-2017 |
jsg |
Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009. ok stsp@ kevlo@ jca@
|
#
1.54 |
|
26-Oct-2017 |
mpi |
Move common code to add/remove multicast filters to ieee80211_ioctl(9).
ok jsg@, stsp@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.53 |
|
19-Jul-2017 |
stsp |
Plug an information leak in ieee80211_node2req(). Problem reported by Ilja Van Sprundel. ok tb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.52 |
|
23-Mar-2017 |
tb |
branches: 1.52.4; Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
#
1.51 |
|
21-Mar-2017 |
stsp |
When a new WPA key is set while WEP is enabled, disable WEP, and when a new WEP key is set while WPA is enabled, disable WPA. Prevents unusable configurations where both WEP and WPA are active and makes switching between WEP/WPA networks easier. ok deraadt@ tb@ sthen@
|
#
1.50 |
|
12-Mar-2017 |
stsp |
Introduce separate fields for supported WPA protocols and AKMs in struct ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it currently configured/enabled settings. Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi interface is not configured to use WPA (my previous commit attempted to fix the same problem but didn't make it work in all cases). ok tb@
|
#
1.49 |
|
11-Mar-2017 |
stsp |
Make 'ifconfig scan' display AP encryption correctly if WEP is configured on the local wifi interface. ifconfig was mistakenly showing the common supported subset of client and AP, rather than showing the AP's capabilities. Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means ifconfig must be recompiled to run on a new kernel. ok deraadt@ mpi@
|
#
1.48 |
|
19-Jan-2017 |
stsp |
Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1. Without this fix it was impossible to use WPA1 without also making use of the wpaciphers option to enable TKIP. Problem noticed by pirofti@. ok mpi@
|
#
1.47 |
|
31-Dec-2016 |
phessler |
When we disable WPA on an interface, wipe all of the WPA parameters, including removing the 802.1x configuration from the card.
Found while coming home from CCC Congress.
OK stsp@
|
#
1.46 |
|
20-Dec-2016 |
stsp |
Disable TKIP (WPA1) by default.
It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard.
TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute.
TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8).
Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@
|
#
1.45 |
|
18-Dec-2016 |
stsp |
While copying out channel flags to userspace, omit the HT channel flag if we're not in 11n mode. This will allow tcpdump to show the mode correctly. ok mpi@
|
#
1.44 |
|
15-Sep-2016 |
dlg |
move from RB macros to the RBT functions.
shaves about 5k off an amd64 GENERIC.MP kernel
|
#
1.43 |
|
31-Aug-2016 |
stsp |
If a driver reports RSSI in the 20-100 range, convert to a negative value. Fixes dBm values displayed by 'ifconfig scan' with several drivers. ok mpi@ jca@
|
#
1.42 |
|
15-Aug-2016 |
stsp |
Expose more 802.11n information to userspace: A flag which indicates whether HT has been negotiated with a node, and the current Tx MCS value we use for a node.
This grows struct ieee80211_nodereq. Applications using it must be recompiled.
ok mpi@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.41 |
|
28-Apr-2016 |
stsp |
branches: 1.41.2; Copy some ieee8021_node HT information to userspace. ifconfig needs to be recompiled. ok mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.40 |
|
04-Jan-2016 |
stsp |
Fix manual scan while associated in 11a mode. It would only show APs on 5GHz. Problem found by benno@ ok benno@ kettenis@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.39 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.38 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.37 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
#
1.36 |
|
12-Sep-2014 |
sthen |
Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes which have been seen but which haven't otherwise interacted with us), fixing a problem where old cached nodes are seen when doing a scan. From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
10-Jul-2014 |
stsp |
Return RSN (WPA) information to userland during wireless scan, and make ifconfig show whether a wireless network uses WEP or WPA. Since struct ieee80211_nodereq grows in size old ifconfig won't be able to scan when running on a new kernel. While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP. ok jsg@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.34 |
|
29-Sep-2010 |
kettenis |
In the implementation of the SIOCS80211DELNODE ioctl, call ieee80211_node_leave() instead of ieee80211_release_node() which screws up reference counting and leads to use after free problems elsewhere in the code. Since ieee80211_node_leave() is only available if hostap support is compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling without hostap support (e.g. on ramdisks).
ok deraadt@, damien@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE
|
#
1.33 |
|
12-Sep-2009 |
miod |
Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.32 |
|
06-Jun-2009 |
damien |
In SIOCS80211SCAN, fail if the interface is not up *and* running. There are cases where the interface can be up but not running, for instance if the driver's if_init routine fails halfway for whatever reason (firmware file not found, hardware switch turned off etc...) This is because in sys/net/if.c, the returned code of the driver is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set. netintro(4) does not say anything about values returned by SIOCSIFFLAGS, so I don't know whether it is the expected behavior or not.
pointed out by halex@ and jacekm@ who noticed it was possible to trigger a scan on wpi(4) even when the hardware switch was turned off.
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.31 |
|
15-Feb-2009 |
damien |
make "ifconfig if0 chan" list the channels supported by the device. add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too.
discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
|
#
1.30 |
|
13-Feb-2009 |
damien |
Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'. Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
|
#
1.29 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.28 |
|
14-Dec-2008 |
jsg |
txpower range checks should be inclusive. From FreeBSD via mickey in pr 6024.
ok damien@
|
#
1.27 |
|
03-Dec-2008 |
damien |
small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific flags using "nwflag".
|
#
1.26 |
|
02-Oct-2008 |
brad |
First step towards cleaning up the Ethernet driver ioctl handling. Move calling ether_ioctl() from the top of the ioctl function, which at the moment does absolutely nothing, to the default switch case. Thus allowing drivers to define their own ioctl handlers and then falling back on ether_ioctl(). The only functional change this results in at the moment is having all Ethernet drivers returning the proper errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown ioctl's.
Shrinks the i386 kernels by.. RAMDISK - 1024 bytes RAMDISKB - 1120 bytes RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@ Build tested on almost all archs by todd@/brad@
ok jsing@
|
#
1.25 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.24 |
|
29-Aug-2008 |
damien |
move code to support Frequency-Hopping spread spectrum (FHSS) PHYs to the Attic. nothing uses it in the tree and it is very unlikely that something will use it one day. the only driver supporting FHSS PHYs in the tree is ray(4) and it does not use net80211.
|
#
1.23 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.22 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.21 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.20 |
|
25-Nov-2007 |
brad |
return ENOTTY not EINVAL for an unknown ioctl.
ok reyk@ deraadt@ jsg@ dlg@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.19 |
|
18-Jul-2007 |
damien |
replace the ieee80211_wepkey structure with a more generic ieee80211_key one that can be used with other ciphers than WEP.
|
#
1.18 |
|
16-Jun-2007 |
damien |
constify
|
#
1.17 |
|
06-Jun-2007 |
damien |
The license permits us to redistribute this code under the BSD or the GPLv2. Choose the BSD license so that future enhancements will be BSD-only.
ok jsg@ reyk@ deraadt@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.16 |
|
29-Dec-2006 |
reyk |
fix the key buffer size used for software wep, this could cause problems with non-standard wep keys >= 104 bits.
thanks to Alexander Bluhm
ok mglocker@ jsg@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.15 |
|
27-Jun-2006 |
reyk |
add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode and "nwflag nobridge" to prevent inter-station communications. "hidenwid" will also work with wi(4) to replace the old -E 3 option of wicontrol.
ok damien@ jmc@
|
#
1.14 |
|
23-Jun-2006 |
reyk |
add an optional max_rssi attribute to the ieee80211com structure and allow to export the RSSI Max value with ioctls and by radiotap headers.
ok damien@ jsg@
description:
we currently use "dB" as an indication for the signal strength in ifconfig and in the radiotap headers. it means "decibel difference from an arbitrary, fixed reference". this is quite confusing, because different chipsets have different references for the dB/rssi values.
we can use the plain RSSI which is described in IEEE 802.11: "The receive signal strength indicator (RSSI) is an optional parameter that has a value of 0 through RSSI Max.". all wireless chipsets have something like a RSSI (normally as a Rx descriptor field), but the value for RSSI Max is chipset-specific.
if we know the RSSI Max, we can calculate a percentage which is much easier to understand for the user. we even don't have to use the absolute RSSI Max, we can use an average RSSI Max, figured out by monitoring and tuning the RSSI Max of the drivers. if the user gets a signal of 110%, it would mean "better than the average Max signal".
there's no need to do any RSSI calculations in the kernel, it just passes the the relative rssi and max_rssi values to userspace. this is done in the ieee80211_nodereq ioctl structure and possible with a new radiotap header. the radiotap RSSI header allows to get a flexible but common signal indicator instead of the complex and unrelated dB/dBm signal fields. it must include two 8bit values current rssi and RSSI max.
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.13 |
|
13-Sep-2005 |
reyk |
replace the node hash table with a red-black tree. this fixes some bugs in the node table (like duplicate nodes in hostap mode), we get rid of possible hash collisions, and it simplifies the code.
tested by many, ok damien@, jsg@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.12 |
|
25-May-2005 |
reyk |
add ifconfig -M option to replace wicontrol -L and -l for ap scanning and node listing. wicontrol is not supported by net80211 drivers anymore. further improvements will be done.
ok dlg@, jsg@
|
#
1.11 |
|
03-Apr-2005 |
uwe |
remove redundant suser() checks
|
#
1.10 |
|
02-Apr-2005 |
uwe |
Protect SIOCSIFMTU, too.
|
#
1.9 |
|
01-Apr-2005 |
uwe |
Protect more SIOCS* commands with suser() checks.
|
#
1.8 |
|
01-Apr-2005 |
uwe |
Fix some ioctl permission checks on the basis of what if_wi.c does.
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.7 |
|
27-Feb-2005 |
reyk |
remove dead code of unsupported ioctls from FreeBSD. we do it in a different way.
ok deraadt@, martin@
|
#
1.6 |
|
17-Feb-2005 |
reyk |
derived from NetBSD:
--- Make the node table into an LRU cache: least-recently used nodes are at the end of the node queue. Change the reference-counting discipline: ni->ni_refcnt indicates how many times net80211 has granted ni to the driver. Every node in the table with ni_refcnt=0 is eligible to be garbage-collected. The mere presence of a node in the table does not any longer indicate its auth/assoc state; nodes have a ni_state variable, now.
While I am here, patch ieee80211_find_node_for_beacon to do a "best match" by bssid/ssid/channel, not a "perfect match." This keeps net80211 from caching duplicate nodes in the table. ---
ok deraadt@ dlg@, looks good jsg@
|
#
1.5 |
|
15-Feb-2005 |
reyk |
add the manual tx power option. this is supported by some prism2/2.5/3 cards in hostap mode but it depends on the firmware version. support for other wireless chipsets will be added in the future using the net80211-framework.
ok robert@ bob@ danh@, tested by some others
|
#
1.4 |
|
25-Nov-2004 |
reyk |
compatibility ioctls for things like "wicontrol ath0 -l" to list known stations on a net80211-based ap. ok millert@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.3 |
|
28-Jun-2004 |
millert |
Don't restrict WEP keys to exactly 40 or 108 bits.
|
#
1.2 |
|
28-Jun-2004 |
millert |
Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do ap scanning via wicontrol.
|
#
1.1 |
|
22-Jun-2004 |
millert |
Import current NetBSD/FreeBSD 802.11 framework. Based in part on a diff from Matthew Gream.
|
#
1.74 |
|
12-May-2019 |
stsp |
Fix 'ifconfig nwflags; These flags ended up overlapping with other flags in ieee80211com's ic_flags because we haven't been paying attention to them (they're not in the same place in the code and hence easy to miss). Move them to a dedicated variable to avoid this problem in the future.
Add a new 'stayauth' nwflag which can be set to let net80211 ignore deauth frames. This can be useful when deauth frames are being persistently spoofed by an attacker. Idea from beck@
ok beck@ phessler@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.73 |
|
19-Feb-2019 |
stsp |
Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac. ok patrick@ mpi@
|
#
1.72 |
|
18-Jan-2019 |
phessler |
when removing the currently active network from the join list, disconnect from it as well
OK stsp@
|
#
1.71 |
|
18-Jan-2019 |
phessler |
add a len field when we delete an essid from the joinlist. this will have us properly match, instead of hoping we got lucky when selecting it.
OK stsp@
|
#
1.70 |
|
18-Jan-2019 |
phessler |
let users automatically use join to connect to any open wifi network. if a known network is visible, always prefer that instead.
requested by many, OK stsp@
|
#
1.69 |
|
25-Nov-2018 |
phessler |
print more details about the join'd networks we have saved when a user runs ifconfig if joinlist
OK stsp@
|
#
1.68 |
|
27-Oct-2018 |
phessler |
clean up accounting of the AUTO_JOIN flag by making sure it is set or cleared based on the state of the joinlist
OK stsp@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.67 |
|
10-Sep-2018 |
phessler |
do not immediately set the join'd network, the join command only updates the list.
makes /etc/netstart very fast when ran while the interface is up
OK stsp@
|
#
1.66 |
|
10-Sep-2018 |
phessler |
use the correct essid when switching during the ioctl path
pointed out by stsp@
|
#
1.65 |
|
09-Sep-2018 |
phessler |
convert the things we save in 'join' into a single ioctl. mixing related settings over multiple calls was risky and racy. Pass essid, wpa, and wep paramaters in a single ioctl and process it atomically.
no change for 'nwid' users
OK stsp@ benno@
|
#
1.64 |
|
01-Sep-2018 |
stsp |
Make 'ifconfig nwid' override 'ifconfig join'.
There was no way to override a decision made by join's network selection algorithm (apart from disabling the feature by clearing the join list). Automatic selection is based on heuristics which cannot always guess correctly so we need to provide an override.
One specific problem was that if 'nwid foo' and 'nwid bar' were both visible in the scan and only 'nwid foo' was a member of the join list, then there was no way at all to connect to 'nwid bar'. The wireless stack would keep selecting 'nwid foo' instead.
'ifconfig iwm0 nwid bar' command will now disable automatic network selection and force the use of ESSID 'bar'. Any of these commands will re-enable automatic network selection: ifconfig iwm0 -nwid ifconfig iwm0 nwid '' ifconfig iwm0 join some-network-id
ok phessler@ deraadt@
|
#
1.63 |
|
06-Aug-2018 |
benno |
make ifconfig <if> join display the list of networks configured for auto-join with feedback from florian and stsp ok florian@ phessler@ (on previous versions of the diff) stsp@
|
#
1.62 |
|
06-Aug-2018 |
stsp |
Refactor ieee80211_add_ess():
Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly from the ic to make it more obvious where this function is reading from.
nwids are binary data with an explicit length, so treat them as such instead of treating them like strings.
ok florian phessler
|
#
1.61 |
|
11-Jul-2018 |
phessler |
Introduce 'auto-join' to the wifi 802.11 stack.
This allows a system to remember which ESSIDs it wants to connect to, any relevant security configuration, and switch to it when the network we are currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if: join home wpakey password join work wpakey mekmitasdigoat join open-lounge join cafe wpakey cafe2018 join "wepnetwork" nwkey "12345" dhcp inet6 autoconf up
OK stsp@ reyk@ and enthusiasm from every hackroom I've been in for the last 3 years
|
#
1.60 |
|
26-Apr-2018 |
pirofti |
net80211: stub SIOCS80211SCAN, make ifconfig scan instant.
The following removes the functionality of the SIOCS80211SCAN ioctl. After long discussions with stps@, mpi@, and deraadt@ we decided that this was the correct way of fixing ifconfig scan from blocking the network stack.
The kernel will continue scanning in the background and filling the nodes array, but ifconfig scan commands will now basically do just a SIOCG80211ALLNODES and pretty print the array. So the output stays the same but is instant.
In fact, when the interface is freshly brought up, if you type fast enough, you can see the array being filled by running multiple ifconfig scans in sequence.
The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4) still need it around. But not for long...
Another change that this introduces is the fact that ifconfig scan no longer plays with UP and DOWN. If the interface is down it complains and exits. This is needed in order to maintain the nodes list.
Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).
Tested by mpi@, landry@, florian@, thanks! OK mpi@.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.59 |
|
19-Feb-2018 |
mpi |
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
#
1.58 |
|
27-Nov-2017 |
stsp |
Stop reporting WPA and WEP keys back to userland. The kernel is not a password database; look your wifi keys up elsewhere.
Discussed with several. ok phessler@ jca@
|
#
1.57 |
|
06-Nov-2017 |
phessler |
move a function declaration, so the whole net80211 stack can disable wep or wpa
OK stsp@
|
#
1.56 |
|
05-Nov-2017 |
phessler |
Changing nwid on a wifi network means it is a new network, so clear the WPA and WEP configuration.
OK pirofti@ stsp@ sthen@
|
#
1.55 |
|
27-Oct-2017 |
jsg |
Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009. ok stsp@ kevlo@ jca@
|
#
1.54 |
|
26-Oct-2017 |
mpi |
Move common code to add/remove multicast filters to ieee80211_ioctl(9).
ok jsg@, stsp@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.53 |
|
19-Jul-2017 |
stsp |
Plug an information leak in ieee80211_node2req(). Problem reported by Ilja Van Sprundel. ok tb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.52 |
|
23-Mar-2017 |
tb |
branches: 1.52.4; Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
#
1.51 |
|
21-Mar-2017 |
stsp |
When a new WPA key is set while WEP is enabled, disable WEP, and when a new WEP key is set while WPA is enabled, disable WPA. Prevents unusable configurations where both WEP and WPA are active and makes switching between WEP/WPA networks easier. ok deraadt@ tb@ sthen@
|
#
1.50 |
|
12-Mar-2017 |
stsp |
Introduce separate fields for supported WPA protocols and AKMs in struct ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it currently configured/enabled settings. Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi interface is not configured to use WPA (my previous commit attempted to fix the same problem but didn't make it work in all cases). ok tb@
|
#
1.49 |
|
11-Mar-2017 |
stsp |
Make 'ifconfig scan' display AP encryption correctly if WEP is configured on the local wifi interface. ifconfig was mistakenly showing the common supported subset of client and AP, rather than showing the AP's capabilities. Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means ifconfig must be recompiled to run on a new kernel. ok deraadt@ mpi@
|
#
1.48 |
|
19-Jan-2017 |
stsp |
Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1. Without this fix it was impossible to use WPA1 without also making use of the wpaciphers option to enable TKIP. Problem noticed by pirofti@. ok mpi@
|
#
1.47 |
|
31-Dec-2016 |
phessler |
When we disable WPA on an interface, wipe all of the WPA parameters, including removing the 802.1x configuration from the card.
Found while coming home from CCC Congress.
OK stsp@
|
#
1.46 |
|
20-Dec-2016 |
stsp |
Disable TKIP (WPA1) by default.
It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard.
TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute.
TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8).
Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@
|
#
1.45 |
|
18-Dec-2016 |
stsp |
While copying out channel flags to userspace, omit the HT channel flag if we're not in 11n mode. This will allow tcpdump to show the mode correctly. ok mpi@
|
#
1.44 |
|
15-Sep-2016 |
dlg |
move from RB macros to the RBT functions.
shaves about 5k off an amd64 GENERIC.MP kernel
|
#
1.43 |
|
31-Aug-2016 |
stsp |
If a driver reports RSSI in the 20-100 range, convert to a negative value. Fixes dBm values displayed by 'ifconfig scan' with several drivers. ok mpi@ jca@
|
#
1.42 |
|
15-Aug-2016 |
stsp |
Expose more 802.11n information to userspace: A flag which indicates whether HT has been negotiated with a node, and the current Tx MCS value we use for a node.
This grows struct ieee80211_nodereq. Applications using it must be recompiled.
ok mpi@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.41 |
|
28-Apr-2016 |
stsp |
branches: 1.41.2; Copy some ieee8021_node HT information to userspace. ifconfig needs to be recompiled. ok mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.40 |
|
04-Jan-2016 |
stsp |
Fix manual scan while associated in 11a mode. It would only show APs on 5GHz. Problem found by benno@ ok benno@ kettenis@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.39 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.38 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.37 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
#
1.36 |
|
12-Sep-2014 |
sthen |
Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes which have been seen but which haven't otherwise interacted with us), fixing a problem where old cached nodes are seen when doing a scan. From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
10-Jul-2014 |
stsp |
Return RSN (WPA) information to userland during wireless scan, and make ifconfig show whether a wireless network uses WEP or WPA. Since struct ieee80211_nodereq grows in size old ifconfig won't be able to scan when running on a new kernel. While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP. ok jsg@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.34 |
|
29-Sep-2010 |
kettenis |
In the implementation of the SIOCS80211DELNODE ioctl, call ieee80211_node_leave() instead of ieee80211_release_node() which screws up reference counting and leads to use after free problems elsewhere in the code. Since ieee80211_node_leave() is only available if hostap support is compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling without hostap support (e.g. on ramdisks).
ok deraadt@, damien@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE
|
#
1.33 |
|
12-Sep-2009 |
miod |
Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.32 |
|
06-Jun-2009 |
damien |
In SIOCS80211SCAN, fail if the interface is not up *and* running. There are cases where the interface can be up but not running, for instance if the driver's if_init routine fails halfway for whatever reason (firmware file not found, hardware switch turned off etc...) This is because in sys/net/if.c, the returned code of the driver is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set. netintro(4) does not say anything about values returned by SIOCSIFFLAGS, so I don't know whether it is the expected behavior or not.
pointed out by halex@ and jacekm@ who noticed it was possible to trigger a scan on wpi(4) even when the hardware switch was turned off.
