Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release

COPYING

@@ -0,0 +1,340 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                       51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) 19yy  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) 19yy name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.

FAQ

@@ -0,0 +1,181 @@
+Host AP driver - Frequently Asked Questions
+===========================================
+
+1. What does "GetNextTuple: No more items" mean in hostap_cs initialization?
+2. Why RX does not work?
+   What does "NETDEV WATCHDOG: wlan0: transmit timed out" mean?
+   (interrupt delivery problems)
+3. What is wrong with Host AP mode in secondary (station) firmware v1.4.2?
+4. What is causing 'Unresolved symbols' in depmod/modprobe?
+5. How can I upgrade Prism2/2.5/3 firmware?
+6. Why did I get two network interfaces (wlan0 and wifi0) even when I have
+   only one wireless card?
+7. Why does my D-Link DWL-650 rev. P1 or D-Link DWL-520 rev. E1 (or any other
+   card with small flash) card fail?
+8. Does Host AP driver support IEEE 802.11a and 802.11g? Does it support
+   chipsets other than Prism 2/2.5/3?
+
+
+
+1. What does "GetNextTuple: No more items" mean in hostap_cs initialization?
+
+This is one of the most often reported problems in getting the
+hostap_cs.o driver working. It is usually reported for D-Link DWL-650
+PC Card, e.g., on ISA-to-PCMCIA adapter. Later versions of the driver
+report this also with "Vcc mismatch - skipping this entry".
+
+Most common reason for getting this is a mismatch in voltage
+configuration. The driver tries to make sure that the voltage (Vcc)
+configuration in CIS and the slot match each other. It refuses to
+initialize the card if the card CIS does not include a CFTABLE entry
+with a matching Vcc value. This seems to be a problem for some cases
+since the CIS is invalid or the reported voltage is incorrect.
+
+As a workaround, the driver supports a module parameter ignore_cis_vcc
+that can be used to skip this verification. This can be enabled by
+setting ignore_cis_vcc=1 in /etc/pcmcia/hostap_cs.conf (commented
+example line in the end of file). This can also be tested by manually
+loading the module with 'modprobe hostap_cs ignore_cis_vcc=1' before
+inserting the card).
+
+
+
+2. Why RX does not work?
+   What does "NETDEV WATCHDOG: wlan0: transmit timed out" mean?
+   (interrupt delivery problems)
+
+If the driver does not seem to receive any packets or sending packets
+results in "NETDEV WATCHDOG: wlan0: transmit timed out", the reason is
+probably in interrupt delivery problems. This is quite common with
+PCI-to-PCMCIA adapters. Newer than 2002-05-19 of the driver have a
+test that will report this after the initialization ("wlan: Possible
+interrupt delivery problem"). Another method for checking this is to
+observer whether interrupt counters in /proc/interrupts increase for
+hostap_cs/wlan0 entry.
+
+Adding suitable irq_mode=# setting in PCIC_OPTS line of
+pcmcia-configuration is the most common fix for this. pcmcia-cs HOWTO
+has more information on how to debug and fix interrupt delivery
+problems at
+http://pcmcia-cs.sourceforge.net/ftp/doc/PCMCIA-HOWTO-5.html#irqmode
+
+
+
+3. What is wrong with Host AP mode in secondary (station) firmware v1.4.2?
+
+It looks like secondary firmware v1.4.2 sends beacon frames properly,
+but does not respond to probe requests. With most station cards, this
+prevents authentication and association and thus, in practice, no data
+frames can be sent. It has been reported that at least some Cisco
+Aironet 350 cards can associate with Host AP mode even with firmware
+v1.4.2 (i.e., without receiving probe response), but Prism2 and
+Lucent/ORiNOCO/Agere seem to require probe response and they do not
+thus associate with AP using v1.4.2 firmware.
+
+This is fixed in later secondary firmware versions; probably already
+in 1.4.3, but at least 1.4.9 has been tested to work. In other words,
+this problem can be fixed by upgrading card firmware.
+
+
+
+4. What is causing 'Unresolved symbols' in depmod/modprobe?
+
+Installation of Host AP driver (e.g, 'make install_pccard') may report
+unresolved symbols when running depmod. These are usually caused with
+mismatch in kernel configuration for modversions.
+
+Example:
+
+depmod reports unresolved symbol 'eth_type_trans' (this is without
+modversions):
+depmod:         eth_type_trans
+
+but kernel was really configured with CONFIG_MODVERSIONS:
+
+# grep eth_type_trans /proc/ksyms
+c01b66c0 eth_type_trans_Rdb9cd26f
+
+(notice the _R... postfix)
+
+This happens if the kernel configuration given to Host AP driver's
+Makefile (.config in KERNEL_PATH) has not CONFIG_MODVERSIONS, but the
+running kernel is compiled with it.
+If the kernel were configured without modversions, /proc/ksyms would
+show the symbols with _R... postfix:
+
+
+Mismatches in kernel configuration can be fixed by using the same
+configuration (i.e., Linux kernel .config) for both the kernel and the
+driver. If you are using a kernel from a distribution installation
+(i.e., you have not compiled it yourself), you will need to create a
+matching .config file somehow. This depends on the distribution you
+are using, but 'make oldconfig' in kernel source directory might work
+with some distributions. If you compile the kernel yourself, it will
+be easier, since you already have to have created the correct .config
+file.
+
+
+
+5. How can I upgrade Prism2/2.5/3 firmware?
+
+Prism2/2.5/3 cards and Host AP driver support two different mechanism
+of upgrading the card firmware. Firmware images (primary and station)
+can be downloaded either into volatile memory (RAM download) or
+non-volatile memory (flash upgrade). Firmware images downloaded into
+volatile memory are lost when the card is resetted, so they are quite
+safe. Flash upgrade with incorrect images may cause permanent problems
+(i.e., render the card useless), so certain amount of caution is
+always recommended for this.
+
+Note! Some of the older versions of Host AP driver or prism2_srec had
+fatal bugs in flash upgrade. Only versions 0.1.0 or newer should be
+used when performing non-volatile flash upgrade!
+
+utils/prism2_srec (run 'make' in utils directory to build this) is a
+tool that can be instructed Host AP driver to download firmware image
+into the wlan card. Brief usage information is available by running
+this program without any command line parameters. Please note, that
+the downloading support is disabled in the default Host AP driver
+build. You will need to change this by defining
+PRISM2_DOWNLOAD_SUPPORT (and PRISM2_NON_VOLATILE_DOWNLOAD if you want
+to update flash); see driver/modules/hostap_config.h for more details.
+
+Jun Sun has written a mini-howto on flashing Intersil Prism
+Chipsets. This is available at http://linux.junsun.net/intersil-prism/.
+
+
+
+6. Why did I get two network interfaces (wlan0 and wifi0) even when I have
+   only one wireless card?
+
+Host AP driver supports multiple virtual interfaces per wireless
+card. wifi0 is the master radio interface and wlan0 is the first
+virtual interface for this radio. Other virtual interfaces are wlan0ap
+(for hostapd), and one interface per WDS link.
+
+In most cases, one should ignore wifi0 interface and just use wlan0
+interface. In other words, assign IP address to wlan0, not wifi0 and
+in general, just ignore the wifi0 interface.
+
+
+
+7. Why does my D-Link DWL-650 rev. P1 or D-Link DWL-520 rev. E1 (or any other
+   card with small flash) card fail?
+
+Some of the new Prism3-based cards use a smaller flash chip that does
+not include full firmware for the card. For example, D-Link DWL-650
+rev. P1 and D-Link DWL-520 rev. E1 are such cards. These cards require
+that the firmware is downloaded to the card during initialization. See
+utils/hostap_fw_load for example commands on doing this.
+
+
+
+8. Does Host AP driver support IEEE 802.11a and 802.11g? Does it support
+   chipsets other than Prism 2/2.5/3?
+
+Host AP driver supports only Intersil Prism chipsets, versions 2, 2.5,
+and 3. Those chipsets support IEEE 802.11b only; other chipsets are
+not supported. All utilities distributed with Host AP driver except
+wpa_supplicant work only with Host AP driver, so they are limited to
+the same hardware. wpa_supplicant works with other drivers, including
+those that support 802.11a and 802.11g.

README

@@ -0,0 +1,19 @@
+wpa_supplicant and hostapd v0.6.x
+---------------------------------
+
+Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi> and contributors
+All Rights Reserved.
+
+These program is dual-licensed under both the GPL version 2 and BSD
+license. Either license may be used at your option.
+
+
+This package may include either wpa_supplicant, hostapd, or both. See
+README file respective subdirectories (wpa_supplicant/README or
+hostapd/README) for more details.
+
+Source code files have been moved around in v0.6.x releases and
+compared to earlier releases, the programs are now build by first
+going to a subdirectory (wpa_supplicant or hostapd) and creating
+build configuration (.config) and running 'make' there (for
+Linux/BSD/cygwin builds).

build_release

@@ -0,0 +1,143 @@
+#!/bin/sh
+
+# Path to the Windows cross compiler (mingw)
+WINCROSS=/opt/xmingw/bin
+WINLOCAL=/home/jm/H-win/local
+
+set -e
+
+if [ -z "$1" ]; then
+    echo "build_release <version> [nobin]"
+    exit 1
+fi
+
+TMP=tmp.build_release
+RELDIR=`pwd`/Release
+VER=$1
+NOW=`date +%Y-%m-%d`
+
+echo "Version: $VER - $NOW"
+
+DATEw=`head -n 3 wpa_supplicant/ChangeLog | tail -n 1 | sed "s/ .*//"`
+DATEh=`head -n 3 hostapd/ChangeLog | tail -n 1 | sed "s/ .*//"`
+
+if [ "$DATEw" != "$NOW" -o "$DATEh" != "$NOW" ]; then
+    echo "NOTE! Date mismatch in ChangeLog: wpa_supplicant $DATEw hostapd $DATEh != $NOW"
+fi
+
+if [ -r $TMP ]; then
+    echo "Temporary directory '$TMP' exists. Remove it before running this."
+    exit 1
+fi
+
+mkdir $TMP
+mkdir -p $RELDIR
+
+git-archive --format=tar --prefix=wpa-$VER/ HEAD \
+	README COPYING patches src wpa_supplicant hostapd |
+	gzip > $RELDIR/wpa-$VER.tar.gz
+git-archive --format=tar --prefix=hostapd-$VER/ HEAD \
+	README COPYING patches src hostapd |
+	gzip > $RELDIR/hostapd-$VER.tar.gz
+git-archive --format=tar --prefix=wpa_supplicant-$VER/ HEAD \
+	README COPYING patches src wpa_supplicant |
+	tar --directory=$TMP -xf -
+
+cd $TMP
+make -C wpa_supplicant-$VER/wpa_supplicant/doc/docbook man
+rm -f wpa_supplicant-$VER/wpa_supplicant/doc/docbook/manpage.{links,refs}
+tar czf $RELDIR/wpa_supplicant-$VER.tar.gz wpa_supplicant-$VER
+cd ..
+rm -r $TMP
+
+if [ "$2" == "nobin" ]; then
+    exit 0
+fi
+
+if [ -d $WINCROSS ]; then
+    pushd $RELDIR
+
+    PDIR=wpa_supplicant-$VER
+    WDIR=wpa_supplicant-windows-bin-$VER
+    tar xzf $PDIR.tar.gz
+    mkdir "$WDIR"
+    cd "$PDIR/wpa_supplicant"
+    cat > .config <<EOF
+CONFIG_DRIVER_NDIS=y
+CONFIG_NATIVE_WINDOWS=y
+
+CFLAGS += -I/opt/xmingw/i386-mingw32msvc/include/ddk
+CC=i386-mingw32msvc-gcc
+STRIP=i386-mingw32msvc-strip
+PLATFORMSDKLIB=$WINLOCAL/lib
+CONFIG_NDIS_EVENTS_INTEGRATED=y
+
+CFLAGS += -I$WINLOCAL/include
+LIBS += -L$WINLOCAL/lib
+LIBS_w += -L$WINLOCAL/lib
+LIBS_p += -L$WINLOCAL/lib
+
+CONFIG_EAP_SIM=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_LEAP=y
+CONFIG_EAP_FAST=y
+CONFIG_EAP_TLS=y
+
+CONFIG_CTRL_IFACE=y
+CONFIG_EAP_FAST=y
+CONFIG_EAP_MSCHAPV2=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_MD5=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_OTP=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_TNC=y
+CONFIG_PKCS12=y
+CONFIG_PCSC=y
+
+CONFIG_L2_PACKET=winpcap
+CONFIG_MAIN=main_winsvc
+CONFIG_BACKEND=winreg
+CONFIG_ELOOP=eloop_win
+CFLAGS += -DCONFIG_DEBUG_FILE
+EOF
+
+    # First, build the Windows service & registry version and rename it
+    PATH=$PATH:$WINCROSS make windows-bin
+    mv wpa_supplicant.exe wpasvc.exe
+
+    # Then, build "the standard" wpa_supplicant.exe
+    cat >> .config <<EOF
+CONFIG_MAIN=main
+CONFIG_BACKEND=file
+EOF
+
+    PATH=$PATH:$WINCROSS make windows-bin
+
+    for i in COPYING; do
+	unix2dos < ../$i > ../../"$WDIR"/$i
+    done
+    for i in README README-Windows.txt wpa_supplicant.conf; do
+	unix2dos < $i > ../../"$WDIR"/$i
+    done
+    mv *.exe ../../"$WDIR"
+    cp win_example.reg ../../"$WDIR"
+
+    cd wpa_gui-qt4
+    PATH=$PATH:$WINCROSS ./setup-mingw-cross-compiling
+    PATH=$PATH:$WINCROSS make
+    cp release/wpa_gui.exe ../../../"$WDIR"
+    cd ../../..
+    rm -rf "$PDIR"
+    zip "$WDIR.zip" "$WDIR"/*
+    rm -rf "$WDIR"
+
+    popd
+fi
+
+ls -l $RELDIR/*$VER*
+
+exit 0

eap_example/.gitignore

@@ -0,0 +1,3 @@
+*.d
+eap_example
+libeap.so

eap_example/Makefile

@@ -0,0 +1,179 @@
+ALL=eap_example
+
+all: $(ALL)
+
+ifndef CC
+CC=gcc
+endif
+
+ifndef CFLAGS
+CFLAGS = -MMD -O2 -Wall -g
+endif
+
+CONFIG_TLS=openssl
+#CONFIG_TLS=internal
+#CONFIG_INTERNAL_LIBTOMMATH=y
+
+
+CFLAGS += -I.
+CFLAGS += -I../src
+CFLAGS += -I../src/crypto
+CFLAGS += -I../src/utils
+CFLAGS += -I../src/common
+
+# at least for now, need to include config_ssid.h and config_blob.h from
+# wpa_supplicant directory
+CFLAGS += -I../wpa_supplicant
+
+
+OBJS_both += ../src/utils/common.o
+OBJS_both += ../src/utils/os_unix.o
+OBJS_both += ../src/utils/wpa_debug.o
+OBJS_both += ../src/utils/base64.o
+OBJS_both += ../src/utils/wpabuf.o
+OBJS_both += ../src/crypto/md5.o
+OBJS_both += ../src/crypto/rc4.o
+OBJS_both += ../src/crypto/md4.o
+OBJS_both += ../src/crypto/sha1.o
+OBJS_both += ../src/crypto/des.o
+OBJS_both += ../src/crypto/aes_wrap.o
+OBJS_both += ../src/crypto/aes.o
+OBJS_both += ../src/crypto/ms_funcs.o
+OBJS_both += ../src/crypto/sha256.o
+
+
+OBJS_both += ../src/eap_common/eap_psk_common.o
+OBJS_both += ../src/eap_common/eap_pax_common.o
+OBJS_both += ../src/eap_common/eap_sake_common.o
+OBJS_both += ../src/eap_common/eap_gpsk_common.o
+OBJS_both += ../src/eap_common/chap.o
+
+OBJS_peer += ../src/eap_peer/eap_tls.o
+OBJS_peer += ../src/eap_peer/eap_peap.o
+OBJS_peer += ../src/eap_peer/eap_ttls.o
+OBJS_peer += ../src/eap_peer/eap_md5.o
+OBJS_peer += ../src/eap_peer/eap_mschapv2.o
+OBJS_peer += ../src/eap_peer/mschapv2.o
+OBJS_peer += ../src/eap_peer/eap_otp.o
+OBJS_peer += ../src/eap_peer/eap_gtc.o
+OBJS_peer += ../src/eap_peer/eap_leap.o
+OBJS_peer += ../src/eap_peer/eap_psk.o
+OBJS_peer += ../src/eap_peer/eap_tlv.o
+OBJS_peer += ../src/eap_peer/eap_pax.o
+OBJS_peer += ../src/eap_peer/eap_sake.o
+OBJS_peer += ../src/eap_peer/eap_gpsk.o
+OBJS_peer += ../src/eap_peer/eap.o
+OBJS_peer += ../src/eap_common/eap_common.o
+OBJS_peer += ../src/eap_peer/eap_methods.o
+OBJS_peer += ../src/eap_peer/eap_tls_common.o
+
+CFLAGS += -DEAP_TLS
+CFLAGS += -DEAP_PEAP
+CFLAGS += -DEAP_TTLS
+CFLAGS += -DEAP_MD5
+CFLAGS += -DEAP_MSCHAPv2
+CFLAGS += -DEAP_GTC
+CFLAGS += -DEAP_OTP
+CFLAGS += -DEAP_LEAP
+CFLAGS += -DEAP_PSK
+CFLAGS += -DEAP_TLV
+CFLAGS += -DEAP_PAX
+CFLAGS += -DEAP_SAKE
+CFLAGS += -DEAP_GPSK -DEAP_GPSK_SHA256
+CFLAGS += -DEAP_TLS_FUNCS
+
+CFLAGS += -DIEEE8021X_EAPOL
+
+ifeq ($(CONFIG_TLS), openssl)
+CFLAGS += -DEAP_TLS_OPENSSL
+OBJS_both += ../src/crypto/tls_openssl.o
+OBJS_both += ../src/crypto/crypto_openssl.o
+LIBS += -lssl -lcrypto
+CFLAGS += -DINTERNAL_SHA256
+endif
+
+ifeq ($(CONFIG_TLS), internal)
+OBJS_both += ../src/crypto/tls_internal.o
+OBJS_both += ../src/tls/tlsv1_common.o ../src/tls/tlsv1_record.o
+OBJS_both += ../src/tls/tlsv1_cred.o
+OBJS_both += ../src/tls/asn1.o ../src/tls/x509v3.o
+OBJS_both += ../src/crypto/crypto_internal.o ../src/tls/rsa.o ../src/tls/bignum.o
+
+OBJS_peer += ../src/tls/tlsv1_client.o
+OBJS_peer += ../src/tls/tlsv1_client_write.o ../src/tls/tlsv1_client_read.o
+CFLAGS += -DCONFIG_TLS_INTERNAL_CLIENT
+
+OBJS_server += ../src/tls/tlsv1_server.o
+OBJS_server += ../src/tls/tlsv1_server_write.o ../src/tls/tlsv1_server_read.o
+CFLAGS += -DCONFIG_TLS_INTERNAL_SERVER
+
+CFLAGS += -DCONFIG_TLS_INTERNAL
+CFLAGS += -DCONFIG_CRYPTO_INTERNAL
+CFLAGS += -DCONFIG_INTERNAL_X509
+CFLAGS += -DINTERNAL_AES
+CFLAGS += -DINTERNAL_SHA1
+CFLAGS += -DINTERNAL_SHA256
+CFLAGS += -DINTERNAL_MD5
+CFLAGS += -DINTERNAL_MD4
+CFLAGS += -DINTERNAL_DES
+ifdef CONFIG_INTERNAL_LIBTOMMATH
+CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH
+else
+LIBS += -ltommath
+endif
+endif
+
+
+
+# Optional components to add EAP server support
+OBJS_server += ../src/eap_server/eap_tls.o
+OBJS_server += ../src/eap_server/eap_peap.o
+OBJS_server += ../src/eap_server/eap_ttls.o
+OBJS_server += ../src/eap_server/eap_md5.o
+OBJS_server += ../src/eap_server/eap_mschapv2.o
+OBJS_server += ../src/eap_server/eap_gtc.o
+OBJS_server += ../src/eap_server/eap_psk.o
+OBJS_server += ../src/eap_server/eap_tlv.o
+OBJS_server += ../src/eap_server/eap_pax.o
+OBJS_server += ../src/eap_server/eap_sake.o
+OBJS_server += ../src/eap_server/eap_gpsk.o
+OBJS_server += ../src/eap_server/eap.o
+OBJS_server += ../src/eap_server/eap_identity.o
+OBJS_server += ../src/eap_server/eap_methods.o
+OBJS_server += ../src/eap_server/eap_tls_common.o
+CFLAGS += -DEAP_SERVER
+
+
+ifndef LDO
+LDO=$(CC)
+endif
+
+
+OBJS_lib=$(OBJS_both) $(OBJS_peer) $(OBJS_server)
+
+OBJS_ex = eap_example.o eap_example_peer.o eap_example_server.o
+
+ifneq ($(CONFIG_SOLIB), yes)
+LIBEAP = libeap.a
+libeap.a: $(OBJS_lib)
+	ar rc libeap.a $(OBJS_lib)
+	ranlib libeap.a
+
+else
+CFLAGS  += -fPIC -DPIC
+LDFLAGS += -shared
+
+LIBEAP  = libeap.so
+libeap.so: $(OBJS_lib)
+	$(LDO) $(LDFLAGS) $(OBJS_lib) -o $(LIBEAP)
+
+endif
+
+eap_example: $(OBJS_ex) $(LIBEAP)
+	$(LDO) $(LDFLAGS) -o eap_example $(OBJS_ex) -L. -leap $(LIBS)
+
+clean:
+	$(MAKE) -C ../src clean
+	rm -f core *~ *.o *.d libeap.a libeap.so $(ALL)
+
+-include $(OBJS:%.o=%.d)

eap_example/README

@@ -0,0 +1,46 @@
+EAP peer/server library and example program
+Copyright (c) 2007, Jouni Malinen <j@w1.fi>
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License version 2 as
+published by the Free Software Foundation.
+
+Alternatively, this software may be distributed under the terms of BSD
+license.
+
+
+The interfaces of the EAP server/peer implementation are based on RFC
+4137 (EAP State Machines). This RFC is coordinated with the state
+machines defined in IEEE 802.1X-2004. hostapd and wpa_supplicant
+include implementation of the IEEE 802.1X EAPOL state machines and the
+interface between them and EAP. However, the EAP implementation can be
+used with other protocols, too, by providing a compatible interface
+which maps the EAPOL<->EAP variables to another protocol.
+
+This directory contains an example showing how EAP peer and server
+code from wpa_supplicant and hostapd can be used as a library. The
+example program initializes both an EAP server and an EAP peer
+entities and then runs through an EAP-PEAP/MSCHAPv2 authentication.
+
+eap_example_peer.c shows the initialization and glue code needed to
+control the EAP peer implementation. eap_example_server.c does the
+same for EAP server. eap_example.c is an example that ties in both the
+EAP server and client parts to allow an EAP authentication to be
+shown.
+
+In this example, the EAP messages are passed between the server and
+the peer are passed by direct function calls within the same process.
+In practice, server and peer functionalities would likely reside in
+separate devices and the EAP messages would be transmitted between the
+devices based on an external protocol. For example, in IEEE 802.11
+uses IEEE 802.1X EAPOL state machines to control the transmission of
+EAP messages and WiMax supports optional PMK EAP authentication
+mechanism that transmits EAP messages as defined in IEEE 802.16e.
+
+
+The EAP library links in number of helper functions from src/utils and
+src/crypto directories. Most of these are suitable as-is, but it may
+be desirable to replace the debug output code in src/utils/wpa_debug.c
+by dropping this file from the library and re-implementing the
+functions there in a way that better fits in with the main
+application.

eap_example/ca.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBzCCAnCgAwIBAgIJAIb4NS4TdLXUMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMQ4wDAYDVQQKEwV3MS5maTEQMA4G
+A1UEAxMHVGVzdCBDQTEbMBkGCSqGSIb3DQEJARYMdGVzdGNhQHcxLmZpMB4XDTA3
+MTIwOTAzMTQzN1oXDTE3MTIwNjAzMTQzN1owYTELMAkGA1UEBhMCVVMxEzARBgNV
+BAgTCkNhbGlmb3JuaWExDjAMBgNVBAoTBXcxLmZpMRAwDgYDVQQDEwdUZXN0IENB
+MRswGQYJKoZIhvcNAQkBFgx0ZXN0Y2FAdzEuZmkwgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBAO6GoecRclnILh9FTvqnY/yUZmeJDgC+3/PQiicpMDhAzCkWAmi+
+a1LSnqakNN/GdCy3q053TFLFEzhEHkhhRwY/zzj2vZIcFZESoUhr67CzCpcPmTGa
+AfOzsGPjaH6xYcaOR4RZMfXd/EKfAauHxj3LuCusLL5hK/FwxWhQJNJrAgMBAAGj
+gcYwgcMwHQYDVR0OBBYEFKhJuSLJ6JhcB/dRgB8j0h9mOlpKMIGTBgNVHSMEgYsw
+gYiAFKhJuSLJ6JhcB/dRgB8j0h9mOlpKoWWkYzBhMQswCQYDVQQGEwJVUzETMBEG
+A1UECBMKQ2FsaWZvcm5pYTEOMAwGA1UEChMFdzEuZmkxEDAOBgNVBAMTB1Rlc3Qg
+Q0ExGzAZBgkqhkiG9w0BCQEWDHRlc3RjYUB3MS5maYIJAIb4NS4TdLXUMAwGA1Ud
+EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAuU+5Uerq+n8WgiIsiANT3wUoGe2Y
+cnoQi2nVjUHrivgMDufH0tgh1AVfc3wVNNREdGC136qr1KBNqalQx2rKZ76xeNqW
+sQa2LIC2wE7Q7LJsltUcUjPyZHGUhBqWjKsCvlonfNB6JHkEayTEvVvyupgzTsxW
+QuuRdZ0sNv/S8VI=
+-----END CERTIFICATE-----

eap_example/eap_example.c

@@ -0,0 +1,55 @@
+/*
+ * Example application showing how EAP peer and server code from
+ * wpa_supplicant/hostapd can be used as a library. This example program
+ * initializes both an EAP server and an EAP peer entities and then runs
+ * through an EAP-PEAP/MSCHAPv2 authentication.
+ * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+
+
+int eap_example_peer_init(void);
+void eap_example_peer_deinit(void);
+int eap_example_peer_step(void);
+
+int eap_example_server_init(void);
+void eap_example_server_deinit(void);
+int eap_example_server_step(void);
+
+
+extern int wpa_debug_level;
+
+int main(int argc, char *argv[])
+{
+	int res_s, res_p;
+
+	wpa_debug_level = 0;
+
+	if (eap_example_peer_init() < 0 ||
+	    eap_example_server_init() < 0)
+		return -1;
+
+	do {
+		printf("---[ server ]--------------------------------\n");
+		res_s = eap_example_server_step();
+		printf("---[ peer ]----------------------------------\n");
+		res_p = eap_example_peer_step();
+	} while (res_s || res_p);
+
+	eap_example_peer_deinit();
+	eap_example_server_deinit();
+
+	return 0;
+}

eap_example/eap_example_peer.c

@@ -0,0 +1,270 @@
+/*
+ * Example application showing how EAP peer code from wpa_supplicant can be
+ * used as a library.
+ * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_peer/eap.h"
+#include "eap_peer/eap_config.h"
+#include "wpabuf.h"
+
+void eap_example_server_rx(const u8 *data, size_t data_len);
+
+
+struct eap_peer_ctx {
+	Boolean eapSuccess;
+	Boolean eapRestart;
+	Boolean eapFail;
+	Boolean eapResp;
+	Boolean eapNoResp;
+	Boolean eapReq;
+	Boolean portEnabled;
+	Boolean altAccept; /* for EAP */
+	Boolean altReject; /* for EAP */
+
+	struct wpabuf *eapReqData; /* for EAP */
+
+	unsigned int idleWhile; /* for EAP state machine */
+
+	struct eap_peer_config eap_config;
+	struct eap_sm *eap;
+};
+
+
+static struct eap_peer_ctx eap_ctx;
+
+
+static struct eap_peer_config * peer_get_config(void *ctx)
+{
+	struct eap_peer_ctx *peer = ctx;
+	return &peer->eap_config;
+}
+
+
+static Boolean peer_get_bool(void *ctx, enum eapol_bool_var variable)
+{
+	struct eap_peer_ctx *peer = ctx;
+	if (peer == NULL)
+		return FALSE;
+	switch (variable) {
+	case EAPOL_eapSuccess:
+		return peer->eapSuccess;
+	case EAPOL_eapRestart:
+		return peer->eapRestart;
+	case EAPOL_eapFail:
+		return peer->eapFail;
+	case EAPOL_eapResp:
+		return peer->eapResp;
+	case EAPOL_eapNoResp:
+		return peer->eapNoResp;
+	case EAPOL_eapReq:
+		return peer->eapReq;
+	case EAPOL_portEnabled:
+		return peer->portEnabled;
+	case EAPOL_altAccept:
+		return peer->altAccept;
+	case EAPOL_altReject:
+		return peer->altReject;
+	}
+	return FALSE;
+}
+
+
+static void peer_set_bool(void *ctx, enum eapol_bool_var variable,
+			  Boolean value)
+{
+	struct eap_peer_ctx *peer = ctx;
+	if (peer == NULL)
+		return;
+	switch (variable) {
+	case EAPOL_eapSuccess:
+		peer->eapSuccess = value;
+		break;
+	case EAPOL_eapRestart:
+		peer->eapRestart = value;
+		break;
+	case EAPOL_eapFail:
+		peer->eapFail = value;
+		break;
+	case EAPOL_eapResp:
+		peer->eapResp = value;
+		break;
+	case EAPOL_eapNoResp:
+		peer->eapNoResp = value;
+		break;
+	case EAPOL_eapReq:
+		peer->eapReq = value;
+		break;
+	case EAPOL_portEnabled:
+		peer->portEnabled = value;
+		break;
+	case EAPOL_altAccept:
+		peer->altAccept = value;
+		break;
+	case EAPOL_altReject:
+		peer->altReject = value;
+		break;
+	}
+}
+
+
+static unsigned int peer_get_int(void *ctx, enum eapol_int_var variable)
+{
+	struct eap_peer_ctx *peer = ctx;
+	if (peer == NULL)
+		return 0;
+	switch (variable) {
+	case EAPOL_idleWhile:
+		return peer->idleWhile;
+	}
+	return 0;
+}
+
+
+static void peer_set_int(void *ctx, enum eapol_int_var variable,
+			 unsigned int value)
+{
+	struct eap_peer_ctx *peer = ctx;
+	if (peer == NULL)
+		return;
+	switch (variable) {
+	case EAPOL_idleWhile:
+		peer->idleWhile = value;
+		break;
+	}
+}
+
+
+static struct wpabuf * peer_get_eapReqData(void *ctx)
+{
+	struct eap_peer_ctx *peer = ctx;
+	if (peer == NULL || peer->eapReqData == NULL)
+		return NULL;
+
+	return peer->eapReqData;
+}
+
+
+static void peer_set_config_blob(void *ctx, struct wpa_config_blob *blob)
+{
+	printf("TODO: %s\n", __func__);
+}
+
+
+static const struct wpa_config_blob *
+peer_get_config_blob(void *ctx, const char *name)
+{
+	printf("TODO: %s\n", __func__);
+	return NULL;
+}
+
+
+static void peer_notify_pending(void *ctx)
+{
+	printf("TODO: %s\n", __func__);
+}
+
+
+static struct eapol_callbacks eap_cb;
+static struct eap_config eap_conf;
+
+int eap_example_peer_init(void)
+{
+	if (eap_peer_register_methods() < 0)
+		return -1;
+
+	os_memset(&eap_ctx, 0, sizeof(eap_ctx));
+
+	eap_ctx.eap_config.identity = (u8 *) os_strdup("user");
+	eap_ctx.eap_config.identity_len = 4;
+	eap_ctx.eap_config.password = (u8 *) os_strdup("password");
+	eap_ctx.eap_config.password_len = 8;
+	eap_ctx.eap_config.ca_cert = (u8 *) os_strdup("ca.pem");
+	eap_ctx.eap_config.fragment_size = 1398;
+
+	os_memset(&eap_cb, 0, sizeof(eap_cb));
+	eap_cb.get_config = peer_get_config;
+	eap_cb.get_bool = peer_get_bool;
+	eap_cb.set_bool = peer_set_bool;
+	eap_cb.get_int = peer_get_int;
+	eap_cb.set_int = peer_set_int;
+	eap_cb.get_eapReqData = peer_get_eapReqData;
+	eap_cb.set_config_blob = peer_set_config_blob;
+	eap_cb.get_config_blob = peer_get_config_blob;
+	eap_cb.notify_pending = peer_notify_pending;
+
+	os_memset(&eap_conf, 0, sizeof(eap_conf));
+	eap_ctx.eap = eap_peer_sm_init(&eap_ctx, &eap_cb, &eap_ctx, &eap_conf);
+	if (eap_ctx.eap == NULL)
+		return -1;
+
+	/* Enable "port" to allow authentication */
+	eap_ctx.portEnabled = TRUE;
+
+	return 0;
+}
+
+
+void eap_example_peer_deinit(void)
+{
+	eap_peer_sm_deinit(eap_ctx.eap);
+	eap_peer_unregister_methods();
+	wpabuf_free(eap_ctx.eapReqData);
+	os_free(eap_ctx.eap_config.identity);
+	os_free(eap_ctx.eap_config.password);
+	os_free(eap_ctx.eap_config.ca_cert);
+}
+
+
+int eap_example_peer_step(void)
+{
+	int res;
+	res = eap_peer_sm_step(eap_ctx.eap);
+
+	if (eap_ctx.eapResp) {
+		struct wpabuf *resp;
+		printf("==> Response\n");
+		eap_ctx.eapResp = FALSE;
+		resp = eap_get_eapRespData(eap_ctx.eap);
+		if (resp) {
+			/* Send EAP response to the server */
+			eap_example_server_rx(wpabuf_head(resp),
+					      wpabuf_len(resp));
+			wpabuf_free(resp);
+		}
+	}
+
+	if (eap_ctx.eapSuccess) {
+		res = 0;
+		if (eap_key_available(eap_ctx.eap)) {
+			const u8 *key;
+			size_t key_len;
+			key = eap_get_eapKeyData(eap_ctx.eap, &key_len);
+			wpa_hexdump(MSG_DEBUG, "EAP keying material",
+				    key, key_len);
+		}
+	}
+
+	return res;
+}
+
+
+void eap_example_peer_rx(const u8 *data, size_t data_len)
+{
+	/* Make received EAP message available to the EAP library */
+	eap_ctx.eapReq = TRUE;
+	wpabuf_free(eap_ctx.eapReqData);
+	eap_ctx.eapReqData = wpabuf_alloc_copy(data, data_len);
+}

eap_example/eap_example_server.c

@@ -0,0 +1,192 @@
+/*
+ * Example application showing how EAP server code from hostapd can be used as
+ * a library.
+ * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eap_server/eap.h"
+#include "tls.h"
+#include "wpabuf.h"
+
+void eap_example_peer_rx(const u8 *data, size_t data_len);
+
+
+struct eap_server_ctx {
+	struct eap_eapol_interface *eap_if;
+	struct eap_sm *eap;
+	void *tls_ctx;
+};
+
+static struct eap_server_ctx eap_ctx;
+
+
+static int server_get_eap_user(void *ctx, const u8 *identity,
+			       size_t identity_len, int phase2,
+			       struct eap_user *user)
+{
+	os_memset(user, 0, sizeof(*user));
+
+	if (!phase2) {
+		/* Only allow EAP-PEAP as the Phase 1 method */
+		user->methods[0].vendor = EAP_VENDOR_IETF;
+		user->methods[0].method = EAP_TYPE_PEAP;
+		return 0;
+	}
+
+	if (identity_len != 4 || identity == NULL ||
+	    os_memcmp(identity, "user", 4) != 0) {
+		printf("Unknown user\n");
+		return -1;
+	}
+
+	/* Only allow EAP-MSCHAPv2 as the Phase 2 method */
+	user->methods[0].vendor = EAP_VENDOR_IETF;
+	user->methods[0].method = EAP_TYPE_MSCHAPV2;
+	user->password = (u8 *) os_strdup("password");
+	user->password_len = 8;
+
+	return 0;
+}
+
+
+static const char * server_get_eap_req_id_text(void *ctx, size_t *len)
+{
+	*len = 0;
+	return NULL;
+}
+
+
+static struct eapol_callbacks eap_cb;
+static struct eap_config eap_conf;
+
+static int eap_example_server_init_tls(void)
+{
+	struct tls_config tconf;
+	struct tls_connection_params tparams;
+
+	os_memset(&tconf, 0, sizeof(tconf));
+	eap_ctx.tls_ctx = tls_init(&tconf);
+	if (eap_ctx.tls_ctx == NULL)
+		return -1;
+
+	os_memset(&tparams, 0, sizeof(tparams));
+	tparams.ca_cert = "ca.pem";
+	tparams.client_cert = "server.pem";
+	tparams.private_key = "server.key";
+	tparams.private_key_passwd = "whatever";
+
+	if (tls_global_set_params(eap_ctx.tls_ctx, &tparams)) {
+		printf("Failed to set TLS parameters\n");
+		return -1;
+	}
+
+	if (tls_global_set_verify(eap_ctx.tls_ctx, 0)) {
+		printf("Failed to set check_crl\n");
+		return -1;
+	}
+
+	return 0;
+}
+
+
+int eap_example_server_init(void)
+{
+	if (eap_server_register_methods() < 0)
+		return -1;
+
+	os_memset(&eap_ctx, 0, sizeof(eap_ctx));
+
+	if (eap_example_server_init_tls() < 0)
+		return -1;
+
+	os_memset(&eap_cb, 0, sizeof(eap_cb));
+	eap_cb.get_eap_user = server_get_eap_user;
+	eap_cb.get_eap_req_id_text = server_get_eap_req_id_text;
+
+	os_memset(&eap_conf, 0, sizeof(eap_conf));
+	eap_conf.eap_server = 1;
+	eap_conf.ssl_ctx = eap_ctx.tls_ctx;
+
+	eap_ctx.eap = eap_server_sm_init(&eap_ctx, &eap_cb, &eap_conf);
+	if (eap_ctx.eap == NULL)
+		return -1;
+
+	eap_ctx.eap_if = eap_get_interface(eap_ctx.eap);
+
+	/* Enable "port" and request EAP to start authentication. */
+	eap_ctx.eap_if->portEnabled = TRUE;
+	eap_ctx.eap_if->eapRestart = TRUE;
+
+	return 0;
+}
+
+
+void eap_example_server_deinit(void)
+{
+	eap_server_sm_deinit(eap_ctx.eap);
+	eap_server_unregister_methods();
+	tls_deinit(eap_ctx.tls_ctx);
+}
+
+
+int eap_example_server_step(void)
+{
+	int res, process = 0;
+
+	res = eap_server_sm_step(eap_ctx.eap);
+
+	if (eap_ctx.eap_if->eapReq) {
+		printf("==> Request\n");
+		process = 1;
+		eap_ctx.eap_if->eapReq = 0;
+	}
+
+	if (eap_ctx.eap_if->eapSuccess) {
+		printf("==> Success\n");
+		process = 1;
+		res = 0;
+		eap_ctx.eap_if->eapSuccess = 0;
+
+		if (eap_ctx.eap_if->eapKeyAvailable) {
+			wpa_hexdump(MSG_DEBUG, "EAP keying material",
+				    eap_ctx.eap_if->eapKeyData,
+				    eap_ctx.eap_if->eapKeyDataLen);
+		}
+	}
+
+	if (eap_ctx.eap_if->eapFail) {
+		printf("==> Fail\n");
+		process = 1;
+		eap_ctx.eap_if->eapFail = 0;
+	}
+
+	if (process && eap_ctx.eap_if->eapReqData) {
+		/* Send EAP response to the server */
+		eap_example_peer_rx(wpabuf_head(eap_ctx.eap_if->eapReqData),
+				    wpabuf_len(eap_ctx.eap_if->eapReqData));
+	}
+
+	return res;
+}
+
+
+void eap_example_server_rx(const u8 *data, size_t data_len)
+{
+	/* Make received EAP message available to the EAP library */
+	wpabuf_free(eap_ctx.eap_if->eapRespData);
+	eap_ctx.eap_if->eapRespData = wpabuf_alloc_copy(data, data_len);
+	if (eap_ctx.eap_if->eapRespData)
+		eap_ctx.eap_if->eapResp = TRUE;
+}

eap_example/server.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAjygAwIBAgIJAIb4NS4TdLXVMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMQ4wDAYDVQQKEwV3MS5maTEQMA4G
+A1UEAxMHVGVzdCBDQTEbMBkGCSqGSIb3DQEJARYMdGVzdGNhQHcxLmZpMB4XDTA3
+MTIwOTAzMTUwOFoXDTE3MTIwNjAzMTUwOFoweTELMAkGA1UEBhMCVVMxEzARBgNV
+BAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xDjAMBgNVBAoT
+BXcxLmZpMRAwDgYDVQQDEwdUZXN0IEFTMRswGQYJKoZIhvcNAQkBFgx0ZXN0YXNA
+dzEuZmkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANOhi4M+aMRa778CPRFV
+ZNJvTuxfp0CQ+etNpSNkAbkCGNGolbPMPnSQWZUqL5HsaBLm2UbMtS2iR3CO5JQC
+bPy0xfAjCZV5LQeW4UNVKL3hdtVFzMT6fKgOKCDVEbLLWZze3lEbzhu81q2r3w5x
+4lqDieCHwvwjiTWpMtEyXIEnAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4
+QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRb
+xGTC3mPimgyGb5vYLLV5wyc9ITAfBgNVHSMEGDAWgBSoSbkiyeiYXAf3UYAfI9If
+ZjpaSjANBgkqhkiG9w0BAQUFAAOBgQA9wVGtroz/rsx1EeALJejW01SAr4kpTxoS
+WP6zuWFb+J/lJd7DeVM6/QBYAwZb0fB6nwSpJJCj6XDRZtN/yLeaTd/rCZrfom4Z
+8gbkWMTXDn2Cea2VnCe5W0gK+4dIj5DD5CpPvgt4lYqlwN0WAih6twd7Q4x/tiiJ
+ejNQzlTHOg==
+-----END CERTIFICATE-----

hostapd/.gitignore

@@ -0,0 +1,7 @@
+*.d
+.config
+driver_conf.c
+hostapd
+hostapd_cli
+hlr_auc_gw
+nt_password_hash

hostapd/ChangeLog

@@ -0,0 +1,477 @@
+ChangeLog for hostapd
+
+2008-02-22 - v0.6.3
+	* fixed Reassociation Response callback processing when using internal
+	  MLME (driver_{hostap,nl80211,test}.c)
+	* updated FT support to use the latest draft, IEEE 802.11r/D9.0
+	* copy optional Proxy-State attributes into RADIUS response when acting
+	  as a RADIUS authentication server
+	* fixed EAPOL state machine to handle a case in which no response is
+	  received from the RADIUS authentication server; previous version
+	  could have triggered a crash in some cases after a timeout
+	* fixed EAP-SIM/AKA realm processing to allow decorated usernames to
+	  be used
+	* added a workaround for EAP-SIM/AKA peers that include incorrect null
+	  termination in the username
+	* fixed EAP-SIM/AKA protected result indication to include AT_COUNTER
+	  attribute in notification messages only when using fast
+	  reauthentication
+	* fixed EAP-SIM Start response processing for fast reauthentication
+	  case
+	* added support for pending EAP processing in EAP-{PEAP,TTLS,FAST}
+	  phase 2 to allow EAP-SIM and EAP-AKA to be used as the Phase 2 method
+
+2008-01-01 - v0.6.2
+	* fixed EAP-SIM and EAP-AKA message parser to validate attribute
+	  lengths properly to avoid potential crash caused by invalid messages
+	* added data structure for storing allocated buffers (struct wpabuf);
+	  this does not affect hostapd usage, but many of the APIs changed
+	  and various interfaces (e.g., EAP) is not compatible with old
+	  versions
+	* added support for protecting EAP-AKA/Identity messages with
+	  AT_CHECKCODE (optional feature in RFC 4187)
+	* added support for protected result indication with AT_RESULT_IND for
+	  EAP-SIM and EAP-AKA (eap_sim_aka_result_ind=1)
+	* added support for configuring EAP-TTLS phase 2 non-EAP methods in
+	  EAP server configuration; previously all four were enabled for every
+	  phase 2 user, now all four are disabled by default and need to be
+	  enabled with new method names TTLS-PAP, TTLS-CHAP, TTLS-MSCHAP,
+	  TTLS-MSCHAPV2
+	* removed old debug printing mechanism and the related 'debug'
+	  parameter in the configuration file; debug verbosity is now set with
+	  -d (or -dd) command line arguments
+	* added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt);
+	  only shared key/password authentication is supported in this version
+
+2007-11-24 - v0.6.1
+	* added experimental, integrated TLSv1 server implementation with the
+	  needed X.509/ASN.1/RSA/bignum processing (this can be enabled by
+	  setting CONFIG_TLS=internal and CONFIG_INTERNAL_LIBTOMMATH=y in
+	  .config); this can be useful, e.g., if the target system does not
+	  have a suitable TLS library and a minimal code size is required
+	* added support for EAP-FAST server method to the integrated EAP
+	  server
+	* updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+	  draft (draft-ietf-emu-eap-gpsk-07.txt)
+	* added a new configuration parameter, rsn_pairwise, to allow different
+	  pairwise cipher suites to be enabled for WPA and RSN/WPA2
+	  (note: if wpa_pairwise differs from rsn_pairwise, the driver will
+	  either need to support this or will have to use the WPA/RSN IEs from
+	  hostapd; currently, the included madwifi and bsd driver interfaces do
+	  not have support for this)
+	* updated FT support to use the latest draft, IEEE 802.11r/D8.0
+
+2007-05-28 - v0.6.0
+	* added experimental IEEE 802.11r/D6.0 support
+	* updated EAP-SAKE to RFC 4763 and the IANA-allocated EAP type 48
+	* updated EAP-PSK to use the IANA-allocated EAP type 47
+	* fixed EAP-PSK bit ordering of the Flags field
+	* fixed configuration reloading (SIGHUP) to re-initialize WPA PSKs
+	  by reading wpa_psk_file [Bug 181]
+	* fixed EAP-TTLS AVP parser processing for too short AVP lengths
+	* fixed IPv6 connection to RADIUS accounting server
+	* updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+	  draft (draft-ietf-emu-eap-gpsk-04.txt)
+	* hlr_auc_gw: read GSM triplet file into memory and rotate through the
+	  entries instead of only using the same three triplets every time
+	  (this does not work properly with tests using multiple clients, but
+	  provides bit better triplet data for testing a single client; anyway,
+	  if a better quality triplets are needed, GSM-Milenage should be used
+	  instead of hardcoded triplet file)
+	* fixed EAP-MSCHAPv2 server to use a space between S and M parameters
+	  in Success Request [Bug 203]
+	* added support for sending EAP-AKA Notifications in error cases
+	* updated to use IEEE 802.11w/D2.0 for management frame protection
+	  (still experimental)
+	* RADIUS server: added support for processing duplicate messages
+	  (retransmissions from RADIUS client) by replying with the previous
+	  reply
+
+2006-11-24 - v0.5.6
+	* added support for configuring and controlling multiple BSSes per
+	  radio interface (bss=<ifname> in hostapd.conf); this is only
+	  available with Devicescape and test driver interfaces
+	* fixed PMKSA cache update in the end of successful RSN
+	  pre-authentication
+	* added support for dynamic VLAN configuration (i.e., selecting VLAN-ID
+	  for each STA based on RADIUS Access-Accept attributes); this requires
+	  VLAN support from the kernel driver/802.11 stack and this is
+	  currently only available with Devicescape and test driver interfaces
+	* driver_madwifi: fixed configuration of unencrypted modes (plaintext
+	  and IEEE 802.1X without WEP)
+	* removed STAKey handshake since PeerKey handshake has replaced it in
+	  IEEE 802.11ma and there are no known deployments of STAKey
+	* updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+	  draft (draft-ietf-emu-eap-gpsk-01.txt)
+	* added preliminary implementation of IEEE 802.11w/D1.0 (management
+	  frame protection)
+	  (Note: this requires driver support to work properly.)
+	  (Note2: IEEE 802.11w is an unapproved draft and subject to change.)
+	* hlr_auc_gw: added support for GSM-Milenage (for EAP-SIM)
+	* hlr_auc_gw: added support for reading per-IMSI Milenage keys and
+	  parameters from a text file to make it possible to implement proper
+	  GSM/UMTS authentication server for multiple SIM/USIM cards using
+	  EAP-SIM/EAP-AKA
+	* fixed session timeout processing with drivers that do not use
+	  ieee802_11.c (e.g., madwifi)
+
+2006-08-27 - v0.5.5
+	* added 'hostapd_cli new_sta <addr>' command for adding a new STA into
+	  hostapd (e.g., to initialize wired network authentication based on an
+	  external signal)
+	* fixed hostapd to add PMKID KDE into 4-Way Handshake Message 1 when
+	  using WPA2 even if PMKSA caching is not used
+	* added -P<pid file> argument for hostapd to write the current process
+	  id into a file
+	* added support for RADIUS Authentication Server MIB (RFC 2619)
+
+2006-06-20 - v0.5.4
+	* fixed nt_password_hash build [Bug 144]
+	* added PeerKey handshake implementation for IEEE 802.11e
+	  direct link setup (DLS) to replace STAKey handshake
+	* added support for EAP Generalized Pre-Shared Key (EAP-GPSK,
+	  draft-clancy-emu-eap-shared-secret-00.txt)
+	* fixed a segmentation fault when RSN pre-authentication was completed
+	  successfully [Bug 152]
+
+2006-04-27 - v0.5.3
+	* do not build nt_password_hash and hlr_auc_gw by default to avoid
+	  requiring a TLS library for a successful build; these programs can be
+	  build with 'make nt_password_hash' and 'make hlr_auc_gw'
+	* added a new configuration option, eapol_version, that can be used to
+	  set EAPOL version to 1 (default is 2) to work around broken client
+	  implementations that drop EAPOL frames which use version number 2
+	  [Bug 89]
+	* added support for EAP-SAKE (no EAP method number allocated yet, so
+	  this is using the same experimental type 255 as EAP-PSK)
+	* fixed EAP-MSCHAPv2 message length validation
+
+2006-03-19 - v0.5.2
+	* fixed stdarg use in hostapd_logger(): if both stdout and syslog
+	  logging was enabled, hostapd could trigger a segmentation fault in
+	  vsyslog on some CPU -- C library combinations
+	* moved HLR/AuC gateway implementation for EAP-SIM/AKA into an external
+	  program to make it easier to use for implementing real SS7 gateway;
+	  eap_sim_db is not anymore used as a file name for GSM authentication
+	  triplets; instead, it is path to UNIX domain socket that will be used
+	  to communicate with the external gateway program (e.g., hlr_auc_gw)
+	* added example HLR/AuC gateway implementation, hlr_auc_gw, that uses
+	  local information (GSM authentication triplets from a text file and
+	  hardcoded AKA authentication data); this can be used to test EAP-SIM
+	  and EAP-AKA
+	* added Milenage algorithm (example 3GPP AKA algorithm) to hlr_auc_gw
+	  to make it possible to test EAP-AKA with real USIM cards (this is
+	  disabled by default; define AKA_USE_MILENAGE when building hlr_auc_gw
+	  to enable this)
+	* driver_madwifi: added support for getting station RSN IE from
+	  madwifi-ng svn r1453 and newer; this fixes RSN that was apparently
+	  broken with earlier change (r1357) in the driver
+	* changed EAP method registration to use a dynamic list of methods
+	  instead of a static list generated at build time
+	* fixed WPA message 3/4 not to encrypt Key Data field (WPA IE)
+	  [Bug 125]
+	* added ap_max_inactivity configuration parameter
+
+2006-01-29 - v0.5.1
+	* driver_test: added better support for multiple APs and STAs by using
+	  a directory with sockets that include MAC address for each device in
+	  the name (test_socket=DIR:/tmp/test)
+	* added support for EAP expanded type (vendor specific EAP methods)
+
+2005-12-18 - v0.5.0 (beginning of 0.5.x development releases)
+	* added experimental STAKey handshake implementation for IEEE 802.11e
+	  direct link setup (DLS); note: this is disabled by default in both
+	  build and runtime configuration (can be enabled with CONFIG_STAKEY=y
+	  and stakey=1)
+	* added support for EAP methods to use callbacks to external programs
+	  by buffering a pending request and processing it after the EAP method
+	  is ready to continue
+	* improved EAP-SIM database interface to allow external request to GSM
+	  HLR/AuC without blocking hostapd process
+	* added support for using EAP-SIM pseudonyms and fast re-authentication
+	* added support for EAP-AKA in the integrated EAP authenticator
+	* added support for matching EAP identity prefixes (e.g., "1"*) in EAP
+	  user database to allow EAP-SIM/AKA selection without extra roundtrip
+	  for EAP-Nak negotiation
+	* added support for storing EAP user password as NtPasswordHash instead
+	  of plaintext password when using MSCHAP or MSCHAPv2 for
+	  authentication (hash:<16-octet hex value>); added nt_password_hash
+	  tool for hashing password to generate NtPasswordHash
+
+2005-11-20 - v0.4.7 (beginning of 0.4.x stable releases)
+	* driver_wired: fixed EAPOL sending to optionally use PAE group address
+	  as the destination instead of supplicant MAC address; this is
+	  disabled by default, but should be enabled with use_pae_group_addr=1
+	  in configuration file if the wired interface is used by only one
+	  device at the time (common switch configuration)
+	* driver_madwifi: configure driver to use TKIP countermeasures in order
+	  to get correct behavior (IEEE 802.11 association failing; previously,
+	  association succeeded, but hostpad forced disassociation immediately)
+	* driver_madwifi: added support for madwifi-ng
+
+2005-10-27 - v0.4.6
+	* added support for replacing user identity from EAP with RADIUS
+	  User-Name attribute from Access-Accept message, if that is included,
+	  for the RADIUS accounting messages (e.g., for EAP-PEAP/TTLS to get
+	  tunneled identity into accounting messages when the RADIUS server
+	  does not support better way of doing this with Class attribute)
+	* driver_madwifi: fixed EAPOL packet receive for configuration where
+	  ath# is part of a bridge interface
+	* added a configuration file and log analyzer script for logwatch
+	* fixed EAPOL state machine step function to process all state
+	  transitions before processing new events; this resolves a race
+	  condition in which EAPOL-Start message could trigger hostapd to send
+	  two EAP-Response/Identity frames to the authentication server
+
+2005-09-25 - v0.4.5
+	* added client CA list to the TLS certificate request in order to make
+	  it easier for the client to select which certificate to use
+	* added experimental support for EAP-PSK
+	* added support for WE-19 (hostap, madwifi)
+
+2005-08-21 - v0.4.4
+	* fixed build without CONFIG_RSN_PREAUTH
+	* fixed FreeBSD build
+
+2005-06-26 - v0.4.3
+	* fixed PMKSA caching to copy User-Name and Class attributes so that
+	  RADIUS accounting gets correct information
+	* start RADIUS accounting only after successful completion of WPA
+	  4-Way Handshake if WPA-PSK is used
+	* fixed PMKSA caching for the case where STA (re)associates without
+	  first disassociating
+
+2005-06-12 - v0.4.2
+	* EAP-PAX is now registered as EAP type 46
+	* fixed EAP-PAX MAC calculation
+	* fixed EAP-PAX CK and ICK key derivation
+	* renamed eap_authenticator configuration variable to eap_server to
+	  better match with RFC 3748 (EAP) terminology
+	* driver_test: added support for testing hostapd with wpa_supplicant
+	  by using test driver interface without any kernel drivers or network
+	  cards
+
+2005-05-22 - v0.4.1
+	* fixed RADIUS server initialization when only auth or acct server
+	  is configured and the other one is left empty
+	* driver_madwifi: added support for RADIUS accounting
+	* driver_madwifi: added preliminary support for compiling against 'BSD'
+	  branch of madwifi CVS tree
+	* driver_madwifi: fixed pairwise key removal to allow WPA reauth
+	  without disassociation
+	* added support for reading additional certificates from PKCS#12 files
+	  and adding them to the certificate chain
+	* fixed RADIUS Class attribute processing to only use Access-Accept
+	  packets to update Class; previously, other RADIUS authentication
+	  packets could have cleared Class attribute
+	* added support for more than one Class attribute in RADIUS packets
+	* added support for verifying certificate revocation list (CRL) when
+	  using integrated EAP authenticator for EAP-TLS; new hostapd.conf
+	  options 'check_crl'; CRL must be included in the ca_cert file for now
+
+2005-04-25 - v0.4.0 (beginning of 0.4.x development releases)
+	* added support for including network information into
+	  EAP-Request/Identity message (ASCII-0 (nul) in eap_message)
+	  (e.g., to implement draft-adrange-eap-network-discovery-07.txt)
+	* fixed a bug which caused some RSN pre-authentication cases to use
+	  freed memory and potentially crash hostapd
+	* fixed private key loading for cases where passphrase is not set
+	* added support for sending TLS alerts and aborting authentication
+	  when receiving a TLS alert
+	* fixed WPA2 to add PMKSA cache entry when using integrated EAP
+	  authenticator
+	* fixed PMKSA caching (EAP authentication was not skipped correctly
+	  with the new state machine changes from IEEE 802.1X draft)
+	* added support for RADIUS over IPv6; own_ip_addr, auth_server_addr,
+	  and acct_server_addr can now be IPv6 addresses (CONFIG_IPV6=y needs
+	  to be added to .config to include IPv6 support); for RADIUS server,
+	  radius_server_ipv6=1 needs to be set in hostapd.conf and addresses
+	  in RADIUS clients file can then use IPv6 format
+	* added experimental support for EAP-PAX
+	* replaced hostapd control interface library (hostapd_ctrl.[ch]) with
+	  the same implementation that wpa_supplicant is using (wpa_ctrl.[ch])
+
+2005-02-12 - v0.3.7 (beginning of 0.3.x stable releases)
+
+2005-01-23 - v0.3.5
+	* added support for configuring a forced PEAP version based on the
+	  Phase 1 identity
+	* fixed PEAPv1 to use tunneled EAP-Success/Failure instead of EAP-TLV
+	  to terminate authentication
+	* fixed EAP identifier duplicate processing with the new IEEE 802.1X
+	  draft
+	* clear accounting data in the driver when starting a new accounting
+	  session
+	* driver_madwifi: filter wireless events based on ifindex to allow more
+	  than one network interface to be used
+	* fixed WPA message 2/4 processing not to cancel timeout for TimeoutEvt
+	  setting if the packet does not pass MIC verification (e.g., due to
+	  incorrect PSK); previously, message 1/4 was not tried again if an
+	  invalid message 2/4 was received
+	* fixed reconfiguration of RADIUS client retransmission timer when
+	  adding a new message to the pending list; previously, timer was not
+	  updated at this point and if there was a pending message with long
+	  time for the next retry, the new message needed to wait that long for
+	  its first retry, too
+
+2005-01-09 - v0.3.4
+	* added support for configuring multiple allowed EAP types for Phase 2
+	  authentication (EAP-PEAP, EAP-TTLS)
+	* fixed EAPOL-Start processing to trigger WPA reauthentication
+	  (previously, only EAPOL authentication was done)
+
+2005-01-02 - v0.3.3
+	* added support for EAP-PEAP in the integrated EAP authenticator
+	* added support for EAP-GTC in the integrated EAP authenticator
+	* added support for configuring list of EAP methods for Phase 1 so that
+	  the integrated EAP authenticator can, e.g., use the wildcard entry
+	  for EAP-TLS and EAP-PEAP
+	* added support for EAP-TTLS in the integrated EAP authenticator
+	* added support for EAP-SIM in the integrated EAP authenticator
+	* added support for using hostapd as a RADIUS authentication server
+	  with the integrated EAP authenticator taking care of EAP
+	  authentication (new hostapd.conf options: radius_server_clients and
+	  radius_server_auth_port); this is not included in default build; use
+	  CONFIG_RADIUS_SERVER=y in .config to include
+
+2004-12-19 - v0.3.2
+	* removed 'daemonize' configuration file option since it has not really
+	  been used at all for more than year
+	* driver_madwifi: fixed group key setup and added get_ssid method
+	* added support for EAP-MSCHAPv2 in the integrated EAP authenticator
+
+2004-12-12 - v0.3.1
+	* added support for integrated EAP-TLS authentication (new hostapd.conf
+	  variables: ca_cert, server_cert, private_key, private_key_passwd);
+	  this enabled dynamic keying (WPA2/WPA/IEEE 802.1X/WEP) without
+	  external RADIUS server
+	* added support for reading PKCS#12 (PFX) files (as a replacement for
+	  PEM/DER) to get certificate and private key (CONFIG_PKCS12)
+
+2004-12-05 - v0.3.0 (beginning of 0.3.x development releases)
+	* added support for Acct-{Input,Output}-Gigawords
+	* added support for Event-Timestamp (in RADIUS Accounting-Requests)
+	* added support for RADIUS Authentication Client MIB (RFC2618)
+	* added support for RADIUS Accounting Client MIB (RFC2620)
+	* made EAP re-authentication period configurable (eap_reauth_period)
+	* fixed EAPOL reauthentication to trigger WPA/WPA2 reauthentication
+	* fixed EAPOL state machine to stop if STA is removed during
+	  eapol_sm_step(); this fixes at least one segfault triggering bug with
+	  IEEE 802.11i pre-authentication
+	* added support for multiple WPA pre-shared keys (e.g., one for each
+	  client MAC address or keys shared by a group of clients);
+	  new hostapd.conf field wpa_psk_file for setting path to a text file
+	  containing PSKs, see hostapd.wpa_psk for an example
+	* added support for multiple driver interfaces to allow hostapd to be
+	  used with other drivers
+	* added wired authenticator driver interface (driver=wired in
+	  hostapd.conf, see wired.conf for example configuration)
+	* added madwifi driver interface (driver=madwifi in hostapd.conf, see
+	  madwifi.conf for example configuration; Note: include files from
+	  madwifi project is needed for building and a configuration file,
+	  .config, needs to be created in hostapd directory with
+	  CONFIG_DRIVER_MADWIFI=y to include this driver interface in hostapd
+	  build)
+	* fixed an alignment issue that could cause SHA-1 to fail on some
+	  platforms (e.g., Intel ixp425 with a compiler that does not 32-bit
+	  align variables)
+	* fixed RADIUS reconnection after an error in sending interim
+	  accounting packets
+	* added hostapd control interface for external programs and an example
+	  CLI, hostapd_cli (like wpa_cli for wpa_supplicant)
+	* started adding dot11, dot1x, radius MIBs ('hostapd_cli mib',
+	  'hostapd_cli sta <addr>')
+	* finished update from IEEE 802.1X-2001 to IEEE 802.1X-REV (now d11)
+	* added support for strict GTK rekeying (wpa_strict_rekey in
+	  hostapd.conf)
+	* updated IAPP to use UDP port 3517 and multicast address 224.0.1.178
+	  (instead of broadcast) for IAPP ADD-notify (moved from draft 3 to
+	  IEEE 802.11F-2003)
+	* added Prism54 driver interface (driver=prism54 in hostapd.conf;
+	  note: .config needs to be created in hostapd directory with
+	  CONFIG_DRIVER_PRISM54=y to include this driver interface in hostapd
+	  build)
+	* dual-licensed hostapd (GPLv2 and BSD licenses)
+	* fixed RADIUS accounting to generate a new session id for cases where
+	  a station reassociates without first being complete deauthenticated
+	* fixed STA disassociation handler to mark next timeout state to
+	  deauthenticate the station, i.e., skip long wait for inactivity poll
+	  and extra disassociation, if the STA disassociates without
+	  deauthenticating
+	* added integrated EAP authenticator that can be used instead of
+	  external RADIUS authentication server; currently, only EAP-MD5 is
+	  supported, so this cannot yet be used for key distribution; the EAP
+	  method interface is generic, though, so adding new EAP methods should
+	  be straightforward; new hostapd.conf variables: 'eap_authenticator'
+	  and 'eap_user_file'; this obsoletes "minimal authentication server"
+	  ('minimal_eap' in hostapd.conf) which is now removed
+	* added support for FreeBSD and driver interface for the BSD net80211
+	  layer (driver=bsd in hostapd.conf and CONFIG_DRIVER_BSD=y in
+	  .config); please note that some of the required kernel mods have not
+	  yet been committed
+
+2004-07-17 - v0.2.4 (beginning of 0.2.x stable releases)
+	* fixed some accounting cases where Accounting-Start was sent when
+	  IEEE 802.1X port was being deauthorized
+
+2004-06-20 - v0.2.3
+	* modified RADIUS client to re-connect the socket in case of certain
+	  error codes that are generated when a network interface state is
+	  changes (e.g., when IP address changes or the interface is set UP)
+	* fixed couple of cases where EAPOL state for a station was freed
+	  twice causing a segfault for hostapd
+	* fixed couple of bugs in processing WPA deauthentication (freed data
+	  was used)
+
+2004-05-31 - v0.2.2
+	* fixed WPA/WPA2 group rekeying to use key index correctly (GN/GM)
+	* fixed group rekeying to send zero TSC in EAPOL-Key messages to fix
+	  cases where STAs dropped multicast frames as replay attacks
+	* added support for copying RADIUS Attribute 'Class' from
+	  authentication messages into accounting messages
+	* send canned EAP failure if RADIUS server sends Access-Reject without
+	  EAP message (previously, Supplicant was not notified in this case)
+	* fixed mixed WPA-PSK and WPA-EAP mode to work with WPA-PSK (i.e., do
+	  not start EAPOL state machines if the STA selected to use WPA-PSK)
+
+2004-05-06 - v0.2.1
+	* added WPA and IEEE 802.11i/RSN (WPA2) Authenticator functionality
+	  - based on IEEE 802.11i/D10.0 but modified to interoperate with WPA
+	    (i.e., IEEE 802.11i/D3.0)
+	  - supports WPA-only, RSN-only, and mixed WPA/RSN mode
+	  - both WPA-PSK and WPA-RADIUS/EAP are supported
+	  - PMKSA caching and pre-authentication
+	  - new hostapd.conf variables: wpa, wpa_psk, wpa_passphrase,
+	    wpa_key_mgmt, wpa_pairwise, wpa_group_rekey, wpa_gmk_rekey,
+	    rsn_preauth, rsn_preauth_interfaces
+	* fixed interim accounting to remove any pending accounting messages
+	  to the STA before sending a new one
+
+2004-02-15 - v0.2.0
+	* added support for Acct-Interim-Interval:
+	  - draft-ietf-radius-acct-interim-01.txt
+	  - use Acct-Interim-Interval attribute from Access-Accept if local
+	    'radius_acct_interim_interval' is not set
+	  - allow different update intervals for each STA
+	* fixed event loop to call signal handlers only after returning from
+	  the real signal handler
+	* reset sta->timeout_next after successful association to make sure
+	  that the previously registered inactivity timer will not remove the
+	  STA immediately (e.g., if STA deauthenticates and re-associates
+	  before the timer is triggered).
+	* added new hostapd.conf variable, nas_identifier, that can be used to
+	  add an optional RADIUS Attribute, NAS-Identifier, into authentication
+	  and accounting messages
+	* added support for Accounting-On and Accounting-Off messages
+	* fixed accounting session handling to send Accounting-Start only once
+	  per session and not to send Accounting-Stop if the session was not
+	  initialized properly
+	* fixed Accounting-Stop statistics in cases where the message was
+	  previously sent after the kernel entry for the STA (and/or IEEE
+	  802.1X data) was removed
+
+
+Note:
+
+Older changes up to and including v0.1.0 are included in the ChangeLog
+of the Host AP driver.

hostapd/Makefile

@@ -0,0 +1,534 @@
+ifndef CC
+CC=gcc
+endif
+
+ifndef CFLAGS
+CFLAGS = -MMD -O2 -Wall -g
+endif
+
+# define HOSTAPD_DUMP_STATE to include SIGUSR1 handler for dumping state to
+# a file (undefine it, if you want to save in binary size)
+CFLAGS += -DHOSTAPD_DUMP_STATE
+
+CFLAGS += -I../src
+CFLAGS += -I../src/crypto
+CFLAGS += -I../src/utils
+CFLAGS += -I../src/common
+
+# Uncomment following line and set the path to your kernel tree include
+# directory if your C library does not include all header files.
+# CFLAGS += -DUSE_KERNEL_HEADERS -I/usr/src/linux/include
+
+-include .config
+
+ifndef CONFIG_OS
+ifdef CONFIG_NATIVE_WINDOWS
+CONFIG_OS=win32
+else
+CONFIG_OS=unix
+endif
+endif
+
+ifeq ($(CONFIG_OS), internal)
+CFLAGS += -DOS_NO_C_LIB_DEFINES
+endif
+
+ifdef CONFIG_NATIVE_WINDOWS
+CFLAGS += -DCONFIG_NATIVE_WINDOWS
+LIBS += -lws2_32
+endif
+
+OBJS =	hostapd.o ieee802_1x.o eapol_sm.o \
+	ieee802_11.o config.o ieee802_11_auth.o accounting.o \
+	sta_info.o wpa.o ctrl_iface.o \
+	drivers.o preauth.o pmksa_cache.o beacon.o \
+	hw_features.o wme.o ap_list.o reconfig.o \
+	mlme.o vlan_init.o ieee802_11h.o wpa_auth_ie.o
+
+OBJS += ../src/utils/eloop.o
+OBJS += ../src/utils/common.o
+OBJS += ../src/utils/wpa_debug.o
+OBJS += ../src/utils/wpabuf.o
+OBJS += ../src/utils/os_$(CONFIG_OS).o
+OBJS += ../src/utils/ip_addr.o
+
+OBJS += ../src/common/wpa_common.o
+
+OBJS += ../src/radius/radius.o
+OBJS += ../src/radius/radius_client.o
+
+OBJS += ../src/crypto/md5.o
+OBJS += ../src/crypto/rc4.o
+OBJS += ../src/crypto/md4.o
+OBJS += ../src/crypto/sha1.o
+OBJS += ../src/crypto/des.o
+OBJS += ../src/crypto/aes_wrap.o
+OBJS += ../src/crypto/aes.o
+
+HOBJS=../src/hlr_auc_gw/hlr_auc_gw.o ../src/utils/common.o ../src/utils/wpa_debug.o ../src/utils/os_$(CONFIG_OS).o ../src/hlr_auc_gw/milenage.o ../src/crypto/aes_wrap.o ../src/crypto/aes.o
+
+CFLAGS += -DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX
+
+ifdef CONFIG_IAPP
+CFLAGS += -DCONFIG_IAPP
+OBJS += iapp.o
+endif
+
+ifdef CONFIG_RSN_PREAUTH
+CFLAGS += -DCONFIG_RSN_PREAUTH
+CONFIG_L2_PACKET=y
+endif
+
+ifdef CONFIG_PEERKEY
+CFLAGS += -DCONFIG_PEERKEY
+OBJS += peerkey.o
+endif
+
+ifdef CONFIG_IEEE80211W
+CFLAGS += -DCONFIG_IEEE80211W
+NEED_SHA256=y
+endif
+
+ifdef CONFIG_IEEE80211R
+CFLAGS += -DCONFIG_IEEE80211R
+OBJS += wpa_ft.o
+NEED_SHA256=y
+endif
+
+ifdef CONFIG_DRIVER_HOSTAP
+CFLAGS += -DCONFIG_DRIVER_HOSTAP
+OBJS += driver_hostap.o
+endif
+
+ifdef CONFIG_DRIVER_WIRED
+CFLAGS += -DCONFIG_DRIVER_WIRED
+OBJS += driver_wired.o
+endif
+
+ifdef CONFIG_DRIVER_MADWIFI
+CFLAGS += -DCONFIG_DRIVER_MADWIFI
+OBJS += driver_madwifi.o
+CONFIG_L2_PACKET=y
+endif
+
+ifdef CONFIG_DRIVER_PRISM54
+CFLAGS += -DCONFIG_DRIVER_PRISM54
+OBJS += driver_prism54.o
+endif
+
+ifdef CONFIG_DRIVER_NL80211
+CFLAGS += -DCONFIG_DRIVER_NL80211
+OBJS += driver_nl80211.o radiotap.o
+LIBS += -lnl
+endif
+
+ifdef CONFIG_DRIVER_BSD
+CFLAGS += -DCONFIG_DRIVER_BSD
+OBJS += driver_bsd.o
+CONFIG_L2_PACKET=y
+CONFIG_DNET_PCAP=y
+CONFIG_L2_FREEBSD=y
+endif
+
+ifdef CONFIG_DRIVER_TEST
+CFLAGS += -DCONFIG_DRIVER_TEST
+OBJS += driver_test.o
+endif
+
+ifdef CONFIG_L2_PACKET
+ifdef CONFIG_DNET_PCAP
+ifdef CONFIG_L2_FREEBSD
+LIBS += -lpcap
+OBJS += ../src/l2_packet/l2_packet_freebsd.o
+else
+LIBS += -ldnet -lpcap
+OBJS += ../src/l2_packet/l2_packet_pcap.o
+endif
+else
+OBJS += ../src/l2_packet/l2_packet_linux.o
+endif
+endif
+
+
+ifdef CONFIG_EAP_MD5
+CFLAGS += -DEAP_MD5
+OBJS += ../src/eap_server/eap_md5.o
+CHAP=y
+endif
+
+ifdef CONFIG_EAP_TLS
+CFLAGS += -DEAP_TLS
+OBJS += ../src/eap_server/eap_tls.o
+TLS_FUNCS=y
+endif
+
+ifdef CONFIG_EAP_PEAP
+CFLAGS += -DEAP_PEAP
+OBJS += ../src/eap_server/eap_peap.o
+TLS_FUNCS=y
+CONFIG_EAP_TLV=y
+CONFIG_EAP_MSCHAPV2=y
+endif
+
+ifdef CONFIG_EAP_TTLS
+CFLAGS += -DEAP_TTLS
+OBJS += ../src/eap_server/eap_ttls.o
+TLS_FUNCS=y
+CHAP=y
+endif
+
+ifdef CONFIG_EAP_MSCHAPV2
+CFLAGS += -DEAP_MSCHAPv2
+OBJS += ../src/eap_server/eap_mschapv2.o
+MS_FUNCS=y
+endif
+
+ifdef CONFIG_EAP_GTC
+CFLAGS += -DEAP_GTC
+OBJS += ../src/eap_server/eap_gtc.o
+endif
+
+ifdef CONFIG_EAP_SIM
+CFLAGS += -DEAP_SIM
+OBJS += ../src/eap_server/eap_sim.o
+CONFIG_EAP_SIM_COMMON=y
+endif
+
+ifdef CONFIG_EAP_AKA
+CFLAGS += -DEAP_AKA
+OBJS += ../src/eap_server/eap_aka.o
+CONFIG_EAP_SIM_COMMON=y
+endif
+
+ifdef CONFIG_EAP_SIM_COMMON
+OBJS += ../src/eap_common/eap_sim_common.o
+# Example EAP-SIM/AKA interface for GSM/UMTS authentication. This can be
+# replaced with another file implementating the interface specified in
+# eap_sim_db.h.
+OBJS += ../src/eap_server/eap_sim_db.o
+NEED_FIPS186_2_PRF=y
+endif
+
+ifdef CONFIG_EAP_PAX
+CFLAGS += -DEAP_PAX
+OBJS += ../src/eap_server/eap_pax.o ../src/eap_common/eap_pax_common.o
+endif
+
+ifdef CONFIG_EAP_PSK
+CFLAGS += -DEAP_PSK
+OBJS += ../src/eap_server/eap_psk.o ../src/eap_common/eap_psk_common.o
+endif
+
+ifdef CONFIG_EAP_SAKE
+CFLAGS += -DEAP_SAKE
+OBJS += ../src/eap_server/eap_sake.o ../src/eap_common/eap_sake_common.o
+endif
+
+ifdef CONFIG_EAP_GPSK
+CFLAGS += -DEAP_GPSK
+OBJS += ../src/eap_server/eap_gpsk.o ../src/eap_common/eap_gpsk_common.o
+ifdef CONFIG_EAP_GPSK_SHA256
+CFLAGS += -DEAP_GPSK_SHA256
+endif
+NEED_SHA256=y
+endif
+
+ifdef CONFIG_EAP_VENDOR_TEST
+CFLAGS += -DEAP_VENDOR_TEST
+OBJS += ../src/eap_server/eap_vendor_test.o
+endif
+
+ifdef CONFIG_EAP_TLV
+CFLAGS += -DEAP_TLV
+OBJS += ../src/eap_server/eap_tlv.o
+endif
+
+ifdef CONFIG_EAP_FAST
+CFLAGS += -DEAP_FAST
+OBJS += ../src/eap_server/eap_fast.o
+TLS_FUNCS=y
+NEED_T_PRF=y
+endif
+
+ifdef CONFIG_EAP_IKEV2
+CFLAGS += -DEAP_IKEV2
+OBJS += ../src/eap_server/eap_ikev2.o ../src/eap_server/ikev2.o
+OBJS += ../src/eap_common/eap_ikev2_common.o ../src/eap_common/ikev2_common.o
+NEED_DH_GROUPS=y
+endif
+
+# Basic EAP functionality is needed for EAPOL
+OBJS += ../src/eap_server/eap.o
+OBJS += ../src/eap_common/eap_common.o
+OBJS += ../src/eap_server/eap_methods.o
+OBJS += ../src/eap_server/eap_identity.o
+
+ifdef CONFIG_EAP
+CFLAGS += -DEAP_SERVER
+endif
+
+ifndef CONFIG_TLS
+CONFIG_TLS=openssl
+endif
+
+ifeq ($(CONFIG_TLS), internal)
+ifndef CONFIG_CRYPTO
+CONFIG_CRYPTO=internal
+endif
+endif
+ifeq ($(CONFIG_CRYPTO), libtomcrypt)
+CFLAGS += -DCONFIG_INTERNAL_X509
+endif
+ifeq ($(CONFIG_CRYPTO), internal)
+CFLAGS += -DCONFIG_INTERNAL_X509
+endif
+
+
+ifdef TLS_FUNCS
+# Shared TLS functions (needed for EAP_TLS, EAP_PEAP, and EAP_TTLS)
+CFLAGS += -DEAP_TLS_FUNCS
+OBJS += ../src/eap_server/eap_tls_common.o
+ifeq ($(CONFIG_TLS), openssl)
+OBJS += ../src/crypto/tls_openssl.o
+LIBS += -lssl -lcrypto
+LIBS_p += -lcrypto
+LIBS_h += -lcrypto
+endif
+ifeq ($(CONFIG_TLS), gnutls)
+OBJS += ../src/crypto/tls_gnutls.o
+LIBS += -lgnutls -lgcrypt -lgpg-error
+LIBS_p += -lgcrypt
+LIBS_h += -lgcrypt
+endif
+ifdef CONFIG_GNUTLS_EXTRA
+CFLAGS += -DCONFIG_GNUTLS_EXTRA
+LIBS += -lgnutls-extra
+endif
+ifeq ($(CONFIG_TLS), internal)
+OBJS += ../src/crypto/tls_internal.o
+OBJS += ../src/tls/tlsv1_common.o ../src/tls/tlsv1_record.o
+OBJS += ../src/tls/tlsv1_cred.o ../src/tls/tlsv1_server.o
+OBJS += ../src/tls/tlsv1_server_write.o ../src/tls/tlsv1_server_read.o
+OBJS += ../src/tls/asn1.o ../src/tls/x509v3.o
+OBJS_p += ../src/tls/asn1.o
+OBJS_p += ../src/crypto/rc4.o ../src/crypto/aes_wrap.o ../src/crypto/aes.o
+NEED_BASE64=y
+CFLAGS += -DCONFIG_TLS_INTERNAL
+CFLAGS += -DCONFIG_TLS_INTERNAL_SERVER
+ifeq ($(CONFIG_CRYPTO), internal)
+ifdef CONFIG_INTERNAL_LIBTOMMATH
+CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH
+else
+LIBS += -ltommath
+LIBS_p += -ltommath
+endif
+endif
+ifeq ($(CONFIG_CRYPTO), libtomcrypt)
+LIBS += -ltomcrypt -ltfm
+LIBS_p += -ltomcrypt -ltfm
+endif
+endif
+NEED_CRYPTO=y
+else
+OBJS += ../src/crypto/tls_none.o
+endif
+
+ifdef CONFIG_PKCS12
+CFLAGS += -DPKCS12_FUNCS
+endif
+
+ifdef MS_FUNCS
+OBJS += ../src/crypto/ms_funcs.o
+NEED_CRYPTO=y
+endif
+
+ifdef CHAP
+OBJS += ../src/eap_common/chap.o
+endif
+
+ifdef NEED_CRYPTO
+ifndef TLS_FUNCS
+ifeq ($(CONFIG_TLS), openssl)
+LIBS += -lcrypto
+LIBS_p += -lcrypto
+LIBS_h += -lcrypto
+endif
+ifeq ($(CONFIG_TLS), gnutls)
+LIBS += -lgcrypt
+LIBS_p += -lgcrypt
+LIBS_h += -lgcrypt
+endif
+ifeq ($(CONFIG_TLS), internal)
+ifeq ($(CONFIG_CRYPTO), libtomcrypt)
+LIBS += -ltomcrypt -ltfm
+LIBS_p += -ltomcrypt -ltfm
+endif
+endif
+endif
+ifeq ($(CONFIG_TLS), openssl)
+OBJS += ../src/crypto/crypto_openssl.o
+OBJS_p += ../src/crypto/crypto_openssl.o
+HOBJS += ../src/crypto/crypto_openssl.o
+CONFIG_INTERNAL_SHA256=y
+endif
+ifeq ($(CONFIG_TLS), gnutls)
+OBJS += ../src/crypto/crypto_gnutls.o
+OBJS_p += ../src/crypto/crypto_gnutls.o
+HOBJS += ../src/crypto/crypto_gnutls.o
+CONFIG_INTERNAL_SHA256=y
+endif
+ifeq ($(CONFIG_TLS), internal)
+ifeq ($(CONFIG_CRYPTO), libtomcrypt)
+OBJS += ../src/crypto/crypto_libtomcrypt.o
+OBJS_p += ../src/crypto/crypto_libtomcrypt.o
+CONFIG_INTERNAL_SHA256=y
+endif
+ifeq ($(CONFIG_CRYPTO), internal)
+OBJS += ../src/crypto/crypto_internal.o ../src/tls/rsa.o ../src/tls/bignum.o
+OBJS_p += ../src/crypto/crypto_internal.o ../src/tls/rsa.o ../src/tls/bignum.o
+CFLAGS += -DCONFIG_CRYPTO_INTERNAL
+CONFIG_INTERNAL_AES=y
+CONFIG_INTERNAL_DES=y
+CONFIG_INTERNAL_SHA1=y
+CONFIG_INTERNAL_MD4=y
+CONFIG_INTERNAL_MD5=y
+CONFIG_INTERNAL_SHA256=y
+endif
+endif
+else
+CONFIG_INTERNAL_AES=y
+CONFIG_INTERNAL_SHA1=y
+CONFIG_INTERNAL_MD5=y
+CONFIG_INTERNAL_SHA256=y
+endif
+
+ifdef CONFIG_INTERNAL_AES
+CFLAGS += -DINTERNAL_AES
+endif
+ifdef CONFIG_INTERNAL_SHA1
+CFLAGS += -DINTERNAL_SHA1
+endif
+ifdef CONFIG_INTERNAL_SHA256
+CFLAGS += -DINTERNAL_SHA256
+endif
+ifdef CONFIG_INTERNAL_MD5
+CFLAGS += -DINTERNAL_MD5
+endif
+ifdef CONFIG_INTERNAL_MD4
+CFLAGS += -DINTERNAL_MD4
+endif
+ifdef CONFIG_INTERNAL_DES
+CFLAGS += -DINTERNAL_DES
+endif
+
+ifdef NEED_SHA256
+OBJS += ../src/crypto/sha256.o
+endif
+
+ifdef NEED_DH_GROUPS
+OBJS += ../src/crypto/dh_groups.o
+endif
+
+ifndef NEED_FIPS186_2_PRF
+CFLAGS += -DCONFIG_NO_FIPS186_2_PRF
+endif
+
+ifndef NEED_T_PRF
+CFLAGS += -DCONFIG_NO_T_PRF
+endif
+
+ifdef CONFIG_RADIUS_SERVER
+CFLAGS += -DRADIUS_SERVER
+OBJS += ../src/radius/radius_server.o
+endif
+
+ifdef CONFIG_IPV6
+CFLAGS += -DCONFIG_IPV6
+endif
+
+ifdef CONFIG_FULL_DYNAMIC_VLAN
+# define CONFIG_FULL_DYNAMIC_VLAN to have hostapd manipulate bridges
+# and vlan interfaces for the vlan feature.
+CFLAGS += -DCONFIG_FULL_DYNAMIC_VLAN
+endif
+
+ifdef NEED_BASE64
+OBJS += ../src/utils/base64.o
+endif
+
+ALL=hostapd hostapd_cli
+
+all: verify_config $(ALL)
+
+verify_config:
+	@if [ ! -r .config ]; then \
+		echo 'Building hostapd requires a configuration file'; \
+		echo '(.config). See README for more instructions. You can'; \
+		echo 'run "cp defconfig .config" to create an example'; \
+		echo 'configuration.'; \
+		exit 1; \
+	fi
+
+install: all
+	for i in $(ALL); do cp $$i /usr/local/bin/$$i; done
+
+hostapd: $(OBJS)
+	$(CC) -o hostapd $(OBJS) $(LIBS)
+
+OBJS_c = hostapd_cli.o ../src/common/wpa_ctrl.o ../src/utils/os_$(CONFIG_OS).o
+hostapd_cli: $(OBJS_c)
+	$(CC) -o hostapd_cli $(OBJS_c)
+
+NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o ../src/crypto/sha1.o ../src/crypto/rc4.o ../src/crypto/md5.o
+NOBJS += ../src/crypto/crypto_openssl.o ../src/utils/os_$(CONFIG_OS).o
+ifdef TLS_FUNCS
+LIBS_n += -lcrypto
+endif
+
+nt_password_hash: $(NOBJS)
+	$(CC) -o nt_password_hash $(NOBJS) $(LIBS_n)
+
+hlr_auc_gw: $(HOBJS)
+	$(CC) -o hlr_auc_gw $(HOBJS) $(LIBS_h)
+
+clean:
+	$(MAKE) -C ../src clean
+	rm -f core *~ *.o hostapd hostapd_cli nt_password_hash hlr_auc_gw
+	rm -f *.d
+
+%.eps: %.fig
+	fig2dev -L eps $*.fig $*.eps
+
+%.png: %.fig
+	fig2dev -L png -m 3 $*.fig | pngtopnm | pnmscale 0.4 | pnmtopng \
+		> $*.png
+
+docs-pics: doc/hostapd.png doc/hostapd.eps
+
+docs: docs-pics
+	doxygen doc/doxygen.full
+	$(MAKE) -C doc/latex
+	cp doc/latex/refman.pdf hostapd-devel.pdf
+
+docs-fast: docs-pics
+	doxygen doc/doxygen.fast
+
+clean-docs:
+	rm -rf doc/latex doc/html
+	rm -f doc/hosta.d{eps,png} hostapd-devel.pdf
+
+TEST_SRC_MILENAGE = ../src/hlr_auc_gw/milenage.c ../src/crypto/aes_wrap.c ../src/crypto/aes.c ../src/utils/common.c ../src/utils/wpa_debug.o ../src/utils/os_$(CONFIG_OS).c
+test-milenage: $(TEST_SRC_MILENAGE)
+	$(CC) -o test-milenage -Wall -Werror $(TEST_SRC_MILENAGE) \
+		-DTEST_MAIN_MILENAGE -I. -DINTERNAL_AES \
+		-I../src/crypto -I../src/utils
+	./test-milenage
+	rm test-milenage
+
+hostapd-sparse: $(OBJS)
+	@echo Sparse run completed
+
+run-sparse:
+	CC="sparse -D__linux__ -Dlinux -D__STDC__ -Dunix -D__unix__ -D__INT_MAX__=2147483647 -D__SHRT_MAX__=32767 -D__LONG_MAX__=2147483647 -D__SCHAR_MAX__=127 -Wbitwise" $(MAKE) hostapd-sparse
+
+-include $(OBJS:%.o=%.d)

hostapd/README

@@ -0,0 +1,386 @@
+hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP
+	  Authenticator and RADIUS authentication server
+================================================================
+
+Copyright (c) 2002-2008, Jouni Malinen <j@w1.fi> and contributors
+All Rights Reserved.
+
+This program is dual-licensed under both the GPL version 2 and BSD
+license. Either license may be used at your option.
+
+
+
+License
+-------
+
+GPL v2:
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License version 2 as
+published by the Free Software Foundation.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+
+(this copy of the license is in COPYING file)
+
+
+Alternatively, this software may be distributed, used, and modified
+under the terms of BSD license:
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+3. Neither the name(s) of the above-listed copyright holder(s) nor the
+   names of its contributors may be used to endorse or promote products
+   derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+
+Introduction
+============
+
+Originally, hostapd was an optional user space component for Host AP
+driver. It adds more features to the basic IEEE 802.11 management
+included in the kernel driver: using external RADIUS authentication
+server for MAC address based access control, IEEE 802.1X Authenticator
+and dynamic WEP keying, RADIUS accounting, WPA/WPA2 (IEEE 802.11i/RSN)
+Authenticator and dynamic TKIP/CCMP keying.
+
+The current version includes support for other drivers, an integrated
+EAP server (i.e., allow full authentication without requiring
+an external RADIUS authentication server), and RADIUS authentication
+server for EAP authentication.
+
+
+Requirements
+------------
+
+Current hardware/software requirements:
+- drivers:
+	Host AP driver for Prism2/2.5/3.
+	(http://hostap.epitest.fi/)
+	Please note that station firmware version needs to be 1.7.0 or newer
+	to work in WPA mode.
+
+	madwifi driver for cards based on Atheros chip set (ar521x)
+	(http://sourceforge.net/projects/madwifi/)
+	Please note that you will need to add the correct path for
+	madwifi driver root directory in .config (see defconfig file for
+	an example: CFLAGS += -I<path>)
+
+	Prism54 driver for Intersil/Conexant Prism GT/Duette/Indigo
+	(http://www.prism54.org/)
+
+	Any wired Ethernet driver for wired IEEE 802.1X authentication
+	(experimental code)
+
+	FreeBSD -current (with some kernel mods that have not yet been
+	committed when hostapd v0.3.0 was released)
+	BSD net80211 layer (e.g., Atheros driver)
+
+
+Build configuration
+-------------------
+
+In order to be able to build hostapd, you will need to create a build
+time configuration file, .config that selects which optional
+components are included. See defconfig file for example configuration
+and list of available options.
+
+
+
+IEEE 802.1X
+===========
+
+IEEE Std 802.1X-2001 is a standard for port-based network access
+control. In case of IEEE 802.11 networks, a "virtual port" is used
+between each associated station and the AP. IEEE 802.11 specifies
+minimal authentication mechanism for stations, whereas IEEE 802.1X
+introduces a extensible mechanism for authenticating and authorizing
+users.
+
+IEEE 802.1X uses elements called Supplicant, Authenticator, Port
+Access Entity, and Authentication Server. Supplicant is a component in
+a station and it performs the authentication with the Authentication
+Server. An access point includes an Authenticator that relays the packets
+between a Supplicant and an Authentication Server. In addition, it has a
+Port Access Entity (PAE) with Authenticator functionality for
+controlling the virtual port authorization, i.e., whether to accept
+packets from or to the station.
+
+IEEE 802.1X uses Extensible Authentication Protocol (EAP). The frames
+between a Supplicant and an Authenticator are sent using EAP over LAN
+(EAPOL) and the Authenticator relays these frames to the Authentication
+Server (and similarly, relays the messages from the Authentication
+Server to the Supplicant). The Authentication Server can be colocated with the
+Authenticator, in which case there is no need for additional protocol
+for EAP frame transmission. However, a more common configuration is to
+use an external Authentication Server and encapsulate EAP frame in the
+frames used by that server. RADIUS is suitable for this, but IEEE
+802.1X would also allow other mechanisms.
+
+Host AP driver includes PAE functionality in the kernel driver. It
+is a relatively simple mechanism for denying normal frames going to
+or coming from an unauthorized port. PAE allows IEEE 802.1X related
+frames to be passed between the Supplicant and the Authenticator even
+on an unauthorized port.
+
+User space daemon, hostapd, includes Authenticator functionality. It
+receives 802.1X (EAPOL) frames from the Supplicant using the wlan#ap
+device that is also used with IEEE 802.11 management frames. The
+frames to the Supplicant are sent using the same device.
+
+The normal configuration of the Authenticator would use an external
+Authentication Server. hostapd supports RADIUS encapsulation of EAP
+packets, so the Authentication Server should be a RADIUS server, like
+FreeRADIUS (http://www.freeradius.org/). The Authenticator in hostapd
+relays the frames between the Supplicant and the Authentication
+Server. It also controls the PAE functionality in the kernel driver by
+controlling virtual port authorization, i.e., station-AP
+connection, based on the IEEE 802.1X state.
+
+When a station would like to use the services of an access point, it
+will first perform IEEE 802.11 authentication. This is normally done
+with open systems authentication, so there is no security. After
+this, IEEE 802.11 association is performed. If IEEE 802.1X is
+configured to be used, the virtual port for the station is set in
+Unauthorized state and only IEEE 802.1X frames are accepted at this
+point. The Authenticator will then ask the Supplicant to authenticate
+with the Authentication Server. After this is completed successfully,
+the virtual port is set to Authorized state and frames from and to the
+station are accepted.
+
+Host AP configuration for IEEE 802.1X
+-------------------------------------
+
+The user space daemon has its own configuration file that can be used to
+define AP options. Distribution package contains an example
+configuration file (hostapd/hostapd.conf) that can be used as a basis
+for configuration. It includes examples of all supported configuration
+options and short description of each option. hostapd should be started
+with full path to the configuration file as the command line argument,
+e.g., './hostapd /etc/hostapd.conf'. If you have more that one wireless
+LAN card, you can use one hostapd process for multiple interfaces by
+giving a list of configuration files (one per interface) in the command
+line.
+
+hostapd includes a minimal co-located IEEE 802.1X server which can be
+used to test IEEE 802.1X authentication. However, it should not be
+used in normal use since it does not provide any security. This can be
+configured by setting ieee8021x and minimal_eap options in the
+configuration file.
+
+An external Authentication Server (RADIUS) is configured with
+auth_server_{addr,port,shared_secret} options. In addition,
+ieee8021x and own_ip_addr must be set for this mode. With such
+configuration, the co-located Authentication Server is not used and EAP
+frames will be relayed using EAPOL between the Supplicant and the
+Authenticator and RADIUS encapsulation between the Authenticator and
+the Authentication Server. Other than this, the functionality is similar
+to the case with the co-located Authentication Server.
+
+Authentication Server and Supplicant
+------------------------------------
+
+Any RADIUS server supporting EAP should be usable as an IEEE 802.1X
+Authentication Server with hostapd Authenticator. FreeRADIUS
+(http://www.freeradius.org/) has been successfully tested with hostapd
+Authenticator and both Xsupplicant (http://www.open1x.org) and Windows
+XP Supplicants. EAP/TLS was used with Xsupplicant and
+EAP/MD5-Challenge with Windows XP.
+
+http://www.missl.cs.umd.edu/wireless/eaptls/ has useful information
+about using EAP/TLS with FreeRADIUS and Xsupplicant (just replace
+Cisco access point with Host AP driver, hostapd daemon, and a Prism2
+card ;-). http://www.freeradius.org/doc/EAP-MD5.html has information
+about using EAP/MD5 with FreeRADIUS, including instructions for WinXP
+configuration. http://www.denobula.com/EAPTLS.pdf has a HOWTO on
+EAP/TLS use with WinXP Supplicant.
+
+Automatic WEP key configuration
+-------------------------------
+
+EAP/TLS generates a session key that can be used to send WEP keys from
+an AP to authenticated stations. The Authenticator in hostapd can be
+configured to automatically select a random default/broadcast key
+(shared by all authenticated stations) with wep_key_len_broadcast
+option (5 for 40-bit WEP or 13 for 104-bit WEP). In addition,
+wep_key_len_unicast option can be used to configure individual unicast
+keys for stations. This requires support for individual keys in the
+station driver.
+
+WEP keys can be automatically updated by configuring rekeying. This
+will improve security of the network since same WEP key will only be
+used for a limited period of time. wep_rekey_period option sets the
+interval for rekeying in seconds.
+
+
+WPA/WPA2
+========
+
+Features
+--------
+
+Supported WPA/IEEE 802.11i features:
+- WPA-PSK ("WPA-Personal")
+- WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise")
+- key management for CCMP, TKIP, WEP104, WEP40
+- RSN/WPA2 (IEEE 802.11i), including PMKSA caching and pre-authentication
+
+WPA
+---
+
+The original security mechanism of IEEE 802.11 standard was not
+designed to be strong and has proved to be insufficient for most
+networks that require some kind of security. Task group I (Security)
+of IEEE 802.11 working group (http://www.ieee802.org/11/) has worked
+to address the flaws of the base standard and has in practice
+completed its work in May 2004. The IEEE 802.11i amendment to the IEEE
+802.11 standard was approved in June 2004 and this amendment is likely
+to be published in July 2004.
+
+Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version of the
+IEEE 802.11i work (draft 3.0) to define a subset of the security
+enhancements that can be implemented with existing wlan hardware. This
+is called Wi-Fi Protected Access<TM> (WPA). This has now become a
+mandatory component of interoperability testing and certification done
+by Wi-Fi Alliance. Wi-Fi provides information about WPA at its web
+site (http://www.wi-fi.org/OpenSection/protected_access.asp).
+
+IEEE 802.11 standard defined wired equivalent privacy (WEP) algorithm
+for protecting wireless networks. WEP uses RC4 with 40-bit keys,
+24-bit initialization vector (IV), and CRC32 to protect against packet
+forgery. All these choices have proven to be insufficient: key space is
+too small against current attacks, RC4 key scheduling is insufficient
+(beginning of the pseudorandom stream should be skipped), IV space is
+too small and IV reuse makes attacks easier, there is no replay
+protection, and non-keyed authentication does not protect against bit
+flipping packet data.
+
+WPA is an intermediate solution for the security issues. It uses
+Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP is a
+compromise on strong security and possibility to use existing
+hardware. It still uses RC4 for the encryption like WEP, but with
+per-packet RC4 keys. In addition, it implements replay protection,
+keyed packet authentication mechanism (Michael MIC).
+
+Keys can be managed using two different mechanisms. WPA can either use
+an external authentication server (e.g., RADIUS) and EAP just like
+IEEE 802.1X is using or pre-shared keys without need for additional
+servers. Wi-Fi calls these "WPA-Enterprise" and "WPA-Personal",
+respectively. Both mechanisms will generate a master session key for
+the Authenticator (AP) and Supplicant (client station).
+
+WPA implements a new key handshake (4-Way Handshake and Group Key
+Handshake) for generating and exchanging data encryption keys between
+the Authenticator and Supplicant. This handshake is also used to
+verify that both Authenticator and Supplicant know the master session
+key. These handshakes are identical regardless of the selected key
+management mechanism (only the method for generating master session
+key changes).
+
+
+IEEE 802.11i / WPA2
+-------------------
+
+The design for parts of IEEE 802.11i that were not included in WPA has
+finished (May 2004) and this amendment to IEEE 802.11 was approved in
+June 2004. Wi-Fi Alliance is using the final IEEE 802.11i as a new
+version of WPA called WPA2. This includes, e.g., support for more
+robust encryption algorithm (CCMP: AES in Counter mode with CBC-MAC)
+to replace TKIP and optimizations for handoff (reduced number of
+messages in initial key handshake, pre-authentication, and PMKSA caching).
+
+Some wireless LAN vendors are already providing support for CCMP in
+their WPA products. There is no "official" interoperability
+certification for CCMP and/or mixed modes using both TKIP and CCMP, so
+some interoperability issues can be expected even though many
+combinations seem to be working with equipment from different vendors.
+Testing for WPA2 is likely to start during the second half of 2004.
+
+hostapd configuration for WPA/WPA2
+----------------------------------
+
+TODO
+
+# Enable WPA. Setting this variable configures the AP to require WPA (either
+# WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either
+# wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK.
+# For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys),
+# RADIUS authentication server must be configured, and WPA-EAP must be included
+# in wpa_key_mgmt.
+# This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
+# and/or WPA2 (full IEEE 802.11i/RSN):
+# bit0 = WPA
+# bit1 = IEEE 802.11i/RSN (WPA2)
+#wpa=1
+
+# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit
+# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase
+# (8..63 characters) that will be converted to PSK. This conversion uses SSID
+# so the PSK changes when ASCII passphrase is used and the SSID is changed.
+#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
+#wpa_passphrase=secret passphrase
+
+# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The
+# entries are separated with a space.
+#wpa_key_mgmt=WPA-PSK WPA-EAP
+
+# Set of accepted cipher suites (encryption algorithms) for pairwise keys
+# (unicast packets). This is a space separated list of algorithms:
+# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i]
+# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i]
+# Group cipher suite (encryption algorithm for broadcast and multicast frames)
+# is automatically selected based on this configuration. If only CCMP is
+# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
+# TKIP will be used as the group cipher.
+#wpa_pairwise=TKIP CCMP
+
+# Time interval for rekeying GTK (broadcast/multicast encryption keys) in
+# seconds.
+#wpa_group_rekey=600
+
+# Time interval for rekeying GMK (master key used internally to generate GTKs
+# (in seconds).
+#wpa_gmk_rekey=86400
+
+# Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up
+# roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN
+# authentication and key handshake before actually associating with a new AP.
+#rsn_preauth=1
+#
+# Space separated list of interfaces from which pre-authentication frames are
+# accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This list should include all
+# interface that are used for connections to other APs. This could include
+# wired interfaces and WDS links. The normal wireless data interface towards
+# associated stations (e.g., wlan0) should not be added, since
+# pre-authentication is only used with APs other than the currently associated
+# one.
+#rsn_preauth_interfaces=eth0

