Prism2/2.5/3 Host AP - new stable release v0.2.4 - 2004-07-17

Jouni Malinen jkmaline at cc.hut.fi
Sat Jul 17 21:03:01 EDT 2004


A new version of Prism2/2.5/3 Host AP was just released and is now
available from http://hostap.epitest.fi/

This release is the first version from the new stable (0.2.x)
branch. Previous 0.2.x versions were considered development
versions. From now on, new 0.2.x versions are considered stable. This
version is replacing 0.1.3 as the new recommended stable
version. However, people using Linux 2.2.x versions or older
2.4.x/2.6.x versions may have to use the old stable series (0.1.x)
since the 0.2.x versions do not support some of the older kernel
versions.

I have made a new branch, hostap_0_2_branch, for future stable
release. This branch will get bug fixes and possible some features
from the new development series (0.3.x) after they have received some
testing in the development branch (CVS trunk).

There have been lot of changes after the previous stable series was
started (v0.1.0, 2003-10-14). The main new feature is addition of WPA
and WPA2 (IEEE 802.11i / RSN). Another major change is in adding a new
component, wpa_supplicant, for client side operations. wpa_supplicant
started as a WPA-only client utility, but it evolved to include full
support for WPA/WPA2, IEEE 802.1X/EAP, and even static WEP/plaintext
modes. In addition, it supports multiple different drivers, so unlike
most other parts of this release, it does not require Host AP driver.

As far as the Host AP driver component is concerned, WPA/WPA2 support
(mainly, TKIP and CCMP data encryption) is the main addition. Another
new feature is support for Prism3 cards that do not include primary
firmware in flash (e.g., D-Link DWL-650 rev. P1 and D-Link DWL-520
rev. E1). In addition, large number of small bugs have been fixed and
the internal implementation of IEEE 802.11 frame handling has been
restructured to be less hardware dependent.

Compared to previous development release (v0.2.3), v0.2.4 is mostly a
bug fix version. However, wpa_supplicant got some new features: 'wext'
driver interface for generic Linux wireless extensions (currently,
only for IEEE 802.1X/WEP; in future, this will be extended to support
WPA/WPA2), LEAP (only for dynamic WEP keys), new driver interface for
Linux ndiswrapper, etc. See change log below for details.



hostap-driver:

2004-07-17 - v0.2.4 (beginning of 0.2.x stable releases)
* fixed wlan#/wifi# interface packet counters (both are supposed to see
  data packets once; wlan# was counting TX twice and wifi# did not
  count TX or RX at all for most cases)
* fixed compilation with PRISM2_NO_STATION_MODES defined
* fixed MAC address changing to update address for wifi# interface
  (without this, at least Master mode did not work correctly when MAC
  address was changed for wlan#)
* fixed inner-BSS bridge (ap_bridge_packets=1) not to bridge packets
  to unauthorized ports when IEEE 802.1X/WPA is used (i.e., require
  that the STA completes authentication before capturing packets in
  the inner bridge); previously, only association status was used and
  an attacker could have capture packets to any MAC address even
  without having proper credentials for using the network (although,
  the packets were dropped because the controlled port for the STA was
  unauthorized)


hostap-utils:

2004-07-17 - v0.2.4 (beginning of 0.2.x stable releases)

* no changes since 0.2.1


hostapd:

2004-07-17 - v0.2.4 (beginning of 0.2.x stable releases)

* fixed some accounting cases where Accounting-Start was sent when
  IEEE 802.1X port was being deauthorized


wpa_supplicant:

2004-07-17 - v0.2.4 (beginning of 0.2.x stable releases)

* resolved couple of interoperability issues with EAP-PEAPv1 and
  Phase 2 (inner EAP) fragment reassembly
* driver_madwifi: fixed WEP key configuration for IEEE 802.1X when the
  AP is using non-zero key index for the unicast key and key index zero
  for the broadcast key
* driver_hostap: fixed IEEE 802.1X WEP key updates and
  re-authentication by allowing unencrypted EAPOL frames when not using
  WPA
* added a new driver interface, 'wext', which uses only standard,
  driver independent functionality in Linux wireless extensions;
  currently, this can be used only for non-WPA IEEE 802.1X mode, but
  eventually, this is to be extended to support full WPA/WPA2 once
  Linux wireless extensions get support for this
* added support for mode in which the driver is responsible for AP
  scanning and selection; this is disabled by default and can be
  enabled with global ap_scan=0 variable in wpa_supplicant.conf;
  this mode can be used, e.g., with generic 'wext' driver interface to
  use wpa_supplicant as IEEE 802.1X Supplicant with any Linux driver
  supporting wireless extensions.
* driver_madwifi: fixed WPA2 configuration and scan_ssid=1 (e.g.,
  operation with an AP that does not include SSID in the Beacon frames)
* added support for new EAP authentication methods:
  EAP-TTLS/EAP-OTP, EAP-PEAPv0/OTP, EAP-PEAPv1/OTP, EAP-OTP
* added support for asking one-time-passwords from frontends (e.g.,
  wpa_cli); this 'otp' command works otherwise like 'password' command,
  but the password is used only once and the frontend will be asked for
  a new password whenever a request from authenticator requires a
  password; this can be used with both EAP-OTP and EAP-GTC
* changed wpa_cli to automatically re-establish connection so that it
  does not need to be re-started when wpa_supplicant is terminated and
  started again
* improved user data (identity/password/otp) requests through
  frontends: process pending EAPOL packets after getting new
  information so that full authentication does not need to be
  restarted; in addition, send pending requests again whenever a new
  frontend is attached
* changed control frontends to use a new directory for socket files to
  make it easier for wpa_cli to automatically select between interfaces
  and to provide access control for the control interface;
  wpa_supplicant.conf: ctrl_interface is now a path
  (/var/run/wpa_supplicant is the recommended path) and
  ctrl_interface_group can be used to select which group gets access to
  the control interface;
  wpa_cli: by default, try to connect to the first interface available
  in /var/run/wpa_supplicant; this path can be overriden with -p option
  and an interface can be selected with -i option (i.e., in most common
  cases, wpa_cli does not need to get any arguments)
* added support for LEAP
* added driver interface for Linux ndiswrapper
* added priority option for network blocks in the configuration file;
  this allows networks to be grouped based on priority (the scan
  results are searched for matches with network blocks in this order)


-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list