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.31 |
|
15-Feb-2009 |
damien |
make "ifconfig if0 chan" list the channels supported by the device. add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too.
discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
|
#
1.30 |
|
13-Feb-2009 |
damien |
Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'. Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
|
#
1.29 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.28 |
|
14-Dec-2008 |
jsg |
txpower range checks should be inclusive. From FreeBSD via mickey in pr 6024.
ok damien@
|
#
1.27 |
|
03-Dec-2008 |
damien |
small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific flags using "nwflag".
|
#
1.26 |
|
02-Oct-2008 |
brad |
First step towards cleaning up the Ethernet driver ioctl handling. Move calling ether_ioctl() from the top of the ioctl function, which at the moment does absolutely nothing, to the default switch case. Thus allowing drivers to define their own ioctl handlers and then falling back on ether_ioctl(). The only functional change this results in at the moment is having all Ethernet drivers returning the proper errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown ioctl's.
Shrinks the i386 kernels by.. RAMDISK - 1024 bytes RAMDISKB - 1120 bytes RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@ Build tested on almost all archs by todd@/brad@
ok jsing@
|
#
1.25 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.24 |
|
29-Aug-2008 |
damien |
move code to support Frequency-Hopping spread spectrum (FHSS) PHYs to the Attic. nothing uses it in the tree and it is very unlikely that something will use it one day. the only driver supporting FHSS PHYs in the tree is ray(4) and it does not use net80211.
|
#
1.23 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.22 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.21 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.20 |
|
25-Nov-2007 |
brad |
return ENOTTY not EINVAL for an unknown ioctl.
ok reyk@ deraadt@ jsg@ dlg@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.19 |
|
18-Jul-2007 |
damien |
replace the ieee80211_wepkey structure with a more generic ieee80211_key one that can be used with other ciphers than WEP.
|
#
1.18 |
|
16-Jun-2007 |
damien |
constify
|
#
1.17 |
|
06-Jun-2007 |
damien |
The license permits us to redistribute this code under the BSD or the GPLv2. Choose the BSD license so that future enhancements will be BSD-only.
ok jsg@ reyk@ deraadt@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.16 |
|
29-Dec-2006 |
reyk |
fix the key buffer size used for software wep, this could cause problems with non-standard wep keys >= 104 bits.
thanks to Alexander Bluhm
ok mglocker@ jsg@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.15 |
|
27-Jun-2006 |
reyk |
add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode and "nwflag nobridge" to prevent inter-station communications. "hidenwid" will also work with wi(4) to replace the old -E 3 option of wicontrol.
ok damien@ jmc@
|
#
1.14 |
|
23-Jun-2006 |
reyk |
add an optional max_rssi attribute to the ieee80211com structure and allow to export the RSSI Max value with ioctls and by radiotap headers.
ok damien@ jsg@
description:
we currently use "dB" as an indication for the signal strength in ifconfig and in the radiotap headers. it means "decibel difference from an arbitrary, fixed reference". this is quite confusing, because different chipsets have different references for the dB/rssi values.
we can use the plain RSSI which is described in IEEE 802.11: "The receive signal strength indicator (RSSI) is an optional parameter that has a value of 0 through RSSI Max.". all wireless chipsets have something like a RSSI (normally as a Rx descriptor field), but the value for RSSI Max is chipset-specific.
if we know the RSSI Max, we can calculate a percentage which is much easier to understand for the user. we even don't have to use the absolute RSSI Max, we can use an average RSSI Max, figured out by monitoring and tuning the RSSI Max of the drivers. if the user gets a signal of 110%, it would mean "better than the average Max signal".
there's no need to do any RSSI calculations in the kernel, it just passes the the relative rssi and max_rssi values to userspace. this is done in the ieee80211_nodereq ioctl structure and possible with a new radiotap header. the radiotap RSSI header allows to get a flexible but common signal indicator instead of the complex and unrelated dB/dBm signal fields. it must include two 8bit values current rssi and RSSI max.
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.13 |
|
13-Sep-2005 |
reyk |
replace the node hash table with a red-black tree. this fixes some bugs in the node table (like duplicate nodes in hostap mode), we get rid of possible hash collisions, and it simplifies the code.
tested by many, ok damien@, jsg@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.12 |
|
25-May-2005 |
reyk |
add ifconfig -M option to replace wicontrol -L and -l for ap scanning and node listing. wicontrol is not supported by net80211 drivers anymore. further improvements will be done.
ok dlg@, jsg@
|
#
1.11 |
|
03-Apr-2005 |
uwe |
remove redundant suser() checks
|
#
1.10 |
|
02-Apr-2005 |
uwe |
Protect SIOCSIFMTU, too.
|
#
1.9 |
|
01-Apr-2005 |
uwe |
Protect more SIOCS* commands with suser() checks.
|
#
1.8 |
|
01-Apr-2005 |
uwe |
Fix some ioctl permission checks on the basis of what if_wi.c does.
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.7 |
|
27-Feb-2005 |
reyk |
remove dead code of unsupported ioctls from FreeBSD. we do it in a different way.
ok deraadt@, martin@
|
#
1.6 |
|
17-Feb-2005 |
reyk |
derived from NetBSD:
--- Make the node table into an LRU cache: least-recently used nodes are at the end of the node queue. Change the reference-counting discipline: ni->ni_refcnt indicates how many times net80211 has granted ni to the driver. Every node in the table with ni_refcnt=0 is eligible to be garbage-collected. The mere presence of a node in the table does not any longer indicate its auth/assoc state; nodes have a ni_state variable, now.
While I am here, patch ieee80211_find_node_for_beacon to do a "best match" by bssid/ssid/channel, not a "perfect match." This keeps net80211 from caching duplicate nodes in the table. ---
ok deraadt@ dlg@, looks good jsg@
|
#
1.5 |
|
15-Feb-2005 |
reyk |
add the manual tx power option. this is supported by some prism2/2.5/3 cards in hostap mode but it depends on the firmware version. support for other wireless chipsets will be added in the future using the net80211-framework.
ok robert@ bob@ danh@, tested by some others
|
#
1.4 |
|
25-Nov-2004 |
reyk |
compatibility ioctls for things like "wicontrol ath0 -l" to list known stations on a net80211-based ap. ok millert@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.3 |
|
28-Jun-2004 |
millert |
Don't restrict WEP keys to exactly 40 or 108 bits.
|
#
1.2 |
|
28-Jun-2004 |
millert |
Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do ap scanning via wicontrol.
|
#
1.1 |
|
22-Jun-2004 |
millert |
Import current NetBSD/FreeBSD 802.11 framework. Based in part on a diff from Matthew Gream.
|
#
1.73 |
|
19-Feb-2019 |
stsp |
Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac. ok patrick@ mpi@
|
#
1.72 |
|
18-Jan-2019 |
phessler |
when removing the currently active network from the join list, disconnect from it as well
OK stsp@
|
#
1.71 |
|
18-Jan-2019 |
phessler |
add a len field when we delete an essid from the joinlist. this will have us properly match, instead of hoping we got lucky when selecting it.
OK stsp@
|
#
1.70 |
|
18-Jan-2019 |
phessler |
let users automatically use join to connect to any open wifi network. if a known network is visible, always prefer that instead.
requested by many, OK stsp@
|
#
1.69 |
|
25-Nov-2018 |
phessler |
print more details about the join'd networks we have saved when a user runs ifconfig if joinlist
OK stsp@
|
#
1.68 |
|
27-Oct-2018 |
phessler |
clean up accounting of the AUTO_JOIN flag by making sure it is set or cleared based on the state of the joinlist
OK stsp@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.67 |
|
10-Sep-2018 |
phessler |
do not immediately set the join'd network, the join command only updates the list.
makes /etc/netstart very fast when ran while the interface is up
OK stsp@
|
#
1.66 |
|
10-Sep-2018 |
phessler |
use the correct essid when switching during the ioctl path
pointed out by stsp@
|
#
1.65 |
|
09-Sep-2018 |
phessler |
convert the things we save in 'join' into a single ioctl. mixing related settings over multiple calls was risky and racy. Pass essid, wpa, and wep paramaters in a single ioctl and process it atomically.
no change for 'nwid' users
OK stsp@ benno@
|
#
1.64 |
|
01-Sep-2018 |
stsp |
Make 'ifconfig nwid' override 'ifconfig join'.
There was no way to override a decision made by join's network selection algorithm (apart from disabling the feature by clearing the join list). Automatic selection is based on heuristics which cannot always guess correctly so we need to provide an override.
One specific problem was that if 'nwid foo' and 'nwid bar' were both visible in the scan and only 'nwid foo' was a member of the join list, then there was no way at all to connect to 'nwid bar'. The wireless stack would keep selecting 'nwid foo' instead.
'ifconfig iwm0 nwid bar' command will now disable automatic network selection and force the use of ESSID 'bar'. Any of these commands will re-enable automatic network selection: ifconfig iwm0 -nwid ifconfig iwm0 nwid '' ifconfig iwm0 join some-network-id
ok phessler@ deraadt@
|
#
1.63 |
|
06-Aug-2018 |
benno |
make ifconfig <if> join display the list of networks configured for auto-join with feedback from florian and stsp ok florian@ phessler@ (on previous versions of the diff) stsp@
|
#
1.62 |
|
06-Aug-2018 |
stsp |
Refactor ieee80211_add_ess():
Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly from the ic to make it more obvious where this function is reading from.
nwids are binary data with an explicit length, so treat them as such instead of treating them like strings.
ok florian phessler
|
#
1.61 |
|
11-Jul-2018 |
phessler |
Introduce 'auto-join' to the wifi 802.11 stack.
This allows a system to remember which ESSIDs it wants to connect to, any relevant security configuration, and switch to it when the network we are currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if: join home wpakey password join work wpakey mekmitasdigoat join open-lounge join cafe wpakey cafe2018 join "wepnetwork" nwkey "12345" dhcp inet6 autoconf up
OK stsp@ reyk@ and enthusiasm from every hackroom I've been in for the last 3 years
|
#
1.60 |
|
26-Apr-2018 |
pirofti |
net80211: stub SIOCS80211SCAN, make ifconfig scan instant.
The following removes the functionality of the SIOCS80211SCAN ioctl. After long discussions with stps@, mpi@, and deraadt@ we decided that this was the correct way of fixing ifconfig scan from blocking the network stack.
The kernel will continue scanning in the background and filling the nodes array, but ifconfig scan commands will now basically do just a SIOCG80211ALLNODES and pretty print the array. So the output stays the same but is instant.
In fact, when the interface is freshly brought up, if you type fast enough, you can see the array being filled by running multiple ifconfig scans in sequence.
The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4) still need it around. But not for long...
Another change that this introduces is the fact that ifconfig scan no longer plays with UP and DOWN. If the interface is down it complains and exits. This is needed in order to maintain the nodes list.
Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).
Tested by mpi@, landry@, florian@, thanks! OK mpi@.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.59 |
|
19-Feb-2018 |
mpi |
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
#
1.58 |
|
27-Nov-2017 |
stsp |
Stop reporting WPA and WEP keys back to userland. The kernel is not a password database; look your wifi keys up elsewhere.
Discussed with several. ok phessler@ jca@
|
#
1.57 |
|
06-Nov-2017 |
phessler |
move a function declaration, so the whole net80211 stack can disable wep or wpa
OK stsp@
|
#
1.56 |
|
05-Nov-2017 |
phessler |
Changing nwid on a wifi network means it is a new network, so clear the WPA and WEP configuration.
OK pirofti@ stsp@ sthen@
|
#
1.55 |
|
27-Oct-2017 |
jsg |
Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009. ok stsp@ kevlo@ jca@
|
#
1.54 |
|
26-Oct-2017 |
mpi |
Move common code to add/remove multicast filters to ieee80211_ioctl(9).
ok jsg@, stsp@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.53 |
|
19-Jul-2017 |
stsp |
Plug an information leak in ieee80211_node2req(). Problem reported by Ilja Van Sprundel. ok tb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.52 |
|
23-Mar-2017 |
tb |
branches: 1.52.4; Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
#
1.51 |
|
21-Mar-2017 |
stsp |
When a new WPA key is set while WEP is enabled, disable WEP, and when a new WEP key is set while WPA is enabled, disable WPA. Prevents unusable configurations where both WEP and WPA are active and makes switching between WEP/WPA networks easier. ok deraadt@ tb@ sthen@
|
#
1.50 |
|
12-Mar-2017 |
stsp |
Introduce separate fields for supported WPA protocols and AKMs in struct ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it currently configured/enabled settings. Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi interface is not configured to use WPA (my previous commit attempted to fix the same problem but didn't make it work in all cases). ok tb@
|
#
1.49 |
|
11-Mar-2017 |
stsp |
Make 'ifconfig scan' display AP encryption correctly if WEP is configured on the local wifi interface. ifconfig was mistakenly showing the common supported subset of client and AP, rather than showing the AP's capabilities. Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means ifconfig must be recompiled to run on a new kernel. ok deraadt@ mpi@
|
#
1.48 |
|
19-Jan-2017 |
stsp |
Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1. Without this fix it was impossible to use WPA1 without also making use of the wpaciphers option to enable TKIP. Problem noticed by pirofti@. ok mpi@
|
#
1.47 |
|
31-Dec-2016 |
phessler |
When we disable WPA on an interface, wipe all of the WPA parameters, including removing the 802.1x configuration from the card.
Found while coming home from CCC Congress.
OK stsp@
|
#
1.46 |
|
20-Dec-2016 |
stsp |
Disable TKIP (WPA1) by default.
It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard.
TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute.
TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8).
Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@
|
#
1.45 |
|
18-Dec-2016 |
stsp |
While copying out channel flags to userspace, omit the HT channel flag if we're not in 11n mode. This will allow tcpdump to show the mode correctly. ok mpi@
|
#
1.44 |
|
15-Sep-2016 |
dlg |
move from RB macros to the RBT functions.
shaves about 5k off an amd64 GENERIC.MP kernel
|
#
1.43 |
|
31-Aug-2016 |
stsp |
If a driver reports RSSI in the 20-100 range, convert to a negative value. Fixes dBm values displayed by 'ifconfig scan' with several drivers. ok mpi@ jca@
|
#
1.42 |
|
15-Aug-2016 |
stsp |
Expose more 802.11n information to userspace: A flag which indicates whether HT has been negotiated with a node, and the current Tx MCS value we use for a node.
This grows struct ieee80211_nodereq. Applications using it must be recompiled.
ok mpi@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.41 |
|
28-Apr-2016 |
stsp |
branches: 1.41.2; Copy some ieee8021_node HT information to userspace. ifconfig needs to be recompiled. ok mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.40 |
|
04-Jan-2016 |
stsp |
Fix manual scan while associated in 11a mode. It would only show APs on 5GHz. Problem found by benno@ ok benno@ kettenis@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.39 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.38 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.37 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
#
1.36 |
|
12-Sep-2014 |
sthen |
Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes which have been seen but which haven't otherwise interacted with us), fixing a problem where old cached nodes are seen when doing a scan. From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
10-Jul-2014 |
stsp |
Return RSN (WPA) information to userland during wireless scan, and make ifconfig show whether a wireless network uses WEP or WPA. Since struct ieee80211_nodereq grows in size old ifconfig won't be able to scan when running on a new kernel. While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP. ok jsg@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.34 |
|
29-Sep-2010 |
kettenis |
In the implementation of the SIOCS80211DELNODE ioctl, call ieee80211_node_leave() instead of ieee80211_release_node() which screws up reference counting and leads to use after free problems elsewhere in the code. Since ieee80211_node_leave() is only available if hostap support is compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling without hostap support (e.g. on ramdisks).
ok deraadt@, damien@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE
|
#
1.33 |
|
12-Sep-2009 |
miod |
Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.32 |
|
06-Jun-2009 |
damien |
In SIOCS80211SCAN, fail if the interface is not up *and* running. There are cases where the interface can be up but not running, for instance if the driver's if_init routine fails halfway for whatever reason (firmware file not found, hardware switch turned off etc...) This is because in sys/net/if.c, the returned code of the driver is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set. netintro(4) does not say anything about values returned by SIOCSIFFLAGS, so I don't know whether it is the expected behavior or not.
pointed out by halex@ and jacekm@ who noticed it was possible to trigger a scan on wpi(4) even when the hardware switch was turned off.
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.31 |
|
15-Feb-2009 |
damien |
make "ifconfig if0 chan" list the channels supported by the device. add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too.
discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
|
#
1.30 |
|
13-Feb-2009 |
damien |
Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'. Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
|
#
1.29 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.28 |
|
14-Dec-2008 |
jsg |
txpower range checks should be inclusive. From FreeBSD via mickey in pr 6024.
ok damien@
|
#
1.27 |
|
03-Dec-2008 |
damien |
small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific flags using "nwflag".
|
#
1.26 |
|
02-Oct-2008 |
brad |
First step towards cleaning up the Ethernet driver ioctl handling. Move calling ether_ioctl() from the top of the ioctl function, which at the moment does absolutely nothing, to the default switch case. Thus allowing drivers to define their own ioctl handlers and then falling back on ether_ioctl(). The only functional change this results in at the moment is having all Ethernet drivers returning the proper errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown ioctl's.
Shrinks the i386 kernels by.. RAMDISK - 1024 bytes RAMDISKB - 1120 bytes RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@ Build tested on almost all archs by todd@/brad@
ok jsing@
|
#
1.25 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.24 |
|
29-Aug-2008 |
damien |
move code to support Frequency-Hopping spread spectrum (FHSS) PHYs to the Attic. nothing uses it in the tree and it is very unlikely that something will use it one day. the only driver supporting FHSS PHYs in the tree is ray(4) and it does not use net80211.
|
#
1.23 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.22 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.21 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.20 |
|
25-Nov-2007 |
brad |
return ENOTTY not EINVAL for an unknown ioctl.
ok reyk@ deraadt@ jsg@ dlg@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.19 |
|
18-Jul-2007 |
damien |
replace the ieee80211_wepkey structure with a more generic ieee80211_key one that can be used with other ciphers than WEP.
|
#
1.18 |
|
16-Jun-2007 |
damien |
constify
|
#
1.17 |
|
06-Jun-2007 |
damien |
The license permits us to redistribute this code under the BSD or the GPLv2. Choose the BSD license so that future enhancements will be BSD-only.
ok jsg@ reyk@ deraadt@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.16 |
|
29-Dec-2006 |
reyk |
fix the key buffer size used for software wep, this could cause problems with non-standard wep keys >= 104 bits.
thanks to Alexander Bluhm
ok mglocker@ jsg@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.15 |
|
27-Jun-2006 |
reyk |
add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode and "nwflag nobridge" to prevent inter-station communications. "hidenwid" will also work with wi(4) to replace the old -E 3 option of wicontrol.
ok damien@ jmc@
|
#
1.14 |
|
23-Jun-2006 |
reyk |
add an optional max_rssi attribute to the ieee80211com structure and allow to export the RSSI Max value with ioctls and by radiotap headers.
ok damien@ jsg@
description:
we currently use "dB" as an indication for the signal strength in ifconfig and in the radiotap headers. it means "decibel difference from an arbitrary, fixed reference". this is quite confusing, because different chipsets have different references for the dB/rssi values.
we can use the plain RSSI which is described in IEEE 802.11: "The receive signal strength indicator (RSSI) is an optional parameter that has a value of 0 through RSSI Max.". all wireless chipsets have something like a RSSI (normally as a Rx descriptor field), but the value for RSSI Max is chipset-specific.
if we know the RSSI Max, we can calculate a percentage which is much easier to understand for the user. we even don't have to use the absolute RSSI Max, we can use an average RSSI Max, figured out by monitoring and tuning the RSSI Max of the drivers. if the user gets a signal of 110%, it would mean "better than the average Max signal".
there's no need to do any RSSI calculations in the kernel, it just passes the the relative rssi and max_rssi values to userspace. this is done in the ieee80211_nodereq ioctl structure and possible with a new radiotap header. the radiotap RSSI header allows to get a flexible but common signal indicator instead of the complex and unrelated dB/dBm signal fields. it must include two 8bit values current rssi and RSSI max.
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.13 |
|
13-Sep-2005 |
reyk |
replace the node hash table with a red-black tree. this fixes some bugs in the node table (like duplicate nodes in hostap mode), we get rid of possible hash collisions, and it simplifies the code.
tested by many, ok damien@, jsg@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.12 |
|
25-May-2005 |
reyk |
add ifconfig -M option to replace wicontrol -L and -l for ap scanning and node listing. wicontrol is not supported by net80211 drivers anymore. further improvements will be done.
ok dlg@, jsg@
|
#
1.11 |
|
03-Apr-2005 |
uwe |
remove redundant suser() checks
|
#
1.10 |
|
02-Apr-2005 |
uwe |
Protect SIOCSIFMTU, too.
|
#
1.9 |
|
01-Apr-2005 |
uwe |
Protect more SIOCS* commands with suser() checks.
|
#
1.8 |
|
01-Apr-2005 |
uwe |
Fix some ioctl permission checks on the basis of what if_wi.c does.
