Host AP/hostapd/wpa_supplicant - new development release v0.4.0

Jouni Malinen jkmaline at cc.hut.fi
Mon Apr 25 23:43:23 EDT 2005


A new version of Prism2/2.5/3 Host AP driver, wpa_supplicant, and
hostapd were just released and are now available from
http://hostap.epitest.fi/

This release is the first release from the new development branch
(0.4.x). Please note that 0.3.x branch continues to be the current
source of stable releases.

Most of the changes since the last development release (v0.3.6) and
differences from the current stable branch are in wpa_supplicant and
hostapd. hostap-driver got only minor changes and hostap-utils did not
change at all.

wpa_supplicant licensing is now a bit less complex since all files are
available under the same dual license (GPLv2 & BSD). Previously, a
driver interface implementation was available only under GPL, but it is
now dual licensed. In the future, I hope that all contributions to
wpa_supplicant (and hostapd, for that matter) are made available under
these two licenses to avoid complexity involved in having some parts
of the program being licensed under different terms. Please also note
that hostap-driver and hostap-utils remain under GPLv2 only license.

I would expect development to continue for some more time on 0.4.x
branch before starting to stabilize for stable releases. I hope to
keep the code in working condition most of the time so that it would
be usable for most users, but please keep in mind that this branch is
still under development and some instability should be expected.


PS.

If you happen to be in Las Vegas next week and interested in network
security and open source, you might want to take a look at this year's
program at InteropNet Labs (iLabs)* at Networld+Interop. I'm planning on
being somewhere around iLabs for the week, so please feel free to come
by to discuss topics that are somehow related to this interesting
combination of open source development, network security, and wireless
networks in general.

*) http://www.interop.net/lasvegas/interopnet/ilabs/


hostap-driver:
* filter out sequential disconnect events to make race condition with
  received EAPOL frames less likely to happen (this improves
  authentication success rate with some APs that send EAPOL frames
  very quickly after the (re)association response)
* added support for setting channel mask for scan requests
  ('iwpriv wlan0 scan_channels 0x00ff' masks scans to use channels 1-8)
* fixed background scans (iwlist wlan0 scan) not to break data
  connection when in host_roaming 2 mode (e.g., when using
  wpa_supplicant)

hostapd:
* added support for including network information into
  EAP-Request/Identity message (ASCII-0 (nul) in eap_message)
  (e.g., to implement draft-adrange-eap-network-discovery-07.txt)
* fixed a bug which caused some RSN pre-authentication cases to use
  freed memory and potentially crash hostapd
* fixed private key loading for cases where passphrase is not set
* added support for sending TLS alerts and aborting authentication
  when receiving a TLS alert
* fixed WPA2 to add PMKSA cache entry when using integrated EAP
  authenticator
* fixed PMKSA caching (EAP authentication was not skipped correctly
  with the new state machine changes from IEEE 802.1X draft)
* added support for RADIUS over IPv6; own_ip_addr, auth_server_addr,
  and acct_server_addr can now be IPv6 addresses (CONFIG_IPV6=y needs
  to be added to .config to include IPv6 support); for RADIUS server,
  radius_server_ipv6=1 needs to be set in hostapd.conf and addresses
  in RADIUS clients file can then use IPv6 format
* added experimental support for EAP-PAX
* replaced hostapd control interface library (hostapd_ctrl.[ch]) with
  the same implementation that wpa_supplicant is using (wpa_ctrl.[ch])

wpa_supplicant:
* added a new build time option, CONFIG_NO_STDOUT_DEBUG, that can be
  used to reduce the size of the wpa_supplicant considerably if
  debugging code is not needed
* fixed EAPOL-Key validation to drop packets with invalid Key Data
  Length; such frames could have crashed wpa_supplicant due to buffer
  overflow
* added support for wired authentication (IEEE 802.1X on wired
  Ethernet); driver interface 'wired'
* obsoleted set_wpa() handler in the driver interface API (it can be
  replaced by moving enable/disable functionality into init()/deinit())
  (calls to set_wpa() are still present for backwards compatibility,
  but they may be removed in the future)
* driver_madwifi: fixed association in plaintext mode
* modified the EAP workaround that accepts EAP-Success with incorrect
  Identifier to be even less strict about verification in order to
  interoperate with some authentication servers
* added support for sending TLS alerts
* added support for 'any' SSID wildcard; if ssid is not configured or
  is set to an empty string, any SSID will be accepted for non-WPA AP
* added support for asking PIN (for SIM) from frontends (e.g.,
  wpa_cli); if a PIN is needed, but not included in the configuration
  file, a control interface request is sent and EAP processing is
  delayed until the PIN is available
* added support for using external devices (e.g., a smartcard) for
  private key operations in EAP-TLS (CONFIG_SMARTCARD=y in .config);
  new wpa_supplicant.conf variables:
  - global: opensc_engine_path, pkcs11_engine_path, pkcs11_module_path
  - network: engine, engine_id, key_id
* added experimental support for EAP-PAX
* added monitor mode for wpa_cli (-a<path to a program to run>) that
  allows external commands (e.g., shell scripts) to be run based on
  wpa_supplicant events, e.g., when authentication has been completed
  and data connection is ready; other related wpa_cli arguments:
  -B (run in background), -P (write PID file); wpa_supplicant has a new
  command line argument (-W) that can be used to make it wait until a
  control interface command is received in order to avoid missing
  events
* added support for opportunistic WPA2 PMKSA key caching (disabled by
  default, can be enabled with proactive_key_caching=1)
* fixed RSN IE in 4-Way Handshake message 2/4 for the case where
  Authenticator rejects PMKSA caching attempt and the driver is not
  using assoc_info events
* added -P<pid file> argument for wpa_supplicant to write the current
  process id into a file

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list