hostapd/accounting.c

@@ -0,0 +1,466 @@
+/*
+ * hostapd / RADIUS Accounting
+ * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "hostapd.h"
+#include "radius/radius.h"
+#include "radius/radius_client.h"
+#include "eloop.h"
+#include "accounting.h"
+#include "ieee802_1x.h"
+#include "driver.h"
+
+
+/* Default interval in seconds for polling TX/RX octets from the driver if
+ * STA is not using interim accounting. This detects wrap arounds for
+ * input/output octets and updates Acct-{Input,Output}-Gigawords. */
+#define ACCT_DEFAULT_UPDATE_INTERVAL 300
+
+/* from ieee802_1x.c */
+const char *radius_mode_txt(struct hostapd_data *hapd);
+int radius_sta_rate(struct hostapd_data *hapd, struct sta_info *sta);
+
+
+static struct radius_msg * accounting_msg(struct hostapd_data *hapd,
+					  struct sta_info *sta,
+					  int status_type)
+{
+	struct radius_msg *msg;
+	char buf[128];
+	u8 *val;
+	size_t len;
+	int i;
+
+	msg = radius_msg_new(RADIUS_CODE_ACCOUNTING_REQUEST,
+			     radius_client_get_id(hapd->radius));
+	if (msg == NULL) {
+		printf("Could not create net RADIUS packet\n");
+		return NULL;
+	}
+
+	if (sta) {
+		radius_msg_make_authenticator(msg, (u8 *) sta, sizeof(*sta));
+
+		os_snprintf(buf, sizeof(buf), "%08X-%08X",
+			    sta->acct_session_id_hi, sta->acct_session_id_lo);
+		if (!radius_msg_add_attr(msg, RADIUS_ATTR_ACCT_SESSION_ID,
+					 (u8 *) buf, os_strlen(buf))) {
+			printf("Could not add Acct-Session-Id\n");
+			goto fail;
+		}
+	} else {
+		radius_msg_make_authenticator(msg, (u8 *) hapd, sizeof(*hapd));
+	}
+
+	if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_STATUS_TYPE,
+				       status_type)) {
+		printf("Could not add Acct-Status-Type\n");
+		goto fail;
+	}
+
+	if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_AUTHENTIC,
+				       hapd->conf->ieee802_1x ?
+				       RADIUS_ACCT_AUTHENTIC_RADIUS :
+				       RADIUS_ACCT_AUTHENTIC_LOCAL)) {
+		printf("Could not add Acct-Authentic\n");
+		goto fail;
+	}
+
+	if (sta) {
+		val = ieee802_1x_get_identity(sta->eapol_sm, &len);
+		if (!val) {
+			os_snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT,
+				    MAC2STR(sta->addr));
+			val = (u8 *) buf;
+			len = os_strlen(buf);
+		}
+
+		if (!radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME, val,
+					 len)) {
+			printf("Could not add User-Name\n");
+			goto fail;
+		}
+	}
+
+	if (hapd->conf->own_ip_addr.af == AF_INET &&
+	    !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
+				 (u8 *) &hapd->conf->own_ip_addr.u.v4, 4)) {
+		printf("Could not add NAS-IP-Address\n");
+		goto fail;
+	}
+
+#ifdef CONFIG_IPV6
+	if (hapd->conf->own_ip_addr.af == AF_INET6 &&
+	    !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IPV6_ADDRESS,
+				 (u8 *) &hapd->conf->own_ip_addr.u.v6, 16)) {
+		printf("Could not add NAS-IPv6-Address\n");
+		goto fail;
+	}
+#endif /* CONFIG_IPV6 */
+
+	if (hapd->conf->nas_identifier &&
+	    !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IDENTIFIER,
+				 (u8 *) hapd->conf->nas_identifier,
+				 os_strlen(hapd->conf->nas_identifier))) {
+		printf("Could not add NAS-Identifier\n");
+		goto fail;
+	}
+
+	if (sta &&
+	    !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT, sta->aid)) {
+		printf("Could not add NAS-Port\n");
+		goto fail;
+	}
+
+	os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT ":%s",
+		    MAC2STR(hapd->own_addr), hapd->conf->ssid.ssid);
+	if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLED_STATION_ID,
+				 (u8 *) buf, os_strlen(buf))) {
+		printf("Could not add Called-Station-Id\n");
+		goto fail;
+	}
+
+	if (sta) {
+		os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
+			    MAC2STR(sta->addr));
+		if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID,
+					 (u8 *) buf, os_strlen(buf))) {
+			printf("Could not add Calling-Station-Id\n");
+			goto fail;
+		}
+
+		if (!radius_msg_add_attr_int32(
+			    msg, RADIUS_ATTR_NAS_PORT_TYPE,
+			    RADIUS_NAS_PORT_TYPE_IEEE_802_11)) {
+			printf("Could not add NAS-Port-Type\n");
+			goto fail;
+		}
+
+		os_snprintf(buf, sizeof(buf), "CONNECT %d%sMbps %s",
+			    radius_sta_rate(hapd, sta) / 2,
+			    (radius_sta_rate(hapd, sta) & 1) ? ".5" : "",
+			    radius_mode_txt(hapd));
+		if (!radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO,
+					 (u8 *) buf, os_strlen(buf))) {
+			printf("Could not add Connect-Info\n");
+			goto fail;
+		}
+
+		for (i = 0; ; i++) {
+			val = ieee802_1x_get_radius_class(sta->eapol_sm, &len,
+							  i);
+			if (val == NULL)
+				break;
+
+			if (!radius_msg_add_attr(msg, RADIUS_ATTR_CLASS,
+						 val, len)) {
+				printf("Could not add Class\n");
+				goto fail;
+			}
+		}
+	}
+
+	return msg;
+
+ fail:
+	radius_msg_free(msg);
+	os_free(msg);
+	return NULL;
+}
+
+
+static int accounting_sta_update_stats(struct hostapd_data *hapd,
+				       struct sta_info *sta,
+				       struct hostap_sta_driver_data *data)
+{
+	if (hostapd_read_sta_data(hapd, data, sta->addr))
+		return -1;
+
+	if (sta->last_rx_bytes > data->rx_bytes)
+		sta->acct_input_gigawords++;
+	if (sta->last_tx_bytes > data->tx_bytes)
+		sta->acct_output_gigawords++;
+	sta->last_rx_bytes = data->rx_bytes;
+	sta->last_tx_bytes = data->tx_bytes;
+
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
+		       HOSTAPD_LEVEL_DEBUG, "updated TX/RX stats: "
+		       "Acct-Input-Octets=%lu Acct-Input-Gigawords=%u "
+		       "Acct-Output-Octets=%lu Acct-Output-Gigawords=%u",
+		       sta->last_rx_bytes, sta->acct_input_gigawords,
+		       sta->last_tx_bytes, sta->acct_output_gigawords);
+
+	return 0;
+}
+
+
+static void accounting_interim_update(void *eloop_ctx, void *timeout_ctx)
+{
+	struct hostapd_data *hapd = eloop_ctx;
+	struct sta_info *sta = timeout_ctx;
+	int interval;
+
+	if (sta->acct_interim_interval) {
+		accounting_sta_interim(hapd, sta);
+		interval = sta->acct_interim_interval;
+	} else {
+		struct hostap_sta_driver_data data;
+		accounting_sta_update_stats(hapd, sta, &data);
+		interval = ACCT_DEFAULT_UPDATE_INTERVAL;
+	}
+
+	eloop_register_timeout(interval, 0, accounting_interim_update,
+			       hapd, sta);
+}
+
+
+void accounting_sta_start(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	struct radius_msg *msg;
+	int interval;
+
+	if (sta->acct_session_started)
+		return;
+
+	time(&sta->acct_session_start);
+	sta->last_rx_bytes = sta->last_tx_bytes = 0;
+	sta->acct_input_gigawords = sta->acct_output_gigawords = 0;
+	hostapd_sta_clear_stats(hapd, sta->addr);
+
+	if (!hapd->conf->radius->acct_server)
+		return;
+
+	if (sta->acct_interim_interval)
+		interval = sta->acct_interim_interval;
+	else
+		interval = ACCT_DEFAULT_UPDATE_INTERVAL;
+	eloop_register_timeout(interval, 0, accounting_interim_update,
+			       hapd, sta);
+
+	msg = accounting_msg(hapd, sta, RADIUS_ACCT_STATUS_TYPE_START);
+	if (msg)
+		radius_client_send(hapd->radius, msg, RADIUS_ACCT, sta->addr);
+
+	sta->acct_session_started = 1;
+}
+
+
+void accounting_sta_report(struct hostapd_data *hapd, struct sta_info *sta,
+			   int stop)
+{
+	struct radius_msg *msg;
+	int cause = sta->acct_terminate_cause;
+	struct hostap_sta_driver_data data;
+	u32 gigawords;
+
+	if (!hapd->conf->radius->acct_server)
+		return;
+
+	msg = accounting_msg(hapd, sta,
+			     stop ? RADIUS_ACCT_STATUS_TYPE_STOP :
+			     RADIUS_ACCT_STATUS_TYPE_INTERIM_UPDATE);
+	if (!msg) {
+		printf("Could not create RADIUS Accounting message\n");
+		return;
+	}
+
+	if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_SESSION_TIME,
+				       time(NULL) - sta->acct_session_start)) {
+		printf("Could not add Acct-Session-Time\n");
+		goto fail;
+	}
+
+	if (accounting_sta_update_stats(hapd, sta, &data) == 0) {
+		if (!radius_msg_add_attr_int32(msg,
+					       RADIUS_ATTR_ACCT_INPUT_PACKETS,
+					       data.rx_packets)) {
+			printf("Could not add Acct-Input-Packets\n");
+			goto fail;
+		}
+		if (!radius_msg_add_attr_int32(msg,
+					       RADIUS_ATTR_ACCT_OUTPUT_PACKETS,
+					       data.tx_packets)) {
+			printf("Could not add Acct-Output-Packets\n");
+			goto fail;
+		}
+		if (!radius_msg_add_attr_int32(msg,
+					       RADIUS_ATTR_ACCT_INPUT_OCTETS,
+					       data.rx_bytes)) {
+			printf("Could not add Acct-Input-Octets\n");
+			goto fail;
+		}
+		gigawords = sta->acct_input_gigawords;
+#if __WORDSIZE == 64
+		gigawords += data.rx_bytes >> 32;
+#endif
+		if (gigawords &&
+		    !radius_msg_add_attr_int32(
+			    msg, RADIUS_ATTR_ACCT_INPUT_GIGAWORDS,
+			    gigawords)) {
+			printf("Could not add Acct-Input-Gigawords\n");
+			goto fail;
+		}
+		if (!radius_msg_add_attr_int32(msg,
+					       RADIUS_ATTR_ACCT_OUTPUT_OCTETS,
+					       data.tx_bytes)) {
+			printf("Could not add Acct-Output-Octets\n");
+			goto fail;
+		}
+		gigawords = sta->acct_output_gigawords;
+#if __WORDSIZE == 64
+		gigawords += data.tx_bytes >> 32;
+#endif
+		if (gigawords &&
+		    !radius_msg_add_attr_int32(
+			    msg, RADIUS_ATTR_ACCT_OUTPUT_GIGAWORDS,
+			    gigawords)) {
+			printf("Could not add Acct-Output-Gigawords\n");
+			goto fail;
+		}
+	}
+
+	if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_EVENT_TIMESTAMP,
+				       time(NULL))) {
+		printf("Could not add Event-Timestamp\n");
+		goto fail;
+	}
+
+	if (eloop_terminated())
+		cause = RADIUS_ACCT_TERMINATE_CAUSE_ADMIN_REBOOT;
+
+	if (stop && cause &&
+	    !radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_TERMINATE_CAUSE,
+				       cause)) {
+		printf("Could not add Acct-Terminate-Cause\n");
+		goto fail;
+	}
+
+	radius_client_send(hapd->radius, msg,
+			   stop ? RADIUS_ACCT : RADIUS_ACCT_INTERIM,
+			   sta->addr);
+	return;
+
+ fail:
+	radius_msg_free(msg);
+	os_free(msg);
+}
+
+
+void accounting_sta_interim(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	if (sta->acct_session_started)
+		accounting_sta_report(hapd, sta, 0);
+}
+
+
+void accounting_sta_stop(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	if (sta->acct_session_started) {
+		accounting_sta_report(hapd, sta, 1);
+		eloop_cancel_timeout(accounting_interim_update, hapd, sta);
+		sta->acct_session_started = 0;
+	}
+}
+
+
+void accounting_sta_get_id(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	sta->acct_session_id_lo = hapd->acct_session_id_lo++;
+	if (hapd->acct_session_id_lo == 0) {
+		hapd->acct_session_id_hi++;
+	}
+	sta->acct_session_id_hi = hapd->acct_session_id_hi;
+}
+
+
+/* Process the RADIUS frames from Accounting Server */
+static RadiusRxResult
+accounting_receive(struct radius_msg *msg, struct radius_msg *req,
+		   u8 *shared_secret, size_t shared_secret_len, void *data)
+{
+	if (msg->hdr->code != RADIUS_CODE_ACCOUNTING_RESPONSE) {
+		printf("Unknown RADIUS message code\n");
+		return RADIUS_RX_UNKNOWN;
+	}
+
+	if (radius_msg_verify(msg, shared_secret, shared_secret_len, req, 0)) {
+		printf("Incoming RADIUS packet did not have correct "
+		       "Authenticator - dropped\n");
+		return RADIUS_RX_INVALID_AUTHENTICATOR;
+	}
+
+	return RADIUS_RX_PROCESSED;
+}
+
+
+static void accounting_report_state(struct hostapd_data *hapd, int on)
+{
+	struct radius_msg *msg;
+
+	if (!hapd->conf->radius->acct_server || hapd->radius == NULL)
+		return;
+
+	/* Inform RADIUS server that accounting will start/stop so that the
+	 * server can close old accounting sessions. */
+	msg = accounting_msg(hapd, NULL,
+			     on ? RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_ON :
+			     RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_OFF);
+	if (!msg)
+		return;
+
+	if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_TERMINATE_CAUSE,
+				       RADIUS_ACCT_TERMINATE_CAUSE_NAS_REBOOT))
+	{
+		printf("Could not add Acct-Terminate-Cause\n");
+		radius_msg_free(msg);
+		os_free(msg);
+		return;
+	}
+
+	radius_client_send(hapd->radius, msg, RADIUS_ACCT, NULL);
+}
+
+
+int accounting_init(struct hostapd_data *hapd)
+{
+	/* Acct-Session-Id should be unique over reboots. If reliable clock is
+	 * not available, this could be replaced with reboot counter, etc. */
+	hapd->acct_session_id_hi = time(NULL);
+
+	if (radius_client_register(hapd->radius, RADIUS_ACCT,
+				   accounting_receive, hapd))
+		return -1;
+
+	accounting_report_state(hapd, 1);
+
+	return 0;
+}
+
+
+void accounting_deinit(struct hostapd_data *hapd)
+{
+	accounting_report_state(hapd, 0);
+}
+
+
+int accounting_reconfig(struct hostapd_data *hapd,
+			struct hostapd_config *oldconf)
+{
+	if (!hapd->radius_client_reconfigured)
+		return 0;
+
+	accounting_deinit(hapd);
+	return accounting_init(hapd);
+}

hostapd/accounting.h

@@ -0,0 +1,27 @@
+/*
+ * hostapd / RADIUS Accounting
+ * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef ACCOUNTING_H
+#define ACCOUNTING_H
+
+void accounting_sta_start(struct hostapd_data *hapd, struct sta_info *sta);
+void accounting_sta_interim(struct hostapd_data *hapd, struct sta_info *sta);
+void accounting_sta_stop(struct hostapd_data *hapd, struct sta_info *sta);
+void accounting_sta_get_id(struct hostapd_data *hapd, struct sta_info *sta);
+int accounting_init(struct hostapd_data *hapd);
+void accounting_deinit(struct hostapd_data *hapd);
+int accounting_reconfig(struct hostapd_data *hapd,
+			struct hostapd_config *oldconf);
+
+#endif /* ACCOUNTING_H */

hostapd/ap.h

@@ -0,0 +1,111 @@
+/*
+ * hostapd / Station table data structures
+ * Copyright (c) 2002-2004, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef AP_H
+#define AP_H
+
+/* STA flags */
+#define WLAN_STA_AUTH BIT(0)
+#define WLAN_STA_ASSOC BIT(1)
+#define WLAN_STA_PS BIT(2)
+#define WLAN_STA_TIM BIT(3)
+#define WLAN_STA_PERM BIT(4)
+#define WLAN_STA_AUTHORIZED BIT(5)
+#define WLAN_STA_PENDING_POLL BIT(6) /* pending activity poll not ACKed */
+#define WLAN_STA_SHORT_PREAMBLE BIT(7)
+#define WLAN_STA_PREAUTH BIT(8)
+#define WLAN_STA_WME BIT(9)
+#define WLAN_STA_NONERP BIT(31)
+
+/* Maximum number of supported rates (from both Supported Rates and Extended
+ * Supported Rates IEs). */
+#define WLAN_SUPP_RATES_MAX 32
+
+
+struct sta_info {
+	struct sta_info *next; /* next entry in sta list */
+	struct sta_info *hnext; /* next entry in hash table list */
+	u8 addr[6];
+	u16 aid; /* STA's unique AID (1 .. 2007) or 0 if not yet assigned */
+	u32 flags;
+	u16 capability;
+	u16 listen_interval; /* or beacon_int for APs */
+	u8 supported_rates[WLAN_SUPP_RATES_MAX];
+	int supported_rates_len;
+
+	unsigned int nonerp_set:1;
+	unsigned int no_short_slot_time_set:1;
+	unsigned int no_short_preamble_set:1;
+
+	u16 auth_alg;
+	u8 previous_ap[6];
+
+	enum {
+		STA_NULLFUNC = 0, STA_DISASSOC, STA_DEAUTH, STA_REMOVE
+	} timeout_next;
+
+	/* IEEE 802.1X related data */
+	struct eapol_state_machine *eapol_sm;
+
+	/* IEEE 802.11f (IAPP) related data */
+	struct ieee80211_mgmt *last_assoc_req;
+
+	u32 acct_session_id_hi;
+	u32 acct_session_id_lo;
+	time_t acct_session_start;
+	int acct_session_started;
+	int acct_terminate_cause; /* Acct-Terminate-Cause */
+	int acct_interim_interval; /* Acct-Interim-Interval */
+
+	unsigned long last_rx_bytes;
+	unsigned long last_tx_bytes;
+	u32 acct_input_gigawords; /* Acct-Input-Gigawords */
+	u32 acct_output_gigawords; /* Acct-Output-Gigawords */
+
+	u8 *challenge; /* IEEE 802.11 Shared Key Authentication Challenge */
+
+	struct wpa_state_machine *wpa_sm;
+	struct rsn_preauth_interface *preauth_iface;
+
+	struct hostapd_ssid *ssid; /* SSID selection based on (Re)AssocReq */
+	struct hostapd_ssid *ssid_probe; /* SSID selection based on ProbeReq */
+
+	int vlan_id;
+};
+
+
+/* Maximum number of AIDs to use for STAs; must be 2007 or lower
+ * (8802.11 limitation) */
+#define MAX_AID_TABLE_SIZE 128
+
+#define STA_HASH_SIZE 256
+#define STA_HASH(sta) (sta[5])
+
+
+/* Default value for maximum station inactivity. After AP_MAX_INACTIVITY has
+ * passed since last received frame from the station, a nullfunc data frame is
+ * sent to the station. If this frame is not acknowledged and no other frames
+ * have been received, the station will be disassociated after
+ * AP_DISASSOC_DELAY seconds. Similarily, the station will be deauthenticated
+ * after AP_DEAUTH_DELAY seconds has passed after disassociation. */
+#define AP_MAX_INACTIVITY (5 * 60)
+#define AP_DISASSOC_DELAY (1)
+#define AP_DEAUTH_DELAY (1)
+/* Number of seconds to keep STA entry with Authenticated flag after it has
+ * been disassociated. */
+#define AP_MAX_INACTIVITY_AFTER_DISASSOC (1 * 30)
+/* Number of seconds to keep STA entry after it has been deauthenticated. */
+#define AP_MAX_INACTIVITY_AFTER_DEAUTH (1 * 5)
+
+#endif /* AP_H */

hostapd/ap_list.c

@@ -0,0 +1,458 @@
+/*
+ * hostapd / AP table
+ * Copyright 2002-2003, Jouni Malinen <j@w1.fi>
+ * Copyright 2003-2004, Instant802 Networks, Inc.
+ * Copyright 2006, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "hostapd.h"
+#include "ieee802_11.h"
+#include "eloop.h"
+#include "ap_list.h"
+#include "hw_features.h"
+#include "beacon.h"
+
+
+struct ieee80211_frame_info {
+	u32 version;
+	u32 length;
+	u64 mactime;
+	u64 hosttime;
+	u32 phytype;
+	u32 channel;
+	u32 datarate;
+	u32 antenna;
+	u32 priority;
+	u32 ssi_type;
+	u32 ssi_signal;
+	u32 ssi_noise;
+	u32 preamble;
+	u32 encoding;
+
+	/* Note: this structure is otherwise identical to capture format used
+	 * in linux-wlan-ng, but this additional field is used to provide meta
+	 * data about the frame to hostapd. This was the easiest method for
+	 * providing this information, but this might change in the future. */
+	u32 msg_type;
+} __attribute__ ((packed));
+
+
+enum ieee80211_phytype {
+	ieee80211_phytype_fhss_dot11_97  = 1,
+	ieee80211_phytype_dsss_dot11_97  = 2,
+	ieee80211_phytype_irbaseband     = 3,
+	ieee80211_phytype_dsss_dot11_b   = 4,
+	ieee80211_phytype_pbcc_dot11_b   = 5,
+	ieee80211_phytype_ofdm_dot11_g   = 6,
+	ieee80211_phytype_pbcc_dot11_g   = 7,
+	ieee80211_phytype_ofdm_dot11_a   = 8,
+	ieee80211_phytype_dsss_dot11_turbog = 255,
+	ieee80211_phytype_dsss_dot11_turbo = 256,
+};
+
+
+/* AP list is a double linked list with head->prev pointing to the end of the
+ * list and tail->next = NULL. Entries are moved to the head of the list
+ * whenever a beacon has been received from the AP in question. The tail entry
+ * in this link will thus be the least recently used entry. */
+
+
+static void ap_list_new_ap(struct hostapd_iface *iface, struct ap_info *ap)
+{
+	wpa_printf(MSG_DEBUG, "New AP detected: " MACSTR, MAC2STR(ap->addr));
+
+	/* TODO: could send a notification message to an external program that
+	 * would then determine whether a rogue AP has been detected */
+}
+
+
+static void ap_list_expired_ap(struct hostapd_iface *iface, struct ap_info *ap)
+{
+	wpa_printf(MSG_DEBUG, "AP info expired: " MACSTR, MAC2STR(ap->addr));
+
+	/* TODO: could send a notification message to an external program */
+}
+
+
+static int ap_list_beacon_olbc(struct hostapd_iface *iface, struct ap_info *ap)
+{
+	int i;
+
+	if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G ||
+	    ap->phytype != ieee80211_phytype_pbcc_dot11_g ||
+	    iface->conf->channel != ap->channel)
+		return 0;
+
+	if (ap->erp != -1 && (ap->erp & ERP_INFO_NON_ERP_PRESENT))
+		return 1;
+
+	for (i = 0; i < WLAN_SUPP_RATES_MAX; i++) {
+		int rate = (ap->supported_rates[i] & 0x7f) * 5;
+		if (rate == 60 || rate == 90 || rate > 110)
+			return 0;
+	}
+
+	return 1;
+}
+
+
+struct ap_info * ap_get_ap(struct hostapd_iface *iface, u8 *ap)
+{
+	struct ap_info *s;
+
+	s = iface->ap_hash[STA_HASH(ap)];
+	while (s != NULL && os_memcmp(s->addr, ap, ETH_ALEN) != 0)
+		s = s->hnext;
+	return s;
+}
+
+
+static void ap_ap_list_add(struct hostapd_iface *iface, struct ap_info *ap)
+{
+	if (iface->ap_list) {
+		ap->prev = iface->ap_list->prev;
+		iface->ap_list->prev = ap;
+	} else
+		ap->prev = ap;
+	ap->next = iface->ap_list;
+	iface->ap_list = ap;
+}
+
+
+static void ap_ap_list_del(struct hostapd_iface *iface, struct ap_info *ap)
+{
+	if (iface->ap_list == ap)
+		iface->ap_list = ap->next;
+	else
+		ap->prev->next = ap->next;
+
+	if (ap->next)
+		ap->next->prev = ap->prev;
+	else if (iface->ap_list)
+		iface->ap_list->prev = ap->prev;
+}
+
+
+static void ap_ap_iter_list_add(struct hostapd_iface *iface,
+				struct ap_info *ap)
+{
+	if (iface->ap_iter_list) {
+		ap->iter_prev = iface->ap_iter_list->iter_prev;
+		iface->ap_iter_list->iter_prev = ap;
+	} else
+		ap->iter_prev = ap;
+	ap->iter_next = iface->ap_iter_list;
+	iface->ap_iter_list = ap;
+}
+
+
+static void ap_ap_iter_list_del(struct hostapd_iface *iface,
+				struct ap_info *ap)
+{
+	if (iface->ap_iter_list == ap)
+		iface->ap_iter_list = ap->iter_next;
+	else
+		ap->iter_prev->iter_next = ap->iter_next;
+
+	if (ap->iter_next)
+		ap->iter_next->iter_prev = ap->iter_prev;
+	else if (iface->ap_iter_list)
+		iface->ap_iter_list->iter_prev = ap->iter_prev;
+}
+
+
+static void ap_ap_hash_add(struct hostapd_iface *iface, struct ap_info *ap)
+{
+	ap->hnext = iface->ap_hash[STA_HASH(ap->addr)];
+	iface->ap_hash[STA_HASH(ap->addr)] = ap;
+}
+
+
+static void ap_ap_hash_del(struct hostapd_iface *iface, struct ap_info *ap)
+{
+	struct ap_info *s;
+
+	s = iface->ap_hash[STA_HASH(ap->addr)];
+	if (s == NULL) return;
+	if (os_memcmp(s->addr, ap->addr, ETH_ALEN) == 0) {
+		iface->ap_hash[STA_HASH(ap->addr)] = s->hnext;
+		return;
+	}
+
+	while (s->hnext != NULL &&
+	       os_memcmp(s->hnext->addr, ap->addr, ETH_ALEN) != 0)
+		s = s->hnext;
+	if (s->hnext != NULL)
+		s->hnext = s->hnext->hnext;
+	else
+		printf("AP: could not remove AP " MACSTR " from hash table\n",
+		       MAC2STR(ap->addr));
+}
+
+
+static void ap_free_ap(struct hostapd_iface *iface, struct ap_info *ap)
+{
+	ap_ap_hash_del(iface, ap);
+	ap_ap_list_del(iface, ap);
+	ap_ap_iter_list_del(iface, ap);
+
+	iface->num_ap--;
+	os_free(ap);
+}
+
+
+static void hostapd_free_aps(struct hostapd_iface *iface)
+{
+	struct ap_info *ap, *prev;
+
+	ap = iface->ap_list;
+
+	while (ap) {
+		prev = ap;
+		ap = ap->next;
+		ap_free_ap(iface, prev);
+	}
+
+	iface->ap_list = NULL;
+}
+
+
+int ap_ap_for_each(struct hostapd_iface *iface,
+		   int (*func)(struct ap_info *s, void *data), void *data)
+{
+	struct ap_info *s;
+	int ret = 0;
+
+	s = iface->ap_list;
+
+	while (s) {
+		ret = func(s, data);
+		if (ret)
+			break;
+		s = s->next;
+	}
+
+	return ret;
+}
+
+
+static struct ap_info * ap_ap_add(struct hostapd_iface *iface, u8 *addr)
+{
+	struct ap_info *ap;
+
+	ap = os_zalloc(sizeof(struct ap_info));
+	if (ap == NULL)
+		return NULL;
+
+	/* initialize AP info data */
+	os_memcpy(ap->addr, addr, ETH_ALEN);
+	ap_ap_list_add(iface, ap);
+	iface->num_ap++;
+	ap_ap_hash_add(iface, ap);
+	ap_ap_iter_list_add(iface, ap);
+
+	if (iface->num_ap > iface->conf->ap_table_max_size && ap != ap->prev) {
+		wpa_printf(MSG_DEBUG, "Removing the least recently used AP "
+			   MACSTR " from AP table", MAC2STR(ap->prev->addr));
+		if (iface->conf->passive_scan_interval > 0)
+			ap_list_expired_ap(iface, ap->prev);
+		ap_free_ap(iface, ap->prev);
+	}
+
+	return ap;
+}
+
+
+void ap_list_process_beacon(struct hostapd_iface *iface,
+			    struct ieee80211_mgmt *mgmt,
+			    struct ieee802_11_elems *elems,
+			    struct hostapd_frame_info *fi)
+{
+	struct ap_info *ap;
+	int new_ap = 0;
+	size_t len;
+
+	if (iface->conf->ap_table_max_size < 1)
+		return;
+
+	ap = ap_get_ap(iface, mgmt->bssid);
+	if (!ap) {
+		ap = ap_ap_add(iface, mgmt->bssid);
+		if (!ap) {
+			printf("Failed to allocate AP information entry\n");
+			return;
+		}
+		new_ap = 1;
+	}
+
+	ap->beacon_int = le_to_host16(mgmt->u.beacon.beacon_int);
+	ap->capability = le_to_host16(mgmt->u.beacon.capab_info);
+
+	if (elems->ssid) {
+		len = elems->ssid_len;
+		if (len >= sizeof(ap->ssid))
+			len = sizeof(ap->ssid) - 1;
+		os_memcpy(ap->ssid, elems->ssid, len);
+		ap->ssid[len] = '\0';
+		ap->ssid_len = len;
+	}
+
+	os_memset(ap->supported_rates, 0, WLAN_SUPP_RATES_MAX);
+	len = 0;
+	if (elems->supp_rates) {
+		len = elems->supp_rates_len;
+		if (len > WLAN_SUPP_RATES_MAX)
+			len = WLAN_SUPP_RATES_MAX;
+		os_memcpy(ap->supported_rates, elems->supp_rates, len);
+	}
+	if (elems->ext_supp_rates) {
+		int len2;
+		if (len + elems->ext_supp_rates_len > WLAN_SUPP_RATES_MAX)
+			len2 = WLAN_SUPP_RATES_MAX - len;
+		else
+			len2 = elems->ext_supp_rates_len;
+		os_memcpy(ap->supported_rates + len, elems->ext_supp_rates,
+			  len2);
+	}
+
+	ap->wpa = elems->wpa_ie != NULL;
+
+	if (elems->erp_info && elems->erp_info_len == 1)
+		ap->erp = elems->erp_info[0];
+	else
+		ap->erp = -1;
+
+	if (elems->ds_params && elems->ds_params_len == 1)
+		ap->channel = elems->ds_params[0];
+	else if (fi)
+		ap->channel = fi->channel;
+
+	ap->num_beacons++;
+	time(&ap->last_beacon);
+	if (fi) {
+		ap->phytype = fi->phytype;
+		ap->ssi_signal = fi->ssi_signal;
+		ap->datarate = fi->datarate;
+	}
+
+	if (new_ap) {
+		if (iface->conf->passive_scan_interval > 0)
+			ap_list_new_ap(iface, ap);
+	} else if (ap != iface->ap_list) {
+		/* move AP entry into the beginning of the list so that the
+		 * oldest entry is always in the end of the list */
+		ap_ap_list_del(iface, ap);
+		ap_ap_list_add(iface, ap);
+	}
+
+	if (!iface->olbc &&
+	    ap_list_beacon_olbc(iface, ap)) {
+		struct hostapd_data *hapd = iface->bss[0];
+		iface->olbc = 1;
+		wpa_printf(MSG_DEBUG, "OLBC AP detected: " MACSTR " - enable "
+			   "protection", MAC2STR(ap->addr));
+		ieee802_11_set_beacons(hapd->iface);
+	}
+}
+
+
+static void ap_list_timer(void *eloop_ctx, void *timeout_ctx)
+{
+	struct hostapd_iface *iface = eloop_ctx;
+	time_t now;
+	struct ap_info *ap;
+
+	eloop_register_timeout(10, 0, ap_list_timer, iface, NULL);
+
+	if (!iface->ap_list)
+		return;
+
+	time(&now);
+
+	/* FIX: it looks like jkm-Purina ended up in busy loop in this
+	 * function. Apparently, something can still cause a loop in the AP
+	 * list.. */
+
+	while (iface->ap_list) {
+		ap = iface->ap_list->prev;
+		if (ap->last_beacon + iface->conf->ap_table_expiration_time >=
+		    now)
+			break;
+
+		if (iface->conf->passive_scan_interval > 0)
+			ap_list_expired_ap(iface, ap);
+		ap_free_ap(iface, ap);
+	}
+
+	if (iface->olbc) {
+		int olbc = 0;
+		ap = iface->ap_list;
+		while (ap) {
+			if (ap_list_beacon_olbc(iface, ap)) {
+				olbc = 1;
+				break;
+			}
+			ap = ap->next;
+		}
+		if (!olbc) {
+			struct hostapd_data *hapd = iface->bss[0];
+			wpa_printf(MSG_DEBUG, "OLBC not detected anymore");
+			iface->olbc = 0;
+			ieee802_11_set_beacons(hapd->iface);
+		}
+	}
+}
+
+
+int ap_list_init(struct hostapd_iface *iface)
+{
+	eloop_register_timeout(10, 0, ap_list_timer, iface, NULL);
+	return 0;
+}
+
+
+void ap_list_deinit(struct hostapd_iface *iface)
+{
+	eloop_cancel_timeout(ap_list_timer, iface, NULL);
+	hostapd_free_aps(iface);
+}
+
+
+int ap_list_reconfig(struct hostapd_iface *iface,
+		     struct hostapd_config *oldconf)
+{
+	time_t now;
+	struct ap_info *ap;
+
+	if (iface->conf->ap_table_max_size == oldconf->ap_table_max_size &&
+	    iface->conf->ap_table_expiration_time ==
+	    oldconf->ap_table_expiration_time)
+		return 0;
+
+	time(&now);
+
+	while (iface->ap_list) {
+		ap = iface->ap_list->prev;
+		if (iface->num_ap <= iface->conf->ap_table_max_size &&
+		    ap->last_beacon + iface->conf->ap_table_expiration_time >=
+		    now)
+			break;
+
+		if (iface->conf->passive_scan_interval > 0)
+			ap_list_expired_ap(iface, iface->ap_list->prev);
+		ap_free_ap(iface, iface->ap_list->prev);
+	}
+
+	return 0;
+}

hostapd/ap_list.h

@@ -0,0 +1,68 @@
+/*
+ * hostapd / AP table
+ * Copyright 2002-2003, Jouni Malinen <j@w1.fi>
+ * Copyright 2003-2004, Instant802 Networks, Inc.
+ * Copyright 2006, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef AP_LIST_H
+#define AP_LIST_H
+
+struct ap_info {
+	/* Note: next/prev pointers are updated whenever a new beacon is
+	 * received because these are used to find the least recently used
+	 * entries. iter_next/iter_prev are updated only when adding new BSSes
+	 * and when removing old ones. These should be used when iterating
+	 * through the table in a manner that allows beacons to be received
+	 * during the iteration. */
+	struct ap_info *next; /* next entry in AP list */
+	struct ap_info *prev; /* previous entry in AP list */
+	struct ap_info *hnext; /* next entry in hash table list */
+	struct ap_info *iter_next; /* next entry in AP iteration list */
+	struct ap_info *iter_prev; /* previous entry in AP iteration list */
+	u8 addr[6];
+	u16 beacon_int;
+	u16 capability;
+	u8 supported_rates[WLAN_SUPP_RATES_MAX];
+	u8 ssid[33];
+	size_t ssid_len;
+	int wpa;
+	int erp; /* ERP Info or -1 if ERP info element not present */
+
+	int phytype; /* .11a / .11b / .11g / Atheros Turbo */
+	int channel;
+	int datarate; /* in 100 kbps */
+	int ssi_signal;
+
+	unsigned int num_beacons; /* number of beacon frames received */
+	time_t last_beacon;
+
+	int already_seen; /* whether API call AP-NEW has already fetched
+			   * information about this AP */
+};
+
+struct ieee802_11_elems;
+struct hostapd_frame_info;
+
+struct ap_info * ap_get_ap(struct hostapd_iface *iface, u8 *sta);
+int ap_ap_for_each(struct hostapd_iface *iface,
+		   int (*func)(struct ap_info *s, void *data), void *data);
+void ap_list_process_beacon(struct hostapd_iface *iface,
+			    struct ieee80211_mgmt *mgmt,
+			    struct ieee802_11_elems *elems,
+			    struct hostapd_frame_info *fi);
+int ap_list_init(struct hostapd_iface *iface);
+void ap_list_deinit(struct hostapd_iface *iface);
+int ap_list_reconfig(struct hostapd_iface *iface,
+		     struct hostapd_config *oldconf);
+
+#endif /* AP_LIST_H */

hostapd/beacon.c

@@ -0,0 +1,418 @@
+/*
+ * hostapd / IEEE 802.11 Management: Beacon and Probe Request/Response
+ * Copyright (c) 2002-2004, Instant802 Networks, Inc.
+ * Copyright (c) 2005-2006, Devicescape Software, Inc.
+ * Copyright (c) 2008, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#ifndef CONFIG_NATIVE_WINDOWS
+
+#include "hostapd.h"
+#include "ieee802_11.h"
+#include "wpa.h"
+#include "wme.h"
+#include "beacon.h"
+#include "hw_features.h"
+#include "driver.h"
+#include "sta_info.h"
+#include "ieee802_11h.h"
+
+
+static u8 ieee802_11_erp_info(struct hostapd_data *hapd)
+{
+	u8 erp = 0;
+
+	if (hapd->iface->current_mode == NULL ||
+	    hapd->iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G)
+		return 0;
+
+	switch (hapd->iconf->cts_protection_type) {
+	case CTS_PROTECTION_FORCE_ENABLED:
+		erp |= ERP_INFO_NON_ERP_PRESENT | ERP_INFO_USE_PROTECTION;
+		break;
+	case CTS_PROTECTION_FORCE_DISABLED:
+		erp = 0;
+		break;
+	case CTS_PROTECTION_AUTOMATIC:
+		if (hapd->iface->olbc)
+			erp |= ERP_INFO_USE_PROTECTION;
+		/* continue */
+	case CTS_PROTECTION_AUTOMATIC_NO_OLBC:
+		if (hapd->iface->num_sta_non_erp > 0) {
+			erp |= ERP_INFO_NON_ERP_PRESENT |
+				ERP_INFO_USE_PROTECTION;
+		}
+		break;
+	}
+	if (hapd->iface->num_sta_no_short_preamble > 0)
+		erp |= ERP_INFO_BARKER_PREAMBLE_MODE;
+
+	return erp;
+}
+
+
+static u8 * hostapd_eid_ds_params(struct hostapd_data *hapd, u8 *eid)
+{
+	*eid++ = WLAN_EID_DS_PARAMS;
+	*eid++ = 1;
+	*eid++ = hapd->iconf->channel;
+	return eid;
+}
+
+
+static u8 * hostapd_eid_erp_info(struct hostapd_data *hapd, u8 *eid)
+{
+	if (hapd->iface->current_mode == NULL ||
+	    hapd->iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G)
+		return eid;
+
+	/* Set NonERP_present and use_protection bits if there
+	 * are any associated NonERP stations. */
+	/* TODO: use_protection bit can be set to zero even if
+	 * there are NonERP stations present. This optimization
+	 * might be useful if NonERP stations are "quiet".
+	 * See 802.11g/D6 E-1 for recommended practice.
+	 * In addition, Non ERP present might be set, if AP detects Non ERP
+	 * operation on other APs. */
+
+	/* Add ERP Information element */
+	*eid++ = WLAN_EID_ERP_INFO;
+	*eid++ = 1;
+	*eid++ = ieee802_11_erp_info(hapd);
+
+	return eid;
+}
+
+
+static u8 * hostapd_eid_country(struct hostapd_data *hapd, u8 *eid,
+				int max_len)
+{
+	u8 *pos = eid;
+
+	if ((!hapd->iconf->ieee80211d && !hapd->iface->dfs_enable) ||
+	    max_len < 6)
+		return eid;
+
+	*pos++ = WLAN_EID_COUNTRY;
+	pos++; /* length will be set later */
+	os_memcpy(pos, hapd->iconf->country, 3); /* e.g., 'US ' */
+	pos += 3;
+
+	if ((pos - eid) & 1)
+		*pos++ = 0; /* pad for 16-bit alignment */
+
+	eid[1] = (pos - eid) - 2;
+
+	return pos;
+}
+
+
+static u8 * hostapd_eid_power_constraint(struct hostapd_data *hapd, u8 *eid)
+
+{
+	if (!hapd->iface->dfs_enable)
+		return eid;
+	*eid++ = WLAN_EID_PWR_CONSTRAINT;
+	*eid++ = 1;
+	*eid++ = hapd->iface->pwr_const;
+	return eid;
+}
+
+
+static u8 * hostapd_eid_tpc_report(struct hostapd_data *hapd, u8 *eid)
+
+{
+	if (!hapd->iface->dfs_enable)
+		return eid;
+	*eid++ = WLAN_EID_TPC_REPORT;
+	*eid++ = 2;
+	*eid++ = hapd->iface->tx_power; /* TX POWER */
+	*eid++ = 0; /* Link Margin */
+	return eid;
+}
+
+static u8 * hostapd_eid_channel_switch(struct hostapd_data *hapd, u8 *eid)
+
+{
+	if (!hapd->iface->dfs_enable || !hapd->iface->channel_switch)
+		return eid;
+	*eid++ = WLAN_EID_CHANNEL_SWITCH;
+	*eid++ = 3;
+	*eid++ = CHAN_SWITCH_MODE_QUIET;
+	*eid++ = hapd->iface->channel_switch; /* New channel */
+	/* 0 - very soon; 1 - before next TBTT; num - after num beacons */
+	*eid++ = 0;
+	return eid;
+}
+
+
+static u8 * hostapd_eid_wpa(struct hostapd_data *hapd, u8 *eid, size_t len,
+			    struct sta_info *sta)
+{
+	const u8 *ie;
+	size_t ielen;
+
+	ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ielen);
+	if (ie == NULL || ielen > len)
+		return eid;
+
+	os_memcpy(eid, ie, ielen);
+	return eid + ielen;
+}
+
+
+void handle_probe_req(struct hostapd_data *hapd, struct ieee80211_mgmt *mgmt,
+		      size_t len)
+{
+	struct ieee80211_mgmt *resp;
+	struct ieee802_11_elems elems;
+	char *ssid;
+	u8 *pos, *epos, *ie;
+	size_t ssid_len, ie_len;
+	struct sta_info *sta = NULL;
+
+	ie = mgmt->u.probe_req.variable;
+	ie_len = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.probe_req));
+
+	if (!hapd->iconf->send_probe_response)
+		return;
+
+	if (ieee802_11_parse_elems(hapd, ie, ie_len, &elems, 0) == ParseFailed)
+	{
+		wpa_printf(MSG_DEBUG, "Could not parse ProbeReq from " MACSTR,
+			   MAC2STR(mgmt->sa));
+		return;
+	}
+
+	ssid = NULL;
+	ssid_len = 0;
+
+	if ((!elems.ssid || !elems.supp_rates)) {
+		wpa_printf(MSG_DEBUG, "STA " MACSTR " sent probe request "
+			   "without SSID or supported rates element",
+			   MAC2STR(mgmt->sa));
+		return;
+	}
+
+	if (hapd->conf->ignore_broadcast_ssid && elems.ssid_len == 0) {
+		wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR " for "
+			   "broadcast SSID ignored", MAC2STR(mgmt->sa));
+		return;
+	}
+
+	sta = ap_get_sta(hapd, mgmt->sa);
+
+	if (elems.ssid_len == 0 ||
+	    (elems.ssid_len == hapd->conf->ssid.ssid_len &&
+	     os_memcmp(elems.ssid, hapd->conf->ssid.ssid, elems.ssid_len) ==
+	     0)) {
+		ssid = hapd->conf->ssid.ssid;
+		ssid_len = hapd->conf->ssid.ssid_len;
+		if (sta)
+			sta->ssid_probe = &hapd->conf->ssid;
+	}
+
+	if (!ssid) {
+		if (!(mgmt->da[0] & 0x01)) {
+			char ssid_txt[33];
+			ieee802_11_print_ssid(ssid_txt, elems.ssid,
+					      elems.ssid_len);
+			wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR
+				   " for foreign SSID '%s'",
+				   MAC2STR(mgmt->sa), ssid_txt);
+		}
+		return;
+	}
+
+	/* TODO: verify that supp_rates contains at least one matching rate
+	 * with AP configuration */
+#define MAX_PROBERESP_LEN 768
+	resp = os_zalloc(MAX_PROBERESP_LEN);
+	if (resp == NULL)
+		return;
+	epos = ((u8 *) resp) + MAX_PROBERESP_LEN;
+
+	resp->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+					   WLAN_FC_STYPE_PROBE_RESP);
+	os_memcpy(resp->da, mgmt->sa, ETH_ALEN);
+	os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN);
+
+	os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN);
+	resp->u.probe_resp.beacon_int =
+		host_to_le16(hapd->iconf->beacon_int);
+
+	/* hardware or low-level driver will setup seq_ctrl and timestamp */
+	resp->u.probe_resp.capab_info =
+		host_to_le16(hostapd_own_capab_info(hapd, sta, 1));
+
+	pos = resp->u.probe_resp.variable;
+	*pos++ = WLAN_EID_SSID;
+	*pos++ = ssid_len;
+	os_memcpy(pos, ssid, ssid_len);
+	pos += ssid_len;
+
+	/* Supported rates */
+	pos = hostapd_eid_supp_rates(hapd, pos);
+
+	/* DS Params */
+	pos = hostapd_eid_ds_params(hapd, pos);
+
+	pos = hostapd_eid_country(hapd, pos, epos - pos);
+
+	pos = hostapd_eid_power_constraint(hapd, pos);
+	pos = hostapd_eid_tpc_report(hapd, pos);
+
+	/* ERP Information element */
+	pos = hostapd_eid_erp_info(hapd, pos);
+
+	/* Extended supported rates */
+	pos = hostapd_eid_ext_supp_rates(hapd, pos);
+
+	pos = hostapd_eid_wpa(hapd, pos, epos - pos, sta);
+
+	/* Wi-Fi Wireless Multimedia Extensions */
+	if (hapd->conf->wme_enabled)
+		pos = hostapd_eid_wme(hapd, pos);
+
+	if (hostapd_send_mgmt_frame(hapd, resp, pos - (u8 *) resp, 0) < 0)
+		perror("handle_probe_req: send");
+
+	os_free(resp);
+
+	wpa_printf(MSG_MSGDUMP, "STA " MACSTR " sent probe request for %s "
+		   "SSID", MAC2STR(mgmt->sa),
+		   elems.ssid_len == 0 ? "broadcast" : "our");
+}
+
+
+void ieee802_11_set_beacon(struct hostapd_data *hapd)
+{
+	struct ieee80211_mgmt *head;
+	u8 *pos, *tail, *tailpos;
+	int preamble;
+	u16 capab_info;
+	size_t head_len, tail_len;
+	int cts_protection = ((ieee802_11_erp_info(hapd) &
+			      ERP_INFO_USE_PROTECTION) ? 1 : 0);
+
+#define BEACON_HEAD_BUF_SIZE 256
+#define BEACON_TAIL_BUF_SIZE 512
+	head = os_zalloc(BEACON_HEAD_BUF_SIZE);
+	tailpos = tail = os_malloc(BEACON_TAIL_BUF_SIZE);
+	if (head == NULL || tail == NULL) {
+		wpa_printf(MSG_ERROR, "Failed to set beacon data");
+		os_free(head);
+		os_free(tail);
+		return;
+	}
+
+	head->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+					   WLAN_FC_STYPE_BEACON);
+	head->duration = host_to_le16(0);
+	os_memset(head->da, 0xff, ETH_ALEN);
+
+	os_memcpy(head->sa, hapd->own_addr, ETH_ALEN);
+	os_memcpy(head->bssid, hapd->own_addr, ETH_ALEN);
+	head->u.beacon.beacon_int =
+		host_to_le16(hapd->iconf->beacon_int);
+
+	/* hardware or low-level driver will setup seq_ctrl and timestamp */
+	capab_info = hostapd_own_capab_info(hapd, NULL, 0);
+	head->u.beacon.capab_info = host_to_le16(capab_info);
+	pos = &head->u.beacon.variable[0];
+
+	/* SSID */
+	*pos++ = WLAN_EID_SSID;
+	if (hapd->conf->ignore_broadcast_ssid == 2) {
+		/* clear the data, but keep the correct length of the SSID */
+		*pos++ = hapd->conf->ssid.ssid_len;
+		os_memset(pos, 0, hapd->conf->ssid.ssid_len);
+		pos += hapd->conf->ssid.ssid_len;
+	} else if (hapd->conf->ignore_broadcast_ssid) {
+		*pos++ = 0; /* empty SSID */
+	} else {
+		*pos++ = hapd->conf->ssid.ssid_len;
+		os_memcpy(pos, hapd->conf->ssid.ssid,
+			  hapd->conf->ssid.ssid_len);
+		pos += hapd->conf->ssid.ssid_len;
+	}
+
+	/* Supported rates */
+	pos = hostapd_eid_supp_rates(hapd, pos);
+
+	/* DS Params */
+	pos = hostapd_eid_ds_params(hapd, pos);
+
+	head_len = pos - (u8 *) head;
+
+	tailpos = hostapd_eid_country(hapd, tailpos,
+				      tail + BEACON_TAIL_BUF_SIZE - tailpos);
+
+	tailpos = hostapd_eid_power_constraint(hapd, tailpos);
+	tailpos = hostapd_eid_channel_switch(hapd, tailpos);
+	tailpos = hostapd_eid_tpc_report(hapd, tailpos);
+
+	/* ERP Information element */
+	tailpos = hostapd_eid_erp_info(hapd, tailpos);
+
+	/* Extended supported rates */
+	tailpos = hostapd_eid_ext_supp_rates(hapd, tailpos);
+
+	tailpos = hostapd_eid_wpa(hapd, tailpos, tail + BEACON_TAIL_BUF_SIZE -
+				  tailpos, NULL);
+
+	/* Wi-Fi Wireless Multimedia Extensions */
+	if (hapd->conf->wme_enabled)
+		tailpos = hostapd_eid_wme(hapd, tailpos);
+
+	tail_len = tailpos > tail ? tailpos - tail : 0;
+
+	if (hostapd_set_beacon(hapd->conf->iface, hapd, (u8 *) head, head_len,
+			       tail, tail_len))
+		wpa_printf(MSG_ERROR, "Failed to set beacon head/tail");
+
+	os_free(tail);
+	os_free(head);
+
+	if (hostapd_set_cts_protect(hapd, cts_protection))
+		wpa_printf(MSG_ERROR, "Failed to set CTS protect in kernel "
+			   "driver");
+
+	if (hapd->iface->current_mode &&
+	    hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G &&
+	    hostapd_set_short_slot_time(hapd,
+					hapd->iface->num_sta_no_short_slot_time
+					> 0 ? 0 : 1))
+		wpa_printf(MSG_ERROR, "Failed to set Short Slot Time option "
+			   "in kernel driver");
+
+	if (hapd->iface->num_sta_no_short_preamble == 0 &&
+	    hapd->iconf->preamble == SHORT_PREAMBLE)
+		preamble = SHORT_PREAMBLE;
+	else
+		preamble = LONG_PREAMBLE;
+	if (hostapd_set_preamble(hapd, preamble))
+		wpa_printf(MSG_ERROR, "Could not set preamble for kernel "
+			   "driver");
+}
+
+
+void ieee802_11_set_beacons(struct hostapd_iface *iface)
+{
+	size_t i;
+	for (i = 0; i < iface->num_bss; i++)
+		ieee802_11_set_beacon(iface->bss[i]);
+}
+
+#endif /* CONFIG_NATIVE_WINDOWS */

hostapd/beacon.h

@@ -0,0 +1,24 @@
+/*
+ * hostapd / IEEE 802.11 Management: Beacon and Probe Request/Response
+ * Copyright (c) 2002-2004, Instant802 Networks, Inc.
+ * Copyright (c) 2005-2006, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef BEACON_H
+#define BEACON_H
+
+void handle_probe_req(struct hostapd_data *hapd, struct ieee80211_mgmt *mgmt,
+		      size_t len);
+void ieee802_11_set_beacon(struct hostapd_data *hapd);
+void ieee802_11_set_beacons(struct hostapd_iface *iface);
+
+#endif /* BEACON_H */

hostapd/config.c

@@ -0,0 +1,2238 @@
+/*
+ * hostapd / Configuration file
+ * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#ifndef CONFIG_NATIVE_WINDOWS
+#include <grp.h>
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+#include "hostapd.h"
+#include "driver.h"
+#include "sha1.h"
+#include "eap_server/eap.h"
+#include "radius/radius_client.h"
+#include "wpa_common.h"
+#include "wpa.h"
+#include "uuid.h"
+
+
+#define MAX_STA_COUNT 2007
+
+extern struct wpa_driver_ops *hostapd_drivers[];
+
+
+static int hostapd_config_read_vlan_file(struct hostapd_bss_config *bss,
+					 const char *fname)
+{
+	FILE *f;
+	char buf[128], *pos, *pos2;
+	int line = 0, vlan_id;
+	struct hostapd_vlan *vlan;
+
+	f = fopen(fname, "r");
+	if (!f) {
+		printf("VLAN file '%s' not readable.\n", fname);
+		return -1;
+	}
+
+	while (fgets(buf, sizeof(buf), f)) {
+		line++;
+
+		if (buf[0] == '#')
+			continue;
+		pos = buf;
+		while (*pos != '\0') {
+			if (*pos == '\n') {
+				*pos = '\0';
+				break;
+			}
+			pos++;
+		}
+		if (buf[0] == '\0')
+			continue;
+
+		if (buf[0] == '*') {
+			vlan_id = VLAN_ID_WILDCARD;
+			pos = buf + 1;
+		} else {
+			vlan_id = strtol(buf, &pos, 10);
+			if (buf == pos || vlan_id < 1 ||
+			    vlan_id > MAX_VLAN_ID) {
+				printf("Invalid VLAN ID at line %d in '%s'\n",
+				       line, fname);
+				fclose(f);
+				return -1;
+			}
+		}
+
+		while (*pos == ' ' || *pos == '\t')
+			pos++;
+		pos2 = pos;
+		while (*pos2 != ' ' && *pos2 != '\t' && *pos2 != '\0')
+			pos2++;
+		*pos2 = '\0';
+		if (*pos == '\0' || os_strlen(pos) > IFNAMSIZ) {
+			printf("Invalid VLAN ifname at line %d in '%s'\n",
+			       line, fname);
+			fclose(f);
+			return -1;
+		}
+
+		vlan = os_malloc(sizeof(*vlan));
+		if (vlan == NULL) {
+			printf("Out of memory while reading VLAN interfaces "
+			       "from '%s'\n", fname);
+			fclose(f);
+			return -1;
+		}
+
+		os_memset(vlan, 0, sizeof(*vlan));
+		vlan->vlan_id = vlan_id;
+		os_strlcpy(vlan->ifname, pos, sizeof(vlan->ifname));
+		if (bss->vlan_tail)
+			bss->vlan_tail->next = vlan;
+		else
+			bss->vlan = vlan;
+		bss->vlan_tail = vlan;
+	}
+
+	fclose(f);
+
+	return 0;
+}
+
+
+static void hostapd_config_free_vlan(struct hostapd_bss_config *bss)
+{
+	struct hostapd_vlan *vlan, *prev;
+
+	vlan = bss->vlan;
+	prev = NULL;
+	while (vlan) {
+		prev = vlan;
+		vlan = vlan->next;
+		os_free(prev);
+	}
+
+	bss->vlan = NULL;
+}
+
+
+/* convert floats with one decimal place to value*10 int, i.e.,
+ * "1.5" will return 15 */
+static int hostapd_config_read_int10(const char *value)
+{
+	int i, d;
+	char *pos;
+
+	i = atoi(value);
+	pos = os_strchr(value, '.');
+	d = 0;
+	if (pos) {
+		pos++;
+		if (*pos >= '0' && *pos <= '9')
+			d = *pos - '0';
+	}
+
+	return i * 10 + d;
+}
+
+
+static void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
+{
+	bss->logger_syslog_level = HOSTAPD_LEVEL_INFO;
+	bss->logger_stdout_level = HOSTAPD_LEVEL_INFO;
+	bss->logger_syslog = (unsigned int) -1;
+	bss->logger_stdout = (unsigned int) -1;
+
+	bss->auth_algs = WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED;
+
+	bss->wep_rekeying_period = 300;
+	/* use key0 in individual key and key1 in broadcast key */
+	bss->broadcast_key_idx_min = 1;
+	bss->broadcast_key_idx_max = 2;
+	bss->eap_reauth_period = 3600;
+
+	bss->wpa_group_rekey = 600;
+	bss->wpa_gmk_rekey = 86400;
+	bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
+	bss->wpa_pairwise = WPA_CIPHER_TKIP;
+	bss->wpa_group = WPA_CIPHER_TKIP;
+	bss->rsn_pairwise = 0;
+
+	bss->max_num_sta = MAX_STA_COUNT;
+
+	bss->dtim_period = 2;
+
+	bss->radius_server_auth_port = 1812;
+	bss->ap_max_inactivity = AP_MAX_INACTIVITY;
+	bss->eapol_version = EAPOL_VERSION;
+}
+
+
+static struct hostapd_config * hostapd_config_defaults(void)
+{
+	struct hostapd_config *conf;
+	struct hostapd_bss_config *bss;
+	int i;
+	const int aCWmin = 15, aCWmax = 1024;
+	const struct hostapd_wme_ac_params ac_bk =
+		{ aCWmin, aCWmax, 7, 0, 0 }; /* background traffic */
+	const struct hostapd_wme_ac_params ac_be =
+		{ aCWmin, aCWmax, 3, 0, 0 }; /* best effort traffic */
+	const struct hostapd_wme_ac_params ac_vi = /* video traffic */
+		{ aCWmin >> 1, aCWmin, 2, 3000 / 32, 1 };
+	const struct hostapd_wme_ac_params ac_vo = /* voice traffic */
+		{ aCWmin >> 2, aCWmin >> 1, 2, 1500 / 32, 1 };
+
+	conf = os_zalloc(sizeof(*conf));
+	bss = os_zalloc(sizeof(*bss));
+	if (conf == NULL || bss == NULL) {
+		printf("Failed to allocate memory for configuration data.\n");
+		os_free(conf);
+		os_free(bss);
+		return NULL;
+	}
+
+	/* set default driver based on configuration */
+	conf->driver = hostapd_drivers[0];
+	if (conf->driver == NULL) {
+		printf("No driver wrappers registered!\n");
+		os_free(conf);
+		os_free(bss);
+		return NULL;
+	}
+
+	bss->radius = os_zalloc(sizeof(*bss->radius));
+	if (bss->radius == NULL) {
+		os_free(conf);
+		os_free(bss);
+		return NULL;
+	}
+
+	hostapd_config_defaults_bss(bss);
+
+	conf->num_bss = 1;
+	conf->bss = bss;
+
+	conf->beacon_int = 100;
+	conf->rts_threshold = -1; /* use driver default: 2347 */
+	conf->fragm_threshold = -1; /* user driver default: 2346 */
+	conf->send_probe_response = 1;
+	conf->bridge_packets = INTERNAL_BRIDGE_DO_NOT_CONTROL;
+
+	os_memcpy(conf->country, "US ", 3);
+
+	for (i = 0; i < NUM_TX_QUEUES; i++)
+		conf->tx_queue[i].aifs = -1; /* use hw default */
+
+	conf->wme_ac_params[0] = ac_be;
+	conf->wme_ac_params[1] = ac_bk;
+	conf->wme_ac_params[2] = ac_vi;
+	conf->wme_ac_params[3] = ac_vo;
+
+	return conf;
+}
+
+
+int hostapd_mac_comp(const void *a, const void *b)
+{
+	return os_memcmp(a, b, sizeof(macaddr));
+}
+
+
+int hostapd_mac_comp_empty(const void *a)
+{
+	macaddr empty = { 0 };
+	return os_memcmp(a, empty, sizeof(macaddr));
+}
+
+
+static int hostapd_config_read_maclist(const char *fname, macaddr **acl,
+				       int *num)
+{
+	FILE *f;
+	char buf[128], *pos;
+	int line = 0;
+	u8 addr[ETH_ALEN];
+	macaddr *newacl;
+
+	if (!fname)
+		return 0;
+
+	f = fopen(fname, "r");
+	if (!f) {
+		printf("MAC list file '%s' not found.\n", fname);
+		return -1;
+	}
+
+	while (fgets(buf, sizeof(buf), f)) {
+		line++;
+
+		if (buf[0] == '#')
+			continue;
+		pos = buf;
+		while (*pos != '\0') {
+			if (*pos == '\n') {
+				*pos = '\0';
+				break;
+			}
+			pos++;
+		}
+		if (buf[0] == '\0')
+			continue;
+
+		if (hwaddr_aton(buf, addr)) {
+			printf("Invalid MAC address '%s' at line %d in '%s'\n",
+			       buf, line, fname);
+			fclose(f);
+			return -1;
+		}
+
+		newacl = os_realloc(*acl, (*num + 1) * ETH_ALEN);
+		if (newacl == NULL) {
+			printf("MAC list reallocation failed\n");
+			fclose(f);
+			return -1;
+		}
+
+		*acl = newacl;
+		os_memcpy((*acl)[*num], addr, ETH_ALEN);
+		(*num)++;
+	}
+
+	fclose(f);
+
+	qsort(*acl, *num, sizeof(macaddr), hostapd_mac_comp);
+
+	return 0;
+}
+
+
+static int hostapd_config_read_wpa_psk(const char *fname,
+				       struct hostapd_ssid *ssid)
+{
+	FILE *f;
+	char buf[128], *pos;
+	int line = 0, ret = 0, len, ok;
+	u8 addr[ETH_ALEN];
+	struct hostapd_wpa_psk *psk;
+
+	if (!fname)
+		return 0;
+
+	f = fopen(fname, "r");
+	if (!f) {
+		printf("WPA PSK file '%s' not found.\n", fname);
+		return -1;
+	}
+
+	while (fgets(buf, sizeof(buf), f)) {
+		line++;
+
+		if (buf[0] == '#')
+			continue;
+		pos = buf;
+		while (*pos != '\0') {
+			if (*pos == '\n') {
+				*pos = '\0';
+				break;
+			}
+			pos++;
+		}
+		if (buf[0] == '\0')
+			continue;
+
+		if (hwaddr_aton(buf, addr)) {
+			printf("Invalid MAC address '%s' on line %d in '%s'\n",
+			       buf, line, fname);
+			ret = -1;
+			break;
+		}
+
+		psk = os_zalloc(sizeof(*psk));
+		if (psk == NULL) {
+			printf("WPA PSK allocation failed\n");
+			ret = -1;
+			break;
+		}
+		if (os_memcmp(addr, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
+			psk->group = 1;
+		else
+			os_memcpy(psk->addr, addr, ETH_ALEN);
+
+		pos = buf + 17;
+		if (pos == '\0') {
+			printf("No PSK on line %d in '%s'\n", line, fname);
+			os_free(psk);
+			ret = -1;
+			break;
+		}
+		pos++;
+
+		ok = 0;
+		len = os_strlen(pos);
+		if (len == 64 && hexstr2bin(pos, psk->psk, PMK_LEN) == 0)
+			ok = 1;
+		else if (len >= 8 && len < 64) {
+			pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len,
+				    4096, psk->psk, PMK_LEN);
+			ok = 1;
+		}
+		if (!ok) {
+			printf("Invalid PSK '%s' on line %d in '%s'\n",
+			       pos, line, fname);
+			os_free(psk);
+			ret = -1;
+			break;
+		}
+
+		psk->next = ssid->wpa_psk;
+		ssid->wpa_psk = psk;
+	}
+
+	fclose(f);
+
+	return ret;
+}
+
+
+int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
+{
+	struct hostapd_ssid *ssid = &conf->ssid;
+
+	if (ssid->wpa_passphrase != NULL) {
+		if (ssid->wpa_psk != NULL) {
+			printf("Warning: both WPA PSK and passphrase set. "
+			       "Using passphrase.\n");
+			os_free(ssid->wpa_psk);
+		}
+		ssid->wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk));
+		if (ssid->wpa_psk == NULL) {
+			printf("Unable to alloc space for PSK\n");
+			return -1;
+		}
+		wpa_hexdump_ascii(MSG_DEBUG, "SSID",
+				  (u8 *) ssid->ssid, ssid->ssid_len);
+		wpa_hexdump_ascii(MSG_DEBUG, "PSK (ASCII passphrase)",
+				  (u8 *) ssid->wpa_passphrase,
+				  os_strlen(ssid->wpa_passphrase));
+		pbkdf2_sha1(ssid->wpa_passphrase,
+			    ssid->ssid, ssid->ssid_len,
+			    4096, ssid->wpa_psk->psk, PMK_LEN);
+		wpa_hexdump(MSG_DEBUG, "PSK (from passphrase)",
+			    ssid->wpa_psk->psk, PMK_LEN);
+		ssid->wpa_psk->group = 1;
+
+		os_memset(ssid->wpa_passphrase, 0,
+			  os_strlen(ssid->wpa_passphrase));
+		os_free(ssid->wpa_passphrase);
+		ssid->wpa_passphrase = NULL;
+	}
+
+	if (ssid->wpa_psk_file) {
+		if (hostapd_config_read_wpa_psk(ssid->wpa_psk_file,
+						&conf->ssid))
+			return -1;
+	}
+
+	return 0;
+}
+
+
+#ifdef EAP_SERVER
+static int hostapd_config_read_eap_user(const char *fname,
+					struct hostapd_bss_config *conf)
+{
+	FILE *f;
+	char buf[512], *pos, *start, *pos2;
+	int line = 0, ret = 0, num_methods;
+	struct hostapd_eap_user *user, *tail = NULL;
+
+	if (!fname)
+		return 0;
+
+	f = fopen(fname, "r");
+	if (!f) {
+		printf("EAP user file '%s' not found.\n", fname);
+		return -1;
+	}
+
+	/* Lines: "user" METHOD,METHOD2 "password" (password optional) */
+	while (fgets(buf, sizeof(buf), f)) {
+		line++;
+
+		if (buf[0] == '#')
+			continue;
+		pos = buf;
+		while (*pos != '\0') {
+			if (*pos == '\n') {
+				*pos = '\0';
+				break;
+			}
+			pos++;
+		}
+		if (buf[0] == '\0')
+			continue;
+
+		user = NULL;
+
+		if (buf[0] != '"' && buf[0] != '*') {
+			printf("Invalid EAP identity (no \" in start) on "
+			       "line %d in '%s'\n", line, fname);
+			goto failed;
+		}
+
+		user = os_zalloc(sizeof(*user));
+		if (user == NULL) {
+			printf("EAP user allocation failed\n");
+			goto failed;
+		}
+		user->force_version = -1;
+
+		if (buf[0] == '*') {
+			pos = buf;
+		} else {
+			pos = buf + 1;
+			start = pos;
+			while (*pos != '"' && *pos != '\0')
+				pos++;
+			if (*pos == '\0') {
+				printf("Invalid EAP identity (no \" in end) on"
+				       " line %d in '%s'\n", line, fname);
+				goto failed;
+			}
+
+			user->identity = os_malloc(pos - start);
+			if (user->identity == NULL) {
+				printf("Failed to allocate memory for EAP "
+				       "identity\n");
+				goto failed;
+			}
+			os_memcpy(user->identity, start, pos - start);
+			user->identity_len = pos - start;
+
+			if (pos[0] == '"' && pos[1] == '*') {
+				user->wildcard_prefix = 1;
+				pos++;
+			}
+		}
+		pos++;
+		while (*pos == ' ' || *pos == '\t')
+			pos++;
+
+		if (*pos == '\0') {
+			printf("No EAP method on line %d in '%s'\n",
+			       line, fname);
+			goto failed;
+		}
+
+		start = pos;
+		while (*pos != ' ' && *pos != '\t' && *pos != '\0')
+			pos++;
+		if (*pos == '\0') {
+			pos = NULL;
+		} else {
+			*pos = '\0';
+			pos++;
+		}
+		num_methods = 0;
+		while (*start) {
+			char *pos3 = os_strchr(start, ',');
+			if (pos3) {
+				*pos3++ = '\0';
+			}
+			user->methods[num_methods].method =
+				eap_server_get_type(
+					start,
+					&user->methods[num_methods].vendor);
+			if (user->methods[num_methods].vendor ==
+			    EAP_VENDOR_IETF &&
+			    user->methods[num_methods].method == EAP_TYPE_NONE)
+			{
+				if (os_strcmp(start, "TTLS-PAP") == 0) {
+					user->ttls_auth |= EAP_TTLS_AUTH_PAP;
+					goto skip_eap;
+				}
+				if (os_strcmp(start, "TTLS-CHAP") == 0) {
+					user->ttls_auth |= EAP_TTLS_AUTH_CHAP;
+					goto skip_eap;
+				}
+				if (os_strcmp(start, "TTLS-MSCHAP") == 0) {
+					user->ttls_auth |=
+						EAP_TTLS_AUTH_MSCHAP;
+					goto skip_eap;
+				}
+				if (os_strcmp(start, "TTLS-MSCHAPV2") == 0) {
+					user->ttls_auth |=
+						EAP_TTLS_AUTH_MSCHAPV2;
+					goto skip_eap;
+				}
+				printf("Unsupported EAP type '%s' on line %d "
+				       "in '%s'\n", start, line, fname);
+				goto failed;
+			}
+
+			num_methods++;
+			if (num_methods >= EAP_USER_MAX_METHODS)
+				break;
+		skip_eap:
+			if (pos3 == NULL)
+				break;
+			start = pos3;
+		}
+		if (num_methods == 0 && user->ttls_auth == 0) {
+			printf("No EAP types configured on line %d in '%s'\n",
+			       line, fname);
+			goto failed;
+		}
+
+		if (pos == NULL)
+			goto done;
+
+		while (*pos == ' ' || *pos == '\t')
+			pos++;
+		if (*pos == '\0')
+			goto done;
+
+		if (os_strncmp(pos, "[ver=0]", 7) == 0) {
+			user->force_version = 0;
+			goto done;
+		}
+
+		if (os_strncmp(pos, "[ver=1]", 7) == 0) {
+			user->force_version = 1;
+			goto done;
+		}
+
+		if (os_strncmp(pos, "[2]", 3) == 0) {
+			user->phase2 = 1;
+			goto done;
+		}
+
+		if (*pos == '"') {
+			pos++;
+			start = pos;
+			while (*pos != '"' && *pos != '\0')
+				pos++;
+			if (*pos == '\0') {
+				printf("Invalid EAP password (no \" in end) "
+				       "on line %d in '%s'\n", line, fname);
+				goto failed;
+			}
+
+			user->password = os_malloc(pos - start);
+			if (user->password == NULL) {
+				printf("Failed to allocate memory for EAP "
+				       "password\n");
+				goto failed;
+			}
+			os_memcpy(user->password, start, pos - start);
+			user->password_len = pos - start;
+
+			pos++;
+		} else if (os_strncmp(pos, "hash:", 5) == 0) {
+			pos += 5;
+			pos2 = pos;
+			while (*pos2 != '\0' && *pos2 != ' ' &&
+			       *pos2 != '\t' && *pos2 != '#')
+				pos2++;
+			if (pos2 - pos != 32) {
+				printf("Invalid password hash on line %d in "
+				       "'%s'\n", line, fname);
+				goto failed;
+			}
+			user->password = os_malloc(16);
+			if (user->password == NULL) {
+				printf("Failed to allocate memory for EAP "
+				       "password hash\n");
+				goto failed;
+			}
+			if (hexstr2bin(pos, user->password, 16) < 0) {
+				printf("Invalid hash password on line %d in "
+				       "'%s'\n", line, fname);
+				goto failed;
+			}
+			user->password_len = 16;
+			user->password_hash = 1;
+			pos = pos2;
+		} else {
+			pos2 = pos;
+			while (*pos2 != '\0' && *pos2 != ' ' &&
+			       *pos2 != '\t' && *pos2 != '#')
+				pos2++;
+			if ((pos2 - pos) & 1) {
+				printf("Invalid hex password on line %d in "
+				       "'%s'\n", line, fname);
+				goto failed;
+			}
+			user->password = os_malloc((pos2 - pos) / 2);
+			if (user->password == NULL) {
+				printf("Failed to allocate memory for EAP "
+				       "password\n");
+				goto failed;
+			}
+			if (hexstr2bin(pos, user->password,
+				       (pos2 - pos) / 2) < 0) {
+				printf("Invalid hex password on line %d in "
+				       "'%s'\n", line, fname);
+				goto failed;
+			}
+			user->password_len = (pos2 - pos) / 2;
+			pos = pos2;
+		}
+
+		while (*pos == ' ' || *pos == '\t')
+			pos++;
+		if (os_strncmp(pos, "[2]", 3) == 0) {
+			user->phase2 = 1;
+		}
+
+	done:
+		if (tail == NULL) {
+			tail = conf->eap_user = user;
+		} else {
+			tail->next = user;
+			tail = user;
+		}
+		continue;
+
+	failed:
+		if (user) {
+			os_free(user->password);
+			os_free(user->identity);
+			os_free(user);
+		}
+		ret = -1;
+		break;
+	}
+
+	fclose(f);
+
+	return ret;
+}
+#endif /* EAP_SERVER */
+
+
+static int
+hostapd_config_read_radius_addr(struct hostapd_radius_server **server,
+				int *num_server, const char *val, int def_port,
+				struct hostapd_radius_server **curr_serv)
+{
+	struct hostapd_radius_server *nserv;
+	int ret;
+	static int server_index = 1;
+
+	nserv = os_realloc(*server, (*num_server + 1) * sizeof(*nserv));
+	if (nserv == NULL)
+		return -1;
+
+	*server = nserv;
+	nserv = &nserv[*num_server];
+	(*num_server)++;
+	(*curr_serv) = nserv;
+
+	os_memset(nserv, 0, sizeof(*nserv));
+	nserv->port = def_port;
+	ret = hostapd_parse_ip_addr(val, &nserv->addr);
+	nserv->index = server_index++;
+
+	return ret;
+}
+
+
+static int hostapd_config_parse_key_mgmt(int line, const char *value)
+{
+	int val = 0, last;
+	char *start, *end, *buf;
+
+	buf = os_strdup(value);
+	if (buf == NULL)
+		return -1;
+	start = buf;
+
+	while (start != '\0') {
+		while (*start == ' ' || *start == '\t')
+			start++;
+		if (*start == '\0')
+			break;
+		end = start;
+		while (*end != ' ' && *end != '\t' && *end != '\0')
+			end++;
+		last = *end == '\0';
+		*end = '\0';
+		if (os_strcmp(start, "WPA-PSK") == 0)
+			val |= WPA_KEY_MGMT_PSK;
+		else if (os_strcmp(start, "WPA-EAP") == 0)
+			val |= WPA_KEY_MGMT_IEEE8021X;
+#ifdef CONFIG_IEEE80211R
+		else if (os_strcmp(start, "FT-PSK") == 0)
+			val |= WPA_KEY_MGMT_FT_PSK;
+		else if (os_strcmp(start, "FT-EAP") == 0)
+			val |= WPA_KEY_MGMT_FT_IEEE8021X;
+#endif /* CONFIG_IEEE80211R */
+		else {
+			printf("Line %d: invalid key_mgmt '%s'\n",
+			       line, start);
+			os_free(buf);
+			return -1;
+		}
+
+		if (last)
+			break;
+		start = end + 1;
+	}
+
+	os_free(buf);
+	if (val == 0) {
+		printf("Line %d: no key_mgmt values configured.\n", line);
+		return -1;
+	}
+
+	return val;
+}
+
+
+static int hostapd_config_parse_cipher(int line, const char *value)
+{
+	int val = 0, last;
+	char *start, *end, *buf;
+
+	buf = os_strdup(value);
+	if (buf == NULL)
+		return -1;
+	start = buf;
+
+	while (start != '\0') {
+		while (*start == ' ' || *start == '\t')
+			start++;
+		if (*start == '\0')
+			break;
+		end = start;
+		while (*end != ' ' && *end != '\t' && *end != '\0')
+			end++;
+		last = *end == '\0';
+		*end = '\0';
+		if (os_strcmp(start, "CCMP") == 0)
+			val |= WPA_CIPHER_CCMP;
+		else if (os_strcmp(start, "TKIP") == 0)
+			val |= WPA_CIPHER_TKIP;
+		else if (os_strcmp(start, "WEP104") == 0)
+			val |= WPA_CIPHER_WEP104;
+		else if (os_strcmp(start, "WEP40") == 0)
+			val |= WPA_CIPHER_WEP40;
+		else if (os_strcmp(start, "NONE") == 0)
+			val |= WPA_CIPHER_NONE;
+		else {
+			printf("Line %d: invalid cipher '%s'.", line, start);
+			os_free(buf);
+			return -1;
+		}
+
+		if (last)
+			break;
+		start = end + 1;
+	}
+	os_free(buf);
+
+	if (val == 0) {
+		printf("Line %d: no cipher values configured.", line);
+		return -1;
+	}
+	return val;
+}
+
+
+static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
+				    struct hostapd_config *conf)
+{
+	if (bss->ieee802_1x && !bss->eap_server &&
+	    !bss->radius->auth_servers) {
+		printf("Invalid IEEE 802.1X configuration (no EAP "
+		       "authenticator configured).\n");
+		return -1;
+	}
+
+	if (bss->wpa && (bss->wpa_key_mgmt & WPA_KEY_MGMT_PSK) &&
+	    bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL &&
+	    bss->ssid.wpa_psk_file == NULL) {
+		printf("WPA-PSK enabled, but PSK or passphrase is not "
+		       "configured.\n");
+		return -1;
+	}
+
+	if (hostapd_mac_comp_empty(bss->bssid) != 0) {
+		size_t i;
+
+		for (i = 0; i < conf->num_bss; i++) {
+			if ((&conf->bss[i] != bss) &&
+			    (hostapd_mac_comp(conf->bss[i].bssid,
+					      bss->bssid) == 0)) {
+				printf("Duplicate BSSID " MACSTR
+				       " on interface '%s' and '%s'.\n",
+				       MAC2STR(bss->bssid),
+				       conf->bss[i].iface, bss->iface);
+				return -1;
+			}
+		}
+	}
+
+#ifdef CONFIG_IEEE80211R
+	if ((bss->wpa_key_mgmt &
+	     (WPA_KEY_MGMT_FT_PSK | WPA_KEY_MGMT_FT_IEEE8021X)) &&
+	    (bss->nas_identifier == NULL ||
+	     os_strlen(bss->nas_identifier) < 1 ||
+	     os_strlen(bss->nas_identifier) > FT_R0KH_ID_MAX_LEN)) {
+		printf("FT (IEEE 802.11r) requires nas_identifier to be "
+		       "configured as a 1..48 octet string\n");
+		return -1;
+	}
+#endif /* CONFIG_IEEE80211R */
+
+	return 0;
+}
+
+
+static int hostapd_config_check(struct hostapd_config *conf)
+{
+	size_t i;
+
+	for (i = 0; i < conf->num_bss; i++) {
+		if (hostapd_config_check_bss(&conf->bss[i], conf))
+			return -1;
+	}
+
+	return 0;
+}
+
+
+static int hostapd_config_read_wep(struct hostapd_wep_keys *wep, int keyidx,
+				   char *val)
+{
+	size_t len = os_strlen(val);
+
+	if (keyidx < 0 || keyidx > 3 || wep->key[keyidx] != NULL)
+		return -1;
+
+	if (val[0] == '"') {
+		if (len < 2 || val[len - 1] != '"')
+			return -1;
+		len -= 2;
+		wep->key[keyidx] = os_malloc(len);
+		if (wep->key[keyidx] == NULL)
+			return -1;
+		os_memcpy(wep->key[keyidx], val + 1, len);
+		wep->len[keyidx] = len;
+	} else {
+		if (len & 1)
+			return -1;
+		len /= 2;
+		wep->key[keyidx] = os_malloc(len);
+		if (wep->key[keyidx] == NULL)
+			return -1;
+		wep->len[keyidx] = len;
+		if (hexstr2bin(val, wep->key[keyidx], len) < 0)
+			return -1;
+	}
+
+	wep->keys_set++;
+
+	return 0;
+}
+
+
+static int hostapd_parse_rates(int **rate_list, char *val)
+{
+	int *list;
+	int count;
+	char *pos, *end;
+
+	os_free(*rate_list);
+	*rate_list = NULL;
+
+	pos = val;
+	count = 0;
+	while (*pos != '\0') {
+		if (*pos == ' ')
+			count++;
+		pos++;
+	}
+
+	list = os_malloc(sizeof(int) * (count + 2));
+	if (list == NULL)
+		return -1;
+	pos = val;
+	count = 0;
+	while (*pos != '\0') {
+		end = os_strchr(pos, ' ');
+		if (end)
+			*end = '\0';
+
+		list[count++] = atoi(pos);
+		if (!end)
+			break;
+		pos = end + 1;
+	}
+	list[count] = -1;
+
+	*rate_list = list;
+	return 0;
+}
+
+
+static int hostapd_config_bss(struct hostapd_config *conf, const char *ifname)
+{
+	struct hostapd_bss_config *bss;
+
+	if (*ifname == '\0')
+		return -1;
+
+	bss = os_realloc(conf->bss, (conf->num_bss + 1) *
+			 sizeof(struct hostapd_bss_config));
+	if (bss == NULL) {
+		printf("Failed to allocate memory for multi-BSS entry\n");
+		return -1;
+	}
+	conf->bss = bss;
+
+	bss = &(conf->bss[conf->num_bss]);
+	os_memset(bss, 0, sizeof(*bss));
+	bss->radius = os_zalloc(sizeof(*bss->radius));
+	if (bss->radius == NULL) {
+		printf("Failed to allocate memory for multi-BSS RADIUS "
+		       "data\n");
+		return -1;
+	}
+
+	conf->num_bss++;
+	conf->last_bss = bss;
+
+	hostapd_config_defaults_bss(bss);
+	os_strlcpy(bss->iface, ifname, sizeof(bss->iface));
+	os_memcpy(bss->ssid.vlan, bss->iface, IFNAMSIZ + 1);
+
+	return 0;
+}
+
+
+static int valid_cw(int cw)
+{
+	return (cw == 1 || cw == 3 || cw == 7 || cw == 15 || cw == 31 ||
+		cw == 63 || cw == 127 || cw == 255 || cw == 511 || cw == 1023);
+}
+
+
+enum {
+	IEEE80211_TX_QUEUE_DATA0 = 0, /* used for EDCA AC_VO data */
+	IEEE80211_TX_QUEUE_DATA1 = 1, /* used for EDCA AC_VI data */
+	IEEE80211_TX_QUEUE_DATA2 = 2, /* used for EDCA AC_BE data */
+	IEEE80211_TX_QUEUE_DATA3 = 3, /* used for EDCA AC_BK data */
+	IEEE80211_TX_QUEUE_DATA4 = 4,
+	IEEE80211_TX_QUEUE_AFTER_BEACON = 6,
+	IEEE80211_TX_QUEUE_BEACON = 7
+};
+
+static int hostapd_config_tx_queue(struct hostapd_config *conf, char *name,
+				   char *val)
+{
+	int num;
+	char *pos;
+	struct hostapd_tx_queue_params *queue;
+
+	/* skip 'tx_queue_' prefix */
+	pos = name + 9;
+	if (os_strncmp(pos, "data", 4) == 0 &&
+	    pos[4] >= '0' && pos[4] <= '9' && pos[5] == '_') {
+		num = pos[4] - '0';
+		pos += 6;
+	} else if (os_strncmp(pos, "after_beacon_", 13) == 0) {
+		num = IEEE80211_TX_QUEUE_AFTER_BEACON;
+		pos += 13;
+	} else if (os_strncmp(pos, "beacon_", 7) == 0) {
+		num = IEEE80211_TX_QUEUE_BEACON;
+		pos += 7;
+	} else {
+		printf("Unknown tx_queue name '%s'\n", pos);
+		return -1;
+	}
+
+	queue = &conf->tx_queue[num];
+
+	if (os_strcmp(pos, "aifs") == 0) {
+		queue->aifs = atoi(val);
+		if (queue->aifs < 0 || queue->aifs > 255) {
+			printf("Invalid AIFS value %d\n", queue->aifs);
+			return -1;
+		}
+	} else if (os_strcmp(pos, "cwmin") == 0) {
+		queue->cwmin = atoi(val);
+		if (!valid_cw(queue->cwmin)) {
+			printf("Invalid cwMin value %d\n", queue->cwmin);
+			return -1;
+		}
+	} else if (os_strcmp(pos, "cwmax") == 0) {
+		queue->cwmax = atoi(val);
+		if (!valid_cw(queue->cwmax)) {
+			printf("Invalid cwMax value %d\n", queue->cwmax);
+			return -1;
+		}
+	} else if (os_strcmp(pos, "burst") == 0) {
+		queue->burst = hostapd_config_read_int10(val);
+	} else {
+		printf("Unknown tx_queue field '%s'\n", pos);
+		return -1;
+	}
+
+	queue->configured = 1;
+
+	return 0;
+}
+
+
+static int hostapd_config_wme_ac(struct hostapd_config *conf, char *name,
+				   char *val)
+{
+	int num, v;
+	char *pos;
+	struct hostapd_wme_ac_params *ac;
+
+	/* skip 'wme_ac_' prefix */
+	pos = name + 7;
+	if (os_strncmp(pos, "be_", 3) == 0) {
+		num = 0;
+		pos += 3;
+	} else if (os_strncmp(pos, "bk_", 3) == 0) {
+		num = 1;
+		pos += 3;
+	} else if (os_strncmp(pos, "vi_", 3) == 0) {
+		num = 2;
+		pos += 3;
+	} else if (os_strncmp(pos, "vo_", 3) == 0) {
+		num = 3;
+		pos += 3;
+	} else {
+		printf("Unknown wme name '%s'\n", pos);
+		return -1;
+	}
+
+	ac = &conf->wme_ac_params[num];
+
+	if (os_strcmp(pos, "aifs") == 0) {
+		v = atoi(val);
+		if (v < 1 || v > 255) {
+			printf("Invalid AIFS value %d\n", v);
+			return -1;
+		}
+		ac->aifs = v;
+	} else if (os_strcmp(pos, "cwmin") == 0) {
+		v = atoi(val);
+		if (v < 0 || v > 12) {
+			printf("Invalid cwMin value %d\n", v);
+			return -1;
+		}
+		ac->cwmin = v;
+	} else if (os_strcmp(pos, "cwmax") == 0) {
+		v = atoi(val);
+		if (v < 0 || v > 12) {
+			printf("Invalid cwMax value %d\n", v);
+			return -1;
+		}
+		ac->cwmax = v;
+	} else if (os_strcmp(pos, "txop_limit") == 0) {
+		v = atoi(val);
+		if (v < 0 || v > 0xffff) {
+			printf("Invalid txop value %d\n", v);
+			return -1;
+		}
+		ac->txopLimit = v;
+	} else if (os_strcmp(pos, "acm") == 0) {
+		v = atoi(val);
+		if (v < 0 || v > 1) {
+			printf("Invalid acm value %d\n", v);
+			return -1;
+		}
+		ac->admission_control_mandatory = v;
+	} else {
+		printf("Unknown wme_ac_ field '%s'\n", pos);
+		return -1;
+	}
+
+	return 0;
+}
+
+
+#ifdef CONFIG_IEEE80211R
+static int add_r0kh(struct hostapd_bss_config *bss, char *value)
+{
+	struct ft_remote_r0kh *r0kh;
+	char *pos, *next;
+
+	r0kh = os_zalloc(sizeof(*r0kh));
+	if (r0kh == NULL)
+		return -1;
+
+	/* 02:01:02:03:04:05 a.example.com 000102030405060708090a0b0c0d0e0f */
+	pos = value;
+	next = os_strchr(pos, ' ');
+	if (next)
+		*next++ = '\0';
+	if (next == NULL || hwaddr_aton(pos, r0kh->addr)) {
+		printf("Invalid R0KH MAC address: '%s'\n", pos);
+		os_free(r0kh);
+		return -1;
+	}
+
+	pos = next;
+	next = os_strchr(pos, ' ');
+	if (next)
+		*next++ = '\0';
+	if (next == NULL || next - pos > FT_R0KH_ID_MAX_LEN) {
+		printf("Invalid R0KH-ID: '%s'\n", pos);
+		os_free(r0kh);
+		return -1;
+	}
+	r0kh->id_len = next - pos - 1;
+	os_memcpy(r0kh->id, pos, r0kh->id_len);
+
+	pos = next;
+	if (hexstr2bin(pos, r0kh->key, sizeof(r0kh->key))) {
+		printf("Invalid R0KH key: '%s'\n", pos);
+		os_free(r0kh);
+		return -1;
+	}
+
+	r0kh->next = bss->r0kh_list;
+	bss->r0kh_list = r0kh;
+
+	return 0;
+}
+
+
+static int add_r1kh(struct hostapd_bss_config *bss, char *value)
+{
+	struct ft_remote_r1kh *r1kh;
+	char *pos, *next;
+
+	r1kh = os_zalloc(sizeof(*r1kh));
+	if (r1kh == NULL)
+		return -1;
+
+	/* 02:01:02:03:04:05 02:01:02:03:04:05
+	 * 000102030405060708090a0b0c0d0e0f */
+	pos = value;
+	next = os_strchr(pos, ' ');
+	if (next)
+		*next++ = '\0';
+	if (next == NULL || hwaddr_aton(pos, r1kh->addr)) {
+		printf("Invalid R1KH MAC address: '%s'\n", pos);
+		os_free(r1kh);
+		return -1;
+	}
+
+	pos = next;
+	next = os_strchr(pos, ' ');
+	if (next)
+		*next++ = '\0';
+	if (next == NULL || hwaddr_aton(pos, r1kh->id)) {
+		printf("Invalid R1KH-ID: '%s'\n", pos);
+		os_free(r1kh);
+		return -1;
+	}
+
+	pos = next;
+	if (hexstr2bin(pos, r1kh->key, sizeof(r1kh->key))) {
+		printf("Invalid R1KH key: '%s'\n", pos);
+		os_free(r1kh);
+		return -1;
+	}
+
+	r1kh->next = bss->r1kh_list;
+	bss->r1kh_list = r1kh;
+
+	return 0;
+}
+#endif /* CONFIG_IEEE80211R */
+
+
+struct hostapd_config * hostapd_config_read(const char *fname)
+{
+	struct hostapd_config *conf;
+	struct hostapd_bss_config *bss;
+	FILE *f;
+	char buf[256], *pos;
+	int line = 0;
+	int errors = 0;
+	int pairwise;
+	size_t i;
+
+	f = fopen(fname, "r");
+	if (f == NULL) {
+		printf("Could not open configuration file '%s' for reading.\n",
+		       fname);
+		return NULL;
+	}
+
+	conf = hostapd_config_defaults();
+	if (conf == NULL) {
+		fclose(f);
+		return NULL;
+	}
+	bss = conf->last_bss = conf->bss;
+
+	while (fgets(buf, sizeof(buf), f)) {
+		bss = conf->last_bss;
+		line++;
+
+		if (buf[0] == '#')
+			continue;
+		pos = buf;
+		while (*pos != '\0') {
+			if (*pos == '\n') {
+				*pos = '\0';
+				break;
+			}
+			pos++;
+		}
+		if (buf[0] == '\0')
+			continue;
+
+		pos = os_strchr(buf, '=');
+		if (pos == NULL) {
+			printf("Line %d: invalid line '%s'\n", line, buf);
+			errors++;
+			continue;
+		}
+		*pos = '\0';
+		pos++;
+
+		if (os_strcmp(buf, "interface") == 0) {
+			os_strlcpy(conf->bss[0].iface, pos,
+				   sizeof(conf->bss[0].iface));
+		} else if (os_strcmp(buf, "bridge") == 0) {
+			os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
+		} else if (os_strcmp(buf, "driver") == 0) {
+			int i;
+			/* clear to get error below if setting is invalid */
+			conf->driver = NULL;
+			for (i = 0; hostapd_drivers[i]; i++) {
+				if (os_strcmp(pos, hostapd_drivers[i]->name) ==
+				    0) {
+					conf->driver = hostapd_drivers[i];
+					break;
+				}
+			}
+			if (conf->driver == NULL) {
+				printf("Line %d: invalid/unknown driver "
+				       "'%s'\n", line, pos);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "debug") == 0) {
+			wpa_printf(MSG_DEBUG, "Line %d: DEPRECATED: 'debug' "
+				   "configuration variable is not used "
+				   "anymore", line);
+		} else if (os_strcmp(buf, "logger_syslog_level") == 0) {
+			bss->logger_syslog_level = atoi(pos);
+		} else if (os_strcmp(buf, "logger_stdout_level") == 0) {
+			bss->logger_stdout_level = atoi(pos);
+		} else if (os_strcmp(buf, "logger_syslog") == 0) {
+			bss->logger_syslog = atoi(pos);
+		} else if (os_strcmp(buf, "logger_stdout") == 0) {
+			bss->logger_stdout = atoi(pos);
+		} else if (os_strcmp(buf, "dump_file") == 0) {
+			bss->dump_log_name = os_strdup(pos);
+		} else if (os_strcmp(buf, "ssid") == 0) {
+			bss->ssid.ssid_len = os_strlen(pos);
+			if (bss->ssid.ssid_len > HOSTAPD_MAX_SSID_LEN ||
+			    bss->ssid.ssid_len < 1) {
+				printf("Line %d: invalid SSID '%s'\n", line,
+				       pos);
+				errors++;
+			} else {
+				os_memcpy(bss->ssid.ssid, pos,
+					  bss->ssid.ssid_len);
+				bss->ssid.ssid[bss->ssid.ssid_len] = '\0';
+				bss->ssid.ssid_set = 1;
+			}
+		} else if (os_strcmp(buf, "macaddr_acl") == 0) {
+			bss->macaddr_acl = atoi(pos);
+			if (bss->macaddr_acl != ACCEPT_UNLESS_DENIED &&
+			    bss->macaddr_acl != DENY_UNLESS_ACCEPTED &&
+			    bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
+				printf("Line %d: unknown macaddr_acl %d\n",
+				       line, bss->macaddr_acl);
+			}
+		} else if (os_strcmp(buf, "accept_mac_file") == 0) {
+			if (hostapd_config_read_maclist(pos, &bss->accept_mac,
+							&bss->num_accept_mac))
+			{
+				printf("Line %d: Failed to read "
+				       "accept_mac_file '%s'\n",
+				       line, pos);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "deny_mac_file") == 0) {
+			if (hostapd_config_read_maclist(pos, &bss->deny_mac,
+							&bss->num_deny_mac))
+			{
+				printf("Line %d: Failed to read "
+				       "deny_mac_file '%s'\n",
+				       line, pos);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "ap_max_inactivity") == 0) {
+			bss->ap_max_inactivity = atoi(pos);
+		} else if (os_strcmp(buf, "country_code") == 0) {
+			os_memcpy(conf->country, pos, 2);
+			/* FIX: make this configurable */
+			conf->country[2] = ' ';
+		} else if (os_strcmp(buf, "ieee80211d") == 0) {
+			conf->ieee80211d = atoi(pos);
+		} else if (os_strcmp(buf, "ieee80211h") == 0) {
+			conf->ieee80211h = atoi(pos);
+		} else if (os_strcmp(buf, "assoc_ap_addr") == 0) {
+			if (hwaddr_aton(pos, bss->assoc_ap_addr)) {
+				printf("Line %d: invalid MAC address '%s'\n",
+				       line, pos);
+				errors++;
+			}
+			bss->assoc_ap = 1;
+		} else if (os_strcmp(buf, "ieee8021x") == 0) {
+			bss->ieee802_1x = atoi(pos);
+		} else if (os_strcmp(buf, "eapol_version") == 0) {
+			bss->eapol_version = atoi(pos);
+			if (bss->eapol_version < 1 ||
+			    bss->eapol_version > 2) {
+				printf("Line %d: invalid EAPOL "
+				       "version (%d): '%s'.\n",
+				       line, bss->eapol_version, pos);
+				errors++;
+			} else
+				wpa_printf(MSG_DEBUG, "eapol_version=%d",
+					   bss->eapol_version);
+#ifdef EAP_SERVER
+		} else if (os_strcmp(buf, "eap_authenticator") == 0) {
+			bss->eap_server = atoi(pos);
+			printf("Line %d: obsolete eap_authenticator used; "
+			       "this has been renamed to eap_server\n", line);
+		} else if (os_strcmp(buf, "eap_server") == 0) {
+			bss->eap_server = atoi(pos);
+		} else if (os_strcmp(buf, "eap_user_file") == 0) {
+			if (hostapd_config_read_eap_user(pos, bss))
+				errors++;
+		} else if (os_strcmp(buf, "ca_cert") == 0) {
+			os_free(bss->ca_cert);
+			bss->ca_cert = os_strdup(pos);
+		} else if (os_strcmp(buf, "server_cert") == 0) {
+			os_free(bss->server_cert);
+			bss->server_cert = os_strdup(pos);
+		} else if (os_strcmp(buf, "private_key") == 0) {
+			os_free(bss->private_key);
+			bss->private_key = os_strdup(pos);
+		} else if (os_strcmp(buf, "private_key_passwd") == 0) {
+			os_free(bss->private_key_passwd);
+			bss->private_key_passwd = os_strdup(pos);
+		} else if (os_strcmp(buf, "check_crl") == 0) {
+			bss->check_crl = atoi(pos);
+		} else if (os_strcmp(buf, "dh_file") == 0) {
+			os_free(bss->dh_file);
+			bss->dh_file = os_strdup(pos);
+#ifdef EAP_FAST
+		} else if (os_strcmp(buf, "pac_opaque_encr_key") == 0) {
+			os_free(bss->pac_opaque_encr_key);
+			bss->pac_opaque_encr_key = os_malloc(16);
+			if (bss->pac_opaque_encr_key == NULL) {
+				printf("Line %d: No memory for "
+				       "pac_opque_encr_key\n", line);
+				errors++;
+			} else if (hexstr2bin(pos, bss->pac_opaque_encr_key,
+					      16)) {
+				printf("Line %d: Invalid pac_opque_encr_key\n",
+				       line);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "eap_fast_a_id") == 0) {
+			os_free(bss->eap_fast_a_id);
+			bss->eap_fast_a_id = os_strdup(pos);
+#endif /* EAP_FAST */
+#ifdef EAP_SIM
+		} else if (os_strcmp(buf, "eap_sim_db") == 0) {
+			os_free(bss->eap_sim_db);
+			bss->eap_sim_db = os_strdup(pos);
+		} else if (os_strcmp(buf, "eap_sim_aka_result_ind") == 0) {
+			bss->eap_sim_aka_result_ind = atoi(pos);
+#endif /* EAP_SIM */
+#endif /* EAP_SERVER */
+		} else if (os_strcmp(buf, "eap_message") == 0) {
+			char *term;
+			bss->eap_req_id_text = os_strdup(pos);
+			if (bss->eap_req_id_text == NULL) {
+				printf("Line %d: Failed to allocate memory "
+				       "for eap_req_id_text\n", line);
+				errors++;
+				continue;
+			}
+			bss->eap_req_id_text_len =
+				os_strlen(bss->eap_req_id_text);
+			term = os_strstr(bss->eap_req_id_text, "\\0");
+			if (term) {
+				*term++ = '\0';
+				os_memmove(term, term + 1,
+					   bss->eap_req_id_text_len -
+					   (term - bss->eap_req_id_text) - 1);
+				bss->eap_req_id_text_len--;
+			}
+		} else if (os_strcmp(buf, "wep_key_len_broadcast") == 0) {
+			bss->default_wep_key_len = atoi(pos);
+			if (bss->default_wep_key_len > 13) {
+				printf("Line %d: invalid WEP key len %lu "
+				       "(= %lu bits)\n", line,
+				       (unsigned long)
+				       bss->default_wep_key_len,
+				       (unsigned long)
+				       bss->default_wep_key_len * 8);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "wep_key_len_unicast") == 0) {
+			bss->individual_wep_key_len = atoi(pos);
+			if (bss->individual_wep_key_len < 0 ||
+			    bss->individual_wep_key_len > 13) {
+				printf("Line %d: invalid WEP key len %d "
+				       "(= %d bits)\n", line,
+				       bss->individual_wep_key_len,
+				       bss->individual_wep_key_len * 8);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "wep_rekey_period") == 0) {
+			bss->wep_rekeying_period = atoi(pos);
+			if (bss->wep_rekeying_period < 0) {
+				printf("Line %d: invalid period %d\n",
+				       line, bss->wep_rekeying_period);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "eap_reauth_period") == 0) {
+			bss->eap_reauth_period = atoi(pos);
+			if (bss->eap_reauth_period < 0) {
+				printf("Line %d: invalid period %d\n",
+				       line, bss->eap_reauth_period);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "eapol_key_index_workaround") == 0) {
+			bss->eapol_key_index_workaround = atoi(pos);
+#ifdef CONFIG_IAPP
+		} else if (os_strcmp(buf, "iapp_interface") == 0) {
+			bss->ieee802_11f = 1;
+			os_strlcpy(bss->iapp_iface, pos,
+				   sizeof(bss->iapp_iface));
+#endif /* CONFIG_IAPP */
+		} else if (os_strcmp(buf, "own_ip_addr") == 0) {
+			if (hostapd_parse_ip_addr(pos, &bss->own_ip_addr)) {
+				printf("Line %d: invalid IP address '%s'\n",
+				       line, pos);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "nas_identifier") == 0) {
+			bss->nas_identifier = os_strdup(pos);
+		} else if (os_strcmp(buf, "auth_server_addr") == 0) {
+			if (hostapd_config_read_radius_addr(
+				    &bss->radius->auth_servers,
+				    &bss->radius->num_auth_servers, pos, 1812,
+				    &bss->radius->auth_server)) {
+				printf("Line %d: invalid IP address '%s'\n",
+				       line, pos);
+				errors++;
+			}
+		} else if (bss->radius->auth_server &&
+			   os_strcmp(buf, "auth_server_port") == 0) {
+			bss->radius->auth_server->port = atoi(pos);
+		} else if (bss->radius->auth_server &&
+			   os_strcmp(buf, "auth_server_shared_secret") == 0) {
+			int len = os_strlen(pos);
+			if (len == 0) {
+				/* RFC 2865, Ch. 3 */
+				printf("Line %d: empty shared secret is not "
+				       "allowed.\n", line);
+				errors++;
+			}
+			bss->radius->auth_server->shared_secret =
+				(u8 *) os_strdup(pos);
+			bss->radius->auth_server->shared_secret_len = len;
+		} else if (os_strcmp(buf, "acct_server_addr") == 0) {
+			if (hostapd_config_read_radius_addr(
+				    &bss->radius->acct_servers,
+				    &bss->radius->num_acct_servers, pos, 1813,
+				    &bss->radius->acct_server)) {
+				printf("Line %d: invalid IP address '%s'\n",
+				       line, pos);
+				errors++;
+			}
+		} else if (bss->radius->acct_server &&
+			   os_strcmp(buf, "acct_server_port") == 0) {
+			bss->radius->acct_server->port = atoi(pos);
+		} else if (bss->radius->acct_server &&
+			   os_strcmp(buf, "acct_server_shared_secret") == 0) {
+			int len = os_strlen(pos);
+			if (len == 0) {
+				/* RFC 2865, Ch. 3 */
+				printf("Line %d: empty shared secret is not "
+				       "allowed.\n", line);
+				errors++;
+			}
+			bss->radius->acct_server->shared_secret =
+				(u8 *) os_strdup(pos);
+			bss->radius->acct_server->shared_secret_len = len;
+		} else if (os_strcmp(buf, "radius_retry_primary_interval") ==
+			   0) {
+			bss->radius->retry_primary_interval = atoi(pos);
+		} else if (os_strcmp(buf, "radius_acct_interim_interval") == 0)
+		{
+			bss->radius->acct_interim_interval = atoi(pos);
+		} else if (os_strcmp(buf, "auth_algs") == 0) {
+			bss->auth_algs = atoi(pos);
+			if (bss->auth_algs == 0) {
+				printf("Line %d: no authentication algorithms "
+				       "allowed\n",
+				       line);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "max_num_sta") == 0) {
+			bss->max_num_sta = atoi(pos);
+			if (bss->max_num_sta < 0 ||
+			    bss->max_num_sta > MAX_STA_COUNT) {
+				printf("Line %d: Invalid max_num_sta=%d; "
+				       "allowed range 0..%d\n", line,
+				       bss->max_num_sta, MAX_STA_COUNT);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "wpa") == 0) {
+			bss->wpa = atoi(pos);
+		} else if (os_strcmp(buf, "wpa_group_rekey") == 0) {
+			bss->wpa_group_rekey = atoi(pos);
+		} else if (os_strcmp(buf, "wpa_strict_rekey") == 0) {
+			bss->wpa_strict_rekey = atoi(pos);
+		} else if (os_strcmp(buf, "wpa_gmk_rekey") == 0) {
+			bss->wpa_gmk_rekey = atoi(pos);
+		} else if (os_strcmp(buf, "wpa_passphrase") == 0) {
+			int len = os_strlen(pos);
+			if (len < 8 || len > 63) {
+				printf("Line %d: invalid WPA passphrase length"
+				       " %d (expected 8..63)\n", line, len);
+				errors++;
+			} else {
+				os_free(bss->ssid.wpa_passphrase);
+				bss->ssid.wpa_passphrase = os_strdup(pos);
+			}
+		} else if (os_strcmp(buf, "wpa_psk") == 0) {
+			os_free(bss->ssid.wpa_psk);
+			bss->ssid.wpa_psk =
+				os_zalloc(sizeof(struct hostapd_wpa_psk));
+			if (bss->ssid.wpa_psk == NULL)
+				errors++;
+			else if (hexstr2bin(pos, bss->ssid.wpa_psk->psk,
+					    PMK_LEN) ||
+				 pos[PMK_LEN * 2] != '\0') {
+				printf("Line %d: Invalid PSK '%s'.\n", line,
+				       pos);
+				errors++;
+			} else {
+				bss->ssid.wpa_psk->group = 1;
+			}
+		} else if (os_strcmp(buf, "wpa_psk_file") == 0) {
+			os_free(bss->ssid.wpa_psk_file);
+			bss->ssid.wpa_psk_file = os_strdup(pos);
+			if (!bss->ssid.wpa_psk_file) {
+				printf("Line %d: allocation failed\n", line);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "wpa_key_mgmt") == 0) {
+			bss->wpa_key_mgmt =
+				hostapd_config_parse_key_mgmt(line, pos);
+			if (bss->wpa_key_mgmt == -1)
+				errors++;
+		} else if (os_strcmp(buf, "wpa_pairwise") == 0) {
+			bss->wpa_pairwise =
+				hostapd_config_parse_cipher(line, pos);
+			if (bss->wpa_pairwise == -1 ||
+			    bss->wpa_pairwise == 0)
+				errors++;
+			else if (bss->wpa_pairwise &
+				 (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 |
+				  WPA_CIPHER_WEP104)) {
+				printf("Line %d: unsupported pairwise "
+				       "cipher suite '%s'\n",
+				       bss->wpa_pairwise, pos);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "rsn_pairwise") == 0) {
+			bss->rsn_pairwise =
+				hostapd_config_parse_cipher(line, pos);
+			if (bss->rsn_pairwise == -1 ||
+			    bss->rsn_pairwise == 0)
+				errors++;
+			else if (bss->rsn_pairwise &
+				 (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 |
+				  WPA_CIPHER_WEP104)) {
+				printf("Line %d: unsupported pairwise "
+				       "cipher suite '%s'\n",
+				       bss->rsn_pairwise, pos);
+				errors++;
+			}
+#ifdef CONFIG_RSN_PREAUTH
+		} else if (os_strcmp(buf, "rsn_preauth") == 0) {
+			bss->rsn_preauth = atoi(pos);
+		} else if (os_strcmp(buf, "rsn_preauth_interfaces") == 0) {
+			bss->rsn_preauth_interfaces = os_strdup(pos);
+#endif /* CONFIG_RSN_PREAUTH */
+#ifdef CONFIG_PEERKEY
+		} else if (os_strcmp(buf, "peerkey") == 0) {
+			bss->peerkey = atoi(pos);
+#endif /* CONFIG_PEERKEY */
+#ifdef CONFIG_IEEE80211R
+		} else if (os_strcmp(buf, "mobility_domain") == 0) {
+			if (os_strlen(pos) != 2 * MOBILITY_DOMAIN_ID_LEN ||
+			    hexstr2bin(pos, bss->mobility_domain,
+				       MOBILITY_DOMAIN_ID_LEN) != 0) {
+				wpa_printf(MSG_DEBUG, "Line %d: Invalid "
+					   "mobility_domain '%s'", line, pos);
+				errors++;
+				continue;
+			}
+		} else if (os_strcmp(buf, "r1_key_holder") == 0) {
+			if (os_strlen(pos) != 2 * FT_R1KH_ID_LEN ||
+			    hexstr2bin(pos, bss->r1_key_holder,
+				       FT_R1KH_ID_LEN) != 0) {
+				wpa_printf(MSG_DEBUG, "Line %d: Invalid "
+					   "r1_key_holder '%s'", line, pos);
+				errors++;
+				continue;
+			}
+		} else if (os_strcmp(buf, "r0_key_lifetime") == 0) {
+			bss->r0_key_lifetime = atoi(pos);
+		} else if (os_strcmp(buf, "reassociation_deadline") == 0) {
+			bss->reassociation_deadline = atoi(pos);
+		} else if (os_strcmp(buf, "r0kh") == 0) {
+			if (add_r0kh(bss, pos) < 0) {
+				wpa_printf(MSG_DEBUG, "Line %d: Invalid "
+					   "r0kh '%s'", line, pos);
+				errors++;
+				continue;
+			}
+		} else if (os_strcmp(buf, "r1kh") == 0) {
+			if (add_r1kh(bss, pos) < 0) {
+				wpa_printf(MSG_DEBUG, "Line %d: Invalid "
+					   "r1kh '%s'", line, pos);
+				errors++;
+				continue;
+			}
+		} else if (os_strcmp(buf, "pmk_r1_push") == 0) {
+			bss->pmk_r1_push = atoi(pos);
+#endif /* CONFIG_IEEE80211R */
+		} else if (os_strcmp(buf, "ctrl_interface") == 0) {
+			os_free(bss->ctrl_interface);
+			bss->ctrl_interface = os_strdup(pos);
+		} else if (os_strcmp(buf, "ctrl_interface_group") == 0) {
+#ifndef CONFIG_NATIVE_WINDOWS
+			struct group *grp;
+			char *endp;
+			const char *group = pos;
+
+			grp = getgrnam(group);
+			if (grp) {
+				bss->ctrl_interface_gid = grp->gr_gid;
+				bss->ctrl_interface_gid_set = 1;
+				wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d"
+					   " (from group name '%s')",
+					   bss->ctrl_interface_gid, group);
+				continue;
+			}
+
+			/* Group name not found - try to parse this as gid */
+			bss->ctrl_interface_gid = strtol(group, &endp, 10);
+			if (*group == '\0' || *endp != '\0') {
+				wpa_printf(MSG_DEBUG, "Line %d: Invalid group "
+					   "'%s'", line, group);
+				errors++;
+				continue;
+			}
+			bss->ctrl_interface_gid_set = 1;
+			wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
+				   bss->ctrl_interface_gid);
+#endif /* CONFIG_NATIVE_WINDOWS */
+#ifdef RADIUS_SERVER
+		} else if (os_strcmp(buf, "radius_server_clients") == 0) {
+			os_free(bss->radius_server_clients);
+			bss->radius_server_clients = os_strdup(pos);
+		} else if (os_strcmp(buf, "radius_server_auth_port") == 0) {
+			bss->radius_server_auth_port = atoi(pos);
+		} else if (os_strcmp(buf, "radius_server_ipv6") == 0) {
+			bss->radius_server_ipv6 = atoi(pos);
+#endif /* RADIUS_SERVER */
+		} else if (os_strcmp(buf, "test_socket") == 0) {
+			os_free(bss->test_socket);
+			bss->test_socket = os_strdup(pos);
+		} else if (os_strcmp(buf, "use_pae_group_addr") == 0) {
+			bss->use_pae_group_addr = atoi(pos);
+		} else if (os_strcmp(buf, "hw_mode") == 0) {
+			if (os_strcmp(pos, "a") == 0)
+				conf->hw_mode = HOSTAPD_MODE_IEEE80211A;
+			else if (os_strcmp(pos, "b") == 0)
+				conf->hw_mode = HOSTAPD_MODE_IEEE80211B;
+			else if (os_strcmp(pos, "g") == 0)
+				conf->hw_mode = HOSTAPD_MODE_IEEE80211G;
+			else {
+				printf("Line %d: unknown hw_mode '%s'\n",
+				       line, pos);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "channel") == 0) {
+			conf->channel = atoi(pos);
+		} else if (os_strcmp(buf, "beacon_int") == 0) {
+			int val = atoi(pos);
+			/* MIB defines range as 1..65535, but very small values
+			 * cause problems with the current implementation.
+			 * Since it is unlikely that this small numbers are
+			 * useful in real life scenarios, do not allow beacon
+			 * period to be set below 15 TU. */
+			if (val < 15 || val > 65535) {
+				printf("Line %d: invalid beacon_int %d "
+				       "(expected 15..65535)\n",
+				       line, val);
+				errors++;
+			} else
+				conf->beacon_int = val;
+		} else if (os_strcmp(buf, "dtim_period") == 0) {
+			bss->dtim_period = atoi(pos);
+			if (bss->dtim_period < 1 || bss->dtim_period > 255) {
+				printf("Line %d: invalid dtim_period %d\n",
+				       line, bss->dtim_period);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "rts_threshold") == 0) {
+			conf->rts_threshold = atoi(pos);
+			if (conf->rts_threshold < 0 ||
+			    conf->rts_threshold > 2347) {
+				printf("Line %d: invalid rts_threshold %d\n",
+				       line, conf->rts_threshold);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "fragm_threshold") == 0) {
+			conf->fragm_threshold = atoi(pos);
+			if (conf->fragm_threshold < 256 ||
+			    conf->fragm_threshold > 2346) {
+				printf("Line %d: invalid fragm_threshold %d\n",
+				       line, conf->fragm_threshold);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "send_probe_response") == 0) {
+			int val = atoi(pos);
+			if (val != 0 && val != 1) {
+				printf("Line %d: invalid send_probe_response "
+				       "%d (expected 0 or 1)\n", line, val);
+			} else
+				conf->send_probe_response = val;
+		} else if (os_strcmp(buf, "supported_rates") == 0) {
+			if (hostapd_parse_rates(&conf->supported_rates, pos)) {
+				printf("Line %d: invalid rate list\n", line);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "basic_rates") == 0) {
+			if (hostapd_parse_rates(&conf->basic_rates, pos)) {
+				printf("Line %d: invalid rate list\n", line);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "ignore_broadcast_ssid") == 0) {
+			bss->ignore_broadcast_ssid = atoi(pos);
+		} else if (os_strcmp(buf, "bridge_packets") == 0) {
+			conf->bridge_packets = atoi(pos);
+		} else if (os_strcmp(buf, "wep_default_key") == 0) {
+			bss->ssid.wep.idx = atoi(pos);
+			if (bss->ssid.wep.idx > 3) {
+				printf("Invalid wep_default_key index %d\n",
+				       bss->ssid.wep.idx);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "wep_key0") == 0 ||
+			   os_strcmp(buf, "wep_key1") == 0 ||
+			   os_strcmp(buf, "wep_key2") == 0 ||
+			   os_strcmp(buf, "wep_key3") == 0) {
+			if (hostapd_config_read_wep(&bss->ssid.wep,
+						    buf[7] - '0', pos)) {
+				printf("Line %d: invalid WEP key '%s'\n",
+				       line, buf);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "dynamic_vlan") == 0) {
+			bss->ssid.dynamic_vlan = atoi(pos);
+		} else if (os_strcmp(buf, "vlan_file") == 0) {
+			if (hostapd_config_read_vlan_file(bss, pos)) {
+				printf("Line %d: failed to read VLAN file "
+				       "'%s'\n", line, pos);
+				errors++;
+			}
+#ifdef CONFIG_FULL_DYNAMIC_VLAN
+		} else if (os_strcmp(buf, "vlan_tagged_interface") == 0) {
+			bss->ssid.vlan_tagged_interface = os_strdup(pos);
+#endif /* CONFIG_FULL_DYNAMIC_VLAN */
+		} else if (os_strcmp(buf, "passive_scan_interval") == 0) {
+			conf->passive_scan_interval = atoi(pos);
+		} else if (os_strcmp(buf, "passive_scan_listen") == 0) {
+			conf->passive_scan_listen = atoi(pos);
+		} else if (os_strcmp(buf, "passive_scan_mode") == 0) {
+			conf->passive_scan_mode = atoi(pos);
+		} else if (os_strcmp(buf, "ap_table_max_size") == 0) {
+			conf->ap_table_max_size = atoi(pos);
+		} else if (os_strcmp(buf, "ap_table_expiration_time") == 0) {
+			conf->ap_table_expiration_time = atoi(pos);
+		} else if (os_strncmp(buf, "tx_queue_", 9) == 0) {
+			if (hostapd_config_tx_queue(conf, buf, pos)) {
+				printf("Line %d: invalid TX queue item\n",
+				       line);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "wme_enabled") == 0) {
+			bss->wme_enabled = atoi(pos);
+		} else if (os_strncmp(buf, "wme_ac_", 7) == 0) {
+			if (hostapd_config_wme_ac(conf, buf, pos)) {
+				printf("Line %d: invalid wme ac item\n",
+				       line);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "bss") == 0) {
+			if (hostapd_config_bss(conf, pos)) {
+				printf("Line %d: invalid bss item\n", line);
+				errors++;
+			}
+		} else if (os_strcmp(buf, "bssid") == 0) {
+			if (bss == conf->bss &&
+			    (!conf->driver || !conf->driver->init_bssid)) {
+				printf("Line %d: bssid item not allowed "
+				       "for the default interface and this "
+				       "driver\n", line);
+				errors++;
+			} else if (hwaddr_aton(pos, bss->bssid)) {
+				printf("Line %d: invalid bssid item\n", line);
+				errors++;
+			}
+#ifdef CONFIG_IEEE80211W
+		} else if (os_strcmp(buf, "ieee80211w") == 0) {
+			bss->ieee80211w = atoi(pos);
+#endif /* CONFIG_IEEE80211W */
+		} else {
+			printf("Line %d: unknown configuration item '%s'\n",
+			       line, buf);
+			errors++;
+		}
+	}
+
+	fclose(f);
+
+	if (bss->individual_wep_key_len == 0) {
+		/* individual keys are not use; can use key idx0 for broadcast
+		 * keys */
+		bss->broadcast_key_idx_min = 0;
+	}
+
+	/* Select group cipher based on the enabled pairwise cipher suites */
+	pairwise = 0;
+	if (bss->wpa & 1)
+		pairwise |= bss->wpa_pairwise;
+	if (bss->wpa & 2) {
+		if (bss->rsn_pairwise == 0)
+			bss->rsn_pairwise = bss->wpa_pairwise;
+		pairwise |= bss->rsn_pairwise;
+	}
+	if (pairwise & WPA_CIPHER_TKIP)
+		bss->wpa_group = WPA_CIPHER_TKIP;
+	else
+		bss->wpa_group = WPA_CIPHER_CCMP;
+
+	for (i = 0; i < conf->num_bss; i++) {
+		bss = &conf->bss[i];
+
+		bss->radius->auth_server = bss->radius->auth_servers;
+		bss->radius->acct_server = bss->radius->acct_servers;
+
+		if (bss->wpa && bss->ieee802_1x) {
+			bss->ssid.security_policy = SECURITY_WPA;
+		} else if (bss->wpa) {
+			bss->ssid.security_policy = SECURITY_WPA_PSK;
+		} else if (bss->ieee802_1x) {
+			bss->ssid.security_policy = SECURITY_IEEE_802_1X;
+			bss->ssid.wep.default_len = bss->default_wep_key_len;
+		} else if (bss->ssid.wep.keys_set)
+			bss->ssid.security_policy = SECURITY_STATIC_WEP;
+		else
+			bss->ssid.security_policy = SECURITY_PLAINTEXT;
+	}
+
+	if (hostapd_config_check(conf))
+		errors++;
+
+	if (errors) {
+		printf("%d errors found in configuration file '%s'\n",
+		       errors, fname);
+		hostapd_config_free(conf);
+		conf = NULL;
+	}
+
+	return conf;
+}
+
+
+int hostapd_wep_key_cmp(struct hostapd_wep_keys *a, struct hostapd_wep_keys *b)
+{
+	int i;
+
+	if (a->idx != b->idx || a->default_len != b->default_len)
+		return 1;
+	for (i = 0; i < NUM_WEP_KEYS; i++)
+		if (a->len[i] != b->len[i] ||
+		    os_memcmp(a->key[i], b->key[i], a->len[i]) != 0)
+			return 1;
+	return 0;
+}
+
+
+static void hostapd_config_free_radius(struct hostapd_radius_server *servers,
+				       int num_servers)
+{
+	int i;
+
+	for (i = 0; i < num_servers; i++) {
+		os_free(servers[i].shared_secret);
+	}
+	os_free(servers);
+}
+
+
+static void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
+{
+	os_free(user->identity);
+	os_free(user->password);
+	os_free(user);
+}
+
+
+static void hostapd_config_free_wep(struct hostapd_wep_keys *keys)
+{
+	int i;
+	for (i = 0; i < NUM_WEP_KEYS; i++) {
+		os_free(keys->key[i]);
+		keys->key[i] = NULL;
+	}
+}
+
+
+static void hostapd_config_free_bss(struct hostapd_bss_config *conf)
+{
+	struct hostapd_wpa_psk *psk, *prev;
+	struct hostapd_eap_user *user, *prev_user;
+
+	if (conf == NULL)
+		return;
+
+	psk = conf->ssid.wpa_psk;
+	while (psk) {
+		prev = psk;
+		psk = psk->next;
+		os_free(prev);
+	}
+
+	os_free(conf->ssid.wpa_passphrase);
+	os_free(conf->ssid.wpa_psk_file);
+#ifdef CONFIG_FULL_DYNAMIC_VLAN
+	os_free(conf->ssid.vlan_tagged_interface);
+#endif /* CONFIG_FULL_DYNAMIC_VLAN */
+
+	user = conf->eap_user;
+	while (user) {
+		prev_user = user;
+		user = user->next;
+		hostapd_config_free_eap_user(prev_user);
+	}
+
+	os_free(conf->dump_log_name);
+	os_free(conf->eap_req_id_text);
+	os_free(conf->accept_mac);
+	os_free(conf->deny_mac);
+	os_free(conf->nas_identifier);
+	hostapd_config_free_radius(conf->radius->auth_servers,
+				   conf->radius->num_auth_servers);
+	hostapd_config_free_radius(conf->radius->acct_servers,
+				   conf->radius->num_acct_servers);
+	os_free(conf->rsn_preauth_interfaces);
+	os_free(conf->ctrl_interface);
+	os_free(conf->ca_cert);
+	os_free(conf->server_cert);
+	os_free(conf->private_key);
+	os_free(conf->private_key_passwd);
+	os_free(conf->dh_file);
+	os_free(conf->pac_opaque_encr_key);
+	os_free(conf->eap_fast_a_id);
+	os_free(conf->eap_sim_db);
+	os_free(conf->radius_server_clients);
+	os_free(conf->test_socket);
+	os_free(conf->radius);
+	hostapd_config_free_vlan(conf);
+	if (conf->ssid.dyn_vlan_keys) {
+		struct hostapd_ssid *ssid = &conf->ssid;
+		size_t i;
+		for (i = 0; i <= ssid->max_dyn_vlan_keys; i++) {
+			if (ssid->dyn_vlan_keys[i] == NULL)
+				continue;
+			hostapd_config_free_wep(ssid->dyn_vlan_keys[i]);
+			os_free(ssid->dyn_vlan_keys[i]);
+		}
+		os_free(ssid->dyn_vlan_keys);
+		ssid->dyn_vlan_keys = NULL;
+	}
+
+#ifdef CONFIG_IEEE80211R
+	{
+		struct ft_remote_r0kh *r0kh, *r0kh_prev;
+		struct ft_remote_r1kh *r1kh, *r1kh_prev;
+
+		r0kh = conf->r0kh_list;
+		conf->r0kh_list = NULL;
+		while (r0kh) {
+			r0kh_prev = r0kh;
+			r0kh = r0kh->next;
+			os_free(r0kh_prev);
+		}
+
+		r1kh = conf->r1kh_list;
+		conf->r1kh_list = NULL;
+		while (r1kh) {
+			r1kh_prev = r1kh;
+			r1kh = r1kh->next;
+			os_free(r1kh_prev);
+		}
+	}
+#endif /* CONFIG_IEEE80211R */
+}
+
+
+void hostapd_config_free(struct hostapd_config *conf)
+{
+	size_t i;
+
+	if (conf == NULL)
+		return;
+
+	for (i = 0; i < conf->num_bss; i++)
+		hostapd_config_free_bss(&conf->bss[i]);
+	os_free(conf->bss);
+
+	os_free(conf);
+}
+
+
+/* Perform a binary search for given MAC address from a pre-sorted list.
+ * Returns 1 if address is in the list or 0 if not. */
+int hostapd_maclist_found(macaddr *list, int num_entries, const u8 *addr)
+{
+	int start, end, middle, res;
+
+	start = 0;
+	end = num_entries - 1;
+
+	while (start <= end) {
+		middle = (start + end) / 2;
+		res = os_memcmp(list[middle], addr, ETH_ALEN);
+		if (res == 0)
+			return 1;
+		if (res < 0)
+			start = middle + 1;
+		else
+			end = middle - 1;
+	}
+
+	return 0;
+}
+
+
+int hostapd_rate_found(int *list, int rate)
+{
+	int i;
+
+	if (list == NULL)
+		return 0;
+
+	for (i = 0; list[i] >= 0; i++)
+		if (list[i] == rate)
+			return 1;
+
+	return 0;
+}
+
+
+const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
+{
+	struct hostapd_vlan *v = vlan;
+	while (v) {
+		if (v->vlan_id == vlan_id || v->vlan_id == VLAN_ID_WILDCARD)
+			return v->ifname;
+		v = v->next;
+	}
+	return NULL;
+}
+
+
+const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
+			   const u8 *addr, const u8 *prev_psk)
+{
+	struct hostapd_wpa_psk *psk;
+	int next_ok = prev_psk == NULL;
+
+	for (psk = conf->ssid.wpa_psk; psk != NULL; psk = psk->next) {
+		if (next_ok &&
+		    (psk->group || os_memcmp(psk->addr, addr, ETH_ALEN) == 0))
+			return psk->psk;
+
+		if (psk->psk == prev_psk)
+			next_ok = 1;
+	}
+
+	return NULL;
+}
+
+
+const struct hostapd_eap_user *
+hostapd_get_eap_user(const struct hostapd_bss_config *conf, const u8 *identity,
+		     size_t identity_len, int phase2)
+{
+	struct hostapd_eap_user *user = conf->eap_user;
+
+	while (user) {
+		if (!phase2 && user->identity == NULL) {
+			/* Wildcard match */
+			break;
+		}
+
+		if (user->phase2 == !!phase2 && user->wildcard_prefix &&
+		    identity_len >= user->identity_len &&
+		    os_memcmp(user->identity, identity, user->identity_len) ==
+		    0) {
+			/* Wildcard prefix match */
+			break;
+		}
+
+		if (user->phase2 == !!phase2 &&
+		    user->identity_len == identity_len &&
+		    os_memcmp(user->identity, identity, identity_len) == 0)
+			break;
+		user = user->next;
+	}
+
+	return user;
+}

