hostapd/wpa_supplicant - new release v2.1

Jouni Malinen j at
Tue Feb 4 09:09:48 EST 2014

New versions of wpa_supplicant and hostapd were just
released and are now available from

This release follows the style used with v2.0, but it was not really
supposed to take this long between the releases.. We'll see how it goes
with v2.2, but all the new test scripting and lightweight release
process should make it easier to get to a bit more frequent sequence
(which was the initial plan for 2.x).

With this release, the old 1.x branch is considered to have reached its
end-of-life. If you are still using 1.x (or any older version), you are
recommended to update to the 2.1 release since there will be no upstream
support for the older branches.

There has been quite a few new features and fixes since the 2.0 release
a year ago. The following ChangeLog entries highlight some of the main

* added support for simultaneous authentication of equals (SAE) for
  stronger password-based authentication with WPA2-Personal
* added nl80211 functionality
  - VHT configuration for nl80211
  - support split wiphy dump
  - driver-based MAC ACL
  - QoS Mapping configuration
* added fully automated regression testing with mac80211_hwsim
* allow ctrl_iface group to be specified on command line (-G<group>)
* allow single hostapd process to control independent WPS interfaces
  (wps_independent=1) instead of synchronized operations through all
  configured interfaces within a process
* avoid processing received management frames multiple times when using
  nl80211 with multiple BSSes
* added support for DFS (processing radar detection events, CAC, channel
* added EAP-EKE server
* added automatic channel selection (ACS)
* added option for using per-BSS (vif) configuration files with
  -b<phyname>:<config file name>
* extended global control interface ADD/REMOVE commands to allow BSSes
  of a radio to be removed individually without having to add/remove all
  other BSSes of the radio at the same time
* added support for sending debug info to Linux tracing (-T on command
* replace dump_file functionality with same information being available
  through the hostapd control interface
* added support for using Protected Dual of Public Action frames for
  GAS/ANQP exchanges when PMF is enabled
* added support for WPS+NFC updates
  - improved protocol
  - option to fetch and report alternative carrier records for external
    NFC operations
* various bug fixes

* added support for simultaneous authentication of equals (SAE) for
  stronger password-based authentication with WPA2-Personal
* improved P2P negotiation and group formation robustness
  - avoid unnecessary Dialog Token value changes during retries
  - avoid more concurrent scanning cases during full group formation
  - do not use potentially obsolete scan result data from driver
    cache for peer discovery/updates
  - avoid undesired re-starting of GO negotiation based on Probe
    Request frames
  - increase GO Negotiation and Invitation timeouts to address busy
    environments and peers that take long time to react to messages,
    e.g., due to power saving
  - P2P Device interface type
* improved P2P channel selection (use more peer information and allow
  more local options)
* added support for optional per-device PSK assignment by P2P GO
  (wpa_cli p2p_set per_sta_psk <0/1>)
* added P2P_REMOVE_CLIENT for removing a client from P2P groups
  (including persistent groups); this can be used to securely remove
  a client from a group if per-device PSKs are used
* added more configuration flexibility for allowed P2P GO/client
  channels (p2p_no_go_freq list and p2p_add_cli_chan=0/1)
* added nl80211 functionality
  - VHT configuration for nl80211
  - MFP (IEEE 802.11w) information for nl80211 command API
  - support split wiphy dump
  - FT (IEEE 802.11r) with driver-based SME
  - use advertised number of supported concurrent channels
  - QoS Mapping configuration
* improved TDLS negotiation robustness
* added more TDLS peer parameters to be configured to the driver
* optimized connection time by allowing recently received scan results
  to be used instead of having to run through a new scan
* fixed ctrl_iface BSS command iteration with RANGE argument and no
  exact matches; also fixed argument parsing for some cases with
  multiple arguments
* added 'SCAN TYPE=ONLY' ctrl_iface command to request manual scan
  without executing roaming/network re-selection on scan results
* added Session-Id derivation for EAP peer methods
* added fully automated regression testing with mac80211_hwsim
* changed configuration parser to reject invalid integer values
* allow AP/Enrollee to be specified with BSSID instead of UUID for
  WPS ER operations
* disable network block temporarily on repeated connection failures
* changed the default driver interface from wext to nl80211 if both are
  included in the build
* remove duplicate networks if WPS provisioning is run multiple times
* remove duplicate networks when Interworking network selection uses the
  same network
* added global freq_list configuration to allow scan frequencies to be
  limited for all cases instead of just for a specific network block
* added support for BSS Transition Management
* added option to use "IFNAME=<ifname> " prefix to use the global
  control interface connection to perform per-interface commands;
  similarly, allow global control interface to be used as a monitor
  interface to receive events from all interfaces
* fixed OKC-based PMKSA cache entry clearing
* fixed TKIP group key configuration with FT
* added support for using OCSP stapling to validate server certificate
  (ocsp=1 as optional and ocsp=2 as mandatory)
* added EAP-EKE peer
* added peer restart detection for IBSS RSN
* added domain_suffix_match (and domain_suffix_match2 for Phase 2
  EAP-TLS) to specify additional constraint for the server certificate
  domain name
* added support for external SIM/USIM processing in EAP-SIM, EAP-AKA,
  and EAP-AKA' (CTRL-REQ-SIM and CTRL-RSP-SIM commands over control
* added global bgscan configuration option as a default for all network
  blocks that do not specify their own bgscan parameters
* added D-Bus methods for TDLS
* added more control to scan requests
  - "SCAN freq=<freq list>" can be used to specify which channels are
    scanned (comma-separated frequency ranges in MHz)
  - "SCAN passive=1" can be used to request a passive scan (no Probe
    Request frames are sent)
  - "SCAN use_id" can be used to request a scan id to be returned and
    included in event messages related to this specific scan operation
  - "SCAN only_new=1" can be used to request the driver/cfg80211 to
    report only BSS entries that have been updated during this scan
  - these optional arguments to the SCAN command can be combined with
    each other
* modified behavior on externally triggered scans
  - avoid concurrent operations requiring full control of the radio when
    an externally triggered scan is detected
  - do not use results for internal roaming decision
* added a new cred block parameter 'temporary' to allow credential
  blocks to be stored separately even if wpa_supplicant configuration
  file is used to maintain other network information
* added "radio work" framework to schedule exclusive radio operations
  for off-channel functionality
  - reduce issues with concurrent operations that try to control which
    channel is used
  - allow external programs to request exclusive radio control in a way
    that avoids conflicts with wpa_supplicant
* added support for using Protected Dual of Public Action frames for
  GAS/ANQP exchanges when associated with PMF
* added support for WPS+NFC updates and P2P+NFC
  - improved protocol for WPS
  - P2P group formation/join based on NFC connection handover
  - new IPv4 address assignment for P2P groups (ip_addr_* configuration
    parameters on the GO) to replace DHCP
  - option to fetch and report alternative carrier records for external
    NFC operations
* various bug fixes

git-shortlog for 2.0 -> 2.1:

Well.. There were 1646 commits, so the list would be too long for this
email. Anyway, if you are interested in the details, they are available
in the hostap.git repository. diffstat has following to say about the
 498 files changed, 59457 insertions(+), 12356 deletions(-)

Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list