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.7 |
|
27-Feb-2005 |
reyk |
remove dead code of unsupported ioctls from FreeBSD. we do it in a different way.
ok deraadt@, martin@
|
#
1.6 |
|
17-Feb-2005 |
reyk |
derived from NetBSD:
--- Make the node table into an LRU cache: least-recently used nodes are at the end of the node queue. Change the reference-counting discipline: ni->ni_refcnt indicates how many times net80211 has granted ni to the driver. Every node in the table with ni_refcnt=0 is eligible to be garbage-collected. The mere presence of a node in the table does not any longer indicate its auth/assoc state; nodes have a ni_state variable, now.
While I am here, patch ieee80211_find_node_for_beacon to do a "best match" by bssid/ssid/channel, not a "perfect match." This keeps net80211 from caching duplicate nodes in the table. ---
ok deraadt@ dlg@, looks good jsg@
|
#
1.5 |
|
15-Feb-2005 |
reyk |
add the manual tx power option. this is supported by some prism2/2.5/3 cards in hostap mode but it depends on the firmware version. support for other wireless chipsets will be added in the future using the net80211-framework.
ok robert@ bob@ danh@, tested by some others
|
#
1.4 |
|
25-Nov-2004 |
reyk |
compatibility ioctls for things like "wicontrol ath0 -l" to list known stations on a net80211-based ap. ok millert@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.3 |
|
28-Jun-2004 |
millert |
Don't restrict WEP keys to exactly 40 or 108 bits.
|
#
1.2 |
|
28-Jun-2004 |
millert |
Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do ap scanning via wicontrol.
|
#
1.1 |
|
22-Jun-2004 |
millert |
Import current NetBSD/FreeBSD 802.11 framework. Based in part on a diff from Matthew Gream.
|
#
1.72 |
|
18-Jan-2019 |
phessler |
when removing the currently active network from the join list, disconnect from it as well
OK stsp@
|
#
1.71 |
|
18-Jan-2019 |
phessler |
add a len field when we delete an essid from the joinlist. this will have us properly match, instead of hoping we got lucky when selecting it.
OK stsp@
|
#
1.70 |
|
18-Jan-2019 |
phessler |
let users automatically use join to connect to any open wifi network. if a known network is visible, always prefer that instead.
requested by many, OK stsp@
|
#
1.69 |
|
25-Nov-2018 |
phessler |
print more details about the join'd networks we have saved when a user runs ifconfig if joinlist
OK stsp@
|
#
1.68 |
|
27-Oct-2018 |
phessler |
clean up accounting of the AUTO_JOIN flag by making sure it is set or cleared based on the state of the joinlist
OK stsp@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.67 |
|
10-Sep-2018 |
phessler |
do not immediately set the join'd network, the join command only updates the list.
makes /etc/netstart very fast when ran while the interface is up
OK stsp@
|
#
1.66 |
|
10-Sep-2018 |
phessler |
use the correct essid when switching during the ioctl path
pointed out by stsp@
|
#
1.65 |
|
09-Sep-2018 |
phessler |
convert the things we save in 'join' into a single ioctl. mixing related settings over multiple calls was risky and racy. Pass essid, wpa, and wep paramaters in a single ioctl and process it atomically.
no change for 'nwid' users
OK stsp@ benno@
|
#
1.64 |
|
01-Sep-2018 |
stsp |
Make 'ifconfig nwid' override 'ifconfig join'.
There was no way to override a decision made by join's network selection algorithm (apart from disabling the feature by clearing the join list). Automatic selection is based on heuristics which cannot always guess correctly so we need to provide an override.
One specific problem was that if 'nwid foo' and 'nwid bar' were both visible in the scan and only 'nwid foo' was a member of the join list, then there was no way at all to connect to 'nwid bar'. The wireless stack would keep selecting 'nwid foo' instead.
'ifconfig iwm0 nwid bar' command will now disable automatic network selection and force the use of ESSID 'bar'. Any of these commands will re-enable automatic network selection: ifconfig iwm0 -nwid ifconfig iwm0 nwid '' ifconfig iwm0 join some-network-id
ok phessler@ deraadt@
|
#
1.63 |
|
06-Aug-2018 |
benno |
make ifconfig <if> join display the list of networks configured for auto-join with feedback from florian and stsp ok florian@ phessler@ (on previous versions of the diff) stsp@
|
#
1.62 |
|
06-Aug-2018 |
stsp |
Refactor ieee80211_add_ess():
Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly from the ic to make it more obvious where this function is reading from.
nwids are binary data with an explicit length, so treat them as such instead of treating them like strings.
ok florian phessler
|
#
1.61 |
|
11-Jul-2018 |
phessler |
Introduce 'auto-join' to the wifi 802.11 stack.
This allows a system to remember which ESSIDs it wants to connect to, any relevant security configuration, and switch to it when the network we are currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if: join home wpakey password join work wpakey mekmitasdigoat join open-lounge join cafe wpakey cafe2018 join "wepnetwork" nwkey "12345" dhcp inet6 autoconf up
OK stsp@ reyk@ and enthusiasm from every hackroom I've been in for the last 3 years
|
#
1.60 |
|
26-Apr-2018 |
pirofti |
net80211: stub SIOCS80211SCAN, make ifconfig scan instant.
The following removes the functionality of the SIOCS80211SCAN ioctl. After long discussions with stps@, mpi@, and deraadt@ we decided that this was the correct way of fixing ifconfig scan from blocking the network stack.
The kernel will continue scanning in the background and filling the nodes array, but ifconfig scan commands will now basically do just a SIOCG80211ALLNODES and pretty print the array. So the output stays the same but is instant.
In fact, when the interface is freshly brought up, if you type fast enough, you can see the array being filled by running multiple ifconfig scans in sequence.
The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4) still need it around. But not for long...
Another change that this introduces is the fact that ifconfig scan no longer plays with UP and DOWN. If the interface is down it complains and exits. This is needed in order to maintain the nodes list.
Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).
Tested by mpi@, landry@, florian@, thanks! OK mpi@.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.59 |
|
19-Feb-2018 |
mpi |
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
#
1.58 |
|
27-Nov-2017 |
stsp |
Stop reporting WPA and WEP keys back to userland. The kernel is not a password database; look your wifi keys up elsewhere.
Discussed with several. ok phessler@ jca@
|
#
1.57 |
|
06-Nov-2017 |
phessler |
move a function declaration, so the whole net80211 stack can disable wep or wpa
OK stsp@
|
#
1.56 |
|
05-Nov-2017 |
phessler |
Changing nwid on a wifi network means it is a new network, so clear the WPA and WEP configuration.
OK pirofti@ stsp@ sthen@
|
#
1.55 |
|
27-Oct-2017 |
jsg |
Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009. ok stsp@ kevlo@ jca@
|
#
1.54 |
|
26-Oct-2017 |
mpi |
Move common code to add/remove multicast filters to ieee80211_ioctl(9).
ok jsg@, stsp@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.53 |
|
19-Jul-2017 |
stsp |
Plug an information leak in ieee80211_node2req(). Problem reported by Ilja Van Sprundel. ok tb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.52 |
|
23-Mar-2017 |
tb |
branches: 1.52.4; Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
#
1.51 |
|
21-Mar-2017 |
stsp |
When a new WPA key is set while WEP is enabled, disable WEP, and when a new WEP key is set while WPA is enabled, disable WPA. Prevents unusable configurations where both WEP and WPA are active and makes switching between WEP/WPA networks easier. ok deraadt@ tb@ sthen@
|
#
1.50 |
|
12-Mar-2017 |
stsp |
Introduce separate fields for supported WPA protocols and AKMs in struct ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it currently configured/enabled settings. Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi interface is not configured to use WPA (my previous commit attempted to fix the same problem but didn't make it work in all cases). ok tb@
|
#
1.49 |
|
11-Mar-2017 |
stsp |
Make 'ifconfig scan' display AP encryption correctly if WEP is configured on the local wifi interface. ifconfig was mistakenly showing the common supported subset of client and AP, rather than showing the AP's capabilities. Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means ifconfig must be recompiled to run on a new kernel. ok deraadt@ mpi@
|
#
1.48 |
|
19-Jan-2017 |
stsp |
Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1. Without this fix it was impossible to use WPA1 without also making use of the wpaciphers option to enable TKIP. Problem noticed by pirofti@. ok mpi@
|
#
1.47 |
|
31-Dec-2016 |
phessler |
When we disable WPA on an interface, wipe all of the WPA parameters, including removing the 802.1x configuration from the card.
Found while coming home from CCC Congress.
OK stsp@
|
#
1.46 |
|
20-Dec-2016 |
stsp |
Disable TKIP (WPA1) by default.
It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard.
TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute.
TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8).
Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@
|
#
1.45 |
|
18-Dec-2016 |
stsp |
While copying out channel flags to userspace, omit the HT channel flag if we're not in 11n mode. This will allow tcpdump to show the mode correctly. ok mpi@
|
#
1.44 |
|
15-Sep-2016 |
dlg |
move from RB macros to the RBT functions.
shaves about 5k off an amd64 GENERIC.MP kernel
|
#
1.43 |
|
31-Aug-2016 |
stsp |
If a driver reports RSSI in the 20-100 range, convert to a negative value. Fixes dBm values displayed by 'ifconfig scan' with several drivers. ok mpi@ jca@
|
#
1.42 |
|
15-Aug-2016 |
stsp |
Expose more 802.11n information to userspace: A flag which indicates whether HT has been negotiated with a node, and the current Tx MCS value we use for a node.
This grows struct ieee80211_nodereq. Applications using it must be recompiled.
ok mpi@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.41 |
|
28-Apr-2016 |
stsp |
branches: 1.41.2; Copy some ieee8021_node HT information to userspace. ifconfig needs to be recompiled. ok mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.40 |
|
04-Jan-2016 |
stsp |
Fix manual scan while associated in 11a mode. It would only show APs on 5GHz. Problem found by benno@ ok benno@ kettenis@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.39 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.38 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.37 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
#
1.36 |
|
12-Sep-2014 |
sthen |
Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes which have been seen but which haven't otherwise interacted with us), fixing a problem where old cached nodes are seen when doing a scan. From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
10-Jul-2014 |
stsp |
Return RSN (WPA) information to userland during wireless scan, and make ifconfig show whether a wireless network uses WEP or WPA. Since struct ieee80211_nodereq grows in size old ifconfig won't be able to scan when running on a new kernel. While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP. ok jsg@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.34 |
|
29-Sep-2010 |
kettenis |
In the implementation of the SIOCS80211DELNODE ioctl, call ieee80211_node_leave() instead of ieee80211_release_node() which screws up reference counting and leads to use after free problems elsewhere in the code. Since ieee80211_node_leave() is only available if hostap support is compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling without hostap support (e.g. on ramdisks).
ok deraadt@, damien@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE
|
#
1.33 |
|
12-Sep-2009 |
miod |
Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.32 |
|
06-Jun-2009 |
damien |
In SIOCS80211SCAN, fail if the interface is not up *and* running. There are cases where the interface can be up but not running, for instance if the driver's if_init routine fails halfway for whatever reason (firmware file not found, hardware switch turned off etc...) This is because in sys/net/if.c, the returned code of the driver is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set. netintro(4) does not say anything about values returned by SIOCSIFFLAGS, so I don't know whether it is the expected behavior or not.
pointed out by halex@ and jacekm@ who noticed it was possible to trigger a scan on wpi(4) even when the hardware switch was turned off.
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.31 |
|
15-Feb-2009 |
damien |
make "ifconfig if0 chan" list the channels supported by the device. add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too.
discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
|
#
1.30 |
|
13-Feb-2009 |
damien |
Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'. Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
|
#
1.29 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.28 |
|
14-Dec-2008 |
jsg |
txpower range checks should be inclusive. From FreeBSD via mickey in pr 6024.
ok damien@
|
#
1.27 |
|
03-Dec-2008 |
damien |
small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific flags using "nwflag".
|
#
1.26 |
|
02-Oct-2008 |
brad |
First step towards cleaning up the Ethernet driver ioctl handling. Move calling ether_ioctl() from the top of the ioctl function, which at the moment does absolutely nothing, to the default switch case. Thus allowing drivers to define their own ioctl handlers and then falling back on ether_ioctl(). The only functional change this results in at the moment is having all Ethernet drivers returning the proper errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown ioctl's.
Shrinks the i386 kernels by.. RAMDISK - 1024 bytes RAMDISKB - 1120 bytes RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@ Build tested on almost all archs by todd@/brad@
ok jsing@
|
#
1.25 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.24 |
|
29-Aug-2008 |
damien |
move code to support Frequency-Hopping spread spectrum (FHSS) PHYs to the Attic. nothing uses it in the tree and it is very unlikely that something will use it one day. the only driver supporting FHSS PHYs in the tree is ray(4) and it does not use net80211.
|
#
1.23 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.22 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.21 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.20 |
|
25-Nov-2007 |
brad |
return ENOTTY not EINVAL for an unknown ioctl.
ok reyk@ deraadt@ jsg@ dlg@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.19 |
|
18-Jul-2007 |
damien |
replace the ieee80211_wepkey structure with a more generic ieee80211_key one that can be used with other ciphers than WEP.
|
#
1.18 |
|
16-Jun-2007 |
damien |
constify
|
#
1.17 |
|
06-Jun-2007 |
damien |
The license permits us to redistribute this code under the BSD or the GPLv2. Choose the BSD license so that future enhancements will be BSD-only.
ok jsg@ reyk@ deraadt@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.16 |
|
29-Dec-2006 |
reyk |
fix the key buffer size used for software wep, this could cause problems with non-standard wep keys >= 104 bits.
thanks to Alexander Bluhm
ok mglocker@ jsg@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.15 |
|
27-Jun-2006 |
reyk |
add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode and "nwflag nobridge" to prevent inter-station communications. "hidenwid" will also work with wi(4) to replace the old -E 3 option of wicontrol.
ok damien@ jmc@
|
#
1.14 |
|
23-Jun-2006 |
reyk |
add an optional max_rssi attribute to the ieee80211com structure and allow to export the RSSI Max value with ioctls and by radiotap headers.
ok damien@ jsg@
description:
we currently use "dB" as an indication for the signal strength in ifconfig and in the radiotap headers. it means "decibel difference from an arbitrary, fixed reference". this is quite confusing, because different chipsets have different references for the dB/rssi values.
we can use the plain RSSI which is described in IEEE 802.11: "The receive signal strength indicator (RSSI) is an optional parameter that has a value of 0 through RSSI Max.". all wireless chipsets have something like a RSSI (normally as a Rx descriptor field), but the value for RSSI Max is chipset-specific.
if we know the RSSI Max, we can calculate a percentage which is much easier to understand for the user. we even don't have to use the absolute RSSI Max, we can use an average RSSI Max, figured out by monitoring and tuning the RSSI Max of the drivers. if the user gets a signal of 110%, it would mean "better than the average Max signal".
there's no need to do any RSSI calculations in the kernel, it just passes the the relative rssi and max_rssi values to userspace. this is done in the ieee80211_nodereq ioctl structure and possible with a new radiotap header. the radiotap RSSI header allows to get a flexible but common signal indicator instead of the complex and unrelated dB/dBm signal fields. it must include two 8bit values current rssi and RSSI max.
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.13 |
|
13-Sep-2005 |
reyk |
replace the node hash table with a red-black tree. this fixes some bugs in the node table (like duplicate nodes in hostap mode), we get rid of possible hash collisions, and it simplifies the code.
tested by many, ok damien@, jsg@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.12 |
|
25-May-2005 |
reyk |
add ifconfig -M option to replace wicontrol -L and -l for ap scanning and node listing. wicontrol is not supported by net80211 drivers anymore. further improvements will be done.
ok dlg@, jsg@
|
#
1.11 |
|
03-Apr-2005 |
uwe |
remove redundant suser() checks
|
#
1.10 |
|
02-Apr-2005 |
uwe |
Protect SIOCSIFMTU, too.
|
#
1.9 |
|
01-Apr-2005 |
uwe |
Protect more SIOCS* commands with suser() checks.
|
#
1.8 |
|
01-Apr-2005 |
uwe |
Fix some ioctl permission checks on the basis of what if_wi.c does.
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.7 |
|
27-Feb-2005 |
reyk |
remove dead code of unsupported ioctls from FreeBSD. we do it in a different way.
ok deraadt@, martin@
|
#
1.6 |
|
17-Feb-2005 |
reyk |
derived from NetBSD:
--- Make the node table into an LRU cache: least-recently used nodes are at the end of the node queue. Change the reference-counting discipline: ni->ni_refcnt indicates how many times net80211 has granted ni to the driver. Every node in the table with ni_refcnt=0 is eligible to be garbage-collected. The mere presence of a node in the table does not any longer indicate its auth/assoc state; nodes have a ni_state variable, now.
While I am here, patch ieee80211_find_node_for_beacon to do a "best match" by bssid/ssid/channel, not a "perfect match." This keeps net80211 from caching duplicate nodes in the table. ---
ok deraadt@ dlg@, looks good jsg@
|
#
1.5 |
|
15-Feb-2005 |
reyk |
add the manual tx power option. this is supported by some prism2/2.5/3 cards in hostap mode but it depends on the firmware version. support for other wireless chipsets will be added in the future using the net80211-framework.
ok robert@ bob@ danh@, tested by some others
|
#
1.4 |
|
25-Nov-2004 |
reyk |
compatibility ioctls for things like "wicontrol ath0 -l" to list known stations on a net80211-based ap. ok millert@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.3 |
|
28-Jun-2004 |
millert |
Don't restrict WEP keys to exactly 40 or 108 bits.
|
#
1.2 |
|
28-Jun-2004 |
millert |
Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do ap scanning via wicontrol.
|
#
1.1 |
|
22-Jun-2004 |
millert |
Import current NetBSD/FreeBSD 802.11 framework. Based in part on a diff from Matthew Gream.
|
#
1.69 |
|
25-Nov-2018 |
phessler |
print more details about the join'd networks we have saved when a user runs ifconfig if joinlist
OK stsp@
|
#
1.68 |
|
27-Oct-2018 |
phessler |
clean up accounting of the AUTO_JOIN flag by making sure it is set or cleared based on the state of the joinlist
OK stsp@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.67 |
|
10-Sep-2018 |
phessler |
do not immediately set the join'd network, the join command only updates the list.
makes /etc/netstart very fast when ran while the interface is up
OK stsp@
|
#
1.66 |
|
10-Sep-2018 |
phessler |
use the correct essid when switching during the ioctl path
pointed out by stsp@
|
#
1.65 |
|
09-Sep-2018 |
phessler |
convert the things we save in 'join' into a single ioctl. mixing related settings over multiple calls was risky and racy. Pass essid, wpa, and wep paramaters in a single ioctl and process it atomically.
no change for 'nwid' users
OK stsp@ benno@
|
#
1.64 |
|
01-Sep-2018 |
stsp |
Make 'ifconfig nwid' override 'ifconfig join'.
There was no way to override a decision made by join's network selection algorithm (apart from disabling the feature by clearing the join list). Automatic selection is based on heuristics which cannot always guess correctly so we need to provide an override.
One specific problem was that if 'nwid foo' and 'nwid bar' were both visible in the scan and only 'nwid foo' was a member of the join list, then there was no way at all to connect to 'nwid bar'. The wireless stack would keep selecting 'nwid foo' instead.
'ifconfig iwm0 nwid bar' command will now disable automatic network selection and force the use of ESSID 'bar'. Any of these commands will re-enable automatic network selection: ifconfig iwm0 -nwid ifconfig iwm0 nwid '' ifconfig iwm0 join some-network-id
ok phessler@ deraadt@
|
#
1.63 |
|
06-Aug-2018 |
benno |
make ifconfig <if> join display the list of networks configured for auto-join with feedback from florian and stsp ok florian@ phessler@ (on previous versions of the diff) stsp@
|
#
1.62 |
|
06-Aug-2018 |
stsp |
Refactor ieee80211_add_ess():
Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly from the ic to make it more obvious where this function is reading from.
nwids are binary data with an explicit length, so treat them as such instead of treating them like strings.
ok florian phessler
|
#
1.61 |
|
11-Jul-2018 |
phessler |
Introduce 'auto-join' to the wifi 802.11 stack.
This allows a system to remember which ESSIDs it wants to connect to, any relevant security configuration, and switch to it when the network we are currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if: join home wpakey password join work wpakey mekmitasdigoat join open-lounge join cafe wpakey cafe2018 join "wepnetwork" nwkey "12345" dhcp inet6 autoconf up
OK stsp@ reyk@ and enthusiasm from every hackroom I've been in for the last 3 years
|
#
1.60 |
|
26-Apr-2018 |
pirofti |
net80211: stub SIOCS80211SCAN, make ifconfig scan instant.
The following removes the functionality of the SIOCS80211SCAN ioctl. After long discussions with stps@, mpi@, and deraadt@ we decided that this was the correct way of fixing ifconfig scan from blocking the network stack.
The kernel will continue scanning in the background and filling the nodes array, but ifconfig scan commands will now basically do just a SIOCG80211ALLNODES and pretty print the array. So the output stays the same but is instant.
In fact, when the interface is freshly brought up, if you type fast enough, you can see the array being filled by running multiple ifconfig scans in sequence.
The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4) still need it around. But not for long...
Another change that this introduces is the fact that ifconfig scan no longer plays with UP and DOWN. If the interface is down it complains and exits. This is needed in order to maintain the nodes list.
Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).