hostapd/config.h

@@ -0,0 +1,358 @@
+/*
+ * hostapd / Configuration file
+ * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef CONFIG_H
+#define CONFIG_H
+
+#include "defs.h"
+#include "ip_addr.h"
+#include "wpa_common.h"
+
+#ifndef IFNAMSIZ
+#define IFNAMSIZ 16
+#endif
+
+typedef u8 macaddr[ETH_ALEN];
+
+struct hostapd_radius_servers;
+struct ft_remote_r0kh;
+struct ft_remote_r1kh;
+
+#define HOSTAPD_MAX_SSID_LEN 32
+
+#define NUM_WEP_KEYS 4
+struct hostapd_wep_keys {
+	u8 idx;
+	u8 *key[NUM_WEP_KEYS];
+	size_t len[NUM_WEP_KEYS];
+	int keys_set;
+	size_t default_len; /* key length used for dynamic key generation */
+};
+
+typedef enum hostap_security_policy {
+	SECURITY_PLAINTEXT = 0,
+	SECURITY_STATIC_WEP = 1,
+	SECURITY_IEEE_802_1X = 2,
+	SECURITY_WPA_PSK = 3,
+	SECURITY_WPA = 4
+} secpolicy;
+
+struct hostapd_ssid {
+	char ssid[HOSTAPD_MAX_SSID_LEN + 1];
+	size_t ssid_len;
+	int ssid_set;
+
+	char vlan[IFNAMSIZ + 1];
+	secpolicy security_policy;
+
+	struct hostapd_wpa_psk *wpa_psk;
+	char *wpa_passphrase;
+	char *wpa_psk_file;
+
+	struct hostapd_wep_keys wep;
+
+#define DYNAMIC_VLAN_DISABLED 0
+#define DYNAMIC_VLAN_OPTIONAL 1
+#define DYNAMIC_VLAN_REQUIRED 2
+	int dynamic_vlan;
+#ifdef CONFIG_FULL_DYNAMIC_VLAN
+	char *vlan_tagged_interface;
+#endif /* CONFIG_FULL_DYNAMIC_VLAN */
+	struct hostapd_wep_keys **dyn_vlan_keys;
+	size_t max_dyn_vlan_keys;
+};
+
+
+#define VLAN_ID_WILDCARD -1
+
+struct hostapd_vlan {
+	struct hostapd_vlan *next;
+	int vlan_id; /* VLAN ID or -1 (VLAN_ID_WILDCARD) for wildcard entry */
+	char ifname[IFNAMSIZ + 1];
+	int dynamic_vlan;
+#ifdef CONFIG_FULL_DYNAMIC_VLAN
+
+#define DVLAN_CLEAN_BR 	0x1
+#define DVLAN_CLEAN_VLAN	0x2
+#define DVLAN_CLEAN_VLAN_PORT	0x4
+#define DVLAN_CLEAN_WLAN_PORT	0x8
+	int clean;
+#endif /* CONFIG_FULL_DYNAMIC_VLAN */
+};
+
+#define PMK_LEN 32
+struct hostapd_wpa_psk {
+	struct hostapd_wpa_psk *next;
+	int group;
+	u8 psk[PMK_LEN];
+	u8 addr[ETH_ALEN];
+};
+
+#define EAP_USER_MAX_METHODS 8
+struct hostapd_eap_user {
+	struct hostapd_eap_user *next;
+	u8 *identity;
+	size_t identity_len;
+	struct {
+		int vendor;
+		u32 method;
+	} methods[EAP_USER_MAX_METHODS];
+	u8 *password;
+	size_t password_len;
+	int phase2;
+	int force_version;
+	unsigned int wildcard_prefix:1;
+	unsigned int password_hash:1; /* whether password is hashed with
+				       * nt_password_hash() */
+	int ttls_auth; /* EAP_TTLS_AUTH_* bitfield */
+};
+
+
+#define NUM_TX_QUEUES 8
+
+struct hostapd_tx_queue_params {
+	int aifs;
+	int cwmin;
+	int cwmax;
+	int burst; /* maximum burst time in 0.1 ms, i.e., 10 = 1 ms */
+	int configured;
+};
+
+struct hostapd_wme_ac_params {
+	int cwmin;
+	int cwmax;
+	int aifs;
+	int txopLimit; /* in units of 32us */
+	int admission_control_mandatory;
+};
+
+
+/**
+ * struct hostapd_bss_config - Per-BSS configuration
+ */
+struct hostapd_bss_config {
+	char iface[IFNAMSIZ + 1];
+	char bridge[IFNAMSIZ + 1];
+
+	enum hostapd_logger_level logger_syslog_level, logger_stdout_level;
+
+	unsigned int logger_syslog; /* module bitfield */
+	unsigned int logger_stdout; /* module bitfield */
+
+	char *dump_log_name; /* file name for state dump (SIGUSR1) */
+
+	int max_num_sta; /* maximum number of STAs in station table */
+
+	int dtim_period;
+
+	int ieee802_1x; /* use IEEE 802.1X */
+	int eapol_version;
+	int eap_server; /* Use internal EAP server instead of external
+			 * RADIUS server */
+	struct hostapd_eap_user *eap_user;
+	char *eap_sim_db;
+	struct hostapd_ip_addr own_ip_addr;
+	char *nas_identifier;
+	struct hostapd_radius_servers *radius;
+
+	struct hostapd_ssid ssid;
+
+	char *eap_req_id_text; /* optional displayable message sent with
+				* EAP Request-Identity */
+	size_t eap_req_id_text_len;
+	int eapol_key_index_workaround;
+
+	size_t default_wep_key_len;
+	int individual_wep_key_len;
+	int wep_rekeying_period;
+	int broadcast_key_idx_min, broadcast_key_idx_max;
+	int eap_reauth_period;
+
+	int ieee802_11f; /* use IEEE 802.11f (IAPP) */
+	char iapp_iface[IFNAMSIZ + 1]; /* interface used with IAPP broadcast
+					* frames */
+
+	u8 assoc_ap_addr[ETH_ALEN];
+	int assoc_ap; /* whether assoc_ap_addr is set */
+
+	enum {
+		ACCEPT_UNLESS_DENIED = 0,
+		DENY_UNLESS_ACCEPTED = 1,
+		USE_EXTERNAL_RADIUS_AUTH = 2
+	} macaddr_acl;
+	macaddr *accept_mac;
+	int num_accept_mac;
+	macaddr *deny_mac;
+	int num_deny_mac;
+
+	int auth_algs; /* bitfield of allowed IEEE 802.11 authentication
+			* algorithms, WPA_AUTH_ALG_{OPEN,SHARED,LEAP} */
+
+	int wpa; /* bitfield of WPA_PROTO_WPA, WPA_PROTO_RSN */
+	int wpa_key_mgmt;
+#ifdef CONFIG_IEEE80211W
+	enum {
+		NO_IEEE80211W = 0,
+		IEEE80211W_OPTIONAL = 1,
+		IEEE80211W_REQUIRED = 2
+	} ieee80211w;
+#endif /* CONFIG_IEEE80211W */
+	int wpa_pairwise;
+	int wpa_group;
+	int wpa_group_rekey;
+	int wpa_strict_rekey;
+	int wpa_gmk_rekey;
+	int rsn_pairwise;
+	int rsn_preauth;
+	char *rsn_preauth_interfaces;
+	int peerkey;
+
+#ifdef CONFIG_IEEE80211R
+	/* IEEE 802.11r - Fast BSS Transition */
+	u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
+	u8 r1_key_holder[FT_R1KH_ID_LEN];
+	u32 r0_key_lifetime;
+	u32 reassociation_deadline;
+	struct ft_remote_r0kh *r0kh_list;
+	struct ft_remote_r1kh *r1kh_list;
+	int pmk_r1_push;
+#endif /* CONFIG_IEEE80211R */
+
+	char *ctrl_interface; /* directory for UNIX domain sockets */
+	gid_t ctrl_interface_gid;
+	int ctrl_interface_gid_set;
+
+	char *ca_cert;
+	char *server_cert;
+	char *private_key;
+	char *private_key_passwd;
+	int check_crl;
+	char *dh_file;
+	u8 *pac_opaque_encr_key;
+	char *eap_fast_a_id;
+	int eap_sim_aka_result_ind;
+
+	char *radius_server_clients;
+	int radius_server_auth_port;
+	int radius_server_ipv6;
+
+	char *test_socket; /* UNIX domain socket path for driver_test */
+
+	int use_pae_group_addr; /* Whether to send EAPOL frames to PAE group
+				 * address instead of individual address
+				 * (for driver_wired.c).
+				 */
+
+	int ap_max_inactivity;
+	int ignore_broadcast_ssid;
+
+	int wme_enabled;
+
+	struct hostapd_vlan *vlan, *vlan_tail;
+
+	macaddr bssid;
+};
+
+
+typedef enum {
+	HOSTAPD_MODE_IEEE80211B,
+	HOSTAPD_MODE_IEEE80211G,
+	HOSTAPD_MODE_IEEE80211A,
+	NUM_HOSTAPD_MODES
+} hostapd_hw_mode;
+
+
+/**
+ * struct hostapd_config - Per-radio interface configuration
+ */
+struct hostapd_config {
+	struct hostapd_bss_config *bss, *last_bss;
+	struct hostapd_radius_servers *radius;
+	size_t num_bss;
+
+	u16 beacon_int;
+	int rts_threshold;
+	int fragm_threshold;
+	u8 send_probe_response;
+	u8 channel;
+	hostapd_hw_mode hw_mode; /* HOSTAPD_MODE_IEEE80211A, .. */
+	enum {
+		LONG_PREAMBLE = 0,
+		SHORT_PREAMBLE = 1
+	} preamble;
+	enum {
+		CTS_PROTECTION_AUTOMATIC = 0,
+		CTS_PROTECTION_FORCE_ENABLED = 1,
+		CTS_PROTECTION_FORCE_DISABLED = 2,
+		CTS_PROTECTION_AUTOMATIC_NO_OLBC = 3,
+	} cts_protection_type;
+
+	int *supported_rates;
+	int *basic_rates;
+
+	const struct wpa_driver_ops *driver;
+
+	int passive_scan_interval; /* seconds, 0 = disabled */
+	int passive_scan_listen; /* usec */
+	int passive_scan_mode;
+	int ap_table_max_size;
+	int ap_table_expiration_time;
+
+	char country[3]; /* first two octets: country code as described in
+			  * ISO/IEC 3166-1. Third octet:
+			  * ' ' (ascii 32): all environments
+			  * 'O': Outdoor environemnt only
+			  * 'I': Indoor environment only
+			  */
+
+	int ieee80211d;
+	unsigned int ieee80211h; /* Enable/Disable 80211h */
+
+	struct hostapd_tx_queue_params tx_queue[NUM_TX_QUEUES];
+
+	/*
+	 * WME AC parameters, in same order as 802.1D, i.e.
+	 * 0 = BE (best effort)
+	 * 1 = BK (background)
+	 * 2 = VI (video)
+	 * 3 = VO (voice)
+	 */
+	struct hostapd_wme_ac_params wme_ac_params[4];
+
+	enum {
+		INTERNAL_BRIDGE_DO_NOT_CONTROL = -1,
+		INTERNAL_BRIDGE_DISABLED = 0,
+		INTERNAL_BRIDGE_ENABLED = 1
+	} bridge_packets;
+};
+
+
+int hostapd_mac_comp(const void *a, const void *b);
+int hostapd_mac_comp_empty(const void *a);
+struct hostapd_config * hostapd_config_read(const char *fname);
+void hostapd_config_free(struct hostapd_config *conf);
+int hostapd_maclist_found(macaddr *list, int num_entries, const u8 *addr);
+int hostapd_rate_found(int *list, int rate);
+int hostapd_wep_key_cmp(struct hostapd_wep_keys *a,
+			struct hostapd_wep_keys *b);
+const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
+			   const u8 *addr, const u8 *prev_psk);
+int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf);
+const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan,
+					int vlan_id);
+const struct hostapd_eap_user *
+hostapd_get_eap_user(const struct hostapd_bss_config *conf, const u8 *identity,
+		     size_t identity_len, int phase2);
+
+#endif /* CONFIG_H */

hostapd/ctrl_iface.c

@@ -0,0 +1,500 @@
+/*
+ * hostapd / UNIX domain socket -based control interface
+ * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#ifndef CONFIG_NATIVE_WINDOWS
+
+#include <sys/un.h>
+#include <sys/stat.h>
+
+#include "hostapd.h"
+#include "eloop.h"
+#include "config.h"
+#include "ieee802_1x.h"
+#include "wpa.h"
+#include "radius/radius_client.h"
+#include "ieee802_11.h"
+#include "ctrl_iface.h"
+#include "sta_info.h"
+#include "accounting.h"
+
+
+struct wpa_ctrl_dst {
+	struct wpa_ctrl_dst *next;
+	struct sockaddr_un addr;
+	socklen_t addrlen;
+	int debug_level;
+	int errors;
+};
+
+
+static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd,
+				     struct sockaddr_un *from,
+				     socklen_t fromlen)
+{
+	struct wpa_ctrl_dst *dst;
+
+	dst = os_zalloc(sizeof(*dst));
+	if (dst == NULL)
+		return -1;
+	os_memcpy(&dst->addr, from, sizeof(struct sockaddr_un));
+	dst->addrlen = fromlen;
+	dst->debug_level = MSG_INFO;
+	dst->next = hapd->ctrl_dst;
+	hapd->ctrl_dst = dst;
+	wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor attached",
+		    (u8 *) from->sun_path, fromlen);
+	return 0;
+}
+
+
+static int hostapd_ctrl_iface_detach(struct hostapd_data *hapd,
+				     struct sockaddr_un *from,
+				     socklen_t fromlen)
+{
+	struct wpa_ctrl_dst *dst, *prev = NULL;
+
+	dst = hapd->ctrl_dst;
+	while (dst) {
+		if (fromlen == dst->addrlen &&
+		    os_memcmp(from->sun_path, dst->addr.sun_path, fromlen) ==
+		    0) {
+			if (prev == NULL)
+				hapd->ctrl_dst = dst->next;
+			else
+				prev->next = dst->next;
+			os_free(dst);
+			wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor detached",
+				    (u8 *) from->sun_path, fromlen);
+			return 0;
+		}
+		prev = dst;
+		dst = dst->next;
+	}
+	return -1;
+}
+
+
+static int hostapd_ctrl_iface_level(struct hostapd_data *hapd,
+				    struct sockaddr_un *from,
+				    socklen_t fromlen,
+				    char *level)
+{
+	struct wpa_ctrl_dst *dst;
+
+	wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level);
+
+	dst = hapd->ctrl_dst;
+	while (dst) {
+		if (fromlen == dst->addrlen &&
+		    os_memcmp(from->sun_path, dst->addr.sun_path, fromlen) ==
+		    0) {
+			wpa_hexdump(MSG_DEBUG, "CTRL_IFACE changed monitor "
+				    "level", (u8 *) from->sun_path, fromlen);
+			dst->debug_level = atoi(level);
+			return 0;
+		}
+		dst = dst->next;
+	}
+
+	return -1;
+}
+
+
+static int hostapd_ctrl_iface_sta_mib(struct hostapd_data *hapd,
+				      struct sta_info *sta,
+				      char *buf, size_t buflen)
+{
+	int len, res, ret;
+
+	if (sta == NULL) {
+		ret = os_snprintf(buf, buflen, "FAIL\n");
+		if (ret < 0 || (size_t) ret >= buflen)
+			return 0;
+		return ret;
+	}
+
+	len = 0;
+	ret = os_snprintf(buf + len, buflen - len, MACSTR "\n",
+			  MAC2STR(sta->addr));
+	if (ret < 0 || (size_t) ret >= buflen - len)
+		return len;
+	len += ret;
+
+	res = ieee802_11_get_mib_sta(hapd, sta, buf + len, buflen - len);
+	if (res >= 0)
+		len += res;
+	res = wpa_get_mib_sta(sta->wpa_sm, buf + len, buflen - len);
+	if (res >= 0)
+		len += res;
+	res = ieee802_1x_get_mib_sta(hapd, sta, buf + len, buflen - len);
+	if (res >= 0)
+		len += res;
+
+	return len;
+}
+
+
+static int hostapd_ctrl_iface_sta_first(struct hostapd_data *hapd,
+					char *buf, size_t buflen)
+{
+	return hostapd_ctrl_iface_sta_mib(hapd, hapd->sta_list, buf, buflen);
+}
+
+
+static int hostapd_ctrl_iface_sta(struct hostapd_data *hapd,
+				  const char *txtaddr,
+				  char *buf, size_t buflen)
+{
+	u8 addr[ETH_ALEN];
+	int ret;
+
+	if (hwaddr_aton(txtaddr, addr)) {
+		ret = os_snprintf(buf, buflen, "FAIL\n");
+		if (ret < 0 || (size_t) ret >= buflen)
+			return 0;
+		return ret;
+	}
+	return hostapd_ctrl_iface_sta_mib(hapd, ap_get_sta(hapd, addr),
+					  buf, buflen);
+}
+
+
+static int hostapd_ctrl_iface_sta_next(struct hostapd_data *hapd,
+				       const char *txtaddr,
+				       char *buf, size_t buflen)
+{
+	u8 addr[ETH_ALEN];
+	struct sta_info *sta;
+	int ret;
+
+	if (hwaddr_aton(txtaddr, addr) ||
+	    (sta = ap_get_sta(hapd, addr)) == NULL) {
+		ret = os_snprintf(buf, buflen, "FAIL\n");
+		if (ret < 0 || (size_t) ret >= buflen)
+			return 0;
+		return ret;
+	}		
+	return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen);
+}
+
+
+static int hostapd_ctrl_iface_new_sta(struct hostapd_data *hapd,
+				      const char *txtaddr)
+{
+	u8 addr[ETH_ALEN];
+	struct sta_info *sta;
+
+	wpa_printf(MSG_DEBUG, "CTRL_IFACE NEW_STA %s", txtaddr);
+
+	if (hwaddr_aton(txtaddr, addr))
+		return -1;
+
+	sta = ap_get_sta(hapd, addr);
+	if (sta)
+		return 0;
+
+	wpa_printf(MSG_DEBUG, "Add new STA " MACSTR " based on ctrl_iface "
+		   "notification", MAC2STR(addr));
+	sta = ap_sta_add(hapd, addr);
+	if (sta == NULL)
+		return -1;
+
+	hostapd_new_assoc_sta(hapd, sta, 0);
+	accounting_sta_get_id(hapd, sta);
+	return 0;
+}
+
+
+static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
+				       void *sock_ctx)
+{
+	struct hostapd_data *hapd = eloop_ctx;
+	char buf[256];
+	int res;
+	struct sockaddr_un from;
+	socklen_t fromlen = sizeof(from);
+	char *reply;
+	const int reply_size = 4096;
+	int reply_len;
+
+	res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
+		       (struct sockaddr *) &from, &fromlen);
+	if (res < 0) {
+		perror("recvfrom(ctrl_iface)");
+		return;
+	}
+	buf[res] = '\0';
+	wpa_hexdump_ascii(MSG_DEBUG, "RX ctrl_iface", (u8 *) buf, res);
+
+	reply = os_malloc(reply_size);
+	if (reply == NULL) {
+		sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
+		       fromlen);
+		return;
+	}
+
+	os_memcpy(reply, "OK\n", 3);
+	reply_len = 3;
+
+	if (os_strcmp(buf, "PING") == 0) {
+		os_memcpy(reply, "PONG\n", 5);
+		reply_len = 5;
+	} else if (os_strcmp(buf, "MIB") == 0) {
+		reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
+		if (reply_len >= 0) {
+			res = wpa_get_mib(hapd->wpa_auth, reply + reply_len,
+					  reply_size - reply_len);
+			if (res < 0)
+				reply_len = -1;
+			else
+				reply_len += res;
+		}
+		if (reply_len >= 0) {
+			res = ieee802_1x_get_mib(hapd, reply + reply_len,
+						 reply_size - reply_len);
+			if (res < 0)
+				reply_len = -1;
+			else
+				reply_len += res;
+		}
+		if (reply_len >= 0) {
+			res = radius_client_get_mib(hapd->radius,
+						    reply + reply_len,
+						    reply_size - reply_len);
+			if (res < 0)
+				reply_len = -1;
+			else
+				reply_len += res;
+		}
+	} else if (os_strcmp(buf, "STA-FIRST") == 0) {
+		reply_len = hostapd_ctrl_iface_sta_first(hapd, reply,
+							 reply_size);
+	} else if (os_strncmp(buf, "STA ", 4) == 0) {
+		reply_len = hostapd_ctrl_iface_sta(hapd, buf + 4, reply,
+						   reply_size);
+	} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
+		reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
+							reply_size);
+	} else if (os_strcmp(buf, "ATTACH") == 0) {
+		if (hostapd_ctrl_iface_attach(hapd, &from, fromlen))
+			reply_len = -1;
+	} else if (os_strcmp(buf, "DETACH") == 0) {
+		if (hostapd_ctrl_iface_detach(hapd, &from, fromlen))
+			reply_len = -1;
+	} else if (os_strncmp(buf, "LEVEL ", 6) == 0) {
+		if (hostapd_ctrl_iface_level(hapd, &from, fromlen,
+						    buf + 6))
+			reply_len = -1;
+	} else if (os_strncmp(buf, "NEW_STA ", 8) == 0) {
+		if (hostapd_ctrl_iface_new_sta(hapd, buf + 8))
+			reply_len = -1;
+	} else {
+		os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
+		reply_len = 16;
+	}
+
+	if (reply_len < 0) {
+		os_memcpy(reply, "FAIL\n", 5);
+		reply_len = 5;
+	}
+	sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from, fromlen);
+	os_free(reply);
+}
+
+
+static char * hostapd_ctrl_iface_path(struct hostapd_data *hapd)
+{
+	char *buf;
+	size_t len;
+
+	if (hapd->conf->ctrl_interface == NULL)
+		return NULL;
+
+	len = os_strlen(hapd->conf->ctrl_interface) +
+		os_strlen(hapd->conf->iface) + 2;
+	buf = os_malloc(len);
+	if (buf == NULL)
+		return NULL;
+
+	os_snprintf(buf, len, "%s/%s",
+		    hapd->conf->ctrl_interface, hapd->conf->iface);
+	buf[len - 1] = '\0';
+	return buf;
+}
+
+
+int hostapd_ctrl_iface_init(struct hostapd_data *hapd)
+{
+	struct sockaddr_un addr;
+	int s = -1;
+	char *fname = NULL;
+
+	hapd->ctrl_sock = -1;
+
+	if (hapd->conf->ctrl_interface == NULL)
+		return 0;
+
+	if (mkdir(hapd->conf->ctrl_interface, S_IRWXU | S_IRWXG) < 0) {
+		if (errno == EEXIST) {
+			wpa_printf(MSG_DEBUG, "Using existing control "
+				   "interface directory.");
+		} else {
+			perror("mkdir[ctrl_interface]");
+			goto fail;
+		}
+	}
+
+	if (hapd->conf->ctrl_interface_gid_set &&
+	    chown(hapd->conf->ctrl_interface, 0,
+		  hapd->conf->ctrl_interface_gid) < 0) {
+		perror("chown[ctrl_interface]");
+		return -1;
+	}
+
+	if (os_strlen(hapd->conf->ctrl_interface) + 1 +
+	    os_strlen(hapd->conf->iface) >= sizeof(addr.sun_path))
+		goto fail;
+
+	s = socket(PF_UNIX, SOCK_DGRAM, 0);
+	if (s < 0) {
+		perror("socket(PF_UNIX)");
+		goto fail;
+	}
+
+	os_memset(&addr, 0, sizeof(addr));
+	addr.sun_family = AF_UNIX;
+	fname = hostapd_ctrl_iface_path(hapd);
+	if (fname == NULL)
+		goto fail;
+	os_strlcpy(addr.sun_path, fname, sizeof(addr.sun_path));
+	if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
+		perror("bind(PF_UNIX)");
+		goto fail;
+	}
+
+	if (hapd->conf->ctrl_interface_gid_set &&
+	    chown(fname, 0, hapd->conf->ctrl_interface_gid) < 0) {
+		perror("chown[ctrl_interface/ifname]");
+		goto fail;
+	}
+
+	if (chmod(fname, S_IRWXU | S_IRWXG) < 0) {
+		perror("chmod[ctrl_interface/ifname]");
+		goto fail;
+	}
+	os_free(fname);
+
+	hapd->ctrl_sock = s;
+	eloop_register_read_sock(s, hostapd_ctrl_iface_receive, hapd,
+				 NULL);
+
+	return 0;
+
+fail:
+	if (s >= 0)
+		close(s);
+	if (fname) {
+		unlink(fname);
+		os_free(fname);
+	}
+	return -1;
+}
+
+
+void hostapd_ctrl_iface_deinit(struct hostapd_data *hapd)
+{
+	struct wpa_ctrl_dst *dst, *prev;
+
+	if (hapd->ctrl_sock > -1) {
+		char *fname;
+		eloop_unregister_read_sock(hapd->ctrl_sock);
+		close(hapd->ctrl_sock);
+		hapd->ctrl_sock = -1;
+		fname = hostapd_ctrl_iface_path(hapd);
+		if (fname)
+			unlink(fname);
+		os_free(fname);
+
+		if (hapd->conf->ctrl_interface &&
+		    rmdir(hapd->conf->ctrl_interface) < 0) {
+			if (errno == ENOTEMPTY) {
+				wpa_printf(MSG_DEBUG, "Control interface "
+					   "directory not empty - leaving it "
+					   "behind");
+			} else {
+				perror("rmdir[ctrl_interface]");
+			}
+		}
+	}
+
+	dst = hapd->ctrl_dst;
+	while (dst) {
+		prev = dst;
+		dst = dst->next;
+		os_free(prev);
+	}
+}
+
+
+void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level,
+			     char *buf, size_t len)
+{
+	struct wpa_ctrl_dst *dst, *next;
+	struct msghdr msg;
+	int idx;
+	struct iovec io[2];
+	char levelstr[10];
+
+	dst = hapd->ctrl_dst;
+	if (hapd->ctrl_sock < 0 || dst == NULL)
+		return;
+
+	os_snprintf(levelstr, sizeof(levelstr), "<%d>", level);
+	io[0].iov_base = levelstr;
+	io[0].iov_len = os_strlen(levelstr);
+	io[1].iov_base = buf;
+	io[1].iov_len = len;
+	os_memset(&msg, 0, sizeof(msg));
+	msg.msg_iov = io;
+	msg.msg_iovlen = 2;
+
+	idx = 0;
+	while (dst) {
+		next = dst->next;
+		if (level >= dst->debug_level) {
+			wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor send",
+				    (u8 *) dst->addr.sun_path, dst->addrlen);
+			msg.msg_name = &dst->addr;
+			msg.msg_namelen = dst->addrlen;
+			if (sendmsg(hapd->ctrl_sock, &msg, 0) < 0) {
+				fprintf(stderr, "CTRL_IFACE monitor[%d]: ",
+					idx);
+				perror("sendmsg");
+				dst->errors++;
+				if (dst->errors > 10) {
+					hostapd_ctrl_iface_detach(
+						hapd, &dst->addr,
+						dst->addrlen);
+				}
+			} else
+				dst->errors = 0;
+		}
+		idx++;
+		dst = next;
+	}
+}
+
+#endif /* CONFIG_NATIVE_WINDOWS */

hostapd/ctrl_iface.h

@@ -0,0 +1,23 @@
+/*
+ * hostapd / UNIX domain socket -based control interface
+ * Copyright (c) 2004, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef CTRL_IFACE_H
+#define CTRL_IFACE_H
+
+int hostapd_ctrl_iface_init(struct hostapd_data *hapd);
+void hostapd_ctrl_iface_deinit(struct hostapd_data *hapd);
+void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level,
+			     char *buf, size_t len);
+
+#endif /* CTRL_IFACE_H */

hostapd/defconfig

@@ -0,0 +1,119 @@
+# Example hostapd build time configuration
+#
+# This file lists the configuration options that are used when building the
+# hostapd binary. All lines starting with # are ignored. Configuration option
+# lines must be commented out complete, if they are not to be included, i.e.,
+# just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cass, these lines should use += in order not
+# to override previous values of the variables.
+
+# Driver interface for Host AP driver
+CONFIG_DRIVER_HOSTAP=y
+
+# Driver interface for wired authenticator
+#CONFIG_DRIVER_WIRED=y
+
+# Driver interface for madwifi driver
+#CONFIG_DRIVER_MADWIFI=y
+#CFLAGS += -I../head # change to reflect local setup; directory for madwifi src
+
+# Driver interface for Prism54 driver
+#CONFIG_DRIVER_PRISM54=y
+
+# Driver interface for drivers using the nl80211 kernel interface
+#CONFIG_DRIVER_NL80211=y
+# driver_nl80211.c requires a rather new libnl, probably not
+# shipped with your distribution yet
+#LIBNL=/usr/src/libnl
+#CFLAGS += -I$(LIBNL)/include
+#LIBS += -L$(LIBNL)/lib
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+
+# IEEE 802.11F/IAPP
+CONFIG_IAPP=y
+
+# WPA2/IEEE 802.11i RSN pre-authentication
+CONFIG_RSN_PREAUTH=y
+
+# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
+CONFIG_PEERKEY=y
+
+# IEEE 802.11w (management frame protection)
+# This version is an experimental implementation based on IEEE 802.11w/D1.0
+# draft and is subject to change since the standard has not yet been finalized.
+# Driver support is also needed for IEEE 802.11w.
+#CONFIG_IEEE80211W=y
+
+# Integrated EAP server
+CONFIG_EAP=y
+
+# EAP-MD5 for the integrated EAP server
+CONFIG_EAP_MD5=y
+
+# EAP-TLS for the integrated EAP server
+CONFIG_EAP_TLS=y
+
+# EAP-MSCHAPv2 for the integrated EAP server
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-PEAP for the integrated EAP server
+CONFIG_EAP_PEAP=y
+
+# EAP-GTC for the integrated EAP server
+CONFIG_EAP_GTC=y
+
+# EAP-TTLS for the integrated EAP server
+CONFIG_EAP_TTLS=y
+
+# EAP-SIM for the integrated EAP server
+#CONFIG_EAP_SIM=y
+
+# EAP-AKA for the integrated EAP server
+#CONFIG_EAP_AKA=y
+
+# EAP-PAX for the integrated EAP server
+#CONFIG_EAP_PAX=y
+
+# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-SAKE for the integrated EAP server
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK for the integrated EAP server
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-FAST for the integrated EAP server
+# Note: Default OpenSSL package does not include support for all the
+# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL,
+# the OpenSSL library must be patched (openssl-0.9.9-session-ticket.patch)
+# to add the needed functions.
+#CONFIG_EAP_FAST=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# RADIUS authentication server. This provides access to the integrated EAP
+# server from external hosts using RADIUS.
+#CONFIG_RADIUS_SERVER=y
+
+# Build IPv6 support for RADIUS operations
+CONFIG_IPV6=y
+
+# IEEE 802.11r/D4.1 (Fast BSS Transition)
+# This enables an experimental implementation of a draft version of
+# IEEE 802.11r. This draft is still subject to change, so it should be noted
+# that this version may not comply with the final standard.
+#CONFIG_IEEE80211R=y

hostapd/developer.txt

@@ -0,0 +1,219 @@
+Developer notes for hostapd
+===========================
+
+hostapd daemon setup, operations, and shutdown
+----------------------------------------------
+
+Files: hostapd.[ch]
+
+Externally called functions:
+  hostapd_new_assoc_sta() is called when a station associates with the AP
+
+Event loop functions:
+  handle_term() is called on SIGINT and SIGTERM to terminate hostapd process
+  handle_reload() is called on SIGHUP to reload configuration
+  handle_dump_state() is called on SIGUSR1 to dump station state data to a
+	text file
+  hostapd_rotate_wep() is called to periodically change WEP keys
+
+
+Configuration parsing
+---------------------
+
+Configuration file parsing and data structure definition.
+
+Files: config.[ch]
+
+Externally called functions:
+  hostapd_config_read() is called to read and parse a configuration file;
+	allocates and returns configuration data structure
+  hostapd_config_free() is called to free configuration data structure
+  hostapd_maclist_found() is called to check whether a given address is found
+	in a list of MAC addresses
+
+
+Kernel driver access
+--------------------
+
+Helper functions for configuring the Host AP kernel driver and
+accessing data from it.
+
+Files: driver.[ch]
+
+
+IEEE 802.11 frame handling (netdevice wlan#ap)
+----------------------------------------------
+
+Receive all incoming IEEE 802.11 frames from the kernel driver via
+wlan#ap interface.
+
+Files: receive.c
+
+Externally called functions:
+  hostapd_init_sockets() is called to initialize sockets for receiving and
+	sending IEEE 802.11 frames via wlan#ap interface
+
+Event loop functions:
+  handle_read() is called for each incoming packet from wlan#ap net device
+
+
+Station table
+-------------
+
+Files: sta_info.[ch], ap.h
+
+Event loop functions:
+  ap_handle_timer() is called to check station activity and to remove
+	inactive stations
+
+
+IEEE 802.11 management
+----------------------
+
+IEEE 802.11 management frame sending and processing (mainly,
+authentication and association). IEEE 802.11 station functionality
+(authenticate and associate with another AP as an station).
+
+Files: ieee802_11.[ch]
+
+Externally called functions:
+  ieee802_11_mgmt() is called for each received IEEE 802.11 management frame
+	(from handle_frame() in hostapd.c)
+  ieee802_11_mgmt_cb() is called for each received TX callback of IEEE 802.11
+	management frame (from handle_tx_callback() in hostapd.c)
+  ieee802_11_send_deauth() is called to send deauthentication frame
+  ieee802_11_send_disassoc() is called to send disassociation frame
+  ieee802_11_parse_elems() is used to parse information elements in
+	IEEE 802.11 management frames
+
+Event loop functions:
+  ieee802_11_sta_authenticate() called to retry authentication (with another
+	AP)
+  ieee802_11_sta_associate() called to retry association (with another AP)
+
+
+IEEE 802.11 authentication
+--------------------------
+
+Access control list for IEEE 802.11 authentication. Uses staticly
+configured ACL from configuration files or an external RADIUS
+server. Results from external RADIUS queries are cached to allow
+faster authentication frame processing.
+
+Files: ieee802_11_auth.[ch]
+
+Externally called functions:
+  hostapd_acl_init() called once during hostapd startup
+  hostapd_acl_deinit() called once during hostapd shutdown
+  hostapd_acl_recv_radius() called by IEEE 802.1X code for incoming RADIUS
+	Authentication messages (returns 0 if message was processed)
+  hostapd_allowed_address() called to check whether a specified station can be
+	authenticated
+
+Event loop functions:
+  hostapd_acl_expire() is called to expire ACL cache entries
+
+
+IEEE 802.1X Authenticator
+-------------------------
+
+Files: ieee802_1x.[ch]
+
+
+Externally called functions:
+  ieee802_1x_receive() is called for each incoming EAPOL frame from the
+	wireless interface
+  ieee802_1x_new_station() is called to start IEEE 802.1X authentication when
+	a new station completes IEEE 802.11 association
+
+Event loop functions:
+  ieee802_1x_receive_auth() called for each incoming RADIUS Authentication
+	message
+
+
+EAPOL state machine
+-------------------
+
+IEEE 802.1X state machine for EAPOL.
+
+Files: eapol_sm.[ch]
+
+Externally called functions:
+  eapol_sm_step() is called to advance EAPOL state machines after any change
+	that could affect their state
+
+Event loop functions:
+  eapol_port_timers_tick() called once per second to advance Port Timers state
+	machine
+
+
+IEEE 802.11f (IAPP)
+-------------------
+
+Files: iapp.[ch]
+
+Externally called functions:
+  iapp_new_station() is called to start accounting session when a new station
+	completes IEEE 802.11 association or IEEE 802.1X authentication
+
+Event loop functions:
+  iapp_receive_udp() is called for incoming IAPP frames over UDP
+
+
+Per station accounting
+----------------------
+
+Send RADIUS Accounting start and stop messages to a RADIUS Accounting
+server. Process incoming RADIUS Accounting messages.
+
+Files: accounting.[ch]
+
+Externally called functions:
+  accounting_init() called once during hostapd startup
+  accounting_deinit() called once during hostapd shutdown
+  accounting_sta_start() called when a station starts new session
+  accounting_sta_stop() called when a station session is terminated
+
+Event loop functions:
+  accounting_receive() called for each incoming RADIUS Accounting message
+  accounting_list_timer() called to retransmit accounting messages and to
+	remove expired entries
+
+
+RADIUS messages
+---------------
+
+RADIUS message generation and parsing functions.
+
+Files: radius.[ch]
+
+
+Event loop
+----------
+
+Event loop for registering timeout calls, signal handlers, and socket
+read events.
+
+Files: eloop.[ch]
+
+
+RC4
+---
+
+RC4 encryption
+
+Files: rc4.[ch]
+
+
+MD5
+---
+
+MD5 hash and HMAC-MD5.
+
+Files: md5.[ch]
+
+
+Miscellaneous helper functions
+------------------------------
+
+Files: common.[ch]

hostapd/doc/.gitignore

@@ -0,0 +1,4 @@
+html
+latex
+hostapd.eps
+hostapd.png

hostapd/doc/code_structure.doxygen

@@ -0,0 +1,5 @@
+/**
+\page code_structure Structure of the source code
+
+
+*/

hostapd/doc/ctrl_iface.doxygen

@@ -0,0 +1,66 @@
+/**
+\page ctrl_iface_page Control interface
+
+hostapd implements a control interface that can be used by
+external programs to control the operations of the hostapd
+daemon and to get status information and event notifications. There is
+a small C library, in a form of a single C file, wpa_ctrl.c, that
+provides helper functions to facilitate the use of the control
+interface. External programs can link this file into them and then use
+the library functions documented in wpa_ctrl.h to interact with
+%wpa_supplicant. This library can also be used with C++. hostapd_cli.c
+is an example program using this library.
+
+There are multiple mechanisms for inter-process communication. For
+example, Linux version of hostapd is using UNIX domain sockets for the
+control interface. The use of the functions defined in wpa_ctrl.h can
+be used to hide the details of the used IPC from external programs.
+
+
+\section using_ctrl_iface Using the control interface
+
+External programs, e.g., a GUI or a configuration utility, that need to
+communicate with hostapd should link in wpa_ctrl.c. This
+allows them to use helper functions to open connection to the control
+interface with wpa_ctrl_open() and to send commands with
+wpa_ctrl_request().
+
+hostapd uses the control interface for two types of communication:
+commands and unsolicited event messages. Commands are a pair of
+messages, a request from the external program and a response from
+hostapd. These can be executed using wpa_ctrl_request().
+Unsolicited event messages are sent by hostapd to the control
+interface connection without specific request from the external program
+for receiving each message. However, the external program needs to
+attach to the control interface with wpa_ctrl_attach() to receive these
+unsolicited messages.
+
+If the control interface connection is used both for commands and
+unsolicited event messages, there is potential for receiving an
+unsolicited message between the command request and response.
+wpa_ctrl_request() caller will need to supply a callback, msg_cb,
+for processing these messages. Often it is easier to open two
+control interface connections by calling wpa_ctrl_open() twice and
+then use one of the connections for commands and the other one for
+unsolicited messages. This way command request/response pairs will
+not be broken by unsolicited messages. wpa_cli is an example of how
+to use only one connection for both purposes and wpa_gui demonstrates
+how to use two separate connections.
+
+Once the control interface connection is not needed anymore, it should
+be closed by calling wpa_ctrl_close(). If the connection was used for
+unsolicited event messages, it should be first detached by calling
+wpa_ctrl_detach().
+
+
+\section ctrl_iface_cmds Control interface commands
+
+Following commands can be used with wpa_ctrl_request():
+
+\subsection ctrl_iface_PING PING
+
+This command can be used to test whether hostapd is replying
+to the control interface commands. The expected reply is \c PONG if the
+connection is open and hostapd is processing commands.
+
+*/

hostapd/doc/doxygen.fast

@@ -0,0 +1,233 @@
+# Doxyfile 1.4.4
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+PROJECT_NAME           = hostapd
+PROJECT_NUMBER         = 0.5.x
+OUTPUT_DIRECTORY       = doc
+CREATE_SUBDIRS         = NO
+OUTPUT_LANGUAGE        = English
+USE_WINDOWS_ENCODING   = NO
+BRIEF_MEMBER_DESC      = YES
+REPEAT_BRIEF           = YES
+ABBREVIATE_BRIEF       = "The $name class" \
+                         "The $name widget" \
+                         "The $name file" \
+                         is \
+                         provides \
+                         specifies \
+                         contains \
+                         represents \
+                         a \
+                         an \
+                         the
+ALWAYS_DETAILED_SEC    = NO
+INLINE_INHERITED_MEMB  = NO
+FULL_PATH_NAMES        = YES
+STRIP_FROM_PATH        =
+STRIP_FROM_INC_PATH    = 
+SHORT_NAMES            = NO
+JAVADOC_AUTOBRIEF      = NO
+MULTILINE_CPP_IS_BRIEF = NO
+DETAILS_AT_TOP         = NO
+INHERIT_DOCS           = YES
+DISTRIBUTE_GROUP_DOC   = NO
+SEPARATE_MEMBER_PAGES  = NO
+TAB_SIZE               = 8
+ALIASES                = 
+OPTIMIZE_OUTPUT_FOR_C  = YES
+OPTIMIZE_OUTPUT_JAVA   = NO
+SUBGROUPING            = YES
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+EXTRACT_ALL            = NO
+EXTRACT_PRIVATE        = NO
+EXTRACT_STATIC         = NO
+EXTRACT_LOCAL_CLASSES  = YES
+EXTRACT_LOCAL_METHODS  = NO
+HIDE_UNDOC_MEMBERS     = NO
+HIDE_UNDOC_CLASSES     = NO
+HIDE_FRIEND_COMPOUNDS  = NO
+HIDE_IN_BODY_DOCS      = NO
+INTERNAL_DOCS          = NO
+CASE_SENSE_NAMES       = YES
+HIDE_SCOPE_NAMES       = NO
+SHOW_INCLUDE_FILES     = YES
+INLINE_INFO            = YES
+SORT_MEMBER_DOCS       = YES
+SORT_BRIEF_DOCS        = NO
+SORT_BY_SCOPE_NAME     = NO
+GENERATE_TODOLIST      = YES
+GENERATE_TESTLIST      = YES
+GENERATE_BUGLIST       = YES
+GENERATE_DEPRECATEDLIST= YES
+ENABLED_SECTIONS       = 
+MAX_INITIALIZER_LINES  = 30
+SHOW_USED_FILES        = YES
+SHOW_DIRECTORIES       = NO
+FILE_VERSION_FILTER    = 
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+QUIET                  = NO
+WARNINGS               = YES
+WARN_IF_UNDOCUMENTED   = YES
+WARN_IF_DOC_ERROR      = YES
+WARN_NO_PARAMDOC       = YES
+WARN_FORMAT            = "$file:$line: $text"
+WARN_LOGFILE           = 
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+INPUT                  = . \
+	../wpa_supplicant/eap_sim_common.c \
+	../wpa_supplicant/eap_sim_common.h
+FILE_PATTERNS          = *.c *.h *.doxygen
+RECURSIVE              = YES
+EXCLUDE                = 
+EXCLUDE_SYMLINKS       = NO
+EXCLUDE_PATTERNS       = 
+EXAMPLE_PATH           = 
+EXAMPLE_PATTERNS       = *
+EXAMPLE_RECURSIVE      = NO
+IMAGE_PATH             = doc
+INPUT_FILTER           = doc/kerneldoc2doxygen.pl
+FILTER_PATTERNS        = 
+FILTER_SOURCE_FILES    = YES
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+SOURCE_BROWSER         = YES
+INLINE_SOURCES         = NO
+STRIP_CODE_COMMENTS    = YES
+REFERENCED_BY_RELATION = NO
+REFERENCES_RELATION    = NO
+VERBATIM_HEADERS       = NO
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+ALPHABETICAL_INDEX     = YES
+COLS_IN_ALPHA_INDEX    = 3
+IGNORE_PREFIX          = 
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+GENERATE_HTML          = YES
+HTML_OUTPUT            = html
+HTML_FILE_EXTENSION    = .html
+HTML_HEADER            = 
+HTML_FOOTER            = 
+HTML_STYLESHEET        = 
+HTML_ALIGN_MEMBERS     = YES
+GENERATE_HTMLHELP      = NO
+CHM_FILE               = 
+HHC_LOCATION           = 
+GENERATE_CHI           = NO
+BINARY_TOC             = NO
+TOC_EXPAND             = NO
+DISABLE_INDEX          = NO
+ENUM_VALUES_PER_LINE   = 4
+GENERATE_TREEVIEW      = NO
+TREEVIEW_WIDTH         = 250
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+GENERATE_LATEX         = NO
+LATEX_OUTPUT           = latex
+LATEX_CMD_NAME         = latex
+MAKEINDEX_CMD_NAME     = makeindex
+COMPACT_LATEX          = NO
+PAPER_TYPE             = a4wide
+EXTRA_PACKAGES         = 
+LATEX_HEADER           = 
+PDF_HYPERLINKS         = YES
+USE_PDFLATEX           = YES
+LATEX_BATCHMODE        = NO
+LATEX_HIDE_INDICES     = NO
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+GENERATE_RTF           = NO
+RTF_OUTPUT             = rtf
+COMPACT_RTF            = NO
+RTF_HYPERLINKS         = NO
+RTF_STYLESHEET_FILE    = 
+RTF_EXTENSIONS_FILE    = 
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+GENERATE_MAN           = NO
+MAN_OUTPUT             = man
+MAN_EXTENSION          = .3
+MAN_LINKS              = NO
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+GENERATE_XML           = NO
+XML_OUTPUT             = xml
+XML_SCHEMA             = 
+XML_DTD                = 
+XML_PROGRAMLISTING     = YES
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+GENERATE_AUTOGEN_DEF   = NO
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+GENERATE_PERLMOD       = NO
+PERLMOD_LATEX          = NO
+PERLMOD_PRETTY         = YES
+PERLMOD_MAKEVAR_PREFIX = 
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor   
+#---------------------------------------------------------------------------
+ENABLE_PREPROCESSING   = YES
+MACRO_EXPANSION        = NO
+EXPAND_ONLY_PREDEF     = NO
+SEARCH_INCLUDES        = YES
+INCLUDE_PATH           = 
+INCLUDE_FILE_PATTERNS  = 
+PREDEFINED             = RADIUS_SERVER EAP_SERVER EAP_SIM
+EXPAND_AS_DEFINED      = 
+SKIP_FUNCTION_MACROS   = YES
+#---------------------------------------------------------------------------
+# Configuration::additions related to external references   
+#---------------------------------------------------------------------------
+TAGFILES               = 
+GENERATE_TAGFILE       = 
+ALLEXTERNALS           = NO
+EXTERNAL_GROUPS        = YES
+PERL_PATH              = /usr/bin/perl
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool   
+#---------------------------------------------------------------------------
+CLASS_DIAGRAMS         = NO
+HIDE_UNDOC_RELATIONS   = YES
+HAVE_DOT               = NO
+CLASS_GRAPH            = YES
+COLLABORATION_GRAPH    = YES
+GROUP_GRAPHS           = YES
+UML_LOOK               = NO
+TEMPLATE_RELATIONS     = NO
+INCLUDE_GRAPH          = YES
+INCLUDED_BY_GRAPH      = YES
+CALL_GRAPH             = YES
+GRAPHICAL_HIERARCHY    = YES
+DIRECTORY_GRAPH        = NO
+DOT_IMAGE_FORMAT       = png
+DOT_PATH               = 
+DOTFILE_DIRS           = 
+MAX_DOT_GRAPH_WIDTH    = 1024
+MAX_DOT_GRAPH_HEIGHT   = 1024
+MAX_DOT_GRAPH_DEPTH    = 1000
+DOT_TRANSPARENT        = NO
+DOT_MULTI_TARGETS      = NO
+GENERATE_LEGEND        = YES
+DOT_CLEANUP            = YES
+#---------------------------------------------------------------------------
+# Configuration::additions related to the search engine   
+#---------------------------------------------------------------------------
+SEARCHENGINE           = NO

hostapd/doc/doxygen.full

@@ -0,0 +1,230 @@
+# Doxyfile 1.4.1
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+PROJECT_NAME           = hostapd
+PROJECT_NUMBER         = 0.5.x
+OUTPUT_DIRECTORY       = doc
+CREATE_SUBDIRS         = NO
+OUTPUT_LANGUAGE        = English
+USE_WINDOWS_ENCODING   = NO
+BRIEF_MEMBER_DESC      = YES
+REPEAT_BRIEF           = YES
+ABBREVIATE_BRIEF       = "The $name class" \
+                         "The $name widget" \
+                         "The $name file" \
+                         is \
+                         provides \
+                         specifies \
+                         contains \
+                         represents \
+                         a \
+                         an \
+                         the
+ALWAYS_DETAILED_SEC    = NO
+INLINE_INHERITED_MEMB  = NO
+FULL_PATH_NAMES        = YES
+STRIP_FROM_PATH        =
+STRIP_FROM_INC_PATH    = 
+SHORT_NAMES            = NO
+JAVADOC_AUTOBRIEF      = NO
+MULTILINE_CPP_IS_BRIEF = NO
+DETAILS_AT_TOP         = NO
+INHERIT_DOCS           = YES
+DISTRIBUTE_GROUP_DOC   = NO
+TAB_SIZE               = 8
+ALIASES                = 
+OPTIMIZE_OUTPUT_FOR_C  = YES
+OPTIMIZE_OUTPUT_JAVA   = NO
+SUBGROUPING            = YES
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+EXTRACT_ALL            = NO
+EXTRACT_PRIVATE        = NO
+EXTRACT_STATIC         = NO
+EXTRACT_LOCAL_CLASSES  = YES
+EXTRACT_LOCAL_METHODS  = NO
+HIDE_UNDOC_MEMBERS     = NO
+HIDE_UNDOC_CLASSES     = NO
+HIDE_FRIEND_COMPOUNDS  = NO
+HIDE_IN_BODY_DOCS      = NO
+INTERNAL_DOCS          = NO
+CASE_SENSE_NAMES       = YES
+HIDE_SCOPE_NAMES       = NO
+SHOW_INCLUDE_FILES     = YES
+INLINE_INFO            = YES
+SORT_MEMBER_DOCS       = YES
+SORT_BRIEF_DOCS        = NO
+SORT_BY_SCOPE_NAME     = NO
+GENERATE_TODOLIST      = YES
+GENERATE_TESTLIST      = YES
+GENERATE_BUGLIST       = YES
+GENERATE_DEPRECATEDLIST= YES
+ENABLED_SECTIONS       = 
+MAX_INITIALIZER_LINES  = 30
+SHOW_USED_FILES        = YES
+SHOW_DIRECTORIES       = NO
+FILE_VERSION_FILTER    = 
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+QUIET                  = NO
+WARNINGS               = YES
+WARN_IF_UNDOCUMENTED   = YES
+WARN_IF_DOC_ERROR      = YES
+WARN_NO_PARAMDOC       = YES
+WARN_FORMAT            = "$file:$line: $text"
+WARN_LOGFILE           = 
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+INPUT                  = .
+FILE_PATTERNS          = *.c *.h *.doxygen
+RECURSIVE              = YES
+EXCLUDE                = 
+EXCLUDE_SYMLINKS       = NO
+EXCLUDE_PATTERNS       = 
+EXAMPLE_PATH           = 
+EXAMPLE_PATTERNS       = *
+EXAMPLE_RECURSIVE      = NO
+IMAGE_PATH             = doc
+INPUT_FILTER           = kerneldoc2doxygen.pl
+FILTER_PATTERNS        = 
+FILTER_SOURCE_FILES    = YES
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+SOURCE_BROWSER         = YES
+INLINE_SOURCES         = NO
+STRIP_CODE_COMMENTS    = YES
+REFERENCED_BY_RELATION = NO
+REFERENCES_RELATION    = NO
+VERBATIM_HEADERS       = NO
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+ALPHABETICAL_INDEX     = YES
+COLS_IN_ALPHA_INDEX    = 3
+IGNORE_PREFIX          = 
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+GENERATE_HTML          = YES
+HTML_OUTPUT            = html
+HTML_FILE_EXTENSION    = .html
+HTML_HEADER            = 
+HTML_FOOTER            = 
+HTML_STYLESHEET        = 
+HTML_ALIGN_MEMBERS     = YES
+GENERATE_HTMLHELP      = NO
+CHM_FILE               = 
+HHC_LOCATION           = 
+GENERATE_CHI           = NO
+BINARY_TOC             = NO
+TOC_EXPAND             = NO
+DISABLE_INDEX          = NO
+ENUM_VALUES_PER_LINE   = 4
+GENERATE_TREEVIEW      = NO
+TREEVIEW_WIDTH         = 250
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+GENERATE_LATEX         = YES
+LATEX_OUTPUT           = latex
+LATEX_CMD_NAME         = latex
+MAKEINDEX_CMD_NAME     = makeindex
+COMPACT_LATEX          = NO
+PAPER_TYPE             = a4wide
+EXTRA_PACKAGES         = 
+LATEX_HEADER           = 
+PDF_HYPERLINKS         = YES
+USE_PDFLATEX           = YES
+LATEX_BATCHMODE        = NO
+LATEX_HIDE_INDICES     = NO
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+GENERATE_RTF           = NO
+RTF_OUTPUT             = rtf
+COMPACT_RTF            = NO
+RTF_HYPERLINKS         = NO
+RTF_STYLESHEET_FILE    = 
+RTF_EXTENSIONS_FILE    = 
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+GENERATE_MAN           = NO
+MAN_OUTPUT             = man
+MAN_EXTENSION          = .3
+MAN_LINKS              = NO
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+GENERATE_XML           = NO
+XML_OUTPUT             = xml
+XML_SCHEMA             = 
+XML_DTD                = 
+XML_PROGRAMLISTING     = YES
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+GENERATE_AUTOGEN_DEF   = NO
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+GENERATE_PERLMOD       = NO
+PERLMOD_LATEX          = NO
+PERLMOD_PRETTY         = YES
+PERLMOD_MAKEVAR_PREFIX = 
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor   
+#---------------------------------------------------------------------------
+ENABLE_PREPROCESSING   = YES
+MACRO_EXPANSION        = NO
+EXPAND_ONLY_PREDEF     = NO
+SEARCH_INCLUDES        = YES
+INCLUDE_PATH           = 
+INCLUDE_FILE_PATTERNS  = 
+PREDEFINED             = RADIUS_SERVER EAP_SERVER EAP_SIM
+EXPAND_AS_DEFINED      = 
+SKIP_FUNCTION_MACROS   = YES
+#---------------------------------------------------------------------------
+# Configuration::additions related to external references   
+#---------------------------------------------------------------------------
+TAGFILES               = 
+GENERATE_TAGFILE       = 
+ALLEXTERNALS           = NO
+EXTERNAL_GROUPS        = YES
+PERL_PATH              = /usr/bin/perl
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool   
+#---------------------------------------------------------------------------
+CLASS_DIAGRAMS         = NO
+HIDE_UNDOC_RELATIONS   = YES
+HAVE_DOT               = YES
+CLASS_GRAPH            = YES
+COLLABORATION_GRAPH    = YES
+GROUP_GRAPHS           = YES
+UML_LOOK               = NO
+TEMPLATE_RELATIONS     = NO
+INCLUDE_GRAPH          = YES
+INCLUDED_BY_GRAPH      = YES
+CALL_GRAPH             = YES
+GRAPHICAL_HIERARCHY    = YES
+DIRECTORY_GRAPH        = NO
+DOT_IMAGE_FORMAT       = png
+DOT_PATH               = 
+DOTFILE_DIRS           = 
+MAX_DOT_GRAPH_WIDTH    = 1024
+MAX_DOT_GRAPH_HEIGHT   = 1024
+MAX_DOT_GRAPH_DEPTH    = 1000
+DOT_TRANSPARENT        = NO
+DOT_MULTI_TARGETS      = NO
+GENERATE_LEGEND        = YES
+DOT_CLEANUP            = YES
+#---------------------------------------------------------------------------
+# Configuration::additions related to the search engine   
+#---------------------------------------------------------------------------
+SEARCHENGINE           = YES

hostapd/doc/driver_wrapper.doxygen

@@ -0,0 +1,20 @@
+/**
+\page driver_wrapper Driver wrapper implementation (driver.h, drivers.c)
+
+All hardware and driver dependent functionality is in separate C files
+that implement defined wrapper functions. Other parts
+of the hostapd are designed to be hardware, driver, and operating
+system independent.
+
+Driver wrappers need to implement whatever calls are used in the
+target operating system/driver for controlling wireless LAN
+devices. As an example, in case of Linux, these are mostly some glue
+code and ioctl() calls and netlink message parsing for Linux Wireless
+Extensions (WE). Since features required for WPA were added only recently to
+Linux Wireless Extensions (in version 18), some driver specific code is used
+in number of driver interface implementations. These driver dependent parts
+can be replaced with generic code in driver_wext.c once the target driver
+includes full support for WE-18. After that, all Linux drivers, at
+least in theory, could use the same driver wrapper code.
+
+*/

hostapd/doc/eap.doxygen

@@ -0,0 +1,56 @@
+/**
+\page eap_module EAP server implementation
+
+Extensible Authentication Protocol (EAP) is an authentication framework
+defined in RFC 3748. hostapd uses a separate code module for EAP server
+implementation. This module was designed to use only a minimal set of
+direct function calls (mainly, to debug/event functions) in order for
+it to be usable in other programs. The design of the EAP
+implementation is based loosely on RFC 4137. The state machine is
+defined in this RFC and so is the interface between the server state
+machine and methods. As such, this RFC provides useful information for
+understanding the EAP server implementation in hostapd.
+
+Some of the terminology used in EAP state machine is referring to
+EAPOL (IEEE 802.1X), but there is no strict requirement on the lower
+layer being IEEE 802.1X if EAP module is built for other programs than
+%wpa_supplicant. These terms should be understood to refer to the
+lower layer as defined in RFC 4137.
+
+
+\section adding_eap_methods Adding EAP methods
+
+Each EAP method is implemented as a separate module, usually as one C
+file named eap_<name of the method>.c, e.g., eap_md5.c. All EAP
+methods use the same interface between the server state machine and
+method specific functions. This allows new EAP methods to be added
+without modifying the core EAP state machine implementation.
+
+New EAP methods need to be registered by adding them into the build
+(Makefile) and the EAP method registration list in the
+eap_server_register_methods() function of eap_methods.c. Each EAP
+method should use a build-time configuration option, e.g., EAP_TLS, in
+order to make it possible to select which of the methods are included
+in the build.
+
+EAP methods must implement the interface defined in eap_i.h. struct
+eap_method defines the needed function pointers that each EAP method
+must provide. In addition, the EAP type and name are registered using
+this structure. This interface is based on section 4.4 of RFC 4137.
+
+It is recommended that the EAP methods would use generic helper
+functions, eap_msg_alloc() and eap_hdr_validate() when processing
+messages. This allows code sharing and can avoid missing some of the
+needed validation steps for received packets. In addition, these
+functions make it easier to change between expanded and legacy EAP
+header, if needed.
+
+When adding an EAP method that uses a vendor specific EAP type
+(Expanded Type as defined in RFC 3748, Chapter 5.7), the new method
+must be registered by passing vendor id instead of EAP_VENDOR_IETF to
+eap_server_method_alloc(). These methods must not try to emulate
+expanded types by registering a legacy EAP method for type 254. See
+eap_vendor_test.c for an example of an EAP method implementation that
+is implemented as an expanded type.
+
+*/

hostapd/doc/hostapd.fig

@@ -0,0 +1,264 @@
+#FIG 3.2
+Landscape
+Center
+Inches
+Letter  
+100.00
+Single
+-2
+1200 2
+6 1875 4050 2925 4350
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 1875 4050 2925 4050 2925 4350 1875 4350 1875 4050
+4 0 0 50 -1 0 12 0.0000 4 180 735 2025 4275 l2_packet\001
+-6
+6 4725 1200 5925 1500
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 4725 1200 5925 1200 5925 1500 4725 1500 4725 1200
+4 0 0 50 -1 0 12 0.0000 4 135 1005 4800 1425 GUI frontend\001
+-6
+6 6000 2700 7200 3225
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 6000 2700 7200 2700 7200 3225 6000 3225 6000 2700
+4 0 0 50 -1 0 12 0.0000 4 135 975 6075 2925 WPA/WPA2\001
+4 0 0 50 -1 0 12 0.0000 4 135 1065 6075 3150 state machine\001
+-6
+6 6000 4950 7200 5475
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 6000 4950 7200 4950 7200 5475 6000 5475 6000 4950
+4 0 0 50 -1 0 12 0.0000 4 135 360 6075 5175 EAP\001
+4 0 0 50 -1 0 12 0.0000 4 135 1065 6075 5400 state machine\001
+-6
+6 4350 3900 5025 4425
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 4350 3900 5025 3900 5025 4425 4350 4425 4350 3900
+4 0 0 50 -1 0 12 0.0000 4 105 420 4500 4125 event\001
+4 0 0 50 -1 0 12 0.0000 4 180 315 4500 4350 loop\001
+-6
+6 4275 2550 5100 2850
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 4275 2550 5100 2550 5100 2850 4275 2850 4275 2550
+4 0 0 50 -1 0 12 0.0000 4 135 450 4425 2775 ctrl i/f\001
+-6
+6 6000 3900 7200 4425
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 6000 3900 7200 3900 7200 4425 6000 4425 6000 3900
+4 0 0 50 -1 0 12 0.0000 4 135 600 6075 4125 EAPOL\001
+4 0 0 50 -1 0 12 0.0000 4 135 1065 6075 4350 state machine\001
+-6
+6 2775 3150 4050 3450
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 2775 3150 4050 3150 4050 3450 2775 3450 2775 3150
+4 0 0 50 -1 0 12 0.0000 4 180 990 2925 3375 configuration\001
+-6
+6 3450 1200 4575 1500
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 3450 1200 4575 1200 4575 1500 3450 1500 3450 1200
+4 0 0 50 -1 0 12 0.0000 4 180 870 3600 1425 hostapd_cli\001
+-6
+6 3525 7800 5775 8100
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 3525 7800 5775 7800 5775 8100 3525 8100 3525 7800
+4 0 0 50 -1 0 12 0.0000 4 135 2145 3600 8025 kernel network device driver\001
+-6
+6 4275 6000 5100 6300
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 4275 6000 5100 6000 5100 6300 4275 6300 4275 6000
+4 0 0 50 -1 0 12 0.0000 4 135 630 4350 6225 driver i/f\001
+-6
+6 8175 4725 9225 5025
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 8175 4725 9225 4725 9225 5025 8175 5025 8175 4725
+4 0 0 50 -1 0 12 0.0000 4 135 735 8250 4950 EAP-TLS\001
+-6
+6 9300 4725 10350 5025
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 9300 4725 10350 4725 10350 5025 9300 5025 9300 4725
+4 0 0 50 -1 0 12 0.0000 4 135 810 9375 4950 EAP-MD5\001
+-6
+6 8175 5100 9225 5400
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 8175 5100 9225 5100 9225 5400 8175 5400 8175 5100
+4 0 0 50 -1 0 12 0.0000 4 135 885 8250 5325 EAP-PEAP\001
+-6
+6 9300 5100 10350 5400
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 9300 5100 10350 5100 10350 5400 9300 5400 9300 5100
+4 0 0 50 -1 0 12 0.0000 4 135 840 9375 5325 EAP-TTLS\001
+-6
+6 8175 5475 9225 5775
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 8175 5475 9225 5475 9225 5775 8175 5775 8175 5475
+4 0 0 50 -1 0 12 0.0000 4 135 780 8250 5700 EAP-GTC\001
+-6
+6 8175 5850 9225 6150
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 8175 5850 9225 5850 9225 6150 8175 6150 8175 5850
+4 0 0 50 -1 0 12 0.0000 4 135 750 8250 6075 EAP-SIM\001
+-6
+6 8175 6225 9225 6525
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 8175 6225 9225 6225 9225 6525 8175 6525 8175 6225
+4 0 0 50 -1 0 12 0.0000 4 135 765 8250 6450 EAP-PSK\001
+-6
+6 9300 5850 10350 6150
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 9300 5850 10350 5850 10350 6150 9300 6150 9300 5850
+4 0 0 50 -1 0 12 0.0000 4 135 825 9375 6075 EAP-AKA\001
+-6
+6 9300 5475 10350 5775
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 9300 5475 10350 5475 10350 5775 9300 5775 9300 5475
+4 0 0 50 -1 0 12 0.0000 4 135 795 9375 5700 EAP-PAX\001
+-6
+6 8175 6600 9675 6900
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 8175 6600 9675 6600 9675 6900 8175 6900 8175 6600
+4 0 0 50 -1 0 12 0.0000 4 135 1365 8250 6825 EAP-MSCHAPv2\001
+-6
+6 8700 3450 9375 3750
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 8700 3450 9375 3450 9375 3750 8700 3750 8700 3450
+4 0 0 50 -1 0 12 0.0000 4 150 480 8775 3675 crypto\001
+-6
+6 9600 3450 10275 3750
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 9600 3450 10275 3450 10275 3750 9600 3750 9600 3450
+4 0 0 50 -1 0 12 0.0000 4 135 315 9750 3675 TLS\001
+-6
+6 6000 5775 7200 6300
+6 6000 5775 7200 6300
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 6000 5775 7200 5775 7200 6300 6000 6300 6000 5775
+4 0 0 50 -1 0 12 0.0000 4 135 690 6075 6000 RADIUS\001
+-6
+4 0 0 50 -1 0 12 0.0000 4 90 480 6075 6225 server\001
+-6
+6 8100 2250 8925 2775
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 8100 2250 8925 2250 8925 2775 8100 2775 8100 2250
+4 0 0 50 -1 0 12 0.0000 4 135 690 8175 2475 RADIUS\001
+4 0 0 50 -1 0 12 0.0000 4 135 420 8175 2700 client\001
+-6
+6 3150 5475 4425 5775
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 3150 5475 4425 5475 4425 5775 3150 5775 3150 5475
+4 0 0 50 -1 0 12 0.0000 4 135 990 3300 5700 driver events\001
+-6
+6 1950 5550 2625 6075
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 1950 5550 2625 5550 2625 6075 1950 6075 1950 5550
+4 0 0 50 -1 0 12 0.0000 4 135 540 2025 5775 Station\001
+4 0 0 50 -1 0 12 0.0000 4 135 375 2025 6000 table\001
+-6
+6 1875 4725 2925 5250
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 1875 4725 2925 4725 2925 5250 1875 5250 1875 4725
+4 0 0 50 -1 0 12 0.0000 4 135 960 1950 4950 IEEE 802.11\001
+4 0 0 50 -1 0 12 0.0000 4 135 555 1950 5175 MLME\001
+-6
+2 1 1 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
+	 1275 4200 1875 4200
+2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
+	 4500 2550 3900 1500
+2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
+	 4800 2550 5400 1500
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 2925 4200 4350 4200
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 5025 3900 6000 3000
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 5025 4200 6000 4200
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 4650 6000 4650 4425
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 6600 4425 6600 4950
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 6600 3225 6600 3900
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 7200 5250 8100 5250
+2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 9075 4425 9075 3750
+2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 7200 3000 8700 3525
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 4650 3900 4650 2850
+2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 7200 4125 8700 3675
+2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 6000 4350 5025 6000
+2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 6000 3150 4875 6000
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 1500 2100 10800 2100 10800 7500 1500 7500 1500 2100
+2 1 0 1 2 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 9900 4425 9900 3750
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 1
+	 4350 3900
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 4350 3900 4050 3450
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 4350 4425 4050 5475
+2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
+	 2250 7200 4200 7800
+2 1 1 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 2
+	 7200 7200 5100 7800
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 2775 6900 3675 6900 3675 7200 2775 7200 2775 6900
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 3750 6900 4650 6900 4650 7200 3750 7200 3750 6900
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 4
+	 2250 6900 2250 6600 7200 6600 7200 6900
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 3225 6900 3225 6600
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 4200 6900 4200 6600
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 5175 6900 5175 6600
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 6150 6900 6150 6600
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 4650 6600 4650 6300
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 1800 6900 2700 6900 2700 7200 1800 7200 1800 6900
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 4725 6900 5625 6900 5625 7200 4725 7200 4725 6900
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 5700 6900 6600 6900 6600 7200 5700 7200 5700 6900
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 6675 6900 7800 6900 7800 7200 6675 7200 6675 6900
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 8100 6975 10425 6975 10425 4425 8100 4425 8100 6975
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 6600 5475 6600 5775
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 5025 4425 6000 5775
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 3
+	 4800 3900 5925 2550 8100 2550
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 7200 3900 8475 2775
+2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
+	 9450 2250 10425 2250 10425 2775 9450 2775 9450 2250
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 8925 2475 9450 2475
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 2325 5550 2325 5250
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
+	 2925 4950 4350 4275
+2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 3
+	 2850 4725 5775 2400 8100 2400
+4 0 0 50 -1 0 12 0.0000 4 135 915 375 3975 EAPOL and\001
+4 0 0 50 -1 0 12 0.0000 4 180 630 375 4200 pre-auth\001
+4 0 0 50 -1 0 12 0.0000 4 180 810 375 4425 ethertypes\001
+4 0 0 50 -1 0 12 0.0000 4 135 1050 375 4650 from/to kernel\001
+4 0 0 50 -1 0 12 0.0000 4 135 1920 3675 1875 frontend control interface\001
+4 0 0 50 -1 2 14 0.0000 4 195 720 1637 2371 hostapd\001
+4 0 0 50 -1 0 12 0.0000 4 180 600 3825 7125 prism54\001
+4 0 0 50 -1 0 12 0.0000 4 180 510 1875 7125 hostap\001
+4 0 0 50 -1 0 12 0.0000 4 135 600 2850 7125 madwifi\001
+4 0 0 50 -1 0 12 0.0000 4 135 270 4800 7125 bsd\001
+4 0 0 50 -1 0 12 0.0000 4 105 300 6750 7125 test\001
+4 0 0 50 -1 0 12 0.0000 4 135 420 5775 7125 wired\001
+4 0 0 50 -1 0 12 0.0000 4 135 1050 8700 4650 EAP methods\001
+4 0 0 50 -1 0 12 0.0000 4 135 690 9525 2475 RADIUS\001
+4 0 0 50 -1 0 12 0.0000 4 180 825 9525 2700 accounting\001

hostapd/doc/kerneldoc2doxygen.pl

@@ -0,0 +1,129 @@
+#!/usr/bin/perl -w
+#
+##########################################################################
+# Convert kernel-doc style comments to Doxygen comments.
+##########################################################################
+#
+# This script reads a C source file from stdin, and writes
+# to stdout.  Normal usage:
+#
+# $ mv file.c file.c.gtkdoc
+# $ kerneldoc2doxygen.pl <file.c.gtkdoc >file.c
+#
+# Or to do the same thing with multiple files:
+# $ perl -i.gtkdoc kerneldoc2doxygen.pl *.c *.h
+#
+# This script may also be suitable for use as a Doxygen input filter,
+# but that has not been tested.
+#
+# Back up your source files before using this script!!
+#
+##########################################################################
+# Copyright (C) 2003 Jonathan Foster <jon@jon-foster.co.uk>
+# Copyright (C) 2005 Jouni Malinen <j@w1.fi>
+# (modified for kerneldoc format used in wpa_supplicant)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# or look at http://www.gnu.org/licenses/gpl.html
+##########################################################################
+
+
+##########################################################################
+#
+# This function converts a single comment from gtk-doc to Doxygen format.
+# The parameter does not include the opening or closing lines
+# (i.e. given a comment like this:
+#    "/**\n"
+#    " * FunctionName:\n"
+#    " * @foo: This describes the foo parameter\n"
+#    " * @bar: This describes the bar parameter\n"
+#    " * @Returns: This describes the return value\n"
+#    " *\n"
+#    " * This describes the function.\n"
+#    " */\n"
+# This function gets:
+#    " * FunctionName:\n"
+#    " * @foo: This describes the foo parameter\n"
+#    " * @bar: This describes the bar parameter\n"
+#    " * @Returns: This describes the return value\n"
+#    " *\n"
+#    " * This describes the function.\n"
+# And it returns:
+#    " * This describes the function.\n"
+#    " *\n"
+#    " * @param foo This describes the foo parameter\n"
+#    " * @param bar This describes the bar parameter\n"
+#    " * @return This describes the return value\n"
+# )
+#
+sub fixcomment {
+    $t = $_[0];
+
+    # " * func: foo" --> "\brief foo\n"
+    # " * struct bar: foo" --> "\brief foo\n"
+    # If this fails, not a kernel-doc comment ==> return unmodified.
+    ($t =~ s/^[\t ]*\*[\t ]*(struct )?([^ \t\n]*) - ([^\n]*)/\\brief $3\n/s)
+      or return $t;
+
+    # " * Returns: foo" --> "\return foo"
+    $t =~ s/\n[\t ]*\*[\t ]*Returns:/\n\\return/sig;
+
+    # " * @foo: bar" --> "\param foo bar"
+    # Handle two common typos: No ":", or "," instead of ":".
+    $t =~ s/\n[\t ]*\*[\t ]*\@([^ :,]*)[:,]?[\t ]*/\n\\param $1 /sg;
+
+    return $t;
+}
+
+##########################################################################
+# Start of main code
+
+# Read entire stdin into memory - one multi-line string.
+$_ = do { local $/; <> };
+
+s{^/\*\n \*}{/\*\* \\file\n\\brief};
+s{ \* Copyright}{\\par Copyright\nCopyright};
+
+# Fix any comments like "/*************" so they don't match.
+# "/***" ===> "/* *"
+s{/\*\*\*}{/\* \*}gs;
+
+# The main comment-detection code.
+s{
+    (               # $1 = Open comment
+        /\*\*       # Open comment
+        (?!\*)      # Do not match /*** (redundant due to fixup above).
+        [\t ]*\n?   # If 1st line is whitespace, match the lot (including the newline).
+    )
+    (.*?)           # $2 = Body of comment (multi-line)
+    (               # $3 = Close comment
+        (           # If possible, match the whitespace before the close-comment
+            (?<=\n) # This part only matches after a newline
+            [\t ]*  # Eat whitespace
+        )?
+        \*/         # Close comment
+    )
+ }
+ {
+    $1 . fixcomment($2) . $3
+ }gesx;
+# ^^^^ Modes: g - Global, match all occurances.
+#             e - Evaluate the replacement as an expression.
+#             s - Single-line - allows the pattern to match across newlines.
+#             x - eXtended pattern, ignore embedded whitespace
+#                 and allow comments.
+
+# Write results to stdout
+print $_;
+

hostapd/doc/mainpage.doxygen

@@ -0,0 +1,52 @@
+/**
+\mainpage Developers' documentation for hostapd
+
+hostapd includes IEEE 802.11 access point management (authentication /
+association), IEEE 802.1X/WPA/WPA2 Authenticator, EAP server, and
+RADIUS authentication server functionality. It can be build with
+various configuration option, e.g., a standalone AP management
+solution or a RADIUS authentication server with support for number of
+EAP methods.
+
+The goal of this documentation and comments in the source code is to
+give enough information for other developers to understand how hostapd
+has been implemented, how it can be modified, how new drivers can be
+supported, and how hostapd can be ported to other operating
+systems. If any information is missing, feel free to contact Jouni
+Malinen <j@w1.fi> for more information. Contributions as
+patch files are also very welcome at the same address. Please note
+that hostapd is licensed under dual license, GPLv2 or BSD at user's
+choice. All contributions to hostapd are expected to use compatible
+licensing terms.
+
+The source code and read-only access to hostapd CVS repository
+is available from the project home page at
+http://hostap.epitest.fi/hostapd/. This developers' documentation
+is also available as a PDF file from
+http://hostap.epitest.fi/hostapd/hostapd-devel.pdf .
+
+The design goal for hostapd was to use hardware, driver, and
+OS independent, portable C code for all WPA functionality. The source
+code is divided into separate C files as shown on the \ref
+code_structure "code structure page". All hardware/driver specific
+functionality is in separate files that implement a \ref
+driver_wrapper "well-defined driver API". Information about porting
+to different target boards and operating systems is available on
+the \ref porting "porting page".
+
+EAPOL (IEEE 802.1X) state machines are implemented as a separate
+module that interacts with \ref eap_module "EAP server implementation".
+Similarly, RADIUS authentication server is in its own separate module.
+Both IEEE 802.1X and RADIUS authentication server can use EAP server
+functionality.
+
+hostapd implements a \ref ctrl_iface_page "control interface" that can
+be used by external programs to control the operations of the hostapdt
+daemon and to get status information and event notifications. There is
+a small C library that provides helper functions to facilitate the use
+of the control interface. This library can also be used with C++.
+
+\image html hostapd.png "hostapd modules"
+\image latex hostapd.eps "hostapd modules" width=15cm
+
+*/

hostapd/doc/porting.doxygen

@@ -0,0 +1,5 @@
+/**
+\page porting Porting to different target boards and operating systems
+
+
+*/

hostapd/driver.h

@@ -0,0 +1,681 @@
+/*
+ * hostapd - driver interface definition
+ * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef DRIVER_H
+#define DRIVER_H
+
+enum hostapd_driver_if_type {
+	HOSTAPD_IF_VLAN, HOSTAPD_IF_WDS
+};
+
+struct wpa_driver_ops {
+	const char *name;		/* as appears in the config file */
+
+	void * (*init)(struct hostapd_data *hapd);
+	void * (*init_bssid)(struct hostapd_data *hapd, const u8 *bssid);
+	void (*deinit)(void *priv);
+
+	int (*wireless_event_init)(void *priv);
+	void (*wireless_event_deinit)(void *priv);
+
+	/**
+	 * set_8021x - enable/disable IEEE 802.1X support
+	 * @ifname: Interface name (for multi-SSID/VLAN support)
+	 * @priv: driver private data
+	 * @enabled: 1 = enable, 0 = disable
+	 *
+	 * Returns: 0 on success, -1 on failure
+	 *
+	 * Configure the kernel driver to enable/disable 802.1X support.
+	 * This may be an empty function if 802.1X support is always enabled.
+	 */
+	int (*set_ieee8021x)(const char *ifname, void *priv, int enabled);
+
+	/**
+	 * set_privacy - enable/disable privacy
+	 * @priv: driver private data
+	 * @enabled: 1 = privacy enabled, 0 = disabled
+	 *
+	 * Return: 0 on success, -1 on failure
+	 *
+	 * Configure privacy.
+	 */
+	int (*set_privacy)(const char *ifname, void *priv, int enabled);
+
+	int (*set_encryption)(const char *ifname, void *priv, const char *alg,
+			      const u8 *addr, int idx,
+			      const u8 *key, size_t key_len, int txkey);
+	int (*get_seqnum)(const char *ifname, void *priv, const u8 *addr,
+			  int idx, u8 *seq);
+	int (*get_seqnum_igtk)(const char *ifname, void *priv, const u8 *addr,
+			       int idx, u8 *seq);
+	int (*flush)(void *priv);
+	int (*set_generic_elem)(const char *ifname, void *priv, const u8 *elem,
+				size_t elem_len);
+
+	int (*read_sta_data)(void *priv, struct hostap_sta_driver_data *data,
+			     const u8 *addr);
+	int (*send_eapol)(void *priv, const u8 *addr, const u8 *data,
+			  size_t data_len, int encrypt, const u8 *own_addr);
+	int (*sta_deauth)(void *priv, const u8 *addr, int reason);
+	int (*sta_disassoc)(void *priv, const u8 *addr, int reason);
+	int (*sta_remove)(void *priv, const u8 *addr);
+	int (*get_ssid)(const char *ifname, void *priv, u8 *buf, int len);
+	int (*set_ssid)(const char *ifname, void *priv, const u8 *buf,
+			int len);
+	int (*set_countermeasures)(void *priv, int enabled);
+	int (*send_mgmt_frame)(void *priv, const void *msg, size_t len,
+			       int flags);
+	int (*set_assoc_ap)(void *priv, const u8 *addr);
+	int (*sta_add)(const char *ifname, void *priv, const u8 *addr, u16 aid,
+		       u16 capability, u8 *supp_rates, size_t supp_rates_len,
+		       int flags);
+	int (*get_inact_sec)(void *priv, const u8 *addr);
+	int (*sta_clear_stats)(void *priv, const u8 *addr);
+
+	int (*set_freq)(void *priv, int mode, int freq);
+	int (*set_rts)(void *priv, int rts);
+	int (*get_rts)(void *priv, int *rts);
+	int (*set_frag)(void *priv, int frag);
+	int (*get_frag)(void *priv, int *frag);
+	int (*set_retry)(void *priv, int short_retry, int long_retry);
+	int (*get_retry)(void *priv, int *short_retry, int *long_retry);
+
+	int (*sta_set_flags)(void *priv, const u8 *addr,
+			     int total_flags, int flags_or, int flags_and);
+	int (*set_rate_sets)(void *priv, int *supp_rates, int *basic_rates,
+			     int mode);
+	int (*set_channel_flag)(void *priv, int mode, int chan, int flag,
+				unsigned char power_level,
+				unsigned char antenna_max);
+	int (*set_regulatory_domain)(void *priv, unsigned int rd);
+	int (*set_country)(void *priv, const char *country);
+	int (*set_ieee80211d)(void *priv, int enabled);
+	int (*set_beacon)(const char *ifname, void *priv,
+			  u8 *head, size_t head_len,
+			  u8 *tail, size_t tail_len);
+
+	/* Configure internal bridge:
+	 * 0 = disabled, i.e., client separation is enabled (no bridging of
+	 *     packets between associated STAs
+	 * 1 = enabled, i.e., bridge packets between associated STAs (default)
+	 */
+	int (*set_internal_bridge)(void *priv, int value);
+	int (*set_beacon_int)(void *priv, int value);
+	int (*set_dtim_period)(const char *ifname, void *priv, int value);
+	/* Configure broadcast SSID mode:
+	 * 0 = include SSID in Beacon frames and reply to Probe Request frames
+	 *     that use broadcast SSID
+	 * 1 = hide SSID from Beacon frames and ignore Probe Request frames for
+	 *     broadcast SSID
+	 */
+	int (*set_broadcast_ssid)(void *priv, int value);
+	int (*set_cts_protect)(void *priv, int value);
+	int (*set_key_tx_rx_threshold)(void *priv, int value);
+	int (*set_preamble)(void *priv, int value);
+	int (*set_short_slot_time)(void *priv, int value);
+	int (*set_tx_queue_params)(void *priv, int queue, int aifs, int cw_min,
+				   int cw_max, int burst_time);
+	int (*bss_add)(void *priv, const char *ifname, const u8 *bssid);
+	int (*bss_remove)(void *priv, const char *ifname);
+	int (*valid_bss_mask)(void *priv, const u8 *addr, const u8 *mask);
+	int (*passive_scan)(void *priv, int now, int our_mode_only,
+			    int interval, int _listen, int *channel,
+			    int *last_rx);
+	struct hostapd_hw_modes * (*get_hw_feature_data)(void *priv,
+							 u16 *num_modes,
+							 u16 *flags);
+	int (*if_add)(const char *iface, void *priv,
+		      enum hostapd_driver_if_type type, char *ifname,
+		      const u8 *addr);
+	int (*if_update)(void *priv, enum hostapd_driver_if_type type,
+			 char *ifname, const u8 *addr);
+	int (*if_remove)(void *priv, enum hostapd_driver_if_type type,
+			 const char *ifname, const u8 *addr);
+	int (*set_sta_vlan)(void *priv, const u8 *addr, const char *ifname,
+			    int vlan_id);
+	/**
+	 * commit - Optional commit changes handler
+	 * @priv: driver private data
+	 * Returns: 0 on success, -1 on failure
+	 *
+	 * This optional handler function can be registered if the driver
+	 * interface implementation needs to commit changes (e.g., by setting
+	 * network interface up) at the end of initial configuration. If set,
+	 * this handler will be called after initial setup has been completed.
+	 */
+	int (*commit)(void *priv);
+
+	int (*send_ether)(void *priv, const u8 *dst, const u8 *src, u16 proto,
+			  const u8 *data, size_t data_len);
+};
+
+static inline void *
+hostapd_driver_init(struct hostapd_data *hapd)
+{
+	if (hapd->driver == NULL || hapd->driver->init == NULL)
+		return NULL;
+	return hapd->driver->init(hapd);
+}
+
+static inline void *
+hostapd_driver_init_bssid(struct hostapd_data *hapd, const u8 *bssid)
+{
+	if (hapd->driver == NULL || hapd->driver->init_bssid == NULL)
+		return NULL;
+	return hapd->driver->init_bssid(hapd, bssid);
+}
+
+static inline void
+hostapd_driver_deinit(struct hostapd_data *hapd)
+{
+	if (hapd->driver == NULL || hapd->driver->deinit == NULL)
+		return;
+	hapd->driver->deinit(hapd->drv_priv);
+}
+
+static inline int
+hostapd_wireless_event_init(struct hostapd_data *hapd)
+{
+	if (hapd->driver == NULL ||
+	    hapd->driver->wireless_event_init == NULL)
+		return 0;
+	return hapd->driver->wireless_event_init(hapd->drv_priv);
+}
+
+static inline void
+hostapd_wireless_event_deinit(struct hostapd_data *hapd)
+{
+	if (hapd->driver == NULL ||
+	    hapd->driver->wireless_event_deinit == NULL)
+		return;
+	hapd->driver->wireless_event_deinit(hapd->drv_priv);
+}
+
+static inline int
+hostapd_set_ieee8021x(const char *ifname, struct hostapd_data *hapd,
+		      int enabled)
+{
+	if (hapd->driver == NULL || hapd->driver->set_ieee8021x == NULL)
+		return 0;
+	return hapd->driver->set_ieee8021x(ifname, hapd->drv_priv, enabled);
+}
+
+static inline int
+hostapd_set_privacy(struct hostapd_data *hapd, int enabled)
+{
+	if (hapd->driver == NULL || hapd->driver->set_privacy == NULL)
+		return 0;
+	return hapd->driver->set_privacy(hapd->conf->iface, hapd->drv_priv,
+					 enabled);
+}
+
+static inline int
+hostapd_set_encryption(const char *ifname, struct hostapd_data *hapd,
+		       const char *alg, const u8 *addr, int idx,
+		       u8 *key, size_t key_len, int txkey)
+{
+	if (hapd->driver == NULL || hapd->driver->set_encryption == NULL)
+		return 0;
+	return hapd->driver->set_encryption(ifname, hapd->drv_priv, alg, addr,
+					    idx, key, key_len, txkey);
+}
+
+static inline int
+hostapd_get_seqnum(const char *ifname, struct hostapd_data *hapd,
+		   const u8 *addr, int idx, u8 *seq)
+{
+	if (hapd->driver == NULL || hapd->driver->get_seqnum == NULL)
+		return 0;
+	return hapd->driver->get_seqnum(ifname, hapd->drv_priv, addr, idx,
+					seq);
+}
+
+static inline int
+hostapd_get_seqnum_igtk(const char *ifname, struct hostapd_data *hapd,
+			const u8 *addr, int idx, u8 *seq)
+{
+	if (hapd->driver == NULL || hapd->driver->get_seqnum_igtk == NULL)
+		return -1;
+	return hapd->driver->get_seqnum_igtk(ifname, hapd->drv_priv, addr, idx,
+					     seq);
+}
+
+static inline int
+hostapd_flush(struct hostapd_data *hapd)
+{
+	if (hapd->driver == NULL || hapd->driver->flush == NULL)
+		return 0;
+	return hapd->driver->flush(hapd->drv_priv);
+}
+
+static inline int
+hostapd_set_generic_elem(struct hostapd_data *hapd, const u8 *elem,
+			 size_t elem_len)
+{
+	if (hapd->driver == NULL || hapd->driver->set_generic_elem == NULL)
+		return 0;
+	return hapd->driver->set_generic_elem(hapd->conf->iface,
+					      hapd->drv_priv, elem, elem_len);
+}
+
+static inline int
+hostapd_read_sta_data(struct hostapd_data *hapd,
+		      struct hostap_sta_driver_data *data, const u8 *addr)
+{
+	if (hapd->driver == NULL || hapd->driver->read_sta_data == NULL)
+		return -1;
+	return hapd->driver->read_sta_data(hapd->drv_priv, data, addr);
+}
+
+static inline int
+hostapd_send_eapol(struct hostapd_data *hapd, const u8 *addr, const u8 *data,
+		   size_t data_len, int encrypt)
+{
+	if (hapd->driver == NULL || hapd->driver->send_eapol == NULL)
+		return 0;
+	return hapd->driver->send_eapol(hapd->drv_priv, addr, data, data_len,
+					encrypt, hapd->own_addr);
+}
+
+static inline int
+hostapd_sta_deauth(struct hostapd_data *hapd, const u8 *addr, int reason)
+{
+	if (hapd->driver == NULL || hapd->driver->sta_deauth == NULL)
+		return 0;
+	return hapd->driver->sta_deauth(hapd->drv_priv, addr, reason);
+}
+
+static inline int
+hostapd_sta_disassoc(struct hostapd_data *hapd, const u8 *addr, int reason)
+{
+	if (hapd->driver == NULL || hapd->driver->sta_disassoc == NULL)
+		return 0;
+	return hapd->driver->sta_disassoc(hapd->drv_priv, addr, reason);
+}
+
+static inline int
+hostapd_sta_remove(struct hostapd_data *hapd, const u8 *addr)
+{
+	if (hapd->driver == NULL || hapd->driver->sta_remove == NULL)
+		return 0;
+	return hapd->driver->sta_remove(hapd->drv_priv, addr);
+}
+
+static inline int
+hostapd_get_ssid(struct hostapd_data *hapd, u8 *buf, size_t len)
+{
+	if (hapd->driver == NULL || hapd->driver->get_ssid == NULL)
+		return 0;
+	return hapd->driver->get_ssid(hapd->conf->iface, hapd->drv_priv, buf,
+				      len);
+}
+
+static inline int
+hostapd_set_ssid(struct hostapd_data *hapd, const u8 *buf, size_t len)
+{
+	if (hapd->driver == NULL || hapd->driver->set_ssid == NULL)
+		return 0;
+	return hapd->driver->set_ssid(hapd->conf->iface, hapd->drv_priv, buf,
+				      len);
+}
+
+static inline int
+hostapd_send_mgmt_frame(struct hostapd_data *hapd, const void *msg, size_t len,
+			int flags)
+{
+	if (hapd->driver == NULL || hapd->driver->send_mgmt_frame == NULL)
+		return 0;
+	return hapd->driver->send_mgmt_frame(hapd->drv_priv, msg, len, flags);
+}
+
+static inline int
+hostapd_set_assoc_ap(struct hostapd_data *hapd, const u8 *addr)
+{
+	if (hapd->driver == NULL || hapd->driver->set_assoc_ap == NULL)
+		return 0;
+	return hapd->driver->set_assoc_ap(hapd->drv_priv, addr);
+}
+
+static inline int
+hostapd_set_countermeasures(struct hostapd_data *hapd, int enabled)
+{
+	if (hapd->driver == NULL || hapd->driver->set_countermeasures == NULL)
+		return 0;
+	return hapd->driver->set_countermeasures(hapd->drv_priv, enabled);
+}
+
+static inline int
+hostapd_sta_add(const char *ifname, struct hostapd_data *hapd, const u8 *addr,
+		u16 aid, u16 capability, u8 *supp_rates, size_t supp_rates_len,
+		int flags)
+{
+	if (hapd->driver == NULL || hapd->driver->sta_add == NULL)
+		return 0;
+	return hapd->driver->sta_add(ifname, hapd->drv_priv, addr, aid,
+				     capability, supp_rates, supp_rates_len,
+				     flags);
+}
+
+static inline int
+hostapd_get_inact_sec(struct hostapd_data *hapd, const u8 *addr)
+{
+	if (hapd->driver == NULL || hapd->driver->get_inact_sec == NULL)
+		return 0;
+	return hapd->driver->get_inact_sec(hapd->drv_priv, addr);
+}
+
+static inline int
+hostapd_set_freq(struct hostapd_data *hapd, int mode, int freq)
+{
+	if (hapd->driver == NULL || hapd->driver->set_freq == NULL)
+		return 0;
+	return hapd->driver->set_freq(hapd->drv_priv, mode, freq);
+}
+
+static inline int
+hostapd_set_rts(struct hostapd_data *hapd, int rts)
+{
+	if (hapd->driver == NULL || hapd->driver->set_rts == NULL)
+		return 0;
+	return hapd->driver->set_rts(hapd->drv_priv, rts);
+}
+
+static inline int
+hostapd_get_rts(struct hostapd_data *hapd, int *rts)
+{
+	if (hapd->driver == NULL || hapd->driver->get_rts == NULL)
+		return 0;
+	return hapd->driver->get_rts(hapd->drv_priv, rts);
+}
+
+static inline int
+hostapd_set_frag(struct hostapd_data *hapd, int frag)
+{
+	if (hapd->driver == NULL || hapd->driver->set_frag == NULL)
+		return 0;
+	return hapd->driver->set_frag(hapd->drv_priv, frag);
+}
+
+static inline int
+hostapd_get_frag(struct hostapd_data *hapd, int *frag)
+{
+	if (hapd->driver == NULL || hapd->driver->get_frag == NULL)
+		return 0;
+	return hapd->driver->get_frag(hapd->drv_priv, frag);
+}
+
+static inline int
+hostapd_set_retry(struct hostapd_data *hapd, int short_retry, int long_retry)
+{
+	if (hapd->driver == NULL || hapd->driver->set_retry == NULL)
+		return 0;
+	return hapd->driver->set_retry(hapd->drv_priv, short_retry,
+				       long_retry);
+}
+
+static inline int
+hostapd_get_retry(struct hostapd_data *hapd, int *short_retry, int *long_retry)
+{
+	if (hapd->driver == NULL || hapd->driver->get_retry == NULL)
+		return 0;
+	return hapd->driver->get_retry(hapd->drv_priv, short_retry,
+				       long_retry);
+}
+
+static inline int
+hostapd_sta_set_flags(struct hostapd_data *hapd, u8 *addr,
+		      int total_flags, int flags_or, int flags_and)
+{
+	if (hapd->driver == NULL || hapd->driver->sta_set_flags == NULL)
+		return 0;
+	return hapd->driver->sta_set_flags(hapd->drv_priv, addr, total_flags,
+					   flags_or, flags_and);
+}
+
+static inline int
+hostapd_set_rate_sets(struct hostapd_data *hapd, int *supp_rates,
+		      int *basic_rates, int mode)
+{
+	if (hapd->driver == NULL || hapd->driver->set_rate_sets == NULL)
+		return 0;
+	return hapd->driver->set_rate_sets(hapd->drv_priv, supp_rates,
+					   basic_rates, mode);
+}
+
+static inline int
+hostapd_set_channel_flag(struct hostapd_data *hapd, int mode, int chan,
+			 int flag, unsigned char power_level,
+			 unsigned char antenna_max)
+{
+	if (hapd->driver == NULL || hapd->driver->set_channel_flag == NULL)
+		return 0;
+	return hapd->driver->set_channel_flag(hapd->drv_priv, mode, chan, flag,
+					      power_level, antenna_max);
+}
+
+static inline int
+hostapd_set_regulatory_domain(struct hostapd_data *hapd, unsigned int rd)
+{
+	if (hapd->driver == NULL ||
+	    hapd->driver->set_regulatory_domain == NULL)
+		return 0;
+	return hapd->driver->set_regulatory_domain(hapd->drv_priv, rd);
+}
+
+static inline int
+hostapd_set_country(struct hostapd_data *hapd, const char *country)
+{
+	if (hapd->driver == NULL ||
+	    hapd->driver->set_country == NULL)
+		return 0;
+	return hapd->driver->set_country(hapd->drv_priv, country);
+}
+
+static inline int
+hostapd_set_ieee80211d(struct hostapd_data *hapd, int enabled)
+{
+	if (hapd->driver == NULL ||
+	    hapd->driver->set_ieee80211d == NULL)
+		return 0;
+	return hapd->driver->set_ieee80211d(hapd->drv_priv, enabled);
+}
+
+static inline int
+hostapd_sta_clear_stats(struct hostapd_data *hapd, const u8 *addr)
+{
+	if (hapd->driver == NULL || hapd->driver->sta_clear_stats == NULL)
+		return 0;
+	return hapd->driver->sta_clear_stats(hapd->drv_priv, addr);
+}
+
+static inline int
+hostapd_set_beacon(const char *ifname, struct hostapd_data *hapd,
+		   u8 *head, size_t head_len,
+		   u8 *tail, size_t tail_len)
+{
+	if (hapd->driver == NULL || hapd->driver->set_beacon == NULL)
+		return 0;
+	return hapd->driver->set_beacon(ifname, hapd->drv_priv, head, head_len,
+					tail, tail_len);
+}
+
+static inline int
+hostapd_set_internal_bridge(struct hostapd_data *hapd, int value)
+{
+	if (hapd->driver == NULL || hapd->driver->set_internal_bridge == NULL)
+		return 0;
+	return hapd->driver->set_internal_bridge(hapd->drv_priv, value);
+}
+
+static inline int
+hostapd_set_beacon_int(struct hostapd_data *hapd, int value)
+{
+	if (hapd->driver == NULL || hapd->driver->set_beacon_int == NULL)
+		return 0;
+	return hapd->driver->set_beacon_int(hapd->drv_priv, value);
+}
+
+static inline int
+hostapd_set_dtim_period(struct hostapd_data *hapd, int value)
+{
+	if (hapd->driver == NULL || hapd->driver->set_dtim_period == NULL)
+		return 0;
+	return hapd->driver->set_dtim_period(hapd->conf->iface, hapd->drv_priv,
+					     value);
+}
+
+static inline int
+hostapd_set_broadcast_ssid(struct hostapd_data *hapd, int value)
+{
+	if (hapd->driver == NULL || hapd->driver->set_broadcast_ssid == NULL)
+		return 0;
+	return hapd->driver->set_broadcast_ssid(hapd->drv_priv, value);
+}
+
+static inline int
+hostapd_set_cts_protect(struct hostapd_data *hapd, int value)
+{
+	if (hapd->driver == NULL || hapd->driver->set_cts_protect == NULL)
+		return 0;
+	return hapd->driver->set_cts_protect(hapd->drv_priv, value);
+}
+
+static inline int
+hostapd_set_key_tx_rx_threshold(struct hostapd_data *hapd, int value)
+{
+	if (hapd->driver == NULL ||
+	    hapd->driver->set_key_tx_rx_threshold == NULL)
+		return 0;
+	return hapd->driver->set_key_tx_rx_threshold(hapd->drv_priv, value);
+}
+
+static inline int
+hostapd_set_preamble(struct hostapd_data *hapd, int value)
+{
+	if (hapd->driver == NULL || hapd->driver->set_preamble == NULL)
+		return 0;
+	return hapd->driver->set_preamble(hapd->drv_priv, value);
+}
+
+static inline int
+hostapd_set_short_slot_time(struct hostapd_data *hapd, int value)
+{
+	if (hapd->driver == NULL || hapd->driver->set_short_slot_time == NULL)
+		return 0;
+	return hapd->driver->set_short_slot_time(hapd->drv_priv, value);
+}
+
+static inline int
+hostapd_set_tx_queue_params(struct hostapd_data *hapd, int queue, int aifs,
+			    int cw_min, int cw_max, int burst_time)
+{
+	if (hapd->driver == NULL || hapd->driver->set_tx_queue_params == NULL)
+		return 0;
+	return hapd->driver->set_tx_queue_params(hapd->drv_priv, queue, aifs,
+						 cw_min, cw_max, burst_time);
+}
+
+static inline int
+hostapd_bss_add(struct hostapd_data *hapd, const char *ifname, const u8 *bssid)
+{
+	if (hapd->driver == NULL || hapd->driver->bss_add == NULL)
+		return 0;
+	return hapd->driver->bss_add(hapd->drv_priv, ifname, bssid);
+}
+
+static inline int
+hostapd_bss_remove(struct hostapd_data *hapd, const char *ifname)
+{
+	if (hapd->driver == NULL || hapd->driver->bss_remove == NULL)
+		return 0;
+	return hapd->driver->bss_remove(hapd->drv_priv, ifname);
+}
+
+static inline int
+hostapd_valid_bss_mask(struct hostapd_data *hapd, const u8 *addr,
+		       const u8 *mask)
+{
+	if (hapd->driver == NULL || hapd->driver->valid_bss_mask == NULL)
+		return 1;
+	return hapd->driver->valid_bss_mask(hapd->drv_priv, addr, mask);
+}
+
+static inline int
+hostapd_if_add(struct hostapd_data *hapd, enum hostapd_driver_if_type type,
+	       char *ifname, const u8 *addr)
+{
+	if (hapd->driver == NULL || hapd->driver->if_add == NULL)
+		return -1;
+	return hapd->driver->if_add(hapd->conf->iface, hapd->drv_priv, type,
+				    ifname, addr);
+}
+
+static inline int
+hostapd_if_update(struct hostapd_data *hapd, enum hostapd_driver_if_type type,
+		  char *ifname, const u8 *addr)
+{
+	if (hapd->driver == NULL || hapd->driver->if_update == NULL)
+		return -1;
+	return hapd->driver->if_update(hapd->drv_priv, type, ifname, addr);
+}
+
+static inline int
+hostapd_if_remove(struct hostapd_data *hapd, enum hostapd_driver_if_type type,
+		  char *ifname, const u8 *addr)
+{
+	if (hapd->driver == NULL || hapd->driver->if_remove == NULL)
+		return -1;
+	return hapd->driver->if_remove(hapd->drv_priv, type, ifname, addr);
+}
+
+static inline int
+hostapd_passive_scan(struct hostapd_data *hapd, int now, int our_mode_only,
+		     int interval, int _listen, int *channel,
+		     int *last_rx)
+{
+	if (hapd->driver == NULL || hapd->driver->passive_scan == NULL)
+		return -1;
+	return hapd->driver->passive_scan(hapd->drv_priv, now, our_mode_only,
+					  interval, _listen, channel, last_rx);
+}
+
+static inline struct hostapd_hw_modes *
+hostapd_get_hw_feature_data(struct hostapd_data *hapd, u16 *num_modes,
+			    u16 *flags)
+{
+	if (hapd->driver == NULL || hapd->driver->get_hw_feature_data == NULL)
+		return NULL;
+	return hapd->driver->get_hw_feature_data(hapd->drv_priv, num_modes,
+						 flags);
+}
+
+static inline int
+hostapd_set_sta_vlan(const char *ifname, struct hostapd_data *hapd,
+		     const u8 *addr, int vlan_id)
+{
+	if (hapd->driver == NULL || hapd->driver->set_sta_vlan == NULL)
+		return 0;
+	return hapd->driver->set_sta_vlan(hapd->drv_priv, addr, ifname, vlan_id);
+}
+
+static inline int
+hostapd_driver_commit(struct hostapd_data *hapd)
+{
+	if (hapd->driver == NULL || hapd->driver->commit == NULL)
+		return 0;
+	return hapd->driver->commit(hapd->drv_priv);
+}
+
+#endif /* DRIVER_H */

hostapd/driver_bsd.c

@@ -0,0 +1,838 @@
+/*
+ * hostapd / Driver interaction with BSD net80211 layer
+ * Copyright (c) 2004, Sam Leffler <sam@errno.com>
+ * Copyright (c) 2004, 2Wire, Inc
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <sys/ioctl.h>
+
+#include <net/if.h>
+
+#include <net80211/ieee80211.h>
+#include <net80211/ieee80211_crypto.h>
+#include <net80211/ieee80211_ioctl.h>
+
+/*
+ * Avoid conflicts with hostapd definitions by undefining couple of defines
+ * from net80211 header files.
+ */
+#undef RSN_VERSION
+#undef WPA_VERSION
+#undef WPA_OUI_TYPE
+
+#include "hostapd.h"
+#include "driver.h"
+#include "ieee802_1x.h"
+#include "eloop.h"
+#include "sta_info.h"
+#include "l2_packet/l2_packet.h"
+
+#include "eapol_sm.h"
+#include "wpa.h"
+#include "radius/radius.h"
+#include "ieee802_11.h"
+#include "common.h"
+
+struct bsd_driver_data {
+	struct hostapd_data *hapd;		/* back pointer */
+
+	char	iface[IFNAMSIZ + 1];
+	struct l2_packet_data *sock_xmit;	/* raw packet xmit socket */
+	int	ioctl_sock;			/* socket for ioctl() use */
+	int	wext_sock;			/* socket for wireless events */
+};
+
+static int bsd_sta_deauth(void *priv, const u8 *addr, int reason_code);
+
+static int
+set80211var(struct bsd_driver_data *drv, int op, const void *arg, int arg_len)
+{
+	struct ieee80211req ireq;
+
+	memset(&ireq, 0, sizeof(ireq));
+	os_strlcpy(ireq.i_name, drv->iface, IFNAMSIZ);
+	ireq.i_type = op;
+	ireq.i_len = arg_len;
+	ireq.i_data = (void *) arg;
+
+	if (ioctl(drv->ioctl_sock, SIOCS80211, &ireq) < 0) {
+		perror("ioctl[SIOCS80211]");
+		return -1;
+	}
+	return 0;
+}
+
+static int
+get80211var(struct bsd_driver_data *drv, int op, void *arg, int arg_len)
+{
+	struct ieee80211req ireq;
+
+	memset(&ireq, 0, sizeof(ireq));
+	os_strlcpy(ireq.i_name, drv->iface, IFNAMSIZ);
+	ireq.i_type = op;
+	ireq.i_len = arg_len;
+	ireq.i_data = arg;
+
+	if (ioctl(drv->ioctl_sock, SIOCG80211, &ireq) < 0) {
+		perror("ioctl[SIOCG80211]");
+		return -1;
+	}
+	return ireq.i_len;
+}
+
+static int
+set80211param(struct bsd_driver_data *drv, int op, int arg)
+{
+	struct ieee80211req ireq;
+
+	memset(&ireq, 0, sizeof(ireq));
+	os_strlcpy(ireq.i_name, drv->iface, IFNAMSIZ);
+	ireq.i_type = op;
+	ireq.i_val = arg;
+
+	if (ioctl(drv->ioctl_sock, SIOCS80211, &ireq) < 0) {
+		perror("ioctl[SIOCS80211]");
+		return -1;
+	}
+	return 0;
+}
+
+static const char *
+ether_sprintf(const u8 *addr)
+{
+	static char buf[sizeof(MACSTR)];
+
+	if (addr != NULL)
+		snprintf(buf, sizeof(buf), MACSTR, MAC2STR(addr));
+	else
+		snprintf(buf, sizeof(buf), MACSTR, 0,0,0,0,0,0);
+	return buf;
+}
+
+/*
+ * Configure WPA parameters.
+ */
+static int
+bsd_configure_wpa(struct bsd_driver_data *drv)
+{
+	static const char *ciphernames[] =
+		{ "WEP", "TKIP", "AES-OCB", "AES-CCM", "CKIP", "NONE" };
+	struct hostapd_data *hapd = drv->hapd;
+	struct hostapd_bss_config *conf = hapd->conf;
+	int v;
+
+	switch (conf->wpa_group) {
+	case WPA_CIPHER_CCMP:
+		v = IEEE80211_CIPHER_AES_CCM;
+		break;
+	case WPA_CIPHER_TKIP:
+		v = IEEE80211_CIPHER_TKIP;
+		break;
+	case WPA_CIPHER_WEP104:
+		v = IEEE80211_CIPHER_WEP;
+		break;
+	case WPA_CIPHER_WEP40:
+		v = IEEE80211_CIPHER_WEP;
+		break;
+	case WPA_CIPHER_NONE:
+		v = IEEE80211_CIPHER_NONE;
+		break;
+	default:
+		printf("Unknown group key cipher %u\n",
+			conf->wpa_group);
+		return -1;
+	}
+	wpa_printf(MSG_DEBUG, "%s: group key cipher=%s (%u)",
+		   __func__, ciphernames[v], v);
+	if (set80211param(drv, IEEE80211_IOC_MCASTCIPHER, v)) {
+		printf("Unable to set group key cipher to %u (%s)\n",
+			v, ciphernames[v]);
+		return -1;
+	}
+	if (v == IEEE80211_CIPHER_WEP) {
+		/* key length is done only for specific ciphers */
+		v = (conf->wpa_group == WPA_CIPHER_WEP104 ? 13 : 5);
+		if (set80211param(drv, IEEE80211_IOC_MCASTKEYLEN, v)) {
+			printf("Unable to set group key length to %u\n", v);
+			return -1;
+		}
+	}
+
+	v = 0;
+	if (conf->wpa_pairwise & WPA_CIPHER_CCMP)
+		v |= 1<<IEEE80211_CIPHER_AES_CCM;
+	if (conf->wpa_pairwise & WPA_CIPHER_TKIP)
+		v |= 1<<IEEE80211_CIPHER_TKIP;
+	if (conf->wpa_pairwise & WPA_CIPHER_NONE)
+		v |= 1<<IEEE80211_CIPHER_NONE;
+	wpa_printf(MSG_DEBUG, "%s: pairwise key ciphers=0x%x", __func__, v);
+	if (set80211param(drv, IEEE80211_IOC_UCASTCIPHERS, v)) {
+		printf("Unable to set pairwise key ciphers to 0x%x\n", v);
+		return -1;
+	}
+
+	wpa_printf(MSG_DEBUG, "%s: key management algorithms=0x%x",
+		   __func__, conf->wpa_key_mgmt);
+	if (set80211param(drv, IEEE80211_IOC_KEYMGTALGS, conf->wpa_key_mgmt)) {
+		printf("Unable to set key management algorithms to 0x%x\n",
+			conf->wpa_key_mgmt);
+		return -1;
+	}
+
+	v = 0;
+	if (conf->rsn_preauth)
+		v |= BIT(0);
+	wpa_printf(MSG_DEBUG, "%s: rsn capabilities=0x%x",
+		   __func__, conf->rsn_preauth);
+	if (set80211param(drv, IEEE80211_IOC_RSNCAPS, v)) {
+		printf("Unable to set RSN capabilities to 0x%x\n", v);
+		return -1;
+	}
+
+	wpa_printf(MSG_DEBUG, "%s: enable WPA= 0x%x", __func__, conf->wpa);
+	if (set80211param(drv, IEEE80211_IOC_WPA, conf->wpa)) {
+		printf("Unable to set WPA to %u\n", conf->wpa);
+		return -1;
+	}
+	return 0;
+}
+
+
+static int
+bsd_set_iface_flags(void *priv, int dev_up)
+{
+	struct bsd_driver_data *drv = priv;
+	struct ifreq ifr;
+
+	wpa_printf(MSG_DEBUG, "%s: dev_up=%d", __func__, dev_up);
+
+	if (drv->ioctl_sock < 0)
+		return -1;
+
+	memset(&ifr, 0, sizeof(ifr));
+	os_strlcpy(ifr.ifr_name, drv->iface, IFNAMSIZ);
+
+	if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, &ifr) != 0) {
+		perror("ioctl[SIOCGIFFLAGS]");
+		return -1;
+	}
+
+	if (dev_up)
+		ifr.ifr_flags |= IFF_UP;
+	else
+		ifr.ifr_flags &= ~IFF_UP;
+
+	if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, &ifr) != 0) {
+		perror("ioctl[SIOCSIFFLAGS]");
+		return -1;
+	}
+
+	if (dev_up) {
+		memset(&ifr, 0, sizeof(ifr));
+		os_strlcpy(ifr.ifr_name, drv->iface, IFNAMSIZ);
+		ifr.ifr_mtu = HOSTAPD_MTU;
+		if (ioctl(drv->ioctl_sock, SIOCSIFMTU, &ifr) != 0) {
+			perror("ioctl[SIOCSIFMTU]");
+			printf("Setting MTU failed - trying to survive with "
+			       "current value\n");
+		}
+	}
+
+	return 0;
+}
+
+static int
+bsd_set_ieee8021x(const char *ifname, void *priv, int enabled)
+{
+	struct bsd_driver_data *drv = priv;
+	struct hostapd_data *hapd = drv->hapd;
+	struct hostapd_bss_config *conf = hapd->conf;
+
+	wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
+
+	if (!enabled) {
+		/* XXX restore state */
+		return set80211param(priv, IEEE80211_IOC_AUTHMODE,
+			IEEE80211_AUTH_AUTO);
+	}
+	if (!conf->wpa && !conf->ieee802_1x) {
+		hostapd_logger(hapd, NULL, HOSTAPD_MODULE_DRIVER,
+			HOSTAPD_LEVEL_WARNING, "No 802.1X or WPA enabled!");
+		return -1;
+	}
+	if (conf->wpa && bsd_configure_wpa(drv) != 0) {
+		hostapd_logger(hapd, NULL, HOSTAPD_MODULE_DRIVER,
+			HOSTAPD_LEVEL_WARNING, "Error configuring WPA state!");
+		return -1;
+	}
+	if (set80211param(priv, IEEE80211_IOC_AUTHMODE,
+		(conf->wpa ?  IEEE80211_AUTH_WPA : IEEE80211_AUTH_8021X))) {
+		hostapd_logger(hapd, NULL, HOSTAPD_MODULE_DRIVER,
+			HOSTAPD_LEVEL_WARNING, "Error enabling WPA/802.1X!");
+		return -1;
+	}
+	return bsd_set_iface_flags(priv, 1);
+}
+
+static int
+bsd_set_privacy(const char *ifname, void *priv, int enabled)
+{
+	struct bsd_driver_data *drv = priv;
+
+	wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
+
+	return set80211param(drv, IEEE80211_IOC_PRIVACY, enabled);
+}
+
+static int
+bsd_set_sta_authorized(void *priv, const u8 *addr, int authorized)
+{
+	struct bsd_driver_data *drv = priv;
+	struct ieee80211req_mlme mlme;
+
+	wpa_printf(MSG_DEBUG, "%s: addr=%s authorized=%d",
+		   __func__, ether_sprintf(addr), authorized);
+
+	if (authorized)
+		mlme.im_op = IEEE80211_MLME_AUTHORIZE;
+	else
+		mlme.im_op = IEEE80211_MLME_UNAUTHORIZE;
+	mlme.im_reason = 0;
+	memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
+	return set80211var(drv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme));
+}
+
+static int
+bsd_sta_set_flags(void *priv, const u8 *addr, int total_flags, int flags_or,
+		  int flags_and)
+{
+	/* For now, only support setting Authorized flag */
+	if (flags_or & WLAN_STA_AUTHORIZED)
+		return bsd_set_sta_authorized(priv, addr, 1);
+	if (!(flags_and & WLAN_STA_AUTHORIZED))
+		return bsd_set_sta_authorized(priv, addr, 0);
+	return 0;
+}
+
+static int
+bsd_del_key(void *priv, const u8 *addr, int key_idx)
+{
+	struct bsd_driver_data *drv = priv;
+	struct ieee80211req_del_key wk;
+
+	wpa_printf(MSG_DEBUG, "%s: addr=%s key_idx=%d",
+		   __func__, ether_sprintf(addr), key_idx);
+
+	memset(&wk, 0, sizeof(wk));
+	if (addr != NULL) {
+		memcpy(wk.idk_macaddr, addr, IEEE80211_ADDR_LEN);
+		wk.idk_keyix = (u_int8_t) IEEE80211_KEYIX_NONE;	/* XXX */
+	} else {
+		wk.idk_keyix = key_idx;
+	}
+
+	return set80211var(drv, IEEE80211_IOC_DELKEY, &wk, sizeof(wk));
+}
+
+static int
+bsd_set_key(const char *ifname, void *priv, const char *alg,
+	    const u8 *addr, int key_idx,
+	    const u8 *key, size_t key_len, int txkey)
+{
+	struct bsd_driver_data *drv = priv;
+	struct ieee80211req_key wk;
+	u_int8_t cipher;
+
+	if (strcmp(alg, "none") == 0)
+		return bsd_del_key(drv, addr, key_idx);
+
+	wpa_printf(MSG_DEBUG, "%s: alg=%s addr=%s key_idx=%d",
+		   __func__, alg, ether_sprintf(addr), key_idx);
+
+	if (strcmp(alg, "WEP") == 0)
+		cipher = IEEE80211_CIPHER_WEP;
+	else if (strcmp(alg, "TKIP") == 0)
+		cipher = IEEE80211_CIPHER_TKIP;
+	else if (strcmp(alg, "CCMP") == 0)
+		cipher = IEEE80211_CIPHER_AES_CCM;
+	else {
+		printf("%s: unknown/unsupported algorithm %s\n",
+			__func__, alg);
+		return -1;
+	}
+
+	if (key_len > sizeof(wk.ik_keydata)) {
+		printf("%s: key length %d too big\n", __func__, key_len);
+		return -3;
+	}
+
+	memset(&wk, 0, sizeof(wk));
+	wk.ik_type = cipher;
+	wk.ik_flags = IEEE80211_KEY_RECV | IEEE80211_KEY_XMIT;
+	if (addr == NULL) {
+		memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN);
+		wk.ik_keyix = key_idx;
+		wk.ik_flags |= IEEE80211_KEY_DEFAULT;
+	} else {
+		memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN);
+		wk.ik_keyix = IEEE80211_KEYIX_NONE;
+	}
+	wk.ik_keylen = key_len;
+	memcpy(wk.ik_keydata, key, key_len);
+
+	return set80211var(drv, IEEE80211_IOC_WPAKEY, &wk, sizeof(wk));
+}
+
+
+static int
+bsd_get_seqnum(const char *ifname, void *priv, const u8 *addr, int idx,
+	       u8 *seq)
+{
+	struct bsd_driver_data *drv = priv;
+	struct ieee80211req_key wk;
+
+	wpa_printf(MSG_DEBUG, "%s: addr=%s idx=%d",
+		   __func__, ether_sprintf(addr), idx);
+
+	memset(&wk, 0, sizeof(wk));
+	if (addr == NULL)
+		memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN);
+	else
+		memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN);
+	wk.ik_keyix = idx;
+
+	if (get80211var(drv, IEEE80211_IOC_WPAKEY, &wk, sizeof(wk)) < 0) {
+		printf("Failed to get encryption.\n");
+		return -1;
+	}
+
+#ifdef WORDS_BIGENDIAN
+	{
+		/*
+		 * wk.ik_keytsc is in host byte order (big endian), need to
+		 * swap it to match with the byte order used in WPA.
+		 */
+		int i;
+		u8 tmp[WPA_KEY_RSC_LEN];
+		memcpy(tmp, &wk.ik_keytsc, sizeof(wk.ik_keytsc));
+		for (i = 0; i < WPA_KEY_RSC_LEN; i++) {
+			seq[i] = tmp[WPA_KEY_RSC_LEN - i - 1];
+		}
+	}
+#else /* WORDS_BIGENDIAN */
+	memcpy(seq, &wk.ik_keytsc, sizeof(wk.ik_keytsc));
+#endif /* WORDS_BIGENDIAN */
+	return 0;
+}
+
+
+static int 
+bsd_flush(void *priv)
+{
+	u8 allsta[IEEE80211_ADDR_LEN];
+
+	memset(allsta, 0xff, IEEE80211_ADDR_LEN);
+	return bsd_sta_deauth(priv, allsta, IEEE80211_REASON_AUTH_LEAVE);
+}
+
+
+static int
+bsd_read_sta_driver_data(void *priv, struct hostap_sta_driver_data *data,
+			 const u8 *addr)
+{
+	struct bsd_driver_data *drv = priv;
+	struct ieee80211req_sta_stats stats;
+
+	memcpy(stats.is_u.macaddr, addr, IEEE80211_ADDR_LEN);
+	if (get80211var(drv, IEEE80211_IOC_STA_STATS, &stats, sizeof(stats)) > 0) {
+		/* XXX? do packets counts include non-data frames? */
+		data->rx_packets = stats.is_stats.ns_rx_data;
+		data->rx_bytes = stats.is_stats.ns_rx_bytes;
+		data->tx_packets = stats.is_stats.ns_tx_data;
+		data->tx_bytes = stats.is_stats.ns_tx_bytes;
+	}
+	return 0;
+}
+
+static int
+bsd_set_opt_ie(const char *ifname, void *priv, const u8 *ie, size_t ie_len)
+{
+	/*
+	 * Do nothing; we setup parameters at startup that define the
+	 * contents of the beacon information element.
+	 */
+	return 0;
+}
+
+static int
+bsd_sta_deauth(void *priv, const u8 *addr, int reason_code)
+{
+	struct bsd_driver_data *drv = priv;
+	struct ieee80211req_mlme mlme;
+
+	wpa_printf(MSG_DEBUG, "%s: addr=%s reason_code=%d",
+		   __func__, ether_sprintf(addr), reason_code);
+
+	mlme.im_op = IEEE80211_MLME_DEAUTH;
+	mlme.im_reason = reason_code;
+	memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
+	return set80211var(drv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme));
+}
+
+static int
+bsd_sta_disassoc(void *priv, const u8 *addr, int reason_code)
+{
+	struct bsd_driver_data *drv = priv;
+	struct ieee80211req_mlme mlme;
+
+	wpa_printf(MSG_DEBUG, "%s: addr=%s reason_code=%d",
+		   __func__, ether_sprintf(addr), reason_code);
+
+	mlme.im_op = IEEE80211_MLME_DISASSOC;
+	mlme.im_reason = reason_code;
+	memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
+	return set80211var(drv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme));
+}
+
+static int
+bsd_del_sta(struct bsd_driver_data *drv, u8 addr[IEEE80211_ADDR_LEN])
+{
+	struct hostapd_data *hapd = drv->hapd;
+	struct hostapd_bss_config *conf = hapd->conf;
+	struct sta_info *sta;
+
+	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
+		HOSTAPD_LEVEL_INFO, "deassociated");
+
+	sta = ap_get_sta(hapd, addr);
+	if (sta != NULL) {
+		sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
+		if (conf->wpa)
+			wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC);
+		sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
+		ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
+		ap_free_sta(hapd, sta);
+	}
+	return 0;
+}
+
+static int
+bsd_new_sta(struct bsd_driver_data *drv, u8 addr[IEEE80211_ADDR_LEN])
+{
+	struct hostapd_data *hapd = drv->hapd;
+	struct hostapd_bss_config *conf = hapd->conf;
+	struct sta_info *sta;
+	struct ieee80211req_wpaie ie;
+	int new_assoc, ielen, res;
+
+	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
+		HOSTAPD_LEVEL_INFO, "associated");
+
+	sta = ap_sta_add(hapd, addr);
+	if (sta == NULL)
+		return -1;
+	/*
+	 * Fetch and validate any negotiated WPA/RSN parameters.
+	 */
+	if (conf->wpa) {
+		memset(&ie, 0, sizeof(ie));
+		memcpy(ie.wpa_macaddr, addr, IEEE80211_ADDR_LEN);
+		if (get80211var(drv, IEEE80211_IOC_WPAIE, &ie, sizeof(ie)) < 0) {
+			printf("Failed to get WPA/RSN information element.\n");
+			return -1;		/* XXX not right */
+		}
+		ielen = ie.wpa_ie[1];
+		if (ielen == 0) {
+			printf("No WPA/RSN information element for station!\n");
+			return -1;		/* XXX not right */
+		}
+		ielen += 2;
+		if (sta->wpa_sm == NULL)
+			sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
+							sta->addr);
+		if (sta->wpa_sm == NULL) {
+			printf("Failed to initialize WPA state machine\n");
+			return -1;
+		}
+		res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
+					  ie.wpa_ie, ielen, NULL, 0);
+		if (res != WPA_IE_OK) {
+			printf("WPA/RSN information element rejected? "
+				"(res %u)\n", res);
+			return -1;
+		}
+	}
+
+	/*
+	 * Now that the internal station state is setup
+	 * kick the authenticator into action.
+	 */
+	new_assoc = (sta->flags & WLAN_STA_ASSOC) == 0;
+	sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC;
+	wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC);
+	hostapd_new_assoc_sta(hapd, sta, !new_assoc);
+	ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
+	return 0;
+}
+
+#include <net/route.h>
+#include <net80211/ieee80211_freebsd.h>
+
+static void
+bsd_wireless_event_receive(int sock, void *ctx, void *sock_ctx)
+{
+	struct bsd_driver_data *drv = ctx;
+	struct hostapd_data *hapd = drv->hapd;
+	char buf[2048];
+	struct if_announcemsghdr *ifan;
+	struct rt_msghdr *rtm;
+	struct ieee80211_michael_event *mic;
+	struct ieee80211_join_event *join;
+	struct ieee80211_leave_event *leave;
+	int n;
+
+	n = read(sock, buf, sizeof(buf));
+	if (n < 0) {
+		if (errno != EINTR && errno != EAGAIN)
+			perror("read(PF_ROUTE)");
+		return;
+	}
+
+	rtm = (struct rt_msghdr *) buf;
+	if (rtm->rtm_version != RTM_VERSION) {
+		wpa_printf(MSG_DEBUG, "Routing message version %d not "
+			"understood\n", rtm->rtm_version);
+		return;
+	}
+	ifan = (struct if_announcemsghdr *) rtm;
+	switch (rtm->rtm_type) {
+	case RTM_IEEE80211:
+		switch (ifan->ifan_what) {
+		case RTM_IEEE80211_ASSOC:
+		case RTM_IEEE80211_REASSOC:
+		case RTM_IEEE80211_DISASSOC:
+		case RTM_IEEE80211_SCAN:
+			break;
+		case RTM_IEEE80211_LEAVE:
+			leave = (struct ieee80211_leave_event *) &ifan[1];
+			bsd_del_sta(drv, leave->iev_addr);
+			break;
+		case RTM_IEEE80211_JOIN:
+#ifdef RTM_IEEE80211_REJOIN
+		case RTM_IEEE80211_REJOIN:
+#endif
+			join = (struct ieee80211_join_event *) &ifan[1];
+			bsd_new_sta(drv, join->iev_addr);
+			break;
+		case RTM_IEEE80211_REPLAY:
+			/* ignore */
+			break;
+		case RTM_IEEE80211_MICHAEL:
+			mic = (struct ieee80211_michael_event *) &ifan[1];
+			wpa_printf(MSG_DEBUG,
+				"Michael MIC failure wireless event: "
+				"keyix=%u src_addr=" MACSTR, mic->iev_keyix,
+				MAC2STR(mic->iev_src));
+			ieee80211_michael_mic_failure(hapd, mic->iev_src, 1);
+			break;
+		}
+		break;
+	}
+}
+
+static int
+bsd_wireless_event_init(void *priv)
+{
+	struct bsd_driver_data *drv = priv;
+	int s;
+
+	drv->wext_sock = -1;
+
+	s = socket(PF_ROUTE, SOCK_RAW, 0);
+	if (s < 0) {
+		perror("socket(PF_ROUTE,SOCK_RAW)");
+		return -1;
+	}
+	eloop_register_read_sock(s, bsd_wireless_event_receive, drv, NULL);
+	drv->wext_sock = s;
+
+	return 0;
+}
+
+static void
+bsd_wireless_event_deinit(void *priv)
+{
+	struct bsd_driver_data *drv = priv;
+
+	if (drv != NULL) {
+		if (drv->wext_sock < 0)
+			return;
+		eloop_unregister_read_sock(drv->wext_sock);
+		close(drv->wext_sock);
+	}
+}
+
+
+static int
+bsd_send_eapol(void *priv, const u8 *addr, const u8 *data, size_t data_len,
+	       int encrypt, const u8 *own_addr)
+{
+	struct bsd_driver_data *drv = priv;
+	unsigned char buf[3000];
+	unsigned char *bp = buf;
+	struct l2_ethhdr *eth;
+	size_t len;
+	int status;
+
+	/*
+	 * Prepend the Etherent header.  If the caller left us
+	 * space at the front we could just insert it but since
+	 * we don't know we copy to a local buffer.  Given the frequency
+	 * and size of frames this probably doesn't matter.
+	 */
+	len = data_len + sizeof(struct l2_ethhdr);
+	if (len > sizeof(buf)) {
+		bp = malloc(len);
+		if (bp == NULL) {
+			printf("EAPOL frame discarded, cannot malloc temp "
+				"buffer of size %u!\n", len);
+			return -1;
+		}
+	}
+	eth = (struct l2_ethhdr *) bp;
+	memcpy(eth->h_dest, addr, ETH_ALEN);
+	memcpy(eth->h_source, own_addr, ETH_ALEN);
+	eth->h_proto = htons(ETH_P_EAPOL);
+	memcpy(eth+1, data, data_len);
+
+	wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", bp, len);
+
+	status = l2_packet_send(drv->sock_xmit, addr, ETH_P_EAPOL, bp, len);
+
+	if (bp != buf)
+		free(bp);
+	return status;
+}
+
+static void
+handle_read(void *ctx, const u8 *src_addr, const u8 *buf, size_t len)
+{
+	struct bsd_driver_data *drv = ctx;
+	struct hostapd_data *hapd = drv->hapd;
+	struct sta_info *sta;
+
+	sta = ap_get_sta(hapd, src_addr);
+	if (!sta || !(sta->flags & WLAN_STA_ASSOC)) {
+		printf("Data frame from not associated STA %s\n",
+		       ether_sprintf(src_addr));
+		/* XXX cannot happen */
+		return;
+	}
+	ieee802_1x_receive(hapd, src_addr, buf + sizeof(struct l2_ethhdr),
+			   len - sizeof(struct l2_ethhdr));
+}
+
+static int
+bsd_get_ssid(const char *ifname, void *priv, u8 *buf, int len)
+{
+	struct bsd_driver_data *drv = priv;
+	int ssid_len = get80211var(drv, IEEE80211_IOC_SSID, buf, len);
+
+	wpa_printf(MSG_DEBUG, "%s: ssid=\"%.*s\"", __func__, ssid_len, buf);
+
+	return ssid_len;
+}
+
+static int
+bsd_set_ssid(const char *ifname, void *priv, const u8 *buf, int len)
+{
+	struct bsd_driver_data *drv = priv;
+
+	wpa_printf(MSG_DEBUG, "%s: ssid=\"%.*s\"", __func__, len, buf);
+
+	return set80211var(drv, IEEE80211_IOC_SSID, buf, len);
+}
+
+static void *
+bsd_init(struct hostapd_data *hapd)
+{
+	struct bsd_driver_data *drv;
+
+	drv = os_zalloc(sizeof(struct bsd_driver_data));
+	if (drv == NULL) {
+		printf("Could not allocate memory for bsd driver data\n");
+		goto bad;
+	}
+
+	drv->hapd = hapd;
+	drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
+	if (drv->ioctl_sock < 0) {
+		perror("socket[PF_INET,SOCK_DGRAM]");
+		goto bad;
+	}
+	memcpy(drv->iface, hapd->conf->iface, sizeof(drv->iface));
+
+	drv->sock_xmit = l2_packet_init(drv->iface, NULL, ETH_P_EAPOL,
+					handle_read, drv, 1);
+	if (drv->sock_xmit == NULL)
+		goto bad;
+	if (l2_packet_get_own_addr(drv->sock_xmit, hapd->own_addr))
+		goto bad;
+
+	bsd_set_iface_flags(drv, 0);	/* mark down during setup */
+
+	return drv;
+bad:
+	if (drv->sock_xmit != NULL)
+		l2_packet_deinit(drv->sock_xmit);
+	if (drv->ioctl_sock >= 0)
+		close(drv->ioctl_sock);
+	if (drv != NULL)
+		free(drv);
+	return NULL;
+}
+
+
+static void
+bsd_deinit(void *priv)
+{
+	struct bsd_driver_data *drv = priv;
+
+	(void) bsd_set_iface_flags(drv, 0);
+	if (drv->ioctl_sock >= 0)
+		close(drv->ioctl_sock);
+	if (drv->sock_xmit != NULL)
+		l2_packet_deinit(drv->sock_xmit);
+	free(drv);
+}
+
+const struct wpa_driver_ops wpa_driver_bsd_ops = {
+	.name			= "bsd",
+	.init			= bsd_init,
+	.deinit			= bsd_deinit,
+	.set_ieee8021x		= bsd_set_ieee8021x,
+	.set_privacy		= bsd_set_privacy,
+	.set_encryption		= bsd_set_key,
+	.get_seqnum		= bsd_get_seqnum,
+	.flush			= bsd_flush,
+	.set_generic_elem	= bsd_set_opt_ie,
+	.wireless_event_init	= bsd_wireless_event_init,
+	.wireless_event_deinit	= bsd_wireless_event_deinit,
+	.sta_set_flags		= bsd_sta_set_flags,
+	.read_sta_data		= bsd_read_sta_driver_data,
+	.send_eapol		= bsd_send_eapol,
+	.sta_disassoc		= bsd_sta_disassoc,
+	.sta_deauth		= bsd_sta_deauth,
+	.set_ssid		= bsd_set_ssid,
+	.get_ssid		= bsd_get_ssid,
+};

hostapd/driver_hostap.c

@@ -0,0 +1,1235 @@
+/*
+ * hostapd / Kernel driver communication with Linux Host AP driver
+ * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <sys/ioctl.h>
+
+#ifdef USE_KERNEL_HEADERS
+#include <asm/types.h>
+#include <linux/if_packet.h>
+#include <linux/if_ether.h>   /* The L2 protocols */
+#include <linux/if_arp.h>
+#include <linux/wireless.h>
+#else /* USE_KERNEL_HEADERS */
+#include <net/if_arp.h>
+#include <netpacket/packet.h>
+#include "wireless_copy.h"
+#endif /* USE_KERNEL_HEADERS */
+
+#include "hostapd.h"
+#include "driver.h"
+#include "ieee802_1x.h"
+#include "eloop.h"
+#include "priv_netlink.h"
+#include "ieee802_11.h"
+#include "sta_info.h"
+#include "hostap_common.h"
+#include "hw_features.h"
+
+
+struct hostap_driver_data {
+	struct hostapd_data *hapd;
+
+	char iface[IFNAMSIZ + 1];
+	int sock; /* raw packet socket for driver access */
+	int ioctl_sock; /* socket for ioctl() use */
+	int wext_sock; /* socket for wireless events */
+
+	int we_version;
+
+	u8 *generic_ie;
+	size_t generic_ie_len;
+};
+
+
+static int hostapd_ioctl(void *priv, struct prism2_hostapd_param *param,
+			 int len);
+static int hostap_set_iface_flags(void *priv, int dev_up);
+
+static void handle_data(struct hostapd_data *hapd, u8 *buf, size_t len,
+			u16 stype)
+{
+	struct ieee80211_hdr *hdr;
+	u16 fc, ethertype;
+	u8 *pos, *sa;
+	size_t left;
+	struct sta_info *sta;
+
+	if (len < sizeof(struct ieee80211_hdr))
+		return;
+
+	hdr = (struct ieee80211_hdr *) buf;
+	fc = le_to_host16(hdr->frame_control);
+
+	if ((fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) != WLAN_FC_TODS) {
+		printf("Not ToDS data frame (fc=0x%04x)\n", fc);
+		return;
+	}
+
+	sa = hdr->addr2;
+	sta = ap_get_sta(hapd, sa);
+	if (!sta || !(sta->flags & WLAN_STA_ASSOC)) {
+		printf("Data frame from not associated STA " MACSTR "\n",
+		       MAC2STR(sa));
+		if (sta && (sta->flags & WLAN_STA_AUTH))
+			hostapd_sta_disassoc(
+				hapd, sa,
+				WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
+		else
+			hostapd_sta_deauth(
+				hapd, sa,
+				WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
+		return;
+	}
+
+	pos = (u8 *) (hdr + 1);
+	left = len - sizeof(*hdr);
+
+	if (left < sizeof(rfc1042_header)) {
+		printf("Too short data frame\n");
+		return;
+	}
+
+	if (memcmp(pos, rfc1042_header, sizeof(rfc1042_header)) != 0) {
+		printf("Data frame with no RFC1042 header\n");
+		return;
+	}
+	pos += sizeof(rfc1042_header);
+	left -= sizeof(rfc1042_header);
+
+	if (left < 2) {
+		printf("No ethertype in data frame\n");
+		return;
+	}
+
+	ethertype = WPA_GET_BE16(pos);
+	pos += 2;
+	left -= 2;
+	switch (ethertype) {
+	case ETH_P_PAE:
+		ieee802_1x_receive(hapd, sa, pos, left);
+		break;
+
+	default:
+		printf("Unknown ethertype 0x%04x in data frame\n", ethertype);
+		break;
+	}
+}
+
+
+static void handle_tx_callback(struct hostapd_data *hapd, u8 *buf, size_t len,
+			       int ok)
+{
+	struct ieee80211_hdr *hdr;
+	u16 fc, type, stype;
+	struct sta_info *sta;
+
+	hdr = (struct ieee80211_hdr *) buf;
+	fc = le_to_host16(hdr->frame_control);
+
+	type = WLAN_FC_GET_TYPE(fc);
+	stype = WLAN_FC_GET_STYPE(fc);
+
+	switch (type) {
+	case WLAN_FC_TYPE_MGMT:
+		wpa_printf(MSG_DEBUG, "MGMT (TX callback) %s",
+			   ok ? "ACK" : "fail");
+		ieee802_11_mgmt_cb(hapd, buf, len, stype, ok);
+		break;
+	case WLAN_FC_TYPE_CTRL:
+		wpa_printf(MSG_DEBUG, "CTRL (TX callback) %s",
+			   ok ? "ACK" : "fail");
+		break;
+	case WLAN_FC_TYPE_DATA:
+		wpa_printf(MSG_DEBUG, "DATA (TX callback) %s",
+			   ok ? "ACK" : "fail");
+		sta = ap_get_sta(hapd, hdr->addr1);
+		if (sta && sta->flags & WLAN_STA_PENDING_POLL) {
+			wpa_printf(MSG_DEBUG, "STA " MACSTR
+				   " %s pending activity poll",
+				   MAC2STR(sta->addr),
+				   ok ? "ACKed" : "did not ACK");
+			if (ok)
+				sta->flags &= ~WLAN_STA_PENDING_POLL;
+		}
+		if (sta)
+			ieee802_1x_tx_status(hapd, sta, buf, len, ok);
+		break;
+	default:
+		printf("unknown TX callback frame type %d\n", type);
+		break;
+	}
+}
+
+
+static void handle_frame(struct hostapd_data *hapd, u8 *buf, size_t len)
+{
+	struct ieee80211_hdr *hdr;
+	u16 fc, extra_len, type, stype;
+	unsigned char *extra = NULL;
+	size_t data_len = len;
+	int ver;
+
+	/* PSPOLL is only 16 bytes, but driver does not (at least yet) pass
+	 * these to user space */
+	if (len < 24) {
+		wpa_printf(MSG_MSGDUMP, "handle_frame: too short (%lu)",
+			   (unsigned long) len);
+		return;
+	}
+
+	hdr = (struct ieee80211_hdr *) buf;
+	fc = le_to_host16(hdr->frame_control);
+	type = WLAN_FC_GET_TYPE(fc);
+	stype = WLAN_FC_GET_STYPE(fc);
+
+	if (type != WLAN_FC_TYPE_MGMT || stype != WLAN_FC_STYPE_BEACON) {
+		wpa_hexdump(MSG_MSGDUMP, "Received management frame",
+			    buf, len);
+	}
+
+	ver = fc & WLAN_FC_PVER;
+
+	/* protocol version 3 is reserved for indicating extra data after the
+	 * payload, version 2 for indicating ACKed frame (TX callbacks), and
+	 * version 1 for indicating failed frame (no ACK, TX callbacks) */
+	if (ver == 3) {
+		u8 *pos = buf + len - 2;
+		extra_len = WPA_GET_LE16(pos);
+		printf("extra data in frame (elen=%d)\n", extra_len);
+		if ((size_t) extra_len + 2 > len) {
+			printf("  extra data overflow\n");
+			return;
+		}
+		len -= extra_len + 2;
+		extra = buf + len;
+	} else if (ver == 1 || ver == 2) {
+		handle_tx_callback(hapd, buf, data_len, ver == 2 ? 1 : 0);
+		return;
+	} else if (ver != 0) {
+		printf("unknown protocol version %d\n", ver);
+		return;
+	}
+
+	switch (type) {
+	case WLAN_FC_TYPE_MGMT:
+		if (stype != WLAN_FC_STYPE_BEACON)
+			wpa_printf(MSG_MSGDUMP, "MGMT");
+		ieee802_11_mgmt(hapd, buf, data_len, stype, NULL);
+		break;
+	case WLAN_FC_TYPE_CTRL:
+		wpa_printf(MSG_DEBUG, "CTRL");
+		break;
+	case WLAN_FC_TYPE_DATA:
+		wpa_printf(MSG_DEBUG, "DATA");
+		handle_data(hapd, buf, data_len, stype);
+		break;
+	default:
+		wpa_printf(MSG_DEBUG, "unknown frame type %d", type);
+		break;
+	}
+}
+
+
+static void handle_read(int sock, void *eloop_ctx, void *sock_ctx)
+{
+	struct hostapd_data *hapd = (struct hostapd_data *) eloop_ctx;
+	int len;
+	unsigned char buf[3000];
+
+	len = recv(sock, buf, sizeof(buf), 0);
+	if (len < 0) {
+		perror("recv");
+		return;
+	}
+
+	handle_frame(hapd, buf, len);
+}
+
+
+static int hostap_init_sockets(struct hostap_driver_data *drv)
+{
+	struct ifreq ifr;
+	struct sockaddr_ll addr;
+
+	drv->sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
+	if (drv->sock < 0) {
+		perror("socket[PF_PACKET,SOCK_RAW]");
+		return -1;
+	}
+
+	if (eloop_register_read_sock(drv->sock, handle_read, drv->hapd, NULL))
+	{
+		printf("Could not register read socket\n");
+		return -1;
+	}
+
+        memset(&ifr, 0, sizeof(ifr));
+        snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%sap", drv->iface);
+        if (ioctl(drv->sock, SIOCGIFINDEX, &ifr) != 0) {
+		perror("ioctl(SIOCGIFINDEX)");
+		return -1;
+        }
+
+	if (hostap_set_iface_flags(drv, 1)) {
+		return -1;
+	}
+
+	memset(&addr, 0, sizeof(addr));
+	addr.sll_family = AF_PACKET;
+	addr.sll_ifindex = ifr.ifr_ifindex;
+	wpa_printf(MSG_DEBUG, "Opening raw packet socket for ifindex %d",
+		   addr.sll_ifindex);
+
+	if (bind(drv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
+		perror("bind");
+		return -1;
+	}
+
+        memset(&ifr, 0, sizeof(ifr));
+        os_strlcpy(ifr.ifr_name, drv->iface, sizeof(ifr.ifr_name));
+        if (ioctl(drv->sock, SIOCGIFHWADDR, &ifr) != 0) {
+		perror("ioctl(SIOCGIFHWADDR)");
+		return -1;
+        }
+
+	if (ifr.ifr_hwaddr.sa_family != ARPHRD_ETHER) {
+		printf("Invalid HW-addr family 0x%04x\n",
+		       ifr.ifr_hwaddr.sa_family);
+		return -1;
+	}
+	memcpy(drv->hapd->own_addr, ifr.ifr_hwaddr.sa_data, ETH_ALEN);
+
+	return 0;
+}
+
+
+static int hostap_send_mgmt_frame(void *priv, const void *msg, size_t len,
+				  int flags)
+{
+	struct hostap_driver_data *drv = priv;
+	
+	return send(drv->sock, msg, len, flags);
+}
+
+
+static int hostap_send_eapol(void *priv, const u8 *addr, const u8 *data,
+			     size_t data_len, int encrypt, const u8 *own_addr)
+{
+	struct hostap_driver_data *drv = priv;
+	struct ieee80211_hdr *hdr;
+	size_t len;
+	u8 *pos;
+	int res;
+
+	len = sizeof(*hdr) + sizeof(rfc1042_header) + 2 + data_len;
+	hdr = os_zalloc(len);
+	if (hdr == NULL) {
+		printf("malloc() failed for hostapd_send_data(len=%lu)\n",
+		       (unsigned long) len);
+		return -1;
+	}
+
+	hdr->frame_control =
+		IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
+	hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
+	/* Request TX callback */
+	hdr->frame_control |= host_to_le16(BIT(1));
+	if (encrypt)
+		hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
+	memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
+	memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
+	memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
+
+	pos = (u8 *) (hdr + 1);
+	memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
+	pos += sizeof(rfc1042_header);
+	*((u16 *) pos) = htons(ETH_P_PAE);
+	pos += 2;
+	memcpy(pos, data, data_len);
+
+	res = hostap_send_mgmt_frame(drv, (u8 *) hdr, len, 0);
+	free(hdr);
+
+	if (res < 0) {
+		perror("hostapd_send_eapol: send");
+		printf("hostapd_send_eapol - packet len: %lu - failed\n",
+		       (unsigned long) len);
+	}
+
+	return res;
+}
+
+
+static int hostap_sta_set_flags(void *priv, const u8 *addr,
+				int total_flags, int flags_or, int flags_and)
+{
+	struct hostap_driver_data *drv = priv;
+	struct prism2_hostapd_param param;
+
+	memset(&param, 0, sizeof(param));
+	param.cmd = PRISM2_HOSTAPD_SET_FLAGS_STA;
+	memcpy(param.sta_addr, addr, ETH_ALEN);
+	param.u.set_flags_sta.flags_or = flags_or;
+	param.u.set_flags_sta.flags_and = flags_and;
+	return hostapd_ioctl(drv, &param, sizeof(param));
+}
+
+
+static int hostap_set_iface_flags(void *priv, int dev_up)
+{
+	struct hostap_driver_data *drv = priv;
+	struct ifreq ifr;
+
+	if (drv->ioctl_sock < 0)
+		return -1;
+
+	memset(&ifr, 0, sizeof(ifr));
+	snprintf(ifr.ifr_name, IFNAMSIZ, "%sap", drv->iface);
+
+	if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, &ifr) != 0) {
+		perror("ioctl[SIOCGIFFLAGS]");
+		return -1;
+	}
+
+	if (dev_up)
+		ifr.ifr_flags |= IFF_UP;
+	else
+		ifr.ifr_flags &= ~IFF_UP;
+
+	if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, &ifr) != 0) {
+		perror("ioctl[SIOCSIFFLAGS]");
+		return -1;
+	}
+
+	if (dev_up) {
+		memset(&ifr, 0, sizeof(ifr));
+		snprintf(ifr.ifr_name, IFNAMSIZ, "%sap", drv->iface);
+		ifr.ifr_mtu = HOSTAPD_MTU;
+		if (ioctl(drv->ioctl_sock, SIOCSIFMTU, &ifr) != 0) {
+			perror("ioctl[SIOCSIFMTU]");
+			printf("Setting MTU failed - trying to survive with "
+			       "current value\n");
+		}
+	}
+
+	return 0;
+}
+
+
+static int hostapd_ioctl(void *priv, struct prism2_hostapd_param *param,
+			 int len)
+{
+	struct hostap_driver_data *drv = priv;
+	struct iwreq iwr;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
+	iwr.u.data.pointer = (caddr_t) param;
+	iwr.u.data.length = len;
+
+	if (ioctl(drv->ioctl_sock, PRISM2_IOCTL_HOSTAPD, &iwr) < 0) {
+		perror("ioctl[PRISM2_IOCTL_HOSTAPD]");
+		return -1;
+	}
+
+	return 0;
+}
+
+
+static int hostap_set_encryption(const char *ifname, void *priv,
+				 const char *alg, const u8 *addr,
+				 int idx, const u8 *key, size_t key_len,
+				 int txkey)
+{
+	struct hostap_driver_data *drv = priv;
+	struct prism2_hostapd_param *param;
+	u8 *buf;
+	size_t blen;
+	int ret = 0;
+
+	blen = sizeof(*param) + key_len;
+	buf = os_zalloc(blen);
+	if (buf == NULL)
+		return -1;
+
+	param = (struct prism2_hostapd_param *) buf;
+	param->cmd = PRISM2_SET_ENCRYPTION;
+	if (addr == NULL)
+		memset(param->sta_addr, 0xff, ETH_ALEN);
+	else
+		memcpy(param->sta_addr, addr, ETH_ALEN);
+	os_strlcpy((char *) param->u.crypt.alg, alg,
+		   HOSTAP_CRYPT_ALG_NAME_LEN);
+	param->u.crypt.flags = txkey ? HOSTAP_CRYPT_FLAG_SET_TX_KEY : 0;
+	param->u.crypt.idx = idx;
+	param->u.crypt.key_len = key_len;
+	memcpy((u8 *) (param + 1), key, key_len);
+
+	if (hostapd_ioctl(drv, param, blen)) {
+		printf("Failed to set encryption.\n");
+		ret = -1;
+	}
+	free(buf);
+
+	return ret;
+}
+
+
+static int hostap_get_seqnum(const char *ifname, void *priv, const u8 *addr,
+			     int idx, u8 *seq)
+{
+	struct hostap_driver_data *drv = priv;
+	struct prism2_hostapd_param *param;
+	u8 *buf;
+	size_t blen;
+	int ret = 0;
+
+	blen = sizeof(*param) + 32;
+	buf = os_zalloc(blen);
+	if (buf == NULL)
+		return -1;
+
+	param = (struct prism2_hostapd_param *) buf;
+	param->cmd = PRISM2_GET_ENCRYPTION;
+	if (addr == NULL)
+		memset(param->sta_addr, 0xff, ETH_ALEN);
+	else
+		memcpy(param->sta_addr, addr, ETH_ALEN);
+	param->u.crypt.idx = idx;
+
+	if (hostapd_ioctl(drv, param, blen)) {
+		printf("Failed to get encryption.\n");
+		ret = -1;
+	} else {
+		memcpy(seq, param->u.crypt.seq, 8);
+	}
+	free(buf);
+
+	return ret;
+}
+
+
+static int hostap_ioctl_prism2param(void *priv, int param, int value)
+{
+	struct hostap_driver_data *drv = priv;
+	struct iwreq iwr;
+	int *i;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
+	i = (int *) iwr.u.name;
+	*i++ = param;
+	*i++ = value;
+
+	if (ioctl(drv->ioctl_sock, PRISM2_IOCTL_PRISM2_PARAM, &iwr) < 0) {
+		perror("ioctl[PRISM2_IOCTL_PRISM2_PARAM]");
+		return -1;
+	}
+
+	return 0;
+}
+
+
+static int hostap_set_ieee8021x(const char *ifname, void *priv, int enabled)
+{
+	struct hostap_driver_data *drv = priv;
+
+	/* enable kernel driver support for IEEE 802.1X */
+	if (hostap_ioctl_prism2param(drv, PRISM2_PARAM_IEEE_802_1X, enabled)) {
+		printf("Could not setup IEEE 802.1X support in kernel driver."
+		       "\n");
+		return -1;
+	}
+
+	if (!enabled)
+		return 0;
+
+	/* use host driver implementation of encryption to allow
+	 * individual keys and passing plaintext EAPOL frames */
+	if (hostap_ioctl_prism2param(drv, PRISM2_PARAM_HOST_DECRYPT, 1) ||
+	    hostap_ioctl_prism2param(drv, PRISM2_PARAM_HOST_ENCRYPT, 1)) {
+		printf("Could not setup host-based encryption in kernel "
+		       "driver.\n");
+		return -1;
+	}
+
+	return 0;
+}
+
+
+static int hostap_set_privacy(const char *ifname, void *priv, int enabled)
+{
+	struct hostap_drvier_data *drv = priv;
+
+	return hostap_ioctl_prism2param(drv, PRISM2_PARAM_PRIVACY_INVOKED,
+					enabled);
+}
+
+ 
+static int hostap_set_ssid(const char *ifname, void *priv, const u8 *buf,
+			   int len)
+{
+	struct hostap_driver_data *drv = priv;
+	struct iwreq iwr;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
+	iwr.u.essid.flags = 1; /* SSID active */
+	iwr.u.essid.pointer = (caddr_t) buf;
+	iwr.u.essid.length = len + 1;
+
+	if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
+		perror("ioctl[SIOCSIWESSID]");
+		printf("len=%d\n", len);
+		return -1;
+	}
+
+	return 0;
+}
+
+
+static int hostap_flush(void *priv)
+{
+	struct hostap_driver_data *drv = priv;
+	struct prism2_hostapd_param param;
+
+	memset(&param, 0, sizeof(param));
+	param.cmd = PRISM2_HOSTAPD_FLUSH;
+	return hostapd_ioctl(drv, &param, sizeof(param));
+}
+
+
+static int hostap_read_sta_data(void *priv,
+				struct hostap_sta_driver_data *data,
+				const u8 *addr)
+{
+	struct hostap_driver_data *drv = priv;
+	char buf[1024], line[128], *pos;
+	FILE *f;
+	unsigned long val;
+
+	memset(data, 0, sizeof(*data));
+	snprintf(buf, sizeof(buf), "/proc/net/hostap/%s/" MACSTR,
+		 drv->iface, MAC2STR(addr));
+
+	f = fopen(buf, "r");
+	if (!f)
+		return -1;
+	/* Need to read proc file with in one piece, so use large enough
+	 * buffer. */
+	setbuffer(f, buf, sizeof(buf));
+
+	while (fgets(line, sizeof(line), f)) {
+		pos = strchr(line, '=');
+		if (!pos)
+			continue;
+		*pos++ = '\0';
+		val = strtoul(pos, NULL, 10);
+		if (strcmp(line, "rx_packets") == 0)
+			data->rx_packets = val;
+		else if (strcmp(line, "tx_packets") == 0)
+			data->tx_packets = val;
+		else if (strcmp(line, "rx_bytes") == 0)
+			data->rx_bytes = val;
+		else if (strcmp(line, "tx_bytes") == 0)
+			data->tx_bytes = val;
+	}
+
+	fclose(f);
+
+	return 0;
+}
+
+
+static int hostap_sta_add(const char *ifname, void *priv, const u8 *addr,
+			  u16 aid, u16 capability, u8 *supp_rates,
+			  size_t supp_rates_len, int flags)
+{
+	struct hostap_driver_data *drv = priv;
+	struct prism2_hostapd_param param;
+	int tx_supp_rates = 0;
+	size_t i;
+
+#define WLAN_RATE_1M BIT(0)
+#define WLAN_RATE_2M BIT(1)
+#define WLAN_RATE_5M5 BIT(2)
+#define WLAN_RATE_11M BIT(3)
+
+	for (i = 0; i < supp_rates_len; i++) {
+		if ((supp_rates[i] & 0x7f) == 2)
+			tx_supp_rates |= WLAN_RATE_1M;
+		if ((supp_rates[i] & 0x7f) == 4)
+			tx_supp_rates |= WLAN_RATE_2M;
+		if ((supp_rates[i] & 0x7f) == 11)
+			tx_supp_rates |= WLAN_RATE_5M5;
+		if ((supp_rates[i] & 0x7f) == 22)
+			tx_supp_rates |= WLAN_RATE_11M;
+	}
+
+	memset(&param, 0, sizeof(param));
+	param.cmd = PRISM2_HOSTAPD_ADD_STA;
+	memcpy(param.sta_addr, addr, ETH_ALEN);
+	param.u.add_sta.aid = aid;
+	param.u.add_sta.capability = capability;
+	param.u.add_sta.tx_supp_rates = tx_supp_rates;
+	return hostapd_ioctl(drv, &param, sizeof(param));
+}
+
+
+static int hostap_sta_remove(void *priv, const u8 *addr)
+{
+	struct hostap_driver_data *drv = priv;
+	struct prism2_hostapd_param param;
+
+	hostap_sta_set_flags(drv, addr, 0, 0, ~WLAN_STA_AUTHORIZED);
+
+	memset(&param, 0, sizeof(param));
+	param.cmd = PRISM2_HOSTAPD_REMOVE_STA;
+	memcpy(param.sta_addr, addr, ETH_ALEN);
+	if (hostapd_ioctl(drv, &param, sizeof(param))) {
+		printf("Could not remove station from kernel driver.\n");
+		return -1;
+	}
+	return 0;
+}
+
+
+static int hostap_get_inact_sec(void *priv, const u8 *addr)
+{
+	struct hostap_driver_data *drv = priv;
+	struct prism2_hostapd_param param;
+
+	memset(&param, 0, sizeof(param));
+	param.cmd = PRISM2_HOSTAPD_GET_INFO_STA;
+	memcpy(param.sta_addr, addr, ETH_ALEN);
+	if (hostapd_ioctl(drv, &param, sizeof(param))) {
+		return -1;
+	}
+
+	return param.u.get_info_sta.inactive_sec;
+}
+
+
+static int hostap_sta_clear_stats(void *priv, const u8 *addr)
+{
+	struct hostap_driver_data *drv = priv;
+	struct prism2_hostapd_param param;
+
+	memset(&param, 0, sizeof(param));
+	param.cmd = PRISM2_HOSTAPD_STA_CLEAR_STATS;
+	memcpy(param.sta_addr, addr, ETH_ALEN);
+	if (hostapd_ioctl(drv, &param, sizeof(param))) {
+		return -1;
+	}
+
+	return 0;
+}
+
+
+static int hostap_set_assoc_ap(void *priv, const u8 *addr)
+{
+	struct hostap_driver_data *drv = priv;
+	struct prism2_hostapd_param param;
+
+	memset(&param, 0, sizeof(param));
+	param.cmd = PRISM2_HOSTAPD_SET_ASSOC_AP_ADDR;
+	memcpy(param.sta_addr, addr, ETH_ALEN);
+	if (hostapd_ioctl(drv, &param, sizeof(param)))
+		return -1;
+
+	return 0;
+}
+
+
+static int hostapd_ioctl_set_generic_elem(struct hostap_driver_data *drv)
+{
+	struct prism2_hostapd_param *param;
+	int res;
+	size_t blen, elem_len;
+
+	elem_len = drv->generic_ie_len;
+	blen = PRISM2_HOSTAPD_GENERIC_ELEMENT_HDR_LEN + elem_len;
+	if (blen < sizeof(*param))
+		blen = sizeof(*param);
+
+	param = os_zalloc(blen);
+	if (param == NULL)
+		return -1;
+
+	param->cmd = PRISM2_HOSTAPD_SET_GENERIC_ELEMENT;
+	param->u.generic_elem.len = elem_len;
+	if (drv->generic_ie) {
+		os_memcpy(param->u.generic_elem.data, drv->generic_ie,
+			  drv->generic_ie_len);
+	}
+	wpa_hexdump(MSG_DEBUG, "hostap: Set generic IE",
+		    param->u.generic_elem.data, elem_len);
+	res = hostapd_ioctl(drv, param, blen);
+
+	os_free(param);
+
+	return res;
+}
+
+
+static int hostap_set_generic_elem(const char *ifname, void *priv,
+				   const u8 *elem, size_t elem_len)
+{
+	struct hostap_driver_data *drv = priv;
+
+	os_free(drv->generic_ie);
+	drv->generic_ie = NULL;
+	drv->generic_ie_len = 0;
+	if (elem) {
+		drv->generic_ie = os_malloc(elem_len);
+		if (drv->generic_ie == NULL)
+			return -1;
+		os_memcpy(drv->generic_ie, elem, elem_len);
+		drv->generic_ie_len = elem_len;
+	}
+
+	return hostapd_ioctl_set_generic_elem(drv);
+}
+
+
+static void
+hostapd_wireless_event_wireless_custom(struct hostap_driver_data *drv,
+				       char *custom)
+{
+	wpa_printf(MSG_DEBUG, "Custom wireless event: '%s'", custom);
+
+	if (strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
+		char *pos;
+		u8 addr[ETH_ALEN];
+		pos = strstr(custom, "addr=");
+		if (pos == NULL) {
+			wpa_printf(MSG_DEBUG,
+				   "MLME-MICHAELMICFAILURE.indication "
+				   "without sender address ignored");
+			return;
+		}
+		pos += 5;
+		if (hwaddr_aton(pos, addr) == 0) {
+			ieee80211_michael_mic_failure(drv->hapd, addr, 1);
+		} else {
+			wpa_printf(MSG_DEBUG,
+				   "MLME-MICHAELMICFAILURE.indication "
+				   "with invalid MAC address");
+		}
+	}
+}
+
+
+static void hostapd_wireless_event_wireless(struct hostap_driver_data *drv,
+					    char *data, int len)
+{
+	struct iw_event iwe_buf, *iwe = &iwe_buf;
+	char *pos, *end, *custom, *buf;
+
+	pos = data;
+	end = data + len;
+
+	while (pos + IW_EV_LCP_LEN <= end) {
+		/* Event data may be unaligned, so make a local, aligned copy
+		 * before processing. */
+		memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
+		wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
+			   iwe->cmd, iwe->len);
+		if (iwe->len <= IW_EV_LCP_LEN)
+			return;
+
+		custom = pos + IW_EV_POINT_LEN;
+		if (drv->we_version > 18 &&
+		    (iwe->cmd == IWEVMICHAELMICFAILURE ||
+		     iwe->cmd == IWEVCUSTOM)) {
+			/* WE-19 removed the pointer from struct iw_point */
+			char *dpos = (char *) &iwe_buf.u.data.length;
+			int dlen = dpos - (char *) &iwe_buf;
+			memcpy(dpos, pos + IW_EV_LCP_LEN,
+			       sizeof(struct iw_event) - dlen);
+		} else {
+			memcpy(&iwe_buf, pos, sizeof(struct iw_event));
+			custom += IW_EV_POINT_OFF;
+		}
+
+		switch (iwe->cmd) {
+		case IWEVCUSTOM:
+			if (custom + iwe->u.data.length > end)
+				return;
+			buf = malloc(iwe->u.data.length + 1);
+			if (buf == NULL)
+				return;
+			memcpy(buf, custom, iwe->u.data.length);
+			buf[iwe->u.data.length] = '\0';
+			hostapd_wireless_event_wireless_custom(drv, buf);
+			free(buf);
+			break;
+		}
+
+		pos += iwe->len;
+	}
+}
+
+
+static void hostapd_wireless_event_rtm_newlink(struct hostap_driver_data *drv,
+					       struct nlmsghdr *h, int len)
+{
+	struct ifinfomsg *ifi;
+	int attrlen, nlmsg_len, rta_len;
+	struct rtattr * attr;
+
+	if (len < (int) sizeof(*ifi))
+		return;
+
+	ifi = NLMSG_DATA(h);
+
+	/* TODO: use ifi->ifi_index to filter out wireless events from other
+	 * interfaces */
+
+	nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
+
+	attrlen = h->nlmsg_len - nlmsg_len;
+	if (attrlen < 0)
+		return;
+
+	attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
+
+	rta_len = RTA_ALIGN(sizeof(struct rtattr));
+	while (RTA_OK(attr, attrlen)) {
+		if (attr->rta_type == IFLA_WIRELESS) {
+			hostapd_wireless_event_wireless(
+				drv, ((char *) attr) + rta_len,
+				attr->rta_len - rta_len);
+		}
+		attr = RTA_NEXT(attr, attrlen);
+	}
+}
+
+
+static void hostapd_wireless_event_receive(int sock, void *eloop_ctx,
+					   void *sock_ctx)
+{
+	char buf[256];
+	int left;
+	struct sockaddr_nl from;
+	socklen_t fromlen;
+	struct nlmsghdr *h;
+	struct hostap_driver_data *drv = eloop_ctx;
+
+	fromlen = sizeof(from);
+	left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
+			(struct sockaddr *) &from, &fromlen);
+	if (left < 0) {
+		if (errno != EINTR && errno != EAGAIN)
+			perror("recvfrom(netlink)");
+		return;
+	}
+
+	h = (struct nlmsghdr *) buf;
+	while (left >= (int) sizeof(*h)) {
+		int len, plen;
+
+		len = h->nlmsg_len;
+		plen = len - sizeof(*h);
+		if (len > left || plen < 0) {
+			printf("Malformed netlink message: "
+			       "len=%d left=%d plen=%d\n",
+			       len, left, plen);
+			break;
+		}
+
+		switch (h->nlmsg_type) {
+		case RTM_NEWLINK:
+			hostapd_wireless_event_rtm_newlink(drv, h, plen);
+			break;
+		}
+
+		len = NLMSG_ALIGN(len);
+		left -= len;
+		h = (struct nlmsghdr *) ((char *) h + len);
+	}
+
+	if (left > 0) {
+		printf("%d extra bytes in the end of netlink message\n", left);
+	}
+}
+
+
+static int hostap_get_we_version(struct hostap_driver_data *drv)
+{
+	struct iw_range *range;
+	struct iwreq iwr;
+	int minlen;
+	size_t buflen;
+
+	drv->we_version = 0;
+
+	/*
+	 * Use larger buffer than struct iw_range in order to allow the
+	 * structure to grow in the future.
+	 */
+	buflen = sizeof(struct iw_range) + 500;
+	range = os_zalloc(buflen);
+	if (range == NULL)
+		return -1;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
+	iwr.u.data.pointer = (caddr_t) range;
+	iwr.u.data.length = buflen;
+
+	minlen = ((char *) &range->enc_capa) - (char *) range +
+		sizeof(range->enc_capa);
+
+	if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
+		perror("ioctl[SIOCGIWRANGE]");
+		free(range);
+		return -1;
+	} else if (iwr.u.data.length >= minlen &&
+		   range->we_version_compiled >= 18) {
+		wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
+			   "WE(source)=%d enc_capa=0x%x",
+			   range->we_version_compiled,
+			   range->we_version_source,
+			   range->enc_capa);
+		drv->we_version = range->we_version_compiled;
+	}
+
+	free(range);
+	return 0;
+}
+
+
+static int hostap_wireless_event_init(void *priv)
+{
+	struct hostap_driver_data *drv = priv;
+	int s;
+	struct sockaddr_nl local;
+
+	hostap_get_we_version(drv);
+
+	drv->wext_sock = -1;
+
+	s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+	if (s < 0) {
+		perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
+		return -1;
+	}
+
+	memset(&local, 0, sizeof(local));
+	local.nl_family = AF_NETLINK;
+	local.nl_groups = RTMGRP_LINK;
+	if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
+		perror("bind(netlink)");
+		close(s);
+		return -1;
+	}
+
+	eloop_register_read_sock(s, hostapd_wireless_event_receive, drv,
+				 NULL);
+	drv->wext_sock = s;
+
+	return 0;
+}
+
+
+static void hostap_wireless_event_deinit(void *priv)
+{
+	struct hostap_driver_data *drv = priv;
+	if (drv->wext_sock < 0)
+		return;
+	eloop_unregister_read_sock(drv->wext_sock);
+	close(drv->wext_sock);
+}
+
+
+static void * hostap_init(struct hostapd_data *hapd)
+{
+	struct hostap_driver_data *drv;
+
+	drv = os_zalloc(sizeof(struct hostap_driver_data));
+	if (drv == NULL) {
+		printf("Could not allocate memory for hostapd driver data\n");
+		return NULL;
+	}
+
+	drv->hapd = hapd;
+	drv->ioctl_sock = drv->sock = -1;
+	memcpy(drv->iface, hapd->conf->iface, sizeof(drv->iface));
+
+	drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
+	if (drv->ioctl_sock < 0) {
+		perror("socket[PF_INET,SOCK_DGRAM]");
+		free(drv);
+		return NULL;
+	}
+
+	if (hostap_ioctl_prism2param(drv, PRISM2_PARAM_HOSTAPD, 1)) {
+		printf("Could not enable hostapd mode for interface %s\n",
+		       drv->iface);
+		close(drv->ioctl_sock);
+		free(drv);
+		return NULL;
+	}
+
+	if (hapd->conf->assoc_ap &&
+	    hostap_ioctl_prism2param(drv, PRISM2_PARAM_HOSTAPD_STA, 1)) {
+		printf("Could not enable hostapd STA mode for interface %s\n",
+		       drv->iface);
+		close(drv->ioctl_sock);
+		free(drv);
+		return NULL;
+	}
+
+	if (hostap_init_sockets(drv)) {
+		close(drv->ioctl_sock);
+		free(drv);
+		return NULL;
+	}
+
+	return drv;
+}
+
+
+static void hostap_driver_deinit(void *priv)
+{
+	struct hostap_driver_data *drv = priv;
+
+	(void) hostap_set_iface_flags(drv, 0);
+	(void) hostap_ioctl_prism2param(drv, PRISM2_PARAM_HOSTAPD, 0);
+	(void) hostap_ioctl_prism2param(drv, PRISM2_PARAM_HOSTAPD_STA, 0);
+
+	if (drv->ioctl_sock >= 0)
+		close(drv->ioctl_sock);
+
+	if (drv->sock >= 0)
+		close(drv->sock);
+
+	os_free(drv->generic_ie);
+
+	free(drv);
+}
+
+
+static int hostap_sta_deauth(void *priv, const u8 *addr, int reason)
+{
+	struct hostap_driver_data *drv = priv;
+	struct ieee80211_mgmt mgmt;
+
+	memset(&mgmt, 0, sizeof(mgmt));
+	mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+					  WLAN_FC_STYPE_DEAUTH);
+	memcpy(mgmt.da, addr, ETH_ALEN);
+	memcpy(mgmt.sa, drv->hapd->own_addr, ETH_ALEN);
+	memcpy(mgmt.bssid, drv->hapd->own_addr, ETH_ALEN);
+	mgmt.u.deauth.reason_code = host_to_le16(reason);
+	return hostap_send_mgmt_frame(drv, &mgmt, IEEE80211_HDRLEN +
+				      sizeof(mgmt.u.deauth), 0);
+}
+
+
+static int hostap_sta_disassoc(void *priv, const u8 *addr, int reason)
+{
+	struct hostap_driver_data *drv = priv;
+	struct ieee80211_mgmt mgmt;
+
+	memset(&mgmt, 0, sizeof(mgmt));
+	mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+					  WLAN_FC_STYPE_DISASSOC);
+	memcpy(mgmt.da, addr, ETH_ALEN);
+	memcpy(mgmt.sa, drv->hapd->own_addr, ETH_ALEN);
+	memcpy(mgmt.bssid, drv->hapd->own_addr, ETH_ALEN);
+	mgmt.u.disassoc.reason_code = host_to_le16(reason);
+	return  hostap_send_mgmt_frame(drv, &mgmt, IEEE80211_HDRLEN +
+				       sizeof(mgmt.u.disassoc), 0);
+}
+
+
+static struct hostapd_hw_modes * hostap_get_hw_feature_data(void *priv,
+							    u16 *num_modes,
+							    u16 *flags)
+{
+	struct hostapd_hw_modes *mode;
+	int i, clen, rlen;
+	const short chan2freq[14] = {
+		2412, 2417, 2422, 2427, 2432, 2437, 2442,
+		2447, 2452, 2457, 2462, 2467, 2472, 2484
+	};
+
+	mode = os_zalloc(sizeof(struct hostapd_hw_modes));
+	if (mode == NULL)
+		return NULL;
+
+	*num_modes = 1;
+	*flags = 0;
+
+	mode->mode = HOSTAPD_MODE_IEEE80211B;
+	mode->num_channels = 14;
+	mode->num_rates = 4;
+
+	clen = mode->num_channels * sizeof(struct hostapd_channel_data);
+	rlen = mode->num_rates * sizeof(struct hostapd_rate_data);
+
+	mode->channels = os_zalloc(clen);
+	mode->rates = os_zalloc(rlen);
+	if (mode->channels == NULL || mode->rates == NULL) {
+		hostapd_free_hw_features(mode, *num_modes);
+		return NULL;
+	}
+
+	for (i = 0; i < 14; i++) {
+		mode->channels[i].chan = i + 1;
+		mode->channels[i].freq = chan2freq[i];
+	}
+
+	mode->rates[0].rate = 10;
+	mode->rates[0].flags = HOSTAPD_RATE_CCK;
+	mode->rates[1].rate = 20;
+	mode->rates[1].flags = HOSTAPD_RATE_CCK;
+	mode->rates[2].rate = 55;
+	mode->rates[2].flags = HOSTAPD_RATE_CCK;
+	mode->rates[3].rate = 110;
+	mode->rates[3].flags = HOSTAPD_RATE_CCK;
+
+	return mode;
+}
+
+
+const struct wpa_driver_ops wpa_driver_hostap_ops = {
+	.name = "hostap",
+	.init = hostap_init,
+	.deinit = hostap_driver_deinit,
+	.wireless_event_init = hostap_wireless_event_init,
+	.wireless_event_deinit = hostap_wireless_event_deinit,
+	.set_ieee8021x = hostap_set_ieee8021x,
+	.set_privacy = hostap_set_privacy,
+	.set_encryption = hostap_set_encryption,
+	.get_seqnum = hostap_get_seqnum,
+	.flush = hostap_flush,
+	.set_generic_elem = hostap_set_generic_elem,
+	.read_sta_data = hostap_read_sta_data,
+	.send_eapol = hostap_send_eapol,
+	.sta_set_flags = hostap_sta_set_flags,
+	.sta_deauth = hostap_sta_deauth,
+	.sta_disassoc = hostap_sta_disassoc,
+	.sta_remove = hostap_sta_remove,
+	.set_ssid = hostap_set_ssid,
+	.send_mgmt_frame = hostap_send_mgmt_frame,
+	.set_assoc_ap = hostap_set_assoc_ap,
+	.sta_add = hostap_sta_add,
+	.get_inact_sec = hostap_get_inact_sec,
+	.sta_clear_stats = hostap_sta_clear_stats,
+	.get_hw_feature_data = hostap_get_hw_feature_data,
+};