Tested by mpi@, landry@, florian@, thanks! OK mpi@.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.59 |
|
19-Feb-2018 |
mpi |
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
#
1.58 |
|
27-Nov-2017 |
stsp |
Stop reporting WPA and WEP keys back to userland. The kernel is not a password database; look your wifi keys up elsewhere.
Discussed with several. ok phessler@ jca@
|
#
1.57 |
|
06-Nov-2017 |
phessler |
move a function declaration, so the whole net80211 stack can disable wep or wpa
OK stsp@
|
#
1.56 |
|
05-Nov-2017 |
phessler |
Changing nwid on a wifi network means it is a new network, so clear the WPA and WEP configuration.
OK pirofti@ stsp@ sthen@
|
#
1.55 |
|
27-Oct-2017 |
jsg |
Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009. ok stsp@ kevlo@ jca@
|
#
1.54 |
|
26-Oct-2017 |
mpi |
Move common code to add/remove multicast filters to ieee80211_ioctl(9).
ok jsg@, stsp@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.53 |
|
19-Jul-2017 |
stsp |
Plug an information leak in ieee80211_node2req(). Problem reported by Ilja Van Sprundel. ok tb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.52 |
|
23-Mar-2017 |
tb |
branches: 1.52.4; Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
#
1.51 |
|
21-Mar-2017 |
stsp |
When a new WPA key is set while WEP is enabled, disable WEP, and when a new WEP key is set while WPA is enabled, disable WPA. Prevents unusable configurations where both WEP and WPA are active and makes switching between WEP/WPA networks easier. ok deraadt@ tb@ sthen@
|
#
1.50 |
|
12-Mar-2017 |
stsp |
Introduce separate fields for supported WPA protocols and AKMs in struct ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it currently configured/enabled settings. Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi interface is not configured to use WPA (my previous commit attempted to fix the same problem but didn't make it work in all cases). ok tb@
|
#
1.49 |
|
11-Mar-2017 |
stsp |
Make 'ifconfig scan' display AP encryption correctly if WEP is configured on the local wifi interface. ifconfig was mistakenly showing the common supported subset of client and AP, rather than showing the AP's capabilities. Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means ifconfig must be recompiled to run on a new kernel. ok deraadt@ mpi@
|
#
1.48 |
|
19-Jan-2017 |
stsp |
Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1. Without this fix it was impossible to use WPA1 without also making use of the wpaciphers option to enable TKIP. Problem noticed by pirofti@. ok mpi@
|
#
1.47 |
|
31-Dec-2016 |
phessler |
When we disable WPA on an interface, wipe all of the WPA parameters, including removing the 802.1x configuration from the card.
Found while coming home from CCC Congress.
OK stsp@
|
#
1.46 |
|
20-Dec-2016 |
stsp |
Disable TKIP (WPA1) by default.
It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard.
TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute.
TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8).
Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@
|
#
1.45 |
|
18-Dec-2016 |
stsp |
While copying out channel flags to userspace, omit the HT channel flag if we're not in 11n mode. This will allow tcpdump to show the mode correctly. ok mpi@
|
#
1.44 |
|
15-Sep-2016 |
dlg |
move from RB macros to the RBT functions.
shaves about 5k off an amd64 GENERIC.MP kernel
|
#
1.43 |
|
31-Aug-2016 |
stsp |
If a driver reports RSSI in the 20-100 range, convert to a negative value. Fixes dBm values displayed by 'ifconfig scan' with several drivers. ok mpi@ jca@
|
#
1.42 |
|
15-Aug-2016 |
stsp |
Expose more 802.11n information to userspace: A flag which indicates whether HT has been negotiated with a node, and the current Tx MCS value we use for a node.
This grows struct ieee80211_nodereq. Applications using it must be recompiled.
ok mpi@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.41 |
|
28-Apr-2016 |
stsp |
branches: 1.41.2; Copy some ieee8021_node HT information to userspace. ifconfig needs to be recompiled. ok mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.40 |
|
04-Jan-2016 |
stsp |
Fix manual scan while associated in 11a mode. It would only show APs on 5GHz. Problem found by benno@ ok benno@ kettenis@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.39 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.38 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.37 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
#
1.36 |
|
12-Sep-2014 |
sthen |
Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes which have been seen but which haven't otherwise interacted with us), fixing a problem where old cached nodes are seen when doing a scan. From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
10-Jul-2014 |
stsp |
Return RSN (WPA) information to userland during wireless scan, and make ifconfig show whether a wireless network uses WEP or WPA. Since struct ieee80211_nodereq grows in size old ifconfig won't be able to scan when running on a new kernel. While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP. ok jsg@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.34 |
|
29-Sep-2010 |
kettenis |
In the implementation of the SIOCS80211DELNODE ioctl, call ieee80211_node_leave() instead of ieee80211_release_node() which screws up reference counting and leads to use after free problems elsewhere in the code. Since ieee80211_node_leave() is only available if hostap support is compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling without hostap support (e.g. on ramdisks).
ok deraadt@, damien@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE
|
#
1.33 |
|
12-Sep-2009 |
miod |
Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.32 |
|
06-Jun-2009 |
damien |
In SIOCS80211SCAN, fail if the interface is not up *and* running. There are cases where the interface can be up but not running, for instance if the driver's if_init routine fails halfway for whatever reason (firmware file not found, hardware switch turned off etc...) This is because in sys/net/if.c, the returned code of the driver is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set. netintro(4) does not say anything about values returned by SIOCSIFFLAGS, so I don't know whether it is the expected behavior or not.
pointed out by halex@ and jacekm@ who noticed it was possible to trigger a scan on wpi(4) even when the hardware switch was turned off.
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.31 |
|
15-Feb-2009 |
damien |
make "ifconfig if0 chan" list the channels supported by the device. add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too.
discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
|
#
1.30 |
|
13-Feb-2009 |
damien |
Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'. Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
|
#
1.29 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.28 |
|
14-Dec-2008 |
jsg |
txpower range checks should be inclusive. From FreeBSD via mickey in pr 6024.
ok damien@
|
#
1.27 |
|
03-Dec-2008 |
damien |
small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific flags using "nwflag".
|
#
1.26 |
|
02-Oct-2008 |
brad |
First step towards cleaning up the Ethernet driver ioctl handling. Move calling ether_ioctl() from the top of the ioctl function, which at the moment does absolutely nothing, to the default switch case. Thus allowing drivers to define their own ioctl handlers and then falling back on ether_ioctl(). The only functional change this results in at the moment is having all Ethernet drivers returning the proper errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown ioctl's.
Shrinks the i386 kernels by.. RAMDISK - 1024 bytes RAMDISKB - 1120 bytes RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@ Build tested on almost all archs by todd@/brad@
ok jsing@
|
#
1.25 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.24 |
|
29-Aug-2008 |
damien |
move code to support Frequency-Hopping spread spectrum (FHSS) PHYs to the Attic. nothing uses it in the tree and it is very unlikely that something will use it one day. the only driver supporting FHSS PHYs in the tree is ray(4) and it does not use net80211.
|
#
1.23 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.22 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.21 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.20 |
|
25-Nov-2007 |
brad |
return ENOTTY not EINVAL for an unknown ioctl.
ok reyk@ deraadt@ jsg@ dlg@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.19 |
|
18-Jul-2007 |
damien |
replace the ieee80211_wepkey structure with a more generic ieee80211_key one that can be used with other ciphers than WEP.
|
#
1.18 |
|
16-Jun-2007 |
damien |
constify
|
#
1.17 |
|
06-Jun-2007 |
damien |
The license permits us to redistribute this code under the BSD or the GPLv2. Choose the BSD license so that future enhancements will be BSD-only.
ok jsg@ reyk@ deraadt@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.16 |
|
29-Dec-2006 |
reyk |
fix the key buffer size used for software wep, this could cause problems with non-standard wep keys >= 104 bits.
thanks to Alexander Bluhm
ok mglocker@ jsg@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.15 |
|
27-Jun-2006 |
reyk |
add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode and "nwflag nobridge" to prevent inter-station communications. "hidenwid" will also work with wi(4) to replace the old -E 3 option of wicontrol.
ok damien@ jmc@
|
#
1.14 |
|
23-Jun-2006 |
reyk |
add an optional max_rssi attribute to the ieee80211com structure and allow to export the RSSI Max value with ioctls and by radiotap headers.
ok damien@ jsg@
description:
we currently use "dB" as an indication for the signal strength in ifconfig and in the radiotap headers. it means "decibel difference from an arbitrary, fixed reference". this is quite confusing, because different chipsets have different references for the dB/rssi values.
we can use the plain RSSI which is described in IEEE 802.11: "The receive signal strength indicator (RSSI) is an optional parameter that has a value of 0 through RSSI Max.". all wireless chipsets have something like a RSSI (normally as a Rx descriptor field), but the value for RSSI Max is chipset-specific.
if we know the RSSI Max, we can calculate a percentage which is much easier to understand for the user. we even don't have to use the absolute RSSI Max, we can use an average RSSI Max, figured out by monitoring and tuning the RSSI Max of the drivers. if the user gets a signal of 110%, it would mean "better than the average Max signal".
there's no need to do any RSSI calculations in the kernel, it just passes the the relative rssi and max_rssi values to userspace. this is done in the ieee80211_nodereq ioctl structure and possible with a new radiotap header. the radiotap RSSI header allows to get a flexible but common signal indicator instead of the complex and unrelated dB/dBm signal fields. it must include two 8bit values current rssi and RSSI max.
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.13 |
|
13-Sep-2005 |
reyk |
replace the node hash table with a red-black tree. this fixes some bugs in the node table (like duplicate nodes in hostap mode), we get rid of possible hash collisions, and it simplifies the code.
tested by many, ok damien@, jsg@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.12 |
|
25-May-2005 |
reyk |
add ifconfig -M option to replace wicontrol -L and -l for ap scanning and node listing. wicontrol is not supported by net80211 drivers anymore. further improvements will be done.
ok dlg@, jsg@
|
#
1.11 |
|
03-Apr-2005 |
uwe |
remove redundant suser() checks
|
#
1.10 |
|
02-Apr-2005 |
uwe |
Protect SIOCSIFMTU, too.
|
#
1.9 |
|
01-Apr-2005 |
uwe |
Protect more SIOCS* commands with suser() checks.
|
#
1.8 |
|
01-Apr-2005 |
uwe |
Fix some ioctl permission checks on the basis of what if_wi.c does.
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.7 |
|
27-Feb-2005 |
reyk |
remove dead code of unsupported ioctls from FreeBSD. we do it in a different way.
ok deraadt@, martin@
|
#
1.6 |
|
17-Feb-2005 |
reyk |
derived from NetBSD:
--- Make the node table into an LRU cache: least-recently used nodes are at the end of the node queue. Change the reference-counting discipline: ni->ni_refcnt indicates how many times net80211 has granted ni to the driver. Every node in the table with ni_refcnt=0 is eligible to be garbage-collected. The mere presence of a node in the table does not any longer indicate its auth/assoc state; nodes have a ni_state variable, now.
While I am here, patch ieee80211_find_node_for_beacon to do a "best match" by bssid/ssid/channel, not a "perfect match." This keeps net80211 from caching duplicate nodes in the table. ---
ok deraadt@ dlg@, looks good jsg@
|
#
1.5 |
|
15-Feb-2005 |
reyk |
add the manual tx power option. this is supported by some prism2/2.5/3 cards in hostap mode but it depends on the firmware version. support for other wireless chipsets will be added in the future using the net80211-framework.
ok robert@ bob@ danh@, tested by some others
|
#
1.4 |
|
25-Nov-2004 |
reyk |
compatibility ioctls for things like "wicontrol ath0 -l" to list known stations on a net80211-based ap. ok millert@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.3 |
|
28-Jun-2004 |
millert |
Don't restrict WEP keys to exactly 40 or 108 bits.
|
#
1.2 |
|
28-Jun-2004 |
millert |
Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do ap scanning via wicontrol.
|
#
1.1 |
|
22-Jun-2004 |
millert |
Import current NetBSD/FreeBSD 802.11 framework. Based in part on a diff from Matthew Gream.
|
#
1.68 |
|
27-Oct-2018 |
phessler |
clean up accounting of the AUTO_JOIN flag by making sure it is set or cleared based on the state of the joinlist
OK stsp@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.67 |
|
10-Sep-2018 |
phessler |
do not immediately set the join'd network, the join command only updates the list.
makes /etc/netstart very fast when ran while the interface is up
OK stsp@
|
#
1.66 |
|
10-Sep-2018 |
phessler |
use the correct essid when switching during the ioctl path
pointed out by stsp@
|
#
1.65 |
|
09-Sep-2018 |
phessler |
convert the things we save in 'join' into a single ioctl. mixing related settings over multiple calls was risky and racy. Pass essid, wpa, and wep paramaters in a single ioctl and process it atomically.
no change for 'nwid' users
OK stsp@ benno@
|
#
1.64 |
|
01-Sep-2018 |
stsp |
Make 'ifconfig nwid' override 'ifconfig join'.
There was no way to override a decision made by join's network selection algorithm (apart from disabling the feature by clearing the join list). Automatic selection is based on heuristics which cannot always guess correctly so we need to provide an override.
One specific problem was that if 'nwid foo' and 'nwid bar' were both visible in the scan and only 'nwid foo' was a member of the join list, then there was no way at all to connect to 'nwid bar'. The wireless stack would keep selecting 'nwid foo' instead.
'ifconfig iwm0 nwid bar' command will now disable automatic network selection and force the use of ESSID 'bar'. Any of these commands will re-enable automatic network selection: ifconfig iwm0 -nwid ifconfig iwm0 nwid '' ifconfig iwm0 join some-network-id
ok phessler@ deraadt@
|
#
1.63 |
|
06-Aug-2018 |
benno |
make ifconfig <if> join display the list of networks configured for auto-join with feedback from florian and stsp ok florian@ phessler@ (on previous versions of the diff) stsp@
|
#
1.62 |
|
06-Aug-2018 |
stsp |
Refactor ieee80211_add_ess():
Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly from the ic to make it more obvious where this function is reading from.
nwids are binary data with an explicit length, so treat them as such instead of treating them like strings.
ok florian phessler
|
#
1.61 |
|
11-Jul-2018 |
phessler |
Introduce 'auto-join' to the wifi 802.11 stack.
This allows a system to remember which ESSIDs it wants to connect to, any relevant security configuration, and switch to it when the network we are currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if: join home wpakey password join work wpakey mekmitasdigoat join open-lounge join cafe wpakey cafe2018 join "wepnetwork" nwkey "12345" dhcp inet6 autoconf up
OK stsp@ reyk@ and enthusiasm from every hackroom I've been in for the last 3 years
|
#
1.60 |
|
26-Apr-2018 |
pirofti |
net80211: stub SIOCS80211SCAN, make ifconfig scan instant.
The following removes the functionality of the SIOCS80211SCAN ioctl. After long discussions with stps@, mpi@, and deraadt@ we decided that this was the correct way of fixing ifconfig scan from blocking the network stack.
The kernel will continue scanning in the background and filling the nodes array, but ifconfig scan commands will now basically do just a SIOCG80211ALLNODES and pretty print the array. So the output stays the same but is instant.
In fact, when the interface is freshly brought up, if you type fast enough, you can see the array being filled by running multiple ifconfig scans in sequence.
The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4) still need it around. But not for long...
Another change that this introduces is the fact that ifconfig scan no longer plays with UP and DOWN. If the interface is down it complains and exits. This is needed in order to maintain the nodes list.
Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).
Tested by mpi@, landry@, florian@, thanks! OK mpi@.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.59 |
|
19-Feb-2018 |
mpi |
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
#
1.58 |
|
27-Nov-2017 |
stsp |
Stop reporting WPA and WEP keys back to userland. The kernel is not a password database; look your wifi keys up elsewhere.
Discussed with several. ok phessler@ jca@
|
#
1.57 |
|
06-Nov-2017 |
phessler |
move a function declaration, so the whole net80211 stack can disable wep or wpa
OK stsp@
|
#
1.56 |
|
05-Nov-2017 |
phessler |
Changing nwid on a wifi network means it is a new network, so clear the WPA and WEP configuration.
OK pirofti@ stsp@ sthen@
|
#
1.55 |
|
27-Oct-2017 |
jsg |
Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009. ok stsp@ kevlo@ jca@
|
#
1.54 |
|
26-Oct-2017 |
mpi |
Move common code to add/remove multicast filters to ieee80211_ioctl(9).
ok jsg@, stsp@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.53 |
|
19-Jul-2017 |
stsp |
Plug an information leak in ieee80211_node2req(). Problem reported by Ilja Van Sprundel. ok tb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.52 |
|
23-Mar-2017 |
tb |
branches: 1.52.4; Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
#
1.51 |
|
21-Mar-2017 |
stsp |
When a new WPA key is set while WEP is enabled, disable WEP, and when a new WEP key is set while WPA is enabled, disable WPA. Prevents unusable configurations where both WEP and WPA are active and makes switching between WEP/WPA networks easier. ok deraadt@ tb@ sthen@
|
#
1.50 |
|
12-Mar-2017 |
stsp |
Introduce separate fields for supported WPA protocols and AKMs in struct ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it currently configured/enabled settings. Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi interface is not configured to use WPA (my previous commit attempted to fix the same problem but didn't make it work in all cases). ok tb@
|
#
1.49 |
|
11-Mar-2017 |
stsp |
Make 'ifconfig scan' display AP encryption correctly if WEP is configured on the local wifi interface. ifconfig was mistakenly showing the common supported subset of client and AP, rather than showing the AP's capabilities. Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means ifconfig must be recompiled to run on a new kernel. ok deraadt@ mpi@
|
#
1.48 |
|
19-Jan-2017 |
stsp |
Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1. Without this fix it was impossible to use WPA1 without also making use of the wpaciphers option to enable TKIP. Problem noticed by pirofti@. ok mpi@
|
#
1.47 |
|
31-Dec-2016 |
phessler |
When we disable WPA on an interface, wipe all of the WPA parameters, including removing the 802.1x configuration from the card.
Found while coming home from CCC Congress.
OK stsp@
|
#
1.46 |
|
20-Dec-2016 |
stsp |
Disable TKIP (WPA1) by default.
It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard.
TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute.
TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8).
Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@
|
#
1.45 |
|
18-Dec-2016 |
stsp |
While copying out channel flags to userspace, omit the HT channel flag if we're not in 11n mode. This will allow tcpdump to show the mode correctly. ok mpi@
|
#
1.44 |
|
15-Sep-2016 |
dlg |
move from RB macros to the RBT functions.
shaves about 5k off an amd64 GENERIC.MP kernel
|
#
1.43 |
|
31-Aug-2016 |
stsp |
If a driver reports RSSI in the 20-100 range, convert to a negative value. Fixes dBm values displayed by 'ifconfig scan' with several drivers. ok mpi@ jca@
|
#
1.42 |
|
15-Aug-2016 |
stsp |
Expose more 802.11n information to userspace: A flag which indicates whether HT has been negotiated with a node, and the current Tx MCS value we use for a node.
This grows struct ieee80211_nodereq. Applications using it must be recompiled.
ok mpi@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.41 |
|
28-Apr-2016 |
stsp |
branches: 1.41.2; Copy some ieee8021_node HT information to userspace. ifconfig needs to be recompiled. ok mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.40 |
|
04-Jan-2016 |
stsp |
Fix manual scan while associated in 11a mode. It would only show APs on 5GHz. Problem found by benno@ ok benno@ kettenis@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.39 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.38 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.37 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
#
1.36 |
|
12-Sep-2014 |
sthen |
Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes which have been seen but which haven't otherwise interacted with us), fixing a problem where old cached nodes are seen when doing a scan. From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
10-Jul-2014 |
stsp |
Return RSN (WPA) information to userland during wireless scan, and make ifconfig show whether a wireless network uses WEP or WPA. Since struct ieee80211_nodereq grows in size old ifconfig won't be able to scan when running on a new kernel. While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP. ok jsg@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.34 |
|
29-Sep-2010 |
kettenis |
In the implementation of the SIOCS80211DELNODE ioctl, call ieee80211_node_leave() instead of ieee80211_release_node() which screws up reference counting and leads to use after free problems elsewhere in the code. Since ieee80211_node_leave() is only available if hostap support is compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling without hostap support (e.g. on ramdisks).
ok deraadt@, damien@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE
|
#
1.33 |
|
12-Sep-2009 |
miod |
Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.32 |
|
06-Jun-2009 |
damien |
In SIOCS80211SCAN, fail if the interface is not up *and* running. There are cases where the interface can be up but not running, for instance if the driver's if_init routine fails halfway for whatever reason (firmware file not found, hardware switch turned off etc...) This is because in sys/net/if.c, the returned code of the driver is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set. netintro(4) does not say anything about values returned by SIOCSIFFLAGS, so I don't know whether it is the expected behavior or not.
pointed out by halex@ and jacekm@ who noticed it was possible to trigger a scan on wpi(4) even when the hardware switch was turned off.