hostapd/driver_madwifi.c

@@ -0,0 +1,1363 @@
+/*
+ * hostapd / Driver interaction with MADWIFI 802.11 driver
+ * Copyright (c) 2004, Sam Leffler <sam@errno.com>
+ * Copyright (c) 2004, Video54 Technologies
+ * Copyright (c) 2005-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <net/if.h>
+#include <sys/ioctl.h>
+
+#include <include/compat.h>
+#include <net80211/ieee80211.h>
+#ifdef WME_NUM_AC
+/* Assume this is built against BSD branch of madwifi driver. */
+#define MADWIFI_BSD
+#include <net80211/_ieee80211.h>
+#endif /* WME_NUM_AC */
+#include <net80211/ieee80211_crypto.h>
+#include <net80211/ieee80211_ioctl.h>
+
+/*
+ * Avoid conflicts with hostapd definitions by undefining couple of defines
+ * from madwifi header files.
+ */
+#undef RSN_VERSION
+#undef WPA_VERSION
+#undef WPA_OUI_TYPE
+
+
+#ifdef IEEE80211_IOCTL_SETWMMPARAMS
+/* Assume this is built against madwifi-ng */
+#define MADWIFI_NG
+#endif /* IEEE80211_IOCTL_SETWMMPARAMS */
+
+#include "wireless_copy.h"
+
+#include "hostapd.h"
+#include "driver.h"
+#include "ieee802_1x.h"
+#include "eloop.h"
+#include "priv_netlink.h"
+#include "sta_info.h"
+#include "l2_packet/l2_packet.h"
+
+#include "wpa.h"
+#include "radius/radius.h"
+#include "ieee802_11.h"
+#include "accounting.h"
+#include "common.h"
+
+
+struct madwifi_driver_data {
+	struct hostapd_data *hapd;		/* back pointer */
+
+	char	iface[IFNAMSIZ + 1];
+	int     ifindex;
+	struct l2_packet_data *sock_xmit;	/* raw packet xmit socket */
+	struct l2_packet_data *sock_recv;	/* raw packet recv socket */
+	int	ioctl_sock;			/* socket for ioctl() use */
+	int	wext_sock;			/* socket for wireless events */
+	int	we_version;
+	u8	acct_mac[ETH_ALEN];
+	struct hostap_sta_driver_data acct_data;
+
+	struct l2_packet_data *sock_raw; /* raw 802.11 management frames */
+};
+
+static int madwifi_sta_deauth(void *priv, const u8 *addr, int reason_code);
+
+static int
+set80211priv(struct madwifi_driver_data *drv, int op, void *data, int len)
+{
+	struct iwreq iwr;
+	int do_inline = len < IFNAMSIZ;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
+#ifdef IEEE80211_IOCTL_FILTERFRAME
+	/* FILTERFRAME must be NOT inline, regardless of size. */
+	if (op == IEEE80211_IOCTL_FILTERFRAME)
+		do_inline = 0;
+#endif /* IEEE80211_IOCTL_FILTERFRAME */
+	if (do_inline) {
+		/*
+		 * Argument data fits inline; put it there.
+		 */
+		memcpy(iwr.u.name, data, len);
+	} else {
+		/*
+		 * Argument data too big for inline transfer; setup a
+		 * parameter block instead; the kernel will transfer
+		 * the data for the driver.
+		 */
+		iwr.u.data.pointer = data;
+		iwr.u.data.length = len;
+	}
+
+	if (ioctl(drv->ioctl_sock, op, &iwr) < 0) {
+#ifdef MADWIFI_NG
+		int first = IEEE80211_IOCTL_SETPARAM;
+		static const char *opnames[] = {
+			"ioctl[IEEE80211_IOCTL_SETPARAM]",
+			"ioctl[IEEE80211_IOCTL_GETPARAM]",
+			"ioctl[IEEE80211_IOCTL_SETMODE]",
+			"ioctl[IEEE80211_IOCTL_GETMODE]",
+			"ioctl[IEEE80211_IOCTL_SETWMMPARAMS]",
+			"ioctl[IEEE80211_IOCTL_GETWMMPARAMS]",
+			"ioctl[IEEE80211_IOCTL_SETCHANLIST]",
+			"ioctl[IEEE80211_IOCTL_GETCHANLIST]",
+			"ioctl[IEEE80211_IOCTL_CHANSWITCH]",
+			"ioctl[IEEE80211_IOCTL_GET_APPIEBUF]",
+			"ioctl[IEEE80211_IOCTL_SET_APPIEBUF]",
+			"ioctl[IEEE80211_IOCTL_GETSCANRESULTS]",
+			"ioctl[IEEE80211_IOCTL_FILTERFRAME]",
+			"ioctl[IEEE80211_IOCTL_GETCHANINFO]",
+			"ioctl[IEEE80211_IOCTL_SETOPTIE]",
+			"ioctl[IEEE80211_IOCTL_GETOPTIE]",
+			"ioctl[IEEE80211_IOCTL_SETMLME]",
+			NULL,
+			"ioctl[IEEE80211_IOCTL_SETKEY]",
+			NULL,
+			"ioctl[IEEE80211_IOCTL_DELKEY]",
+			NULL,
+			"ioctl[IEEE80211_IOCTL_ADDMAC]",
+			NULL,
+			"ioctl[IEEE80211_IOCTL_DELMAC]",
+			NULL,
+			"ioctl[IEEE80211_IOCTL_WDSMAC]",
+			NULL,
+			"ioctl[IEEE80211_IOCTL_WDSDELMAC]",
+			NULL,
+			"ioctl[IEEE80211_IOCTL_KICKMAC]",
+		};
+#else /* MADWIFI_NG */
+		int first = IEEE80211_IOCTL_SETPARAM;
+		static const char *opnames[] = {
+			"ioctl[IEEE80211_IOCTL_SETPARAM]",
+			"ioctl[IEEE80211_IOCTL_GETPARAM]",
+			"ioctl[IEEE80211_IOCTL_SETKEY]",
+			"ioctl[SIOCIWFIRSTPRIV+3]",
+			"ioctl[IEEE80211_IOCTL_DELKEY]",
+			"ioctl[SIOCIWFIRSTPRIV+5]",
+			"ioctl[IEEE80211_IOCTL_SETMLME]",
+			"ioctl[SIOCIWFIRSTPRIV+7]",
+			"ioctl[IEEE80211_IOCTL_SETOPTIE]",
+			"ioctl[IEEE80211_IOCTL_GETOPTIE]",
+			"ioctl[IEEE80211_IOCTL_ADDMAC]",
+			"ioctl[SIOCIWFIRSTPRIV+11]",
+			"ioctl[IEEE80211_IOCTL_DELMAC]",
+			"ioctl[SIOCIWFIRSTPRIV+13]",
+			"ioctl[IEEE80211_IOCTL_CHANLIST]",
+			"ioctl[SIOCIWFIRSTPRIV+15]",
+			"ioctl[IEEE80211_IOCTL_GETRSN]",
+			"ioctl[SIOCIWFIRSTPRIV+17]",
+			"ioctl[IEEE80211_IOCTL_GETKEY]",
+		};
+#endif /* MADWIFI_NG */
+		int idx = op - first;
+		if (first <= op &&
+		    idx < (int) (sizeof(opnames) / sizeof(opnames[0])) &&
+		    opnames[idx])
+			perror(opnames[idx]);
+		else
+			perror("ioctl[unknown???]");
+		return -1;
+	}
+	return 0;
+}
+
+static int
+set80211param(struct madwifi_driver_data *drv, int op, int arg)
+{
+	struct iwreq iwr;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
+	iwr.u.mode = op;
+	memcpy(iwr.u.name+sizeof(__u32), &arg, sizeof(arg));
+
+	if (ioctl(drv->ioctl_sock, IEEE80211_IOCTL_SETPARAM, &iwr) < 0) {
+		perror("ioctl[IEEE80211_IOCTL_SETPARAM]");
+		wpa_printf(MSG_DEBUG, "%s: Failed to set parameter (op %d "
+			   "arg %d)", __func__, op, arg);
+		return -1;
+	}
+	return 0;
+}
+
+static const char *
+ether_sprintf(const u8 *addr)
+{
+	static char buf[sizeof(MACSTR)];
+
+	if (addr != NULL)
+		snprintf(buf, sizeof(buf), MACSTR, MAC2STR(addr));
+	else
+		snprintf(buf, sizeof(buf), MACSTR, 0,0,0,0,0,0);
+	return buf;
+}
+
+/*
+ * Configure WPA parameters.
+ */
+static int
+madwifi_configure_wpa(struct madwifi_driver_data *drv)
+{
+	struct hostapd_data *hapd = drv->hapd;
+	struct hostapd_bss_config *conf = hapd->conf;
+	int v;
+
+	switch (conf->wpa_group) {
+	case WPA_CIPHER_CCMP:
+		v = IEEE80211_CIPHER_AES_CCM;
+		break;
+	case WPA_CIPHER_TKIP:
+		v = IEEE80211_CIPHER_TKIP;
+		break;
+	case WPA_CIPHER_WEP104:
+		v = IEEE80211_CIPHER_WEP;
+		break;
+	case WPA_CIPHER_WEP40:
+		v = IEEE80211_CIPHER_WEP;
+		break;
+	case WPA_CIPHER_NONE:
+		v = IEEE80211_CIPHER_NONE;
+		break;
+	default:
+		wpa_printf(MSG_ERROR, "Unknown group key cipher %u",
+			   conf->wpa_group);
+		return -1;
+	}
+	wpa_printf(MSG_DEBUG, "%s: group key cipher=%d", __func__, v);
+	if (set80211param(drv, IEEE80211_PARAM_MCASTCIPHER, v)) {
+		printf("Unable to set group key cipher to %u\n", v);
+		return -1;
+	}
+	if (v == IEEE80211_CIPHER_WEP) {
+		/* key length is done only for specific ciphers */
+		v = (conf->wpa_group == WPA_CIPHER_WEP104 ? 13 : 5);
+		if (set80211param(drv, IEEE80211_PARAM_MCASTKEYLEN, v)) {
+			printf("Unable to set group key length to %u\n", v);
+			return -1;
+		}
+	}
+
+	v = 0;
+	if (conf->wpa_pairwise & WPA_CIPHER_CCMP)
+		v |= 1<<IEEE80211_CIPHER_AES_CCM;
+	if (conf->wpa_pairwise & WPA_CIPHER_TKIP)
+		v |= 1<<IEEE80211_CIPHER_TKIP;
+	if (conf->wpa_pairwise & WPA_CIPHER_NONE)
+		v |= 1<<IEEE80211_CIPHER_NONE;
+	wpa_printf(MSG_DEBUG, "%s: pairwise key ciphers=0x%x", __func__, v);
+	if (set80211param(drv, IEEE80211_PARAM_UCASTCIPHERS, v)) {
+		printf("Unable to set pairwise key ciphers to 0x%x\n", v);
+		return -1;
+	}
+
+	wpa_printf(MSG_DEBUG, "%s: key management algorithms=0x%x",
+		   __func__, conf->wpa_key_mgmt);
+	if (set80211param(drv, IEEE80211_PARAM_KEYMGTALGS, conf->wpa_key_mgmt)) {
+		printf("Unable to set key management algorithms to 0x%x\n",
+			conf->wpa_key_mgmt);
+		return -1;
+	}
+
+	v = 0;
+	if (conf->rsn_preauth)
+		v |= BIT(0);
+	wpa_printf(MSG_DEBUG, "%s: rsn capabilities=0x%x",
+		   __func__, conf->rsn_preauth);
+	if (set80211param(drv, IEEE80211_PARAM_RSNCAPS, v)) {
+		printf("Unable to set RSN capabilities to 0x%x\n", v);
+		return -1;
+	}
+
+	wpa_printf(MSG_DEBUG, "%s: enable WPA=0x%x", __func__, conf->wpa);
+	if (set80211param(drv, IEEE80211_PARAM_WPA, conf->wpa)) {
+		printf("Unable to set WPA to %u\n", conf->wpa);
+		return -1;
+	}
+	return 0;
+}
+
+
+static int
+madwifi_set_iface_flags(void *priv, int dev_up)
+{
+	struct madwifi_driver_data *drv = priv;
+	struct ifreq ifr;
+
+	wpa_printf(MSG_DEBUG, "%s: dev_up=%d", __func__, dev_up);
+
+	if (drv->ioctl_sock < 0)
+		return -1;
+
+	memset(&ifr, 0, sizeof(ifr));
+	os_strlcpy(ifr.ifr_name, drv->iface, IFNAMSIZ);
+
+	if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, &ifr) != 0) {
+		perror("ioctl[SIOCGIFFLAGS]");
+		return -1;
+	}
+
+	if (dev_up)
+		ifr.ifr_flags |= IFF_UP;
+	else
+		ifr.ifr_flags &= ~IFF_UP;
+
+	if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, &ifr) != 0) {
+		perror("ioctl[SIOCSIFFLAGS]");
+		return -1;
+	}
+
+	if (dev_up) {
+		memset(&ifr, 0, sizeof(ifr));
+		os_strlcpy(ifr.ifr_name, drv->iface, IFNAMSIZ);
+		ifr.ifr_mtu = HOSTAPD_MTU;
+		if (ioctl(drv->ioctl_sock, SIOCSIFMTU, &ifr) != 0) {
+			perror("ioctl[SIOCSIFMTU]");
+			printf("Setting MTU failed - trying to survive with "
+			       "current value\n");
+		}
+	}
+
+	return 0;
+}
+
+static int
+madwifi_set_ieee8021x(const char *ifname, void *priv, int enabled)
+{
+	struct madwifi_driver_data *drv = priv;
+	struct hostapd_data *hapd = drv->hapd;
+	struct hostapd_bss_config *conf = hapd->conf;
+
+	wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
+
+	if (!enabled) {
+		/* XXX restore state */
+		return set80211param(priv, IEEE80211_PARAM_AUTHMODE,
+			IEEE80211_AUTH_AUTO);
+	}
+	if (!conf->wpa && !conf->ieee802_1x) {
+		hostapd_logger(hapd, NULL, HOSTAPD_MODULE_DRIVER,
+			HOSTAPD_LEVEL_WARNING, "No 802.1X or WPA enabled!");
+		return -1;
+	}
+	if (conf->wpa && madwifi_configure_wpa(drv) != 0) {
+		hostapd_logger(hapd, NULL, HOSTAPD_MODULE_DRIVER,
+			HOSTAPD_LEVEL_WARNING, "Error configuring WPA state!");
+		return -1;
+	}
+	if (set80211param(priv, IEEE80211_PARAM_AUTHMODE,
+		(conf->wpa ?  IEEE80211_AUTH_WPA : IEEE80211_AUTH_8021X))) {
+		hostapd_logger(hapd, NULL, HOSTAPD_MODULE_DRIVER,
+			HOSTAPD_LEVEL_WARNING, "Error enabling WPA/802.1X!");
+		return -1;
+	}
+
+	return 0;
+}
+
+static int
+madwifi_set_privacy(const char *ifname, void *priv, int enabled)
+{
+	struct madwifi_driver_data *drv = priv;
+
+	wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
+
+	return set80211param(drv, IEEE80211_PARAM_PRIVACY, enabled);
+}
+
+static int
+madwifi_set_sta_authorized(void *priv, const u8 *addr, int authorized)
+{
+	struct madwifi_driver_data *drv = priv;
+	struct ieee80211req_mlme mlme;
+	int ret;
+
+	wpa_printf(MSG_DEBUG, "%s: addr=%s authorized=%d",
+		   __func__, ether_sprintf(addr), authorized);
+
+	if (authorized)
+		mlme.im_op = IEEE80211_MLME_AUTHORIZE;
+	else
+		mlme.im_op = IEEE80211_MLME_UNAUTHORIZE;
+	mlme.im_reason = 0;
+	memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
+	ret = set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme, sizeof(mlme));
+	if (ret < 0) {
+		wpa_printf(MSG_DEBUG, "%s: Failed to %sauthorize STA " MACSTR,
+			   __func__, authorized ? "" : "un", MAC2STR(addr));
+	}
+
+	return ret;
+}
+
+static int
+madwifi_sta_set_flags(void *priv, const u8 *addr, int total_flags,
+		      int flags_or, int flags_and)
+{
+	/* For now, only support setting Authorized flag */
+	if (flags_or & WLAN_STA_AUTHORIZED)
+		return madwifi_set_sta_authorized(priv, addr, 1);
+	if (!(flags_and & WLAN_STA_AUTHORIZED))
+		return madwifi_set_sta_authorized(priv, addr, 0);
+	return 0;
+}
+
+static int
+madwifi_del_key(void *priv, const u8 *addr, int key_idx)
+{
+	struct madwifi_driver_data *drv = priv;
+	struct ieee80211req_del_key wk;
+	int ret;
+
+	wpa_printf(MSG_DEBUG, "%s: addr=%s key_idx=%d",
+		   __func__, ether_sprintf(addr), key_idx);
+
+	memset(&wk, 0, sizeof(wk));
+	if (addr != NULL) {
+		memcpy(wk.idk_macaddr, addr, IEEE80211_ADDR_LEN);
+		wk.idk_keyix = (u8) IEEE80211_KEYIX_NONE;
+	} else {
+		wk.idk_keyix = key_idx;
+	}
+
+	ret = set80211priv(drv, IEEE80211_IOCTL_DELKEY, &wk, sizeof(wk));
+	if (ret < 0) {
+		wpa_printf(MSG_DEBUG, "%s: Failed to delete key (addr %s"
+			   " key_idx %d)", __func__, ether_sprintf(addr),
+			   key_idx);
+	}
+
+	return ret;
+}
+
+static int
+madwifi_set_key(const char *ifname, void *priv, const char *alg,
+		const u8 *addr, int key_idx,
+		const u8 *key, size_t key_len, int txkey)
+{
+	struct madwifi_driver_data *drv = priv;
+	struct ieee80211req_key wk;
+	u_int8_t cipher;
+	int ret;
+
+	if (strcmp(alg, "none") == 0)
+		return madwifi_del_key(drv, addr, key_idx);
+
+	wpa_printf(MSG_DEBUG, "%s: alg=%s addr=%s key_idx=%d",
+		   __func__, alg, ether_sprintf(addr), key_idx);
+
+	if (strcmp(alg, "WEP") == 0)
+		cipher = IEEE80211_CIPHER_WEP;
+	else if (strcmp(alg, "TKIP") == 0)
+		cipher = IEEE80211_CIPHER_TKIP;
+	else if (strcmp(alg, "CCMP") == 0)
+		cipher = IEEE80211_CIPHER_AES_CCM;
+	else {
+		printf("%s: unknown/unsupported algorithm %s\n",
+			__func__, alg);
+		return -1;
+	}
+
+	if (key_len > sizeof(wk.ik_keydata)) {
+		printf("%s: key length %lu too big\n", __func__,
+		       (unsigned long) key_len);
+		return -3;
+	}
+
+	memset(&wk, 0, sizeof(wk));
+	wk.ik_type = cipher;
+	wk.ik_flags = IEEE80211_KEY_RECV | IEEE80211_KEY_XMIT;
+	if (addr == NULL) {
+		memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN);
+		wk.ik_keyix = key_idx;
+		wk.ik_flags |= IEEE80211_KEY_DEFAULT;
+	} else {
+		memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN);
+		wk.ik_keyix = IEEE80211_KEYIX_NONE;
+	}
+	wk.ik_keylen = key_len;
+	memcpy(wk.ik_keydata, key, key_len);
+
+	ret = set80211priv(drv, IEEE80211_IOCTL_SETKEY, &wk, sizeof(wk));
+	if (ret < 0) {
+		wpa_printf(MSG_DEBUG, "%s: Failed to set key (addr %s"
+			   " key_idx %d alg '%s' key_len %lu txkey %d)",
+			   __func__, ether_sprintf(wk.ik_macaddr), key_idx,
+			   alg, (unsigned long) key_len, txkey);
+	}
+
+	return ret;
+}
+
+
+static int
+madwifi_get_seqnum(const char *ifname, void *priv, const u8 *addr, int idx,
+		   u8 *seq)
+{
+	struct madwifi_driver_data *drv = priv;
+	struct ieee80211req_key wk;
+
+	wpa_printf(MSG_DEBUG, "%s: addr=%s idx=%d",
+		   __func__, ether_sprintf(addr), idx);
+
+	memset(&wk, 0, sizeof(wk));
+	if (addr == NULL)
+		memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN);
+	else
+		memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN);
+	wk.ik_keyix = idx;
+
+	if (set80211priv(drv, IEEE80211_IOCTL_GETKEY, &wk, sizeof(wk))) {
+		wpa_printf(MSG_DEBUG, "%s: Failed to get encryption data "
+			   "(addr " MACSTR " key_idx %d)",
+			   __func__, MAC2STR(wk.ik_macaddr), idx);
+		return -1;
+	}
+
+#ifdef WORDS_BIGENDIAN
+	{
+		/*
+		 * wk.ik_keytsc is in host byte order (big endian), need to
+		 * swap it to match with the byte order used in WPA.
+		 */
+		int i;
+		u8 tmp[WPA_KEY_RSC_LEN];
+		memcpy(tmp, &wk.ik_keytsc, sizeof(wk.ik_keytsc));
+		for (i = 0; i < WPA_KEY_RSC_LEN; i++) {
+			seq[i] = tmp[WPA_KEY_RSC_LEN - i - 1];
+		}
+	}
+#else /* WORDS_BIGENDIAN */
+	memcpy(seq, &wk.ik_keytsc, sizeof(wk.ik_keytsc));
+#endif /* WORDS_BIGENDIAN */
+	return 0;
+}
+
+
+static int 
+madwifi_flush(void *priv)
+{
+#ifdef MADWIFI_BSD
+	u8 allsta[IEEE80211_ADDR_LEN];
+	memset(allsta, 0xff, IEEE80211_ADDR_LEN);
+	return madwifi_sta_deauth(priv, allsta, IEEE80211_REASON_AUTH_LEAVE);
+#else /* MADWIFI_BSD */
+	return 0;		/* XXX */
+#endif /* MADWIFI_BSD */
+}
+
+
+static int
+madwifi_read_sta_driver_data(void *priv, struct hostap_sta_driver_data *data,
+			     const u8 *addr)
+{
+	struct madwifi_driver_data *drv = priv;
+
+#ifdef MADWIFI_BSD
+	struct ieee80211req_sta_stats stats;
+
+	memset(data, 0, sizeof(*data));
+
+	/*
+	 * Fetch statistics for station from the system.
+	 */
+	memset(&stats, 0, sizeof(stats));
+	memcpy(stats.is_u.macaddr, addr, IEEE80211_ADDR_LEN);
+	if (set80211priv(drv,
+#ifdef MADWIFI_NG
+			 IEEE80211_IOCTL_STA_STATS,
+#else /* MADWIFI_NG */
+			 IEEE80211_IOCTL_GETSTASTATS,
+#endif /* MADWIFI_NG */
+			 &stats, sizeof(stats))) {
+		wpa_printf(MSG_DEBUG, "%s: Failed to fetch STA stats (addr "
+			   MACSTR ")", __func__, MAC2STR(addr));
+		if (memcmp(addr, drv->acct_mac, ETH_ALEN) == 0) {
+			memcpy(data, &drv->acct_data, sizeof(*data));
+			return 0;
+		}
+
+		printf("Failed to get station stats information element.\n");
+		return -1;
+	}
+
+	data->rx_packets = stats.is_stats.ns_rx_data;
+	data->rx_bytes = stats.is_stats.ns_rx_bytes;
+	data->tx_packets = stats.is_stats.ns_tx_data;
+	data->tx_bytes = stats.is_stats.ns_tx_bytes;
+	return 0;
+
+#else /* MADWIFI_BSD */
+
+	char buf[1024], line[128], *pos;
+	FILE *f;
+	unsigned long val;
+
+	memset(data, 0, sizeof(*data));
+	snprintf(buf, sizeof(buf), "/proc/net/madwifi/%s/" MACSTR,
+		 drv->iface, MAC2STR(addr));
+
+	f = fopen(buf, "r");
+	if (!f) {
+		if (memcmp(addr, drv->acct_mac, ETH_ALEN) != 0)
+			return -1;
+		memcpy(data, &drv->acct_data, sizeof(*data));
+		return 0;
+	}
+	/* Need to read proc file with in one piece, so use large enough
+	 * buffer. */
+	setbuffer(f, buf, sizeof(buf));
+
+	while (fgets(line, sizeof(line), f)) {
+		pos = strchr(line, '=');
+		if (!pos)
+			continue;
+		*pos++ = '\0';
+		val = strtoul(pos, NULL, 10);
+		if (strcmp(line, "rx_packets") == 0)
+			data->rx_packets = val;
+		else if (strcmp(line, "tx_packets") == 0)
+			data->tx_packets = val;
+		else if (strcmp(line, "rx_bytes") == 0)
+			data->rx_bytes = val;
+		else if (strcmp(line, "tx_bytes") == 0)
+			data->tx_bytes = val;
+	}
+
+	fclose(f);
+
+	return 0;
+#endif /* MADWIFI_BSD */
+}
+
+
+static int
+madwifi_sta_clear_stats(void *priv, const u8 *addr)
+{
+#if defined(MADWIFI_BSD) && defined(IEEE80211_MLME_CLEAR_STATS)
+	struct madwifi_driver_data *drv = priv;
+	struct ieee80211req_mlme mlme;
+	int ret;
+
+	wpa_printf(MSG_DEBUG, "%s: addr=%s", __func__, ether_sprintf(addr));
+
+	mlme.im_op = IEEE80211_MLME_CLEAR_STATS;
+	memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
+	ret = set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme,
+			   sizeof(mlme));
+	if (ret < 0) {
+		wpa_printf(MSG_DEBUG, "%s: Failed to clear STA stats (addr "
+			   MACSTR ")", __func__, MAC2STR(addr));
+	}
+
+	return ret;
+#else /* MADWIFI_BSD && IEEE80211_MLME_CLEAR_STATS */
+	return 0; /* FIX */
+#endif /* MADWIFI_BSD && IEEE80211_MLME_CLEAR_STATS */
+}
+
+
+static int
+madwifi_set_opt_ie(const char *ifname, void *priv, const u8 *ie, size_t ie_len)
+{
+	/*
+	 * Do nothing; we setup parameters at startup that define the
+	 * contents of the beacon information element.
+	 */
+	return 0;
+}
+
+static int
+madwifi_sta_deauth(void *priv, const u8 *addr, int reason_code)
+{
+	struct madwifi_driver_data *drv = priv;
+	struct ieee80211req_mlme mlme;
+	int ret;
+
+	wpa_printf(MSG_DEBUG, "%s: addr=%s reason_code=%d",
+		   __func__, ether_sprintf(addr), reason_code);
+
+	mlme.im_op = IEEE80211_MLME_DEAUTH;
+	mlme.im_reason = reason_code;
+	memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
+	ret = set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme, sizeof(mlme));
+	if (ret < 0) {
+		wpa_printf(MSG_DEBUG, "%s: Failed to deauth STA (addr " MACSTR
+			   " reason %d)",
+			   __func__, MAC2STR(addr), reason_code);
+	}
+
+	return ret;
+}
+
+static int
+madwifi_sta_disassoc(void *priv, const u8 *addr, int reason_code)
+{
+	struct madwifi_driver_data *drv = priv;
+	struct ieee80211req_mlme mlme;
+	int ret;
+
+	wpa_printf(MSG_DEBUG, "%s: addr=%s reason_code=%d",
+		   __func__, ether_sprintf(addr), reason_code);
+
+	mlme.im_op = IEEE80211_MLME_DISASSOC;
+	mlme.im_reason = reason_code;
+	memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
+	ret = set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme, sizeof(mlme));
+	if (ret < 0) {
+		wpa_printf(MSG_DEBUG, "%s: Failed to disassoc STA (addr "
+			   MACSTR " reason %d)",
+			   __func__, MAC2STR(addr), reason_code);
+	}
+
+	return ret;
+}
+
+static int
+madwifi_del_sta(struct madwifi_driver_data *drv, u8 addr[IEEE80211_ADDR_LEN])
+{
+	struct hostapd_data *hapd = drv->hapd;
+	struct sta_info *sta;
+
+	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
+		HOSTAPD_LEVEL_INFO, "disassociated");
+
+	sta = ap_get_sta(hapd, addr);
+	if (sta != NULL) {
+		sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
+		wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC);
+		sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
+		ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
+		ap_free_sta(hapd, sta);
+	}
+	return 0;
+}
+
+static int
+madwifi_process_wpa_ie(struct madwifi_driver_data *drv, struct sta_info *sta)
+{
+	struct hostapd_data *hapd = drv->hapd;
+	struct ieee80211req_wpaie ie;
+	int ielen, res;
+	u8 *iebuf;
+
+	/*
+	 * Fetch negotiated WPA/RSN parameters from the system.
+	 */
+	memset(&ie, 0, sizeof(ie));
+	memcpy(ie.wpa_macaddr, sta->addr, IEEE80211_ADDR_LEN);
+	if (set80211priv(drv, IEEE80211_IOCTL_GETWPAIE, &ie, sizeof(ie))) {
+		wpa_printf(MSG_ERROR, "%s: Failed to get WPA/RSN IE",
+			   __func__);
+		printf("Failed to get WPA/RSN information element.\n");
+		return -1;		/* XXX not right */
+	}
+	wpa_hexdump(MSG_MSGDUMP, "madwifi req WPA IE",
+		    ie.wpa_ie, IEEE80211_MAX_OPT_IE);
+	wpa_hexdump(MSG_MSGDUMP, "madwifi req RSN IE",
+		    ie.rsn_ie, IEEE80211_MAX_OPT_IE);
+	iebuf = ie.wpa_ie;
+	/* madwifi seems to return some random data if WPA/RSN IE is not set.
+	 * Assume the IE was not included if the IE type is unknown. */
+	if (iebuf[0] != WLAN_EID_VENDOR_SPECIFIC)
+		iebuf[1] = 0;
+#ifdef MADWIFI_NG
+	if (iebuf[1] == 0 && ie.rsn_ie[1] > 0) {
+		/* madwifi-ng svn #1453 added rsn_ie. Use it, if wpa_ie was not
+		 * set. This is needed for WPA2. */
+		iebuf = ie.rsn_ie;
+		if (iebuf[0] != WLAN_EID_RSN)
+			iebuf[1] = 0;
+	}
+#endif /* MADWIFI_NG */
+	ielen = iebuf[1];
+	if (ielen == 0) {
+		printf("No WPA/RSN information element for station!?\n");
+		return -1;		/* XXX not right */
+	}
+	ielen += 2;
+	if (sta->wpa_sm == NULL)
+		sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr);
+	if (sta->wpa_sm == NULL) {
+		printf("Failed to initialize WPA state machine\n");
+		return -1;
+	}
+	res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
+				  iebuf, ielen, NULL, 0);
+	if (res != WPA_IE_OK) {
+		printf("WPA/RSN information element rejected? (res %u)\n", res);
+		return -1;
+	}
+	return 0;
+}
+
+static int
+madwifi_new_sta(struct madwifi_driver_data *drv, u8 addr[IEEE80211_ADDR_LEN])
+{
+	struct hostapd_data *hapd = drv->hapd;
+	struct sta_info *sta;
+	int new_assoc;
+
+	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
+		HOSTAPD_LEVEL_INFO, "associated");
+
+	sta = ap_get_sta(hapd, addr);
+	if (sta) {
+		accounting_sta_stop(hapd, sta);
+	} else {
+		sta = ap_sta_add(hapd, addr);
+		if (sta == NULL)
+			return -1;
+	}
+
+	if (memcmp(addr, drv->acct_mac, ETH_ALEN) == 0) {
+		/* Cached accounting data is not valid anymore. */
+		memset(drv->acct_mac, 0, ETH_ALEN);
+		memset(&drv->acct_data, 0, sizeof(drv->acct_data));
+	}
+	accounting_sta_get_id(hapd, sta);
+
+	if (hapd->conf->wpa) {
+		if (madwifi_process_wpa_ie(drv, sta))
+			return -1;
+	}
+
+	/*
+	 * Now that the internal station state is setup
+	 * kick the authenticator into action.
+	 */
+	new_assoc = (sta->flags & WLAN_STA_ASSOC) == 0;
+	sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC;
+	wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC);
+	hostapd_new_assoc_sta(hapd, sta, !new_assoc);
+	ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
+	return 0;
+}
+
+static void
+madwifi_wireless_event_wireless_custom(struct madwifi_driver_data *drv,
+				       char *custom)
+{
+	wpa_printf(MSG_DEBUG, "Custom wireless event: '%s'", custom);
+
+	if (strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
+		char *pos;
+		u8 addr[ETH_ALEN];
+		pos = strstr(custom, "addr=");
+		if (pos == NULL) {
+			wpa_printf(MSG_DEBUG,
+				   "MLME-MICHAELMICFAILURE.indication "
+				   "without sender address ignored");
+			return;
+		}
+		pos += 5;
+		if (hwaddr_aton(pos, addr) == 0) {
+			ieee80211_michael_mic_failure(drv->hapd, addr, 1);
+		} else {
+			wpa_printf(MSG_DEBUG,
+				   "MLME-MICHAELMICFAILURE.indication "
+				   "with invalid MAC address");
+		}
+	} else if (strncmp(custom, "STA-TRAFFIC-STAT", 16) == 0) {
+		char *key, *value;
+		u32 val;
+		key = custom;
+		while ((key = strchr(key, '\n')) != NULL) {
+			key++;
+			value = strchr(key, '=');
+			if (value == NULL)
+				continue;
+			*value++ = '\0';
+			val = strtoul(value, NULL, 10);
+			if (strcmp(key, "mac") == 0)
+				hwaddr_aton(value, drv->acct_mac);
+			else if (strcmp(key, "rx_packets") == 0)
+				drv->acct_data.rx_packets = val;
+			else if (strcmp(key, "tx_packets") == 0)
+				drv->acct_data.tx_packets = val;
+			else if (strcmp(key, "rx_bytes") == 0)
+				drv->acct_data.rx_bytes = val;
+			else if (strcmp(key, "tx_bytes") == 0)
+				drv->acct_data.tx_bytes = val;
+			key = value;
+		}
+	}
+}
+
+static void
+madwifi_wireless_event_wireless(struct madwifi_driver_data *drv,
+					    char *data, int len)
+{
+	struct iw_event iwe_buf, *iwe = &iwe_buf;
+	char *pos, *end, *custom, *buf;
+
+	pos = data;
+	end = data + len;
+
+	while (pos + IW_EV_LCP_LEN <= end) {
+		/* Event data may be unaligned, so make a local, aligned copy
+		 * before processing. */
+		memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
+		wpa_printf(MSG_MSGDUMP, "Wireless event: cmd=0x%x len=%d",
+			   iwe->cmd, iwe->len);
+		if (iwe->len <= IW_EV_LCP_LEN)
+			return;
+
+		custom = pos + IW_EV_POINT_LEN;
+		if (drv->we_version > 18 &&
+		    (iwe->cmd == IWEVMICHAELMICFAILURE ||
+		     iwe->cmd == IWEVCUSTOM)) {
+			/* WE-19 removed the pointer from struct iw_point */
+			char *dpos = (char *) &iwe_buf.u.data.length;
+			int dlen = dpos - (char *) &iwe_buf;
+			memcpy(dpos, pos + IW_EV_LCP_LEN,
+			       sizeof(struct iw_event) - dlen);
+		} else {
+			memcpy(&iwe_buf, pos, sizeof(struct iw_event));
+			custom += IW_EV_POINT_OFF;
+		}
+
+		switch (iwe->cmd) {
+		case IWEVEXPIRED:
+			madwifi_del_sta(drv, (u8 *) iwe->u.addr.sa_data);
+			break;
+		case IWEVREGISTERED:
+			madwifi_new_sta(drv, (u8 *) iwe->u.addr.sa_data);
+			break;
+		case IWEVCUSTOM:
+			if (custom + iwe->u.data.length > end)
+				return;
+			buf = malloc(iwe->u.data.length + 1);
+			if (buf == NULL)
+				return;		/* XXX */
+			memcpy(buf, custom, iwe->u.data.length);
+			buf[iwe->u.data.length] = '\0';
+			madwifi_wireless_event_wireless_custom(drv, buf);
+			free(buf);
+			break;
+		}
+
+		pos += iwe->len;
+	}
+}
+
+
+static void
+madwifi_wireless_event_rtm_newlink(struct madwifi_driver_data *drv,
+					       struct nlmsghdr *h, int len)
+{
+	struct ifinfomsg *ifi;
+	int attrlen, nlmsg_len, rta_len;
+	struct rtattr * attr;
+
+	if (len < (int) sizeof(*ifi))
+		return;
+
+	ifi = NLMSG_DATA(h);
+
+	if (ifi->ifi_index != drv->ifindex)
+		return;
+
+	nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
+
+	attrlen = h->nlmsg_len - nlmsg_len;
+	if (attrlen < 0)
+		return;
+
+	attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
+
+	rta_len = RTA_ALIGN(sizeof(struct rtattr));
+	while (RTA_OK(attr, attrlen)) {
+		if (attr->rta_type == IFLA_WIRELESS) {
+			madwifi_wireless_event_wireless(
+				drv, ((char *) attr) + rta_len,
+				attr->rta_len - rta_len);
+		}
+		attr = RTA_NEXT(attr, attrlen);
+	}
+}
+
+
+static void
+madwifi_wireless_event_receive(int sock, void *eloop_ctx, void *sock_ctx)
+{
+	char buf[256];
+	int left;
+	struct sockaddr_nl from;
+	socklen_t fromlen;
+	struct nlmsghdr *h;
+	struct madwifi_driver_data *drv = eloop_ctx;
+
+	fromlen = sizeof(from);
+	left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
+			(struct sockaddr *) &from, &fromlen);
+	if (left < 0) {
+		if (errno != EINTR && errno != EAGAIN)
+			perror("recvfrom(netlink)");
+		return;
+	}
+
+	h = (struct nlmsghdr *) buf;
+	while (left >= (int) sizeof(*h)) {
+		int len, plen;
+
+		len = h->nlmsg_len;
+		plen = len - sizeof(*h);
+		if (len > left || plen < 0) {
+			printf("Malformed netlink message: "
+			       "len=%d left=%d plen=%d\n",
+			       len, left, plen);
+			break;
+		}
+
+		switch (h->nlmsg_type) {
+		case RTM_NEWLINK:
+			madwifi_wireless_event_rtm_newlink(drv, h, plen);
+			break;
+		}
+
+		len = NLMSG_ALIGN(len);
+		left -= len;
+		h = (struct nlmsghdr *) ((char *) h + len);
+	}
+
+	if (left > 0) {
+		printf("%d extra bytes in the end of netlink message\n", left);
+	}
+}
+
+
+static int
+madwifi_get_we_version(struct madwifi_driver_data *drv)
+{
+	struct iw_range *range;
+	struct iwreq iwr;
+	int minlen;
+	size_t buflen;
+
+	drv->we_version = 0;
+
+	/*
+	 * Use larger buffer than struct iw_range in order to allow the
+	 * structure to grow in the future.
+	 */
+	buflen = sizeof(struct iw_range) + 500;
+	range = os_zalloc(buflen);
+	if (range == NULL)
+		return -1;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
+	iwr.u.data.pointer = (caddr_t) range;
+	iwr.u.data.length = buflen;
+
+	minlen = ((char *) &range->enc_capa) - (char *) range +
+		sizeof(range->enc_capa);
+
+	if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
+		perror("ioctl[SIOCGIWRANGE]");
+		free(range);
+		return -1;
+	} else if (iwr.u.data.length >= minlen &&
+		   range->we_version_compiled >= 18) {
+		wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
+			   "WE(source)=%d enc_capa=0x%x",
+			   range->we_version_compiled,
+			   range->we_version_source,
+			   range->enc_capa);
+		drv->we_version = range->we_version_compiled;
+	}
+
+	free(range);
+	return 0;
+}
+
+
+static int
+madwifi_wireless_event_init(void *priv)
+{
+	struct madwifi_driver_data *drv = priv;
+	int s;
+	struct sockaddr_nl local;
+
+	madwifi_get_we_version(drv);
+
+	drv->wext_sock = -1;
+
+	s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+	if (s < 0) {
+		perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
+		return -1;
+	}
+
+	memset(&local, 0, sizeof(local));
+	local.nl_family = AF_NETLINK;
+	local.nl_groups = RTMGRP_LINK;
+	if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
+		perror("bind(netlink)");
+		close(s);
+		return -1;
+	}
+
+	eloop_register_read_sock(s, madwifi_wireless_event_receive, drv, NULL);
+	drv->wext_sock = s;
+
+	return 0;
+}
+
+
+static void
+madwifi_wireless_event_deinit(void *priv)
+{
+	struct madwifi_driver_data *drv = priv;
+
+	if (drv != NULL) {
+		if (drv->wext_sock < 0)
+			return;
+		eloop_unregister_read_sock(drv->wext_sock);
+		close(drv->wext_sock);
+	}
+}
+
+
+static int
+madwifi_send_eapol(void *priv, const u8 *addr, const u8 *data, size_t data_len,
+		   int encrypt, const u8 *own_addr)
+{
+	struct madwifi_driver_data *drv = priv;
+	unsigned char buf[3000];
+	unsigned char *bp = buf;
+	struct l2_ethhdr *eth;
+	size_t len;
+	int status;
+
+	/*
+	 * Prepend the Ethernet header.  If the caller left us
+	 * space at the front we could just insert it but since
+	 * we don't know we copy to a local buffer.  Given the frequency
+	 * and size of frames this probably doesn't matter.
+	 */
+	len = data_len + sizeof(struct l2_ethhdr);
+	if (len > sizeof(buf)) {
+		bp = malloc(len);
+		if (bp == NULL) {
+			printf("EAPOL frame discarded, cannot malloc temp "
+			       "buffer of size %lu!\n", (unsigned long) len);
+			return -1;
+		}
+	}
+	eth = (struct l2_ethhdr *) bp;
+	memcpy(eth->h_dest, addr, ETH_ALEN);
+	memcpy(eth->h_source, own_addr, ETH_ALEN);
+	eth->h_proto = htons(ETH_P_EAPOL);
+	memcpy(eth+1, data, data_len);
+
+	wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", bp, len);
+
+	status = l2_packet_send(drv->sock_xmit, addr, ETH_P_EAPOL, bp, len);
+
+	if (bp != buf)
+		free(bp);
+	return status;
+}
+
+static void
+handle_read(void *ctx, const u8 *src_addr, const u8 *buf, size_t len)
+{
+	struct madwifi_driver_data *drv = ctx;
+	struct hostapd_data *hapd = drv->hapd;
+	struct sta_info *sta;
+
+	sta = ap_get_sta(hapd, src_addr);
+	if (!sta || !(sta->flags & WLAN_STA_ASSOC)) {
+		printf("Data frame from not associated STA %s\n",
+		       ether_sprintf(src_addr));
+		/* XXX cannot happen */
+		return;
+	}
+	ieee802_1x_receive(hapd, src_addr, buf + sizeof(struct l2_ethhdr),
+			   len - sizeof(struct l2_ethhdr));
+}
+
+static void *
+madwifi_init(struct hostapd_data *hapd)
+{
+	struct madwifi_driver_data *drv;
+	struct ifreq ifr;
+	struct iwreq iwr;
+
+	drv = os_zalloc(sizeof(struct madwifi_driver_data));
+	if (drv == NULL) {
+		printf("Could not allocate memory for madwifi driver data\n");
+		goto bad;
+	}
+
+	drv->hapd = hapd;
+	drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
+	if (drv->ioctl_sock < 0) {
+		perror("socket[PF_INET,SOCK_DGRAM]");
+		goto bad;
+	}
+	memcpy(drv->iface, hapd->conf->iface, sizeof(drv->iface));
+
+	memset(&ifr, 0, sizeof(ifr));
+	os_strlcpy(ifr.ifr_name, drv->iface, sizeof(ifr.ifr_name));
+	if (ioctl(drv->ioctl_sock, SIOCGIFINDEX, &ifr) != 0) {
+		perror("ioctl(SIOCGIFINDEX)");
+		goto bad;
+	}
+	drv->ifindex = ifr.ifr_ifindex;
+
+	drv->sock_xmit = l2_packet_init(drv->iface, NULL, ETH_P_EAPOL,
+					handle_read, drv, 1);
+	if (drv->sock_xmit == NULL)
+		goto bad;
+	if (l2_packet_get_own_addr(drv->sock_xmit, hapd->own_addr))
+		goto bad;
+	if (hapd->conf->bridge[0] != '\0') {
+		wpa_printf(MSG_DEBUG, "Configure bridge %s for EAPOL traffic.",
+			   hapd->conf->bridge);
+		drv->sock_recv = l2_packet_init(hapd->conf->bridge, NULL,
+						ETH_P_EAPOL, handle_read, drv,
+						1);
+		if (drv->sock_recv == NULL)
+			goto bad;
+	} else
+		drv->sock_recv = drv->sock_xmit;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
+
+	iwr.u.mode = IW_MODE_MASTER;
+
+	if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0) {
+		perror("ioctl[SIOCSIWMODE]");
+		printf("Could not set interface to master mode!\n");
+		goto bad;
+	}
+
+	madwifi_set_iface_flags(drv, 0);	/* mark down during setup */
+	madwifi_set_privacy(drv->iface, drv, 0); /* default to no privacy */
+
+	return drv;
+bad:
+	if (drv->sock_xmit != NULL)
+		l2_packet_deinit(drv->sock_xmit);
+	if (drv->ioctl_sock >= 0)
+		close(drv->ioctl_sock);
+	if (drv != NULL)
+		free(drv);
+	return NULL;
+}
+
+
+static void
+madwifi_deinit(void *priv)
+{
+	struct madwifi_driver_data *drv = priv;
+
+	(void) madwifi_set_iface_flags(drv, 0);
+	if (drv->ioctl_sock >= 0)
+		close(drv->ioctl_sock);
+	if (drv->sock_recv != NULL && drv->sock_recv != drv->sock_xmit)
+		l2_packet_deinit(drv->sock_recv);
+	if (drv->sock_xmit != NULL)
+		l2_packet_deinit(drv->sock_xmit);
+	if (drv->sock_raw)
+		l2_packet_deinit(drv->sock_raw);
+	free(drv);
+}
+
+static int
+madwifi_set_ssid(const char *ifname, void *priv, const u8 *buf, int len)
+{
+	struct madwifi_driver_data *drv = priv;
+	struct iwreq iwr;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
+	iwr.u.essid.flags = 1; /* SSID active */
+	iwr.u.essid.pointer = (caddr_t) buf;
+	iwr.u.essid.length = len + 1;
+
+	if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
+		perror("ioctl[SIOCSIWESSID]");
+		printf("len=%d\n", len);
+		return -1;
+	}
+	return 0;
+}
+
+static int
+madwifi_get_ssid(const char *ifname, void *priv, u8 *buf, int len)
+{
+	struct madwifi_driver_data *drv = priv;
+	struct iwreq iwr;
+	int ret = 0;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
+	iwr.u.essid.pointer = (caddr_t) buf;
+	iwr.u.essid.length = len;
+
+	if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) {
+		perror("ioctl[SIOCGIWESSID]");
+		ret = -1;
+	} else
+		ret = iwr.u.essid.length;
+
+	return ret;
+}
+
+static int
+madwifi_set_countermeasures(void *priv, int enabled)
+{
+	struct madwifi_driver_data *drv = priv;
+	wpa_printf(MSG_DEBUG, "%s: enabled=%d", __FUNCTION__, enabled);
+	return set80211param(drv, IEEE80211_PARAM_COUNTERMEASURES, enabled);
+}
+
+static int
+madwifi_commit(void *priv)
+{
+	return madwifi_set_iface_flags(priv, 1);
+}
+
+const struct wpa_driver_ops wpa_driver_madwifi_ops = {
+	.name			= "madwifi",
+	.init			= madwifi_init,
+	.deinit			= madwifi_deinit,
+	.set_ieee8021x		= madwifi_set_ieee8021x,
+	.set_privacy		= madwifi_set_privacy,
+	.set_encryption		= madwifi_set_key,
+	.get_seqnum		= madwifi_get_seqnum,
+	.flush			= madwifi_flush,
+	.set_generic_elem	= madwifi_set_opt_ie,
+	.wireless_event_init	= madwifi_wireless_event_init,
+	.wireless_event_deinit	= madwifi_wireless_event_deinit,
+	.sta_set_flags		= madwifi_sta_set_flags,
+	.read_sta_data		= madwifi_read_sta_driver_data,
+	.send_eapol		= madwifi_send_eapol,
+	.sta_disassoc		= madwifi_sta_disassoc,
+	.sta_deauth		= madwifi_sta_deauth,
+	.set_ssid		= madwifi_set_ssid,
+	.get_ssid		= madwifi_get_ssid,
+	.set_countermeasures	= madwifi_set_countermeasures,
+	.sta_clear_stats        = madwifi_sta_clear_stats,
+	.commit			= madwifi_commit,
+};

hostapd/driver_nl80211.c

@@ -0,0 +1,2382 @@
+/*
+ * hostapd / Kernel driver communication via nl80211
+ * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2003-2004, Instant802 Networks, Inc.
+ * Copyright (c) 2005-2006, Devicescape Software, Inc.
+ * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include <sys/ioctl.h>
+#include <netlink/genl/genl.h>
+#include <netlink/genl/family.h>
+#include <netlink/genl/ctrl.h>
+#include <netlink/msg.h>
+#include <netlink/attr.h>
+#include <linux/nl80211.h>
+#include <net/if.h>
+#include <linux/if_packet.h>
+#include <linux/if_ether.h>   /* The L2 protocols */
+#include <linux/wireless.h>
+#include <net/if_arp.h>
+
+#include "hostapd.h"
+#include "driver.h"
+#include "ieee802_1x.h"
+#include "eloop.h"
+#include "ieee802_11.h"
+#include "sta_info.h"
+#include "hw_features.h"
+#include "mlme.h"
+#include "radiotap.h"
+#include "radiotap_iter.h"
+
+enum ieee80211_msg_type {
+	ieee80211_msg_normal = 0,
+	ieee80211_msg_tx_callback_ack = 1,
+	ieee80211_msg_tx_callback_fail = 2,
+};
+
+struct i802_driver_data {
+	struct hostapd_data *hapd;
+
+	char iface[IFNAMSIZ + 1];
+	int ioctl_sock; /* socket for ioctl() use */
+	int wext_sock; /* socket for wireless events */
+	int eapol_sock; /* socket for EAPOL frames */
+	int monitor_sock; /* socket for monitor */
+	int monitor_ifidx;
+
+	int default_if_indices[16];
+	int *if_indices;
+	int num_if_indices;
+
+	int we_version;
+	struct nl_handle *nl_handle;
+	struct nl_cache *nl_cache;
+	struct genl_family *nl80211;
+	int dtim_period;
+	unsigned int beacon_set:1;
+	unsigned int ieee802_1x_active:1;
+};
+
+
+static void add_ifidx(struct i802_driver_data *drv, int ifidx)
+{
+	int i;
+	int *old;
+
+	for (i = 0; i < drv->num_if_indices; i++) {
+		if (drv->if_indices[i] == 0) {
+			drv->if_indices[i] = ifidx;
+			return;
+		}
+	}
+
+	if (drv->if_indices != drv->default_if_indices)
+		old = drv->if_indices;
+	else
+		old = NULL;
+
+	drv->if_indices = realloc(old,
+				  sizeof(int) * (drv->num_if_indices + 1));
+	if (!drv->if_indices) {
+		if (!old)
+			drv->if_indices = drv->default_if_indices;
+		else
+			drv->if_indices = old;
+		wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
+			   "interfaces");
+		wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
+		return;
+	}
+	drv->if_indices[drv->num_if_indices] = ifidx;
+	drv->num_if_indices++;
+}
+
+
+static void del_ifidx(struct i802_driver_data *drv, int ifidx)
+{
+	int i;
+
+	for (i = 0; i < drv->num_if_indices; i++) {
+		if (drv->if_indices[i] == ifidx) {
+			drv->if_indices[i] = 0;
+			break;
+		}
+	}
+}
+
+
+static int have_ifidx(struct i802_driver_data *drv, int ifidx)
+{
+	int i;
+
+	for (i = 0; i < drv->num_if_indices; i++)
+		if (drv->if_indices[i] == ifidx)
+			return 1;
+
+	return 0;
+}
+
+
+/* helper for netlink get routines */
+static int ack_wait_handler(struct nl_msg *msg, void *arg)
+{
+	int *finished = arg;
+
+	*finished = 1;
+	return NL_STOP;
+}
+
+
+static int hostapd_set_iface_flags(struct i802_driver_data *drv,
+				   const char *ifname, int dev_up)
+{
+	struct ifreq ifr;
+
+	if (drv->ioctl_sock < 0)
+		return -1;
+
+	memset(&ifr, 0, sizeof(ifr));
+	os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
+
+	if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, &ifr) != 0) {
+		perror("ioctl[SIOCGIFFLAGS]");
+		wpa_printf(MSG_DEBUG, "Could not read interface flags (%s)",
+			   drv->iface);
+		return -1;
+	}
+
+	if (dev_up)
+		ifr.ifr_flags |= IFF_UP;
+	else
+		ifr.ifr_flags &= ~IFF_UP;
+
+	if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, &ifr) != 0) {
+		perror("ioctl[SIOCSIFFLAGS]");
+		return -1;
+	}
+
+	return 0;
+}
+
+
+static int i802_set_encryption(const char *iface, void *priv, const char *alg,
+			       const u8 *addr, int idx, const u8 *key,
+			       size_t key_len, int txkey)
+{
+	struct i802_driver_data *drv = priv;
+	struct nl_msg *msg;
+	int ret = -1;
+	int err = 0;
+
+	msg = nlmsg_alloc();
+	if (!msg)
+		goto out;
+
+	if (strcmp(alg, "none") == 0) {
+		genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
+			    0, NL80211_CMD_DEL_KEY, 0);
+	} else {
+		genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
+			    0, NL80211_CMD_NEW_KEY, 0);
+		NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
+		if (strcmp(alg, "WEP") == 0) {
+			if (key_len == 5)
+				NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
+					    0x000FAC01);
+			else
+				NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
+					    0x000FAC05);
+		} else if (strcmp(alg, "TKIP") == 0)
+			NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC02);
+		else if (strcmp(alg, "CCMP") == 0)
+			NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC04);
+		else
+			goto out;
+	}
+
+	if (addr)
+		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
+	NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
+	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
+
+	if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
+	    (err = nl_wait_for_ack(drv->nl_handle)) < 0) {
+		if (err != -ENOENT) {
+			err = 0;
+			goto out;
+		}
+	}
+
+	/*
+	 * If we need to set the default TX key we do that below,
+	 * otherwise we're done here.
+	 */
+	if (!txkey || addr) {
+		ret = 0;
+		goto out;
+	}
+
+	nlmsg_free(msg);
+
+	msg = nlmsg_alloc();
+	if (!msg)
+		goto out;
+
+	genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
+		    0, NL80211_CMD_SET_KEY, 0);
+	NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
+	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
+	NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
+
+	if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
+	    (err = nl_wait_for_ack(drv->nl_handle)) < 0) {
+		if (err != -ENOENT) {
+			err = 0;
+			goto out;
+		}
+	}
+
+	ret = 0;
+
+ out:
+ nla_put_failure:
+	nlmsg_free(msg);
+	return ret;
+}
+
+
+static inline int min_int(int a, int b)
+{
+	if (a < b)
+		return a;
+	return b;
+}
+
+
+static int get_key_handler(struct nl_msg *msg, void *arg)
+{
+	struct nlattr *tb[NL80211_ATTR_MAX];
+	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
+
+	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
+		  genlmsg_attrlen(gnlh, 0), NULL);
+
+	/*
+	 * TODO: validate the key index and mac address!
+	 * Otherwise, there's a race condition as soon as
+	 * the kernel starts sending key notifications.
+	 */
+
+	if (tb[NL80211_ATTR_KEY_SEQ])
+		memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
+		       min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
+	return NL_SKIP;
+}
+
+
+static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
+			   int idx, u8 *seq)
+{
+	struct i802_driver_data *drv = priv;
+	struct nl_msg *msg;
+	struct nl_cb *cb = NULL;
+	int ret = -1;
+	int err = 0;
+	int finished = 0;
+
+	msg = nlmsg_alloc();
+	if (!msg)
+		goto out;
+
+	genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
+		    0, NL80211_CMD_GET_KEY, 0);
+
+	if (addr)
+		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
+	NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
+	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
+
+	cb = nl_cb_alloc(NL_CB_CUSTOM);
+	if (!cb)
+		goto out;
+
+	memset(seq, 0, 6);
+
+	if (nl_send_auto_complete(drv->nl_handle, msg) < 0)
+		goto out;
+
+	nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, get_key_handler, seq);
+	nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_wait_handler, &finished);
+
+	err = nl_recvmsgs(drv->nl_handle, cb);
+
+	if (!finished)
+		err = nl_wait_for_ack(drv->nl_handle);
+
+	if (err < 0)
+		goto out;
+
+	ret = 0;
+
+ out:
+	nl_cb_put(cb);
+ nla_put_failure:
+	nlmsg_free(msg);
+	return ret;
+}
+
+
+static int i802_set_rate_sets(void *priv, int *supp_rates, int *basic_rates,
+			      int mode)
+{
+	return -1;
+}
+
+
+static int i802_set_ssid(const char *ifname, void *priv, const u8 *buf,
+			 int len)
+{
+	struct i802_driver_data *drv = priv;
+	struct iwreq iwr;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, ifname, IFNAMSIZ);
+	iwr.u.essid.flags = 1; /* SSID active */
+	iwr.u.essid.pointer = (caddr_t) buf;
+	iwr.u.essid.length = len;
+
+	if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
+		perror("ioctl[SIOCSIWESSID]");
+		printf("len=%d\n", len);
+		return -1;
+	}
+
+	return 0;
+}
+
+
+static int i802_send_mgmt_frame(void *priv, const void *data, size_t len,
+				int flags)
+{
+	struct ieee80211_hdr *hdr = (void*) data;
+	__u8 rtap_hdr[] = {
+		0x00, 0x00, /* radiotap version */
+		0x0e, 0x00, /* radiotap length */
+		0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
+		0x0c,       /* F_WEP | F_FRAG (encrypt/fragment if required) */
+		0x00,       /* padding */
+		0x00, 0x00, /* RX and TX flags to indicate that */
+		0x00, 0x00, /* this is the injected frame directly */
+	};
+	struct i802_driver_data *drv = priv;
+	struct iovec iov[2] = {
+		{
+			.iov_base = &rtap_hdr,
+			.iov_len = sizeof(rtap_hdr),
+		},
+		{
+			.iov_base = (void*)data,
+			.iov_len = len,
+		}
+	};
+	struct msghdr msg = {
+		.msg_name = NULL,
+		.msg_namelen = 0,
+		.msg_iov = iov,
+		.msg_iovlen = 2,
+		.msg_control = NULL,
+		.msg_controllen = 0,
+		.msg_flags = 0,
+	};
+
+	/*
+	 * ugh, guess what, the generic code sets one of the version
+	 * bits to request tx callback
+	 */
+	hdr->frame_control &= ~host_to_le16(BIT(1));
+	return sendmsg(drv->monitor_sock, &msg, flags);
+}
+
+
+/* Set kernel driver on given frequency (MHz) */
+static int i802_set_freq(void *priv, int mode, int freq)
+{
+	struct i802_driver_data *drv = priv;
+	struct iwreq iwr;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
+	iwr.u.freq.m = freq;
+	iwr.u.freq.e = 6;
+
+	if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) {
+		perror("ioctl[SIOCSIWFREQ]");
+		return -1;
+	}
+
+	return 0;
+}
+
+
+static int i802_set_rts(void *priv, int rts)
+{
+	struct i802_driver_data *drv = priv;
+	struct iwreq iwr;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
+	iwr.u.rts.value = rts;
+	iwr.u.rts.fixed = 1;
+
+	if (ioctl(drv->ioctl_sock, SIOCSIWRTS, &iwr) < 0) {
+		perror("ioctl[SIOCSIWRTS]");
+		return -1;
+	}
+
+	return 0;
+}
+
+
+static int i802_get_rts(void *priv, int *rts)
+{
+	struct i802_driver_data *drv = priv;
+	struct iwreq iwr;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
+
+	if (ioctl(drv->ioctl_sock, SIOCGIWRTS, &iwr) < 0) {
+		perror("ioctl[SIOCGIWRTS]");
+		return -1;
+	}
+
+	*rts = iwr.u.rts.value;
+
+	return 0;
+}
+
+
+static int i802_set_frag(void *priv, int frag)
+{
+	struct i802_driver_data *drv = priv;
+	struct iwreq iwr;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
+	iwr.u.frag.value = frag;
+	iwr.u.frag.fixed = 1;
+
+	if (ioctl(drv->ioctl_sock, SIOCSIWFRAG, &iwr) < 0) {
+		perror("ioctl[SIOCSIWFRAG]");
+		return -1;
+	}
+
+	return 0;
+}
+
+
+static int i802_get_frag(void *priv, int *frag)
+{
+	struct i802_driver_data *drv = priv;
+	struct iwreq iwr;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
+
+	if (ioctl(drv->ioctl_sock, SIOCGIWFRAG, &iwr) < 0) {
+		perror("ioctl[SIOCGIWFRAG]");
+		return -1;
+	}
+
+	*frag = iwr.u.frag.value;
+
+	return 0;
+}
+
+
+static int i802_set_retry(void *priv, int short_retry, int long_retry)
+{
+	struct i802_driver_data *drv = priv;
+	struct iwreq iwr;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
+
+	iwr.u.retry.value = short_retry;
+	iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MIN;
+	if (ioctl(drv->ioctl_sock, SIOCSIWFRAG, &iwr) < 0) {
+		perror("ioctl[SIOCSIWRETRY(short)]");
+		return -1;
+	}
+
+	iwr.u.retry.value = long_retry;
+	iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MAX;
+	if (ioctl(drv->ioctl_sock, SIOCSIWFRAG, &iwr) < 0) {
+		perror("ioctl[SIOCSIWRETRY(long)]");
+		return -1;
+	}
+
+	return 0;
+}
+
+
+static int i802_get_retry(void *priv, int *short_retry, int *long_retry)
+{
+	struct i802_driver_data *drv = priv;
+	struct iwreq iwr;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
+
+	iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MIN;
+	if (ioctl(drv->ioctl_sock, SIOCGIWRETRY, &iwr) < 0) {
+		perror("ioctl[SIOCGIWFRAG(short)]");
+		return -1;
+	}
+	*short_retry = iwr.u.retry.value;
+
+	iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MAX;
+	if (ioctl(drv->ioctl_sock, SIOCGIWRETRY, &iwr) < 0) {
+		perror("ioctl[SIOCGIWFRAG(long)]");
+		return -1;
+	}
+	*long_retry = iwr.u.retry.value;
+
+	return 0;
+}
+
+
+static int i802_flush(void *priv)
+{
+	struct i802_driver_data *drv = priv;
+	struct nl_msg *msg;
+	int ret = -1;
+
+	msg = nlmsg_alloc();
+	if (!msg)
+		goto out;
+
+	genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
+		    0, NL80211_CMD_NEW_STATION, 0);
+
+	/*
+	 * XXX: FIX! this needs to flush all VLANs too
+	 */
+	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
+		    if_nametoindex(drv->iface));
+
+	ret = 0;
+
+	if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
+	    nl_wait_for_ack(drv->nl_handle) < 0) {
+		ret = -1;
+	}
+
+ nla_put_failure:
+	nlmsg_free(msg);
+
+ out:
+	return ret;
+}
+
+
+static int get_sta_handler(struct nl_msg *msg, void *arg)
+{
+	struct nlattr *tb[NL80211_ATTR_MAX + 1];
+	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
+	struct hostap_sta_driver_data *data = arg;
+	struct nlattr *stats[NL80211_STA_STAT_MAX + 1];
+	static struct nla_policy stats_policy[NL80211_STA_STAT_MAX + 1] = {
+		[NL80211_STA_STAT_INACTIVE_TIME] = { .type = NLA_U32 },
+		[NL80211_STA_STAT_RX_BYTES] = { .type = NLA_U32 },
+		[NL80211_STA_STAT_TX_BYTES] = { .type = NLA_U32 },
+	};
+
+	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
+		  genlmsg_attrlen(gnlh, 0), NULL);
+
+	/*
+	 * TODO: validate the interface and mac address!
+	 * Otherwise, there's a race condition as soon as
+	 * the kernel starts sending station notifications.
+	 */
+
+	if (!tb[NL80211_ATTR_STA_STATS]) {
+		wpa_printf(MSG_DEBUG, "sta stats missing!");
+		return NL_SKIP;
+	}
+	if (nla_parse_nested(stats, NL80211_STA_STAT_MAX,
+			     tb[NL80211_ATTR_STA_STATS],
+			     stats_policy)) {
+		wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
+		return NL_SKIP;
+	}
+
+	if (stats[NL80211_STA_STAT_INACTIVE_TIME])
+		data->inactive_msec =
+			nla_get_u32(stats[NL80211_STA_STAT_INACTIVE_TIME]);
+	if (stats[NL80211_STA_STAT_RX_BYTES])
+		data->rx_bytes = nla_get_u32(stats[NL80211_STA_STAT_RX_BYTES]);
+	if (stats[NL80211_STA_STAT_TX_BYTES])
+		data->rx_bytes = nla_get_u32(stats[NL80211_STA_STAT_TX_BYTES]);
+
+	return NL_SKIP;
+}
+
+static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data,
+			      const u8 *addr)
+{
+	struct i802_driver_data *drv = priv;
+	struct nl_msg *msg;
+	struct nl_cb *cb = NULL;
+	int ret = -1;
+	int err = 0;
+	int finished = 0;
+
+	msg = nlmsg_alloc();
+	if (!msg)
+		goto out;
+
+	genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
+		    0, NL80211_CMD_GET_STATION, 0);
+
+	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
+	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
+
+	cb = nl_cb_alloc(NL_CB_CUSTOM);
+	if (!cb)
+		goto out;
+
+	if (nl_send_auto_complete(drv->nl_handle, msg) < 0)
+		goto out;
+
+	nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, get_sta_handler, data);
+	nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_wait_handler, &finished);
+
+	err = nl_recvmsgs(drv->nl_handle, cb);
+
+	if (!finished)
+		err = nl_wait_for_ack(drv->nl_handle);
+
+	if (err < 0)
+		goto out;
+
+	ret = 0;
+
+ out:
+	nl_cb_put(cb);
+ nla_put_failure:
+	nlmsg_free(msg);
+	return ret;
+
+}
+
+
+static int i802_send_eapol(void *priv, const u8 *addr, const u8 *data,
+			   size_t data_len, int encrypt, const u8 *own_addr)
+{
+	struct i802_driver_data *drv = priv;
+	struct ieee80211_hdr *hdr;
+	size_t len;
+	u8 *pos;
+	int res;
+#if 0 /* FIX */
+	int qos = sta->flags & WLAN_STA_WME;
+#else
+	int qos = 0;
+#endif
+
+	len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
+		data_len;
+	hdr = os_zalloc(len);
+	if (hdr == NULL) {
+		printf("malloc() failed for i802_send_data(len=%lu)\n",
+		       (unsigned long) len);
+		return -1;
+	}
+
+	hdr->frame_control =
+		IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
+	hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
+	if (encrypt)
+		hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
+#if 0 /* To be enabled if qos determination is added above */
+	if (qos) {
+		hdr->frame_control |=
+			host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
+	}
+#endif
+
+	memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
+	memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
+	memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
+	pos = (u8 *) (hdr + 1);
+
+#if 0 /* To be enabled if qos determination is added above */
+	if (qos) {
+		/* add an empty QoS header if needed */
+		pos[0] = 0;
+		pos[1] = 0;
+		pos += 2;
+	}
+#endif
+
+	memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
+	pos += sizeof(rfc1042_header);
+	WPA_PUT_BE16(pos, ETH_P_PAE);
+	pos += 2;
+	memcpy(pos, data, data_len);
+
+	res = i802_send_mgmt_frame(drv, (u8 *) hdr, len, 0);
+	free(hdr);
+
+	if (res < 0) {
+		perror("i802_send_eapol: send");
+		printf("i802_send_eapol - packet len: %lu - failed\n",
+		       (unsigned long) len);
+	}
+
+	return res;
+}
+
+
+static int i802_sta_add(const char *ifname, void *priv, const u8 *addr,
+			u16 aid, u16 capability, u8 *supp_rates,
+			size_t supp_rates_len, int flags)
+{
+	struct i802_driver_data *drv = priv;
+	struct nl_msg *msg;
+	int ret = -1;
+
+	msg = nlmsg_alloc();
+	if (!msg)
+		goto out;
+
+	genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
+		    0, NL80211_CMD_NEW_STATION, 0);
+
+	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
+		    if_nametoindex(drv->iface));
+	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
+	NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, aid);
+	NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, supp_rates_len,
+		supp_rates);
+	NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, 0);
+
+	ret = nl_send_auto_complete(drv->nl_handle, msg);
+	if (ret < 0)
+		goto nla_put_failure;
+
+	ret = nl_wait_for_ack(drv->nl_handle);
+	/* ignore EEXIST, this happens if a STA associates while associated */
+	if (ret == -EEXIST || ret >= 0)
+		ret = 0;
+
+ nla_put_failure:
+	nlmsg_free(msg);
+
+ out:
+	return ret;
+}
+
+
+static int i802_sta_remove(void *priv, const u8 *addr)
+{
+	struct i802_driver_data *drv = priv;
+	struct nl_msg *msg;
+	int ret = -1;
+
+	msg = nlmsg_alloc();
+	if (!msg)
+		goto out;
+
+	genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
+		    0, NL80211_CMD_DEL_STATION, 0);
+
+	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
+		    if_nametoindex(drv->iface));
+	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
+
+	ret = 0;
+
+	if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
+	    nl_wait_for_ack(drv->nl_handle) < 0) {
+		ret = -1;
+	}
+
+ nla_put_failure:
+	nlmsg_free(msg);
+
+ out:
+	return ret;
+}
+
+
+static int i802_sta_set_flags(void *priv, const u8 *addr,
+			      int total_flags, int flags_or, int flags_and)
+{
+	struct i802_driver_data *drv = priv;
+	struct nl_msg *msg, *flags = NULL;
+	int ret = -1;
+
+	msg = nlmsg_alloc();
+	if (!msg)
+		goto out;
+
+	flags = nlmsg_alloc();
+	if (!flags)
+		goto free_msg;
+
+	genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
+		    0, NL80211_CMD_SET_STATION, 0);
+
+	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
+		    if_nametoindex(drv->iface));
+	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
+
+	if (total_flags & WLAN_STA_AUTHORIZED || !drv->ieee802_1x_active)
+		NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED);
+
+	if (total_flags & WLAN_STA_WME)
+		NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME);
+
+	if (total_flags & WLAN_STA_SHORT_PREAMBLE)
+		NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE);
+
+	if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags))
+		goto nla_put_failure;
+
+	ret = 0;
+
+	if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
+	    nl_wait_for_ack(drv->nl_handle) < 0) {
+		ret = -1;
+	}
+
+ nla_put_failure:
+	nlmsg_free(flags);
+
+ free_msg:
+	nlmsg_free(msg);
+
+ out:
+	return ret;
+}
+
+
+static int i802_set_channel_flag(void *priv, int mode, int chan, int flag,
+				 unsigned char power_level,
+				 unsigned char antenna_max)
+{
+	return -1;
+}
+
+
+static int i802_set_regulatory_domain(void *priv, unsigned int rd)
+{
+	return -1;
+}
+
+
+static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
+				    int cw_min, int cw_max, int burst_time)
+{
+	return -1;
+}
+
+
+static void nl80211_remove_iface(struct i802_driver_data *drv, int ifidx)
+{
+	struct nl_msg *msg;
+
+	/* stop listening for EAPOL on this interface */
+	del_ifidx(drv, ifidx);
+
+	msg = nlmsg_alloc();
+	if (!msg)
+		goto nla_put_failure;
+
+	genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
+		    0, NL80211_CMD_DEL_INTERFACE, 0);
+	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
+	if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
+	    nl_wait_for_ack(drv->nl_handle) < 0)
+	nla_put_failure:
+		printf("Failed to remove interface.\n");
+	nlmsg_free(msg);
+}
+
+
+static int nl80211_create_iface(struct i802_driver_data *drv,
+				const char *ifname,
+				enum nl80211_iftype iftype,
+				const u8 *addr)
+{
+	struct nl_msg *msg, *flags = NULL;
+	int ifidx;
+	struct ifreq ifreq;
+	struct iwreq iwr;
+
+	msg = nlmsg_alloc();
+	if (!msg)
+		return -1;
+
+	genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
+		    0, NL80211_CMD_NEW_INTERFACE, 0);
+	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
+		    if_nametoindex(drv->hapd->conf->iface));
+	NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
+	NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
+
+	if (iftype == NL80211_IFTYPE_MONITOR) {
+		int err;
+
+		flags = nlmsg_alloc();
+		if (!flags)
+			goto nla_put_failure;
+
+		NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES);
+
+		err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags);
+
+		nlmsg_free(flags);
+
+		if (err)
+			goto nla_put_failure;
+	}
+
+	if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
+	    nl_wait_for_ack(drv->nl_handle) < 0) {
+ nla_put_failure:
+		printf("Failed to create interface %s.\n", ifname);
+		nlmsg_free(msg);
+		return -1;
+	}
+
+	nlmsg_free(msg);
+
+	ifidx = if_nametoindex(ifname);
+
+	if (ifidx <= 0)
+		return -1;
+
+	/* start listening for EAPOL on this interface */
+	add_ifidx(drv, ifidx);
+
+	if (addr) {
+		switch (iftype) {
+		case NL80211_IFTYPE_AP:
+			os_strlcpy(ifreq.ifr_name, ifname, IFNAMSIZ);
+			memcpy(ifreq.ifr_hwaddr.sa_data, addr, ETH_ALEN);
+			ifreq.ifr_hwaddr.sa_family = ARPHRD_ETHER;
+
+			if (ioctl(drv->ioctl_sock, SIOCSIFHWADDR, &ifreq)) {
+				nl80211_remove_iface(drv, ifidx);
+				return -1;
+			}
+			break;
+		case NL80211_IFTYPE_WDS:
+			memset(&iwr, 0, sizeof(iwr));
+			os_strlcpy(iwr.ifr_name, ifname, IFNAMSIZ);
+			iwr.u.addr.sa_family = ARPHRD_ETHER;
+			memcpy(iwr.u.addr.sa_data, addr, ETH_ALEN);
+			if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr))
+				return -1;
+			break;
+		default:
+			/* nothing */
+			break;
+		}
+	}
+
+	return ifidx;
+}
+
+
+static int i802_bss_add(void *priv, const char *ifname, const u8 *bssid)
+{
+	int ifidx;
+
+	/*
+	 * The kernel supports that when the low-level driver does,
+	 * but we currently don't because we need per-BSS data that
+	 * currently we can't handle easily.
+	 */
+	return -1;
+
+	ifidx = nl80211_create_iface(priv, ifname, NL80211_IFTYPE_AP, bssid);
+	if (ifidx < 0)
+		return -1;
+	if (hostapd_set_iface_flags(priv, ifname, 1)) {
+		nl80211_remove_iface(priv, ifidx);
+		return -1;
+	}
+	return 0;
+}
+
+
+static int i802_bss_remove(void *priv, const char *ifname)
+{
+	nl80211_remove_iface(priv, if_nametoindex(ifname));
+	return 0;
+}
+
+
+static int i802_set_beacon(const char *iface, void *priv,
+			   u8 *head, size_t head_len,
+			   u8 *tail, size_t tail_len)
+{
+	struct i802_driver_data *drv = priv;
+	struct nl_msg *msg;
+	u8 cmd = NL80211_CMD_NEW_BEACON;
+	int ret = -1;
+
+	msg = nlmsg_alloc();
+	if (!msg)
+		goto out;
+
+	if (drv->beacon_set)
+		cmd = NL80211_CMD_SET_BEACON;
+
+	genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
+		    0, cmd, 0);
+	NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head);
+	NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail);
+	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
+	NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, 1000);
+
+	if (!drv->dtim_period)
+		drv->dtim_period = 2;
+	NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, drv->dtim_period);
+
+	if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
+	    nl_wait_for_ack(drv->nl_handle) < 0)
+		goto out;
+
+	ret = 0;
+
+	drv->beacon_set = 1;
+
+ out:
+ nla_put_failure:
+	nlmsg_free(msg);
+	return ret;
+}
+
+
+static int i802_del_beacon(struct i802_driver_data *drv)
+{
+	struct nl_msg *msg;
+	int ret = -1;
+
+	msg = nlmsg_alloc();
+	if (!msg)
+		goto out;
+
+	genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
+		    0, NL80211_CMD_DEL_BEACON, 0);
+	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
+
+	if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
+	    nl_wait_for_ack(drv->nl_handle) < 0)
+		goto out;
+
+	ret = 0;
+
+ out:
+ nla_put_failure:
+	nlmsg_free(msg);
+	return ret;
+}
+
+
+static int i802_set_ieee8021x(const char *ifname, void *priv, int enabled)
+{
+	struct i802_driver_data *drv = priv;
+
+	/*
+	 * FIXME: This needs to be per interface (BSS)
+	 */
+	drv->ieee802_1x_active = enabled;
+	return 0;
+}
+
+
+static int i802_set_privacy(const char *ifname, void *priv, int enabled)
+{
+	struct i802_driver_data *drv = priv;
+	struct iwreq iwr;
+
+	memset(&iwr, 0, sizeof(iwr));
+
+	os_strlcpy(iwr.ifr_name, ifname, IFNAMSIZ);
+	iwr.u.param.flags = IW_AUTH_PRIVACY_INVOKED;
+	iwr.u.param.value = enabled;
+
+	ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr);
+
+	/* ignore errors, the kernel/driver might not care */
+	return 0;
+}
+
+
+static int i802_set_internal_bridge(void *priv, int value)
+{
+	return -1;
+}
+
+
+static int i802_set_beacon_int(void *priv, int value)
+{
+	struct i802_driver_data *drv = priv;
+	struct nl_msg *msg;
+	int ret = -1;
+
+	msg = nlmsg_alloc();
+	if (!msg)
+		goto out;
+
+	genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
+		    0, NL80211_CMD_SET_BEACON, 0);
+	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
+
+	NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, value);
+
+	if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
+	    nl_wait_for_ack(drv->nl_handle) < 0)
+		goto out;
+
+	ret = 0;
+
+ out:
+ nla_put_failure:
+	nlmsg_free(msg);
+	return ret;
+}
+
+
+static int i802_set_dtim_period(const char *iface, void *priv, int value)
+{
+	struct i802_driver_data *drv = priv;
+	struct nl_msg *msg;
+	int ret = -1;
+
+	msg = nlmsg_alloc();
+	if (!msg)
+		goto out;
+
+	genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
+		    0, NL80211_CMD_SET_BEACON, 0);
+	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
+
+	drv->dtim_period = value;
+	NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, drv->dtim_period);
+
+	if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
+	    nl_wait_for_ack(drv->nl_handle) < 0)
+		goto out;
+
+	ret = 0;
+
+ out:
+ nla_put_failure:
+	nlmsg_free(msg);
+	return ret;
+}
+
+
+static int i802_set_cts_protect(void *priv, int value)
+{
+	return -1;
+}
+
+
+static int i802_set_preamble(void *priv, int value)
+{
+	return -1;
+}
+
+
+static int i802_set_short_slot_time(void *priv, int value)
+{
+	return -1;
+}
+
+
+static enum nl80211_iftype i802_if_type(enum hostapd_driver_if_type type)
+{
+	switch (type) {
+	case HOSTAPD_IF_VLAN:
+		return NL80211_IFTYPE_AP_VLAN;
+	case HOSTAPD_IF_WDS:
+		return NL80211_IFTYPE_WDS;
+	}
+	return -1;
+}
+
+
+static int i802_if_add(const char *iface, void *priv,
+		       enum hostapd_driver_if_type type, char *ifname,
+		       const u8 *addr)
+{
+	if (nl80211_create_iface(priv, ifname, i802_if_type(type), addr) < 0)
+		return -1;
+	return 0;
+}
+
+
+static int i802_if_update(void *priv, enum hostapd_driver_if_type type,
+			  char *ifname, const u8 *addr)
+{
+	/* unused at the moment */
+	return -1;
+}
+
+
+static int i802_if_remove(void *priv, enum hostapd_driver_if_type type,
+			  const char *ifname, const u8 *addr)
+{
+	nl80211_remove_iface(priv, if_nametoindex(ifname));
+	return 0;
+}
+
+
+struct phy_info_arg {
+	u16 *num_modes;
+	struct hostapd_hw_modes *modes;
+	int error;
+};
+
+static int phy_info_handler(struct nl_msg *msg, void *arg)
+{
+	struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
+	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
+	struct phy_info_arg *phy_info = arg;
+
+	struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
+
+	struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
+	static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
+		[NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
+		[NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
+		[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG },
+		[NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG },
+		[NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
+	};
+
+	struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
+	static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
+		[NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
+		[NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG },
+	};
+
+	struct nlattr *nl_band;
+	struct nlattr *nl_freq;
+	struct nlattr *nl_rate;
+	int rem_band, rem_freq, rem_rate;
+	struct hostapd_hw_modes *mode;
+	int idx, mode_is_set;
+
+	nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
+		  genlmsg_attrlen(gnlh, 0), NULL);
+
+	if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
+		return NL_SKIP;
+
+	nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) {
+		mode = realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode));
+		if (!mode)
+			return NL_SKIP;
+		phy_info->modes = mode;
+
+		mode_is_set = 0;
+
+		mode = &phy_info->modes[*(phy_info->num_modes)];
+		memset(mode, 0, sizeof(*mode));
+		*(phy_info->num_modes) += 1;
+
+		nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
+			  nla_len(nl_band), NULL);
+
+		nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
+			nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
+				  nla_len(nl_freq), freq_policy);
+			if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
+				continue;
+			mode->num_channels++;
+		}
+
+		mode->channels = calloc(mode->num_channels, sizeof(struct hostapd_channel_data));
+		if (!mode->channels)
+			return NL_SKIP;
+
+		idx = 0;
+
+		nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
+			nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
+				  nla_len(nl_freq), freq_policy);
+			if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
+				continue;
+
+			mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
+			mode->channels[idx].flag |= HOSTAPD_CHAN_W_SCAN |
+						    HOSTAPD_CHAN_W_ACTIVE_SCAN |
+						    HOSTAPD_CHAN_W_IBSS;
+
+			if (!mode_is_set) {
+				/* crude heuristic */
+				if (mode->channels[idx].freq < 4000)
+					mode->mode = HOSTAPD_MODE_IEEE80211B;
+				else
+					mode->mode = HOSTAPD_MODE_IEEE80211A;
+				mode_is_set = 1;
+			}
+
+			/* crude heuristic */
+			if (mode->channels[idx].freq < 4000)
+				if (mode->channels[idx].freq == 2848)
+					mode->channels[idx].chan = 14;
+				else
+					mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5;
+			else
+				mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000;
+
+			if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
+				mode->channels[idx].flag &= ~HOSTAPD_CHAN_W_SCAN;
+			if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN])
+				mode->channels[idx].flag &= ~HOSTAPD_CHAN_W_ACTIVE_SCAN;
+			if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS])
+				mode->channels[idx].flag &= ~HOSTAPD_CHAN_W_IBSS;
+			idx++;
+		}
+
+		nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
+			nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
+				  nla_len(nl_rate), rate_policy);
+			if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
+				continue;
+			mode->num_rates++;
+		}
+
+		mode->rates = calloc(mode->num_rates, sizeof(struct hostapd_rate_data));
+		if (!mode->rates)
+			return NL_SKIP;
+
+		idx = 0;
+
+		nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
+			nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
+				  nla_len(nl_rate), rate_policy);
+			if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
+				continue;
+			mode->rates[idx].rate = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]);
+
+			/* crude heuristic */
+			if (mode->mode == HOSTAPD_MODE_IEEE80211B &&
+			    mode->rates[idx].rate > 200)
+				mode->mode = HOSTAPD_MODE_IEEE80211G;
+
+			if (tb_rate[NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE])
+				mode->rates[idx].flags |= HOSTAPD_RATE_PREAMBLE2;
+
+			idx++;
+		}
+	}
+
+	phy_info->error = 0;
+
+	return NL_SKIP;
+}
+
+static struct hostapd_hw_modes *i802_get_hw_feature_data(void *priv,
+							 u16 *num_modes,
+							 u16 *flags)
+{
+	struct i802_driver_data *drv = priv;
+	struct nl_msg *msg;
+	int err = -1;
+	struct nl_cb *cb = NULL;
+	int finished;
+	struct phy_info_arg result = {
+		.num_modes = num_modes,
+		.modes = NULL,
+		.error = 1,
+	};
+
+	*num_modes = 0;
+	*flags = 0;
+
+	msg = nlmsg_alloc();
+	if (!msg)
+		return NULL;
+
+	genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
+		    0, NL80211_CMD_GET_WIPHY, 0);
+
+	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
+
+	cb = nl_cb_alloc(NL_CB_CUSTOM);
+	if (!cb)
+		goto out;
+
+	if (nl_send_auto_complete(drv->nl_handle, msg) < 0)
+		goto out;
+
+	nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, phy_info_handler, &result);
+	nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_wait_handler, &finished);
+
+	err = nl_recvmsgs(drv->nl_handle, cb);
+
+	if (!finished)
+		err = nl_wait_for_ack(drv->nl_handle);
+
+	if (err < 0 || result.error) {
+		hostapd_free_hw_features(result.modes, *num_modes);
+		result.modes = NULL;
+	}
+
+ out:
+	nl_cb_put(cb);
+ nla_put_failure:
+	if (err)
+		fprintf(stderr, "failed to get information: %d\n", err);
+	nlmsg_free(msg);
+	return result.modes;
+}
+
+
+static int i802_set_sta_vlan(void *priv, const u8 *addr,
+			     const char *ifname, int vlan_id)
+{
+	struct i802_driver_data *drv = priv;
+	struct nl_msg *msg;
+	int ret = -1;
+
+	msg = nlmsg_alloc();
+	if (!msg)
+		goto out;
+
+	genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
+		    0, NL80211_CMD_SET_STATION, 0);
+
+	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
+		    if_nametoindex(drv->iface));
+	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
+	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
+		    if_nametoindex(ifname));
+
+	ret = 0;
+
+	if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
+	    (errno = nl_wait_for_ack(drv->nl_handle) < 0)) {
+		ret = -1;
+	}
+
+ nla_put_failure:
+	nlmsg_free(msg);
+
+ out:
+	return ret;
+}
+
+
+static void handle_unknown_sta(struct hostapd_data *hapd, u8 *ta)
+{
+	struct sta_info *sta;
+
+	sta = ap_get_sta(hapd, ta);
+	if (!sta || !(sta->flags & WLAN_STA_ASSOC)) {
+		printf("Data/PS-poll frame from not associated STA "
+		       MACSTR "\n", MAC2STR(ta));
+		if (sta && (sta->flags & WLAN_STA_AUTH))
+			hostapd_sta_disassoc(
+				hapd, ta,
+				WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
+		else
+			hostapd_sta_deauth(
+				hapd, ta,
+				WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
+	}
+}
+
+
+static void handle_tx_callback(struct hostapd_data *hapd, u8 *buf, size_t len,
+			       int ok)
+{
+	struct ieee80211_hdr *hdr;
+	u16 fc, type, stype;
+	struct sta_info *sta;
+
+	hdr = (struct ieee80211_hdr *) buf;
+	fc = le_to_host16(hdr->frame_control);
+
+	type = WLAN_FC_GET_TYPE(fc);
+	stype = WLAN_FC_GET_STYPE(fc);
+
+	switch (type) {
+	case WLAN_FC_TYPE_MGMT:
+		wpa_printf(MSG_DEBUG, "MGMT (TX callback) %s",
+			   ok ? "ACK" : "fail");
+		ieee802_11_mgmt_cb(hapd, buf, len, stype, ok);
+		break;
+	case WLAN_FC_TYPE_CTRL:
+		wpa_printf(MSG_DEBUG, "CTRL (TX callback) %s",
+			   ok ? "ACK" : "fail");
+		break;
+	case WLAN_FC_TYPE_DATA:
+		wpa_printf(MSG_DEBUG, "DATA (TX callback) %s",
+			   ok ? "ACK" : "fail");
+		sta = ap_get_sta(hapd, hdr->addr1);
+		if (sta && sta->flags & WLAN_STA_PENDING_POLL) {
+			wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending "
+				   "activity poll", MAC2STR(sta->addr),
+				   ok ? "ACKed" : "did not ACK");
+			if (ok)
+				sta->flags &= ~WLAN_STA_PENDING_POLL;
+		}
+		if (sta)
+			ieee802_1x_tx_status(hapd, sta, buf, len, ok);
+		break;
+	default:
+		printf("unknown TX callback frame type %d\n", type);
+		break;
+	}
+}
+
+
+static void handle_frame(struct hostapd_iface *iface, u8 *buf, size_t len,
+			 struct hostapd_frame_info *hfi,
+			 enum ieee80211_msg_type msg_type)
+{
+	struct ieee80211_hdr *hdr;
+	u16 fc, type, stype;
+	size_t data_len = len;
+	struct hostapd_data *hapd = NULL;
+	int broadcast_bssid = 0;
+	size_t i;
+	u8 *bssid;
+
+	/*
+	 * PS-Poll frames are 16 bytes. All other frames are
+	 * 24 bytes or longer.
+	 */
+	if (len < 16)
+		return;
+
+	hdr = (struct ieee80211_hdr *) buf;
+	fc = le_to_host16(hdr->frame_control);
+
+	type = WLAN_FC_GET_TYPE(fc);
+	stype = WLAN_FC_GET_STYPE(fc);
+
+	switch (type) {
+	case WLAN_FC_TYPE_DATA:
+		if (len < 24)
+			return;
+		switch (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) {
+		case WLAN_FC_TODS:
+			bssid = hdr->addr1;
+			break;
+		default:
+			/* discard */
+			return;
+		}
+		break;
+	case WLAN_FC_TYPE_CTRL:
+		/* discard non-ps-poll frames */
+		if (stype != WLAN_FC_STYPE_PSPOLL)
+			return;
+		bssid = hdr->addr1;
+		break;
+	case WLAN_FC_TYPE_MGMT:
+		bssid = hdr->addr3;
+		break;
+	default:
+		/* discard */
+		return;
+	}
+
+	/* find interface frame belongs to */
+	for (i = 0; i < iface->num_bss; i++) {
+		if (memcmp(bssid, iface->bss[i]->own_addr, ETH_ALEN) == 0) {
+			hapd = iface->bss[i];
+			break;
+		}
+	}
+
+	if (hapd == NULL) {
+		hapd = iface->bss[0];
+
+		if (bssid[0] != 0xff || bssid[1] != 0xff ||
+		    bssid[2] != 0xff || bssid[3] != 0xff ||
+		    bssid[4] != 0xff || bssid[5] != 0xff) {
+			/*
+			 * Unknown BSSID - drop frame if this is not from
+			 * passive scanning or a beacon (at least ProbeReq
+			 * frames to other APs may be allowed through RX
+			 * filtering in the wlan hw/driver)
+			 */
+			if ((type != WLAN_FC_TYPE_MGMT ||
+			     stype != WLAN_FC_STYPE_BEACON))
+				return;
+		} else
+			broadcast_bssid = 1;
+	}
+
+	switch (msg_type) {
+	case ieee80211_msg_normal:
+		/* continue processing */
+		break;
+	case ieee80211_msg_tx_callback_ack:
+		handle_tx_callback(hapd, buf, data_len, 1);
+		return;
+	case ieee80211_msg_tx_callback_fail:
+		handle_tx_callback(hapd, buf, data_len, 0);
+		return;
+	}
+
+	switch (type) {
+	case WLAN_FC_TYPE_MGMT:
+		if (stype != WLAN_FC_STYPE_BEACON &&
+		    stype != WLAN_FC_STYPE_PROBE_REQ)
+			wpa_printf(MSG_MSGDUMP, "MGMT");
+		if (broadcast_bssid) {
+			for (i = 0; i < iface->num_bss; i++)
+				ieee802_11_mgmt(iface->bss[i], buf, data_len,
+						stype, hfi);
+		} else
+			ieee802_11_mgmt(hapd, buf, data_len, stype, hfi);
+		break;
+	case WLAN_FC_TYPE_CTRL:
+		/* can only get here with PS-Poll frames */
+		wpa_printf(MSG_DEBUG, "CTRL");
+		handle_unknown_sta(hapd, hdr->addr2);
+		break;
+	case WLAN_FC_TYPE_DATA:
+		wpa_printf(MSG_DEBUG, "DATA");
+		handle_unknown_sta(hapd, hdr->addr2);
+		break;
+	}
+}
+
+
+static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
+{
+	struct i802_driver_data *drv = eloop_ctx;
+	struct hostapd_data *hapd = drv->hapd;
+	struct sockaddr_ll lladdr;
+	unsigned char buf[3000];
+	int len;
+	socklen_t fromlen = sizeof(lladdr);
+
+	len = recvfrom(sock, buf, sizeof(buf), 0,
+		       (struct sockaddr *)&lladdr, &fromlen);
+	if (len < 0) {
+		perror("recv");
+		return;
+	}
+
+	if (have_ifidx(drv, lladdr.sll_ifindex))
+		ieee802_1x_receive(hapd, lladdr.sll_addr, buf, len);
+}
+
+
+static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
+{
+	struct i802_driver_data *drv = eloop_ctx;
+	int len;
+	unsigned char buf[3000];
+	struct hostapd_data *hapd = drv->hapd;
+	struct ieee80211_radiotap_iterator iter;
+	int ret;
+	struct hostapd_frame_info hfi;
+	int injected = 0, failed = 0, msg_type, rxflags = 0;
+
+	len = recv(sock, buf, sizeof(buf), 0);
+	if (len < 0) {
+		perror("recv");
+		return;
+	}
+
+	if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) {
+		printf("received invalid radiotap frame\n");
+		return;
+	}
+
+	memset(&hfi, 0, sizeof(hfi));
+
+	while (1) {
+		ret = ieee80211_radiotap_iterator_next(&iter);
+		if (ret == -ENOENT)
+			break;
+		if (ret) {
+			printf("received invalid radiotap frame (%d)\n", ret);
+			return;
+		}
+		switch (iter.this_arg_index) {
+		case IEEE80211_RADIOTAP_FLAGS:
+			if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
+				len -= 4;
+			break;
+		case IEEE80211_RADIOTAP_RX_FLAGS:
+			rxflags = 1;
+			break;
+		case IEEE80211_RADIOTAP_TX_FLAGS:
+			injected = 1;
+			failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
+					IEEE80211_RADIOTAP_F_TX_FAIL;
+			break;
+		case IEEE80211_RADIOTAP_DATA_RETRIES:
+			break;
+		case IEEE80211_RADIOTAP_CHANNEL:
+			/* TODO convert from freq/flags to channel number
+			hfi.channel = XXX;
+			hfi.phytype = XXX;
+			 */
+			break;
+		case IEEE80211_RADIOTAP_RATE:
+			hfi.datarate = *iter.this_arg * 5;
+			break;
+		case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
+			hfi.ssi_signal = *iter.this_arg;
+			break;
+		}
+	}
+
+	if (rxflags && injected)
+		return;
+
+	if (!injected)
+		msg_type = ieee80211_msg_normal;
+	else if (failed)
+		msg_type = ieee80211_msg_tx_callback_fail;
+	else
+		msg_type = ieee80211_msg_tx_callback_ack;
+
+	handle_frame(hapd->iface, buf + iter.max_length,
+		     len - iter.max_length, &hfi, msg_type);
+}
+
+
+static int nl80211_create_monitor_interface(struct i802_driver_data *drv)
+{
+	char buf[IFNAMSIZ];
+	struct sockaddr_ll ll;
+	int optval;
+	socklen_t optlen;
+
+	snprintf(buf, IFNAMSIZ, "mon.%s", drv->iface);
+	buf[IFNAMSIZ - 1] = '\0';
+
+	drv->monitor_ifidx =
+		nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL);
+
+	if (drv->monitor_ifidx < 0)
+		return -1;
+
+	if (hostapd_set_iface_flags(drv, buf, 1))
+		goto error;
+
+	memset(&ll, 0, sizeof(ll));
+	ll.sll_family = AF_PACKET;
+	ll.sll_ifindex = drv->monitor_ifidx;
+	drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
+	if (drv->monitor_sock < 0) {
+		perror("socket[PF_PACKET,SOCK_RAW]");
+		goto error;
+	}
+
+	if (bind(drv->monitor_sock, (struct sockaddr *) &ll,
+		 sizeof(ll)) < 0) {
+		perror("monitor socket bind");
+		goto error;
+	}
+
+	optlen = sizeof(optval);
+	optval = 20;
+	if (setsockopt
+	    (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
+		perror("Failed to set socket priority");
+		goto error;
+	}
+
+	if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
+				     drv, NULL)) {
+		printf("Could not register monitor read socket\n");
+		goto error;
+	}
+
+	return 0;
+ error:
+	nl80211_remove_iface(drv, drv->monitor_ifidx);
+	return -1;
+}
+
+
+static int nl80211_set_master_mode(struct i802_driver_data *drv,
+				   const char *ifname)
+{
+	struct nl_msg *msg;
+
+	msg = nlmsg_alloc();
+	if (!msg)
+		return -1;
+
+	genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
+		    0, NL80211_CMD_SET_INTERFACE, 0);
+	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
+		    if_nametoindex(ifname));
+	NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, NL80211_IFTYPE_AP);
+
+	if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
+	    nl_wait_for_ack(drv->nl_handle) < 0) {
+ nla_put_failure:
+		wpa_printf(MSG_ERROR, "Failed to set interface %s to master "
+			   "mode.", ifname);
+		nlmsg_free(msg);
+		return -1;
+	}
+
+	nlmsg_free(msg);
+
+	return 0;
+}
+  
+
+static int i802_init_sockets(struct i802_driver_data *drv, const u8 *bssid)
+{
+	struct ifreq ifr;
+	struct sockaddr_ll addr;
+
+	drv->ioctl_sock = -1;
+
+	drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
+	if (drv->ioctl_sock < 0) {
+		perror("socket[PF_INET,SOCK_DGRAM]");
+		return -1;
+	}
+
+	/* start listening for EAPOL on the default AP interface */
+	add_ifidx(drv, if_nametoindex(drv->iface));
+
+	if (hostapd_set_iface_flags(drv, drv->iface, 0))
+		return -1;
+
+	if (bssid) {
+		os_strlcpy(ifr.ifr_name, drv->iface, IFNAMSIZ);
+		memcpy(ifr.ifr_hwaddr.sa_data, bssid, ETH_ALEN);
+		ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER;
+
+		if (ioctl(drv->ioctl_sock, SIOCSIFHWADDR, &ifr)) {
+			perror("ioctl(SIOCSIFHWADDR)");
+			return -1;
+		}
+	}
+
+	/*
+	 * initialise generic netlink and nl80211
+	 */
+	drv->nl_handle = nl_handle_alloc();
+	if (!drv->nl_handle) {
+		printf("Failed to allocate netlink handle.\n");
+		return -1;
+	}
+
+	if (genl_connect(drv->nl_handle)) {
+		printf("Failed to connect to generic netlink.\n");
+		return -1;
+	}
+
+	drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle);
+	if (!drv->nl_cache) {
+		printf("Failed to allocate generic netlink cache.\n");
+		return -1;
+	}
+
+	drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211");
+	if (!drv->nl80211) {
+		printf("nl80211 not found.\n");
+		return -1;
+	}
+
+	/* Initialise a monitor interface */
+	if (nl80211_create_monitor_interface(drv))
+		return -1;
+
+	if (nl80211_set_master_mode(drv, drv->iface))
+		return -1;
+
+	if (hostapd_set_iface_flags(drv, drv->iface, 1))
+		return -1;
+
+	memset(&addr, 0, sizeof(addr));
+	addr.sll_family = AF_PACKET;
+	addr.sll_ifindex = ifr.ifr_ifindex;
+	wpa_printf(MSG_DEBUG, "Opening raw packet socket for ifindex %d",
+		   addr.sll_ifindex);
+
+	drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
+	if (drv->eapol_sock < 0) {
+		perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)");
+		return -1;
+	}
+
+	if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
+	{
+		printf("Could not register read socket for eapol\n");
+		return -1;
+	}
+
+        memset(&ifr, 0, sizeof(ifr));
+        os_strlcpy(ifr.ifr_name, drv->iface, sizeof(ifr.ifr_name));
+        if (ioctl(drv->ioctl_sock, SIOCGIFHWADDR, &ifr) != 0) {
+		perror("ioctl(SIOCGIFHWADDR)");
+		return -1;
+        }
+
+	if (ifr.ifr_hwaddr.sa_family != ARPHRD_ETHER) {
+		printf("Invalid HW-addr family 0x%04x\n",
+		       ifr.ifr_hwaddr.sa_family);
+		return -1;
+	}
+	memcpy(drv->hapd->own_addr, ifr.ifr_hwaddr.sa_data, ETH_ALEN);
+
+	return 0;
+}
+
+
+static int i802_get_inact_sec(void *priv, const u8 *addr)
+{
+	struct hostap_sta_driver_data data;
+	int ret;
+
+	data.inactive_msec = (unsigned long) -1;
+	ret = i802_read_sta_data(priv, &data, addr);
+	if (ret || data.inactive_msec == (unsigned long) -1)
+		return -1;
+	return data.inactive_msec / 1000;
+}
+
+
+static int i802_sta_clear_stats(void *priv, const u8 *addr)
+{
+#if 0
+	/* TODO */
+#endif
+	return 0;
+}
+
+
+static void
+hostapd_wireless_event_wireless_custom(struct i802_driver_data *drv,
+				       char *custom)
+{
+	wpa_printf(MSG_DEBUG, "Custom wireless event: '%s'", custom);
+
+	if (strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
+		char *pos;
+		u8 addr[ETH_ALEN];
+		pos = strstr(custom, "addr=");
+		if (pos == NULL) {
+			wpa_printf(MSG_DEBUG,
+				   "MLME-MICHAELMICFAILURE.indication "
+				   "without sender address ignored");
+			return;
+		}
+		pos += 5;
+		if (hwaddr_aton(pos, addr) == 0) {
+			ieee80211_michael_mic_failure(drv->hapd, addr, 1);
+		} else {
+			wpa_printf(MSG_DEBUG,
+				   "MLME-MICHAELMICFAILURE.indication "
+				   "with invalid MAC address");
+		}
+	}
+}
+
+
+static void hostapd_wireless_event_wireless(struct i802_driver_data *drv,
+					    char *data, int len)
+{
+	struct iw_event iwe_buf, *iwe = &iwe_buf;
+	char *pos, *end, *custom, *buf;
+
+	pos = data;
+	end = data + len;
+
+	while (pos + IW_EV_LCP_LEN <= end) {
+		/* Event data may be unaligned, so make a local, aligned copy
+		 * before processing. */
+		memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
+		wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
+			   iwe->cmd, iwe->len);
+		if (iwe->len <= IW_EV_LCP_LEN)
+			return;
+
+		custom = pos + IW_EV_POINT_LEN;
+		if (drv->we_version > 18 &&
+		    (iwe->cmd == IWEVMICHAELMICFAILURE ||
+		     iwe->cmd == IWEVCUSTOM)) {
+			/* WE-19 removed the pointer from struct iw_point */
+			char *dpos = (char *) &iwe_buf.u.data.length;
+			int dlen = dpos - (char *) &iwe_buf;
+			memcpy(dpos, pos + IW_EV_LCP_LEN,
+			       sizeof(struct iw_event) - dlen);
+		} else {
+			memcpy(&iwe_buf, pos, sizeof(struct iw_event));
+			custom += IW_EV_POINT_OFF;
+		}
+
+		switch (iwe->cmd) {
+		case IWEVCUSTOM:
+			if (custom + iwe->u.data.length > end)
+				return;
+			buf = malloc(iwe->u.data.length + 1);
+			if (buf == NULL)
+				return;
+			memcpy(buf, custom, iwe->u.data.length);
+			buf[iwe->u.data.length] = '\0';
+			hostapd_wireless_event_wireless_custom(drv, buf);
+			free(buf);
+			break;
+		}
+
+		pos += iwe->len;
+	}
+}
+
+
+static void hostapd_wireless_event_rtm_newlink(struct i802_driver_data *drv,
+					       struct nlmsghdr *h, int len)
+{
+	struct ifinfomsg *ifi;
+	int attrlen, nlmsg_len, rta_len;
+	struct rtattr *attr;
+
+	if (len < (int) sizeof(*ifi))
+		return;
+
+	ifi = NLMSG_DATA(h);
+
+	/* TODO: use ifi->ifi_index to filter out wireless events from other
+	 * interfaces */
+
+	nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
+
+	attrlen = h->nlmsg_len - nlmsg_len;
+	if (attrlen < 0)
+		return;
+
+	attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
+
+	rta_len = RTA_ALIGN(sizeof(struct rtattr));
+	while (RTA_OK(attr, attrlen)) {
+		if (attr->rta_type == IFLA_WIRELESS) {
+			hostapd_wireless_event_wireless(
+				drv, ((char *) attr) + rta_len,
+				attr->rta_len - rta_len);
+		}
+		attr = RTA_NEXT(attr, attrlen);
+	}
+}
+
+
+static void hostapd_wireless_event_receive(int sock, void *eloop_ctx,
+					   void *sock_ctx)
+{
+	char buf[256];
+	int left;
+	struct sockaddr_nl from;
+	socklen_t fromlen;
+	struct nlmsghdr *h;
+	struct i802_driver_data *drv = eloop_ctx;
+
+	fromlen = sizeof(from);
+	left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
+			(struct sockaddr *) &from, &fromlen);
+	if (left < 0) {
+		if (errno != EINTR && errno != EAGAIN)
+			perror("recvfrom(netlink)");
+		return;
+	}
+
+	h = (struct nlmsghdr *) buf;
+	while (left >= (int) sizeof(*h)) {
+		int len, plen;
+
+		len = h->nlmsg_len;
+		plen = len - sizeof(*h);
+		if (len > left || plen < 0) {
+			printf("Malformed netlink message: "
+			       "len=%d left=%d plen=%d\n",
+			       len, left, plen);
+			break;
+		}
+
+		switch (h->nlmsg_type) {
+		case RTM_NEWLINK:
+			hostapd_wireless_event_rtm_newlink(drv, h, plen);
+			break;
+		}
+
+		len = NLMSG_ALIGN(len);
+		left -= len;
+		h = (struct nlmsghdr *) ((char *) h + len);
+	}
+
+	if (left > 0) {
+		printf("%d extra bytes in the end of netlink message\n", left);
+	}
+}
+
+
+static int hostap_get_we_version(struct i802_driver_data *drv)
+{
+	struct iw_range *range;
+	struct iwreq iwr;
+	int minlen;
+	size_t buflen;
+
+	drv->we_version = 0;
+
+	/*
+	 * Use larger buffer than struct iw_range in order to allow the
+	 * structure to grow in the future.
+	 */
+	buflen = sizeof(struct iw_range) + 500;
+	range = os_zalloc(buflen);
+	if (range == NULL)
+		return -1;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
+	iwr.u.data.pointer = (caddr_t) range;
+	iwr.u.data.length = buflen;
+
+	minlen = ((char *) &range->enc_capa) - (char *) range +
+		sizeof(range->enc_capa);
+
+	if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
+		perror("ioctl[SIOCGIWRANGE]");
+		free(range);
+		return -1;
+	} else if (iwr.u.data.length >= minlen &&
+		   range->we_version_compiled >= 18) {
+		wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
+			   "WE(source)=%d enc_capa=0x%x",
+			   range->we_version_compiled,
+			   range->we_version_source,
+			   range->enc_capa);
+		drv->we_version = range->we_version_compiled;
+	}
+
+	free(range);
+	return 0;
+}
+
+
+static int i802_wireless_event_init(void *priv)
+{
+	struct i802_driver_data *drv = priv;
+	int s;
+	struct sockaddr_nl local;
+
+	hostap_get_we_version(drv);
+
+	drv->wext_sock = -1;
+
+	s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+	if (s < 0) {
+		perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
+		return -1;
+	}
+
+	memset(&local, 0, sizeof(local));
+	local.nl_family = AF_NETLINK;
+	local.nl_groups = RTMGRP_LINK;
+	if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
+		perror("bind(netlink)");
+		close(s);
+		return -1;
+	}
+
+	eloop_register_read_sock(s, hostapd_wireless_event_receive, drv,
+				 NULL);
+	drv->wext_sock = s;
+
+	return 0;
+}
+
+
+static void i802_wireless_event_deinit(void *priv)
+{
+	struct i802_driver_data *drv = priv;
+	if (drv->wext_sock < 0)
+		return;
+	eloop_unregister_read_sock(drv->wext_sock);
+	close(drv->wext_sock);
+}
+
+
+static int i802_sta_deauth(void *priv, const u8 *addr, int reason)
+{
+	struct i802_driver_data *drv = priv;
+	struct ieee80211_mgmt mgmt;
+
+	memset(&mgmt, 0, sizeof(mgmt));
+	mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+					  WLAN_FC_STYPE_DEAUTH);
+	memcpy(mgmt.da, addr, ETH_ALEN);
+	memcpy(mgmt.sa, drv->hapd->own_addr, ETH_ALEN);
+	memcpy(mgmt.bssid, drv->hapd->own_addr, ETH_ALEN);
+	mgmt.u.deauth.reason_code = host_to_le16(reason);
+	return i802_send_mgmt_frame(drv, &mgmt, IEEE80211_HDRLEN +
+				      sizeof(mgmt.u.deauth), 0);
+}
+
+
+static int i802_sta_disassoc(void *priv, const u8 *addr, int reason)
+{
+	struct i802_driver_data *drv = priv;
+	struct ieee80211_mgmt mgmt;
+
+	memset(&mgmt, 0, sizeof(mgmt));
+	mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+					  WLAN_FC_STYPE_DISASSOC);
+	memcpy(mgmt.da, addr, ETH_ALEN);
+	memcpy(mgmt.sa, drv->hapd->own_addr, ETH_ALEN);
+	memcpy(mgmt.bssid, drv->hapd->own_addr, ETH_ALEN);
+	mgmt.u.disassoc.reason_code = host_to_le16(reason);
+	return  i802_send_mgmt_frame(drv, &mgmt, IEEE80211_HDRLEN +
+				       sizeof(mgmt.u.disassoc), 0);
+}
+
+
+static void *i802_init_bssid(struct hostapd_data *hapd, const u8 *bssid)
+{
+	struct i802_driver_data *drv;
+
+	drv = os_zalloc(sizeof(struct i802_driver_data));
+	if (drv == NULL) {
+		printf("Could not allocate memory for i802 driver data\n");
+		return NULL;
+	}
+
+	drv->hapd = hapd;
+	memcpy(drv->iface, hapd->conf->iface, sizeof(drv->iface));
+
+	drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
+	drv->if_indices = drv->default_if_indices;
+
+	if (i802_init_sockets(drv, bssid))
+		goto failed;
+
+	return drv;
+
+failed:
+	free(drv);
+	return NULL;
+}
+
+
+static void *i802_init(struct hostapd_data *hapd)
+{
+	return i802_init_bssid(hapd, NULL);
+}
+
+
+static void i802_deinit(void *priv)
+{
+	struct i802_driver_data *drv = priv;
+
+	i802_del_beacon(drv);
+
+	/* remove monitor interface */
+	nl80211_remove_iface(drv, drv->monitor_ifidx);
+
+	(void) hostapd_set_iface_flags(drv, drv->iface, 0);
+
+	if (drv->monitor_sock >= 0) {
+		eloop_unregister_read_sock(drv->monitor_sock);
+		close(drv->monitor_sock);
+	}
+	if (drv->ioctl_sock >= 0)
+		close(drv->ioctl_sock);
+	if (drv->eapol_sock >= 0) {
+		eloop_unregister_read_sock(drv->eapol_sock);
+		close(drv->eapol_sock);
+	}
+
+	genl_family_put(drv->nl80211);
+	nl_cache_free(drv->nl_cache);
+	nl_handle_destroy(drv->nl_handle);
+
+	if (drv->if_indices != drv->default_if_indices)
+		free(drv->if_indices);
+
+	free(drv);
+}
+
+
+const struct wpa_driver_ops wpa_driver_nl80211_ops = {
+	.name = "nl80211",
+	.init = i802_init,
+	.init_bssid = i802_init_bssid,
+	.deinit = i802_deinit,
+	.wireless_event_init = i802_wireless_event_init,
+	.wireless_event_deinit = i802_wireless_event_deinit,
+	.set_ieee8021x = i802_set_ieee8021x,
+	.set_privacy = i802_set_privacy,
+	.set_encryption = i802_set_encryption,
+	.get_seqnum = i802_get_seqnum,
+	.flush = i802_flush,
+	.read_sta_data = i802_read_sta_data,
+	.send_eapol = i802_send_eapol,
+	.sta_set_flags = i802_sta_set_flags,
+	.sta_deauth = i802_sta_deauth,
+	.sta_disassoc = i802_sta_disassoc,
+	.sta_remove = i802_sta_remove,
+	.set_ssid = i802_set_ssid,
+	.send_mgmt_frame = i802_send_mgmt_frame,
+	.sta_add = i802_sta_add,
+	.get_inact_sec = i802_get_inact_sec,
+	.sta_clear_stats = i802_sta_clear_stats,
+	.set_freq = i802_set_freq,
+	.set_rts = i802_set_rts,
+	.get_rts = i802_get_rts,
+	.set_frag = i802_set_frag,
+	.get_frag = i802_get_frag,
+	.set_retry = i802_set_retry,
+	.get_retry = i802_get_retry,
+	.set_rate_sets = i802_set_rate_sets,
+	.set_channel_flag = i802_set_channel_flag,
+	.set_regulatory_domain = i802_set_regulatory_domain,
+	.set_beacon = i802_set_beacon,
+	.set_internal_bridge = i802_set_internal_bridge,
+	.set_beacon_int = i802_set_beacon_int,
+	.set_dtim_period = i802_set_dtim_period,
+	.set_cts_protect = i802_set_cts_protect,
+	.set_preamble = i802_set_preamble,
+	.set_short_slot_time = i802_set_short_slot_time,
+	.set_tx_queue_params = i802_set_tx_queue_params,
+	.bss_add = i802_bss_add,
+	.bss_remove = i802_bss_remove,
+	.if_add = i802_if_add,
+	.if_update = i802_if_update,
+	.if_remove = i802_if_remove,
+	.get_hw_feature_data = i802_get_hw_feature_data,
+	.set_sta_vlan = i802_set_sta_vlan,
+};

hostapd/driver_prism54.c

@@ -0,0 +1,1086 @@
+/*
+ * hostapd / Driver interaction with Prism54 PIMFOR interface
+ * Copyright (c) 2004, Bell Kin <bell_kin@pek.com.tw>
+ * based on hostap driver.c, ieee802_11.c
+ * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <sys/ioctl.h>
+#include <sys/select.h>
+
+#ifdef USE_KERNEL_HEADERS
+#include <asm/types.h>
+#include <linux/if_packet.h>
+#include <linux/if_ether.h>   /* The L2 protocols */
+#include <linux/if_arp.h>
+#include <linux/wireless.h>
+#else /* USE_KERNEL_HEADERS */
+#include <net/if_arp.h>
+#include <netpacket/packet.h>
+#include "wireless_copy.h"
+#endif /* USE_KERNEL_HEADERS */
+
+#include "hostapd.h"
+#include "driver.h"
+#include "ieee802_1x.h"
+#include "eloop.h"
+#include "ieee802_11.h"
+#include "prism54.h"
+#include "wpa.h"
+#include "radius/radius.h"
+#include "sta_info.h"
+#include "accounting.h"
+
+const int PIM_BUF_SIZE = 4096;
+
+struct prism54_driver_data {
+	struct hostapd_data *hapd;
+	char iface[IFNAMSIZ + 1];
+	int sock; /* raw packet socket for 802.3 access */
+	int pim_sock; /* socket for pimfor packet */
+	char macs[2007][6];
+};
+
+
+static int mac_id_refresh(struct prism54_driver_data *data, int id, char *mac)
+{
+	if (id < 0 || id > 2006) {
+		return -1;
+	}
+	memcpy(&data->macs[id][0], mac, ETH_ALEN);
+	return 0;
+}
+
+
+static char * mac_id_get(struct prism54_driver_data *data, int id)
+{
+	if (id < 0 || id > 2006) {
+		return NULL;
+	}
+	return &data->macs[id][0];
+}
+
+
+/* wait for a specific pimfor, timeout in 10ms resolution */
+/* pim_sock must be non-block to prevent dead lock from no response */
+/* or same response type in series */
+static int prism54_waitpim(void *priv, unsigned long oid, void *buf, int len,
+			   int timeout)
+{
+	struct prism54_driver_data *drv = priv;
+	struct timeval tv, stv, ctv;
+	fd_set pfd;
+	int rlen;
+	pimdev_hdr *pkt;
+
+	pkt = malloc(8192);
+	if (pkt == NULL)
+		return -1;
+
+	FD_ZERO(&pfd);
+	gettimeofday(&stv, NULL);
+	do {
+		FD_SET(drv->pim_sock, &pfd);
+		tv.tv_sec = 0;
+		tv.tv_usec = 10000;
+		if (select(drv->pim_sock + 1, &pfd, NULL, NULL, &tv)) {
+			rlen = recv(drv->pim_sock, pkt, 8192, 0);
+			if (rlen > 0) {
+				if (pkt->oid == htonl(oid)) {
+					if (rlen <= len) {
+						if (buf != NULL) {
+							memcpy(buf, pkt, rlen);
+						}
+						free(pkt);
+						return rlen;
+					} else {
+						printf("buffer too small\n");
+						free(pkt);
+						return -1;
+					}
+				} else {
+					gettimeofday(&ctv, NULL);
+					continue;
+				}
+			}
+		}
+		gettimeofday(&ctv, NULL);
+	} while (((ctv.tv_sec - stv.tv_sec) * 100 +
+		  (ctv.tv_usec - stv.tv_usec) / 10000) > timeout);
+	free(pkt);
+	return 0;
+}
+
+
+/* send an eapol packet */
+static int prism54_send_eapol(void *priv, const u8 *addr,
+			      const u8 *data, size_t data_len, int encrypt,
+			      const u8 *own_addr)
+{
+	struct prism54_driver_data *drv = priv;
+	ieee802_3_hdr *hdr;
+	size_t len;
+	u8 *pos;
+	int res;
+
+	len = sizeof(*hdr) + data_len;
+	hdr = os_zalloc(len);
+	if (hdr == NULL) {
+		printf("malloc() failed for prism54_send_data(len=%lu)\n",
+		       (unsigned long) len);
+		return -1;
+	}
+
+	memcpy(&hdr->da[0], addr, ETH_ALEN);
+	memcpy(&hdr->sa[0], own_addr, ETH_ALEN);
+	hdr->type = htons(ETH_P_PAE);
+	pos = (u8 *) (hdr + 1);
+	memcpy(pos, data, data_len);
+
+	res = send(drv->sock, hdr, len, 0);
+	free(hdr);
+
+	if (res < 0) {
+		perror("hostapd_send_eapol: send");
+		printf("hostapd_send_eapol - packet len: %lu - failed\n",
+		       (unsigned long) len);
+	}
+
+	return res;
+}
+
+
+/* open data channel(auth-1) or eapol only(unauth-0) */
+static int prism54_set_sta_authorized(void *priv, const u8 *addr,
+				      int authorized)
+{
+	struct prism54_driver_data *drv = priv;
+	pimdev_hdr *hdr;
+	char *pos;
+
+	hdr = malloc(sizeof(*hdr) + ETH_ALEN);
+	if (hdr == NULL)
+		return -1;
+	hdr->op = htonl(PIMOP_SET);
+	if (authorized) {
+		hdr->oid = htonl(DOT11_OID_EAPAUTHSTA);
+	} else {
+		hdr->oid = htonl(DOT11_OID_EAPUNAUTHSTA);
+	}
+	pos = (char *) (hdr + 1);
+	memcpy(pos, addr, ETH_ALEN);
+	send(drv->pim_sock, hdr, sizeof(*hdr) + ETH_ALEN, 0);
+	prism54_waitpim(priv, hdr->oid, hdr, sizeof(*hdr) + ETH_ALEN, 10);
+	free(hdr);
+	return 0;
+}
+
+
+static int
+prism54_sta_set_flags(void *priv, const u8 *addr, int total_flags,
+		      int flags_or, int flags_and)
+{
+	/* For now, only support setting Authorized flag */
+	if (flags_or & WLAN_STA_AUTHORIZED)
+		return prism54_set_sta_authorized(priv, addr, 1);
+	if (flags_and & WLAN_STA_AUTHORIZED)
+		return prism54_set_sta_authorized(priv, addr, 0);
+	return 0;
+}
+
+
+/* set per station key */
+static int prism54_set_encryption(const char *ifname, void *priv,
+				  const char *alg, const u8 *addr,
+				  int idx, const u8 *key, size_t key_len,
+				  int txkey)
+{
+	struct prism54_driver_data *drv = priv;
+	pimdev_hdr *hdr;
+	struct obj_stakey *keys;
+	u8 *buf;
+	size_t blen;
+	int ret = 0;
+
+	blen = sizeof(struct obj_stakey) + sizeof(pimdev_hdr);
+	hdr = malloc(blen);
+	if (hdr == NULL) {
+		printf("memory low\n");
+		return -1;
+	}
+	keys = (struct obj_stakey *) &hdr[1];
+	if (!addr) {
+		memset(&keys->address[0], 0xff, ETH_ALEN);
+	} else {
+		memcpy(&keys->address[0], addr, ETH_ALEN);
+	}
+	if (!strcmp(alg, "WEP")) {
+		keys->type = DOT11_PRIV_WEP;
+	} else if (!strcmp(alg, "TKIP")) {
+		keys->type = DOT11_PRIV_TKIP;
+	} else if (!strcmp(alg, "none")) {
+		/* the only way to clear the key is to deauth it */
+		/* and prism54 is capable to receive unencrypted packet */
+		/* so we do nothing here */
+		free(hdr);
+		return 0;
+	} else {
+		printf("bad auth type: %s\n", alg);
+	}
+	buf = (u8 *) &keys->key[0];
+	keys->length = key_len;
+	keys->keyid = idx;
+	keys->options = htons(DOT11_STAKEY_OPTION_DEFAULTKEY);
+	keys->reserved = 0;
+
+	hdr->op = htonl(PIMOP_SET);
+	hdr->oid = htonl(DOT11_OID_STAKEY);
+
+	memcpy(buf, key, key_len);
+	
+	ret = send(drv->pim_sock, hdr, blen, 0);
+	if (ret < 0) {
+		free(hdr);
+		return ret;
+	}
+	prism54_waitpim(priv, hdr->oid, hdr, blen, 10);
+
+	free(hdr);
+
+	return 0;
+}
+
+
+/* get TKIP station sequence counter, prism54 is only 6 bytes */
+static int prism54_get_seqnum(const char *ifname, void *priv, const u8 *addr,
+			      int idx, u8 *seq)
+{
+	struct prism54_driver_data *drv = priv;
+	struct obj_stasc *stasc;
+	pimdev_hdr *hdr;
+	size_t blen;
+	int ret = 0;
+
+	blen = sizeof(*stasc) + sizeof(*hdr);
+	hdr = malloc(blen);
+	if (hdr == NULL)
+		return -1;
+
+	stasc = (struct obj_stasc *) &hdr[1];
+	
+	if (addr == NULL)
+		memset(&stasc->address[0], 0xff, ETH_ALEN);
+	else
+		memcpy(&stasc->address[0], addr, ETH_ALEN);
+
+	hdr->oid = htonl(DOT11_OID_STASC);
+	hdr->op = htonl(PIMOP_GET);
+	stasc->keyid = idx;
+	if (send(drv->pim_sock,hdr,blen,0) <= 0) {
+		free(hdr);
+		return -1;
+	}
+	if (prism54_waitpim(priv, DOT11_OID_STASC, hdr, blen, 10) <= 0) {
+		ret = -1;
+	} else {
+		if (hdr->op == (int) htonl(PIMOP_RESPONSE)) {
+			memcpy(seq + 2, &stasc->sc_high, ETH_ALEN);
+			memset(seq, 0, 2);
+		} else {
+			ret = -1;
+		}
+	}
+	free(hdr);
+
+	return ret;
+}
+
+
+/* include unencrypted, set mlme autolevel to extended */
+static int prism54_init_1x(void *priv)
+{
+	struct prism54_driver_data *drv = priv;
+	pimdev_hdr *hdr;
+	unsigned long *ul;
+	int blen = sizeof(*hdr) + sizeof(*ul);
+
+	hdr = malloc(blen);
+	if (hdr == NULL)
+		return -1;
+
+	ul = (unsigned long *) &hdr[1];
+	hdr->op = htonl(PIMOP_SET);
+	hdr->oid = htonl(DOT11_OID_EXUNENCRYPTED);
+	*ul = htonl(DOT11_BOOL_TRUE); /* not accept */
+	send(drv->pim_sock, hdr, blen, 0);
+	prism54_waitpim(priv, DOT11_OID_EXUNENCRYPTED, hdr, blen, 10);
+	hdr->op = htonl(PIMOP_SET);
+	hdr->oid = htonl(DOT11_OID_MLMEAUTOLEVEL);
+	*ul = htonl(DOT11_MLME_EXTENDED);
+	send(drv->pim_sock, hdr, blen, 0);
+	prism54_waitpim(priv, DOT11_OID_MLMEAUTOLEVEL, hdr, blen, 10);
+	hdr->op = htonl(PIMOP_SET);
+	hdr->oid = htonl(DOT11_OID_DOT1XENABLE);
+	*ul = htonl(DOT11_BOOL_TRUE);
+	send(drv->pim_sock, hdr, blen, 0);
+	prism54_waitpim(priv, DOT11_OID_DOT1XENABLE, hdr, blen, 10);
+	hdr->op = htonl(PIMOP_SET);
+	hdr->oid = htonl(DOT11_OID_AUTHENABLE);
+	*ul = htonl(DOT11_AUTH_OS); /* OS */
+	send(drv->pim_sock, hdr, blen, 0);
+	prism54_waitpim(priv, DOT11_OID_AUTHENABLE, hdr, blen, 10);
+	free(hdr);
+	return 0;
+}
+
+
+static int prism54_set_privacy_invoked(const char *ifname, void *priv,
+				       int flag)
+{
+	struct prism54_driver_data *drv = priv;
+	pimdev_hdr *hdr;
+	unsigned long *ul;
+	int ret;
+	int blen = sizeof(*hdr) + sizeof(*ul);
+	hdr = malloc(blen);
+	if (hdr == NULL)
+		return -1;
+	ul = (unsigned long *) &hdr[1];
+	hdr->op = htonl(PIMOP_SET);
+	hdr->oid = htonl(DOT11_OID_PRIVACYINVOKED);
+	if (flag) {
+		*ul = htonl(DOT11_BOOL_TRUE); /* has privacy */
+	} else {
+		*ul = 0;
+	}
+	ret = send(drv->pim_sock, hdr, blen, 0);
+	if (ret >= 0) {
+		ret = prism54_waitpim(priv, DOT11_OID_PRIVACYINVOKED, hdr,
+				      blen, 10);
+	}
+	free(hdr);
+	return ret;
+}
+
+ 
+static int prism54_ioctl_setiwessid(const char *ifname, void *priv,
+				    const u8 *buf, int len)
+{
+#if 0
+	struct prism54_driver_data *drv = priv;
+	struct iwreq iwr;
+
+	memset(&iwr, 0, sizeof(iwr));
+	os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
+	iwr.u.essid.flags = 1; /* SSID active */
+	iwr.u.essid.pointer = (caddr_t) buf;
+	iwr.u.essid.length = len + 1;
+
+	if (ioctl(drv->pim_sock, SIOCSIWESSID, &iwr) < 0) {
+		perror("ioctl[SIOCSIWESSID]");
+		printf("len=%d\n", len);
+		return -1;
+	}
+#endif
+	return 0;
+}
+
+
+/* kick all stations */
+/* does not work during init, but at least it won't crash firmware */
+static int prism54_flush(void *priv)
+{
+	struct prism54_driver_data *drv = priv;
+	struct obj_mlmeex *mlme;
+	pimdev_hdr *hdr;
+	int ret;
+	unsigned int i;
+	long *nsta;
+	int blen = sizeof(*hdr) + sizeof(*mlme);
+	char *mac_id;
+
+	hdr = os_zalloc(blen);
+	if (hdr == NULL)
+		return -1;
+
+	mlme = (struct obj_mlmeex *) &hdr[1];
+	nsta = (long *) &hdr[1];
+	hdr->op = htonl(PIMOP_GET);
+	hdr->oid = htonl(DOT11_OID_CLIENTS);
+	ret = send(drv->pim_sock, hdr, sizeof(*hdr) + sizeof(long), 0);
+	ret = prism54_waitpim(priv, DOT11_OID_CLIENTS, hdr, blen, 10);
+	if ((ret < 0) || (hdr->op != (int) htonl(PIMOP_RESPONSE)) ||
+	    (le_to_host32(*nsta) > 2007)) {
+		free(hdr);
+		return 0;
+	}
+	for (i = 0; i < le_to_host32(*nsta); i++) {
+		mlme->id = -1;
+		mac_id = mac_id_get(drv, i);
+		if (mac_id)
+			memcpy(&mlme->address[0], mac_id, ETH_ALEN);
+		mlme->code = host_to_le16(WLAN_REASON_UNSPECIFIED);
+		mlme->state = htons(DOT11_STATE_NONE);
+		mlme->size = 0;
+		hdr->op = htonl(PIMOP_SET);
+		hdr->oid = htonl(DOT11_OID_DISASSOCIATEEX);
+		ret = send(drv->pim_sock, hdr, blen, 0);
+		prism54_waitpim(priv, DOT11_OID_DISASSOCIATEEX, hdr, blen,
+				100);
+	}
+	for (i = 0; i < le_to_host32(*nsta); i++) {
+		mlme->id = -1;
+		mac_id = mac_id_get(drv, i);
+		if (mac_id)
+			memcpy(&mlme->address[0], mac_id, ETH_ALEN);
+		mlme->code = host_to_le16(WLAN_REASON_UNSPECIFIED);
+		mlme->state = htons(DOT11_STATE_NONE);
+		mlme->size = 0;
+		hdr->op = htonl(PIMOP_SET);
+		hdr->oid = htonl(DOT11_OID_DEAUTHENTICATEEX);
+		ret = send(drv->pim_sock, hdr, blen, 0);
+		prism54_waitpim(priv, DOT11_OID_DEAUTHENTICATEEX, hdr, blen,
+				100);
+	}
+	free(hdr);
+	return 0;
+}
+
+
+static int prism54_sta_deauth(void *priv, const u8 *addr, int reason)
+{
+	struct prism54_driver_data *drv = priv;
+	pimdev_hdr *hdr;
+	struct obj_mlmeex *mlme;
+	int ret;
+	int blen = sizeof(*hdr) + sizeof(*mlme);
+	hdr = malloc(blen);
+	if (hdr == NULL)
+		return -1;
+	mlme = (struct obj_mlmeex *) &hdr[1];
+	hdr->op = htonl(PIMOP_SET);
+	hdr->oid = htonl(DOT11_OID_DEAUTHENTICATEEX);
+	memcpy(&mlme->address[0], addr, ETH_ALEN);
+	mlme->id = -1;
+	mlme->state = htons(DOT11_STATE_NONE);
+	mlme->code = host_to_le16(reason);
+	mlme->size = 0;
+	ret = send(drv->pim_sock, hdr, blen, 0);
+	prism54_waitpim(priv, DOT11_OID_DEAUTHENTICATEEX, hdr, blen, 10);
+	free(hdr);
+	return ret;
+}
+
+
+static int prism54_sta_disassoc(void *priv, const u8 *addr, int reason)
+{
+	struct prism54_driver_data *drv = priv;
+        pimdev_hdr *hdr;
+        struct obj_mlmeex *mlme;
+	int ret;
+        int blen = sizeof(*hdr) + sizeof(*mlme);
+        hdr = malloc(blen);
+	if (hdr == NULL)
+		return -1;
+        mlme = (struct obj_mlmeex *) &hdr[1];
+        hdr->op = htonl(PIMOP_SET);
+        hdr->oid = htonl(DOT11_OID_DISASSOCIATEEX);
+        memcpy(&mlme->address[0], addr, ETH_ALEN);
+        mlme->id = -1;
+        mlme->state = htons(DOT11_STATE_NONE);
+        mlme->code = host_to_le16(reason);
+	mlme->size = 0;
+        ret = send(drv->pim_sock, hdr, blen, 0);
+        prism54_waitpim(priv, DOT11_OID_DISASSOCIATEEX, hdr, blen, 10);
+        free(hdr);
+        return ret;
+}
+
+
+static int prism54_get_inact_sec(void *priv, const u8 *addr)
+{
+	struct prism54_driver_data *drv = priv;
+	pimdev_hdr *hdr;
+	struct obj_sta *sta;
+	int blen = sizeof(*hdr) + sizeof(*sta);
+	int ret;
+
+	hdr = malloc(blen);
+	if (hdr == NULL)
+		return -1;
+	hdr->op = htonl(PIMOP_GET);
+	hdr->oid = htonl(DOT11_OID_CLIENTFIND);
+	sta = (struct obj_sta *) &hdr[1];
+	memcpy(&sta->address[0], addr, ETH_ALEN);
+	ret = send(drv->pim_sock, hdr, blen, 0);
+	ret = prism54_waitpim(priv, DOT11_OID_CLIENTFIND, hdr, blen, 10);
+	if (ret != blen) {
+		printf("get_inact_sec: bad return %d\n", ret);
+		free(hdr);
+		return -1;
+	}
+	if (hdr->op != (int) htonl(PIMOP_RESPONSE)) {
+		printf("get_inact_sec: bad resp\n");
+		free(hdr);
+		return -1;
+	}
+	free(hdr);
+	return le_to_host16(sta->age);
+}
+
+
+/* set attachments */
+static int prism54_set_generic_elem(const char *ifname, void *priv,
+				    const u8 *elem, size_t elem_len)
+{
+	struct prism54_driver_data *drv = priv;
+	pimdev_hdr *hdr;
+	char *pos;
+	struct obj_attachment_hdr *attach;
+	size_t blen = sizeof(*hdr) + sizeof(*attach) + elem_len;
+	hdr = os_zalloc(blen);
+	if (hdr == NULL) {
+		printf("%s: memory low\n", __func__);
+		return -1;
+	}
+	hdr->op = htonl(PIMOP_SET);
+	hdr->oid = htonl(DOT11_OID_ATTACHMENT);
+	attach = (struct obj_attachment_hdr *)&hdr[1];
+	attach->type = DOT11_PKT_BEACON;
+	attach->id = -1;
+	attach->size = host_to_le16((short)elem_len);
+	pos = ((char*) attach) + sizeof(*attach);
+	if (elem)
+		memcpy(pos, elem, elem_len);
+	send(drv->pim_sock, hdr, blen, 0);
+	attach->type = DOT11_PKT_PROBE_RESP;
+	send(drv->pim_sock, hdr, blen, 0);
+	free(hdr);
+	return 0;
+}
+
+
+/* tell the card to auth the sta */
+static void prism54_handle_probe(struct prism54_driver_data *drv,
+				 void *buf, size_t len)
+{
+	struct obj_mlmeex *mlme;
+	pimdev_hdr *hdr;
+	struct sta_info *sta;
+	hdr = (pimdev_hdr *)buf;
+	mlme = (struct obj_mlmeex *) &hdr[1];
+	sta = ap_get_sta(drv->hapd, (u8 *) &mlme->address[0]);
+	if (sta != NULL) {
+		if (sta->flags & (WLAN_STA_AUTH | WLAN_STA_ASSOC))
+			return;
+	}
+	if (len < sizeof(*mlme)) {
+		printf("bad probe packet\n");
+		return;
+	}
+	mlme->state = htons(DOT11_STATE_AUTHING);
+	mlme->code = 0;
+	hdr->op = htonl(PIMOP_SET);
+	hdr->oid = htonl(DOT11_OID_AUTHENTICATEEX);
+	mlme->size = 0;
+	send(drv->pim_sock, hdr, sizeof(*hdr)+sizeof(*mlme), 0);
+}
+
+
+static void prism54_handle_deauth(struct prism54_driver_data *drv,
+				  void *buf, size_t len)
+{
+	struct obj_mlme *mlme;
+	pimdev_hdr *hdr;
+	struct sta_info *sta;
+	char *mac_id;
+
+	hdr = (pimdev_hdr *) buf;
+	mlme = (struct obj_mlme *) &hdr[1];
+	sta = ap_get_sta(drv->hapd, (u8 *) &mlme->address[0]);
+	mac_id = mac_id_get(drv, mlme->id);
+	if (sta == NULL || mac_id == NULL)
+		return;
+	memcpy(&mlme->address[0], mac_id, ETH_ALEN);
+	sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
+	wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
+	sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
+	ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
+	ap_free_sta(drv->hapd, sta);
+}
+
+
+static void prism54_handle_disassoc(struct prism54_driver_data *drv,
+				    void *buf, size_t len)
+{
+	struct obj_mlme *mlme;
+	pimdev_hdr *hdr;
+	struct sta_info *sta;
+	char *mac_id;
+
+	hdr = (pimdev_hdr *) buf;
+	mlme = (struct obj_mlme *) &hdr[1];
+	mac_id = mac_id_get(drv, mlme->id);
+	if (mac_id == NULL)
+		return;
+	memcpy(&mlme->address[0], mac_id, ETH_ALEN);
+	sta = ap_get_sta(drv->hapd, (u8 *) &mlme->address[0]);
+	if (sta == NULL) {
+		return;
+	}
+	sta->flags &= ~WLAN_STA_ASSOC;
+	wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC);
+	sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
+	ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
+	accounting_sta_stop(drv->hapd, sta);
+	ieee802_1x_free_station(sta);
+}
+
+
+/* to auth it, just allow it now, later for os/sk */
+static void prism54_handle_auth(struct prism54_driver_data *drv,
+				void *buf, size_t len)
+{
+	struct obj_mlmeex *mlme;
+	pimdev_hdr *hdr;
+	struct sta_info *sta;
+	int resp;
+
+	hdr = (pimdev_hdr *) buf;
+	mlme = (struct obj_mlmeex *) &hdr[1];
+	if (len < sizeof(*mlme)) {
+		printf("bad auth packet\n");
+		return;
+	}
+
+	if (mlme->state == htons(DOT11_STATE_AUTHING)) {
+		sta = ap_sta_add(drv->hapd, (u8 *) &mlme->address[0]);
+		if (drv->hapd->tkip_countermeasures) {
+			resp = WLAN_REASON_MICHAEL_MIC_FAILURE;
+			goto fail;
+		}
+		mac_id_refresh(drv, mlme->id, &mlme->address[0]);
+		if (!sta) {
+			resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+			goto fail;
+		}
+		sta->flags &= ~WLAN_STA_PREAUTH;
+		
+		ieee802_1x_notify_pre_auth(sta->eapol_sm, 0);
+		sta->flags |= WLAN_STA_AUTH;
+		wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
+		mlme->code = 0;
+		mlme->state=htons(DOT11_STATE_AUTH);
+		hdr->op = htonl(PIMOP_SET);
+		hdr->oid = htonl(DOT11_OID_AUTHENTICATEEX);
+		mlme->size = 0;
+		sta->timeout_next = STA_NULLFUNC;
+		send(drv->pim_sock, hdr, sizeof(*hdr) + sizeof(*mlme), 0);
+	}
+	return;
+
+fail:
+	printf("auth fail: %x\n", resp);
+	mlme->code = host_to_le16(resp);
+	mlme->size = 0;
+	if (sta)
+		sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
+	hdr->oid = htonl(DOT11_OID_DEAUTHENTICATEEX);
+	hdr->op = htonl(PIMOP_SET);
+	send(drv->pim_sock, hdr, sizeof(*hdr)+sizeof(*mlme), 0);
+}
+
+
+/* do the wpa thing */
+static void prism54_handle_assoc(struct prism54_driver_data *drv,
+				 void *buf, size_t len)
+{
+	pimdev_hdr *hdr;
+	struct obj_mlmeex *mlme;
+	struct ieee802_11_elems elems;
+	struct sta_info *sta;
+	u8 *wpa_ie;
+	u8 *cb;
+	int ieofs = 0;
+	size_t wpa_ie_len;
+	int resp, new_assoc;
+	char *mac_id;
+
+	resp = 0;
+	hdr = (pimdev_hdr *) buf;
+	mlme = (struct obj_mlmeex *) &hdr[1];
+	switch (ntohl(hdr->oid)) {
+		case DOT11_OID_ASSOCIATE:
+		case DOT11_OID_REASSOCIATE:
+			mlme->size = 0;
+		default:
+			break;
+	}
+	if ((mlme->state == (int) htonl(DOT11_STATE_ASSOCING)) ||
+	    (mlme->state == (int) htonl(DOT11_STATE_REASSOCING))) {
+		if (len < sizeof(pimdev_hdr) + sizeof(struct obj_mlme)) {
+			printf("bad assoc packet\n");
+			return;
+		}
+		mac_id = mac_id_get(drv, mlme->id);
+		if (mac_id == NULL)
+			return;
+		memcpy(&mlme->address[0], mac_id, ETH_ALEN);
+		sta = ap_get_sta(drv->hapd, (u8 *) &mlme->address[0]);
+		if (sta == NULL) {
+			printf("cannot get sta\n");
+			return;
+		}
+		cb = (u8 *) &mlme->data[0];
+		if (hdr->oid == htonl(DOT11_OID_ASSOCIATEEX)) {
+			ieofs = 4;
+		} else if (hdr->oid == htonl(DOT11_OID_REASSOCIATEEX)) {
+			ieofs = 10;
+		}
+		if (le_to_host16(mlme->size) <= ieofs) {
+			printf("attach too small\n");
+			resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+			goto fail;
+		}
+		if (ieee802_11_parse_elems(drv->hapd, cb + ieofs,
+					   le_to_host16(mlme->size) - ieofs,
+					   &elems, 1) == ParseFailed) {
+			printf("STA " MACSTR " sent invalid association "
+			       "request\n", MAC2STR(sta->addr));
+			resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+			goto fail;
+		}
+		if ((drv->hapd->conf->wpa & WPA_PROTO_RSN) &&
+		    elems.rsn_ie) {
+			wpa_ie = elems.rsn_ie;
+			wpa_ie_len = elems.rsn_ie_len;
+		} else if ((drv->hapd->conf->wpa & WPA_PROTO_WPA) &&
+			   elems.wpa_ie) {
+			wpa_ie = elems.wpa_ie;
+			wpa_ie_len = elems.wpa_ie_len;
+		} else {
+			wpa_ie = NULL;
+			wpa_ie_len = 0;
+		}
+		if (drv->hapd->conf->wpa && wpa_ie == NULL) {
+			printf("STA " MACSTR ": No WPA/RSN IE in association "
+			       "request\n", MAC2STR(sta->addr));
+			resp = WLAN_STATUS_INVALID_IE;
+			goto fail;
+		}
+		if (drv->hapd->conf->wpa) {
+			int res;
+			wpa_ie -= 2;
+			wpa_ie_len += 2;
+			if (sta->wpa_sm == NULL)
+				sta->wpa_sm = wpa_auth_sta_init(
+					drv->hapd->wpa_auth, sta->addr);
+			if (sta->wpa_sm == NULL) {
+				printf("Failed to initialize WPA state "
+				       "machine\n");
+				resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+				goto fail;
+			}
+			res = wpa_validate_wpa_ie(drv->hapd->wpa_auth,
+						  sta->wpa_sm,
+						  wpa_ie, wpa_ie_len,
+						  NULL, 0);
+			if (res == WPA_INVALID_GROUP)
+				resp = WLAN_STATUS_GROUP_CIPHER_NOT_VALID;
+			else if (res == WPA_INVALID_PAIRWISE)
+				resp = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID;
+			else if (res == WPA_INVALID_AKMP)
+				resp = WLAN_STATUS_AKMP_NOT_VALID;
+			else if (res == WPA_ALLOC_FAIL)
+				resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+			else if (res != WPA_IE_OK)
+				resp = WLAN_STATUS_INVALID_IE;
+			if (resp != WLAN_STATUS_SUCCESS)
+				goto fail;
+		}
+		hdr->oid = (hdr->oid == htonl(DOT11_OID_ASSOCIATEEX)) ?
+			htonl(DOT11_OID_ASSOCIATEEX) :
+			htonl(DOT11_OID_REASSOCIATEEX);
+		hdr->op = htonl(PIMOP_SET);
+		mlme->code = 0;
+		mlme->state = htons(DOT11_STATE_ASSOC);
+		mlme->size = 0;
+		send(drv->pim_sock, hdr, sizeof(*hdr) + sizeof(*mlme), 0);
+		return;
+	} else if (mlme->state==htons(DOT11_STATE_ASSOC)) {
+		if (len < sizeof(pimdev_hdr) + sizeof(struct obj_mlme)) {
+			printf("bad assoc packet\n");
+			return;
+		}
+		mac_id = mac_id_get(drv, mlme->id);
+		if (mac_id == NULL)
+			return;
+		memcpy(&mlme->address[0], mac_id, ETH_ALEN);
+		sta = ap_get_sta(drv->hapd, (u8 *) &mlme->address[0]);
+		if (sta == NULL) {
+			printf("cannot get sta\n");
+			return;
+		}
+		new_assoc = (sta->flags & WLAN_STA_ASSOC) == 0;
+		sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC;
+		wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC);
+		hostapd_new_assoc_sta(drv->hapd, sta, !new_assoc);
+		ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
+		sta->timeout_next = STA_NULLFUNC;
+		return;
+	}
+	return;
+
+fail:
+	printf("Prism54: assoc fail: %x\n", resp);
+	mlme->code = host_to_le16(resp);
+	mlme->size = 0;
+	mlme->state = htons(DOT11_STATE_ASSOCING);
+	hdr->oid = htonl(DOT11_OID_DISASSOCIATEEX);
+	hdr->op = htonl(PIMOP_SET);
+	sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
+	send(drv->pim_sock, hdr, sizeof(*hdr) + sizeof(*mlme), 0);
+}
+
+
+static void handle_pim(int sock, void *eloop_ctx, void *sock_ctx)
+{
+	struct prism54_driver_data *drv = eloop_ctx;
+	int len;
+	pimdev_hdr *hdr;
+
+	hdr = malloc(PIM_BUF_SIZE);
+	if (hdr == NULL)
+		return;
+	len = recv(sock, hdr, PIM_BUF_SIZE, 0);
+	if (len < 0) {
+		perror("recv");
+		free(hdr);
+		return;
+	}
+	if (len < 8) {
+		printf("handle_pim: too short (%d)\n", len);
+		free(hdr);
+		return;
+	}
+
+	if (hdr->op != (int) htonl(PIMOP_TRAP)) {
+		free(hdr);
+		return;
+	}
+	switch (ntohl(hdr->oid)) {
+		case DOT11_OID_PROBE:
+			prism54_handle_probe(drv, hdr, len);
+			break;
+		case DOT11_OID_DEAUTHENTICATEEX:
+		case DOT11_OID_DEAUTHENTICATE:
+			prism54_handle_deauth(drv, hdr, len);
+			break;
+		case DOT11_OID_DISASSOCIATEEX:
+		case DOT11_OID_DISASSOCIATE:
+			prism54_handle_disassoc(drv, hdr, len);
+			break;
+		case DOT11_OID_AUTHENTICATEEX:
+		case DOT11_OID_AUTHENTICATE:
+			prism54_handle_auth(drv, hdr, len);
+			break;
+		case DOT11_OID_ASSOCIATEEX:
+		case DOT11_OID_REASSOCIATEEX:
+		case DOT11_OID_ASSOCIATE:
+		case DOT11_OID_REASSOCIATE:
+			prism54_handle_assoc(drv, hdr, len);
+		default:
+			break;
+	}
+
+	free(hdr);
+}
+
+
+static void handle_802_3(int sock, void *eloop_ctx, void *sock_ctx)
+{
+	struct hostapd_data *hapd = (struct hostapd_data *) eloop_ctx;
+	int len;
+	ieee802_3_hdr *hdr;
+
+	hdr = malloc(PIM_BUF_SIZE);
+	if (hdr == NULL)
+		return;
+	len = recv(sock, hdr, PIM_BUF_SIZE, 0);
+	if (len < 0) {
+		perror("recv");
+		free(hdr);
+		return;
+	}
+        if (len < 14) {
+                wpa_printf(MSG_MSGDUMP, "handle_802_3: too short (%d)", len);
+		free(hdr);
+                return;
+        }
+        if (hdr->type == htons(ETH_P_PAE)) {
+                ieee802_1x_receive(hapd, (u8 *) &hdr->sa[0], (u8 *) &hdr[1],
+				   len - sizeof(*hdr));
+        }
+	free(hdr);
+}
+
+
+static int prism54_init_sockets(struct prism54_driver_data *drv)
+{
+	struct hostapd_data *hapd = drv->hapd;
+	struct ifreq ifr;
+	struct sockaddr_ll addr;
+
+	drv->sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_PAE));
+	if (drv->sock < 0) {
+		perror("socket[PF_PACKET,SOCK_RAW]");
+		return -1;
+	}
+
+	if (eloop_register_read_sock(drv->sock, handle_802_3, drv->hapd, NULL))
+	{
+		printf("Could not register read socket\n");
+		return -1;
+	}
+
+        memset(&ifr, 0, sizeof(ifr));
+	if (hapd->conf->bridge[0] != '\0') {
+		printf("opening bridge: %s\n", hapd->conf->bridge);
+		os_strlcpy(ifr.ifr_name, hapd->conf->bridge,
+			   sizeof(ifr.ifr_name));
+	} else {
+		os_strlcpy(ifr.ifr_name, drv->iface, sizeof(ifr.ifr_name));
+	}
+        if (ioctl(drv->sock, SIOCGIFINDEX, &ifr) != 0) {
+		perror("ioctl(SIOCGIFINDEX)");
+		return -1;
+        }
+
+	memset(&addr, 0, sizeof(addr));
+	addr.sll_family = AF_PACKET;
+	addr.sll_ifindex = ifr.ifr_ifindex;
+	addr.sll_protocol = htons(ETH_P_PAE);
+	wpa_printf(MSG_DEBUG, "Opening raw packet socket for ifindex %d",
+		   addr.sll_ifindex);
+
+	if (bind(drv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
+		perror("bind");
+		return -1;
+	}
+
+        memset(&ifr, 0, sizeof(ifr));
+        os_strlcpy(ifr.ifr_name, drv->iface, sizeof(ifr.ifr_name));
+        if (ioctl(drv->sock, SIOCGIFHWADDR, &ifr) != 0) {
+		perror("ioctl(SIOCGIFHWADDR)");
+		return -1;
+        }
+
+	if (ifr.ifr_hwaddr.sa_family != ARPHRD_ETHER) {
+		printf("Invalid HW-addr family 0x%04x\n",
+		       ifr.ifr_hwaddr.sa_family);
+		return -1;
+	}
+	memcpy(drv->hapd->own_addr, ifr.ifr_hwaddr.sa_data, ETH_ALEN);
+
+	drv->pim_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
+	if (drv->pim_sock < 0) {
+		perror("socket[PF_PACKET,SOCK_RAW]");
+		return -1;
+	}
+
+	if (eloop_register_read_sock(drv->pim_sock, handle_pim, drv, NULL)) {
+		printf("Could not register read socket\n");
+		return -1;
+	}
+
+        memset(&ifr, 0, sizeof(ifr));
+        snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%sap", drv->iface);
+        if (ioctl(drv->pim_sock, SIOCGIFINDEX, &ifr) != 0) {
+		perror("ioctl(SIOCGIFINDEX)");
+		return -1;
+        }
+
+	memset(&addr, 0, sizeof(addr));
+	addr.sll_family = AF_PACKET;
+	addr.sll_ifindex = ifr.ifr_ifindex;
+	addr.sll_protocol = htons(ETH_P_ALL);
+	wpa_printf(MSG_DEBUG, "Opening raw packet socket for ifindex %d",
+		   addr.sll_ifindex);
+
+	if (bind(drv->pim_sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
+		perror("bind");
+		return -1;
+	}
+
+	return 0;
+}
+
+
+static void * prism54_driver_init(struct hostapd_data *hapd)
+{
+	struct prism54_driver_data *drv;
+
+	drv = os_zalloc(sizeof(struct prism54_driver_data));
+	if (drv == NULL) {
+		printf("Could not allocate memory for hostapd Prism54 driver "
+		       "data\n");
+		return NULL;
+	}
+
+	drv->hapd = hapd;
+	drv->pim_sock = drv->sock = -1;
+	memcpy(drv->iface, hapd->conf->iface, sizeof(drv->iface));
+
+	if (prism54_init_sockets(drv)) {
+		free(drv);
+		return NULL;
+	}
+	prism54_init_1x(drv);
+	/* must clean previous elems */
+	hostapd_set_generic_elem(hapd, NULL, 0);
+
+	return drv;
+}
+
+
+static void prism54_driver_deinit(void *priv)
+{
+	struct prism54_driver_data *drv = priv;
+
+	if (drv->pim_sock >= 0)
+		close(drv->pim_sock);
+
+	if (drv->sock >= 0)
+		close(drv->sock);
+	
+	free(drv);
+}
+
+
+const struct wpa_driver_ops wpa_driver_prism54_ops = {
+	.name = "prism54",
+	.init = prism54_driver_init,
+	.deinit = prism54_driver_deinit,
+	/* .set_ieee8021x = prism54_init_1x, */
+	.set_privacy = prism54_set_privacy_invoked,
+	.set_encryption = prism54_set_encryption,
+	.get_seqnum = prism54_get_seqnum,
+	.flush = prism54_flush,
+	.set_generic_elem = prism54_set_generic_elem,
+	.send_eapol = prism54_send_eapol,
+	.sta_set_flags = prism54_sta_set_flags,
+	.sta_deauth = prism54_sta_deauth,
+	.sta_disassoc = prism54_sta_disassoc,
+	.set_ssid = prism54_ioctl_setiwessid,
+	.get_inact_sec = prism54_get_inact_sec,
+};

hostapd/driver_test.c

@@ -0,0 +1,1167 @@
+/*
+ * hostapd / Driver interface for development testing
+ * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <sys/un.h>
+#include <dirent.h>
+
+#include "hostapd.h"
+#include "driver.h"
+#include "sha1.h"
+#include "eloop.h"
+#include "ieee802_1x.h"
+#include "sta_info.h"
+#include "wpa.h"
+#include "accounting.h"
+#include "radius/radius.h"
+#include "l2_packet/l2_packet.h"
+#include "ieee802_11.h"
+#include "hw_features.h"
+
+
+struct test_client_socket {
+	struct test_client_socket *next;
+	u8 addr[ETH_ALEN];
+	struct sockaddr_un un;
+	socklen_t unlen;
+	struct test_driver_bss *bss;
+};
+
+struct test_driver_bss {
+	struct test_driver_bss *next;
+	char ifname[IFNAMSIZ + 1];
+	u8 bssid[ETH_ALEN];
+	u8 *ie;
+	size_t ielen;
+	u8 ssid[32];
+	size_t ssid_len;
+	int privacy;
+};
+
+struct test_driver_data {
+	struct hostapd_data *hapd;
+	struct test_client_socket *cli;
+	int test_socket;
+	struct test_driver_bss *bss;
+	char *socket_dir;
+	char *own_socket_path;
+};
+
+
+static void test_driver_free_bss(struct test_driver_bss *bss)
+{
+	free(bss->ie);
+	free(bss);
+}
+
+
+static void test_driver_free_priv(struct test_driver_data *drv)
+{
+	struct test_driver_bss *bss, *prev;
+
+	if (drv == NULL)
+		return;
+
+	bss = drv->bss;
+	while (bss) {
+		prev = bss;
+		bss = bss->next;
+		test_driver_free_bss(prev);
+	}
+	free(drv->own_socket_path);
+	free(drv->socket_dir);
+	free(drv);
+}
+
+
+static struct test_client_socket *
+test_driver_get_cli(struct test_driver_data *drv, struct sockaddr_un *from,
+		    socklen_t fromlen)
+{
+	struct test_client_socket *cli = drv->cli;
+
+	while (cli) {
+		if (cli->unlen == fromlen &&
+		    strncmp(cli->un.sun_path, from->sun_path,
+			    fromlen - sizeof(cli->un.sun_family)) == 0)
+			return cli;
+		cli = cli->next;
+	}
+
+	return NULL;
+}
+
+
+static int test_driver_send_eapol(void *priv, const u8 *addr, const u8 *data,
+				  size_t data_len, int encrypt,
+				  const u8 *own_addr)
+{
+	struct test_driver_data *drv = priv;
+	struct test_client_socket *cli;
+	struct msghdr msg;
+	struct iovec io[3];
+	struct l2_ethhdr eth;
+
+	if (drv->test_socket < 0)
+		return -1;
+
+	cli = drv->cli;
+	while (cli) {
+		if (memcmp(cli->addr, addr, ETH_ALEN) == 0)
+			break;
+		cli = cli->next;
+	}
+
+	if (!cli) {
+		wpa_printf(MSG_DEBUG, "%s: no destination client entry",
+			   __func__);
+		return -1;
+	}
+
+	memcpy(eth.h_dest, addr, ETH_ALEN);
+	memcpy(eth.h_source, own_addr, ETH_ALEN);
+	eth.h_proto = htons(ETH_P_EAPOL);
+
+	io[0].iov_base = "EAPOL ";
+	io[0].iov_len = 6;
+	io[1].iov_base = &eth;
+	io[1].iov_len = sizeof(eth);
+	io[2].iov_base = (u8 *) data;
+	io[2].iov_len = data_len;
+
+	memset(&msg, 0, sizeof(msg));
+	msg.msg_iov = io;
+	msg.msg_iovlen = 3;
+	msg.msg_name = &cli->un;
+	msg.msg_namelen = cli->unlen;
+	return sendmsg(drv->test_socket, &msg, 0);
+}
+
+
+static int test_driver_send_ether(void *priv, const u8 *dst, const u8 *src,
+				  u16 proto, const u8 *data, size_t data_len)
+{
+	struct test_driver_data *drv = priv;
+	struct msghdr msg;
+	struct iovec io[3];
+	struct l2_ethhdr eth;
+	char desttxt[30];
+	struct sockaddr_un addr;
+	struct dirent *dent;
+	DIR *dir;
+	int ret = 0, broadcast = 0, count = 0;
+
+	if (drv->test_socket < 0 || drv->socket_dir == NULL) {
+		wpa_printf(MSG_DEBUG, "%s: invalid parameters (sock=%d "
+			   "socket_dir=%p)",
+			   __func__, drv->test_socket, drv->socket_dir);
+		return -1;
+	}
+
+	broadcast = memcmp(dst, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0;
+	snprintf(desttxt, sizeof(desttxt), MACSTR, MAC2STR(dst));
+
+	memcpy(eth.h_dest, dst, ETH_ALEN);
+	memcpy(eth.h_source, src, ETH_ALEN);
+	eth.h_proto = htons(proto);
+
+	io[0].iov_base = "ETHER ";
+	io[0].iov_len = 6;
+	io[1].iov_base = &eth;
+	io[1].iov_len = sizeof(eth);
+	io[2].iov_base = (u8 *) data;
+	io[2].iov_len = data_len;
+
+	memset(&msg, 0, sizeof(msg));
+	msg.msg_iov = io;
+	msg.msg_iovlen = 3;
+
+	dir = opendir(drv->socket_dir);
+	if (dir == NULL) {
+		perror("test_driver: opendir");
+		return -1;
+	}
+	while ((dent = readdir(dir))) {
+#ifdef _DIRENT_HAVE_D_TYPE
+		/* Skip the file if it is not a socket. Also accept
+		 * DT_UNKNOWN (0) in case the C library or underlying file
+		 * system does not support d_type. */
+		if (dent->d_type != DT_SOCK && dent->d_type != DT_UNKNOWN)
+			continue;
+#endif /* _DIRENT_HAVE_D_TYPE */
+		if (strcmp(dent->d_name, ".") == 0 ||
+		    strcmp(dent->d_name, "..") == 0)
+			continue;
+
+		memset(&addr, 0, sizeof(addr));
+		addr.sun_family = AF_UNIX;
+		snprintf(addr.sun_path, sizeof(addr.sun_path), "%s/%s",
+			 drv->socket_dir, dent->d_name);
+
+		if (strcmp(addr.sun_path, drv->own_socket_path) == 0)
+			continue;
+		if (!broadcast && strstr(dent->d_name, desttxt) == NULL)
+			continue;
+
+		wpa_printf(MSG_DEBUG, "%s: Send ether frame to %s",
+			   __func__, dent->d_name);
+
+		msg.msg_name = &addr;
+		msg.msg_namelen = sizeof(addr);
+		ret = sendmsg(drv->test_socket, &msg, 0);
+		if (ret < 0)
+			perror("driver_test: sendmsg");
+		count++;
+	}
+	closedir(dir);
+
+	if (!broadcast && count == 0) {
+		wpa_printf(MSG_DEBUG, "%s: Destination " MACSTR " not found",
+			   __func__, MAC2STR(dst));
+		return -1;
+	}
+
+	return ret;
+}
+
+
+static int test_driver_send_mgmt_frame(void *priv, const void *buf,
+				       size_t len, int flags)
+{
+	struct test_driver_data *drv = priv;
+	struct msghdr msg;
+	struct iovec io[2];
+	const u8 *dest;
+	int ret = 0, broadcast = 0;
+	char desttxt[30];
+	struct sockaddr_un addr;
+	struct dirent *dent;
+	DIR *dir;
+	struct ieee80211_hdr *hdr;
+	u16 fc;
+
+	if (drv->test_socket < 0 || len < 10 || drv->socket_dir == NULL) {
+		wpa_printf(MSG_DEBUG, "%s: invalid parameters (sock=%d len=%lu"
+			   " socket_dir=%p)",
+			   __func__, drv->test_socket, (unsigned long) len,
+			   drv->socket_dir);
+		return -1;
+	}
+
+	dest = buf;
+	dest += 4;
+	broadcast = memcmp(dest, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0;
+	snprintf(desttxt, sizeof(desttxt), MACSTR, MAC2STR(dest));
+
+	io[0].iov_base = "MLME ";
+	io[0].iov_len = 5;
+	io[1].iov_base = (void *) buf;
+	io[1].iov_len = len;
+
+	memset(&msg, 0, sizeof(msg));
+	msg.msg_iov = io;
+	msg.msg_iovlen = 2;
+
+	dir = opendir(drv->socket_dir);
+	if (dir == NULL) {
+		perror("test_driver: opendir");
+		return -1;
+	}
+	while ((dent = readdir(dir))) {
+#ifdef _DIRENT_HAVE_D_TYPE
+		/* Skip the file if it is not a socket. Also accept
+		 * DT_UNKNOWN (0) in case the C library or underlying file
+		 * system does not support d_type. */
+		if (dent->d_type != DT_SOCK && dent->d_type != DT_UNKNOWN)
+			continue;
+#endif /* _DIRENT_HAVE_D_TYPE */
+		if (strcmp(dent->d_name, ".") == 0 ||
+		    strcmp(dent->d_name, "..") == 0)
+			continue;
+
+		memset(&addr, 0, sizeof(addr));
+		addr.sun_family = AF_UNIX;
+		snprintf(addr.sun_path, sizeof(addr.sun_path), "%s/%s",
+			 drv->socket_dir, dent->d_name);
+
+		if (strcmp(addr.sun_path, drv->own_socket_path) == 0)
+			continue;
+		if (!broadcast && strstr(dent->d_name, desttxt) == NULL)
+			continue;
+
+		wpa_printf(MSG_DEBUG, "%s: Send management frame to %s",
+			   __func__, dent->d_name);
+
+		msg.msg_name = &addr;
+		msg.msg_namelen = sizeof(addr);
+		ret = sendmsg(drv->test_socket, &msg, 0);
+		if (ret < 0)
+			perror("driver_test: sendmsg");
+	}
+	closedir(dir);
+
+	hdr = (struct ieee80211_hdr *) buf;
+	fc = le_to_host16(hdr->frame_control);
+	ieee802_11_mgmt_cb(drv->hapd, (u8 *) buf, len, WLAN_FC_GET_STYPE(fc),
+			   ret >= 0);
+
+	return ret;
+}
+
+
+static void test_driver_scan(struct test_driver_data *drv,
+			     struct sockaddr_un *from, socklen_t fromlen)
+{
+	char buf[512], *pos, *end;
+	int ret;
+	struct test_driver_bss *bss;
+
+	wpa_printf(MSG_DEBUG, "test_driver: SCAN");
+
+	for (bss = drv->bss; bss; bss = bss->next) {
+		pos = buf;
+		end = buf + sizeof(buf);
+
+		/* reply: SCANRESP BSSID SSID IEs */
+		ret = snprintf(pos, end - pos, "SCANRESP " MACSTR " ",
+			       MAC2STR(bss->bssid));
+		if (ret < 0 || ret >= end - pos)
+			return;
+		pos += ret;
+		pos += wpa_snprintf_hex(pos, end - pos,
+					bss->ssid, bss->ssid_len);
+		ret = snprintf(pos, end - pos, " ");
+		if (ret < 0 || ret >= end - pos)
+			return;
+		pos += ret;
+		pos += wpa_snprintf_hex(pos, end - pos, bss->ie, bss->ielen);
+
+		if (bss->privacy) {
+			ret = snprintf(pos, end - pos, " PRIVACY");
+			if (ret < 0 || ret >= end - pos)
+				return;
+			pos += ret;
+		}
+
+		sendto(drv->test_socket, buf, pos - buf, 0,
+		       (struct sockaddr *) from, fromlen);
+	}
+}
+
+
+static struct hostapd_data * test_driver_get_hapd(struct test_driver_data *drv,
+						  struct test_driver_bss *bss)
+{
+	struct hostapd_iface *iface = drv->hapd->iface;
+	struct hostapd_data *hapd = NULL;
+	size_t i;
+
+	if (bss == NULL) {
+		wpa_printf(MSG_DEBUG, "%s: bss == NULL", __func__);
+		return NULL;
+	}
+
+	for (i = 0; i < iface->num_bss; i++) {
+		hapd = iface->bss[i];
+		if (memcmp(hapd->own_addr, bss->bssid, ETH_ALEN) == 0)
+			break;
+	}
+	if (i == iface->num_bss) {
+		wpa_printf(MSG_DEBUG, "%s: no matching interface entry found "
+			   "for BSSID " MACSTR, __func__, MAC2STR(bss->bssid));
+		return NULL;
+	}
+
+	return hapd;
+}
+
+
+static int test_driver_new_sta(struct test_driver_data *drv,
+			       struct test_driver_bss *bss, const u8 *addr,
+			       const u8 *ie, size_t ielen)
+{
+	struct hostapd_data *hapd;
+	struct sta_info *sta;
+	int new_assoc, res;
+
+	hapd = test_driver_get_hapd(drv, bss);
+	if (hapd == NULL)
+		return -1;
+
+	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
+		HOSTAPD_LEVEL_INFO, "associated");
+
+	sta = ap_get_sta(hapd, addr);
+	if (sta) {
+		accounting_sta_stop(hapd, sta);
+	} else {
+		sta = ap_sta_add(hapd, addr);
+		if (sta == NULL)
+			return -1;
+	}
+	accounting_sta_get_id(hapd, sta);
+
+	if (hapd->conf->wpa) {
+		if (ie == NULL || ielen == 0) {
+			printf("test_driver: no IE from STA\n");
+			return -1;
+		}
+		if (sta->wpa_sm == NULL)
+			sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
+							sta->addr);
+		if (sta->wpa_sm == NULL) {
+			printf("test_driver: Failed to initialize WPA state "
+			       "machine\n");
+			return -1;
+		}
+		res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
+					  ie, ielen, NULL, 0);
+		if (res != WPA_IE_OK) {
+			printf("WPA/RSN information element rejected? "
+			       "(res %u)\n", res);
+			return -1;
+		}
+	}
+
+	new_assoc = (sta->flags & WLAN_STA_ASSOC) == 0;
+	sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC;
+	wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC);
+
+	hostapd_new_assoc_sta(hapd, sta, !new_assoc);
+
+	ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
+
+	return 0;
+}
+
+
+static void test_driver_assoc(struct test_driver_data *drv,
+			      struct sockaddr_un *from, socklen_t fromlen,
+			      char *data)
+{
+	struct test_client_socket *cli;
+	u8 ie[256], ssid[32];
+	size_t ielen, ssid_len = 0;
+	char *pos, *pos2, cmd[50];
+	struct test_driver_bss *bss;
+
+	/* data: STA-addr SSID(hex) IEs(hex) */
+
+	cli = os_zalloc(sizeof(*cli));
+	if (cli == NULL)
+		return;
+
+	if (hwaddr_aton(data, cli->addr)) {
+		printf("test_socket: Invalid MAC address '%s' in ASSOC\n",
+		       data);
+		free(cli);
+		return;
+	}
+	pos = data + 17;
+	while (*pos == ' ')
+		pos++;
+	pos2 = strchr(pos, ' ');
+	ielen = 0;
+	if (pos2) {
+		ssid_len = (pos2 - pos) / 2;
+		if (hexstr2bin(pos, ssid, ssid_len) < 0) {
+			wpa_printf(MSG_DEBUG, "%s: Invalid SSID", __func__);
+			free(cli);
+			return;
+		}
+		wpa_hexdump_ascii(MSG_DEBUG, "test_driver_assoc: SSID",
+				  ssid, ssid_len);
+
+		pos = pos2 + 1;
+		ielen = strlen(pos) / 2;
+		if (ielen > sizeof(ie))
+			ielen = sizeof(ie);
+		if (hexstr2bin(pos, ie, ielen) < 0)
+			ielen = 0;
+	}
+
+	for (bss = drv->bss; bss; bss = bss->next) {
+		if (bss->ssid_len == ssid_len &&
+		    memcmp(bss->ssid, ssid, ssid_len) == 0)
+			break;
+	}
+	if (bss == NULL) {
+		wpa_printf(MSG_DEBUG, "%s: No matching SSID found from "
+			   "configured BSSes", __func__);
+		free(cli);
+		return;
+	}
+
+	cli->bss = bss;
+	memcpy(&cli->un, from, sizeof(cli->un));
+	cli->unlen = fromlen;
+	cli->next = drv->cli;
+	drv->cli = cli;
+	wpa_hexdump_ascii(MSG_DEBUG, "test_socket: ASSOC sun_path",
+			  (const u8 *) cli->un.sun_path,
+			  cli->unlen - sizeof(cli->un.sun_family));
+
+	snprintf(cmd, sizeof(cmd), "ASSOCRESP " MACSTR " 0",
+		 MAC2STR(bss->bssid));
+	sendto(drv->test_socket, cmd, strlen(cmd), 0,
+	       (struct sockaddr *) from, fromlen);
+
+	if (test_driver_new_sta(drv, bss, cli->addr, ie, ielen) < 0) {
+		wpa_printf(MSG_DEBUG, "test_driver: failed to add new STA");
+	}
+}
+
+
+static void test_driver_disassoc(struct test_driver_data *drv,
+				 struct sockaddr_un *from, socklen_t fromlen)
+{
+	struct test_client_socket *cli;
+	struct sta_info *sta;
+
+	cli = test_driver_get_cli(drv, from, fromlen);
+	if (!cli)
+		return;
+
+	hostapd_logger(drv->hapd, cli->addr, HOSTAPD_MODULE_IEEE80211,
+		       HOSTAPD_LEVEL_INFO, "disassociated");
+
+	sta = ap_get_sta(drv->hapd, cli->addr);
+	if (sta != NULL) {
+		sta->flags &= ~WLAN_STA_ASSOC;
+		wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC);
+		sta->acct_terminate_cause =
+			RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
+		ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
+		ap_free_sta(drv->hapd, sta);
+	}
+}
+
+
+static void test_driver_eapol(struct test_driver_data *drv,
+			      struct sockaddr_un *from, socklen_t fromlen,
+			      u8 *data, size_t datalen)
+{
+	struct test_client_socket *cli;
+	if (datalen > 14) {
+		u8 *proto = data + 2 * ETH_ALEN;
+		/* Skip Ethernet header */
+		wpa_printf(MSG_DEBUG, "test_driver: dst=" MACSTR " src="
+			   MACSTR " proto=%04x",
+			   MAC2STR(data), MAC2STR(data + ETH_ALEN),
+			   WPA_GET_BE16(proto));
+		data += 14;
+		datalen -= 14;
+	}
+	cli = test_driver_get_cli(drv, from, fromlen);
+	if (cli) {
+		struct hostapd_data *hapd;
+		hapd = test_driver_get_hapd(drv, cli->bss);
+		if (hapd == NULL)
+			return;
+		ieee802_1x_receive(hapd, cli->addr, data, datalen);
+	} else {
+		wpa_printf(MSG_DEBUG, "test_socket: EAPOL from unknown "
+			   "client");
+	}
+}
+
+
+static void test_driver_ether(struct test_driver_data *drv,
+			      struct sockaddr_un *from, socklen_t fromlen,
+			      u8 *data, size_t datalen)
+{
+	struct l2_ethhdr *eth;
+
+	if (datalen < sizeof(*eth))
+		return;
+
+	eth = (struct l2_ethhdr *) data;
+	wpa_printf(MSG_DEBUG, "test_driver: RX ETHER dst=" MACSTR " src="
+		   MACSTR " proto=%04x",
+		   MAC2STR(eth->h_dest), MAC2STR(eth->h_source),
+		   be_to_host16(eth->h_proto));
+
+#ifdef CONFIG_IEEE80211R
+	if (be_to_host16(eth->h_proto) == ETH_P_RRB) {
+		wpa_ft_rrb_rx(drv->hapd->wpa_auth, eth->h_source,
+			      data + sizeof(*eth), datalen - sizeof(*eth));
+	}
+#endif /* CONFIG_IEEE80211R */
+}
+
+
+static void test_driver_mlme(struct test_driver_data *drv,
+			     struct sockaddr_un *from, socklen_t fromlen,
+			     u8 *data, size_t datalen)
+{
+	struct ieee80211_hdr *hdr;
+	u16 fc;
+
+	hdr = (struct ieee80211_hdr *) data;
+
+	if (test_driver_get_cli(drv, from, fromlen) == NULL && datalen >= 16) {
+		struct test_client_socket *cli;
+		cli = os_zalloc(sizeof(*cli));
+		if (cli == NULL)
+			return;
+		wpa_printf(MSG_DEBUG, "Adding client entry for " MACSTR,
+			   MAC2STR(hdr->addr2));
+		memcpy(cli->addr, hdr->addr2, ETH_ALEN);
+		memcpy(&cli->un, from, sizeof(cli->un));
+		cli->unlen = fromlen;
+		cli->next = drv->cli;
+		drv->cli = cli;
+	}
+
+	wpa_hexdump(MSG_MSGDUMP, "test_driver_mlme: received frame",
+		    data, datalen);
+	fc = le_to_host16(hdr->frame_control);
+	if (WLAN_FC_GET_TYPE(fc) != WLAN_FC_TYPE_MGMT) {
+		wpa_printf(MSG_ERROR, "%s: received non-mgmt frame",
+			   __func__);
+		return;
+	}
+	ieee802_11_mgmt(drv->hapd, data, datalen, WLAN_FC_GET_STYPE(fc), NULL);
+}
+
+
+static void test_driver_receive_unix(int sock, void *eloop_ctx, void *sock_ctx)
+{
+	struct test_driver_data *drv = eloop_ctx;
+	char buf[2000];
+	int res;
+	struct sockaddr_un from;
+	socklen_t fromlen = sizeof(from);
+
+	res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
+		       (struct sockaddr *) &from, &fromlen);
+	if (res < 0) {
+		perror("recvfrom(test_socket)");
+		return;
+	}
+	buf[res] = '\0';
+
+	wpa_printf(MSG_DEBUG, "test_driver: received %u bytes", res);
+
+	if (strcmp(buf, "SCAN") == 0) {
+		test_driver_scan(drv, &from, fromlen);
+	} else if (strncmp(buf, "ASSOC ", 6) == 0) {
+		test_driver_assoc(drv, &from, fromlen, buf + 6);
+	} else if (strcmp(buf, "DISASSOC") == 0) {
+		test_driver_disassoc(drv, &from, fromlen);
+	} else if (strncmp(buf, "EAPOL ", 6) == 0) {
+		test_driver_eapol(drv, &from, fromlen, (u8 *) buf + 6,
+				  res - 6);
+	} else if (strncmp(buf, "ETHER ", 6) == 0) {
+		test_driver_ether(drv, &from, fromlen, (u8 *) buf + 6,
+				  res - 6);
+	} else if (strncmp(buf, "MLME ", 5) == 0) {
+		test_driver_mlme(drv, &from, fromlen, (u8 *) buf + 5, res - 5);
+	} else {
+		wpa_hexdump_ascii(MSG_DEBUG, "Unknown test_socket command",
+				  (u8 *) buf, res);
+	}
+}
+
+
+static struct test_driver_bss *
+test_driver_get_bss(struct test_driver_data *drv, const char *ifname)
+{
+	struct test_driver_bss *bss;
+
+	for (bss = drv->bss; bss; bss = bss->next) {
+		if (strcmp(bss->ifname, ifname) == 0)
+			return bss;
+	}
+	return NULL;
+}
+
+
+static int test_driver_set_generic_elem(const char *ifname, void *priv,
+					const u8 *elem, size_t elem_len)
+{
+	struct test_driver_data *drv = priv;
+	struct test_driver_bss *bss;
+
+	bss = test_driver_get_bss(drv, ifname);
+	if (bss == NULL)
+		return -1;
+
+	free(bss->ie);
+
+	if (elem == NULL) {
+		bss->ie = NULL;
+		bss->ielen = 0;
+		return 0;
+	}
+
+	bss->ie = malloc(elem_len);
+	if (bss->ie == NULL) {
+		bss->ielen = 0;
+		return -1;
+	}
+
+	memcpy(bss->ie, elem, elem_len);
+	bss->ielen = elem_len;
+	return 0;
+}
+
+
+static int test_driver_sta_deauth(void *priv, const u8 *addr, int reason)
+{
+	struct test_driver_data *drv = priv;
+	struct test_client_socket *cli;
+
+	if (drv->test_socket < 0)
+		return -1;
+
+	cli = drv->cli;
+	while (cli) {
+		if (memcmp(cli->addr, addr, ETH_ALEN) == 0)
+			break;
+		cli = cli->next;
+	}
+
+	if (!cli)
+		return -1;
+
+	return sendto(drv->test_socket, "DEAUTH", 6, 0,
+		      (struct sockaddr *) &cli->un, cli->unlen);
+}
+
+
+static int test_driver_sta_disassoc(void *priv, const u8 *addr, int reason)
+{
+	struct test_driver_data *drv = priv;
+	struct test_client_socket *cli;
+
+	if (drv->test_socket < 0)
+		return -1;
+
+	cli = drv->cli;
+	while (cli) {
+		if (memcmp(cli->addr, addr, ETH_ALEN) == 0)
+			break;
+		cli = cli->next;
+	}
+
+	if (!cli)
+		return -1;
+
+	return sendto(drv->test_socket, "DISASSOC", 8, 0,
+		      (struct sockaddr *) &cli->un, cli->unlen);
+}
+
+
+static struct hostapd_hw_modes *
+test_driver_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
+{
+	struct hostapd_hw_modes *modes;
+
+	*num_modes = 3;
+	*flags = 0;
+	modes = os_zalloc(*num_modes * sizeof(struct hostapd_hw_modes));
+	if (modes == NULL)
+		return NULL;
+	modes[0].mode = HOSTAPD_MODE_IEEE80211G;
+	modes[0].num_channels = 1;
+	modes[0].num_rates = 1;
+	modes[0].channels = os_zalloc(sizeof(struct hostapd_channel_data));
+	modes[0].rates = os_zalloc(sizeof(struct hostapd_rate_data));
+	if (modes[0].channels == NULL || modes[0].rates == NULL) {
+		hostapd_free_hw_features(modes, *num_modes);
+		return NULL;
+	}
+	modes[0].channels[0].chan = 1;
+	modes[0].channels[0].freq = 2412;
+	modes[0].channels[0].flag = HOSTAPD_CHAN_W_SCAN |
+		HOSTAPD_CHAN_W_ACTIVE_SCAN;
+	modes[0].rates[0].rate = 10;
+	modes[0].rates[0].flags = HOSTAPD_RATE_BASIC | HOSTAPD_RATE_SUPPORTED |
+		HOSTAPD_RATE_CCK | HOSTAPD_RATE_MANDATORY;
+
+	modes[1].mode = HOSTAPD_MODE_IEEE80211B;
+	modes[1].num_channels = 1;
+	modes[1].num_rates = 1;
+	modes[1].channels = os_zalloc(sizeof(struct hostapd_channel_data));
+	modes[1].rates = os_zalloc(sizeof(struct hostapd_rate_data));
+	if (modes[1].channels == NULL || modes[1].rates == NULL) {
+		hostapd_free_hw_features(modes, *num_modes);
+		return NULL;
+	}
+	modes[1].channels[0].chan = 1;
+	modes[1].channels[0].freq = 2412;
+	modes[1].channels[0].flag = HOSTAPD_CHAN_W_SCAN |
+		HOSTAPD_CHAN_W_ACTIVE_SCAN;
+	modes[1].rates[0].rate = 10;
+	modes[1].rates[0].flags = HOSTAPD_RATE_BASIC | HOSTAPD_RATE_SUPPORTED |
+		HOSTAPD_RATE_CCK | HOSTAPD_RATE_MANDATORY;
+
+	modes[2].mode = HOSTAPD_MODE_IEEE80211A;
+	modes[2].num_channels = 1;
+	modes[2].num_rates = 1;
+	modes[2].channels = os_zalloc(sizeof(struct hostapd_channel_data));
+	modes[2].rates = os_zalloc(sizeof(struct hostapd_rate_data));
+	if (modes[2].channels == NULL || modes[2].rates == NULL) {
+		hostapd_free_hw_features(modes, *num_modes);
+		return NULL;
+	}
+	modes[2].channels[0].chan = 60;
+	modes[2].channels[0].freq = 5300;
+	modes[2].channels[0].flag = HOSTAPD_CHAN_W_SCAN |
+		HOSTAPD_CHAN_W_ACTIVE_SCAN;
+	modes[2].rates[0].rate = 60;
+	modes[2].rates[0].flags = HOSTAPD_RATE_BASIC | HOSTAPD_RATE_SUPPORTED |
+		HOSTAPD_RATE_MANDATORY;
+
+	return modes;
+}
+
+
+static int test_driver_bss_add(void *priv, const char *ifname, const u8 *bssid)
+{
+	struct test_driver_data *drv = priv;
+	struct test_driver_bss *bss;
+
+	wpa_printf(MSG_DEBUG, "%s(ifname=%s bssid=" MACSTR ")",
+		   __func__, ifname, MAC2STR(bssid));
+
+	bss = os_zalloc(sizeof(*bss));
+	if (bss == NULL)
+		return -1;
+
+	os_strlcpy(bss->ifname, ifname, IFNAMSIZ);
+	memcpy(bss->bssid, bssid, ETH_ALEN);
+
+	bss->next = drv->bss;
+	drv->bss = bss;
+
+	return 0;
+}
+
+
+static int test_driver_bss_remove(void *priv, const char *ifname)
+{
+	struct test_driver_data *drv = priv;
+	struct test_driver_bss *bss, *prev;
+	struct test_client_socket *cli, *prev_c;
+
+	wpa_printf(MSG_DEBUG, "%s(ifname=%s)", __func__, ifname);
+
+	for (prev = NULL, bss = drv->bss; bss; prev = bss, bss = bss->next) {
+		if (strcmp(bss->ifname, ifname) != 0)
+			continue;
+
+		if (prev)
+			prev->next = bss->next;
+		else
+			drv->bss = bss->next;
+
+		for (prev_c = NULL, cli = drv->cli; cli;
+		     prev_c = cli, cli = cli->next) {
+			if (cli->bss != bss)
+				continue;
+			if (prev_c)
+				prev_c->next = cli->next;
+			else
+				drv->cli = cli->next;
+			free(cli);
+			break;
+		}
+
+		test_driver_free_bss(bss);
+		return 0;
+	}
+
+	return -1;
+}
+
+
+static int test_driver_if_add(const char *iface, void *priv,
+			      enum hostapd_driver_if_type type, char *ifname,
+			      const u8 *addr)
+{
+	wpa_printf(MSG_DEBUG, "%s(iface=%s type=%d ifname=%s)",
+		   __func__, iface, type, ifname);
+	return 0;
+}
+
+
+static int test_driver_if_update(void *priv, enum hostapd_driver_if_type type,
+				 char *ifname, const u8 *addr)
+{
+	wpa_printf(MSG_DEBUG, "%s(type=%d ifname=%s)", __func__, type, ifname);
+	return 0;
+}
+
+
+static int test_driver_if_remove(void *priv, enum hostapd_driver_if_type type,
+				 const char *ifname, const u8 *addr)
+{
+	wpa_printf(MSG_DEBUG, "%s(type=%d ifname=%s)", __func__, type, ifname);
+	return 0;
+}
+
+
+static int test_driver_valid_bss_mask(void *priv, const u8 *addr,
+				      const u8 *mask)
+{
+	return 0;
+}
+
+
+static int test_driver_set_ssid(const char *ifname, void *priv, const u8 *buf,
+				int len)
+{
+	struct test_driver_data *drv = priv;
+	struct test_driver_bss *bss;
+
+	wpa_printf(MSG_DEBUG, "%s(ifname=%s)", __func__, ifname);
+	wpa_hexdump_ascii(MSG_DEBUG, "test_driver_set_ssid: SSID", buf, len);
+
+	for (bss = drv->bss; bss; bss = bss->next) {
+		if (strcmp(bss->ifname, ifname) != 0)
+			continue;
+
+		if (len < 0 || (size_t) len > sizeof(bss->ssid))
+			return -1;
+
+		memcpy(bss->ssid, buf, len);
+		bss->ssid_len = len;
+
+		return 0;
+	}
+
+	return -1;
+}
+
+
+static int test_driver_set_privacy(const char *ifname, void *priv, int enabled)
+{
+	struct test_driver_data *drv = priv;
+	struct test_driver_bss *bss;
+
+	wpa_printf(MSG_DEBUG, "%s(ifname=%s enabled=%d)",
+		   __func__, ifname, enabled);
+
+	for (bss = drv->bss; bss; bss = bss->next) {
+		if (strcmp(bss->ifname, ifname) != 0)
+			continue;
+
+		bss->privacy = enabled;
+
+		return 0;
+	}
+
+	return -1;
+}
+
+
+static int test_driver_set_encryption(const char *iface, void *priv,
+				      const char *alg, const u8 *addr, int idx,
+				      const u8 *key, size_t key_len, int txkey)
+{
+	wpa_printf(MSG_DEBUG, "%s(iface=%s alg=%s idx=%d txkey=%d)",
+		   __func__, iface, alg, idx, txkey);
+	if (addr)
+		wpa_printf(MSG_DEBUG, "   addr=" MACSTR, MAC2STR(addr));
+	if (key)
+		wpa_hexdump_key(MSG_DEBUG, "   key", key, key_len);
+	return 0;
+}
+
+
+static int test_driver_set_sta_vlan(void *priv, const u8 *addr,
+				    const char *ifname, int vlan_id)
+{
+	wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " ifname=%s vlan_id=%d)",
+		   __func__, MAC2STR(addr), ifname, vlan_id);
+	return 0;
+}
+
+
+static int test_driver_sta_add(const char *ifname, void *priv, const u8 *addr,
+			       u16 aid, u16 capability, u8 *supp_rates,
+			       size_t supp_rates_len, int flags)
+{
+	struct test_driver_data *drv = priv;
+	struct test_client_socket *cli;
+	struct test_driver_bss *bss;
+
+	wpa_printf(MSG_DEBUG, "%s(ifname=%s addr=" MACSTR " aid=%d "
+		   "capability=0x%x flags=0x%x",
+		   __func__, ifname, MAC2STR(addr), aid, capability, flags);
+	wpa_hexdump(MSG_DEBUG, "test_driver_sta_add - supp_rates",
+		    supp_rates, supp_rates_len);
+
+	cli = drv->cli;
+	while (cli) {
+		if (memcmp(cli->addr, addr, ETH_ALEN) == 0)
+			break;
+		cli = cli->next;
+	}
+	if (!cli) {
+		wpa_printf(MSG_DEBUG, "%s: no matching client entry",
+			   __func__);
+		return -1;
+	}
+
+	for (bss = drv->bss; bss; bss = bss->next) {
+		if (strcmp(ifname, bss->ifname) == 0)
+			break;
+	}
+	if (bss == NULL) {
+		wpa_printf(MSG_DEBUG, "%s: No matching interface found from "
+			   "configured BSSes", __func__);
+		return -1;
+	}
+
+	cli->bss = bss;
+
+	return 0;
+}
+
+
+static void * test_driver_init(struct hostapd_data *hapd)
+{
+	struct test_driver_data *drv;
+	struct sockaddr_un addr;
+
+	drv = os_zalloc(sizeof(struct test_driver_data));
+	if (drv == NULL) {
+		printf("Could not allocate memory for test driver data\n");
+		return NULL;
+	}
+	drv->bss = os_zalloc(sizeof(*drv->bss));
+	if (drv->bss == NULL) {
+		printf("Could not allocate memory for test driver BSS data\n");
+		free(drv);
+		return NULL;
+	}
+
+	drv->hapd = hapd;
+
+	/* Generate a MAC address to help testing with multiple APs */
+	hapd->own_addr[0] = 0x02; /* locally administered */
+	sha1_prf((const u8 *) hapd->conf->iface, strlen(hapd->conf->iface),
+		 "hostapd test bssid generation",
+		 (const u8 *) hapd->conf->ssid.ssid, hapd->conf->ssid.ssid_len,
+		 hapd->own_addr + 1, ETH_ALEN - 1);
+
+	os_strlcpy(drv->bss->ifname, hapd->conf->iface, IFNAMSIZ);
+	memcpy(drv->bss->bssid, hapd->own_addr, ETH_ALEN);
+
+	if (hapd->conf->test_socket) {
+		if (strlen(hapd->conf->test_socket) >= sizeof(addr.sun_path)) {
+			printf("Too long test_socket path\n");
+			test_driver_free_priv(drv);
+			return NULL;
+		}
+		if (strncmp(hapd->conf->test_socket, "DIR:", 4) == 0) {
+			size_t len = strlen(hapd->conf->test_socket) + 30;
+			drv->socket_dir = strdup(hapd->conf->test_socket + 4);
+			drv->own_socket_path = malloc(len);
+			if (drv->own_socket_path) {
+				snprintf(drv->own_socket_path, len,
+					 "%s/AP-" MACSTR,
+					 hapd->conf->test_socket + 4,
+					 MAC2STR(hapd->own_addr));
+			}
+		} else {
+			drv->own_socket_path = strdup(hapd->conf->test_socket);
+		}
+		if (drv->own_socket_path == NULL) {
+			test_driver_free_priv(drv);
+			return NULL;
+		}
+
+		drv->test_socket = socket(PF_UNIX, SOCK_DGRAM, 0);
+		if (drv->test_socket < 0) {
+			perror("socket(PF_UNIX)");
+			test_driver_free_priv(drv);
+			return NULL;
+		}
+
+		memset(&addr, 0, sizeof(addr));
+		addr.sun_family = AF_UNIX;
+		os_strlcpy(addr.sun_path, drv->own_socket_path,
+			   sizeof(addr.sun_path));
+		if (bind(drv->test_socket, (struct sockaddr *) &addr,
+			 sizeof(addr)) < 0) {
+			perror("bind(PF_UNIX)");
+			close(drv->test_socket);
+			unlink(drv->own_socket_path);
+			test_driver_free_priv(drv);
+			return NULL;
+		}
+		eloop_register_read_sock(drv->test_socket,
+					 test_driver_receive_unix, drv, NULL);
+	} else
+		drv->test_socket = -1;
+
+	return drv;
+}
+
+
+static void test_driver_deinit(void *priv)
+{
+	struct test_driver_data *drv = priv;
+	struct test_client_socket *cli, *prev;
+
+	cli = drv->cli;
+	while (cli) {
+		prev = cli;
+		cli = cli->next;
+		free(prev);
+	}
+
+	if (drv->test_socket >= 0) {
+		eloop_unregister_read_sock(drv->test_socket);
+		close(drv->test_socket);
+		unlink(drv->own_socket_path);
+	}
+
+	/* There should be only one BSS remaining at this point. */
+	if (drv->bss == NULL)
+		wpa_printf(MSG_ERROR, "%s: drv->bss == NULL", __func__);
+	else if (drv->bss->next)
+		wpa_printf(MSG_ERROR, "%s: drv->bss->next != NULL", __func__);
+
+	test_driver_free_priv(drv);
+}
+
+
+const struct wpa_driver_ops wpa_driver_test_ops = {
+	.name = "test",
+	.init = test_driver_init,
+	.deinit = test_driver_deinit,
+	.send_eapol = test_driver_send_eapol,
+	.send_mgmt_frame = test_driver_send_mgmt_frame,
+	.set_generic_elem = test_driver_set_generic_elem,
+	.sta_deauth = test_driver_sta_deauth,
+	.sta_disassoc = test_driver_sta_disassoc,
+	.get_hw_feature_data = test_driver_get_hw_feature_data,
+	.bss_add = test_driver_bss_add,
+	.bss_remove = test_driver_bss_remove,
+	.if_add = test_driver_if_add,
+	.if_update = test_driver_if_update,
+	.if_remove = test_driver_if_remove,
+	.valid_bss_mask = test_driver_valid_bss_mask,
+	.set_ssid = test_driver_set_ssid,
+	.set_privacy = test_driver_set_privacy,
+	.set_encryption = test_driver_set_encryption,
+	.set_sta_vlan = test_driver_set_sta_vlan,
+	.sta_add = test_driver_sta_add,
+	.send_ether = test_driver_send_ether,
+};