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.31 |
|
15-Feb-2009 |
damien |
make "ifconfig if0 chan" list the channels supported by the device. add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too.
discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
|
#
1.30 |
|
13-Feb-2009 |
damien |
Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'. Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
|
#
1.29 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.28 |
|
14-Dec-2008 |
jsg |
txpower range checks should be inclusive. From FreeBSD via mickey in pr 6024.
ok damien@
|
#
1.27 |
|
03-Dec-2008 |
damien |
small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific flags using "nwflag".
|
#
1.26 |
|
02-Oct-2008 |
brad |
First step towards cleaning up the Ethernet driver ioctl handling. Move calling ether_ioctl() from the top of the ioctl function, which at the moment does absolutely nothing, to the default switch case. Thus allowing drivers to define their own ioctl handlers and then falling back on ether_ioctl(). The only functional change this results in at the moment is having all Ethernet drivers returning the proper errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown ioctl's.
Shrinks the i386 kernels by.. RAMDISK - 1024 bytes RAMDISKB - 1120 bytes RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@ Build tested on almost all archs by todd@/brad@
ok jsing@
|
#
1.25 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.24 |
|
29-Aug-2008 |
damien |
move code to support Frequency-Hopping spread spectrum (FHSS) PHYs to the Attic. nothing uses it in the tree and it is very unlikely that something will use it one day. the only driver supporting FHSS PHYs in the tree is ray(4) and it does not use net80211.
|
#
1.23 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.22 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.21 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.20 |
|
25-Nov-2007 |
brad |
return ENOTTY not EINVAL for an unknown ioctl.
ok reyk@ deraadt@ jsg@ dlg@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.19 |
|
18-Jul-2007 |
damien |
replace the ieee80211_wepkey structure with a more generic ieee80211_key one that can be used with other ciphers than WEP.
|
#
1.18 |
|
16-Jun-2007 |
damien |
constify
|
#
1.17 |
|
06-Jun-2007 |
damien |
The license permits us to redistribute this code under the BSD or the GPLv2. Choose the BSD license so that future enhancements will be BSD-only.
ok jsg@ reyk@ deraadt@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.16 |
|
29-Dec-2006 |
reyk |
fix the key buffer size used for software wep, this could cause problems with non-standard wep keys >= 104 bits.
thanks to Alexander Bluhm
ok mglocker@ jsg@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.15 |
|
27-Jun-2006 |
reyk |
add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode and "nwflag nobridge" to prevent inter-station communications. "hidenwid" will also work with wi(4) to replace the old -E 3 option of wicontrol.
ok damien@ jmc@
|
#
1.14 |
|
23-Jun-2006 |
reyk |
add an optional max_rssi attribute to the ieee80211com structure and allow to export the RSSI Max value with ioctls and by radiotap headers.
ok damien@ jsg@
description:
we currently use "dB" as an indication for the signal strength in ifconfig and in the radiotap headers. it means "decibel difference from an arbitrary, fixed reference". this is quite confusing, because different chipsets have different references for the dB/rssi values.
we can use the plain RSSI which is described in IEEE 802.11: "The receive signal strength indicator (RSSI) is an optional parameter that has a value of 0 through RSSI Max.". all wireless chipsets have something like a RSSI (normally as a Rx descriptor field), but the value for RSSI Max is chipset-specific.
if we know the RSSI Max, we can calculate a percentage which is much easier to understand for the user. we even don't have to use the absolute RSSI Max, we can use an average RSSI Max, figured out by monitoring and tuning the RSSI Max of the drivers. if the user gets a signal of 110%, it would mean "better than the average Max signal".
there's no need to do any RSSI calculations in the kernel, it just passes the the relative rssi and max_rssi values to userspace. this is done in the ieee80211_nodereq ioctl structure and possible with a new radiotap header. the radiotap RSSI header allows to get a flexible but common signal indicator instead of the complex and unrelated dB/dBm signal fields. it must include two 8bit values current rssi and RSSI max.
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.13 |
|
13-Sep-2005 |
reyk |
replace the node hash table with a red-black tree. this fixes some bugs in the node table (like duplicate nodes in hostap mode), we get rid of possible hash collisions, and it simplifies the code.
tested by many, ok damien@, jsg@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.12 |
|
25-May-2005 |
reyk |
add ifconfig -M option to replace wicontrol -L and -l for ap scanning and node listing. wicontrol is not supported by net80211 drivers anymore. further improvements will be done.
ok dlg@, jsg@
|
#
1.11 |
|
03-Apr-2005 |
uwe |
remove redundant suser() checks
|
#
1.10 |
|
02-Apr-2005 |
uwe |
Protect SIOCSIFMTU, too.
|
#
1.9 |
|
01-Apr-2005 |
uwe |
Protect more SIOCS* commands with suser() checks.
|
#
1.8 |
|
01-Apr-2005 |
uwe |
Fix some ioctl permission checks on the basis of what if_wi.c does.
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.7 |
|
27-Feb-2005 |
reyk |
remove dead code of unsupported ioctls from FreeBSD. we do it in a different way.
ok deraadt@, martin@
|
#
1.6 |
|
17-Feb-2005 |
reyk |
derived from NetBSD:
--- Make the node table into an LRU cache: least-recently used nodes are at the end of the node queue. Change the reference-counting discipline: ni->ni_refcnt indicates how many times net80211 has granted ni to the driver. Every node in the table with ni_refcnt=0 is eligible to be garbage-collected. The mere presence of a node in the table does not any longer indicate its auth/assoc state; nodes have a ni_state variable, now.
While I am here, patch ieee80211_find_node_for_beacon to do a "best match" by bssid/ssid/channel, not a "perfect match." This keeps net80211 from caching duplicate nodes in the table. ---
ok deraadt@ dlg@, looks good jsg@
|
#
1.5 |
|
15-Feb-2005 |
reyk |
add the manual tx power option. this is supported by some prism2/2.5/3 cards in hostap mode but it depends on the firmware version. support for other wireless chipsets will be added in the future using the net80211-framework.
ok robert@ bob@ danh@, tested by some others
|
#
1.4 |
|
25-Nov-2004 |
reyk |
compatibility ioctls for things like "wicontrol ath0 -l" to list known stations on a net80211-based ap. ok millert@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.3 |
|
28-Jun-2004 |
millert |
Don't restrict WEP keys to exactly 40 or 108 bits.
|
#
1.2 |
|
28-Jun-2004 |
millert |
Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do ap scanning via wicontrol.
|
#
1.1 |
|
22-Jun-2004 |
millert |
Import current NetBSD/FreeBSD 802.11 framework. Based in part on a diff from Matthew Gream.
|
#
1.67 |
|
10-Sep-2018 |
phessler |
do not immediately set the join'd network, the join command only updates the list.
makes /etc/netstart very fast when ran while the interface is up
OK stsp@
|
#
1.66 |
|
10-Sep-2018 |
phessler |
use the correct essid when switching during the ioctl path
pointed out by stsp@
|
#
1.65 |
|
09-Sep-2018 |
phessler |
convert the things we save in 'join' into a single ioctl. mixing related settings over multiple calls was risky and racy. Pass essid, wpa, and wep paramaters in a single ioctl and process it atomically.
no change for 'nwid' users
OK stsp@ benno@
|
#
1.64 |
|
01-Sep-2018 |
stsp |
Make 'ifconfig nwid' override 'ifconfig join'.
There was no way to override a decision made by join's network selection algorithm (apart from disabling the feature by clearing the join list). Automatic selection is based on heuristics which cannot always guess correctly so we need to provide an override.
One specific problem was that if 'nwid foo' and 'nwid bar' were both visible in the scan and only 'nwid foo' was a member of the join list, then there was no way at all to connect to 'nwid bar'. The wireless stack would keep selecting 'nwid foo' instead.
'ifconfig iwm0 nwid bar' command will now disable automatic network selection and force the use of ESSID 'bar'. Any of these commands will re-enable automatic network selection: ifconfig iwm0 -nwid ifconfig iwm0 nwid '' ifconfig iwm0 join some-network-id
ok phessler@ deraadt@
|
#
1.63 |
|
06-Aug-2018 |
benno |
make ifconfig <if> join display the list of networks configured for auto-join with feedback from florian and stsp ok florian@ phessler@ (on previous versions of the diff) stsp@
|
#
1.62 |
|
06-Aug-2018 |
stsp |
Refactor ieee80211_add_ess():
Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly from the ic to make it more obvious where this function is reading from.
nwids are binary data with an explicit length, so treat them as such instead of treating them like strings.
ok florian phessler
|
#
1.61 |
|
11-Jul-2018 |
phessler |
Introduce 'auto-join' to the wifi 802.11 stack.
This allows a system to remember which ESSIDs it wants to connect to, any relevant security configuration, and switch to it when the network we are currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if: join home wpakey password join work wpakey mekmitasdigoat join open-lounge join cafe wpakey cafe2018 join "wepnetwork" nwkey "12345" dhcp inet6 autoconf up
OK stsp@ reyk@ and enthusiasm from every hackroom I've been in for the last 3 years
|
#
1.60 |
|
26-Apr-2018 |
pirofti |
net80211: stub SIOCS80211SCAN, make ifconfig scan instant.
The following removes the functionality of the SIOCS80211SCAN ioctl. After long discussions with stps@, mpi@, and deraadt@ we decided that this was the correct way of fixing ifconfig scan from blocking the network stack.
The kernel will continue scanning in the background and filling the nodes array, but ifconfig scan commands will now basically do just a SIOCG80211ALLNODES and pretty print the array. So the output stays the same but is instant.
In fact, when the interface is freshly brought up, if you type fast enough, you can see the array being filled by running multiple ifconfig scans in sequence.
The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4) still need it around. But not for long...
Another change that this introduces is the fact that ifconfig scan no longer plays with UP and DOWN. If the interface is down it complains and exits. This is needed in order to maintain the nodes list.
Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).
Tested by mpi@, landry@, florian@, thanks! OK mpi@.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.59 |
|
19-Feb-2018 |
mpi |
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
#
1.58 |
|
27-Nov-2017 |
stsp |
Stop reporting WPA and WEP keys back to userland. The kernel is not a password database; look your wifi keys up elsewhere.
Discussed with several. ok phessler@ jca@
|
#
1.57 |
|
06-Nov-2017 |
phessler |
move a function declaration, so the whole net80211 stack can disable wep or wpa
OK stsp@
|
#
1.56 |
|
05-Nov-2017 |
phessler |
Changing nwid on a wifi network means it is a new network, so clear the WPA and WEP configuration.
OK pirofti@ stsp@ sthen@
|
#
1.55 |
|
27-Oct-2017 |
jsg |
Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009. ok stsp@ kevlo@ jca@
|
#
1.54 |
|
26-Oct-2017 |
mpi |
Move common code to add/remove multicast filters to ieee80211_ioctl(9).
ok jsg@, stsp@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.53 |
|
19-Jul-2017 |
stsp |
Plug an information leak in ieee80211_node2req(). Problem reported by Ilja Van Sprundel. ok tb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.52 |
|
23-Mar-2017 |
tb |
branches: 1.52.4; Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
#
1.51 |
|
21-Mar-2017 |
stsp |
When a new WPA key is set while WEP is enabled, disable WEP, and when a new WEP key is set while WPA is enabled, disable WPA. Prevents unusable configurations where both WEP and WPA are active and makes switching between WEP/WPA networks easier. ok deraadt@ tb@ sthen@
|
#
1.50 |
|
12-Mar-2017 |
stsp |
Introduce separate fields for supported WPA protocols and AKMs in struct ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it currently configured/enabled settings. Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi interface is not configured to use WPA (my previous commit attempted to fix the same problem but didn't make it work in all cases). ok tb@
|
#
1.49 |
|
11-Mar-2017 |
stsp |
Make 'ifconfig scan' display AP encryption correctly if WEP is configured on the local wifi interface. ifconfig was mistakenly showing the common supported subset of client and AP, rather than showing the AP's capabilities. Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means ifconfig must be recompiled to run on a new kernel. ok deraadt@ mpi@
|
#
1.48 |
|
19-Jan-2017 |
stsp |
Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1. Without this fix it was impossible to use WPA1 without also making use of the wpaciphers option to enable TKIP. Problem noticed by pirofti@. ok mpi@
|
#
1.47 |
|
31-Dec-2016 |
phessler |
When we disable WPA on an interface, wipe all of the WPA parameters, including removing the 802.1x configuration from the card.
Found while coming home from CCC Congress.
OK stsp@
|
#
1.46 |
|
20-Dec-2016 |
stsp |
Disable TKIP (WPA1) by default.
It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard.
TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute.
TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8).
Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@
|
#
1.45 |
|
18-Dec-2016 |
stsp |
While copying out channel flags to userspace, omit the HT channel flag if we're not in 11n mode. This will allow tcpdump to show the mode correctly. ok mpi@
|
#
1.44 |
|
15-Sep-2016 |
dlg |
move from RB macros to the RBT functions.
shaves about 5k off an amd64 GENERIC.MP kernel
|
#
1.43 |
|
31-Aug-2016 |
stsp |
If a driver reports RSSI in the 20-100 range, convert to a negative value. Fixes dBm values displayed by 'ifconfig scan' with several drivers. ok mpi@ jca@
|
#
1.42 |
|
15-Aug-2016 |
stsp |
Expose more 802.11n information to userspace: A flag which indicates whether HT has been negotiated with a node, and the current Tx MCS value we use for a node.
This grows struct ieee80211_nodereq. Applications using it must be recompiled.
ok mpi@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.41 |
|
28-Apr-2016 |
stsp |
branches: 1.41.2; Copy some ieee8021_node HT information to userspace. ifconfig needs to be recompiled. ok mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.40 |
|
04-Jan-2016 |
stsp |
Fix manual scan while associated in 11a mode. It would only show APs on 5GHz. Problem found by benno@ ok benno@ kettenis@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.39 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.38 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.37 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
#
1.36 |
|
12-Sep-2014 |
sthen |
Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes which have been seen but which haven't otherwise interacted with us), fixing a problem where old cached nodes are seen when doing a scan. From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
10-Jul-2014 |
stsp |
Return RSN (WPA) information to userland during wireless scan, and make ifconfig show whether a wireless network uses WEP or WPA. Since struct ieee80211_nodereq grows in size old ifconfig won't be able to scan when running on a new kernel. While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP. ok jsg@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.34 |
|
29-Sep-2010 |
kettenis |
In the implementation of the SIOCS80211DELNODE ioctl, call ieee80211_node_leave() instead of ieee80211_release_node() which screws up reference counting and leads to use after free problems elsewhere in the code. Since ieee80211_node_leave() is only available if hostap support is compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling without hostap support (e.g. on ramdisks).
ok deraadt@, damien@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE
|
#
1.33 |
|
12-Sep-2009 |
miod |
Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.32 |
|
06-Jun-2009 |
damien |
In SIOCS80211SCAN, fail if the interface is not up *and* running. There are cases where the interface can be up but not running, for instance if the driver's if_init routine fails halfway for whatever reason (firmware file not found, hardware switch turned off etc...) This is because in sys/net/if.c, the returned code of the driver is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set. netintro(4) does not say anything about values returned by SIOCSIFFLAGS, so I don't know whether it is the expected behavior or not.
pointed out by halex@ and jacekm@ who noticed it was possible to trigger a scan on wpi(4) even when the hardware switch was turned off.
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.31 |
|
15-Feb-2009 |
damien |
make "ifconfig if0 chan" list the channels supported by the device. add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too.
discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
|
#
1.30 |
|
13-Feb-2009 |
damien |
Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'. Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
|
#
1.29 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.28 |
|
14-Dec-2008 |
jsg |
txpower range checks should be inclusive. From FreeBSD via mickey in pr 6024.
ok damien@
|
#
1.27 |
|
03-Dec-2008 |
damien |
small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific flags using "nwflag".
|
#
1.26 |
|
02-Oct-2008 |
brad |
First step towards cleaning up the Ethernet driver ioctl handling. Move calling ether_ioctl() from the top of the ioctl function, which at the moment does absolutely nothing, to the default switch case. Thus allowing drivers to define their own ioctl handlers and then falling back on ether_ioctl(). The only functional change this results in at the moment is having all Ethernet drivers returning the proper errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown ioctl's.
Shrinks the i386 kernels by.. RAMDISK - 1024 bytes RAMDISKB - 1120 bytes RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@ Build tested on almost all archs by todd@/brad@
ok jsing@
|
#
1.25 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.24 |
|
29-Aug-2008 |
damien |
move code to support Frequency-Hopping spread spectrum (FHSS) PHYs to the Attic. nothing uses it in the tree and it is very unlikely that something will use it one day. the only driver supporting FHSS PHYs in the tree is ray(4) and it does not use net80211.
|
#
1.23 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.22 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.21 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.20 |
|
25-Nov-2007 |
brad |
return ENOTTY not EINVAL for an unknown ioctl.
ok reyk@ deraadt@ jsg@ dlg@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.19 |
|
18-Jul-2007 |
damien |
replace the ieee80211_wepkey structure with a more generic ieee80211_key one that can be used with other ciphers than WEP.
|
#
1.18 |
|
16-Jun-2007 |
damien |
constify
|
#
1.17 |
|
06-Jun-2007 |
damien |
The license permits us to redistribute this code under the BSD or the GPLv2. Choose the BSD license so that future enhancements will be BSD-only.
ok jsg@ reyk@ deraadt@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.16 |
|
29-Dec-2006 |
reyk |
fix the key buffer size used for software wep, this could cause problems with non-standard wep keys >= 104 bits.
thanks to Alexander Bluhm
ok mglocker@ jsg@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.15 |
|
27-Jun-2006 |
reyk |
add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode and "nwflag nobridge" to prevent inter-station communications. "hidenwid" will also work with wi(4) to replace the old -E 3 option of wicontrol.
ok damien@ jmc@
|
#
1.14 |
|
23-Jun-2006 |
reyk |
add an optional max_rssi attribute to the ieee80211com structure and allow to export the RSSI Max value with ioctls and by radiotap headers.
ok damien@ jsg@
description:
we currently use "dB" as an indication for the signal strength in ifconfig and in the radiotap headers. it means "decibel difference from an arbitrary, fixed reference". this is quite confusing, because different chipsets have different references for the dB/rssi values.
we can use the plain RSSI which is described in IEEE 802.11: "The receive signal strength indicator (RSSI) is an optional parameter that has a value of 0 through RSSI Max.". all wireless chipsets have something like a RSSI (normally as a Rx descriptor field), but the value for RSSI Max is chipset-specific.
if we know the RSSI Max, we can calculate a percentage which is much easier to understand for the user. we even don't have to use the absolute RSSI Max, we can use an average RSSI Max, figured out by monitoring and tuning the RSSI Max of the drivers. if the user gets a signal of 110%, it would mean "better than the average Max signal".
there's no need to do any RSSI calculations in the kernel, it just passes the the relative rssi and max_rssi values to userspace. this is done in the ieee80211_nodereq ioctl structure and possible with a new radiotap header. the radiotap RSSI header allows to get a flexible but common signal indicator instead of the complex and unrelated dB/dBm signal fields. it must include two 8bit values current rssi and RSSI max.
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.13 |
|
13-Sep-2005 |
reyk |
replace the node hash table with a red-black tree. this fixes some bugs in the node table (like duplicate nodes in hostap mode), we get rid of possible hash collisions, and it simplifies the code.
tested by many, ok damien@, jsg@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.12 |
|
25-May-2005 |
reyk |
add ifconfig -M option to replace wicontrol -L and -l for ap scanning and node listing. wicontrol is not supported by net80211 drivers anymore. further improvements will be done.
ok dlg@, jsg@
|
#
1.11 |
|
03-Apr-2005 |
uwe |
remove redundant suser() checks
|
#
1.10 |
|
02-Apr-2005 |
uwe |
Protect SIOCSIFMTU, too.
|
#
1.9 |
|
01-Apr-2005 |
uwe |
Protect more SIOCS* commands with suser() checks.
|
#
1.8 |
|
01-Apr-2005 |
uwe |
Fix some ioctl permission checks on the basis of what if_wi.c does.
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.7 |
|
27-Feb-2005 |
reyk |
remove dead code of unsupported ioctls from FreeBSD. we do it in a different way.
ok deraadt@, martin@
|
#
1.6 |
|
17-Feb-2005 |
reyk |
derived from NetBSD:
--- Make the node table into an LRU cache: least-recently used nodes are at the end of the node queue. Change the reference-counting discipline: ni->ni_refcnt indicates how many times net80211 has granted ni to the driver. Every node in the table with ni_refcnt=0 is eligible to be garbage-collected. The mere presence of a node in the table does not any longer indicate its auth/assoc state; nodes have a ni_state variable, now.
While I am here, patch ieee80211_find_node_for_beacon to do a "best match" by bssid/ssid/channel, not a "perfect match." This keeps net80211 from caching duplicate nodes in the table. ---
ok deraadt@ dlg@, looks good jsg@
|
#
1.5 |
|
15-Feb-2005 |
reyk |
add the manual tx power option. this is supported by some prism2/2.5/3 cards in hostap mode but it depends on the firmware version. support for other wireless chipsets will be added in the future using the net80211-framework.
ok robert@ bob@ danh@, tested by some others
|
#
1.4 |
|
25-Nov-2004 |
reyk |
compatibility ioctls for things like "wicontrol ath0 -l" to list known stations on a net80211-based ap. ok millert@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.3 |
|
28-Jun-2004 |
millert |
Don't restrict WEP keys to exactly 40 or 108 bits.
|
#
1.2 |
|
28-Jun-2004 |
millert |
Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do ap scanning via wicontrol.
|
#
1.1 |
|
22-Jun-2004 |
millert |
Import current NetBSD/FreeBSD 802.11 framework. Based in part on a diff from Matthew Gream.
|
#
1.63 |
|
06-Aug-2018 |
benno |
make ifconfig <if> join display the list of networks configured for auto-join with feedback from florian and stsp ok florian@ phessler@ (on previous versions of the diff) stsp@
|
#
1.62 |
|
06-Aug-2018 |
stsp |
Refactor ieee80211_add_ess():
Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly from the ic to make it more obvious where this function is reading from.
nwids are binary data with an explicit length, so treat them as such instead of treating them like strings.
ok florian phessler
|
#
1.61 |
|
11-Jul-2018 |
phessler |
Introduce 'auto-join' to the wifi 802.11 stack.