hostapd/driver_wired.c

@@ -0,0 +1,373 @@
+/*
+ * hostapd / Kernel driver communication for wired (Ethernet) drivers
+ * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004, Gunter Burchardt <tira@isx.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <sys/ioctl.h>
+
+#ifdef USE_KERNEL_HEADERS
+#include <asm/types.h>
+#include <linux/if_packet.h>
+#include <linux/if_ether.h>   /* The L2 protocols */
+#include <linux/if_arp.h>
+#include <linux/if.h>
+#else /* USE_KERNEL_HEADERS */
+#include <net/if_arp.h>
+#include <net/if.h>
+#include <netpacket/packet.h>
+#endif /* USE_KERNEL_HEADERS */
+
+#include "hostapd.h"
+#include "ieee802_1x.h"
+#include "eloop.h"
+#include "sta_info.h"
+#include "driver.h"
+#include "accounting.h"
+
+
+struct wired_driver_data {
+	struct hostapd_data *hapd;
+
+	int sock; /* raw packet socket for driver access */
+	int dhcp_sock; /* socket for dhcp packets */
+	int use_pae_group_addr;
+};
+
+
+#define WIRED_EAPOL_MULTICAST_GROUP	{0x01,0x80,0xc2,0x00,0x00,0x03}
+
+
+/* TODO: detecting new devices should eventually be changed from using DHCP
+ * snooping to trigger on any packet from a new layer 2 MAC address, e.g.,
+ * based on ebtables, etc. */
+
+struct dhcp_message {
+	u_int8_t op;
+	u_int8_t htype;
+	u_int8_t hlen;
+	u_int8_t hops;
+	u_int32_t xid;
+	u_int16_t secs;
+	u_int16_t flags;
+	u_int32_t ciaddr;
+	u_int32_t yiaddr;
+	u_int32_t siaddr;
+	u_int32_t giaddr;
+	u_int8_t chaddr[16];
+	u_int8_t sname[64];
+	u_int8_t file[128];
+	u_int32_t cookie;
+	u_int8_t options[308]; /* 312 - cookie */
+};
+
+
+static void wired_possible_new_sta(struct hostapd_data *hapd, u8 *addr)
+{
+	struct sta_info *sta;
+
+	sta = ap_get_sta(hapd, addr);
+	if (sta)
+		return;
+
+	wpa_printf(MSG_DEBUG, "Data frame from unknown STA " MACSTR
+		   " - adding a new STA", MAC2STR(addr));
+	sta = ap_sta_add(hapd, addr);
+	if (sta) {
+		hostapd_new_assoc_sta(hapd, sta, 0);
+		accounting_sta_get_id(hapd, sta);
+	} else {
+		wpa_printf(MSG_DEBUG, "Failed to add STA entry for " MACSTR,
+			   MAC2STR(addr));
+	}
+}
+
+
+static void handle_data(struct hostapd_data *hapd, unsigned char *buf,
+			size_t len)
+{
+	struct ieee8023_hdr *hdr;
+	u8 *pos, *sa;
+	size_t left;
+
+	/* must contain at least ieee8023_hdr 6 byte source, 6 byte dest,
+	 * 2 byte ethertype */
+	if (len < 14) {
+		wpa_printf(MSG_MSGDUMP, "handle_data: too short (%lu)",
+			   (unsigned long) len);
+		return;
+	}
+
+	hdr = (struct ieee8023_hdr *) buf;
+
+	switch (ntohs(hdr->ethertype)) {
+		case ETH_P_PAE:
+			wpa_printf(MSG_MSGDUMP, "Received EAPOL packet");
+			sa = hdr->src;
+			wired_possible_new_sta(hapd, sa);
+
+			pos = (u8 *) (hdr + 1);
+			left = len - sizeof(*hdr);
+
+			ieee802_1x_receive(hapd, sa, pos, left);
+		break;
+
+	default:
+		wpa_printf(MSG_DEBUG, "Unknown ethertype 0x%04x in data frame",
+			   ntohs(hdr->ethertype));
+		break;
+	}
+}
+
+
+static void handle_read(int sock, void *eloop_ctx, void *sock_ctx)
+{
+	struct hostapd_data *hapd = (struct hostapd_data *) eloop_ctx;
+	int len;
+	unsigned char buf[3000];
+
+	len = recv(sock, buf, sizeof(buf), 0);
+	if (len < 0) {
+		perror("recv");
+		return;
+	}
+	
+	handle_data(hapd, buf, len);
+}
+
+
+static void handle_dhcp(int sock, void *eloop_ctx, void *sock_ctx)
+{
+	struct hostapd_data *hapd = (struct hostapd_data *) eloop_ctx;
+	int len;
+	unsigned char buf[3000];
+	struct dhcp_message *msg;
+	u8 *mac_address;
+
+	len = recv(sock, buf, sizeof(buf), 0);
+	if (len < 0) {
+		perror("recv"); 
+		return;
+	}
+
+	/* must contain at least dhcp_message->chaddr */
+	if (len < 44) {
+		wpa_printf(MSG_MSGDUMP, "handle_dhcp: too short (%d)", len);
+		return;
+	}
+	
+	msg = (struct dhcp_message *) buf;
+	mac_address = (u8 *) &(msg->chaddr);
+	
+	wpa_printf(MSG_MSGDUMP, "Got DHCP broadcast packet from " MACSTR,
+		   MAC2STR(mac_address));
+
+	wired_possible_new_sta(hapd, mac_address);
+}
+
+
+static int wired_init_sockets(struct wired_driver_data *drv)
+{
+	struct hostapd_data *hapd = drv->hapd;
+	struct ifreq ifr;
+	struct sockaddr_ll addr;
+	struct sockaddr_in addr2;
+	struct packet_mreq mreq;
+	u8 multicastgroup_eapol[6] = WIRED_EAPOL_MULTICAST_GROUP;
+	int n = 1;
+
+	drv->sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_PAE));
+	if (drv->sock < 0) {
+		perror("socket[PF_PACKET,SOCK_RAW]");
+		return -1;
+	}
+
+	if (eloop_register_read_sock(drv->sock, handle_read, hapd, NULL)) {
+		printf("Could not register read socket\n");
+		return -1;
+	}
+
+	memset(&ifr, 0, sizeof(ifr));
+	os_strlcpy(ifr.ifr_name, hapd->conf->iface, sizeof(ifr.ifr_name));
+	if (ioctl(drv->sock, SIOCGIFINDEX, &ifr) != 0) {
+		perror("ioctl(SIOCGIFINDEX)");
+		return -1;
+	}
+
+	
+	memset(&addr, 0, sizeof(addr));
+	addr.sll_family = AF_PACKET;
+	addr.sll_ifindex = ifr.ifr_ifindex;
+	wpa_printf(MSG_DEBUG, "Opening raw packet socket for ifindex %d",
+		   addr.sll_ifindex);
+
+	if (bind(drv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
+		perror("bind");
+		return -1;
+	}
+
+	/* filter multicast address */
+	memset(&mreq, 0, sizeof(mreq));
+	mreq.mr_ifindex = ifr.ifr_ifindex;
+	mreq.mr_type = PACKET_MR_MULTICAST;
+	mreq.mr_alen = 6;
+	memcpy(mreq.mr_address, multicastgroup_eapol, mreq.mr_alen);
+
+	if (setsockopt(drv->sock, SOL_PACKET, PACKET_ADD_MEMBERSHIP, &mreq,
+		       sizeof(mreq)) < 0) {
+		perror("setsockopt[SOL_SOCKET,PACKET_ADD_MEMBERSHIP]");
+		return -1;
+	}
+
+	memset(&ifr, 0, sizeof(ifr));
+	os_strlcpy(ifr.ifr_name, hapd->conf->iface, sizeof(ifr.ifr_name));
+	if (ioctl(drv->sock, SIOCGIFHWADDR, &ifr) != 0) {
+		perror("ioctl(SIOCGIFHWADDR)");
+		return -1;
+	}
+
+	if (ifr.ifr_hwaddr.sa_family != ARPHRD_ETHER) {
+		printf("Invalid HW-addr family 0x%04x\n",
+		       ifr.ifr_hwaddr.sa_family);
+		return -1;
+	}
+	memcpy(hapd->own_addr, ifr.ifr_hwaddr.sa_data, ETH_ALEN);
+
+	/* setup dhcp listen socket for sta detection */
+	if ((drv->dhcp_sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
+		perror("socket call failed for dhcp");
+		return -1;
+	}
+
+	if (eloop_register_read_sock(drv->dhcp_sock, handle_dhcp, hapd, NULL))
+	{
+		printf("Could not register read socket\n");
+		return -1;
+	}
+	
+	memset(&addr2, 0, sizeof(addr2));
+	addr2.sin_family = AF_INET;
+	addr2.sin_port = htons(67);
+	addr2.sin_addr.s_addr = INADDR_ANY;
+
+	if (setsockopt(drv->dhcp_sock, SOL_SOCKET, SO_REUSEADDR, (char *) &n,
+		       sizeof(n)) == -1) {
+		perror("setsockopt[SOL_SOCKET,SO_REUSEADDR]");
+		return -1;
+	}
+	if (setsockopt(drv->dhcp_sock, SOL_SOCKET, SO_BROADCAST, (char *) &n,
+		       sizeof(n)) == -1) {
+		perror("setsockopt[SOL_SOCKET,SO_BROADCAST]");
+		return -1;
+	}
+
+	memset(&ifr, 0, sizeof(ifr));
+	os_strlcpy(ifr.ifr_ifrn.ifrn_name, hapd->conf->iface, IFNAMSIZ);
+	if (setsockopt(drv->dhcp_sock, SOL_SOCKET, SO_BINDTODEVICE,
+		       (char *) &ifr, sizeof(ifr)) < 0) {
+		perror("setsockopt[SOL_SOCKET,SO_BINDTODEVICE]");
+		return -1;
+	}
+
+	if (bind(drv->dhcp_sock, (struct sockaddr *) &addr2,
+		 sizeof(struct sockaddr)) == -1) {
+		perror("bind");
+		return -1;
+	}
+
+	return 0;
+}
+
+
+static int wired_send_eapol(void *priv, const u8 *addr,
+			    const u8 *data, size_t data_len, int encrypt,
+			    const u8 *own_addr)
+{
+	struct wired_driver_data *drv = priv;
+	u8 pae_group_addr[ETH_ALEN] = WIRED_EAPOL_MULTICAST_GROUP;
+	struct ieee8023_hdr *hdr;
+	size_t len;
+	u8 *pos;
+	int res;
+
+	len = sizeof(*hdr) + data_len;
+	hdr = os_zalloc(len);
+	if (hdr == NULL) {
+		printf("malloc() failed for wired_send_eapol(len=%lu)\n",
+		       (unsigned long) len);
+		return -1;
+	}
+
+	memcpy(hdr->dest, drv->use_pae_group_addr ? pae_group_addr : addr,
+	       ETH_ALEN);
+	memcpy(hdr->src, own_addr, ETH_ALEN);
+	hdr->ethertype = htons(ETH_P_PAE);
+
+	pos = (u8 *) (hdr + 1);
+	memcpy(pos, data, data_len);
+
+	res = send(drv->sock, (u8 *) hdr, len, 0);
+	free(hdr);
+
+	if (res < 0) {
+		perror("wired_send_eapol: send");
+		printf("wired_send_eapol - packet len: %lu - failed\n",
+		       (unsigned long) len);
+	}
+
+	return res;
+}
+
+
+static void * wired_driver_init(struct hostapd_data *hapd)
+{
+	struct wired_driver_data *drv;
+
+	drv = os_zalloc(sizeof(struct wired_driver_data));
+	if (drv == NULL) {
+		printf("Could not allocate memory for wired driver data\n");
+		return NULL;
+	}
+
+	drv->hapd = hapd;
+	drv->use_pae_group_addr = hapd->conf->use_pae_group_addr;
+
+	if (wired_init_sockets(drv)) {
+		free(drv);
+		return NULL;
+	}
+
+	return drv;
+}
+
+
+static void wired_driver_deinit(void *priv)
+{
+	struct wired_driver_data *drv = priv;
+
+	if (drv->sock >= 0)
+		close(drv->sock);
+	
+	if (drv->dhcp_sock >= 0)
+		close(drv->dhcp_sock);
+
+	free(drv);
+}
+
+
+const struct wpa_driver_ops wpa_driver_wired_ops = {
+	.name = "wired",
+	.init = wired_driver_init,
+	.deinit = wired_driver_deinit,
+	.send_eapol = wired_send_eapol,
+};

hostapd/drivers.c

@@ -0,0 +1,65 @@
+/*
+ * hostapd / driver interface list
+ * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+
+#ifdef CONFIG_DRIVER_HOSTAP
+extern struct wpa_driver_ops wpa_driver_hostap_ops; /* driver_hostap.c */
+#endif /* CONFIG_DRIVER_HOSTAP */
+#ifdef CONFIG_DRIVER_NL80211
+extern struct wpa_driver_ops wpa_driver_nl80211_ops; /* driver_nl80211.c */
+#endif /* CONFIG_DRIVER_NL80211 */
+#ifdef CONFIG_DRIVER_PRISM54
+extern struct wpa_driver_ops wpa_driver_prism54_ops; /* driver_prism54.c */
+#endif /* CONFIG_DRIVER_PRISM54 */
+#ifdef CONFIG_DRIVER_MADWIFI
+extern struct wpa_driver_ops wpa_driver_madwifi_ops; /* driver_madwifi.c */
+#endif /* CONFIG_DRIVER_MADWIFI */
+#ifdef CONFIG_DRIVER_BSD
+extern struct wpa_driver_ops wpa_driver_bsd_ops; /* driver_bsd.c */
+#endif /* CONFIG_DRIVER_BSD */
+#ifdef CONFIG_DRIVER_WIRED
+extern struct wpa_driver_ops wpa_driver_wired_ops; /* driver_wired.c */
+#endif /* CONFIG_DRIVER_WIRED */
+#ifdef CONFIG_DRIVER_TEST
+extern struct wpa_driver_ops wpa_driver_test_ops; /* driver_test.c */
+#endif /* CONFIG_DRIVER_TEST */
+
+
+struct wpa_driver_ops *hostapd_drivers[] =
+{
+#ifdef CONFIG_DRIVER_HOSTAP
+	&wpa_driver_hostap_ops,
+#endif /* CONFIG_DRIVER_HOSTAP */
+#ifdef CONFIG_DRIVER_NL80211
+	&wpa_driver_nl80211_ops,
+#endif /* CONFIG_DRIVER_NL80211 */
+#ifdef CONFIG_DRIVER_PRISM54
+	&wpa_driver_prism54_ops,
+#endif /* CONFIG_DRIVER_PRISM54 */
+#ifdef CONFIG_DRIVER_MADWIFI
+	&wpa_driver_madwifi_ops,
+#endif /* CONFIG_DRIVER_MADWIFI */
+#ifdef CONFIG_DRIVER_BSD
+	&wpa_driver_bsd_ops,
+#endif /* CONFIG_DRIVER_BSD */
+#ifdef CONFIG_DRIVER_WIRED
+	&wpa_driver_wired_ops,
+#endif /* CONFIG_DRIVER_WIRED */
+#ifdef CONFIG_DRIVER_TEST
+	&wpa_driver_test_ops,
+#endif /* CONFIG_DRIVER_TEST */
+	NULL
+};

hostapd/eap_testing.txt

@@ -0,0 +1,74 @@
+Interoperability testing of hostapd's IEEE 802.1X/EAPOL authentication
+
+Test matrix
+
++) tested successfully
+F) failed
+-) peer did not support
+?) not tested
+
+XSupplicant --------------------------------.
+Intel PROSet ---------------------------.   |
+Windows XP -------------------------.   |   |
+Mac OS X 10.4 ------------------.   |   |   |
+Nokia S60 ------------------.   |   |   |   |
+wpa_supplicant ---------.   |   |   |   |   |
+			|   |   |   |   |   |
+
+EAP-MD5			+   -   ?   ?   -
+EAP-GTC			+   -   ?   -   -
+EAP-MSCHAPv2		+   -   ?   -   -
+EAP-TLS			+   +   +1  +   +
+EAP-PEAPv0/MSCHAPv2	+   +   +   +   +   +
+EAP-PEAPv0/GTC		+   +   +   -   +
+EAP-PEAPv0/MD5		+   -   +   -   -
+EAP-PEAPv0/TLS		+   F   -   +   +
+EAP-PEAPv0/SIM		+   +   -   -   -
+EAP-PEAPv0/AKA		+   +   -   -   -
+EAP-PEAPv0/PSK		+   -   -   -   -
+EAP-PEAPv0/PAX		+   -   -   -   -
+EAP-PEAPv0/SAKE		+   -   -   -   -
+EAP-PEAPv0/GPSK		+   -   -   -   -
+EAP-PEAPv1/MSCHAPv2	+   +   +   -   +   +
+EAP-PEAPv1/GTC		+   +   +   -   +
+EAP-PEAPv1/MD5		+   -   +   -   -
+EAP-PEAPv1/TLS		+   F   -   -   +
+EAP-PEAPv1/SIM		+   +   -   -   -
+EAP-PEAPv1/AKA		+   +   -   -   -
+EAP-PEAPv1/PSK		+   -   -   -   -
+EAP-PEAPv1/PAX		+   -   -   -   -
+EAP-PEAPv1/SAKE		+   -   -   -   -
+EAP-PEAPv1/GPSK		+   -   -   -   -
+EAP-TTLS/CHAP		+   -   +   -   +   +
+EAP-TTLS/MSCHAP		+   -   +   -   +   +
+EAP-TTLS/MSCHAPv2	+   +   +   -   +   +
+EAP-TTLS/PAP		+   -   +   -   +   +
+EAP-TTLS/EAP-MD5	+   -   -   -   -   +
+EAP-TTLS/EAP-GTC	+   +   -   -   -
+EAP-TTLS/EAP-MSCHAPv2	+   +   -   -   -
+EAP-TTLS/EAP-TLS	+   F   -   -   -
+EAP-TTLS/EAP-SIM	+   +   -   -   -
+EAP-TTLS/EAP-AKA	+   +   -   -   -
+EAP-SIM			+   +   -   -   +
+EAP-AKA			+   +   -   -   -
+EAP-PAX			+   -   -   -   -
+EAP-SAKE		+   -   -   -   -
+EAP-GPSK		+   -   -   -   -
+EAP-FAST/MSCHAPv2(prov)	+   -   F   -   F
+EAP-FAST/GTC(auth)	+   -   +   -   +
+EAP-FAST/MSCHAPv2(aprov)+   -   F   -   F
+EAP-FAST/GTC(aprov)	+   -   F   -   F
+EAP-FAST/MD5(aprov)	+   -   -   -   -
+EAP-FAST/TLS(aprov)	+   -   -   -   -
+EAP-FAST/SIM(aprov)	+   -   -   -   -
+EAP-FAST/AKA(aprov)	+   -   -   -   -
+EAP-FAST/MSCHAPv2(auth)	+   -   +   -   +
+EAP-FAST/MD5(auth)	+   -   +   -   -
+EAP-FAST/TLS(auth)	+   -   -   -   -
+EAP-FAST/SIM(auth)	+   -   -   -   -
+EAP-FAST/AKA(auth)	+   -   -   -   -
+EAP-IKEv2		+   -   -   -   -
+
+1) EAP-TLS itself worked, but peer certificate validation failed at
+   least when using the internal TLS server (peer included incorrect
+   certificates in the chain?)

hostapd/eapol_sm.c

@@ -0,0 +1,1290 @@
+/*
+ * hostapd / IEEE 802.1X-2004 Authenticator - EAPOL state machine
+ * Copyright (c) 2002-2008, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "hostapd.h"
+#include "ieee802_1x.h"
+#include "eapol_sm.h"
+#include "eloop.h"
+#include "wpa.h"
+#include "preauth.h"
+#include "sta_info.h"
+#include "eap_server/eap.h"
+#include "state_machine.h"
+#include "eap_common/eap_common.h"
+
+#define STATE_MACHINE_DATA struct eapol_state_machine
+#define STATE_MACHINE_DEBUG_PREFIX "IEEE 802.1X"
+#define STATE_MACHINE_ADDR sm->addr
+
+static struct eapol_callbacks eapol_cb;
+
+/* EAPOL state machines are described in IEEE Std 802.1X-2004, Chap. 8.2 */
+
+#define setPortAuthorized() \
+sm->eapol->cb.set_port_authorized(sm->hapd, sm->sta, 1)
+#define setPortUnauthorized() \
+sm->eapol->cb.set_port_authorized(sm->hapd, sm->sta, 0)
+
+/* procedures */
+#define txCannedFail() eapol_auth_tx_canned_eap(sm, 0)
+#define txCannedSuccess() eapol_auth_tx_canned_eap(sm, 1)
+#define txReq() eapol_auth_tx_req(sm)
+#define abortAuth() sm->eapol->cb.abort_auth(sm->hapd, sm->sta)
+#define txKey() sm->eapol->cb.tx_key(sm->hapd, sm->sta)
+#define processKey() do { } while (0)
+
+
+static void eapol_sm_step_run(struct eapol_state_machine *sm);
+static void eapol_sm_step_cb(void *eloop_ctx, void *timeout_ctx);
+
+
+static void eapol_auth_logger(struct eapol_authenticator *eapol,
+			      const u8 *addr, logger_level level,
+			      const char *txt)
+{
+	if (eapol->cb.logger == NULL)
+		return;
+	eapol->cb.logger(eapol->conf.hapd, addr, level, txt);
+}
+
+
+static void eapol_auth_vlogger(struct eapol_authenticator *eapol,
+			       const u8 *addr, logger_level level,
+			       const char *fmt, ...)
+{
+	char *format;
+	int maxlen;
+	va_list ap;
+
+	if (eapol->cb.logger == NULL)
+		return;
+
+	maxlen = os_strlen(fmt) + 100;
+	format = os_malloc(maxlen);
+	if (!format)
+		return;
+
+	va_start(ap, fmt);
+	vsnprintf(format, maxlen, fmt, ap);
+	va_end(ap);
+
+	eapol_auth_logger(eapol, addr, level, format);
+
+	os_free(format);
+}
+
+
+static void eapol_auth_tx_canned_eap(struct eapol_state_machine *sm,
+				     int success)
+{
+	struct eap_hdr eap;
+
+	os_memset(&eap, 0, sizeof(eap));
+
+	eap.code = success ? EAP_CODE_SUCCESS : EAP_CODE_FAILURE;
+	eap.identifier = ++sm->last_eap_id;
+	eap.length = host_to_be16(sizeof(eap));
+
+	eapol_auth_vlogger(sm->eapol, sm->addr, EAPOL_LOGGER_DEBUG,
+			   "Sending canned EAP packet %s (identifier %d)",
+			   success ? "SUCCESS" : "FAILURE", eap.identifier);
+	sm->eapol->cb.eapol_send(sm->hapd, sm->sta, IEEE802_1X_TYPE_EAP_PACKET,
+				 (u8 *) &eap, sizeof(eap));
+	sm->dot1xAuthEapolFramesTx++;
+}
+
+
+static void eapol_auth_tx_req(struct eapol_state_machine *sm)
+{
+	if (sm->eap_if->eapReqData == NULL ||
+	    wpabuf_len(sm->eap_if->eapReqData) < sizeof(struct eap_hdr)) {
+		eapol_auth_logger(sm->eapol, sm->addr,
+				  EAPOL_LOGGER_DEBUG,
+				  "TxReq called, but there is no EAP request "
+				  "from authentication server");
+		return;
+	}
+
+	if (sm->flags & EAPOL_SM_WAIT_START) {
+		wpa_printf(MSG_DEBUG, "EAPOL: Drop EAPOL TX to " MACSTR
+			   " while waiting for EAPOL-Start",
+			   MAC2STR(sm->addr));
+		return;
+	}
+
+	sm->last_eap_id = eap_get_id(sm->eap_if->eapReqData);
+	eapol_auth_vlogger(sm->eapol, sm->addr, EAPOL_LOGGER_DEBUG,
+			   "Sending EAP Packet (identifier %d)",
+			   sm->last_eap_id);
+	sm->eapol->cb.eapol_send(sm->hapd, sm->sta, IEEE802_1X_TYPE_EAP_PACKET,
+				 wpabuf_head(sm->eap_if->eapReqData),
+				 wpabuf_len(sm->eap_if->eapReqData));
+	sm->dot1xAuthEapolFramesTx++;
+	if (eap_get_type(sm->eap_if->eapReqData) == EAP_TYPE_IDENTITY)
+		sm->dot1xAuthEapolReqIdFramesTx++;
+	else
+		sm->dot1xAuthEapolReqFramesTx++;
+}
+
+
+/* Port Timers state machine - implemented as a function that will be called
+ * once a second as a registered event loop timeout */
+
+static void eapol_port_timers_tick(void *eloop_ctx, void *timeout_ctx)
+{
+	struct eapol_state_machine *state = timeout_ctx;
+
+	if (state->aWhile > 0) {
+		state->aWhile--;
+		if (state->aWhile == 0) {
+			wpa_printf(MSG_DEBUG, "IEEE 802.1X: " MACSTR
+				   " - aWhile --> 0",
+				   MAC2STR(state->addr));
+		}
+	}
+
+	if (state->quietWhile > 0) {
+		state->quietWhile--;
+		if (state->quietWhile == 0) {
+			wpa_printf(MSG_DEBUG, "IEEE 802.1X: " MACSTR
+				   " - quietWhile --> 0",
+				   MAC2STR(state->addr));
+		}
+	}
+
+	if (state->reAuthWhen > 0) {
+		state->reAuthWhen--;
+		if (state->reAuthWhen == 0) {
+			wpa_printf(MSG_DEBUG, "IEEE 802.1X: " MACSTR
+				   " - reAuthWhen --> 0",
+				   MAC2STR(state->addr));
+		}
+	}
+
+	eapol_sm_step_run(state);
+
+	eloop_register_timeout(1, 0, eapol_port_timers_tick, eloop_ctx, state);
+}
+
+
+
+/* Authenticator PAE state machine */
+
+SM_STATE(AUTH_PAE, INITIALIZE)
+{
+	SM_ENTRY_MA(AUTH_PAE, INITIALIZE, auth_pae);
+	sm->portMode = Auto;
+}
+
+
+SM_STATE(AUTH_PAE, DISCONNECTED)
+{
+	int from_initialize = sm->auth_pae_state == AUTH_PAE_INITIALIZE;
+
+	if (sm->eapolLogoff) {
+		if (sm->auth_pae_state == AUTH_PAE_CONNECTING)
+			sm->authEapLogoffsWhileConnecting++;
+		else if (sm->auth_pae_state == AUTH_PAE_AUTHENTICATED)
+			sm->authAuthEapLogoffWhileAuthenticated++;
+	}
+
+	SM_ENTRY_MA(AUTH_PAE, DISCONNECTED, auth_pae);
+
+	sm->authPortStatus = Unauthorized;
+	setPortUnauthorized();
+	sm->reAuthCount = 0;
+	sm->eapolLogoff = FALSE;
+	if (!from_initialize) {
+		sm->eapol->cb.finished(sm->hapd, sm->sta, 0,
+				       sm->flags & EAPOL_SM_PREAUTH);
+	}
+}
+
+
+SM_STATE(AUTH_PAE, RESTART)
+{
+	if (sm->auth_pae_state == AUTH_PAE_AUTHENTICATED) {
+		if (sm->reAuthenticate)
+			sm->authAuthReauthsWhileAuthenticated++;
+		if (sm->eapolStart)
+			sm->authAuthEapStartsWhileAuthenticated++;
+		if (sm->eapolLogoff)
+			sm->authAuthEapLogoffWhileAuthenticated++;
+	}
+
+	SM_ENTRY_MA(AUTH_PAE, RESTART, auth_pae);
+
+	sm->eap_if->eapRestart = TRUE;
+}
+
+
+SM_STATE(AUTH_PAE, CONNECTING)
+{
+	if (sm->auth_pae_state != AUTH_PAE_CONNECTING)
+		sm->authEntersConnecting++;
+
+	SM_ENTRY_MA(AUTH_PAE, CONNECTING, auth_pae);
+
+	sm->reAuthenticate = FALSE;
+	sm->reAuthCount++;
+}
+
+
+SM_STATE(AUTH_PAE, HELD)
+{
+	if (sm->auth_pae_state == AUTH_PAE_AUTHENTICATING && sm->authFail)
+		sm->authAuthFailWhileAuthenticating++;
+
+	SM_ENTRY_MA(AUTH_PAE, HELD, auth_pae);
+
+	sm->authPortStatus = Unauthorized;
+	setPortUnauthorized();
+	sm->quietWhile = sm->quietPeriod;
+	sm->eapolLogoff = FALSE;
+
+	eapol_auth_vlogger(sm->eapol, sm->addr, EAPOL_LOGGER_WARNING,
+			   "authentication failed - EAP type: %d (%s)",
+			   sm->eap_type_authsrv,
+			   eap_type_text(sm->eap_type_authsrv));
+	if (sm->eap_type_authsrv != sm->eap_type_supp) {
+		eapol_auth_vlogger(sm->eapol, sm->addr, EAPOL_LOGGER_INFO,
+				   "Supplicant used different EAP type: "
+				   "%d (%s)", sm->eap_type_supp,
+				   eap_type_text(sm->eap_type_supp));
+	}
+	sm->eapol->cb.finished(sm->hapd, sm->sta, 0,
+			       sm->flags & EAPOL_SM_PREAUTH);
+}
+
+
+SM_STATE(AUTH_PAE, AUTHENTICATED)
+{
+	char *extra = "";
+
+	if (sm->auth_pae_state == AUTH_PAE_AUTHENTICATING && sm->authSuccess)
+		sm->authAuthSuccessesWhileAuthenticating++;
+							
+	SM_ENTRY_MA(AUTH_PAE, AUTHENTICATED, auth_pae);
+
+	sm->authPortStatus = Authorized;
+	setPortAuthorized();
+	sm->reAuthCount = 0;
+	if (sm->flags & EAPOL_SM_PREAUTH)
+		extra = " (pre-authentication)";
+	else if (wpa_auth_sta_get_pmksa(sm->sta->wpa_sm))
+		extra = " (PMKSA cache)";
+	eapol_auth_vlogger(sm->eapol, sm->addr, EAPOL_LOGGER_INFO,
+			   "authenticated - EAP type: %d (%s)%s",
+			   sm->eap_type_authsrv,
+			   eap_type_text(sm->eap_type_authsrv), extra);
+	sm->eapol->cb.finished(sm->hapd, sm->sta, 1,
+			       sm->flags & EAPOL_SM_PREAUTH);
+}
+
+
+SM_STATE(AUTH_PAE, AUTHENTICATING)
+{
+	SM_ENTRY_MA(AUTH_PAE, AUTHENTICATING, auth_pae);
+
+	sm->eapolStart = FALSE;
+	sm->authSuccess = FALSE;
+	sm->authFail = FALSE;
+	sm->authTimeout = FALSE;
+	sm->authStart = TRUE;
+	sm->keyRun = FALSE;
+	sm->keyDone = FALSE;
+}
+
+
+SM_STATE(AUTH_PAE, ABORTING)
+{
+	if (sm->auth_pae_state == AUTH_PAE_AUTHENTICATING) {
+		if (sm->authTimeout)
+			sm->authAuthTimeoutsWhileAuthenticating++;
+		if (sm->eapolStart)
+			sm->authAuthEapStartsWhileAuthenticating++;
+		if (sm->eapolLogoff)
+			sm->authAuthEapLogoffWhileAuthenticating++;
+	}
+
+	SM_ENTRY_MA(AUTH_PAE, ABORTING, auth_pae);
+
+	sm->authAbort = TRUE;
+	sm->keyRun = FALSE;
+	sm->keyDone = FALSE;
+}
+
+
+SM_STATE(AUTH_PAE, FORCE_AUTH)
+{
+	SM_ENTRY_MA(AUTH_PAE, FORCE_AUTH, auth_pae);
+
+	sm->authPortStatus = Authorized;
+	setPortAuthorized();
+	sm->portMode = ForceAuthorized;
+	sm->eapolStart = FALSE;
+	txCannedSuccess();
+}
+
+
+SM_STATE(AUTH_PAE, FORCE_UNAUTH)
+{
+	SM_ENTRY_MA(AUTH_PAE, FORCE_UNAUTH, auth_pae);
+
+	sm->authPortStatus = Unauthorized;
+	setPortUnauthorized();
+	sm->portMode = ForceUnauthorized;
+	sm->eapolStart = FALSE;
+	txCannedFail();
+}
+
+
+SM_STEP(AUTH_PAE)
+{
+	if ((sm->portControl == Auto && sm->portMode != sm->portControl) ||
+	    sm->initialize || !sm->eap_if->portEnabled)
+		SM_ENTER(AUTH_PAE, INITIALIZE);
+	else if (sm->portControl == ForceAuthorized &&
+		 sm->portMode != sm->portControl &&
+		 !(sm->initialize || !sm->eap_if->portEnabled))
+		SM_ENTER(AUTH_PAE, FORCE_AUTH);
+	else if (sm->portControl == ForceUnauthorized &&
+		 sm->portMode != sm->portControl &&
+		 !(sm->initialize || !sm->eap_if->portEnabled))
+		SM_ENTER(AUTH_PAE, FORCE_UNAUTH);
+	else {
+		switch (sm->auth_pae_state) {
+		case AUTH_PAE_INITIALIZE:
+			SM_ENTER(AUTH_PAE, DISCONNECTED);
+			break;
+		case AUTH_PAE_DISCONNECTED:
+			SM_ENTER(AUTH_PAE, RESTART);
+			break;
+		case AUTH_PAE_RESTART:
+			if (!sm->eap_if->eapRestart)
+				SM_ENTER(AUTH_PAE, CONNECTING);
+			break;
+		case AUTH_PAE_HELD:
+			if (sm->quietWhile == 0)
+				SM_ENTER(AUTH_PAE, RESTART);
+			break;
+		case AUTH_PAE_CONNECTING:
+			if (sm->eapolLogoff || sm->reAuthCount > sm->reAuthMax)
+				SM_ENTER(AUTH_PAE, DISCONNECTED);
+			else if ((sm->eap_if->eapReq &&
+				  sm->reAuthCount <= sm->reAuthMax) ||
+				 sm->eap_if->eapSuccess || sm->eap_if->eapFail)
+				SM_ENTER(AUTH_PAE, AUTHENTICATING);
+			break;
+		case AUTH_PAE_AUTHENTICATED:
+			if (sm->eapolStart || sm->reAuthenticate)
+				SM_ENTER(AUTH_PAE, RESTART);
+			else if (sm->eapolLogoff || !sm->portValid)
+				SM_ENTER(AUTH_PAE, DISCONNECTED);
+			break;
+		case AUTH_PAE_AUTHENTICATING:
+			if (sm->authSuccess && sm->portValid)
+				SM_ENTER(AUTH_PAE, AUTHENTICATED);
+			else if (sm->authFail ||
+				 (sm->keyDone && !sm->portValid))
+				SM_ENTER(AUTH_PAE, HELD);
+			else if (sm->eapolStart || sm->eapolLogoff ||
+				 sm->authTimeout)
+				SM_ENTER(AUTH_PAE, ABORTING);
+			break;
+		case AUTH_PAE_ABORTING:
+			if (sm->eapolLogoff && !sm->authAbort)
+				SM_ENTER(AUTH_PAE, DISCONNECTED);
+			else if (!sm->eapolLogoff && !sm->authAbort)
+				SM_ENTER(AUTH_PAE, RESTART);
+			break;
+		case AUTH_PAE_FORCE_AUTH:
+			if (sm->eapolStart)
+				SM_ENTER(AUTH_PAE, FORCE_AUTH);
+			break;
+		case AUTH_PAE_FORCE_UNAUTH:
+			if (sm->eapolStart)
+				SM_ENTER(AUTH_PAE, FORCE_UNAUTH);
+			break;
+		}
+	}
+}
+
+
+
+/* Backend Authentication state machine */
+
+SM_STATE(BE_AUTH, INITIALIZE)
+{
+	SM_ENTRY_MA(BE_AUTH, INITIALIZE, be_auth);
+
+	abortAuth();
+	sm->eap_if->eapNoReq = FALSE;
+	sm->authAbort = FALSE;
+}
+
+
+SM_STATE(BE_AUTH, REQUEST)
+{
+	SM_ENTRY_MA(BE_AUTH, REQUEST, be_auth);
+
+	txReq();
+	sm->eap_if->eapReq = FALSE;
+	sm->backendOtherRequestsToSupplicant++;
+
+	/*
+	 * Clearing eapolEap here is not specified in IEEE Std 802.1X-2004, but
+	 * it looks like this would be logical thing to do there since the old
+	 * EAP response would not be valid anymore after the new EAP request
+	 * was sent out.
+	 *
+	 * A race condition has been reported, in which hostapd ended up
+	 * sending out EAP-Response/Identity as a response to the first
+	 * EAP-Request from the main EAP method. This can be avoided by
+	 * clearing eapolEap here.
+	 */
+	sm->eapolEap = FALSE;
+}
+
+
+SM_STATE(BE_AUTH, RESPONSE)
+{
+	SM_ENTRY_MA(BE_AUTH, RESPONSE, be_auth);
+
+	sm->authTimeout = FALSE;
+	sm->eapolEap = FALSE;
+	sm->eap_if->eapNoReq = FALSE;
+	sm->aWhile = sm->serverTimeout;
+	sm->eap_if->eapResp = TRUE;
+	/* sendRespToServer(); */
+	sm->backendResponses++;
+}
+
+
+SM_STATE(BE_AUTH, SUCCESS)
+{
+	SM_ENTRY_MA(BE_AUTH, SUCCESS, be_auth);
+
+	txReq();
+	sm->authSuccess = TRUE;
+	sm->keyRun = TRUE;
+}
+
+
+SM_STATE(BE_AUTH, FAIL)
+{
+	SM_ENTRY_MA(BE_AUTH, FAIL, be_auth);
+
+	txReq();
+	sm->authFail = TRUE;
+}
+
+
+SM_STATE(BE_AUTH, TIMEOUT)
+{
+	SM_ENTRY_MA(BE_AUTH, TIMEOUT, be_auth);
+
+	sm->authTimeout = TRUE;
+}
+
+
+SM_STATE(BE_AUTH, IDLE)
+{
+	SM_ENTRY_MA(BE_AUTH, IDLE, be_auth);
+
+	sm->authStart = FALSE;
+}
+
+
+SM_STATE(BE_AUTH, IGNORE)
+{
+	SM_ENTRY_MA(BE_AUTH, IGNORE, be_auth);
+
+	sm->eap_if->eapNoReq = FALSE;
+}
+
+
+SM_STEP(BE_AUTH)
+{
+	if (sm->portControl != Auto || sm->initialize || sm->authAbort) {
+		SM_ENTER(BE_AUTH, INITIALIZE);
+		return;
+	}
+
+	switch (sm->be_auth_state) {
+	case BE_AUTH_INITIALIZE:
+		SM_ENTER(BE_AUTH, IDLE);
+		break;
+	case BE_AUTH_REQUEST:
+		if (sm->eapolEap)
+			SM_ENTER(BE_AUTH, RESPONSE);
+		else if (sm->eap_if->eapReq)
+			SM_ENTER(BE_AUTH, REQUEST);
+		else if (sm->eap_if->eapTimeout)
+			SM_ENTER(BE_AUTH, TIMEOUT);
+		break;
+	case BE_AUTH_RESPONSE:
+		if (sm->eap_if->eapNoReq)
+			SM_ENTER(BE_AUTH, IGNORE);
+		if (sm->eap_if->eapReq) {
+			sm->backendAccessChallenges++;
+			SM_ENTER(BE_AUTH, REQUEST);
+		} else if (sm->aWhile == 0)
+			SM_ENTER(BE_AUTH, TIMEOUT);
+		else if (sm->eap_if->eapFail) {
+			sm->backendAuthFails++;
+			SM_ENTER(BE_AUTH, FAIL);
+		} else if (sm->eap_if->eapSuccess) {
+			sm->backendAuthSuccesses++;
+			SM_ENTER(BE_AUTH, SUCCESS);
+		}
+		break;
+	case BE_AUTH_SUCCESS:
+		SM_ENTER(BE_AUTH, IDLE);
+		break;
+	case BE_AUTH_FAIL:
+		SM_ENTER(BE_AUTH, IDLE);
+		break;
+	case BE_AUTH_TIMEOUT:
+		SM_ENTER(BE_AUTH, IDLE);
+		break;
+	case BE_AUTH_IDLE:
+		if (sm->eap_if->eapFail && sm->authStart)
+			SM_ENTER(BE_AUTH, FAIL);
+		else if (sm->eap_if->eapReq && sm->authStart)
+			SM_ENTER(BE_AUTH, REQUEST);
+		else if (sm->eap_if->eapSuccess && sm->authStart)
+			SM_ENTER(BE_AUTH, SUCCESS);
+		break;
+	case BE_AUTH_IGNORE:
+		if (sm->eapolEap)
+			SM_ENTER(BE_AUTH, RESPONSE);
+		else if (sm->eap_if->eapReq)
+			SM_ENTER(BE_AUTH, REQUEST);
+		else if (sm->eap_if->eapTimeout)
+			SM_ENTER(BE_AUTH, TIMEOUT);
+		break;
+	}
+}
+
+
+
+/* Reauthentication Timer state machine */
+
+SM_STATE(REAUTH_TIMER, INITIALIZE)
+{
+	SM_ENTRY_MA(REAUTH_TIMER, INITIALIZE, reauth_timer);
+
+	sm->reAuthWhen = sm->reAuthPeriod;
+}
+
+
+SM_STATE(REAUTH_TIMER, REAUTHENTICATE)
+{
+	SM_ENTRY_MA(REAUTH_TIMER, REAUTHENTICATE, reauth_timer);
+
+	sm->reAuthenticate = TRUE;
+	wpa_auth_sm_event(sm->sta->wpa_sm, WPA_REAUTH_EAPOL);
+}
+
+
+SM_STEP(REAUTH_TIMER)
+{
+	if (sm->portControl != Auto || sm->initialize ||
+	    sm->authPortStatus == Unauthorized || !sm->reAuthEnabled) {
+		SM_ENTER(REAUTH_TIMER, INITIALIZE);
+		return;
+	}
+
+	switch (sm->reauth_timer_state) {
+	case REAUTH_TIMER_INITIALIZE:
+		if (sm->reAuthWhen == 0)
+			SM_ENTER(REAUTH_TIMER, REAUTHENTICATE);
+		break;
+	case REAUTH_TIMER_REAUTHENTICATE:
+		SM_ENTER(REAUTH_TIMER, INITIALIZE);
+		break;
+	}
+}
+
+
+
+/* Authenticator Key Transmit state machine */
+
+SM_STATE(AUTH_KEY_TX, NO_KEY_TRANSMIT)
+{
+	SM_ENTRY_MA(AUTH_KEY_TX, NO_KEY_TRANSMIT, auth_key_tx);
+}
+
+
+SM_STATE(AUTH_KEY_TX, KEY_TRANSMIT)
+{
+	SM_ENTRY_MA(AUTH_KEY_TX, KEY_TRANSMIT, auth_key_tx);
+
+	txKey();
+	sm->eap_if->eapKeyAvailable = FALSE;
+	sm->keyDone = TRUE;
+}
+
+
+SM_STEP(AUTH_KEY_TX)
+{
+	if (sm->initialize || sm->portControl != Auto) {
+		SM_ENTER(AUTH_KEY_TX, NO_KEY_TRANSMIT);
+		return;
+	}
+
+	switch (sm->auth_key_tx_state) {
+	case AUTH_KEY_TX_NO_KEY_TRANSMIT:
+		if (sm->keyTxEnabled && sm->eap_if->eapKeyAvailable &&
+		    sm->keyRun && !wpa_auth_sta_wpa_version(sm->sta->wpa_sm))
+			SM_ENTER(AUTH_KEY_TX, KEY_TRANSMIT);
+		break;
+	case AUTH_KEY_TX_KEY_TRANSMIT:
+		if (!sm->keyTxEnabled || !sm->keyRun)
+			SM_ENTER(AUTH_KEY_TX, NO_KEY_TRANSMIT);
+		else if (sm->eap_if->eapKeyAvailable)
+			SM_ENTER(AUTH_KEY_TX, KEY_TRANSMIT);
+		break;
+	}
+}
+
+
+
+/* Key Receive state machine */
+
+SM_STATE(KEY_RX, NO_KEY_RECEIVE)
+{
+	SM_ENTRY_MA(KEY_RX, NO_KEY_RECEIVE, key_rx);
+}
+
+
+SM_STATE(KEY_RX, KEY_RECEIVE)
+{
+	SM_ENTRY_MA(KEY_RX, KEY_RECEIVE, key_rx);
+
+	processKey();
+	sm->rxKey = FALSE;
+}
+
+
+SM_STEP(KEY_RX)
+{
+	if (sm->initialize || !sm->eap_if->portEnabled) {
+		SM_ENTER(KEY_RX, NO_KEY_RECEIVE);
+		return;
+	}
+
+	switch (sm->key_rx_state) {
+	case KEY_RX_NO_KEY_RECEIVE:
+		if (sm->rxKey)
+			SM_ENTER(KEY_RX, KEY_RECEIVE);
+		break;
+	case KEY_RX_KEY_RECEIVE:
+		if (sm->rxKey)
+			SM_ENTER(KEY_RX, KEY_RECEIVE);
+		break;
+	}
+}
+
+
+
+/* Controlled Directions state machine */
+
+SM_STATE(CTRL_DIR, FORCE_BOTH)
+{
+	SM_ENTRY_MA(CTRL_DIR, FORCE_BOTH, ctrl_dir);
+	sm->operControlledDirections = Both;
+}
+
+
+SM_STATE(CTRL_DIR, IN_OR_BOTH)
+{
+	SM_ENTRY_MA(CTRL_DIR, IN_OR_BOTH, ctrl_dir);
+	sm->operControlledDirections = sm->adminControlledDirections;
+}
+
+
+SM_STEP(CTRL_DIR)
+{
+	if (sm->initialize) {
+		SM_ENTER(CTRL_DIR, IN_OR_BOTH);
+		return;
+	}
+
+	switch (sm->ctrl_dir_state) {
+	case CTRL_DIR_FORCE_BOTH:
+		if (sm->eap_if->portEnabled && sm->operEdge)
+			SM_ENTER(CTRL_DIR, IN_OR_BOTH);
+		break;
+	case CTRL_DIR_IN_OR_BOTH:
+		if (sm->operControlledDirections !=
+		    sm->adminControlledDirections)
+			SM_ENTER(CTRL_DIR, IN_OR_BOTH);
+		if (!sm->eap_if->portEnabled || !sm->operEdge)
+			SM_ENTER(CTRL_DIR, FORCE_BOTH);
+		break;
+	}
+}
+
+
+
+struct eapol_state_machine *
+eapol_auth_alloc(struct eapol_authenticator *eapol, const u8 *addr,
+		 int preauth, struct sta_info *sta)
+{
+	struct eapol_state_machine *sm;
+	struct hostapd_data *hapd; /* TODO: to be removed */
+	struct eap_config eap_conf;
+
+	if (eapol == NULL)
+		return NULL;
+	hapd = eapol->conf.hapd;
+
+	sm = os_zalloc(sizeof(*sm));
+	if (sm == NULL) {
+		wpa_printf(MSG_DEBUG, "IEEE 802.1X state machine allocation "
+			   "failed");
+		return NULL;
+	}
+	sm->radius_identifier = -1;
+	os_memcpy(sm->addr, addr, ETH_ALEN);
+	if (preauth)
+		sm->flags |= EAPOL_SM_PREAUTH;
+
+	sm->hapd = hapd;
+	sm->eapol = eapol;
+	sm->sta = sta;
+
+	/* Set default values for state machine constants */
+	sm->auth_pae_state = AUTH_PAE_INITIALIZE;
+	sm->quietPeriod = AUTH_PAE_DEFAULT_quietPeriod;
+	sm->reAuthMax = AUTH_PAE_DEFAULT_reAuthMax;
+
+	sm->be_auth_state = BE_AUTH_INITIALIZE;
+	sm->serverTimeout = BE_AUTH_DEFAULT_serverTimeout;
+
+	sm->reauth_timer_state = REAUTH_TIMER_INITIALIZE;
+	sm->reAuthPeriod = eapol->conf.eap_reauth_period;
+	sm->reAuthEnabled = eapol->conf.eap_reauth_period > 0 ? TRUE : FALSE;
+
+	sm->auth_key_tx_state = AUTH_KEY_TX_NO_KEY_TRANSMIT;
+
+	sm->key_rx_state = KEY_RX_NO_KEY_RECEIVE;
+
+	sm->ctrl_dir_state = CTRL_DIR_IN_OR_BOTH;
+
+	sm->portControl = Auto;
+
+	if (!eapol->conf.wpa &&
+	    (hapd->default_wep_key || eapol->conf.individual_wep_key_len > 0))
+		sm->keyTxEnabled = TRUE;
+	else
+		sm->keyTxEnabled = FALSE;
+	if (eapol->conf.wpa)
+		sm->portValid = FALSE;
+	else
+		sm->portValid = TRUE;
+
+	os_memset(&eap_conf, 0, sizeof(eap_conf));
+	eap_conf.eap_server = eapol->conf.eap_server;
+	eap_conf.ssl_ctx = eapol->conf.ssl_ctx;
+	eap_conf.eap_sim_db_priv = eapol->conf.eap_sim_db_priv;
+	eap_conf.pac_opaque_encr_key = eapol->conf.pac_opaque_encr_key;
+	eap_conf.eap_fast_a_id = eapol->conf.eap_fast_a_id;
+	eap_conf.eap_sim_aka_result_ind = eapol->conf.eap_sim_aka_result_ind;
+	sm->eap = eap_server_sm_init(sm, &eapol_cb, &eap_conf);
+	if (sm->eap == NULL) {
+		eapol_auth_free(sm);
+		return NULL;
+	}
+	sm->eap_if = eap_get_interface(sm->eap);
+
+	eapol_auth_initialize(sm);
+
+	return sm;
+}
+
+
+void eapol_auth_free(struct eapol_state_machine *sm)
+{
+	if (sm == NULL)
+		return;
+
+	eloop_cancel_timeout(eapol_port_timers_tick, NULL, sm);
+	eloop_cancel_timeout(eapol_sm_step_cb, sm, NULL);
+	if (sm->eap)
+		eap_server_sm_deinit(sm->eap);
+	os_free(sm);
+}
+
+
+static int eapol_sm_sta_entry_alive(struct eapol_authenticator *eapol,
+				    const u8 *addr)
+{
+	return eapol->cb.sta_entry_alive(eapol->conf.hapd, addr);
+}
+
+
+static void eapol_sm_step_run(struct eapol_state_machine *sm)
+{
+	struct eapol_authenticator *eapol = sm->eapol;
+	u8 addr[ETH_ALEN];
+	unsigned int prev_auth_pae, prev_be_auth, prev_reauth_timer,
+		prev_auth_key_tx, prev_key_rx, prev_ctrl_dir;
+	int max_steps = 100;
+
+	os_memcpy(addr, sm->addr, ETH_ALEN);
+
+	/*
+	 * Allow EAPOL state machines to run as long as there are state
+	 * changes, but exit and return here through event loop if more than
+	 * 100 steps is needed as a precaution against infinite loops inside
+	 * eloop callback.
+	 */
+restart:
+	prev_auth_pae = sm->auth_pae_state;
+	prev_be_auth = sm->be_auth_state;
+	prev_reauth_timer = sm->reauth_timer_state;
+	prev_auth_key_tx = sm->auth_key_tx_state;
+	prev_key_rx = sm->key_rx_state;
+	prev_ctrl_dir = sm->ctrl_dir_state;
+
+	SM_STEP_RUN(AUTH_PAE);
+	if (sm->initializing || eapol_sm_sta_entry_alive(eapol, addr))
+		SM_STEP_RUN(BE_AUTH);
+	if (sm->initializing || eapol_sm_sta_entry_alive(eapol, addr))
+		SM_STEP_RUN(REAUTH_TIMER);
+	if (sm->initializing || eapol_sm_sta_entry_alive(eapol, addr))
+		SM_STEP_RUN(AUTH_KEY_TX);
+	if (sm->initializing || eapol_sm_sta_entry_alive(eapol, addr))
+		SM_STEP_RUN(KEY_RX);
+	if (sm->initializing || eapol_sm_sta_entry_alive(eapol, addr))
+		SM_STEP_RUN(CTRL_DIR);
+
+	if (prev_auth_pae != sm->auth_pae_state ||
+	    prev_be_auth != sm->be_auth_state ||
+	    prev_reauth_timer != sm->reauth_timer_state ||
+	    prev_auth_key_tx != sm->auth_key_tx_state ||
+	    prev_key_rx != sm->key_rx_state ||
+	    prev_ctrl_dir != sm->ctrl_dir_state) {
+		if (--max_steps > 0)
+			goto restart;
+		/* Re-run from eloop timeout */
+		eapol_auth_step(sm);
+		return;
+	}
+
+	if (eapol_sm_sta_entry_alive(eapol, addr) && sm->eap) {
+		if (eap_server_sm_step(sm->eap)) {
+			if (--max_steps > 0)
+				goto restart;
+			/* Re-run from eloop timeout */
+			eapol_auth_step(sm);
+			return;
+		}
+
+		/* TODO: find a better location for this */
+		if (sm->eap_if->aaaEapResp) {
+			sm->eap_if->aaaEapResp = FALSE;
+			if (sm->eap_if->aaaEapRespData == NULL) {
+				wpa_printf(MSG_DEBUG, "EAPOL: aaaEapResp set, "
+					   "but no aaaEapRespData available");
+				return;
+			}
+			sm->eapol->cb.aaa_send(
+				sm->hapd, sm->sta,
+				wpabuf_head(sm->eap_if->aaaEapRespData),
+				wpabuf_len(sm->eap_if->aaaEapRespData));
+		}
+	}
+
+	if (eapol_sm_sta_entry_alive(eapol, addr))
+		wpa_auth_sm_notify(sm->sta->wpa_sm);
+}
+
+
+static void eapol_sm_step_cb(void *eloop_ctx, void *timeout_ctx)
+{
+	struct eapol_state_machine *sm = eloop_ctx;
+	eapol_sm_step_run(sm);
+}
+
+
+void eapol_auth_step(struct eapol_state_machine *sm)
+{
+	/*
+	 * Run eapol_sm_step_run from a registered timeout to make sure that
+	 * other possible timeouts/events are processed and to avoid long
+	 * function call chains.
+	 */
+
+	eloop_register_timeout(0, 0, eapol_sm_step_cb, sm, NULL);
+}
+
+
+void eapol_auth_initialize(struct eapol_state_machine *sm)
+{
+	sm->initializing = TRUE;
+	/* Initialize the state machines by asserting initialize and then
+	 * deasserting it after one step */
+	sm->initialize = TRUE;
+	eapol_sm_step_run(sm);
+	sm->initialize = FALSE;
+	eapol_sm_step_run(sm);
+	sm->initializing = FALSE;
+
+	/* Start one second tick for port timers state machine */
+	eloop_cancel_timeout(eapol_port_timers_tick, NULL, sm);
+	eloop_register_timeout(1, 0, eapol_port_timers_tick, NULL, sm);
+}
+
+
+#ifdef HOSTAPD_DUMP_STATE
+static inline const char * port_type_txt(PortTypes pt)
+{
+	switch (pt) {
+	case ForceUnauthorized: return "ForceUnauthorized";
+	case ForceAuthorized: return "ForceAuthorized";
+	case Auto: return "Auto";
+	default: return "Unknown";
+	}
+}
+
+
+static inline const char * port_state_txt(PortState ps)
+{
+	switch (ps) {
+	case Unauthorized: return "Unauthorized";
+	case Authorized: return "Authorized";
+	default: return "Unknown";
+	}
+}
+
+
+static inline const char * ctrl_dir_txt(ControlledDirection dir)
+{
+	switch (dir) {
+	case Both: return "Both";
+	case In: return "In";
+	default: return "Unknown";
+	}
+}
+
+
+static inline const char * auth_pae_state_txt(int s)
+{
+	switch (s) {
+	case AUTH_PAE_INITIALIZE: return "INITIALIZE";
+	case AUTH_PAE_DISCONNECTED: return "DISCONNECTED";
+	case AUTH_PAE_CONNECTING: return "CONNECTING";
+	case AUTH_PAE_AUTHENTICATING: return "AUTHENTICATING";
+	case AUTH_PAE_AUTHENTICATED: return "AUTHENTICATED";
+	case AUTH_PAE_ABORTING: return "ABORTING";
+	case AUTH_PAE_HELD: return "HELD";
+	case AUTH_PAE_FORCE_AUTH: return "FORCE_AUTH";
+	case AUTH_PAE_FORCE_UNAUTH: return "FORCE_UNAUTH";
+	case AUTH_PAE_RESTART: return "RESTART";
+	default: return "Unknown";
+	}
+}
+
+
+static inline const char * be_auth_state_txt(int s)
+{
+	switch (s) {
+	case BE_AUTH_REQUEST: return "REQUEST";
+	case BE_AUTH_RESPONSE: return "RESPONSE";
+	case BE_AUTH_SUCCESS: return "SUCCESS";
+	case BE_AUTH_FAIL: return "FAIL";
+	case BE_AUTH_TIMEOUT: return "TIMEOUT";
+	case BE_AUTH_IDLE: return "IDLE";
+	case BE_AUTH_INITIALIZE: return "INITIALIZE";
+	case BE_AUTH_IGNORE: return "IGNORE";
+	default: return "Unknown";
+	}
+}
+
+
+static inline const char * reauth_timer_state_txt(int s)
+{
+	switch (s) {
+	case REAUTH_TIMER_INITIALIZE: return "INITIALIZE";
+	case REAUTH_TIMER_REAUTHENTICATE: return "REAUTHENTICATE";
+	default: return "Unknown";
+	}
+}
+
+
+static inline const char * auth_key_tx_state_txt(int s)
+{
+	switch (s) {
+	case AUTH_KEY_TX_NO_KEY_TRANSMIT: return "NO_KEY_TRANSMIT";
+	case AUTH_KEY_TX_KEY_TRANSMIT: return "KEY_TRANSMIT";
+	default: return "Unknown";
+	}
+}
+
+
+static inline const char * key_rx_state_txt(int s)
+{
+	switch (s) {
+	case KEY_RX_NO_KEY_RECEIVE: return "NO_KEY_RECEIVE";
+	case KEY_RX_KEY_RECEIVE: return "KEY_RECEIVE";
+	default: return "Unknown";
+	}
+}
+
+
+static inline const char * ctrl_dir_state_txt(int s)
+{
+	switch (s) {
+	case CTRL_DIR_FORCE_BOTH: return "FORCE_BOTH";
+	case CTRL_DIR_IN_OR_BOTH: return "IN_OR_BOTH";
+	default: return "Unknown";
+	}
+}
+
+
+void eapol_auth_dump_state(FILE *f, const char *prefix,
+			   struct eapol_state_machine *sm)
+{
+	fprintf(f, "%sEAPOL state machine:\n", prefix);
+	fprintf(f, "%s  aWhile=%d quietWhile=%d reAuthWhen=%d\n", prefix,
+		sm->aWhile, sm->quietWhile, sm->reAuthWhen);
+#define _SB(b) ((b) ? "TRUE" : "FALSE")
+	fprintf(f,
+		"%s  authAbort=%s authFail=%s authPortStatus=%s authStart=%s\n"
+		"%s  authTimeout=%s authSuccess=%s eapFail=%s eapolEap=%s\n"
+		"%s  eapSuccess=%s eapTimeout=%s initialize=%s "
+		"keyAvailable=%s\n"
+		"%s  keyDone=%s keyRun=%s keyTxEnabled=%s portControl=%s\n"
+		"%s  portEnabled=%s portValid=%s reAuthenticate=%s\n",
+		prefix, _SB(sm->authAbort), _SB(sm->authFail),
+		port_state_txt(sm->authPortStatus), _SB(sm->authStart),
+		prefix, _SB(sm->authTimeout), _SB(sm->authSuccess),
+		_SB(sm->eap_if->eapFail), _SB(sm->eapolEap),
+		prefix, _SB(sm->eap_if->eapSuccess),
+		_SB(sm->eap_if->eapTimeout),
+		_SB(sm->initialize), _SB(sm->eap_if->eapKeyAvailable),
+		prefix, _SB(sm->keyDone), _SB(sm->keyRun),
+		_SB(sm->keyTxEnabled), port_type_txt(sm->portControl),
+		prefix, _SB(sm->eap_if->portEnabled), _SB(sm->portValid),
+		_SB(sm->reAuthenticate));
+
+	fprintf(f, "%s  Authenticator PAE:\n"
+		"%s    state=%s\n"
+		"%s    eapolLogoff=%s eapolStart=%s eapRestart=%s\n"
+		"%s    portMode=%s reAuthCount=%d\n"
+		"%s    quietPeriod=%d reAuthMax=%d\n"
+		"%s    authEntersConnecting=%d\n"
+		"%s    authEapLogoffsWhileConnecting=%d\n"
+		"%s    authEntersAuthenticating=%d\n"
+		"%s    authAuthSuccessesWhileAuthenticating=%d\n"
+		"%s    authAuthTimeoutsWhileAuthenticating=%d\n"
+		"%s    authAuthFailWhileAuthenticating=%d\n"
+		"%s    authAuthEapStartsWhileAuthenticating=%d\n"
+		"%s    authAuthEapLogoffWhileAuthenticating=%d\n"
+		"%s    authAuthReauthsWhileAuthenticated=%d\n"
+		"%s    authAuthEapStartsWhileAuthenticated=%d\n"
+		"%s    authAuthEapLogoffWhileAuthenticated=%d\n",
+		prefix, prefix, auth_pae_state_txt(sm->auth_pae_state), prefix,
+		_SB(sm->eapolLogoff), _SB(sm->eapolStart),
+		_SB(sm->eap_if->eapRestart),
+		prefix, port_type_txt(sm->portMode), sm->reAuthCount,
+		prefix, sm->quietPeriod, sm->reAuthMax,
+		prefix, sm->authEntersConnecting,
+		prefix, sm->authEapLogoffsWhileConnecting,
+		prefix, sm->authEntersAuthenticating,
+		prefix, sm->authAuthSuccessesWhileAuthenticating,
+		prefix, sm->authAuthTimeoutsWhileAuthenticating,
+		prefix, sm->authAuthFailWhileAuthenticating,
+		prefix, sm->authAuthEapStartsWhileAuthenticating,
+		prefix, sm->authAuthEapLogoffWhileAuthenticating,
+		prefix, sm->authAuthReauthsWhileAuthenticated,
+		prefix, sm->authAuthEapStartsWhileAuthenticated,
+		prefix, sm->authAuthEapLogoffWhileAuthenticated);
+
+	fprintf(f, "%s  Backend Authentication:\n"
+		"%s    state=%s\n"
+		"%s    eapNoReq=%s eapReq=%s eapResp=%s\n"
+		"%s    serverTimeout=%d\n"
+		"%s    backendResponses=%d\n"
+		"%s    backendAccessChallenges=%d\n"
+		"%s    backendOtherRequestsToSupplicant=%d\n"
+		"%s    backendAuthSuccesses=%d\n"
+		"%s    backendAuthFails=%d\n",
+		prefix, prefix,
+		be_auth_state_txt(sm->be_auth_state),
+		prefix, _SB(sm->eap_if->eapNoReq), _SB(sm->eap_if->eapReq),
+		_SB(sm->eap_if->eapResp),
+		prefix, sm->serverTimeout,
+		prefix, sm->backendResponses,
+		prefix, sm->backendAccessChallenges,
+		prefix, sm->backendOtherRequestsToSupplicant,
+		prefix, sm->backendAuthSuccesses,
+		prefix, sm->backendAuthFails);
+
+	fprintf(f, "%s  Reauthentication Timer:\n"
+		"%s    state=%s\n"
+		"%s    reAuthPeriod=%d reAuthEnabled=%s\n", prefix, prefix,
+		reauth_timer_state_txt(sm->reauth_timer_state), prefix,
+		sm->reAuthPeriod, _SB(sm->reAuthEnabled));
+
+	fprintf(f, "%s  Authenticator Key Transmit:\n"
+		"%s    state=%s\n", prefix, prefix,
+		auth_key_tx_state_txt(sm->auth_key_tx_state));
+
+	fprintf(f, "%s  Key Receive:\n"
+		"%s    state=%s\n"
+		"%s    rxKey=%s\n", prefix, prefix,
+		key_rx_state_txt(sm->key_rx_state), prefix, _SB(sm->rxKey));
+
+	fprintf(f, "%s  Controlled Directions:\n"
+		"%s    state=%s\n"
+		"%s    adminControlledDirections=%s "
+		"operControlledDirections=%s\n"
+		"%s    operEdge=%s\n", prefix, prefix,
+		ctrl_dir_state_txt(sm->ctrl_dir_state),
+		prefix, ctrl_dir_txt(sm->adminControlledDirections),
+		ctrl_dir_txt(sm->operControlledDirections),
+		prefix, _SB(sm->operEdge));
+#undef _SB
+}
+#endif /* HOSTAPD_DUMP_STATE */
+
+
+static int eapol_sm_get_eap_user(void *ctx, const u8 *identity,
+				 size_t identity_len, int phase2,
+				 struct eap_user *user)
+{
+	struct eapol_state_machine *sm = ctx;
+	return sm->eapol->cb.get_eap_user(sm->hapd, identity, identity_len,
+					  phase2, user);
+}
+
+
+static const char * eapol_sm_get_eap_req_id_text(void *ctx, size_t *len)
+{
+	struct eapol_state_machine *sm = ctx;
+	*len = sm->eapol->conf.eap_req_id_text_len;
+	return sm->eapol->conf.eap_req_id_text;
+}
+
+
+static struct eapol_callbacks eapol_cb =
+{
+	.get_eap_user = eapol_sm_get_eap_user,
+	.get_eap_req_id_text = eapol_sm_get_eap_req_id_text,
+};
+
+
+int eapol_auth_eap_pending_cb(struct eapol_state_machine *sm, void *ctx)
+{
+	if (sm == NULL || ctx != sm->eap)
+		return -1;
+
+	eap_sm_pending_cb(sm->eap);
+	eapol_auth_step(sm);
+
+	return 0;
+}
+
+
+static int eapol_auth_conf_clone(struct eapol_auth_config *dst,
+				 struct eapol_auth_config *src)
+{
+	dst->hapd = src->hapd;
+	dst->eap_reauth_period = src->eap_reauth_period;
+	dst->wpa = src->wpa;
+	dst->individual_wep_key_len = src->individual_wep_key_len;
+	dst->eap_server = src->eap_server;
+	dst->ssl_ctx = src->ssl_ctx;
+	dst->eap_sim_db_priv = src->eap_sim_db_priv;
+	os_free(dst->eap_req_id_text);
+	if (src->eap_req_id_text) {
+		dst->eap_req_id_text = os_malloc(src->eap_req_id_text_len);
+		if (dst->eap_req_id_text == NULL)
+			return -1;
+		os_memcpy(dst->eap_req_id_text, src->eap_req_id_text,
+			  src->eap_req_id_text_len);
+		dst->eap_req_id_text_len = src->eap_req_id_text_len;
+	} else {
+		dst->eap_req_id_text = NULL;
+		dst->eap_req_id_text_len = 0;
+	}
+	if (src->pac_opaque_encr_key) {
+		dst->pac_opaque_encr_key = os_malloc(16);
+		os_memcpy(dst->pac_opaque_encr_key, src->pac_opaque_encr_key,
+			  16);
+	} else
+		dst->pac_opaque_encr_key = NULL;
+	if (src->eap_fast_a_id)
+		dst->eap_fast_a_id = os_strdup(src->eap_fast_a_id);
+	else
+		dst->eap_fast_a_id = NULL;
+	dst->eap_sim_aka_result_ind = src->eap_sim_aka_result_ind;
+	return 0;
+}
+
+
+static void eapol_auth_conf_free(struct eapol_auth_config *conf)
+{
+	os_free(conf->eap_req_id_text);
+	conf->eap_req_id_text = NULL;
+	os_free(conf->pac_opaque_encr_key);
+	conf->pac_opaque_encr_key = NULL;
+	os_free(conf->eap_fast_a_id);
+	conf->eap_fast_a_id = NULL;
+}
+
+
+struct eapol_authenticator * eapol_auth_init(struct eapol_auth_config *conf,
+					     struct eapol_auth_cb *cb)
+{
+	struct eapol_authenticator *eapol;
+
+	eapol = os_zalloc(sizeof(*eapol));
+	if (eapol == NULL)
+		return NULL;
+
+	if (eapol_auth_conf_clone(&eapol->conf, conf) < 0) {
+		os_free(eapol);
+		return NULL;
+	}
+
+	eapol->cb.eapol_send = cb->eapol_send;
+	eapol->cb.aaa_send = cb->aaa_send;
+	eapol->cb.finished = cb->finished;
+	eapol->cb.get_eap_user = cb->get_eap_user;
+	eapol->cb.sta_entry_alive = cb->sta_entry_alive;
+	eapol->cb.logger = cb->logger;
+	eapol->cb.set_port_authorized = cb->set_port_authorized;
+	eapol->cb.abort_auth = cb->abort_auth;
+	eapol->cb.tx_key = cb->tx_key;
+
+	return eapol;
+}
+
+
+void eapol_auth_deinit(struct eapol_authenticator *eapol)
+{
+	if (eapol == NULL)
+		return;
+
+	eapol_auth_conf_free(&eapol->conf);
+	os_free(eapol);
+}

hostapd/eapol_sm.h

@@ -0,0 +1,253 @@
+/*
+ * hostapd / IEEE 802.1X-2004 Authenticator - EAPOL state machine
+ * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef EAPOL_SM_H
+#define EAPOL_SM_H
+
+#include "defs.h"
+
+/* IEEE Std 802.1X-2004, Ch. 8.2 */
+
+typedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 }
+	PortTypes;
+typedef enum { Unauthorized = 2, Authorized = 1 } PortState;
+typedef enum { Both = 0, In = 1 } ControlledDirection;
+typedef unsigned int Counter;
+
+struct eap_sm;
+
+struct radius_attr_data {
+	u8 *data;
+	size_t len;
+};
+
+struct radius_class_data {
+	struct radius_attr_data *attr;
+	size_t count;
+};
+
+
+struct eapol_auth_config {
+	int eap_reauth_period;
+	int wpa;
+	int individual_wep_key_len;
+	int eap_server;
+	void *ssl_ctx;
+	void *eap_sim_db_priv;
+	char *eap_req_id_text; /* a copy of this will be allocated */
+	size_t eap_req_id_text_len;
+	u8 *pac_opaque_encr_key;
+	char *eap_fast_a_id;
+	int eap_sim_aka_result_ind;
+
+	/*
+	 * Pointer to hostapd data. This is a temporary workaround for
+	 * transition phase and will be removed once IEEE 802.1X/EAPOL code is
+	 * separated more cleanly from rest of hostapd.
+	 */
+	struct hostapd_data *hapd;
+};
+
+struct eap_user;
+
+typedef enum {
+	EAPOL_LOGGER_DEBUG, EAPOL_LOGGER_INFO, EAPOL_LOGGER_WARNING
+} eapol_logger_level;
+
+struct eapol_auth_cb {
+	void (*eapol_send)(void *ctx, void *sta_ctx, u8 type, const u8 *data,
+			   size_t datalen);
+	void (*aaa_send)(void *ctx, void *sta_ctx, const u8 *data,
+			 size_t datalen);
+	void (*finished)(void *ctx, void *sta_ctx, int success, int preauth);
+	int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
+			    int phase2, struct eap_user *user);
+	int (*sta_entry_alive)(void *ctx, const u8 *addr);
+	void (*logger)(void *ctx, const u8 *addr, eapol_logger_level level,
+		       const char *txt);
+	void (*set_port_authorized)(void *ctx, void *sta_ctx, int authorized);
+	void (*abort_auth)(void *ctx, void *sta_ctx);
+	void (*tx_key)(void *ctx, void *sta_ctx);
+};
+
+/**
+ * struct eapol_authenticator - Global EAPOL authenticator data
+ */
+struct eapol_authenticator {
+	struct eapol_auth_config conf;
+	struct eapol_auth_cb cb;
+};
+
+
+/**
+ * struct eapol_state_machine - Per-Supplicant Authenticator state machines
+ */
+struct eapol_state_machine {
+	/* timers */
+	int aWhile;
+	int quietWhile;
+	int reAuthWhen;
+
+	/* global variables */
+	Boolean authAbort;
+	Boolean authFail;
+	PortState authPortStatus;
+	Boolean authStart;
+	Boolean authTimeout;
+	Boolean authSuccess;
+	Boolean eapolEap;
+	Boolean initialize;
+	Boolean keyDone;
+	Boolean keyRun;
+	Boolean keyTxEnabled;
+	PortTypes portControl;
+	Boolean portValid;
+	Boolean reAuthenticate;
+
+	/* Port Timers state machine */
+	/* 'Boolean tick' implicitly handled as registered timeout */
+
+	/* Authenticator PAE state machine */
+	enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING,
+	       AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED,
+	       AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH,
+	       AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state;
+	/* variables */
+	Boolean eapolLogoff;
+	Boolean eapolStart;
+	PortTypes portMode;
+	unsigned int reAuthCount;
+	/* constants */
+	unsigned int quietPeriod; /* default 60; 0..65535 */
+#define AUTH_PAE_DEFAULT_quietPeriod 60
+	unsigned int reAuthMax; /* default 2 */
+#define AUTH_PAE_DEFAULT_reAuthMax 2
+	/* counters */
+	Counter authEntersConnecting;
+	Counter authEapLogoffsWhileConnecting;
+	Counter authEntersAuthenticating;
+	Counter authAuthSuccessesWhileAuthenticating;
+	Counter authAuthTimeoutsWhileAuthenticating;
+	Counter authAuthFailWhileAuthenticating;
+	Counter authAuthEapStartsWhileAuthenticating;
+	Counter authAuthEapLogoffWhileAuthenticating;
+	Counter authAuthReauthsWhileAuthenticated;
+	Counter authAuthEapStartsWhileAuthenticated;
+	Counter authAuthEapLogoffWhileAuthenticated;
+
+	/* Backend Authentication state machine */
+	enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS,
+	       BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE,
+	       BE_AUTH_IGNORE
+	} be_auth_state;
+	/* constants */
+	unsigned int serverTimeout; /* default 30; 1..X */
+#define BE_AUTH_DEFAULT_serverTimeout 30
+	/* counters */
+	Counter backendResponses;
+	Counter backendAccessChallenges;
+	Counter backendOtherRequestsToSupplicant;
+	Counter backendAuthSuccesses;
+	Counter backendAuthFails;
+
+	/* Reauthentication Timer state machine */
+	enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE
+	} reauth_timer_state;
+	/* constants */
+	unsigned int reAuthPeriod; /* default 3600 s */
+	Boolean reAuthEnabled;
+
+	/* Authenticator Key Transmit state machine */
+	enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT
+	} auth_key_tx_state;
+
+	/* Key Receive state machine */
+	enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state;
+	/* variables */
+	Boolean rxKey;
+
+	/* Controlled Directions state machine */
+	enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state;
+	/* variables */
+	ControlledDirection adminControlledDirections;
+	ControlledDirection operControlledDirections;
+	Boolean operEdge;
+
+	/* Authenticator Statistics Table */
+	Counter dot1xAuthEapolFramesRx;
+	Counter dot1xAuthEapolFramesTx;
+	Counter dot1xAuthEapolStartFramesRx;
+	Counter dot1xAuthEapolLogoffFramesRx;
+	Counter dot1xAuthEapolRespIdFramesRx;
+	Counter dot1xAuthEapolRespFramesRx;
+	Counter dot1xAuthEapolReqIdFramesTx;
+	Counter dot1xAuthEapolReqFramesTx;
+	Counter dot1xAuthInvalidEapolFramesRx;
+	Counter dot1xAuthEapLengthErrorFramesRx;
+	Counter dot1xAuthLastEapolFrameVersion;
+
+	/* Other variables - not defined in IEEE 802.1X */
+	u8 addr[ETH_ALEN]; /* Supplicant address */
+#define EAPOL_SM_PREAUTH BIT(0)
+#define EAPOL_SM_WAIT_START BIT(1)
+	int flags; /* EAPOL_SM_* */
+
+	/* EAPOL/AAA <-> EAP full authenticator interface */
+	struct eap_eapol_interface *eap_if;
+
+	int radius_identifier;
+	/* TODO: check when the last messages can be released */
+	struct radius_msg *last_recv_radius;
+	u8 last_eap_id; /* last used EAP Identifier */
+	u8 *identity;
+	size_t identity_len;
+	u8 eap_type_authsrv; /* EAP type of the last EAP packet from
+			      * Authentication server */
+	u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */
+	struct radius_class_data radius_class;
+
+	/* Keys for encrypting and signing EAPOL-Key frames */
+	u8 *eapol_key_sign;
+	size_t eapol_key_sign_len;
+	u8 *eapol_key_crypt;
+	size_t eapol_key_crypt_len;
+
+	struct eap_sm *eap;
+
+	Boolean initializing; /* in process of initializing state machines */
+	Boolean changed;
+
+	struct eapol_authenticator *eapol;
+
+	/* Somewhat nasty pointers to global hostapd and STA data to avoid
+	 * passing these to every function */
+	struct hostapd_data *hapd;
+	struct sta_info *sta;
+};
+
+
+struct eapol_authenticator * eapol_auth_init(struct eapol_auth_config *conf,
+					     struct eapol_auth_cb *cb);
+void eapol_auth_deinit(struct eapol_authenticator *eapol);
+struct eapol_state_machine *
+eapol_auth_alloc(struct eapol_authenticator *eapol, const u8 *addr,
+		 int preauth, struct sta_info *sta);
+void eapol_auth_free(struct eapol_state_machine *sm);
+void eapol_auth_step(struct eapol_state_machine *sm);
+void eapol_auth_initialize(struct eapol_state_machine *sm);
+void eapol_auth_dump_state(FILE *f, const char *prefix,
+			   struct eapol_state_machine *sm);
+int eapol_auth_eap_pending_cb(struct eapol_state_machine *sm, void *ctx);
+
+#endif /* EAPOL_SM_H */

hostapd/hostap_common.h

@@ -0,0 +1,216 @@
+/*
+ * hostapd / Kernel driver communication with Linux Host AP driver
+ * Copyright (c) 2002-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef HOSTAP_COMMON_H
+#define HOSTAP_COMMON_H
+
+/* netdevice private ioctls (used, e.g., with iwpriv from user space) */
+
+/* New wireless extensions API - SET/GET convention (even ioctl numbers are
+ * root only)
+ */
+#define PRISM2_IOCTL_PRISM2_PARAM (SIOCIWFIRSTPRIV + 0)
+#define PRISM2_IOCTL_GET_PRISM2_PARAM (SIOCIWFIRSTPRIV + 1)
+#define PRISM2_IOCTL_WRITEMIF (SIOCIWFIRSTPRIV + 2)
+#define PRISM2_IOCTL_READMIF (SIOCIWFIRSTPRIV + 3)
+#define PRISM2_IOCTL_MONITOR (SIOCIWFIRSTPRIV + 4)
+#define PRISM2_IOCTL_RESET (SIOCIWFIRSTPRIV + 6)
+#define PRISM2_IOCTL_INQUIRE (SIOCIWFIRSTPRIV + 8)
+#define PRISM2_IOCTL_WDS_ADD (SIOCIWFIRSTPRIV + 10)
+#define PRISM2_IOCTL_WDS_DEL (SIOCIWFIRSTPRIV + 12)
+#define PRISM2_IOCTL_SET_RID_WORD (SIOCIWFIRSTPRIV + 14)
+#define PRISM2_IOCTL_MACCMD (SIOCIWFIRSTPRIV + 16)
+#define PRISM2_IOCTL_ADDMAC (SIOCIWFIRSTPRIV + 18)
+#define PRISM2_IOCTL_DELMAC (SIOCIWFIRSTPRIV + 20)
+#define PRISM2_IOCTL_KICKMAC (SIOCIWFIRSTPRIV + 22)
+
+/* following are not in SIOCGIWPRIV list; check permission in the driver code
+ */
+#define PRISM2_IOCTL_DOWNLOAD (SIOCDEVPRIVATE + 13)
+#define PRISM2_IOCTL_HOSTAPD (SIOCDEVPRIVATE + 14)
+
+
+/* PRISM2_IOCTL_PRISM2_PARAM ioctl() subtypes: */
+enum {
+	/* PRISM2_PARAM_PTYPE = 1, */ /* REMOVED 2003-10-22 */
+	PRISM2_PARAM_TXRATECTRL = 2,
+	PRISM2_PARAM_BEACON_INT = 3,
+	PRISM2_PARAM_PSEUDO_IBSS = 4,
+	PRISM2_PARAM_ALC = 5,
+	/* PRISM2_PARAM_TXPOWER = 6, */ /* REMOVED 2003-10-22 */
+	PRISM2_PARAM_DUMP = 7,
+	PRISM2_PARAM_OTHER_AP_POLICY = 8,
+	PRISM2_PARAM_AP_MAX_INACTIVITY = 9,
+	PRISM2_PARAM_AP_BRIDGE_PACKETS = 10,
+	PRISM2_PARAM_DTIM_PERIOD = 11,
+	PRISM2_PARAM_AP_NULLFUNC_ACK = 12,
+	PRISM2_PARAM_MAX_WDS = 13,
+	PRISM2_PARAM_AP_AUTOM_AP_WDS = 14,
+	PRISM2_PARAM_AP_AUTH_ALGS = 15,
+	PRISM2_PARAM_MONITOR_ALLOW_FCSERR = 16,
+	PRISM2_PARAM_HOST_ENCRYPT = 17,
+	PRISM2_PARAM_HOST_DECRYPT = 18,
+	PRISM2_PARAM_BUS_MASTER_THRESHOLD_RX = 19,
+	PRISM2_PARAM_BUS_MASTER_THRESHOLD_TX = 20,
+	PRISM2_PARAM_HOST_ROAMING = 21,
+	PRISM2_PARAM_BCRX_STA_KEY = 22,
+	PRISM2_PARAM_IEEE_802_1X = 23,
+	PRISM2_PARAM_ANTSEL_TX = 24,
+	PRISM2_PARAM_ANTSEL_RX = 25,
+	PRISM2_PARAM_MONITOR_TYPE = 26,
+	PRISM2_PARAM_WDS_TYPE = 27,
+	PRISM2_PARAM_HOSTSCAN = 28,
+	PRISM2_PARAM_AP_SCAN = 29,
+	PRISM2_PARAM_ENH_SEC = 30,
+	PRISM2_PARAM_IO_DEBUG = 31,
+	PRISM2_PARAM_BASIC_RATES = 32,
+	PRISM2_PARAM_OPER_RATES = 33,
+	PRISM2_PARAM_HOSTAPD = 34,
+	PRISM2_PARAM_HOSTAPD_STA = 35,
+	PRISM2_PARAM_WPA = 36,
+	PRISM2_PARAM_PRIVACY_INVOKED = 37,
+	PRISM2_PARAM_TKIP_COUNTERMEASURES = 38,
+	PRISM2_PARAM_DROP_UNENCRYPTED = 39,
+	PRISM2_PARAM_SCAN_CHANNEL_MASK = 40,
+};
+
+enum { HOSTAP_ANTSEL_DO_NOT_TOUCH = 0, HOSTAP_ANTSEL_DIVERSITY = 1,
+       HOSTAP_ANTSEL_LOW = 2, HOSTAP_ANTSEL_HIGH = 3 };
+
+
+/* PRISM2_IOCTL_MACCMD ioctl() subcommands: */
+enum { AP_MAC_CMD_POLICY_OPEN = 0, AP_MAC_CMD_POLICY_ALLOW = 1,
+       AP_MAC_CMD_POLICY_DENY = 2, AP_MAC_CMD_FLUSH = 3,
+       AP_MAC_CMD_KICKALL = 4 };
+
+
+/* PRISM2_IOCTL_DOWNLOAD ioctl() dl_cmd: */
+enum {
+	PRISM2_DOWNLOAD_VOLATILE = 1 /* RAM */,
+	/* Note! Old versions of prism2_srec have a fatal error in CRC-16
+	 * calculation, which will corrupt all non-volatile downloads.
+	 * PRISM2_DOWNLOAD_NON_VOLATILE used to be 2, but it is now 3 to
+	 * prevent use of old versions of prism2_srec for non-volatile
+	 * download. */
+	PRISM2_DOWNLOAD_NON_VOLATILE = 3 /* FLASH */,
+	PRISM2_DOWNLOAD_VOLATILE_GENESIS = 4 /* RAM in Genesis mode */,
+	/* Persistent versions of volatile download commands (keep firmware
+	 * data in memory and automatically re-download after hw_reset */
+	PRISM2_DOWNLOAD_VOLATILE_PERSISTENT = 5,
+	PRISM2_DOWNLOAD_VOLATILE_GENESIS_PERSISTENT = 6,
+};
+
+struct prism2_download_param {
+	u32 dl_cmd;
+	u32 start_addr;
+	u32 num_areas;
+	struct prism2_download_area {
+		u32 addr; /* wlan card address */
+		u32 len;
+		caddr_t ptr; /* pointer to data in user space */
+	} data[0];
+};
+
+#define PRISM2_MAX_DOWNLOAD_AREA_LEN 131072
+#define PRISM2_MAX_DOWNLOAD_LEN 262144
+
+
+/* PRISM2_IOCTL_HOSTAPD ioctl() cmd: */
+enum {
+	PRISM2_HOSTAPD_FLUSH = 1,
+	PRISM2_HOSTAPD_ADD_STA = 2,
+	PRISM2_HOSTAPD_REMOVE_STA = 3,
+	PRISM2_HOSTAPD_GET_INFO_STA = 4,
+	/* REMOVED: PRISM2_HOSTAPD_RESET_TXEXC_STA = 5, */
+	PRISM2_SET_ENCRYPTION = 6,
+	PRISM2_GET_ENCRYPTION = 7,
+	PRISM2_HOSTAPD_SET_FLAGS_STA = 8,
+	PRISM2_HOSTAPD_GET_RID = 9,
+	PRISM2_HOSTAPD_SET_RID = 10,
+	PRISM2_HOSTAPD_SET_ASSOC_AP_ADDR = 11,
+	PRISM2_HOSTAPD_SET_GENERIC_ELEMENT = 12,
+	PRISM2_HOSTAPD_MLME = 13,
+	PRISM2_HOSTAPD_SCAN_REQ = 14,
+	PRISM2_HOSTAPD_STA_CLEAR_STATS = 15,
+};
+
+#define PRISM2_HOSTAPD_MAX_BUF_SIZE 1024
+#define PRISM2_HOSTAPD_RID_HDR_LEN \
+((int) (&((struct prism2_hostapd_param *) 0)->u.rid.data))
+#define PRISM2_HOSTAPD_GENERIC_ELEMENT_HDR_LEN \
+((int) (&((struct prism2_hostapd_param *) 0)->u.generic_elem.data))
+
+/* Maximum length for algorithm names (-1 for nul termination) used in ioctl()
+ */
+#define HOSTAP_CRYPT_ALG_NAME_LEN 16
+
+
+struct prism2_hostapd_param {
+	u32 cmd;
+	u8 sta_addr[ETH_ALEN];
+	union {
+		struct {
+			u16 aid;
+			u16 capability;
+			u8 tx_supp_rates;
+		} add_sta;
+		struct {
+			u32 inactive_sec;
+		} get_info_sta;
+		struct {
+			u8 alg[HOSTAP_CRYPT_ALG_NAME_LEN];
+			u32 flags;
+			u32 err;
+			u8 idx;
+			u8 seq[8]; /* sequence counter (set: RX, get: TX) */
+			u16 key_len;
+			u8 key[0];
+		} crypt;
+		struct {
+			u32 flags_and;
+			u32 flags_or;
+		} set_flags_sta;
+		struct {
+			u16 rid;
+			u16 len;
+			u8 data[0];
+		} rid;
+		struct {
+			u8 len;
+			u8 data[0];
+		} generic_elem;
+		struct {
+#define MLME_STA_DEAUTH 0
+#define MLME_STA_DISASSOC 1
+			u16 cmd;
+			u16 reason_code;
+		} mlme;
+		struct {
+			u8 ssid_len;
+			u8 ssid[32];
+		} scan_req;
+	} u;
+};
+
+#define HOSTAP_CRYPT_FLAG_SET_TX_KEY BIT(0)
+#define HOSTAP_CRYPT_FLAG_PERMANENT BIT(1)
+
+#define HOSTAP_CRYPT_ERR_UNKNOWN_ALG 2
+#define HOSTAP_CRYPT_ERR_UNKNOWN_ADDR 3
+#define HOSTAP_CRYPT_ERR_CRYPT_INIT_FAILED 4
+#define HOSTAP_CRYPT_ERR_KEY_SET_FAILED 5
+#define HOSTAP_CRYPT_ERR_TX_KEY_SET_FAILED 6
+#define HOSTAP_CRYPT_ERR_CARD_CONF_FAILED 7
+
+#endif /* HOSTAP_COMMON_H */

hostapd/hostapd.8

@@ -0,0 +1,59 @@
+.TH HOSTAPD 8 "April  7, 2005" hostapd hostapd
+.SH NAME
+hostapd \- IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
+.SH SYNOPSIS
+.B hostapd
+[-hdBKtv] [-P <PID file>] <configuration file(s)>
+.SH DESCRIPTION
+This manual page documents briefly the
+.B hostapd
+daemon.
+.PP
+.B hostapd
+is a user space daemon for access point and authentication servers.
+It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server.
+The current version supports Linux (Host AP, madwifi, Prism54 drivers) and FreeBSD (net80211).
+
+.B hostapd
+is designed to be a "daemon" program that runs in the background and acts as the backend component controlling authentication.
+.B hostapd
+supports separate frontend programs and an example text-based frontend,
+.BR hostapd_cli ,
+is included with
+.BR hostapd .
+.SH OPTIONS
+A summary of options is included below.
+For a complete description, run
+.BR hostapd
+from the command line.
+.TP
+.B \-h
+Show usage.
+.TP
+.B \-d
+Show more debug messages.
+.TP
+.B \-dd
+Show even more debug messages.
+.TP
+.B \-B
+Run daemon in the background.
+.TP
+.B \-P <PID file>
+Path to PID file.
+.TP
+.B \-K
+Include key data in debug messages.
+.TP
+.B \-t
+Include timestamps in some debug messages.
+.TP
+.B \-v
+Show hostapd version.
+.SH SEE ALSO
+.BR hostapd_cli (1).
+.SH AUTHOR
+hostapd was written by Jouni Malinen <j@w1.fi>. 
+.PP
+This manual page was written by Faidon Liambotis <faidon@cube.gr>,
+for the Debian project (but may be used by others).