This allows a system to remember which ESSIDs it wants to connect to, any relevant security configuration, and switch to it when the network we are currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if: join home wpakey password join work wpakey mekmitasdigoat join open-lounge join cafe wpakey cafe2018 join "wepnetwork" nwkey "12345" dhcp inet6 autoconf up
OK stsp@ reyk@ and enthusiasm from every hackroom I've been in for the last 3 years
|
#
1.60 |
|
26-Apr-2018 |
pirofti |
net80211: stub SIOCS80211SCAN, make ifconfig scan instant.
The following removes the functionality of the SIOCS80211SCAN ioctl. After long discussions with stps@, mpi@, and deraadt@ we decided that this was the correct way of fixing ifconfig scan from blocking the network stack.
The kernel will continue scanning in the background and filling the nodes array, but ifconfig scan commands will now basically do just a SIOCG80211ALLNODES and pretty print the array. So the output stays the same but is instant.
In fact, when the interface is freshly brought up, if you type fast enough, you can see the array being filled by running multiple ifconfig scans in sequence.
The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4) still need it around. But not for long...
Another change that this introduces is the fact that ifconfig scan no longer plays with UP and DOWN. If the interface is down it complains and exits. This is needed in order to maintain the nodes list.
Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).
Tested by mpi@, landry@, florian@, thanks! OK mpi@.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.59 |
|
19-Feb-2018 |
mpi |
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
#
1.58 |
|
27-Nov-2017 |
stsp |
Stop reporting WPA and WEP keys back to userland. The kernel is not a password database; look your wifi keys up elsewhere.
Discussed with several. ok phessler@ jca@
|
#
1.57 |
|
06-Nov-2017 |
phessler |
move a function declaration, so the whole net80211 stack can disable wep or wpa
OK stsp@
|
#
1.56 |
|
05-Nov-2017 |
phessler |
Changing nwid on a wifi network means it is a new network, so clear the WPA and WEP configuration.
OK pirofti@ stsp@ sthen@
|
#
1.55 |
|
27-Oct-2017 |
jsg |
Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009. ok stsp@ kevlo@ jca@
|
#
1.54 |
|
26-Oct-2017 |
mpi |
Move common code to add/remove multicast filters to ieee80211_ioctl(9).
ok jsg@, stsp@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.53 |
|
19-Jul-2017 |
stsp |
Plug an information leak in ieee80211_node2req(). Problem reported by Ilja Van Sprundel. ok tb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.52 |
|
23-Mar-2017 |
tb |
branches: 1.52.4; Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
#
1.51 |
|
21-Mar-2017 |
stsp |
When a new WPA key is set while WEP is enabled, disable WEP, and when a new WEP key is set while WPA is enabled, disable WPA. Prevents unusable configurations where both WEP and WPA are active and makes switching between WEP/WPA networks easier. ok deraadt@ tb@ sthen@
|
#
1.50 |
|
12-Mar-2017 |
stsp |
Introduce separate fields for supported WPA protocols and AKMs in struct ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it currently configured/enabled settings. Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi interface is not configured to use WPA (my previous commit attempted to fix the same problem but didn't make it work in all cases). ok tb@
|
#
1.49 |
|
11-Mar-2017 |
stsp |
Make 'ifconfig scan' display AP encryption correctly if WEP is configured on the local wifi interface. ifconfig was mistakenly showing the common supported subset of client and AP, rather than showing the AP's capabilities. Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means ifconfig must be recompiled to run on a new kernel. ok deraadt@ mpi@
|
#
1.48 |
|
19-Jan-2017 |
stsp |
Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1. Without this fix it was impossible to use WPA1 without also making use of the wpaciphers option to enable TKIP. Problem noticed by pirofti@. ok mpi@
|
#
1.47 |
|
31-Dec-2016 |
phessler |
When we disable WPA on an interface, wipe all of the WPA parameters, including removing the 802.1x configuration from the card.
Found while coming home from CCC Congress.
OK stsp@
|
#
1.46 |
|
20-Dec-2016 |
stsp |
Disable TKIP (WPA1) by default.
It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard.
TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute.
TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8).
Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@
|
#
1.45 |
|
18-Dec-2016 |
stsp |
While copying out channel flags to userspace, omit the HT channel flag if we're not in 11n mode. This will allow tcpdump to show the mode correctly. ok mpi@
|
#
1.44 |
|
15-Sep-2016 |
dlg |
move from RB macros to the RBT functions.
shaves about 5k off an amd64 GENERIC.MP kernel
|
#
1.43 |
|
31-Aug-2016 |
stsp |
If a driver reports RSSI in the 20-100 range, convert to a negative value. Fixes dBm values displayed by 'ifconfig scan' with several drivers. ok mpi@ jca@
|
#
1.42 |
|
15-Aug-2016 |
stsp |
Expose more 802.11n information to userspace: A flag which indicates whether HT has been negotiated with a node, and the current Tx MCS value we use for a node.
This grows struct ieee80211_nodereq. Applications using it must be recompiled.
ok mpi@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.41 |
|
28-Apr-2016 |
stsp |
branches: 1.41.2; Copy some ieee8021_node HT information to userspace. ifconfig needs to be recompiled. ok mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.40 |
|
04-Jan-2016 |
stsp |
Fix manual scan while associated in 11a mode. It would only show APs on 5GHz. Problem found by benno@ ok benno@ kettenis@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.39 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.38 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.37 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
#
1.36 |
|
12-Sep-2014 |
sthen |
Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes which have been seen but which haven't otherwise interacted with us), fixing a problem where old cached nodes are seen when doing a scan. From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
10-Jul-2014 |
stsp |
Return RSN (WPA) information to userland during wireless scan, and make ifconfig show whether a wireless network uses WEP or WPA. Since struct ieee80211_nodereq grows in size old ifconfig won't be able to scan when running on a new kernel. While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP. ok jsg@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.34 |
|
29-Sep-2010 |
kettenis |
In the implementation of the SIOCS80211DELNODE ioctl, call ieee80211_node_leave() instead of ieee80211_release_node() which screws up reference counting and leads to use after free problems elsewhere in the code. Since ieee80211_node_leave() is only available if hostap support is compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling without hostap support (e.g. on ramdisks).
ok deraadt@, damien@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE
|
#
1.33 |
|
12-Sep-2009 |
miod |
Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.32 |
|
06-Jun-2009 |
damien |
In SIOCS80211SCAN, fail if the interface is not up *and* running. There are cases where the interface can be up but not running, for instance if the driver's if_init routine fails halfway for whatever reason (firmware file not found, hardware switch turned off etc...) This is because in sys/net/if.c, the returned code of the driver is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set. netintro(4) does not say anything about values returned by SIOCSIFFLAGS, so I don't know whether it is the expected behavior or not.
pointed out by halex@ and jacekm@ who noticed it was possible to trigger a scan on wpi(4) even when the hardware switch was turned off.
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.31 |
|
15-Feb-2009 |
damien |
make "ifconfig if0 chan" list the channels supported by the device. add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too.
discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
|
#
1.30 |
|
13-Feb-2009 |
damien |
Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'. Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
|
#
1.29 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.28 |
|
14-Dec-2008 |
jsg |
txpower range checks should be inclusive. From FreeBSD via mickey in pr 6024.
ok damien@
|
#
1.27 |
|
03-Dec-2008 |
damien |
small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific flags using "nwflag".
|
#
1.26 |
|
02-Oct-2008 |
brad |
First step towards cleaning up the Ethernet driver ioctl handling. Move calling ether_ioctl() from the top of the ioctl function, which at the moment does absolutely nothing, to the default switch case. Thus allowing drivers to define their own ioctl handlers and then falling back on ether_ioctl(). The only functional change this results in at the moment is having all Ethernet drivers returning the proper errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown ioctl's.
Shrinks the i386 kernels by.. RAMDISK - 1024 bytes RAMDISKB - 1120 bytes RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@ Build tested on almost all archs by todd@/brad@
ok jsing@
|
#
1.25 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.24 |
|
29-Aug-2008 |
damien |
move code to support Frequency-Hopping spread spectrum (FHSS) PHYs to the Attic. nothing uses it in the tree and it is very unlikely that something will use it one day. the only driver supporting FHSS PHYs in the tree is ray(4) and it does not use net80211.
|
#
1.23 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.22 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.21 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.20 |
|
25-Nov-2007 |
brad |
return ENOTTY not EINVAL for an unknown ioctl.
ok reyk@ deraadt@ jsg@ dlg@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.19 |
|
18-Jul-2007 |
damien |
replace the ieee80211_wepkey structure with a more generic ieee80211_key one that can be used with other ciphers than WEP.
|
#
1.18 |
|
16-Jun-2007 |
damien |
constify
|
#
1.17 |
|
06-Jun-2007 |
damien |
The license permits us to redistribute this code under the BSD or the GPLv2. Choose the BSD license so that future enhancements will be BSD-only.
ok jsg@ reyk@ deraadt@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.16 |
|
29-Dec-2006 |
reyk |
fix the key buffer size used for software wep, this could cause problems with non-standard wep keys >= 104 bits.
thanks to Alexander Bluhm
ok mglocker@ jsg@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.15 |
|
27-Jun-2006 |
reyk |
add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode and "nwflag nobridge" to prevent inter-station communications. "hidenwid" will also work with wi(4) to replace the old -E 3 option of wicontrol.
ok damien@ jmc@
|
#
1.14 |
|
23-Jun-2006 |
reyk |
add an optional max_rssi attribute to the ieee80211com structure and allow to export the RSSI Max value with ioctls and by radiotap headers.
ok damien@ jsg@
description:
we currently use "dB" as an indication for the signal strength in ifconfig and in the radiotap headers. it means "decibel difference from an arbitrary, fixed reference". this is quite confusing, because different chipsets have different references for the dB/rssi values.
we can use the plain RSSI which is described in IEEE 802.11: "The receive signal strength indicator (RSSI) is an optional parameter that has a value of 0 through RSSI Max.". all wireless chipsets have something like a RSSI (normally as a Rx descriptor field), but the value for RSSI Max is chipset-specific.
if we know the RSSI Max, we can calculate a percentage which is much easier to understand for the user. we even don't have to use the absolute RSSI Max, we can use an average RSSI Max, figured out by monitoring and tuning the RSSI Max of the drivers. if the user gets a signal of 110%, it would mean "better than the average Max signal".
there's no need to do any RSSI calculations in the kernel, it just passes the the relative rssi and max_rssi values to userspace. this is done in the ieee80211_nodereq ioctl structure and possible with a new radiotap header. the radiotap RSSI header allows to get a flexible but common signal indicator instead of the complex and unrelated dB/dBm signal fields. it must include two 8bit values current rssi and RSSI max.
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.13 |
|
13-Sep-2005 |
reyk |
replace the node hash table with a red-black tree. this fixes some bugs in the node table (like duplicate nodes in hostap mode), we get rid of possible hash collisions, and it simplifies the code.
tested by many, ok damien@, jsg@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.12 |
|
25-May-2005 |
reyk |
add ifconfig -M option to replace wicontrol -L and -l for ap scanning and node listing. wicontrol is not supported by net80211 drivers anymore. further improvements will be done.
ok dlg@, jsg@
|
#
1.11 |
|
03-Apr-2005 |
uwe |
remove redundant suser() checks
|
#
1.10 |
|
02-Apr-2005 |
uwe |
Protect SIOCSIFMTU, too.
|
#
1.9 |
|
01-Apr-2005 |
uwe |
Protect more SIOCS* commands with suser() checks.
|
#
1.8 |
|
01-Apr-2005 |
uwe |
Fix some ioctl permission checks on the basis of what if_wi.c does.
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.7 |
|
27-Feb-2005 |
reyk |
remove dead code of unsupported ioctls from FreeBSD. we do it in a different way.
ok deraadt@, martin@
|
#
1.6 |
|
17-Feb-2005 |
reyk |
derived from NetBSD:
--- Make the node table into an LRU cache: least-recently used nodes are at the end of the node queue. Change the reference-counting discipline: ni->ni_refcnt indicates how many times net80211 has granted ni to the driver. Every node in the table with ni_refcnt=0 is eligible to be garbage-collected. The mere presence of a node in the table does not any longer indicate its auth/assoc state; nodes have a ni_state variable, now.
While I am here, patch ieee80211_find_node_for_beacon to do a "best match" by bssid/ssid/channel, not a "perfect match." This keeps net80211 from caching duplicate nodes in the table. ---
ok deraadt@ dlg@, looks good jsg@
|
#
1.5 |
|
15-Feb-2005 |
reyk |
add the manual tx power option. this is supported by some prism2/2.5/3 cards in hostap mode but it depends on the firmware version. support for other wireless chipsets will be added in the future using the net80211-framework.
ok robert@ bob@ danh@, tested by some others
|
#
1.4 |
|
25-Nov-2004 |
reyk |
compatibility ioctls for things like "wicontrol ath0 -l" to list known stations on a net80211-based ap. ok millert@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.3 |
|
28-Jun-2004 |
millert |
Don't restrict WEP keys to exactly 40 or 108 bits.
|
#
1.2 |
|
28-Jun-2004 |
millert |
Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do ap scanning via wicontrol.
|
#
1.1 |
|
22-Jun-2004 |
millert |
Import current NetBSD/FreeBSD 802.11 framework. Based in part on a diff from Matthew Gream.
|
#
1.61 |
|
11-Jul-2018 |
phessler |
Introduce 'auto-join' to the wifi 802.11 stack.
This allows a system to remember which ESSIDs it wants to connect to, any relevant security configuration, and switch to it when the network we are currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if: join home wpakey password join work wpakey mekmitasdigoat join open-lounge join cafe wpakey cafe2018 join "wepnetwork" nwkey "12345" dhcp inet6 autoconf up
OK stsp@ reyk@ and enthusiasm from every hackroom I've been in for the last 3 years
|
#
1.60 |
|
26-Apr-2018 |
pirofti |
net80211: stub SIOCS80211SCAN, make ifconfig scan instant.
The following removes the functionality of the SIOCS80211SCAN ioctl. After long discussions with stps@, mpi@, and deraadt@ we decided that this was the correct way of fixing ifconfig scan from blocking the network stack.
The kernel will continue scanning in the background and filling the nodes array, but ifconfig scan commands will now basically do just a SIOCG80211ALLNODES and pretty print the array. So the output stays the same but is instant.
In fact, when the interface is freshly brought up, if you type fast enough, you can see the array being filled by running multiple ifconfig scans in sequence.
The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4) still need it around. But not for long...
Another change that this introduces is the fact that ifconfig scan no longer plays with UP and DOWN. If the interface is down it complains and exits. This is needed in order to maintain the nodes list.
Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).
Tested by mpi@, landry@, florian@, thanks! OK mpi@.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.59 |
|
19-Feb-2018 |
mpi |
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
#
1.58 |
|
27-Nov-2017 |
stsp |
Stop reporting WPA and WEP keys back to userland. The kernel is not a password database; look your wifi keys up elsewhere.
Discussed with several. ok phessler@ jca@
|
#
1.57 |
|
06-Nov-2017 |
phessler |
move a function declaration, so the whole net80211 stack can disable wep or wpa
OK stsp@
|
#
1.56 |
|
05-Nov-2017 |
phessler |
Changing nwid on a wifi network means it is a new network, so clear the WPA and WEP configuration.
OK pirofti@ stsp@ sthen@
|
#
1.55 |
|
27-Oct-2017 |
jsg |
Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009. ok stsp@ kevlo@ jca@
|
#
1.54 |
|
26-Oct-2017 |
mpi |
Move common code to add/remove multicast filters to ieee80211_ioctl(9).
ok jsg@, stsp@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.53 |
|
19-Jul-2017 |
stsp |
Plug an information leak in ieee80211_node2req(). Problem reported by Ilja Van Sprundel. ok tb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.52 |
|
23-Mar-2017 |
tb |
branches: 1.52.4; Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
#
1.51 |
|
21-Mar-2017 |
stsp |
When a new WPA key is set while WEP is enabled, disable WEP, and when a new WEP key is set while WPA is enabled, disable WPA. Prevents unusable configurations where both WEP and WPA are active and makes switching between WEP/WPA networks easier. ok deraadt@ tb@ sthen@
|
#
1.50 |
|
12-Mar-2017 |
stsp |
Introduce separate fields for supported WPA protocols and AKMs in struct ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it currently configured/enabled settings. Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi interface is not configured to use WPA (my previous commit attempted to fix the same problem but didn't make it work in all cases). ok tb@
|
#
1.49 |
|
11-Mar-2017 |
stsp |
Make 'ifconfig scan' display AP encryption correctly if WEP is configured on the local wifi interface. ifconfig was mistakenly showing the common supported subset of client and AP, rather than showing the AP's capabilities. Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means ifconfig must be recompiled to run on a new kernel. ok deraadt@ mpi@
|
#
1.48 |
|
19-Jan-2017 |
stsp |
Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1. Without this fix it was impossible to use WPA1 without also making use of the wpaciphers option to enable TKIP. Problem noticed by pirofti@. ok mpi@
|
#
1.47 |
|
31-Dec-2016 |
phessler |
When we disable WPA on an interface, wipe all of the WPA parameters, including removing the 802.1x configuration from the card.
Found while coming home from CCC Congress.
OK stsp@
|
#
1.46 |
|
20-Dec-2016 |
stsp |
Disable TKIP (WPA1) by default.
It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard.
TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute.
TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8).
Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@
|
#
1.45 |
|
18-Dec-2016 |
stsp |
While copying out channel flags to userspace, omit the HT channel flag if we're not in 11n mode. This will allow tcpdump to show the mode correctly. ok mpi@
|
#
1.44 |
|
15-Sep-2016 |
dlg |
move from RB macros to the RBT functions.
shaves about 5k off an amd64 GENERIC.MP kernel
|
#
1.43 |
|
31-Aug-2016 |
stsp |
If a driver reports RSSI in the 20-100 range, convert to a negative value. Fixes dBm values displayed by 'ifconfig scan' with several drivers. ok mpi@ jca@
|
#
1.42 |
|
15-Aug-2016 |
stsp |
Expose more 802.11n information to userspace: A flag which indicates whether HT has been negotiated with a node, and the current Tx MCS value we use for a node.
This grows struct ieee80211_nodereq. Applications using it must be recompiled.
ok mpi@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.41 |
|
28-Apr-2016 |
stsp |
branches: 1.41.2; Copy some ieee8021_node HT information to userspace. ifconfig needs to be recompiled. ok mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.40 |
|
04-Jan-2016 |
stsp |
Fix manual scan while associated in 11a mode. It would only show APs on 5GHz. Problem found by benno@ ok benno@ kettenis@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.39 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.38 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.37 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
#
1.36 |
|
12-Sep-2014 |
sthen |
Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes which have been seen but which haven't otherwise interacted with us), fixing a problem where old cached nodes are seen when doing a scan. From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
10-Jul-2014 |
stsp |
Return RSN (WPA) information to userland during wireless scan, and make ifconfig show whether a wireless network uses WEP or WPA. Since struct ieee80211_nodereq grows in size old ifconfig won't be able to scan when running on a new kernel. While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP. ok jsg@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.34 |
|
29-Sep-2010 |
kettenis |
In the implementation of the SIOCS80211DELNODE ioctl, call ieee80211_node_leave() instead of ieee80211_release_node() which screws up reference counting and leads to use after free problems elsewhere in the code. Since ieee80211_node_leave() is only available if hostap support is compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling without hostap support (e.g. on ramdisks).
ok deraadt@, damien@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE
|
#
1.33 |
|
12-Sep-2009 |
miod |
Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.32 |
|
06-Jun-2009 |
damien |
In SIOCS80211SCAN, fail if the interface is not up *and* running. There are cases where the interface can be up but not running, for instance if the driver's if_init routine fails halfway for whatever reason (firmware file not found, hardware switch turned off etc...) This is because in sys/net/if.c, the returned code of the driver is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set. netintro(4) does not say anything about values returned by SIOCSIFFLAGS, so I don't know whether it is the expected behavior or not.
pointed out by halex@ and jacekm@ who noticed it was possible to trigger a scan on wpi(4) even when the hardware switch was turned off.
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.31 |
|
15-Feb-2009 |
damien |
make "ifconfig if0 chan" list the channels supported by the device. add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too.
discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
|
#
1.30 |
|
13-Feb-2009 |
damien |
Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'. Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
|
#
1.29 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.28 |
|
14-Dec-2008 |
jsg |
txpower range checks should be inclusive. From FreeBSD via mickey in pr 6024.
ok damien@
|
#
1.27 |
|
03-Dec-2008 |
damien |
small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific flags using "nwflag".
|
#
1.26 |
|
02-Oct-2008 |
brad |
First step towards cleaning up the Ethernet driver ioctl handling. Move calling ether_ioctl() from the top of the ioctl function, which at the moment does absolutely nothing, to the default switch case. Thus allowing drivers to define their own ioctl handlers and then falling back on ether_ioctl(). The only functional change this results in at the moment is having all Ethernet drivers returning the proper errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown ioctl's.
Shrinks the i386 kernels by.. RAMDISK - 1024 bytes RAMDISKB - 1120 bytes RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@ Build tested on almost all archs by todd@/brad@
ok jsing@
|
#
1.25 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.24 |
|
29-Aug-2008 |
damien |
move code to support Frequency-Hopping spread spectrum (FHSS) PHYs to the Attic. nothing uses it in the tree and it is very unlikely that something will use it one day. the only driver supporting FHSS PHYs in the tree is ray(4) and it does not use net80211.
|
#
1.23 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.22 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.21 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.20 |
|
25-Nov-2007 |
brad |
return ENOTTY not EINVAL for an unknown ioctl.
ok reyk@ deraadt@ jsg@ dlg@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.19 |
|
18-Jul-2007 |
damien |
replace the ieee80211_wepkey structure with a more generic ieee80211_key one that can be used with other ciphers than WEP.
|
#
1.18 |
|
16-Jun-2007 |
damien |
constify
|
#
1.17 |
|
06-Jun-2007 |
damien |
The license permits us to redistribute this code under the BSD or the GPLv2. Choose the BSD license so that future enhancements will be BSD-only.
ok jsg@ reyk@ deraadt@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.16 |
|
29-Dec-2006 |
reyk |
fix the key buffer size used for software wep, this could cause problems with non-standard wep keys >= 104 bits.
thanks to Alexander Bluhm
ok mglocker@ jsg@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.15 |
|
27-Jun-2006 |
reyk |
add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode and "nwflag nobridge" to prevent inter-station communications. "hidenwid" will also work with wi(4) to replace the old -E 3 option of wicontrol.
ok damien@ jmc@
|
#
1.14 |
|
23-Jun-2006 |
reyk |
add an optional max_rssi attribute to the ieee80211com structure and allow to export the RSSI Max value with ioctls and by radiotap headers.
ok damien@ jsg@
description:
we currently use "dB" as an indication for the signal strength in ifconfig and in the radiotap headers. it means "decibel difference from an arbitrary, fixed reference". this is quite confusing, because different chipsets have different references for the dB/rssi values.
we can use the plain RSSI which is described in IEEE 802.11: "The receive signal strength indicator (RSSI) is an optional parameter that has a value of 0 through RSSI Max.". all wireless chipsets have something like a RSSI (normally as a Rx descriptor field), but the value for RSSI Max is chipset-specific.
if we know the RSSI Max, we can calculate a percentage which is much easier to understand for the user. we even don't have to use the absolute RSSI Max, we can use an average RSSI Max, figured out by monitoring and tuning the RSSI Max of the drivers. if the user gets a signal of 110%, it would mean "better than the average Max signal".
there's no need to do any RSSI calculations in the kernel, it just passes the the relative rssi and max_rssi values to userspace. this is done in the ieee80211_nodereq ioctl structure and possible with a new radiotap header. the radiotap RSSI header allows to get a flexible but common signal indicator instead of the complex and unrelated dB/dBm signal fields. it must include two 8bit values current rssi and RSSI max.
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.13 |
|
13-Sep-2005 |
reyk |
replace the node hash table with a red-black tree. this fixes some bugs in the node table (like duplicate nodes in hostap mode), we get rid of possible hash collisions, and it simplifies the code.
tested by many, ok damien@, jsg@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.12 |
|
25-May-2005 |
reyk |
add ifconfig -M option to replace wicontrol -L and -l for ap scanning and node listing. wicontrol is not supported by net80211 drivers anymore. further improvements will be done.
ok dlg@, jsg@
|
#
1.11 |
|
03-Apr-2005 |
uwe |
remove redundant suser() checks
|
#
1.10 |
|
02-Apr-2005 |
uwe |
Protect SIOCSIFMTU, too.
|
#
1.9 |
|
01-Apr-2005 |
uwe |
Protect more SIOCS* commands with suser() checks.
|
#
1.8 |
|
01-Apr-2005 |
uwe |
Fix some ioctl permission checks on the basis of what if_wi.c does.
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.7 |
|
27-Feb-2005 |
reyk |
remove dead code of unsupported ioctls from FreeBSD. we do it in a different way.
ok deraadt@, martin@
|
#
1.6 |
|
17-Feb-2005 |
reyk |
derived from NetBSD:
--- Make the node table into an LRU cache: least-recently used nodes are at the end of the node queue. Change the reference-counting discipline: ni->ni_refcnt indicates how many times net80211 has granted ni to the driver. Every node in the table with ni_refcnt=0 is eligible to be garbage-collected. The mere presence of a node in the table does not any longer indicate its auth/assoc state; nodes have a ni_state variable, now.
While I am here, patch ieee80211_find_node_for_beacon to do a "best match" by bssid/ssid/channel, not a "perfect match." This keeps net80211 from caching duplicate nodes in the table. ---
ok deraadt@ dlg@, looks good jsg@
|
#
1.5 |
|
15-Feb-2005 |
reyk |
add the manual tx power option. this is supported by some prism2/2.5/3 cards in hostap mode but it depends on the firmware version. support for other wireless chipsets will be added in the future using the net80211-framework.
ok robert@ bob@ danh@, tested by some others
|
#
1.4 |
|
25-Nov-2004 |
reyk |
compatibility ioctls for things like "wicontrol ath0 -l" to list known stations on a net80211-based ap. ok millert@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.3 |
|
28-Jun-2004 |
millert |
Don't restrict WEP keys to exactly 40 or 108 bits.
|
#
1.2 |
|
28-Jun-2004 |
millert |
Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do ap scanning via wicontrol.
|
#
1.1 |
|
22-Jun-2004 |
millert |
Import current NetBSD/FreeBSD 802.11 framework. Based in part on a diff from Matthew Gream.
|
#
1.60 |
|
26-Apr-2018 |
pirofti |
net80211: stub SIOCS80211SCAN, make ifconfig scan instant.
The following removes the functionality of the SIOCS80211SCAN ioctl. After long discussions with stps@, mpi@, and deraadt@ we decided that this was the correct way of fixing ifconfig scan from blocking the network stack.
The kernel will continue scanning in the background and filling the nodes array, but ifconfig scan commands will now basically do just a SIOCG80211ALLNODES and pretty print the array. So the output stays the same but is instant.
In fact, when the interface is freshly brought up, if you type fast enough, you can see the array being filled by running multiple ifconfig scans in sequence.
The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4) still need it around. But not for long...
Another change that this introduces is the fact that ifconfig scan no longer plays with UP and DOWN. If the interface is down it complains and exits. This is needed in order to maintain the nodes list.
Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).
Tested by mpi@, landry@, florian@, thanks! OK mpi@.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.59 |
|
19-Feb-2018 |
mpi |
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
#
1.58 |
|
27-Nov-2017 |
stsp |
Stop reporting WPA and WEP keys back to userland. The kernel is not a password database; look your wifi keys up elsewhere.
Discussed with several. ok phessler@ jca@
|
#
1.57 |
|
06-Nov-2017 |
phessler |
move a function declaration, so the whole net80211 stack can disable wep or wpa
OK stsp@
|
#
1.56 |
|
05-Nov-2017 |
phessler |
Changing nwid on a wifi network means it is a new network, so clear the WPA and WEP configuration.
OK pirofti@ stsp@ sthen@
|
#
1.55 |
|
27-Oct-2017 |
jsg |
Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009. ok stsp@ kevlo@ jca@
|
#
1.54 |
|
26-Oct-2017 |
mpi |
Move common code to add/remove multicast filters to ieee80211_ioctl(9).
ok jsg@, stsp@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.53 |
|
19-Jul-2017 |
stsp |
Plug an information leak in ieee80211_node2req(). Problem reported by Ilja Van Sprundel. ok tb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.52 |
|
23-Mar-2017 |
tb |
branches: 1.52.4; Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
#
1.51 |
|
21-Mar-2017 |
stsp |
When a new WPA key is set while WEP is enabled, disable WEP, and when a new WEP key is set while WPA is enabled, disable WPA. Prevents unusable configurations where both WEP and WPA are active and makes switching between WEP/WPA networks easier. ok deraadt@ tb@ sthen@
|
#
1.50 |
|
12-Mar-2017 |
stsp |
Introduce separate fields for supported WPA protocols and AKMs in struct ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it currently configured/enabled settings. Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi interface is not configured to use WPA (my previous commit attempted to fix the same problem but didn't make it work in all cases). ok tb@
|
#
1.49 |
|
11-Mar-2017 |
stsp |
Make 'ifconfig scan' display AP encryption correctly if WEP is configured on the local wifi interface. ifconfig was mistakenly showing the common supported subset of client and AP, rather than showing the AP's capabilities. Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means ifconfig must be recompiled to run on a new kernel. ok deraadt@ mpi@
|
#
1.48 |
|
19-Jan-2017 |
stsp |
Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1. Without this fix it was impossible to use WPA1 without also making use of the wpaciphers option to enable TKIP. Problem noticed by pirofti@. ok mpi@
|
#
1.47 |
|
31-Dec-2016 |
phessler |
When we disable WPA on an interface, wipe all of the WPA parameters, including removing the 802.1x configuration from the card.
Found while coming home from CCC Congress.
OK stsp@
|
#
1.46 |
|
20-Dec-2016 |
stsp |
Disable TKIP (WPA1) by default.
It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard.
TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute.
TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8).
Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@
|
#
1.45 |
|
18-Dec-2016 |
stsp |
While copying out channel flags to userspace, omit the HT channel flag if we're not in 11n mode. This will allow tcpdump to show the mode correctly. ok mpi@
|
#
1.44 |
|
15-Sep-2016 |
dlg |
move from RB macros to the RBT functions.
shaves about 5k off an amd64 GENERIC.MP kernel
|
#
1.43 |
|
31-Aug-2016 |
stsp |
If a driver reports RSSI in the 20-100 range, convert to a negative value. Fixes dBm values displayed by 'ifconfig scan' with several drivers. ok mpi@ jca@
|
#
1.42 |
|
15-Aug-2016 |
stsp |
Expose more 802.11n information to userspace: A flag which indicates whether HT has been negotiated with a node, and the current Tx MCS value we use for a node.
This grows struct ieee80211_nodereq. Applications using it must be recompiled.
ok mpi@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.41 |
|
28-Apr-2016 |
stsp |
branches: 1.41.2; Copy some ieee8021_node HT information to userspace. ifconfig needs to be recompiled. ok mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.40 |
|
04-Jan-2016 |
stsp |
Fix manual scan while associated in 11a mode. It would only show APs on 5GHz. Problem found by benno@ ok benno@ kettenis@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.39 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.38 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.37 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
#
1.36 |
|
12-Sep-2014 |
sthen |
Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes which have been seen but which haven't otherwise interacted with us), fixing a problem where old cached nodes are seen when doing a scan. From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
10-Jul-2014 |
stsp |
Return RSN (WPA) information to userland during wireless scan, and make ifconfig show whether a wireless network uses WEP or WPA. Since struct ieee80211_nodereq grows in size old ifconfig won't be able to scan when running on a new kernel. While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP. ok jsg@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.34 |
|
29-Sep-2010 |
kettenis |
In the implementation of the SIOCS80211DELNODE ioctl, call ieee80211_node_leave() instead of ieee80211_release_node() which screws up reference counting and leads to use after free problems elsewhere in the code. Since ieee80211_node_leave() is only available if hostap support is compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling without hostap support (e.g. on ramdisks).
ok deraadt@, damien@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE
|
#
1.33 |
|
12-Sep-2009 |
miod |
Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.32 |
|
06-Jun-2009 |
damien |
In SIOCS80211SCAN, fail if the interface is not up *and* running. There are cases where the interface can be up but not running, for instance if the driver's if_init routine fails halfway for whatever reason (firmware file not found, hardware switch turned off etc...) This is because in sys/net/if.c, the returned code of the driver is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set. netintro(4) does not say anything about values returned by SIOCSIFFLAGS, so I don't know whether it is the expected behavior or not.
pointed out by halex@ and jacekm@ who noticed it was possible to trigger a scan on wpi(4) even when the hardware switch was turned off.
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.31 |
|
15-Feb-2009 |
damien |
make "ifconfig if0 chan" list the channels supported by the device. add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too.
discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
|
#
1.30 |
|
13-Feb-2009 |
damien |
Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'. Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
|
#
1.29 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.28 |
|
14-Dec-2008 |
jsg |
txpower range checks should be inclusive. From FreeBSD via mickey in pr 6024.
ok damien@
|
#
1.27 |
|
03-Dec-2008 |
damien |
small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific flags using "nwflag".
|
#
1.26 |
|
02-Oct-2008 |
brad |
First step towards cleaning up the Ethernet driver ioctl handling. Move calling ether_ioctl() from the top of the ioctl function, which at the moment does absolutely nothing, to the default switch case. Thus allowing drivers to define their own ioctl handlers and then falling back on ether_ioctl(). The only functional change this results in at the moment is having all Ethernet drivers returning the proper errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown ioctl's.
Shrinks the i386 kernels by.. RAMDISK - 1024 bytes RAMDISKB - 1120 bytes RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@ Build tested on almost all archs by todd@/brad@
ok jsing@
|
#
1.25 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.24 |
|
29-Aug-2008 |
damien |
move code to support Frequency-Hopping spread spectrum (FHSS) PHYs to the Attic. nothing uses it in the tree and it is very unlikely that something will use it one day. the only driver supporting FHSS PHYs in the tree is ray(4) and it does not use net80211.
|
#
1.23 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.22 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.21 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.20 |
|
25-Nov-2007 |
brad |
return ENOTTY not EINVAL for an unknown ioctl.
ok reyk@ deraadt@ jsg@ dlg@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.19 |
|
18-Jul-2007 |
damien |
replace the ieee80211_wepkey structure with a more generic ieee80211_key one that can be used with other ciphers than WEP.
|
#
1.18 |
|
16-Jun-2007 |
damien |
constify
|
#
1.17 |
|
06-Jun-2007 |
damien |
The license permits us to redistribute this code under the BSD or the GPLv2. Choose the BSD license so that future enhancements will be BSD-only.
ok jsg@ reyk@ deraadt@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.16 |
|
29-Dec-2006 |
reyk |
fix the key buffer size used for software wep, this could cause problems with non-standard wep keys >= 104 bits.
thanks to Alexander Bluhm
ok mglocker@ jsg@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.15 |
|
27-Jun-2006 |
reyk |
add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode and "nwflag nobridge" to prevent inter-station communications. "hidenwid" will also work with wi(4) to replace the old -E 3 option of wicontrol.
ok damien@ jmc@
|
#
1.14 |
|
23-Jun-2006 |
reyk |
add an optional max_rssi attribute to the ieee80211com structure and allow to export the RSSI Max value with ioctls and by radiotap headers.
ok damien@ jsg@
description:
we currently use "dB" as an indication for the signal strength in ifconfig and in the radiotap headers. it means "decibel difference from an arbitrary, fixed reference". this is quite confusing, because different chipsets have different references for the dB/rssi values.
we can use the plain RSSI which is described in IEEE 802.11: "The receive signal strength indicator (RSSI) is an optional parameter that has a value of 0 through RSSI Max.". all wireless chipsets have something like a RSSI (normally as a Rx descriptor field), but the value for RSSI Max is chipset-specific.
if we know the RSSI Max, we can calculate a percentage which is much easier to understand for the user. we even don't have to use the absolute RSSI Max, we can use an average RSSI Max, figured out by monitoring and tuning the RSSI Max of the drivers. if the user gets a signal of 110%, it would mean "better than the average Max signal".
there's no need to do any RSSI calculations in the kernel, it just passes the the relative rssi and max_rssi values to userspace. this is done in the ieee80211_nodereq ioctl structure and possible with a new radiotap header. the radiotap RSSI header allows to get a flexible but common signal indicator instead of the complex and unrelated dB/dBm signal fields. it must include two 8bit values current rssi and RSSI max.
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.13 |
|
13-Sep-2005 |
reyk |
replace the node hash table with a red-black tree. this fixes some bugs in the node table (like duplicate nodes in hostap mode), we get rid of possible hash collisions, and it simplifies the code.
tested by many, ok damien@, jsg@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.12 |
|
25-May-2005 |
reyk |
add ifconfig -M option to replace wicontrol -L and -l for ap scanning and node listing. wicontrol is not supported by net80211 drivers anymore. further improvements will be done.
ok dlg@, jsg@
|
#
1.11 |
|
03-Apr-2005 |
uwe |
remove redundant suser() checks
|
#
1.10 |
|
02-Apr-2005 |
uwe |
Protect SIOCSIFMTU, too.
|
#
1.9 |
|
01-Apr-2005 |
uwe |
Protect more SIOCS* commands with suser() checks.
|
#
1.8 |
|
01-Apr-2005 |
uwe |
Fix some ioctl permission checks on the basis of what if_wi.c does.
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.7 |
|
27-Feb-2005 |
reyk |
remove dead code of unsupported ioctls from FreeBSD. we do it in a different way.
ok deraadt@, martin@
|
#
1.6 |
|
17-Feb-2005 |
reyk |
derived from NetBSD:
--- Make the node table into an LRU cache: least-recently used nodes are at the end of the node queue. Change the reference-counting discipline: ni->ni_refcnt indicates how many times net80211 has granted ni to the driver. Every node in the table with ni_refcnt=0 is eligible to be garbage-collected. The mere presence of a node in the table does not any longer indicate its auth/assoc state; nodes have a ni_state variable, now.
While I am here, patch ieee80211_find_node_for_beacon to do a "best match" by bssid/ssid/channel, not a "perfect match." This keeps net80211 from caching duplicate nodes in the table. ---
ok deraadt@ dlg@, looks good jsg@
|
#
1.5 |
|
15-Feb-2005 |
reyk |
add the manual tx power option. this is supported by some prism2/2.5/3 cards in hostap mode but it depends on the firmware version. support for other wireless chipsets will be added in the future using the net80211-framework.
ok robert@ bob@ danh@, tested by some others
|
#
1.4 |
|
25-Nov-2004 |
reyk |
compatibility ioctls for things like "wicontrol ath0 -l" to list known stations on a net80211-based ap. ok millert@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.3 |
|
28-Jun-2004 |
millert |
Don't restrict WEP keys to exactly 40 or 108 bits.
|
#
1.2 |
|
28-Jun-2004 |
millert |
Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do ap scanning via wicontrol.
|
#
1.1 |
|
22-Jun-2004 |
millert |
Import current NetBSD/FreeBSD 802.11 framework. Based in part on a diff from Matthew Gream.
|
#
1.59 |
|
19-Feb-2018 |
mpi |
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
#
1.58 |
|
27-Nov-2017 |
stsp |
Stop reporting WPA and WEP keys back to userland. The kernel is not a password database; look your wifi keys up elsewhere.
Discussed with several. ok phessler@ jca@
|
#
1.57 |
|
06-Nov-2017 |
phessler |
move a function declaration, so the whole net80211 stack can disable wep or wpa
OK stsp@
|
#
1.56 |
|
05-Nov-2017 |
phessler |
Changing nwid on a wifi network means it is a new network, so clear the WPA and WEP configuration.
OK pirofti@ stsp@ sthen@
|
#
1.55 |
|
27-Oct-2017 |
jsg |
Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009. ok stsp@ kevlo@ jca@
|
#
1.54 |
|
26-Oct-2017 |
mpi |
Move common code to add/remove multicast filters to ieee80211_ioctl(9).
ok jsg@, stsp@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.53 |
|
19-Jul-2017 |
stsp |
Plug an information leak in ieee80211_node2req(). Problem reported by Ilja Van Sprundel. ok tb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.52 |
|
23-Mar-2017 |
tb |
branches: 1.52.4; Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
#
1.51 |
|
21-Mar-2017 |
stsp |
When a new WPA key is set while WEP is enabled, disable WEP, and when a new WEP key is set while WPA is enabled, disable WPA. Prevents unusable configurations where both WEP and WPA are active and makes switching between WEP/WPA networks easier. ok deraadt@ tb@ sthen@
|
#
1.50 |
|
12-Mar-2017 |
stsp |
Introduce separate fields for supported WPA protocols and AKMs in struct ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it currently configured/enabled settings. Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi interface is not configured to use WPA (my previous commit attempted to fix the same problem but didn't make it work in all cases). ok tb@
|
#
1.49 |
|
11-Mar-2017 |
stsp |
Make 'ifconfig scan' display AP encryption correctly if WEP is configured on the local wifi interface. ifconfig was mistakenly showing the common supported subset of client and AP, rather than showing the AP's capabilities. Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means ifconfig must be recompiled to run on a new kernel. ok deraadt@ mpi@
|
#
1.48 |
|
19-Jan-2017 |
stsp |
Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1. Without this fix it was impossible to use WPA1 without also making use of the wpaciphers option to enable TKIP. Problem noticed by pirofti@. ok mpi@
|
#
1.47 |
|
31-Dec-2016 |
phessler |
When we disable WPA on an interface, wipe all of the WPA parameters, including removing the 802.1x configuration from the card.
Found while coming home from CCC Congress.
OK stsp@
|
#
1.46 |
|
20-Dec-2016 |
stsp |
Disable TKIP (WPA1) by default.
It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard.
TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute.
TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8).
Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@
|
#
1.45 |
|
18-Dec-2016 |
stsp |
While copying out channel flags to userspace, omit the HT channel flag if we're not in 11n mode. This will allow tcpdump to show the mode correctly. ok mpi@
|
#
1.44 |
|
15-Sep-2016 |
dlg |
move from RB macros to the RBT functions.
shaves about 5k off an amd64 GENERIC.MP kernel
|
#
1.43 |
|
31-Aug-2016 |
stsp |
If a driver reports RSSI in the 20-100 range, convert to a negative value. Fixes dBm values displayed by 'ifconfig scan' with several drivers. ok mpi@ jca@
|
#
1.42 |
|
15-Aug-2016 |
stsp |
Expose more 802.11n information to userspace: A flag which indicates whether HT has been negotiated with a node, and the current Tx MCS value we use for a node.
This grows struct ieee80211_nodereq. Applications using it must be recompiled.
ok mpi@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.41 |
|
28-Apr-2016 |
stsp |
branches: 1.41.2; Copy some ieee8021_node HT information to userspace. ifconfig needs to be recompiled. ok mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.40 |
|
04-Jan-2016 |
stsp |
Fix manual scan while associated in 11a mode. It would only show APs on 5GHz. Problem found by benno@ ok benno@ kettenis@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.39 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.38 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.37 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
#
1.36 |
|
12-Sep-2014 |
sthen |
Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes which have been seen but which haven't otherwise interacted with us), fixing a problem where old cached nodes are seen when doing a scan. From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
10-Jul-2014 |
stsp |
Return RSN (WPA) information to userland during wireless scan, and make ifconfig show whether a wireless network uses WEP or WPA. Since struct ieee80211_nodereq grows in size old ifconfig won't be able to scan when running on a new kernel. While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP. ok jsg@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.34 |
|
29-Sep-2010 |
kettenis |
In the implementation of the SIOCS80211DELNODE ioctl, call ieee80211_node_leave() instead of ieee80211_release_node() which screws up reference counting and leads to use after free problems elsewhere in the code. Since ieee80211_node_leave() is only available if hostap support is compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling without hostap support (e.g. on ramdisks).
ok deraadt@, damien@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE
|
#
1.33 |
|
12-Sep-2009 |
miod |
Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.32 |
|
06-Jun-2009 |
damien |
In SIOCS80211SCAN, fail if the interface is not up *and* running. There are cases where the interface can be up but not running, for instance if the driver's if_init routine fails halfway for whatever reason (firmware file not found, hardware switch turned off etc...) This is because in sys/net/if.c, the returned code of the driver is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set. netintro(4) does not say anything about values returned by SIOCSIFFLAGS, so I don't know whether it is the expected behavior or not.
pointed out by halex@ and jacekm@ who noticed it was possible to trigger a scan on wpi(4) even when the hardware switch was turned off.
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.31 |
|
15-Feb-2009 |
damien |
make "ifconfig if0 chan" list the channels supported by the device. add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too.
discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
|
#
1.30 |
|
13-Feb-2009 |
damien |
Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'. Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
|
#
1.29 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.28 |
|
14-Dec-2008 |
jsg |
txpower range checks should be inclusive. From FreeBSD via mickey in pr 6024.
ok damien@
|
#
1.27 |
|
03-Dec-2008 |
damien |
small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific flags using "nwflag".
|
#
1.26 |
|
02-Oct-2008 |
brad |
First step towards cleaning up the Ethernet driver ioctl handling. Move calling ether_ioctl() from the top of the ioctl function, which at the moment does absolutely nothing, to the default switch case. Thus allowing drivers to define their own ioctl handlers and then falling back on ether_ioctl(). The only functional change this results in at the moment is having all Ethernet drivers returning the proper errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown ioctl's.
Shrinks the i386 kernels by.. RAMDISK - 1024 bytes RAMDISKB - 1120 bytes RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@ Build tested on almost all archs by todd@/brad@
ok jsing@
|
#
1.25 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.24 |
|
29-Aug-2008 |
damien |
move code to support Frequency-Hopping spread spectrum (FHSS) PHYs to the Attic. nothing uses it in the tree and it is very unlikely that something will use it one day. the only driver supporting FHSS PHYs in the tree is ray(4) and it does not use net80211.
|
#
1.23 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.22 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.21 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.20 |
|
25-Nov-2007 |
brad |
return ENOTTY not EINVAL for an unknown ioctl.
ok reyk@ deraadt@ jsg@ dlg@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.19 |
|
18-Jul-2007 |
damien |
replace the ieee80211_wepkey structure with a more generic ieee80211_key one that can be used with other ciphers than WEP.
|
#
1.18 |
|
16-Jun-2007 |
damien |
constify
|
#
1.17 |
|
06-Jun-2007 |
damien |
The license permits us to redistribute this code under the BSD or the GPLv2. Choose the BSD license so that future enhancements will be BSD-only.
ok jsg@ reyk@ deraadt@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.16 |
|
29-Dec-2006 |
reyk |
fix the key buffer size used for software wep, this could cause problems with non-standard wep keys >= 104 bits.
thanks to Alexander Bluhm
ok mglocker@ jsg@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.15 |
|
27-Jun-2006 |
reyk |
add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode and "nwflag nobridge" to prevent inter-station communications. "hidenwid" will also work with wi(4) to replace the old -E 3 option of wicontrol.
ok damien@ jmc@
|
#
1.14 |
|
23-Jun-2006 |
reyk |
add an optional max_rssi attribute to the ieee80211com structure and allow to export the RSSI Max value with ioctls and by radiotap headers.
ok damien@ jsg@
description:
we currently use "dB" as an indication for the signal strength in ifconfig and in the radiotap headers. it means "decibel difference from an arbitrary, fixed reference". this is quite confusing, because different chipsets have different references for the dB/rssi values.
we can use the plain RSSI which is described in IEEE 802.11: "The receive signal strength indicator (RSSI) is an optional parameter that has a value of 0 through RSSI Max.". all wireless chipsets have something like a RSSI (normally as a Rx descriptor field), but the value for RSSI Max is chipset-specific.
if we know the RSSI Max, we can calculate a percentage which is much easier to understand for the user. we even don't have to use the absolute RSSI Max, we can use an average RSSI Max, figured out by monitoring and tuning the RSSI Max of the drivers. if the user gets a signal of 110%, it would mean "better than the average Max signal".
there's no need to do any RSSI calculations in the kernel, it just passes the the relative rssi and max_rssi values to userspace. this is done in the ieee80211_nodereq ioctl structure and possible with a new radiotap header. the radiotap RSSI header allows to get a flexible but common signal indicator instead of the complex and unrelated dB/dBm signal fields. it must include two 8bit values current rssi and RSSI max.
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.13 |
|
13-Sep-2005 |
reyk |
replace the node hash table with a red-black tree. this fixes some bugs in the node table (like duplicate nodes in hostap mode), we get rid of possible hash collisions, and it simplifies the code.
tested by many, ok damien@, jsg@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.12 |
|
25-May-2005 |
reyk |
add ifconfig -M option to replace wicontrol -L and -l for ap scanning and node listing. wicontrol is not supported by net80211 drivers anymore. further improvements will be done.
ok dlg@, jsg@
|
#
1.11 |
|
03-Apr-2005 |
uwe |
remove redundant suser() checks
|
#
1.10 |
|
02-Apr-2005 |
uwe |
Protect SIOCSIFMTU, too.
|
#
1.9 |
|
01-Apr-2005 |
uwe |
Protect more SIOCS* commands with suser() checks.
|
#
1.8 |
|
01-Apr-2005 |
uwe |
Fix some ioctl permission checks on the basis of what if_wi.c does.
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.7 |
|
27-Feb-2005 |
reyk |
remove dead code of unsupported ioctls from FreeBSD. we do it in a different way.
ok deraadt@, martin@
|
#
1.6 |
|
17-Feb-2005 |
reyk |
derived from NetBSD:
--- Make the node table into an LRU cache: least-recently used nodes are at the end of the node queue. Change the reference-counting discipline: ni->ni_refcnt indicates how many times net80211 has granted ni to the driver. Every node in the table with ni_refcnt=0 is eligible to be garbage-collected. The mere presence of a node in the table does not any longer indicate its auth/assoc state; nodes have a ni_state variable, now.
While I am here, patch ieee80211_find_node_for_beacon to do a "best match" by bssid/ssid/channel, not a "perfect match." This keeps net80211 from caching duplicate nodes in the table. ---
ok deraadt@ dlg@, looks good jsg@
|
#
1.5 |
|
15-Feb-2005 |
reyk |
add the manual tx power option. this is supported by some prism2/2.5/3 cards in hostap mode but it depends on the firmware version. support for other wireless chipsets will be added in the future using the net80211-framework.
ok robert@ bob@ danh@, tested by some others
|
#
1.4 |
|
25-Nov-2004 |
reyk |
compatibility ioctls for things like "wicontrol ath0 -l" to list known stations on a net80211-based ap. ok millert@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.3 |
|
28-Jun-2004 |
millert |
Don't restrict WEP keys to exactly 40 or 108 bits.
|
#
1.2 |
|
28-Jun-2004 |
millert |
Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do ap scanning via wicontrol.
|
#
1.1 |
|
22-Jun-2004 |
millert |
Import current NetBSD/FreeBSD 802.11 framework. Based in part on a diff from Matthew Gream.
|
#
1.58 |
|
27-Nov-2017 |
stsp |
Stop reporting WPA and WEP keys back to userland. The kernel is not a password database; look your wifi keys up elsewhere.
Discussed with several. ok phessler@ jca@
|
#
1.57 |
|
06-Nov-2017 |
phessler |
move a function declaration, so the whole net80211 stack can disable wep or wpa
OK stsp@
|
#
1.56 |
|
05-Nov-2017 |
phessler |
Changing nwid on a wifi network means it is a new network, so clear the WPA and WEP configuration.
OK pirofti@ stsp@ sthen@
|
#
1.55 |
|
27-Oct-2017 |
jsg |
Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009. ok stsp@ kevlo@ jca@
|
#
1.54 |
|
26-Oct-2017 |
mpi |
Move common code to add/remove multicast filters to ieee80211_ioctl(9).
ok jsg@, stsp@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.53 |
|
19-Jul-2017 |
stsp |
Plug an information leak in ieee80211_node2req(). Problem reported by Ilja Van Sprundel. ok tb@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.52 |
|
23-Mar-2017 |
tb |
branches: 1.52.4; Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
#
1.51 |
|
21-Mar-2017 |
stsp |
When a new WPA key is set while WEP is enabled, disable WEP, and when a new WEP key is set while WPA is enabled, disable WPA. Prevents unusable configurations where both WEP and WPA are active and makes switching between WEP/WPA networks easier. ok deraadt@ tb@ sthen@
|
#
1.50 |
|
12-Mar-2017 |
stsp |
Introduce separate fields for supported WPA protocols and AKMs in struct ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it currently configured/enabled settings. Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi interface is not configured to use WPA (my previous commit attempted to fix the same problem but didn't make it work in all cases). ok tb@
|
#
1.49 |
|
11-Mar-2017 |
stsp |
Make 'ifconfig scan' display AP encryption correctly if WEP is configured on the local wifi interface. ifconfig was mistakenly showing the common supported subset of client and AP, rather than showing the AP's capabilities. Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means ifconfig must be recompiled to run on a new kernel. ok deraadt@ mpi@
|
#
1.48 |
|
19-Jan-2017 |
stsp |
Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1. Without this fix it was impossible to use WPA1 without also making use of the wpaciphers option to enable TKIP. Problem noticed by pirofti@. ok mpi@
|
#
1.47 |
|
31-Dec-2016 |
phessler |
When we disable WPA on an interface, wipe all of the WPA parameters, including removing the 802.1x configuration from the card.
Found while coming home from CCC Congress.
OK stsp@
|
#
1.46 |
|
20-Dec-2016 |
stsp |
Disable TKIP (WPA1) by default.
It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard.
TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute.
TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8).
Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@
|
#
1.45 |
|
18-Dec-2016 |
stsp |
While copying out channel flags to userspace, omit the HT channel flag if we're not in 11n mode. This will allow tcpdump to show the mode correctly. ok mpi@
|
#
1.44 |
|
15-Sep-2016 |
dlg |
move from RB macros to the RBT functions.
shaves about 5k off an amd64 GENERIC.MP kernel
|
#
1.43 |
|
31-Aug-2016 |
stsp |
If a driver reports RSSI in the 20-100 range, convert to a negative value. Fixes dBm values displayed by 'ifconfig scan' with several drivers. ok mpi@ jca@
|
#
1.42 |
|
15-Aug-2016 |
stsp |
Expose more 802.11n information to userspace: A flag which indicates whether HT has been negotiated with a node, and the current Tx MCS value we use for a node.
This grows struct ieee80211_nodereq. Applications using it must be recompiled.
ok mpi@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.41 |
|
28-Apr-2016 |
stsp |
branches: 1.41.2; Copy some ieee8021_node HT information to userspace. ifconfig needs to be recompiled. ok mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.40 |
|
04-Jan-2016 |
stsp |
Fix manual scan while associated in 11a mode. It would only show APs on 5GHz. Problem found by benno@ ok benno@ kettenis@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.39 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.38 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.37 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
#
1.36 |
|
12-Sep-2014 |
sthen |
Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes which have been seen but which haven't otherwise interacted with us), fixing a problem where old cached nodes are seen when doing a scan. From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
10-Jul-2014 |
stsp |
Return RSN (WPA) information to userland during wireless scan, and make ifconfig show whether a wireless network uses WEP or WPA. Since struct ieee80211_nodereq grows in size old ifconfig won't be able to scan when running on a new kernel. While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP. ok jsg@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.34 |
|
29-Sep-2010 |
kettenis |
In the implementation of the SIOCS80211DELNODE ioctl, call ieee80211_node_leave() instead of ieee80211_release_node() which screws up reference counting and leads to use after free problems elsewhere in the code. Since ieee80211_node_leave() is only available if hostap support is compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling without hostap support (e.g. on ramdisks).
ok deraadt@, damien@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE
|
#
1.33 |
|
12-Sep-2009 |
miod |
Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.32 |
|
06-Jun-2009 |
damien |
In SIOCS80211SCAN, fail if the interface is not up *and* running. There are cases where the interface can be up but not running, for instance if the driver's if_init routine fails halfway for whatever reason (firmware file not found, hardware switch turned off etc...) This is because in sys/net/if.c, the returned code of the driver is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set. netintro(4) does not say anything about values returned by SIOCSIFFLAGS, so I don't know whether it is the expected behavior or not.
pointed out by halex@ and jacekm@ who noticed it was possible to trigger a scan on wpi(4) even when the hardware switch was turned off.
|
Revision tags: OPENBSD_4_5_BASE
|
#
1.31 |
|
15-Feb-2009 |
damien |
make "ifconfig if0 chan" list the channels supported by the device. add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too.
discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
|
#
1.30 |
|
13-Feb-2009 |
damien |
Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'. Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X.
Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
|
#
1.29 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.28 |
|
14-Dec-2008 |
jsg |
txpower range checks should be inclusive. From FreeBSD via mickey in pr 6024.
ok damien@
|
#
1.27 |
|
03-Dec-2008 |
damien |
small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific flags using "nwflag".
|
#
1.26 |
|
02-Oct-2008 |
brad |
First step towards cleaning up the Ethernet driver ioctl handling. Move calling ether_ioctl() from the top of the ioctl function, which at the moment does absolutely nothing, to the default switch case. Thus allowing drivers to define their own ioctl handlers and then falling back on ether_ioctl(). The only functional change this results in at the moment is having all Ethernet drivers returning the proper errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown ioctl's.
Shrinks the i386 kernels by.. RAMDISK - 1024 bytes RAMDISKB - 1120 bytes RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@ Build tested on almost all archs by todd@/brad@
ok jsing@
|
#
1.25 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.24 |
|
29-Aug-2008 |
damien |
move code to support Frequency-Hopping spread spectrum (FHSS) PHYs to the Attic. nothing uses it in the tree and it is very unlikely that something will use it one day. the only driver supporting FHSS PHYs in the tree is ray(4) and it does not use net80211.
|
#
1.23 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.22 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.21 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.20 |
|
25-Nov-2007 |
brad |
return ENOTTY not EINVAL for an unknown ioctl.
ok reyk@ deraadt@ jsg@ dlg@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.19 |
|
18-Jul-2007 |
damien |
replace the ieee80211_wepkey structure with a more generic ieee80211_key one that can be used with other ciphers than WEP.
|
#
1.18 |
|
16-Jun-2007 |
damien |
constify
|
#
1.17 |
|
06-Jun-2007 |
damien |
The license permits us to redistribute this code under the BSD or the GPLv2. Choose the BSD license so that future enhancements will be BSD-only.
ok jsg@ reyk@ deraadt@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.16 |
|
29-Dec-2006 |
reyk |
fix the key buffer size used for software wep, this could cause problems with non-standard wep keys >= 104 bits.
thanks to Alexander Bluhm
ok mglocker@ jsg@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.15 |
|
27-Jun-2006 |
reyk |
add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode and "nwflag nobridge" to prevent inter-station communications. "hidenwid" will also work with wi(4) to replace the old -E 3 option of wicontrol.
ok damien@ jmc@
|
#
1.14 |
|
23-Jun-2006 |
reyk |
add an optional max_rssi attribute to the ieee80211com structure and allow to export the RSSI Max value with ioctls and by radiotap headers.
ok damien@ jsg@
description:
we currently use "dB" as an indication for the signal strength in ifconfig and in the radiotap headers. it means "decibel difference from an arbitrary, fixed reference". this is quite confusing, because different chipsets have different references for the dB/rssi values.
we can use the plain RSSI which is described in IEEE 802.11: "The receive signal strength indicator (RSSI) is an optional parameter that has a value of 0 through RSSI Max.". all wireless chipsets have something like a RSSI (normally as a Rx descriptor field), but the value for RSSI Max is chipset-specific.
if we know the RSSI Max, we can calculate a percentage which is much easier to understand for the user. we even don't have to use the absolute RSSI Max, we can use an average RSSI Max, figured out by monitoring and tuning the RSSI Max of the drivers. if the user gets a signal of 110%, it would mean "better than the average Max signal".
there's no need to do any RSSI calculations in the kernel, it just passes the the relative rssi and max_rssi values to userspace. this is done in the ieee80211_nodereq ioctl structure and possible with a new radiotap header. the radiotap RSSI header allows to get a flexible but common signal indicator instead of the complex and unrelated dB/dBm signal fields. it must include two 8bit values current rssi and RSSI max.
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.13 |
|
13-Sep-2005 |
reyk |
replace the node hash table with a red-black tree. this fixes some bugs in the node table (like duplicate nodes in hostap mode), we get rid of possible hash collisions, and it simplifies the code.
tested by many, ok damien@, jsg@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.12 |
|
25-May-2005 |
reyk |
add ifconfig -M option to replace wicontrol -L and -l for ap scanning and node listing. wicontrol is not supported by net80211 drivers anymore. further improvements will be done.
ok dlg@, jsg@
|
#
1.11 |
|
03-Apr-2005 |
uwe |
remove redundant suser() checks
|
#
1.10 |
|
02-Apr-2005 |
uwe |
Protect SIOCSIFMTU, too.
|
#
1.9 |
|
01-Apr-2005 |
uwe |
Protect more SIOCS* commands with suser() checks.
|
#
1.8 |
|
01-Apr-2005 |
uwe |
Fix some ioctl permission checks on the basis of what if_wi.c does.
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.7 |
|
27-Feb-2005 |
reyk |
remove dead code of unsupported ioctls from FreeBSD. we do it in a different way.
ok deraadt@, martin@
|
#
1.6 |
|
17-Feb-2005 |
reyk |
derived from NetBSD:
--- Make the node table into an LRU cache: least-recently used nodes are at the end of the node queue. Change the reference-counting discipline: ni->ni_refcnt indicates how many times net80211 has granted ni to the driver. Every node in the table with ni_refcnt=0 is eligible to be garbage-collected. The mere presence of a node in the table does not any longer indicate its auth/assoc state; nodes have a ni_state variable, now.
While I am here, patch ieee80211_find_node_for_beacon to do a "best match" by bssid/ssid/channel, not a "perfect match." This keeps net80211 from caching duplicate nodes in the table. ---
ok deraadt@ dlg@, looks good jsg@
|
#
1.5 |
|
15-Feb-2005 |
reyk |
add the manual tx power option. this is supported by some prism2/2.5/3 cards in hostap mode but it depends on the firmware version. support for other wireless chipsets will be added in the future using the net80211-framework.
ok robert@ bob@ danh@, tested by some others
|
#
1.4 |
|
25-Nov-2004 |
reyk |
compatibility ioctls for things like "wicontrol ath0 -l" to list known stations on a net80211-based ap. ok millert@
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.3 |
|
28-Jun-2004 |
millert |
Don't restrict WEP keys to exactly 40 or 108 bits.
|
#
1.2 |
|
28-Jun-2004 |
millert |
Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do ap scanning via wicontrol.
|
#
1.1 |
|
22-Jun-2004 |
millert |
Import current NetBSD/FreeBSD 802.11 framework. Based in part on a diff from Matthew Gream.
|