hostapd/hostapd.accept

@@ -0,0 +1,5 @@
+# List of MAC addresses that are allowed to authenticate (IEEE 802.11)
+# with the AP.
+00:11:22:33:44:55
+00:66:77:88:99:aa
+00:00:22:33:44:55

hostapd/hostapd.c

@@ -0,0 +1,2000 @@
+/*
+ * hostapd / Initialization and configuration
+ * Copyright (c) 2002-2008, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#ifndef CONFIG_NATIVE_WINDOWS
+#include <syslog.h>
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+#include "eloop.h"
+#include "hostapd.h"
+#include "ieee802_1x.h"
+#include "ieee802_11.h"
+#include "beacon.h"
+#include "hw_features.h"
+#include "accounting.h"
+#include "eapol_sm.h"
+#include "iapp.h"
+#include "ap.h"
+#include "ieee802_11_auth.h"
+#include "ap_list.h"
+#include "sta_info.h"
+#include "driver.h"
+#include "radius/radius_client.h"
+#include "radius/radius_server.h"
+#include "wpa.h"
+#include "preauth.h"
+#include "wme.h"
+#include "vlan_init.h"
+#include "ctrl_iface.h"
+#include "tls.h"
+#include "eap_server/eap_sim_db.h"
+#include "eap_server/eap.h"
+#include "version.h"
+#include "l2_packet/l2_packet.h"
+
+
+static int hostapd_radius_get_eap_user(void *ctx, const u8 *identity,
+				       size_t identity_len, int phase2,
+				       struct eap_user *user);
+
+struct hapd_interfaces {
+	size_t count;
+	struct hostapd_iface **iface;
+};
+
+unsigned char rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
+
+
+extern int wpa_debug_level;
+extern int wpa_debug_show_keys;
+extern int wpa_debug_timestamp;
+
+
+static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module,
+			      int level, const char *txt, size_t len)
+{
+	struct hostapd_data *hapd = ctx;
+	char *format, *module_str;
+	int maxlen;
+	int conf_syslog_level, conf_stdout_level;
+	unsigned int conf_syslog, conf_stdout;
+
+	maxlen = len + 100;
+	format = os_malloc(maxlen);
+	if (!format)
+		return;
+
+	if (hapd && hapd->conf) {
+		conf_syslog_level = hapd->conf->logger_syslog_level;
+		conf_stdout_level = hapd->conf->logger_stdout_level;
+		conf_syslog = hapd->conf->logger_syslog;
+		conf_stdout = hapd->conf->logger_stdout;
+	} else {
+		conf_syslog_level = conf_stdout_level = 0;
+		conf_syslog = conf_stdout = (unsigned int) -1;
+	}
+
+	switch (module) {
+	case HOSTAPD_MODULE_IEEE80211:
+		module_str = "IEEE 802.11";
+		break;
+	case HOSTAPD_MODULE_IEEE8021X:
+		module_str = "IEEE 802.1X";
+		break;
+	case HOSTAPD_MODULE_RADIUS:
+		module_str = "RADIUS";
+		break;
+	case HOSTAPD_MODULE_WPA:
+		module_str = "WPA";
+		break;
+	case HOSTAPD_MODULE_DRIVER:
+		module_str = "DRIVER";
+		break;
+	case HOSTAPD_MODULE_IAPP:
+		module_str = "IAPP";
+		break;
+	case HOSTAPD_MODULE_MLME:
+		module_str = "MLME";
+		break;
+	default:
+		module_str = NULL;
+		break;
+	}
+
+	if (hapd && hapd->conf && addr)
+		os_snprintf(format, maxlen, "%s: STA " MACSTR "%s%s: %s",
+			    hapd->conf->iface, MAC2STR(addr),
+			    module_str ? " " : "", module_str, txt);
+	else if (hapd && hapd->conf)
+		os_snprintf(format, maxlen, "%s:%s%s %s",
+			    hapd->conf->iface, module_str ? " " : "",
+			    module_str, txt);
+	else if (addr)
+		os_snprintf(format, maxlen, "STA " MACSTR "%s%s: %s",
+			    MAC2STR(addr), module_str ? " " : "",
+			    module_str, txt);
+	else
+		os_snprintf(format, maxlen, "%s%s%s",
+			    module_str, module_str ? ": " : "", txt);
+
+	if ((conf_stdout & module) && level >= conf_stdout_level) {
+		wpa_debug_print_timestamp();
+		printf("%s\n", format);
+	}
+
+#ifndef CONFIG_NATIVE_WINDOWS
+	if ((conf_syslog & module) && level >= conf_syslog_level) {
+		int priority;
+		switch (level) {
+		case HOSTAPD_LEVEL_DEBUG_VERBOSE:
+		case HOSTAPD_LEVEL_DEBUG:
+			priority = LOG_DEBUG;
+			break;
+		case HOSTAPD_LEVEL_INFO:
+			priority = LOG_INFO;
+			break;
+		case HOSTAPD_LEVEL_NOTICE:
+			priority = LOG_NOTICE;
+			break;
+		case HOSTAPD_LEVEL_WARNING:
+			priority = LOG_WARNING;
+			break;
+		default:
+			priority = LOG_INFO;
+			break;
+		}
+		syslog(priority, "%s", format);
+	}
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+	os_free(format);
+}
+
+
+static void hostapd_deauth_all_stas(struct hostapd_data *hapd)
+{
+#if 0
+	u8 addr[ETH_ALEN];
+
+	os_memset(addr, 0xff, ETH_ALEN);
+	hostapd_sta_deauth(hapd, addr, WLAN_REASON_PREV_AUTH_NOT_VALID);
+#else
+	/* New Prism2.5/3 STA firmware versions seem to have issues with this
+	 * broadcast deauth frame. This gets the firmware in odd state where
+	 * nothing works correctly, so let's skip sending this for a while
+	 * until the issue has been resolved. */
+#endif
+}
+
+
+/**
+ * hostapd_prune_associations - Remove extraneous associations
+ * @hapd: Pointer to BSS data for the most recent association
+ * @sta: Pointer to the associated STA data
+ *
+ * This function looks through all radios and BSS's for previous
+ * (stale) associations of STA. If any are found they are removed.
+ */
+static void hostapd_prune_associations(struct hostapd_data *hapd,
+				       struct sta_info *sta)
+{
+	struct sta_info *osta;
+	struct hostapd_data *ohapd;
+	size_t i, j;
+	struct hapd_interfaces *interfaces = eloop_get_user_data();
+
+	for (i = 0; i < interfaces->count; i++) {
+		for (j = 0; j < interfaces->iface[i]->num_bss; j++) {
+			ohapd = interfaces->iface[i]->bss[j];
+			if (ohapd == hapd)
+				continue;
+			osta = ap_get_sta(ohapd, sta->addr);
+			if (!osta)
+				continue;
+
+			ap_sta_disassociate(ohapd, osta,
+					    WLAN_REASON_UNSPECIFIED);
+		}
+	}
+}
+
+
+/**
+ * hostapd_new_assoc_sta - Notify that a new station associated with the AP
+ * @hapd: Pointer to BSS data
+ * @sta: Pointer to the associated STA data
+ * @reassoc: 1 to indicate this was a re-association; 0 = first association
+ *
+ * This function will be called whenever a station associates with the AP. It
+ * can be called for ieee802_11.c for drivers that export MLME to hostapd and
+ * from driver_*.c for drivers that take care of management frames (IEEE 802.11
+ * authentication and association) internally.
+ */
+void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
+			   int reassoc)
+{
+	if (hapd->tkip_countermeasures) {
+		hostapd_sta_deauth(hapd, sta->addr,
+				   WLAN_REASON_MICHAEL_MIC_FAILURE);
+		return;
+	}
+
+	hostapd_prune_associations(hapd, sta);
+
+	/* IEEE 802.11F (IAPP) */
+	if (hapd->conf->ieee802_11f)
+		iapp_new_station(hapd->iapp, sta);
+
+	/* Start accounting here, if IEEE 802.1X and WPA are not used.
+	 * IEEE 802.1X/WPA code will start accounting after the station has
+	 * been authorized. */
+	if (!hapd->conf->ieee802_1x && !hapd->conf->wpa)
+		accounting_sta_start(hapd, sta);
+
+	hostapd_wme_sta_config(hapd, sta);
+
+	/* Start IEEE 802.1X authentication process for new stations */
+	ieee802_1x_new_station(hapd, sta);
+	if (reassoc) {
+		if (sta->auth_alg != WLAN_AUTH_FT)
+			wpa_auth_sm_event(sta->wpa_sm, WPA_REAUTH);
+	} else
+		wpa_auth_sta_associated(hapd->wpa_auth, sta->wpa_sm);
+}
+
+
+#ifdef EAP_SERVER
+static int hostapd_sim_db_cb_sta(struct hostapd_data *hapd,
+				 struct sta_info *sta, void *ctx)
+{
+	if (eapol_auth_eap_pending_cb(sta->eapol_sm, ctx) == 0)
+		return 1;
+	return 0;
+}
+
+
+static void hostapd_sim_db_cb(void *ctx, void *session_ctx)
+{
+	struct hostapd_data *hapd = ctx;
+	if (ap_for_each_sta(hapd, hostapd_sim_db_cb_sta, session_ctx) == 0)
+		radius_server_eap_pending_cb(hapd->radius_srv, session_ctx);
+}
+#endif /* EAP_SERVER */
+
+
+static void handle_term(int sig, void *eloop_ctx, void *signal_ctx)
+{
+	printf("Signal %d received - terminating\n", sig);
+	eloop_terminate();
+}
+
+
+static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
+				  struct wpa_auth_config *wconf)
+{
+	wconf->wpa = conf->wpa;
+	wconf->wpa_key_mgmt = conf->wpa_key_mgmt;
+	wconf->wpa_pairwise = conf->wpa_pairwise;
+	wconf->wpa_group = conf->wpa_group;
+	wconf->wpa_group_rekey = conf->wpa_group_rekey;
+	wconf->wpa_strict_rekey = conf->wpa_strict_rekey;
+	wconf->wpa_gmk_rekey = conf->wpa_gmk_rekey;
+	wconf->rsn_pairwise = conf->rsn_pairwise;
+	wconf->rsn_preauth = conf->rsn_preauth;
+	wconf->eapol_version = conf->eapol_version;
+	wconf->peerkey = conf->peerkey;
+	wconf->wme_enabled = conf->wme_enabled;
+#ifdef CONFIG_IEEE80211W
+	wconf->ieee80211w = conf->ieee80211w;
+#endif /* CONFIG_IEEE80211W */
+#ifdef CONFIG_IEEE80211R
+	wconf->ssid_len = conf->ssid.ssid_len;
+	if (wconf->ssid_len > SSID_LEN)
+		wconf->ssid_len = SSID_LEN;
+	os_memcpy(wconf->ssid, conf->ssid.ssid, wconf->ssid_len);
+	os_memcpy(wconf->mobility_domain, conf->mobility_domain,
+		  MOBILITY_DOMAIN_ID_LEN);
+	if (conf->nas_identifier &&
+	    os_strlen(conf->nas_identifier) <= FT_R0KH_ID_MAX_LEN) {
+		wconf->r0_key_holder_len = os_strlen(conf->nas_identifier);
+		os_memcpy(wconf->r0_key_holder, conf->nas_identifier,
+			  wconf->r0_key_holder_len);
+	}
+	os_memcpy(wconf->r1_key_holder, conf->r1_key_holder, FT_R1KH_ID_LEN);
+	wconf->r0_key_lifetime = conf->r0_key_lifetime;
+	wconf->reassociation_deadline = conf->reassociation_deadline;
+	wconf->r0kh_list = conf->r0kh_list;
+	wconf->r1kh_list = conf->r1kh_list;
+	wconf->pmk_r1_push = conf->pmk_r1_push;
+#endif /* CONFIG_IEEE80211R */
+}
+
+
+#ifndef CONFIG_NATIVE_WINDOWS
+static void handle_reload(int sig, void *eloop_ctx, void *signal_ctx)
+{
+	struct hapd_interfaces *hapds = (struct hapd_interfaces *) eloop_ctx;
+	struct hostapd_config *newconf;
+	size_t i;
+	struct wpa_auth_config wpa_auth_conf;
+
+	printf("Signal %d received - reloading configuration\n", sig);
+
+	for (i = 0; i < hapds->count; i++) {
+		struct hostapd_data *hapd = hapds->iface[i]->bss[0];
+		newconf = hostapd_config_read(hapds->iface[i]->config_fname);
+		if (newconf == NULL) {
+			printf("Failed to read new configuration file - "
+			       "continuing with old.\n");
+			continue;
+		}
+		/* TODO: update dynamic data based on changed configuration
+		 * items (e.g., open/close sockets, remove stations added to
+		 * deny list, etc.) */
+		radius_client_flush(hapd->radius, 0);
+		hostapd_config_free(hapd->iconf);
+
+		hostapd_wpa_auth_conf(&newconf->bss[0], &wpa_auth_conf);
+		wpa_reconfig(hapd->wpa_auth, &wpa_auth_conf);
+
+		hapd->iconf = newconf;
+		hapd->conf = &newconf->bss[0];
+		hapds->iface[i]->conf = newconf;
+
+		if (hostapd_setup_wpa_psk(hapd->conf)) {
+			wpa_printf(MSG_ERROR, "Failed to re-configure WPA PSK "
+				   "after reloading configuration");
+		}
+	}
+}
+
+
+#ifdef HOSTAPD_DUMP_STATE
+static void hostapd_dump_state(struct hostapd_data *hapd)
+{
+	FILE *f;
+	time_t now;
+	struct sta_info *sta;
+	int i;
+	char *buf;
+
+	if (!hapd->conf->dump_log_name) {
+		printf("Dump file not defined - ignoring dump request\n");
+		return;
+	}
+
+	printf("Dumping hostapd state to '%s'\n", hapd->conf->dump_log_name);
+	f = fopen(hapd->conf->dump_log_name, "w");
+	if (f == NULL) {
+		printf("Could not open dump file '%s' for writing.\n",
+		       hapd->conf->dump_log_name);
+		return;
+	}
+
+	time(&now);
+	fprintf(f, "hostapd state dump - %s", ctime(&now));
+	fprintf(f, "num_sta=%d num_sta_non_erp=%d "
+		"num_sta_no_short_slot_time=%d\n"
+		"num_sta_no_short_preamble=%d\n",
+		hapd->num_sta, hapd->iface->num_sta_non_erp,
+		hapd->iface->num_sta_no_short_slot_time,
+		hapd->iface->num_sta_no_short_preamble);
+
+	for (sta = hapd->sta_list; sta != NULL; sta = sta->next) {
+		fprintf(f, "\nSTA=" MACSTR "\n", MAC2STR(sta->addr));
+
+		fprintf(f,
+			"  AID=%d flags=0x%x %s%s%s%s%s%s%s%s%s%s\n"
+			"  capability=0x%x listen_interval=%d\n",
+			sta->aid,
+			sta->flags,
+			(sta->flags & WLAN_STA_AUTH ? "[AUTH]" : ""),
+			(sta->flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""),
+			(sta->flags & WLAN_STA_PS ? "[PS]" : ""),
+			(sta->flags & WLAN_STA_TIM ? "[TIM]" : ""),
+			(sta->flags & WLAN_STA_PERM ? "[PERM]" : ""),
+			(sta->flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" :
+			 ""),
+			(sta->flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" :
+			 ""),
+			(sta->flags & WLAN_STA_SHORT_PREAMBLE ?
+			 "[SHORT_PREAMBLE]" : ""),
+			(sta->flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""),
+			(sta->flags & WLAN_STA_NONERP ? "[NonERP]" : ""),
+			sta->capability,
+			sta->listen_interval);
+
+		fprintf(f, "  supported_rates=");
+		for (i = 0; i < sta->supported_rates_len; i++)
+			fprintf(f, "%02x ", sta->supported_rates[i]);
+		fprintf(f, "\n");
+
+		fprintf(f,
+			"  timeout_next=%s\n",
+			(sta->timeout_next == STA_NULLFUNC ? "NULLFUNC POLL" :
+			 (sta->timeout_next == STA_DISASSOC ? "DISASSOC" :
+			  "DEAUTH")));
+
+		ieee802_1x_dump_state(f, "  ", sta);
+	}
+
+	buf = os_malloc(4096);
+	if (buf) {
+		int count = radius_client_get_mib(hapd->radius, buf, 4096);
+		if (count < 0)
+			count = 0;
+		else if (count > 4095)
+			count = 4095;
+		buf[count] = '\0';
+		fprintf(f, "%s", buf);
+
+		count = radius_server_get_mib(hapd->radius_srv, buf, 4096);
+		if (count < 0)
+			count = 0;
+		else if (count > 4095)
+			count = 4095;
+		buf[count] = '\0';
+		fprintf(f, "%s", buf);
+		os_free(buf);
+	}
+	fclose(f);
+}
+#endif /* HOSTAPD_DUMP_STATE */
+
+
+static void handle_dump_state(int sig, void *eloop_ctx, void *signal_ctx)
+{
+#ifdef HOSTAPD_DUMP_STATE
+	struct hapd_interfaces *hapds = (struct hapd_interfaces *) eloop_ctx;
+	size_t i, j;
+
+	for (i = 0; i < hapds->count; i++) {
+		struct hostapd_iface *hapd_iface = hapds->iface[i];
+		for (j = 0; j < hapd_iface->num_bss; j++)
+			hostapd_dump_state(hapd_iface->bss[j]);
+	}
+#endif /* HOSTAPD_DUMP_STATE */
+}
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+static void hostapd_broadcast_key_clear_iface(struct hostapd_data *hapd,
+					      char *ifname)
+{
+	int i;
+
+	for (i = 0; i < NUM_WEP_KEYS; i++) {
+		if (hostapd_set_encryption(ifname, hapd, "none", NULL, i, NULL,
+					   0, i == 0 ? 1 : 0)) {
+			printf("Failed to clear default encryption keys "
+			       "(ifname=%s keyidx=%d)\n", ifname, i);
+		}
+	}
+}
+
+
+static int hostapd_broadcast_wep_clear(struct hostapd_data *hapd)
+{
+	hostapd_broadcast_key_clear_iface(hapd, hapd->conf->iface);
+	return 0;
+}
+
+
+static int hostapd_broadcast_wep_set(struct hostapd_data *hapd)
+{
+	int errors = 0, idx;
+	struct hostapd_ssid *ssid = &hapd->conf->ssid;
+
+	idx = ssid->wep.idx;
+	if (ssid->wep.default_len &&
+	    hostapd_set_encryption(hapd->conf->iface,
+				   hapd, "WEP", NULL, idx,
+			 	   ssid->wep.key[idx],
+			 	   ssid->wep.len[idx],
+				   idx == ssid->wep.idx)) {
+		printf("Could not set WEP encryption.\n");
+		errors++;
+	}
+
+	if (ssid->dyn_vlan_keys) {
+		size_t i;
+		for (i = 0; i <= ssid->max_dyn_vlan_keys; i++) {
+			const char *ifname;
+			struct hostapd_wep_keys *key = ssid->dyn_vlan_keys[i];
+			if (key == NULL)
+				continue;
+			ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan,
+							    i);
+			if (ifname == NULL)
+				continue;
+
+			idx = key->idx;
+			if (hostapd_set_encryption(ifname, hapd, "WEP", NULL,
+						   idx, key->key[idx],
+						   key->len[idx],
+						   idx == key->idx)) {
+				printf("Could not set dynamic VLAN WEP "
+				       "encryption.\n");
+				errors++;
+			}
+		}
+	}
+
+	return errors;
+}
+
+/**
+ * hostapd_cleanup - Per-BSS cleanup (deinitialization)
+ * @hapd: Pointer to BSS data
+ *
+ * This function is used to free all per-BSS data structures and resources.
+ * This gets called in a loop for each BSS between calls to
+ * hostapd_cleanup_iface_pre() and hostapd_cleanup_iface() when an interface
+ * is deinitialized. Most of the modules that are initialized in
+ * hostapd_setup_bss() are deinitialized here.
+ */
+static void hostapd_cleanup(struct hostapd_data *hapd)
+{
+	hostapd_ctrl_iface_deinit(hapd);
+
+	os_free(hapd->default_wep_key);
+	hapd->default_wep_key = NULL;
+	iapp_deinit(hapd->iapp);
+	hapd->iapp = NULL;
+	accounting_deinit(hapd);
+	rsn_preauth_iface_deinit(hapd);
+	if (hapd->wpa_auth) {
+		wpa_deinit(hapd->wpa_auth);
+		hapd->wpa_auth = NULL;
+
+		if (hostapd_set_privacy(hapd, 0)) {
+			wpa_printf(MSG_DEBUG, "Could not disable "
+				   "PrivacyInvoked for interface %s",
+				   hapd->conf->iface);
+		}
+
+		if (hostapd_set_generic_elem(hapd, (u8 *) "", 0)) {
+			wpa_printf(MSG_DEBUG, "Could not remove generic "
+				   "information element from interface %s",
+				   hapd->conf->iface);
+		}
+	}
+	ieee802_1x_deinit(hapd);
+	vlan_deinit(hapd);
+	hostapd_acl_deinit(hapd);
+	radius_client_deinit(hapd->radius);
+	hapd->radius = NULL;
+	radius_server_deinit(hapd->radius_srv);
+	hapd->radius_srv = NULL;
+
+#ifdef CONFIG_IEEE80211R
+	l2_packet_deinit(hapd->l2);
+#endif /* CONFIG_IEEE80211R */
+
+	hostapd_wireless_event_deinit(hapd);
+
+#ifdef EAP_TLS_FUNCS
+	if (hapd->ssl_ctx) {
+		tls_deinit(hapd->ssl_ctx);
+		hapd->ssl_ctx = NULL;
+	}
+#endif /* EAP_TLS_FUNCS */
+
+#ifdef EAP_SERVER
+	if (hapd->eap_sim_db_priv) {
+		eap_sim_db_deinit(hapd->eap_sim_db_priv);
+		hapd->eap_sim_db_priv = NULL;
+	}
+#endif /* EAP_SERVER */
+
+	if (hapd->interface_added &&
+	    hostapd_bss_remove(hapd, hapd->conf->iface)) {
+		printf("Failed to remove BSS interface %s\n",
+		       hapd->conf->iface);
+	}
+}
+
+
+/**
+ * hostapd_cleanup_iface_pre - Preliminary per-interface cleanup
+ * @iface: Pointer to interface data
+ *
+ * This function is called before per-BSS data structures are deinitialized
+ * with hostapd_cleanup().
+ */
+static void hostapd_cleanup_iface_pre(struct hostapd_iface *iface)
+{
+}
+
+
+/**
+ * hostapd_cleanup_iface - Complete per-interface cleanup
+ * @iface: Pointer to interface data
+ *
+ * This function is called after per-BSS data structures are deinitialized
+ * with hostapd_cleanup().
+ */
+static void hostapd_cleanup_iface(struct hostapd_iface *iface)
+{
+	hostapd_free_hw_features(iface->hw_features, iface->num_hw_features);
+	iface->hw_features = NULL;
+	os_free(iface->current_rates);
+	iface->current_rates = NULL;
+	ap_list_deinit(iface);
+	hostapd_config_free(iface->conf);
+	iface->conf = NULL;
+
+	os_free(iface->config_fname);
+	os_free(iface->bss);
+	os_free(iface);
+}
+
+
+static int hostapd_setup_encryption(char *iface, struct hostapd_data *hapd)
+{
+	int i;
+
+	hostapd_broadcast_wep_set(hapd);
+
+	if (hapd->conf->ssid.wep.default_len)
+		return 0;
+
+	for (i = 0; i < 4; i++) {
+		if (hapd->conf->ssid.wep.key[i] &&
+		    hostapd_set_encryption(iface, hapd, "WEP", NULL,
+					   i, hapd->conf->ssid.wep.key[i],
+					   hapd->conf->ssid.wep.len[i],
+					   i == hapd->conf->ssid.wep.idx)) {
+			printf("Could not set WEP encryption.\n");
+			return -1;
+		}
+		if (hapd->conf->ssid.wep.key[i] &&
+		    i == hapd->conf->ssid.wep.idx)
+			hostapd_set_privacy(hapd, 1);
+	}
+
+	return 0;
+}
+
+
+static int hostapd_flush_old_stations(struct hostapd_data *hapd)
+{
+	int ret = 0;
+
+	wpa_printf(MSG_DEBUG, "Flushing old station entries");
+	if (hostapd_flush(hapd)) {
+		printf("Could not connect to kernel driver.\n");
+		ret = -1;
+	}
+	wpa_printf(MSG_DEBUG, "Deauthenticate all stations");
+	hostapd_deauth_all_stas(hapd);
+
+	return ret;
+}
+
+
+static void hostapd_wpa_auth_logger(void *ctx, const u8 *addr,
+				    logger_level level, const char *txt)
+{
+	struct hostapd_data *hapd = ctx;
+	int hlevel;
+
+	switch (level) {
+	case LOGGER_WARNING:
+		hlevel = HOSTAPD_LEVEL_WARNING;
+		break;
+	case LOGGER_INFO:
+		hlevel = HOSTAPD_LEVEL_INFO;
+		break;
+	case LOGGER_DEBUG:
+	default:
+		hlevel = HOSTAPD_LEVEL_DEBUG;
+		break;
+	}
+
+	hostapd_logger(hapd, addr, HOSTAPD_MODULE_WPA, hlevel, "%s", txt);
+}
+
+
+static void hostapd_wpa_auth_disconnect(void *ctx, const u8 *addr,
+					u16 reason)
+{
+	struct hostapd_data *hapd = ctx;
+	struct sta_info *sta;
+
+	wpa_printf(MSG_DEBUG, "%s: WPA authenticator requests disconnect: "
+		   "STA " MACSTR " reason %d",
+		   __func__, MAC2STR(addr), reason);
+
+	sta = ap_get_sta(hapd, addr);
+	hostapd_sta_deauth(hapd, addr, reason);
+	if (sta == NULL)
+		return;
+	sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_AUTHORIZED);
+	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
+	eloop_register_timeout(0, 0, ap_handle_timer, hapd, sta);
+	sta->timeout_next = STA_REMOVE;
+}
+
+
+static void hostapd_wpa_auth_mic_failure_report(void *ctx, const u8 *addr)
+{
+	struct hostapd_data *hapd = ctx;
+	ieee80211_michael_mic_failure(hapd, addr, 0);
+}
+
+
+static void hostapd_wpa_auth_set_eapol(void *ctx, const u8 *addr,
+				       wpa_eapol_variable var, int value)
+{
+	struct hostapd_data *hapd = ctx;
+	struct sta_info *sta = ap_get_sta(hapd, addr);
+	if (sta == NULL)
+		return;
+	switch (var) {
+	case WPA_EAPOL_portEnabled:
+		ieee802_1x_notify_port_enabled(sta->eapol_sm, value);
+		break;
+	case WPA_EAPOL_portValid:
+		ieee802_1x_notify_port_valid(sta->eapol_sm, value);
+		break;
+	case WPA_EAPOL_authorized:
+		ieee802_1x_set_sta_authorized(hapd, sta, value);
+		break;
+	case WPA_EAPOL_portControl_Auto:
+		if (sta->eapol_sm)
+			sta->eapol_sm->portControl = Auto;
+		break;
+	case WPA_EAPOL_keyRun:
+		if (sta->eapol_sm)
+			sta->eapol_sm->keyRun = value ? TRUE : FALSE;
+		break;
+	case WPA_EAPOL_keyAvailable:
+		if (sta->eapol_sm)
+			sta->eapol_sm->eap_if->eapKeyAvailable =
+				value ? TRUE : FALSE;
+		break;
+	case WPA_EAPOL_keyDone:
+		if (sta->eapol_sm)
+			sta->eapol_sm->keyDone = value ? TRUE : FALSE;
+		break;
+	case WPA_EAPOL_inc_EapolFramesTx:
+		if (sta->eapol_sm)
+			sta->eapol_sm->dot1xAuthEapolFramesTx++;
+		break;
+	}
+}
+
+
+static int hostapd_wpa_auth_get_eapol(void *ctx, const u8 *addr,
+				      wpa_eapol_variable var)
+{
+	struct hostapd_data *hapd = ctx;
+	struct sta_info *sta = ap_get_sta(hapd, addr);
+	if (sta == NULL || sta->eapol_sm == NULL)
+		return -1;
+	switch (var) {
+	case WPA_EAPOL_keyRun:
+		return sta->eapol_sm->keyRun;
+	case WPA_EAPOL_keyAvailable:
+		return sta->eapol_sm->eap_if->eapKeyAvailable;
+	default:
+		return -1;
+	}
+}
+
+
+static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
+					   const u8 *prev_psk)
+{
+	struct hostapd_data *hapd = ctx;
+	return hostapd_get_psk(hapd->conf, addr, prev_psk);
+}
+
+
+static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk,
+				    size_t *len)
+{
+	struct hostapd_data *hapd = ctx;
+	const u8 *key;
+	size_t keylen;
+	struct sta_info *sta;
+
+	sta = ap_get_sta(hapd, addr);
+	if (sta == NULL)
+		return -1;
+
+	key = ieee802_1x_get_key(sta->eapol_sm, &keylen);
+	if (key == NULL)
+		return -1;
+
+	if (keylen > *len)
+		keylen = *len;
+	os_memcpy(msk, key, keylen);
+	*len = keylen;
+
+	return 0;
+}
+
+
+static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, const char *alg,
+				    const u8 *addr, int idx, u8 *key,
+				    size_t key_len)
+{
+	struct hostapd_data *hapd = ctx;
+	const char *ifname = hapd->conf->iface;
+
+	if (vlan_id > 0) {
+		ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan, vlan_id);
+		if (ifname == NULL)
+			return -1;
+	}
+
+	return hostapd_set_encryption(ifname, hapd, alg, addr, idx,
+				      key, key_len, 1);
+}
+
+
+static int hostapd_wpa_auth_get_seqnum(void *ctx, const u8 *addr, int idx,
+				       u8 *seq)
+{
+	struct hostapd_data *hapd = ctx;
+	return hostapd_get_seqnum(hapd->conf->iface, hapd, addr, idx, seq);
+}
+
+
+static int hostapd_wpa_auth_get_seqnum_igtk(void *ctx, const u8 *addr, int idx,
+					    u8 *seq)
+{
+	struct hostapd_data *hapd = ctx;
+	return hostapd_get_seqnum_igtk(hapd->conf->iface, hapd, addr, idx,
+				       seq);
+}
+
+
+static int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr,
+				       const u8 *data, size_t data_len,
+				       int encrypt)
+{
+	struct hostapd_data *hapd = ctx;
+	return hostapd_send_eapol(hapd, addr, data, data_len, encrypt);
+}
+
+
+static int hostapd_wpa_auth_for_each_sta(
+	void *ctx, int (*cb)(struct wpa_state_machine *sm, void *ctx),
+	void *cb_ctx)
+{
+	struct hostapd_data *hapd = ctx;
+	struct sta_info *sta;
+
+	for (sta = hapd->sta_list; sta; sta = sta->next) {
+		if (sta->wpa_sm && cb(sta->wpa_sm, cb_ctx))
+			return 1;
+	}
+	return 0;
+}
+
+
+static int hostapd_wpa_auth_send_ether(void *ctx, const u8 *dst, u16 proto,
+				       const u8 *data, size_t data_len)
+{
+	struct hostapd_data *hapd = ctx;
+
+	if (hapd->driver && hapd->driver->send_ether)
+		return hapd->driver->send_ether(hapd->drv_priv, dst,
+						hapd->own_addr, proto,
+						data, data_len);
+	if (hapd->l2 == NULL)
+		return -1;
+	return l2_packet_send(hapd->l2, dst, proto, data, data_len);
+}
+
+
+#ifdef CONFIG_IEEE80211R
+
+static int hostapd_wpa_auth_send_ft_action(void *ctx, const u8 *dst,
+					   const u8 *data, size_t data_len)
+{
+	struct hostapd_data *hapd = ctx;
+	int res;
+	struct ieee80211_mgmt *m;
+	size_t mlen;
+	struct sta_info *sta;
+
+	sta = ap_get_sta(hapd, dst);
+	if (sta == NULL || sta->wpa_sm == NULL)
+		return -1;
+
+	m = os_zalloc(sizeof(*m) + data_len);
+	if (m == NULL)
+		return -1;
+	mlen = ((u8 *) &m->u - (u8 *) m) + data_len;
+	m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+					WLAN_FC_STYPE_ACTION);
+	os_memcpy(m->da, dst, ETH_ALEN);
+	os_memcpy(m->sa, hapd->own_addr, ETH_ALEN);
+	os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN);
+	os_memcpy(&m->u, data, data_len);
+
+	res = hostapd_send_mgmt_frame(hapd, (u8 *) m, mlen, 0);
+	os_free(m);
+	return res;
+}
+
+
+static struct wpa_state_machine *
+hostapd_wpa_auth_add_sta(void *ctx, const u8 *sta_addr)
+{
+	struct hostapd_data *hapd = ctx;
+	struct sta_info *sta;
+
+	sta = ap_sta_add(hapd, sta_addr);
+	if (sta == NULL)
+		return NULL;
+	if (sta->wpa_sm)
+		return sta->wpa_sm;
+
+	sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr);
+	if (sta->wpa_sm == NULL) {
+		ap_free_sta(hapd, sta);
+		return NULL;
+	}
+	sta->auth_alg = WLAN_AUTH_FT;
+
+	return sta->wpa_sm;
+}
+
+
+static void hostapd_rrb_receive(void *ctx, const u8 *src_addr, const u8 *buf,
+				size_t len)
+{
+	struct hostapd_data *hapd = ctx;
+	wpa_ft_rrb_rx(hapd->wpa_auth, src_addr, buf, len);
+}
+
+#endif /* CONFIG_IEEE80211R */
+
+
+/**
+ * hostapd_validate_bssid_configuration - Validate BSSID configuration
+ * @iface: Pointer to interface data
+ * Returns: 0 on success, -1 on failure
+ *
+ * This function is used to validate that the configured BSSIDs are valid.
+ */
+static int hostapd_validate_bssid_configuration(struct hostapd_iface *iface)
+{
+	u8 mask[ETH_ALEN] = { 0 };
+	struct hostapd_data *hapd = iface->bss[0];
+	unsigned int i = iface->conf->num_bss, bits = 0, j;
+	int res;
+
+	/* Generate BSSID mask that is large enough to cover the BSSIDs. */
+
+	/* Determine the bits necessary to cover the number of BSSIDs. */
+	for (i--; i; i >>= 1)
+		bits++;
+
+	/* Determine the bits necessary to any configured BSSIDs,
+	   if they are higher than the number of BSSIDs. */
+	for (j = 0; j < iface->conf->num_bss; j++) {
+		if (hostapd_mac_comp_empty(iface->conf->bss[j].bssid) == 0)
+			continue;
+
+		for (i = 0; i < ETH_ALEN; i++) {
+			mask[i] |=
+				iface->conf->bss[j].bssid[i] ^
+				hapd->own_addr[i];
+		}
+	}
+
+	for (i = 0; i < ETH_ALEN && mask[i] == 0; i++)
+		;
+	j = 0;
+	if (i < ETH_ALEN) {
+		j = (5 - i) * 8;
+
+		while (mask[i] != 0) {
+			mask[i] >>= 1;
+			j++;
+		}
+	}
+
+	if (bits < j)
+		bits = j;
+
+	if (bits > 40)
+		return -1;
+
+	os_memset(mask, 0xff, ETH_ALEN);
+	j = bits / 8;
+	for (i = 5; i > 5 - j; i--)
+		mask[i] = 0;
+	j = bits % 8;
+	while (j--)
+		mask[i] <<= 1;
+
+	wpa_printf(MSG_DEBUG, "BSS count %lu, BSSID mask " MACSTR " (%d bits)",
+		   (unsigned long) iface->conf->num_bss, MAC2STR(mask), bits);
+
+	res = hostapd_valid_bss_mask(hapd, hapd->own_addr, mask);
+	if (res == 0)
+		return 0;
+
+	if (res < 0) {
+		printf("Driver did not accept BSSID mask " MACSTR " for start "
+		       "address " MACSTR ".\n",
+		       MAC2STR(mask), MAC2STR(hapd->own_addr));
+		return -1;
+	}
+
+	for (i = 0; i < ETH_ALEN; i++) {
+		if ((hapd->own_addr[i] & mask[i]) != hapd->own_addr[i]) {
+			printf("Invalid BSSID mask " MACSTR " for start "
+			       "address " MACSTR ".\n"
+			       "Start address must be the first address in the"
+			       " block (i.e., addr AND mask == addr).\n",
+			       MAC2STR(mask), MAC2STR(hapd->own_addr));
+			return -1;
+		}
+	}
+
+	return 0;
+}
+
+
+static int mac_in_conf(struct hostapd_config *conf, const void *a)
+{
+	size_t i;
+
+	for (i = 0; i < conf->num_bss; i++) {
+		if (hostapd_mac_comp(conf->bss[i].bssid, a) == 0) {
+			return 1;
+		}
+	}
+
+	return 0;
+}
+
+
+static int hostapd_setup_wpa(struct hostapd_data *hapd)
+{
+	struct wpa_auth_config _conf;
+	struct wpa_auth_callbacks cb;
+	const u8 *wpa_ie;
+	size_t wpa_ie_len;
+
+	hostapd_wpa_auth_conf(hapd->conf, &_conf);
+	os_memset(&cb, 0, sizeof(cb));
+	cb.ctx = hapd;
+	cb.logger = hostapd_wpa_auth_logger;
+	cb.disconnect = hostapd_wpa_auth_disconnect;
+	cb.mic_failure_report = hostapd_wpa_auth_mic_failure_report;
+	cb.set_eapol = hostapd_wpa_auth_set_eapol;
+	cb.get_eapol = hostapd_wpa_auth_get_eapol;
+	cb.get_psk = hostapd_wpa_auth_get_psk;
+	cb.get_msk = hostapd_wpa_auth_get_msk;
+	cb.set_key = hostapd_wpa_auth_set_key;
+	cb.get_seqnum = hostapd_wpa_auth_get_seqnum;
+	cb.get_seqnum_igtk = hostapd_wpa_auth_get_seqnum_igtk;
+	cb.send_eapol = hostapd_wpa_auth_send_eapol;
+	cb.for_each_sta = hostapd_wpa_auth_for_each_sta;
+	cb.send_ether = hostapd_wpa_auth_send_ether;
+#ifdef CONFIG_IEEE80211R
+	cb.send_ft_action = hostapd_wpa_auth_send_ft_action;
+	cb.add_sta = hostapd_wpa_auth_add_sta;
+#endif /* CONFIG_IEEE80211R */
+	hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb);
+	if (hapd->wpa_auth == NULL) {
+		printf("WPA initialization failed.\n");
+		return -1;
+	}
+
+	if (hostapd_set_privacy(hapd, 1)) {
+		wpa_printf(MSG_ERROR, "Could not set PrivacyInvoked "
+			   "for interface %s", hapd->conf->iface);
+		return -1;
+	}
+
+	wpa_ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &wpa_ie_len);
+	if (hostapd_set_generic_elem(hapd, wpa_ie, wpa_ie_len)) {
+		wpa_printf(MSG_ERROR, "Failed to configure WPA IE for "
+			   "the kernel driver.");
+		return -1;
+	}
+
+	if (rsn_preauth_iface_init(hapd)) {
+		printf("Initialization of RSN pre-authentication "
+		       "failed.\n");
+		return -1;
+	}
+
+	return 0;
+
+}
+
+
+static int hostapd_setup_radius_srv(struct hostapd_data *hapd,
+				    struct hostapd_bss_config *conf)
+{
+	struct radius_server_conf srv;
+	os_memset(&srv, 0, sizeof(srv));
+	srv.client_file = conf->radius_server_clients;
+	srv.auth_port = conf->radius_server_auth_port;
+	srv.conf_ctx = conf;
+	srv.eap_sim_db_priv = hapd->eap_sim_db_priv;
+	srv.ssl_ctx = hapd->ssl_ctx;
+	srv.pac_opaque_encr_key = conf->pac_opaque_encr_key;
+	srv.eap_fast_a_id = conf->eap_fast_a_id;
+	srv.eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
+	srv.ipv6 = conf->radius_server_ipv6;
+	srv.get_eap_user = hostapd_radius_get_eap_user;
+
+	hapd->radius_srv = radius_server_init(&srv);
+	if (hapd->radius_srv == NULL) {
+		printf("RADIUS server initialization failed.\n");
+		return -1;
+	}
+
+	return 0;
+}
+
+
+/**
+ * hostapd_setup_bss - Per-BSS setup (initialization)
+ * @hapd: Pointer to BSS data
+ * @first: Whether this BSS is the first BSS of an interface
+ *
+ * This function is used to initialize all per-BSS data structures and
+ * resources. This gets called in a loop for each BSS when an interface is
+ * initialized. Most of the modules that are initialized here will be
+ * deinitialized in hostapd_cleanup().
+ */
+static int hostapd_setup_bss(struct hostapd_data *hapd, int first)
+{
+	struct hostapd_bss_config *conf = hapd->conf;
+	u8 ssid[HOSTAPD_MAX_SSID_LEN + 1];
+	int ssid_len, set_ssid;
+
+	if (!first) {
+		if (hostapd_mac_comp_empty(hapd->conf->bssid) == 0) {
+			/* Allocate the next available BSSID. */
+			do {
+				inc_byte_array(hapd->own_addr, ETH_ALEN);
+			} while (mac_in_conf(hapd->iconf, hapd->own_addr));
+		} else {
+			/* Allocate the configured BSSID. */
+			os_memcpy(hapd->own_addr, hapd->conf->bssid, ETH_ALEN);
+
+			if (hostapd_mac_comp(hapd->own_addr,
+					     hapd->iface->bss[0]->own_addr) ==
+			    0) {
+				printf("BSS '%s' may not have BSSID "
+				       "set to the MAC address of the radio\n",
+				       hapd->conf->iface);
+				return -1;
+			}
+		}
+
+		hapd->interface_added = 1;
+		if (hostapd_bss_add(hapd->iface->bss[0], hapd->conf->iface,
+				    hapd->own_addr)) {
+			printf("Failed to add BSS (BSSID=" MACSTR ")\n",
+			       MAC2STR(hapd->own_addr));
+			return -1;
+		}
+	}
+
+	/*
+	 * Fetch the SSID from the system and use it or,
+	 * if one was specified in the config file, verify they
+	 * match.
+	 */
+	ssid_len = hostapd_get_ssid(hapd, ssid, sizeof(ssid));
+	if (ssid_len < 0) {
+		printf("Could not read SSID from system\n");
+		return -1;
+	}
+	if (conf->ssid.ssid_set) {
+		/*
+		 * If SSID is specified in the config file and it differs
+		 * from what is being used then force installation of the
+		 * new SSID.
+		 */
+		set_ssid = (conf->ssid.ssid_len != (size_t) ssid_len ||
+			    os_memcmp(conf->ssid.ssid, ssid, ssid_len) != 0);
+	} else {
+		/*
+		 * No SSID in the config file; just use the one we got
+		 * from the system.
+		 */
+		set_ssid = 0;
+		conf->ssid.ssid_len = ssid_len;
+		os_memcpy(conf->ssid.ssid, ssid, conf->ssid.ssid_len);
+		conf->ssid.ssid[conf->ssid.ssid_len] = '\0';
+	}
+
+	printf("Using interface %s with hwaddr " MACSTR " and ssid '%s'\n",
+	       hapd->conf->iface, MAC2STR(hapd->own_addr),
+	       hapd->conf->ssid.ssid);
+
+	if (hostapd_setup_wpa_psk(conf)) {
+		printf("WPA-PSK setup failed.\n");
+		return -1;
+	}
+
+	/* Set flag for whether SSID is broadcast in beacons */
+	if (hostapd_set_broadcast_ssid(hapd,
+				       !!hapd->conf->ignore_broadcast_ssid)) {
+		printf("Could not set broadcast SSID flag for kernel "
+		       "driver\n");
+		return -1;
+	}
+
+	if (hostapd_set_dtim_period(hapd, hapd->conf->dtim_period)) {
+		printf("Could not set DTIM period for kernel driver\n");
+		return -1;
+	}
+
+	/* Set SSID for the kernel driver (to be used in beacon and probe
+	 * response frames) */
+	if (set_ssid && hostapd_set_ssid(hapd, (u8 *) conf->ssid.ssid,
+					 conf->ssid.ssid_len)) {
+		printf("Could not set SSID for kernel driver\n");
+		return -1;
+	}
+
+	if (wpa_debug_level == MSG_MSGDUMP)
+		conf->radius->msg_dumps = 1;
+	hapd->radius = radius_client_init(hapd, conf->radius);
+	if (hapd->radius == NULL) {
+		printf("RADIUS client initialization failed.\n");
+		return -1;
+	}
+
+	if (hostapd_acl_init(hapd)) {
+		printf("ACL initialization failed.\n");
+		return -1;
+	}
+
+	if (ieee802_1x_init(hapd)) {
+		printf("IEEE 802.1X initialization failed.\n");
+		return -1;
+	}
+
+	if (hapd->conf->wpa && hostapd_setup_wpa(hapd))
+		return -1;
+
+	if (accounting_init(hapd)) {
+		printf("Accounting initialization failed.\n");
+		return -1;
+	}
+
+	if (hapd->conf->ieee802_11f &&
+	    (hapd->iapp = iapp_init(hapd, hapd->conf->iapp_iface)) == NULL) {
+		printf("IEEE 802.11F (IAPP) initialization failed.\n");
+		return -1;
+	}
+
+	if (hostapd_ctrl_iface_init(hapd)) {
+		printf("Failed to setup control interface\n");
+		return -1;
+	}
+
+	if (vlan_init(hapd)) {
+		printf("VLAN initialization failed.\n");
+		return -1;
+	}
+
+#ifdef CONFIG_IEEE80211R
+	hapd->l2 = l2_packet_init(hapd->conf->iface, NULL, ETH_P_RRB,
+				  hostapd_rrb_receive, hapd, 0);
+	if (hapd->l2 == NULL &&
+	    (hapd->driver == NULL || hapd->driver->send_ether == NULL)) {
+		printf("Failed to open l2_packet interface\n");
+		return -1;
+	}
+#endif /* CONFIG_IEEE80211R */
+
+	ieee802_11_set_beacon(hapd);
+
+	if (conf->radius_server_clients &&
+	    hostapd_setup_radius_srv(hapd, conf))
+		return -1;
+
+	return 0;
+}
+
+
+/**
+ * setup_interface2 - Setup (initialize) an interface (part 2)
+ * @iface: Pointer to interface data.
+ * Returns: 0 on success; -1 on failure.
+ *
+ * Flushes old stations, sets the channel, DFS parameters, encryption,
+ * beacons, and WDS links based on the configuration.
+ */
+static int setup_interface2(struct hostapd_iface *iface)
+{
+	struct hostapd_data *hapd = iface->bss[0];
+	int freq;
+	size_t j;
+	int ret = 0;
+	u8 *prev_addr;
+
+	hostapd_flush_old_stations(hapd);
+	hostapd_set_privacy(hapd, 0);
+
+	if (hapd->iconf->channel) {
+		freq = hostapd_hw_get_freq(hapd, hapd->iconf->channel);
+		printf("Mode: %s  Channel: %d  Frequency: %d MHz\n",
+		       hostapd_hw_mode_txt(hapd->iconf->hw_mode),
+		       hapd->iconf->channel, freq);
+
+		if (hostapd_set_freq(hapd, hapd->iconf->hw_mode, freq)) {
+			printf("Could not set channel for kernel driver\n");
+			return -1;
+		}
+	}
+
+	hostapd_broadcast_wep_clear(hapd);
+	if (hostapd_setup_encryption(hapd->conf->iface, hapd))
+		return -1;
+
+	hostapd_set_beacon_int(hapd, hapd->iconf->beacon_int);
+	ieee802_11_set_beacon(hapd);
+
+	if (hapd->iconf->rts_threshold > -1 &&
+	    hostapd_set_rts(hapd, hapd->iconf->rts_threshold)) {
+		printf("Could not set RTS threshold for kernel driver\n");
+		return -1;
+	}
+
+	if (hapd->iconf->fragm_threshold > -1 &&
+	    hostapd_set_frag(hapd, hapd->iconf->fragm_threshold)) {
+		printf("Could not set fragmentation threshold for kernel "
+		       "driver\n");
+		return -1;
+	}
+
+	prev_addr = hapd->own_addr;
+
+	for (j = 0; j < iface->num_bss; j++) {
+		hapd = iface->bss[j];
+		if (j)
+			os_memcpy(hapd->own_addr, prev_addr, ETH_ALEN);
+		if (hostapd_setup_bss(hapd, j == 0))
+			return -1;
+		if (hostapd_mac_comp_empty(hapd->conf->bssid) == 0)
+			prev_addr = hapd->own_addr;
+	}
+
+	ap_list_init(iface);
+
+	if (hostapd_driver_commit(hapd) < 0) {
+		wpa_printf(MSG_ERROR, "%s: Failed to commit driver "
+			   "configuration", __func__);
+		return -1;
+	}
+
+	return ret;
+}
+
+
+static void setup_interface_start(void *eloop_data, void *user_ctx);
+static void setup_interface2_handler(void *eloop_data, void *user_ctx);
+
+/**
+ * setup_interface_finalize - Finish setup interface & call the callback
+ * @iface: Pointer to interface data.
+ * @status: Status of the setup interface (0 on success; -1 on failure).
+ * Returns: 0 on success; -1 on failure (e.g., was not in progress).
+ */
+static int setup_interface_finalize(struct hostapd_iface *iface, int status)
+{
+	hostapd_iface_cb cb;
+
+	if (!iface->setup_cb)
+		return -1;
+	
+	eloop_cancel_timeout(setup_interface_start, iface, NULL);
+	eloop_cancel_timeout(setup_interface2_handler, iface, NULL);
+	hostapd_select_hw_mode_stop(iface);
+
+	cb = iface->setup_cb;
+
+	iface->setup_cb = NULL;
+
+	cb(iface, status);
+
+	return 0;
+}
+
+
+/**
+ * setup_interface2_wrapper - Wrapper for setup_interface2()
+ * @iface: Pointer to interface data.
+ * @status: Status of the hw mode select.
+ *
+ * Wrapper for setup_interface2() to calls finalize function upon completion.
+ */
+static void setup_interface2_wrapper(struct hostapd_iface *iface, int status)
+{
+	int ret = status;
+	if (ret)
+		printf("Could not select hw_mode and channel. (%d)\n", ret);
+	else
+		ret = setup_interface2(iface);
+
+	setup_interface_finalize(iface, ret);
+}
+
+
+/**
+ * setup_interface2_handler - Used for immediate call of setup_interface2
+ * @eloop_data: Stores the struct hostapd_iface * for the interface.
+ * @user_ctx: Unused.
+ */
+static void setup_interface2_handler(void *eloop_data, void *user_ctx)
+{
+	struct hostapd_iface *iface = eloop_data;
+
+	setup_interface2_wrapper(iface, 0);
+}
+
+
+static int hostapd_radius_get_eap_user(void *ctx, const u8 *identity,
+				       size_t identity_len, int phase2,
+				       struct eap_user *user)
+{
+	const struct hostapd_eap_user *eap_user;
+	int i, count;
+
+	eap_user = hostapd_get_eap_user(ctx, identity, identity_len, phase2);
+	if (eap_user == NULL)
+		return -1;
+
+	if (user == NULL)
+		return 0;
+
+	os_memset(user, 0, sizeof(*user));
+	count = EAP_USER_MAX_METHODS;
+	if (count > EAP_MAX_METHODS)
+		count = EAP_MAX_METHODS;
+	for (i = 0; i < count; i++) {
+		user->methods[i].vendor = eap_user->methods[i].vendor;
+		user->methods[i].method = eap_user->methods[i].method;
+	}
+
+	if (eap_user->password) {
+		user->password = os_malloc(eap_user->password_len);
+		if (user->password == NULL)
+			return -1;
+		os_memcpy(user->password, eap_user->password,
+			  eap_user->password_len);
+		user->password_len = eap_user->password_len;
+		user->password_hash = eap_user->password_hash;
+	}
+	user->force_version = eap_user->force_version;
+	user->ttls_auth = eap_user->ttls_auth;
+
+	return 0;
+}
+
+
+/**
+ * setup_interface1 - Setup (initialize) an interface (part 1)
+ * @iface: Pointer to interface data
+ * Returns: 0 on success, -1 on failure
+ *
+ * Initializes the driver interface, validates the configuration,
+ * and sets driver parameters based on the configuration.
+ * Schedules setup_interface2() to be called immediately or after
+ * hardware mode setup takes place. 
+ */
+static int setup_interface1(struct hostapd_iface *iface)
+{
+	struct hostapd_data *hapd = iface->bss[0];
+	struct hostapd_bss_config *conf = hapd->conf;
+	size_t i;
+	char country[4];
+	u8 *b = conf->bssid;
+
+	/*
+	 * Initialize the driver interface and make sure that all BSSes get
+	 * configured with a pointer to this driver interface.
+	 */
+	if (b[0] | b[1] | b[2] | b[3] | b[4] | b[5]) {
+		hapd->drv_priv = hostapd_driver_init_bssid(hapd, b);
+	} else {
+		hapd->drv_priv = hostapd_driver_init(hapd);
+	}
+
+	if (hapd->drv_priv == NULL) {
+		printf("%s driver initialization failed.\n",
+			hapd->driver ? hapd->driver->name : "Unknown");
+		hapd->driver = NULL;
+		return -1;
+	}
+	for (i = 0; i < iface->num_bss; i++) {
+		iface->bss[i]->driver = hapd->driver;
+		iface->bss[i]->drv_priv = hapd->drv_priv;
+	}
+
+	if (hostapd_validate_bssid_configuration(iface))
+		return -1;
+
+	os_memcpy(country, hapd->iconf->country, 3);
+	country[3] = '\0';
+	if (hostapd_set_country(hapd, country) < 0) {
+		printf("Failed to set country code\n");
+		return -1;
+	}
+
+	if (hapd->iconf->ieee80211d || hapd->iconf->ieee80211h) {
+		if (hostapd_set_ieee80211d(hapd, 1) < 0) {
+			printf("Failed to set ieee80211d (%d)\n",
+			       hapd->iconf->ieee80211d);
+			return -1;
+		}
+	}
+
+	if (hapd->iconf->bridge_packets != INTERNAL_BRIDGE_DO_NOT_CONTROL &&
+	    hostapd_set_internal_bridge(hapd, hapd->iconf->bridge_packets)) {
+		printf("Failed to set bridge_packets for kernel driver\n");
+		return -1;
+	}
+
+	/* TODO: merge with hostapd_driver_init() ? */
+	if (hostapd_wireless_event_init(hapd) < 0)
+		return -1;
+
+	if (hostapd_get_hw_features(iface)) {
+		/* Not all drivers support this yet, so continue without hw
+		 * feature data. */
+	} else {
+		return hostapd_select_hw_mode_start(iface,
+						    setup_interface2_wrapper);
+	}
+
+	eloop_register_timeout(0, 0, setup_interface2_handler, iface, NULL);
+	return 0;
+}
+
+
+/**
+ * setup_interface_start - Handler to start setup interface
+ * @eloop_data: Stores the struct hostapd_iface * for the interface.
+ * @user_ctx: Unused.
+ *
+ * An eloop handler is used so that all errors can be processed by the
+ * callback without introducing stack recursion.
+ */
+static void setup_interface_start(void *eloop_data, void *user_ctx)
+{
+	struct hostapd_iface *iface = eloop_data;
+
+	int ret;
+
+	ret = setup_interface1(iface);
+	if (ret)
+		setup_interface_finalize(iface, ret);
+}
+
+
+/**
+ * hostapd_setup_interface_start - Start the setup of an interface
+ * @iface: Pointer to interface data.
+ * @cb: The function to callback when done.
+ * Returns:  0 if it starts successfully; cb will be called when done.
+ *          -1 on failure; cb will not be called.
+ *
+ * Initializes the driver interface, validates the configuration,
+ * and sets driver parameters based on the configuration.
+ * Flushes old stations, sets the channel, DFS parameters, encryption,
+ * beacons, and WDS links based on the configuration.
+ */
+int hostapd_setup_interface_start(struct hostapd_iface *iface,
+				  hostapd_iface_cb cb)
+{
+	if (iface->setup_cb) {
+		wpa_printf(MSG_DEBUG,
+			   "%s: Interface setup already in progress.\n",
+			   iface->bss[0]->conf->iface);
+		return -1;
+	}
+
+	iface->setup_cb = cb;
+
+	eloop_register_timeout(0, 0, setup_interface_start, iface, NULL);
+
+	return 0;
+}
+
+
+/**
+ * hostapd_setup_interace_stop - Stops the setup of an interface
+ * @iface: Pointer to interface data
+ * Returns:  0 if successfully stopped;
+ *          -1 on failure (i.e., was not in progress)
+ */
+int hostapd_setup_interface_stop(struct hostapd_iface *iface)
+{
+	return setup_interface_finalize(iface, -1);
+}
+
+
+static void show_version(void)
+{
+	fprintf(stderr,
+		"hostapd v" VERSION_STR "\n"
+		"User space daemon for IEEE 802.11 AP management,\n"
+		"IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n"
+		"Copyright (c) 2002-2008, Jouni Malinen <j@w1.fi> "
+		"and contributors\n");
+}
+
+
+static void usage(void)
+{
+	show_version();
+	fprintf(stderr,
+		"\n"
+		"usage: hostapd [-hdBKtv] [-P <PID file>] "
+		"<configuration file(s)>\n"
+		"\n"
+		"options:\n"
+		"   -h   show this usage\n"
+		"   -d   show more debug messages (-dd for even more)\n"
+		"   -B   run daemon in the background\n"
+		"   -P   PID file\n"
+		"   -K   include key data in debug messages\n"
+		"   -t   include timestamps in some debug messages\n"
+		"   -v   show hostapd version\n");
+
+	exit(1);
+}
+
+
+/**
+ * hostapd_alloc_bss_data - Allocate and initialize per-BSS data
+ * @hapd_iface: Pointer to interface data
+ * @conf: Pointer to per-interface configuration
+ * @bss: Pointer to per-BSS configuration for this BSS
+ * Returns: Pointer to allocated BSS data
+ *
+ * This function is used to allocate per-BSS data structure. This data will be
+ * freed after hostapd_cleanup() is called for it during interface
+ * deinitialization.
+ */
+static struct hostapd_data *
+hostapd_alloc_bss_data(struct hostapd_iface *hapd_iface,
+		       struct hostapd_config *conf,
+		       struct hostapd_bss_config *bss)
+{
+	struct hostapd_data *hapd;
+
+	hapd = os_zalloc(sizeof(*hapd));
+	if (hapd == NULL)
+		return NULL;
+
+	hapd->iconf = conf;
+	hapd->conf = bss;
+	hapd->iface = hapd_iface;
+
+	if (hapd->conf->individual_wep_key_len > 0) {
+		/* use key0 in individual key and key1 in broadcast key */
+		hapd->default_wep_key_idx = 1;
+	}
+
+#ifdef EAP_TLS_FUNCS
+	if (hapd->conf->eap_server &&
+	    (hapd->conf->ca_cert || hapd->conf->server_cert ||
+	     hapd->conf->dh_file)) {
+		struct tls_connection_params params;
+
+		hapd->ssl_ctx = tls_init(NULL);
+		if (hapd->ssl_ctx == NULL) {
+			printf("Failed to initialize TLS\n");
+			goto fail;
+		}
+
+		os_memset(&params, 0, sizeof(params));
+		params.ca_cert = hapd->conf->ca_cert;
+		params.client_cert = hapd->conf->server_cert;
+		params.private_key = hapd->conf->private_key;
+		params.private_key_passwd = hapd->conf->private_key_passwd;
+		params.dh_file = hapd->conf->dh_file;
+
+		if (tls_global_set_params(hapd->ssl_ctx, &params)) {
+			printf("Failed to set TLS parameters\n");
+			goto fail;
+		}
+
+		if (tls_global_set_verify(hapd->ssl_ctx,
+					  hapd->conf->check_crl)) {
+			printf("Failed to enable check_crl\n");
+			goto fail;
+		}
+	}
+#endif /* EAP_TLS_FUNCS */
+
+#ifdef EAP_SERVER
+	if (hapd->conf->eap_sim_db) {
+		hapd->eap_sim_db_priv =
+			eap_sim_db_init(hapd->conf->eap_sim_db,
+					hostapd_sim_db_cb, hapd);
+		if (hapd->eap_sim_db_priv == NULL) {
+			printf("Failed to initialize EAP-SIM database "
+			       "interface\n");
+			goto fail;
+		}
+	}
+#endif /* EAP_SERVER */
+
+	if (hapd->conf->assoc_ap)
+		hapd->assoc_ap_state = WAIT_BEACON;
+
+	hapd->driver = hapd->iconf->driver;
+
+	return hapd;
+
+#if defined(EAP_TLS_FUNCS) || defined(EAP_SERVER)
+fail:
+#endif
+	/* TODO: cleanup allocated resources(?) */
+	os_free(hapd);
+	return NULL;
+}
+
+
+/**
+ * hostapd_init - Allocate and initialize per-interface data
+ * @config_file: Path to the configuration file
+ * Returns: Pointer to the allocated interface data or %NULL on failure
+ *
+ * This function is used to allocate main data structures for per-interface
+ * data. The allocated data buffer will be freed by calling
+ * hostapd_cleanup_iface().
+ */
+static struct hostapd_iface * hostapd_init(const char *config_file)
+{
+	struct hostapd_iface *hapd_iface = NULL;
+	struct hostapd_config *conf = NULL;
+	struct hostapd_data *hapd;
+	size_t i;
+
+	hapd_iface = os_zalloc(sizeof(*hapd_iface));
+	if (hapd_iface == NULL)
+		goto fail;
+
+	hapd_iface->config_fname = os_strdup(config_file);
+	if (hapd_iface->config_fname == NULL)
+		goto fail;
+
+	conf = hostapd_config_read(hapd_iface->config_fname);
+	if (conf == NULL)
+		goto fail;
+	hapd_iface->conf = conf;
+
+	hapd_iface->num_bss = conf->num_bss;
+	hapd_iface->bss = os_zalloc(conf->num_bss *
+				    sizeof(struct hostapd_data *));
+	if (hapd_iface->bss == NULL)
+		goto fail;
+
+	for (i = 0; i < conf->num_bss; i++) {
+		hapd = hapd_iface->bss[i] =
+			hostapd_alloc_bss_data(hapd_iface, conf,
+					       &conf->bss[i]);
+		if (hapd == NULL)
+			goto fail;
+	}
+
+	return hapd_iface;
+
+fail:
+	if (conf)
+		hostapd_config_free(conf);
+	if (hapd_iface) {
+		for (i = 0; hapd_iface->bss && i < hapd_iface->num_bss; i++) {
+			hapd = hapd_iface->bss[i];
+			if (hapd && hapd->ssl_ctx)
+				tls_deinit(hapd->ssl_ctx);
+		}
+
+		os_free(hapd_iface->config_fname);
+		os_free(hapd_iface->bss);
+		os_free(hapd_iface);
+	}
+	return NULL;
+}
+
+
+/**
+ * register_drivers - Register driver interfaces
+ *
+ * This function is generated by Makefile (into driver_conf.c) to call all
+ * configured driver interfaces to register them to core hostapd.
+ */
+void register_drivers(void);
+
+
+/**
+ * setup_interface_done - Callback when an interface is done being setup.
+ * @iface: Pointer to interface data.
+ * @status: Status of the interface setup (0 on success; -1 on failure).
+ */
+static void setup_interface_done(struct hostapd_iface *iface, int status)
+{
+	if (status) {
+		wpa_printf(MSG_DEBUG, "%s: Unable to setup interface.",
+			   iface->bss[0]->conf->iface);
+		eloop_terminate();
+	} else
+		wpa_printf(MSG_DEBUG, "%s: Setup of interface done.",
+			   iface->bss[0]->conf->iface);
+}
+
+
+int main(int argc, char *argv[])
+{
+	struct hapd_interfaces interfaces;
+	int ret = 1, k;
+	size_t i, j;
+	int c, debug = 0, daemonize = 0;
+	const char *pid_file = NULL;
+
+	hostapd_logger_register_cb(hostapd_logger_cb);
+
+	for (;;) {
+		c = getopt(argc, argv, "BdhKP:tv");
+		if (c < 0)
+			break;
+		switch (c) {
+		case 'h':
+			usage();
+			break;
+		case 'd':
+			debug++;
+			if (wpa_debug_level > 0)
+				wpa_debug_level--;
+			break;
+		case 'B':
+			daemonize++;
+			break;
+		case 'K':
+			wpa_debug_show_keys++;
+			break;
+		case 'P':
+			pid_file = optarg;
+			break;
+		case 't':
+			wpa_debug_timestamp++;
+			break;
+		case 'v':
+			show_version();
+			exit(1);
+			break;
+
+		default:
+			usage();
+			break;
+		}
+	}
+
+	if (optind == argc)
+		usage();
+
+	if (eap_server_register_methods()) {
+		wpa_printf(MSG_ERROR, "Failed to register EAP methods");
+		return -1;
+	}
+
+	interfaces.count = argc - optind;
+
+	interfaces.iface = os_malloc(interfaces.count *
+				     sizeof(struct hostapd_iface *));
+	if (interfaces.iface == NULL) {
+		wpa_printf(MSG_ERROR, "malloc failed\n");
+		return -1;
+	}
+
+	if (eloop_init(&interfaces)) {
+		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
+		return -1;
+	}
+
+#ifndef CONFIG_NATIVE_WINDOWS
+	eloop_register_signal(SIGHUP, handle_reload, NULL);
+	eloop_register_signal(SIGUSR1, handle_dump_state, NULL);
+#endif /* CONFIG_NATIVE_WINDOWS */
+	eloop_register_signal_terminate(handle_term, NULL);
+
+	/* Initialize interfaces */
+	for (i = 0; i < interfaces.count; i++) {
+		printf("Configuration file: %s\n", argv[optind + i]);
+		interfaces.iface[i] = hostapd_init(argv[optind + i]);
+		if (!interfaces.iface[i])
+			goto out;
+		for (k = 0; k < debug; k++) {
+			if (interfaces.iface[i]->bss[0]->conf->
+			    logger_stdout_level > 0)
+				interfaces.iface[i]->bss[0]->conf->
+					logger_stdout_level--;
+		}
+
+		ret = hostapd_setup_interface_start(interfaces.iface[i],
+						    setup_interface_done);
+		if (ret)
+			goto out;
+	}
+
+	if (daemonize && os_daemonize(pid_file)) {
+		perror("daemon");
+		goto out;
+	}
+
+#ifndef CONFIG_NATIVE_WINDOWS
+	openlog("hostapd", 0, LOG_DAEMON);
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+	eloop_run();
+
+	/* Disconnect associated stations from all interfaces and BSSes */
+	for (i = 0; i < interfaces.count; i++) {
+		for (j = 0; j < interfaces.iface[i]->num_bss; j++) {
+			struct hostapd_data *hapd =
+				interfaces.iface[i]->bss[j];
+			hostapd_free_stas(hapd);
+			hostapd_flush_old_stations(hapd);
+		}
+	}
+
+	ret = 0;
+
+ out:
+	/* Deinitialize all interfaces */
+	for (i = 0; i < interfaces.count; i++) {
+		if (!interfaces.iface[i])
+			continue;
+		hostapd_setup_interface_stop(interfaces.iface[i]);
+		hostapd_cleanup_iface_pre(interfaces.iface[i]);
+		for (j = 0; j < interfaces.iface[i]->num_bss; j++) {
+			struct hostapd_data *hapd =
+				interfaces.iface[i]->bss[j];
+			hostapd_cleanup(hapd);
+			if (j == interfaces.iface[i]->num_bss - 1 &&
+			    hapd->driver)
+				hostapd_driver_deinit(hapd);
+		}
+		for (j = 0; j < interfaces.iface[i]->num_bss; j++)
+			os_free(interfaces.iface[i]->bss[j]);
+		hostapd_cleanup_iface(interfaces.iface[i]);
+	}
+	os_free(interfaces.iface);
+
+	eloop_destroy();
+
+#ifndef CONFIG_NATIVE_WINDOWS
+	closelog();
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+	eap_server_unregister_methods();
+
+	os_daemonize_terminate(pid_file);
+
+	return ret;
+}

hostapd/hostapd.conf

@@ -0,0 +1,792 @@
+##### hostapd configuration file ##############################################
+# Empty lines and lines starting with # are ignored
+
+# AP netdevice name (without 'ap' postfix, i.e., wlan0 uses wlan0ap for
+# management frames); ath0 for madwifi
+interface=wlan0
+
+# In case of madwifi driver, an additional configuration parameter, bridge,
+# must be used to notify hostapd if the interface is included in a bridge. This
+# parameter is not used with Host AP driver.
+#bridge=br0
+
+# Driver interface type (hostap/wired/madwifi/prism54/test/nl80211/bsd);
+# default: hostap)
+# Use driver=test if building hostapd as a standalone RADIUS server that does
+# not control any wireless/wired driver.
+# driver=hostap
+
+# hostapd event logger configuration
+#
+# Two output method: syslog and stdout (only usable if not forking to
+# background).
+#
+# Module bitfield (ORed bitfield of modules that will be logged; -1 = all
+# modules):
+# bit 0 (1) = IEEE 802.11
+# bit 1 (2) = IEEE 802.1X
+# bit 2 (4) = RADIUS
+# bit 3 (8) = WPA
+# bit 4 (16) = driver interface
+# bit 5 (32) = IAPP
+# bit 6 (64) = MLME
+#
+# Levels (minimum value for logged events):
+#  0 = verbose debugging
+#  1 = debugging
+#  2 = informational messages
+#  3 = notification
+#  4 = warning
+#
+logger_syslog=-1
+logger_syslog_level=2
+logger_stdout=-1
+logger_stdout_level=2
+
+# Dump file for state information (on SIGUSR1)
+dump_file=/tmp/hostapd.dump
+
+# Interface for separate control program. If this is specified, hostapd
+# will create this directory and a UNIX domain socket for listening to requests
+# from external programs (CLI/GUI, etc.) for status information and
+# configuration. The socket file will be named based on the interface name, so
+# multiple hostapd processes/interfaces can be run at the same time if more
+# than one interface is used.
+# /var/run/hostapd is the recommended directory for sockets and by default,
+# hostapd_cli will use it when trying to connect with hostapd.
+ctrl_interface=/var/run/hostapd
+
+# Access control for the control interface can be configured by setting the
+# directory to allow only members of a group to use sockets. This way, it is
+# possible to run hostapd as root (since it needs to change network
+# configuration and open raw sockets) and still allow GUI/CLI components to be
+# run as non-root users. However, since the control interface can be used to
+# change the network configuration, this access needs to be protected in many
+# cases. By default, hostapd is configured to use gid 0 (root). If you
+# want to allow non-root users to use the contron interface, add a new group
+# and change this value to match with that group. Add users that should have
+# control interface access to this group.
+#
+# This variable can be a group name or gid.
+#ctrl_interface_group=wheel
+ctrl_interface_group=0
+
+
+##### IEEE 802.11 related configuration #######################################
+
+# SSID to be used in IEEE 802.11 management frames
+ssid=test
+
+# Country code (ISO/IEC 3166-1).  Used to set regulatory domain.
+# Modify as needed to indicate country in which device is operating.
+# This can limit available channels and transmit power.
+# (default: US)
+#country_code=US
+
+# Enable IEEE 802.11d. This advertises the country_code and the set of allowed
+# channels and transmit power levels based on the regulatory limits. The
+# country_code setting must be configured with the correct country for
+# IEEE 802.11d functions.
+# (default: 0 = disabled)
+#ieee80211d=1
+
+# Enable IEEE 802.11h. This enables the TPC and DFS services when operating
+# in a regulatory domain which requires them.  Once enabled it will be 
+# operational only when working in hw_mode a and in countries where it is
+# required. The end user should not be allowed to disable this.
+# The country_code setting must be configured with the correct country for
+# IEEE 802.11h to function. 
+# When IEEE 802.11h is operational, the channel_policy and configured channel 
+# settings will be ignored but will behave as though the channel_policy is
+# set to "3" (automatic channel selection). When IEEE 802.11h is enabled but
+# not operational (for example, if the radio mode is changed from "a" to "b")
+# the channel_policy and channel settings take effect again. 
+# (default: 1 = enabled)
+#ieee80211h=1
+
+# Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g,
+# Default: IEEE 802.11b
+hw_mode=a
+
+# Channel number (IEEE 802.11)
+# (default: 0, i.e., not set, used with channel_policy=2)
+channel=60
+
+# Beacon interval in kus (1.024 ms) (default: 100; range 15..65535)
+beacon_int=100
+
+# DTIM (delivery trafic information message) period (range 1..255):
+# number of beacons between DTIMs (1 = every beacon includes DTIM element)
+# (default: 2)
+dtim_period=2
+
+# Maximum number of stations allowed in station table. New stations will be
+# rejected after the station table is full. IEEE 802.11 has a limit of 2007
+# different association IDs, so this number should not be larger than that.
+# (default: 2007)
+max_num_sta=255
+
+# RTS/CTS threshold; 2347 = disabled (default); range 0..2347
+# If this field is not included in hostapd.conf, hostapd will not control
+# RTS threshold and 'iwconfig wlan# rts <val>' can be used to set it.
+rts_threshold=2347
+
+# Fragmentation threshold; 2346 = disabled (default); range 256..2346
+# If this field is not included in hostapd.conf, hostapd will not control
+# fragmentation threshold and 'iwconfig wlan# frag <val>' can be used to set
+# it.
+fragm_threshold=2346
+
+# Rate configuration
+# Default is to enable all rates supported by the hardware. This configuration
+# item allows this list be filtered so that only the listed rates will be left
+# in the list. If the list is empty, all rates are used. This list can have
+# entries that are not in the list of rates the hardware supports (such entries
+# are ignored). The entries in this list are in 100 kbps, i.e., 11 Mbps = 110.
+# If this item is present, at least one rate have to be matching with the rates
+# hardware supports.
+# default: use the most common supported rate setting for the selected
+# hw_mode (i.e., this line can be removed from configuration file in most
+# cases)
+#supported_rates=10 20 55 110 60 90 120 180 240 360 480 540
+
+# Basic rate set configuration
+# List of rates (in 100 kbps) that are included in the basic rate set.
+# If this item is not included, usually reasonable default set is used.
+#basic_rates=10 20
+#basic_rates=10 20 55 110
+#basic_rates=60 120 240
+
+# Station MAC address -based authentication
+# Please note that this kind of access control requires a driver that uses
+# hostapd to take care of management frame processing and as such, this can be
+# used with driver=hostap or driver=nl80211, but not with driver=madwifi.
+# 0 = accept unless in deny list
+# 1 = deny unless in accept list
+# 2 = use external RADIUS server (accept/deny lists are searched first)
+macaddr_acl=0
+
+# Accept/deny lists are read from separate files (containing list of
+# MAC addresses, one per line). Use absolute path name to make sure that the
+# files can be read on SIGHUP configuration reloads.
+#accept_mac_file=/etc/hostapd.accept
+#deny_mac_file=/etc/hostapd.deny
+
+# IEEE 802.11 specifies two authentication algorithms. hostapd can be
+# configured to allow both of these or only one. Open system authentication
+# should be used with IEEE 802.1X.
+# Bit fields of allowed authentication algorithms:
+# bit 0 = Open System Authentication
+# bit 1 = Shared Key Authentication (requires WEP)
+auth_algs=3
+
+# Send empty SSID in beacons and ignore probe request frames that do not
+# specify full SSID, i.e., require stations to know SSID.
+# default: disabled (0)
+# 1 = send empty (length=0) SSID in beacon and ignore probe request for
+#     broadcast SSID
+# 2 = clear SSID (ASCII 0), but keep the original length (this may be required
+#     with some clients that do not support empty SSID) and ignore probe
+#     requests for broadcast SSID
+ignore_broadcast_ssid=0
+
+# TX queue parameters (EDCF / bursting)
+# default for all these fields: not set, use hardware defaults
+# tx_queue_<queue name>_<param>
+# queues: data0, data1, data2, data3, after_beacon, beacon
+#		(data0 is the highest priority queue)
+# parameters:
+#   aifs: AIFS (default 2)
+#   cwmin: cwMin (1, 3, 7, 15, 31, 63, 127, 255, 511, 1023)
+#   cwmax: cwMax (1, 3, 7, 15, 31, 63, 127, 255, 511, 1023); cwMax >= cwMin
+#   burst: maximum length (in milliseconds with precision of up to 0.1 ms) for
+#          bursting
+#
+# Default WMM parameters (IEEE 802.11 draft; 11-03-0504-03-000e):
+# These parameters are used by the access point when transmitting frames
+# to the clients.
+#
+# Low priority / AC_BK = background
+#tx_queue_data3_aifs=7
+#tx_queue_data3_cwmin=15
+#tx_queue_data3_cwmax=1023
+#tx_queue_data3_burst=0
+# Note: for IEEE 802.11b mode: cWmin=31 cWmax=1023 burst=0
+#
+# Normal priority / AC_BE = best effort
+#tx_queue_data2_aifs=3
+#tx_queue_data2_cwmin=15
+#tx_queue_data2_cwmax=63
+#tx_queue_data2_burst=0
+# Note: for IEEE 802.11b mode: cWmin=31 cWmax=127 burst=0
+#
+# High priority / AC_VI = video
+#tx_queue_data1_aifs=1
+#tx_queue_data1_cwmin=7
+#tx_queue_data1_cwmax=15
+#tx_queue_data1_burst=3.0
+# Note: for IEEE 802.11b mode: cWmin=15 cWmax=31 burst=6.0
+#
+# Highest priority / AC_VO = voice
+#tx_queue_data0_aifs=1
+#tx_queue_data0_cwmin=3
+#tx_queue_data0_cwmax=7
+#tx_queue_data0_burst=1.5
+# Note: for IEEE 802.11b mode: cWmin=7 cWmax=15 burst=3.3
+#
+# Special queues; normally not user configurable
+#
+#tx_queue_after_beacon_aifs=2
+#tx_queue_after_beacon_cwmin=15
+#tx_queue_after_beacon_cwmax=1023
+#tx_queue_after_beacon_burst=0
+#
+#tx_queue_beacon_aifs=2
+#tx_queue_beacon_cwmin=3
+#tx_queue_beacon_cwmax=7
+#tx_queue_beacon_burst=1.5
+
+# 802.1D Tag to AC mappings
+# WMM specifies following mapping of data frames to different ACs. This mapping
+# can be configured using Linux QoS/tc and sch_pktpri.o module.
+# 802.1D Tag	802.1D Designation	Access Category	WMM Designation
+# 1		BK			AC_BK		Background
+# 2		-			AC_BK		Background
+# 0		BE			AC_BE		Best Effort
+# 3		EE			AC_VI		Video
+# 4		CL			AC_VI		Video
+# 5		VI			AC_VI		Video
+# 6		VO			AC_VO		Voice
+# 7		NC			AC_VO		Voice
+# Data frames with no priority information: AC_BE
+# Management frames: AC_VO
+# PS-Poll frames: AC_BE
+
+# Default WMM parameters (IEEE 802.11 draft; 11-03-0504-03-000e):
+# for 802.11a or 802.11g networks
+# These parameters are sent to WMM clients when they associate.
+# The parameters will be used by WMM clients for frames transmitted to the
+# access point.
+#
+# note - txop_limit is in units of 32microseconds
+# note - acm is admission control mandatory flag. 0 = admission control not
+# required, 1 = mandatory
+# note - here cwMin and cmMax are in exponent form. the actual cw value used
+# will be (2^n)-1 where n is the value given here
+#
+wme_enabled=1
+#
+# Low priority / AC_BK = background
+wme_ac_bk_cwmin=4
+wme_ac_bk_cwmax=10
+wme_ac_bk_aifs=7
+wme_ac_bk_txop_limit=0
+wme_ac_bk_acm=0
+# Note: for IEEE 802.11b mode: cWmin=5 cWmax=10
+#
+# Normal priority / AC_BE = best effort
+wme_ac_be_aifs=3
+wme_ac_be_cwmin=4
+wme_ac_be_cwmax=10
+wme_ac_be_txop_limit=0
+wme_ac_be_acm=0
+# Note: for IEEE 802.11b mode: cWmin=5 cWmax=7
+#
+# High priority / AC_VI = video
+wme_ac_vi_aifs=2
+wme_ac_vi_cwmin=3
+wme_ac_vi_cwmax=4
+wme_ac_vi_txop_limit=94
+wme_ac_vi_acm=0
+# Note: for IEEE 802.11b mode: cWmin=4 cWmax=5 txop_limit=188
+#
+# Highest priority / AC_VO = voice
+wme_ac_vo_aifs=2
+wme_ac_vo_cwmin=2
+wme_ac_vo_cwmax=3
+wme_ac_vo_txop_limit=47
+wme_ac_vo_acm=0
+# Note: for IEEE 802.11b mode: cWmin=3 cWmax=4 burst=102
+
+# Associate as a station to another AP while still acting as an AP on the same
+# channel.
+#assoc_ap_addr=00:12:34:56:78:9a
+
+# Static WEP key configuration
+#
+# The key number to use when transmitting.
+# It must be between 0 and 3, and the corresponding key must be set.
+# default: not set
+#wep_default_key=0
+# The WEP keys to use.
+# A key may be a quoted string or unquoted hexadecimal digits.
+# The key length should be 5, 13, or 16 characters, or 10, 26, or 32
+# digits, depending on whether 40-bit (64-bit), 104-bit (128-bit), or
+# 128-bit (152-bit) WEP is used.
+# Only the default key must be supplied; the others are optional.
+# default: not set
+#wep_key0=123456789a
+#wep_key1="vwxyz"
+#wep_key2=0102030405060708090a0b0c0d
+#wep_key3=".2.4.6.8.0.23"
+
+# Station inactivity limit
+#
+# If a station does not send anything in ap_max_inactivity seconds, an
+# empty data frame is sent to it in order to verify whether it is
+# still in range. If this frame is not ACKed, the station will be
+# disassociated and then deauthenticated. This feature is used to
+# clear station table of old entries when the STAs move out of the
+# range.
+#
+# The station can associate again with the AP if it is still in range;
+# this inactivity poll is just used as a nicer way of verifying
+# inactivity; i.e., client will not report broken connection because
+# disassociation frame is not sent immediately without first polling
+# the STA with a data frame.
+# default: 300 (i.e., 5 minutes)
+#ap_max_inactivity=300
+
+# Enable/disable internal bridge for packets between associated stations.
+#
+# When IEEE 802.11 is used in managed mode, packets are usually send through
+# the AP even if they are from a wireless station to another wireless station.
+# This functionality requires that the AP has a bridge functionality that sends
+# frames back to the same interface if their destination is another associated
+# station. In addition, broadcast/multicast frames from wireless stations will
+# be sent both to the host system net stack (e.g., to eventually wired network)
+# and back to the wireless interface.
+#
+# The internal bridge is implemented within the wireless kernel module and it
+# bypasses kernel filtering (netfilter/iptables/ebtables). If direct
+# communication between the stations needs to be prevented, the internal
+# bridge can be disabled by setting bridge_packets=0.
+#
+# Note: If this variable is not included in hostapd.conf, hostapd does not
+# change the configuration and iwpriv can be used to set the value with
+# 'iwpriv wlan# param 10 0' command. If the variable is in hostapd.conf,
+# hostapd will override possible iwpriv configuration whenever configuration
+# file is reloaded.
+#
+# default: do not control from hostapd (80211.o defaults to 1=enabled)
+#bridge_packets=1
+
+
+##### IEEE 802.1X-2004 related configuration ##################################
+
+# Require IEEE 802.1X authorization
+#ieee8021x=1
+
+# IEEE 802.1X/EAPOL version
+# hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL
+# version 2. However, there are many client implementations that do not handle
+# the new version number correctly (they seem to drop the frames completely).
+# In order to make hostapd interoperate with these clients, the version number
+# can be set to the older version (1) with this configuration value.
+#eapol_version=2
+
+# Optional displayable message sent with EAP Request-Identity. The first \0
+# in this string will be converted to ASCII-0 (nul). This can be used to
+# separate network info (comma separated list of attribute=value pairs); see,
+# e.g., RFC 4284.
+#eap_message=hello
+#eap_message=hello\0networkid=netw,nasid=foo,portid=0,NAIRealms=example.com
+
+# WEP rekeying (disabled if key lengths are not set or are set to 0)
+# Key lengths for default/broadcast and individual/unicast keys:
+# 5 = 40-bit WEP (also known as 64-bit WEP with 40 secret bits)
+# 13 = 104-bit WEP (also known as 128-bit WEP with 104 secret bits)
+#wep_key_len_broadcast=5
+#wep_key_len_unicast=5
+# Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
+#wep_rekey_period=300
+
+# EAPOL-Key index workaround (set bit7) for WinXP Supplicant (needed only if
+# only broadcast keys are used)
+eapol_key_index_workaround=0
+
+# EAP reauthentication period in seconds (default: 3600 seconds; 0 = disable
+# reauthentication).
+#eap_reauth_period=3600
+
+# Use PAE group address (01:80:c2:00:00:03) instead of individual target
+# address when sending EAPOL frames with driver=wired. This is the most common
+# mechanism used in wired authentication, but it also requires that the port
+# is only used by one station.
+#use_pae_group_addr=1
+
+##### Integrated EAP server ###################################################
+
+# Optionally, hostapd can be configured to use an integrated EAP server
+# to process EAP authentication locally without need for an external RADIUS
+# server. This functionality can be used both as a local authentication server
+# for IEEE 802.1X/EAPOL and as a RADIUS server for other devices.
+
+# Use integrated EAP server instead of external RADIUS authentication
+# server. This is also needed if hostapd is configured to act as a RADIUS
+# authentication server.
+eap_server=0
+
+# Path for EAP server user database
+#eap_user_file=/etc/hostapd.eap_user
+
+# CA certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
+#ca_cert=/etc/hostapd.ca.pem
+
+# Server certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
+#server_cert=/etc/hostapd.server.pem
+
+# Private key matching with the server certificate for EAP-TLS/PEAP/TTLS
+# This may point to the same file as server_cert if both certificate and key
+# are included in a single file. PKCS#12 (PFX) file (.p12/.pfx) can also be
+# used by commenting out server_cert and specifying the PFX file as the
+# private_key.
+#private_key=/etc/hostapd.server.prv
+
+# Passphrase for private key
+#private_key_passwd=secret passphrase
+
+# Enable CRL verification.
+# Note: hostapd does not yet support CRL downloading based on CDP. Thus, a
+# valid CRL signed by the CA is required to be included in the ca_cert file.
+# This can be done by using PEM format for CA certificate and CRL and
+# concatenating these into one file. Whenever CRL changes, hostapd needs to be
+# restarted to take the new CRL into use.
+# 0 = do not verify CRLs (default)
+# 1 = check the CRL of the user certificate
+# 2 = check all CRLs in the certificate path
+#check_crl=1
+
+# dh_file: File path to DH/DSA parameters file (in PEM format)
+# This is an optional configuration file for setting parameters for an
+# ephemeral DH key exchange. In most cases, the default RSA authentication does
+# not use this configuration. However, it is possible setup RSA to use
+# ephemeral DH key exchange. In addition, ciphers with DSA keys always use
+# ephemeral DH keys. This can be used to achieve forward secrecy. If the file
+# is in DSA parameters format, it will be automatically converted into DH
+# params. This parameter is required if anonymous EAP-FAST is used.
+#dh_file=/etc/hostapd.dh.pem
+
+# Configuration data for EAP-SIM database/authentication gateway interface.
+# This is a text string in implementation specific format. The example
+# implementation in eap_sim_db.c uses this as the UNIX domain socket name for
+# the HLR/AuC gateway (e.g., hlr_auc_gw). In this case, the path uses "unix:"
+# prefix.
+#eap_sim_db=unix:/tmp/hlr_auc_gw.sock
+
+# Encryption key for EAP-FAST PAC-Opaque values. This key must be a secret,
+# random value. It is configured as a 16-octet value in hex format. It can be
+# generated, e.g., with the following command:
+# od -tx1 -v -N16 /dev/random | colrm 1 8 | tr -d ' '
+#pac_opaque_encr_key=000102030405060708090a0b0c0d0e0f
+
+# EAP-FAST authority identity (A-ID)
+#eap_fast_a_id=test server
+
+# EAP-SIM and EAP-AKA protected success/failure indication using AT_RESULT_IND
+# (default: 0 = disabled).
+#eap_sim_aka_result_ind=1
+
+
+##### IEEE 802.11f - Inter-Access Point Protocol (IAPP) #######################
+
+# Interface to be used for IAPP broadcast packets
+#iapp_interface=eth0
+
+
+##### RADIUS client configuration #############################################
+# for IEEE 802.1X with external Authentication Server, IEEE 802.11
+# authentication with external ACL for MAC addresses, and accounting
+
+# The own IP address of the access point (used as NAS-IP-Address)
+own_ip_addr=127.0.0.1
+
+# Optional NAS-Identifier string for RADIUS messages. When used, this should be
+# a unique to the NAS within the scope of the RADIUS server. For example, a
+# fully qualified domain name can be used here.
+# When using IEEE 802.11r, nas_identifier must be set and must be between 1 and
+# 48 octets long.
+#nas_identifier=ap.example.com
+
+# RADIUS authentication server
+#auth_server_addr=127.0.0.1
+#auth_server_port=1812
+#auth_server_shared_secret=secret
+
+# RADIUS accounting server
+#acct_server_addr=127.0.0.1
+#acct_server_port=1813
+#acct_server_shared_secret=secret
+
+# Secondary RADIUS servers; to be used if primary one does not reply to
+# RADIUS packets. These are optional and there can be more than one secondary
+# server listed.
+#auth_server_addr=127.0.0.2
+#auth_server_port=1812
+#auth_server_shared_secret=secret2
+#
+#acct_server_addr=127.0.0.2
+#acct_server_port=1813
+#acct_server_shared_secret=secret2
+
+# Retry interval for trying to return to the primary RADIUS server (in
+# seconds). RADIUS client code will automatically try to use the next server
+# when the current server is not replying to requests. If this interval is set,
+# primary server will be retried after configured amount of time even if the
+# currently used secondary server is still working.
+#radius_retry_primary_interval=600
+
+
+# Interim accounting update interval
+# If this is set (larger than 0) and acct_server is configured, hostapd will
+# send interim accounting updates every N seconds. Note: if set, this overrides
+# possible Acct-Interim-Interval attribute in Access-Accept message. Thus, this
+# value should not be configured in hostapd.conf, if RADIUS server is used to
+# control the interim interval.
+# This value should not be less 600 (10 minutes) and must not be less than
+# 60 (1 minute).
+#radius_acct_interim_interval=600
+
+# Dynamic VLAN mode; allow RADIUS authentication server to decide which VLAN
+# is used for the stations. This information is parsed from following RADIUS
+# attributes based on RFC 3580 and RFC 2868: Tunnel-Type (value 13 = VLAN),
+# Tunnel-Medium-Type (value 6 = IEEE 802), Tunnel-Private-Group-ID (value
+# VLANID as a string). vlan_file option below must be configured if dynamic
+# VLANs are used.
+# 0 = disabled (default)
+# 1 = option; use default interface if RADIUS server does not include VLAN ID
+# 2 = required; reject authentication if RADIUS server does not include VLAN ID
+#dynamic_vlan=0
+
+# VLAN interface list for dynamic VLAN mode is read from a separate text file.
+# This list is used to map VLAN ID from the RADIUS server to a network
+# interface. Each station is bound to one interface in the same way as with
+# multiple BSSIDs or SSIDs. Each line in this text file is defining a new
+# interface and the line must include VLAN ID and interface name separated by
+# white space (space or tab).
+#vlan_file=/etc/hostapd.vlan
+
+# Interface where 802.1q tagged packets should appear when a RADIUS server is
+# used to determine which VLAN a station is on.  hostapd creates a bridge for
+# each VLAN.  Then hostapd adds a VLAN interface (associated with the interface
+# indicated by 'vlan_tagged_interface') and the appropriate wireless interface
+# to the bridge.
+#vlan_tagged_interface=eth0
+
+
+##### RADIUS authentication server configuration ##############################
+
+# hostapd can be used as a RADIUS authentication server for other hosts. This
+# requires that the integrated EAP server is also enabled and both
+# authentication services are sharing the same configuration.
+
+# File name of the RADIUS clients configuration for the RADIUS server. If this
+# commented out, RADIUS server is disabled.
+#radius_server_clients=/etc/hostapd.radius_clients
+
+# The UDP port number for the RADIUS authentication server
+#radius_server_auth_port=1812
+
+# Use IPv6 with RADIUS server (IPv4 will also be supported using IPv6 API)
+#radius_server_ipv6=1
+
+
+##### WPA/IEEE 802.11i configuration ##########################################
+
+# Enable WPA. Setting this variable configures the AP to require WPA (either
+# WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either
+# wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK.
+# For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys),
+# RADIUS authentication server must be configured, and WPA-EAP must be included
+# in wpa_key_mgmt.
+# This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
+# and/or WPA2 (full IEEE 802.11i/RSN):
+# bit0 = WPA
+# bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
+#wpa=1
+
+# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit
+# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase
+# (8..63 characters) that will be converted to PSK. This conversion uses SSID
+# so the PSK changes when ASCII passphrase is used and the SSID is changed.
+# wpa_psk (dot11RSNAConfigPSKValue)
+# wpa_passphrase (dot11RSNAConfigPSKPassPhrase)
+#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
+#wpa_passphrase=secret passphrase
+
+# Optionally, WPA PSKs can be read from a separate text file (containing list
+# of (PSK,MAC address) pairs. This allows more than one PSK to be configured.
+# Use absolute path name to make sure that the files can be read on SIGHUP
+# configuration reloads.
+#wpa_psk_file=/etc/hostapd.wpa_psk
+
+# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The
+# entries are separated with a space.
+# (dot11RSNAConfigAuthenticationSuitesTable)
+#wpa_key_mgmt=WPA-PSK WPA-EAP
+
+# Set of accepted cipher suites (encryption algorithms) for pairwise keys
+# (unicast packets). This is a space separated list of algorithms:
+# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
+# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
+# Group cipher suite (encryption algorithm for broadcast and multicast frames)
+# is automatically selected based on this configuration. If only CCMP is
+# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
+# TKIP will be used as the group cipher.
+# (dot11RSNAConfigPairwiseCiphersTable)
+# Pairwise cipher for WPA (v1) (default: TKIP)
+#wpa_pairwise=TKIP CCMP
+# Pairwise cipher for RSN/WPA2 (default: use wpa_pairwise value)
+#rsn_pairwise=CCMP
+
+# Time interval for rekeying GTK (broadcast/multicast encryption keys) in
+# seconds. (dot11RSNAConfigGroupRekeyTime)
+#wpa_group_rekey=600
+
+# Rekey GTK when any STA that possesses the current GTK is leaving the BSS.
+# (dot11RSNAConfigGroupRekeyStrict)
+#wpa_strict_rekey=1
+
+# Time interval for rekeying GMK (master key used internally to generate GTKs
+# (in seconds).
+#wpa_gmk_rekey=86400
+
+# Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up
+# roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN
+# authentication and key handshake before actually associating with a new AP.
+# (dot11RSNAPreauthenticationEnabled)
+#rsn_preauth=1
+#
+# Space separated list of interfaces from which pre-authentication frames are
+# accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This list should include all
+# interface that are used for connections to other APs. This could include
+# wired interfaces and WDS links. The normal wireless data interface towards
+# associated stations (e.g., wlan0) should not be added, since
+# pre-authentication is only used with APs other than the currently associated
+# one.
+#rsn_preauth_interfaces=eth0
+
+# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e) is
+# allowed. This is only used with RSN/WPA2.
+# 0 = disabled (default)
+# 1 = enabled
+#peerkey=1
+
+# ieee80211w: Whether management frame protection is enabled
+# 0 = disabled (default)
+# 1 = optional
+# 2 = required
+#ieee80211w=0
+
+
+##### IEEE 802.11r configuration ##############################################
+
+# Mobility Domain identifier (dot11FTMobilityDomainID, MDID)
+# MDID is used to indicate a group of APs (within an ESS, i.e., sharing the
+# same SSID) between which a STA can use Fast BSS Transition.
+# 2-octet identifier as a hex string.
+#mobility_domain=a1b2
+
+# PMK-R0 Key Holder identifier (dot11FTR0KeyHolderID)
+# 1 to 48 octet identifier.
+# This is configured with nas_identifier (see RADIUS client section above).
+
+# Default lifetime of the PMK-RO in minutes; range 1..65535
+# (dot11FTR0KeyLifetime)
+#r0_key_lifetime=10000
+
+# PMK-R1 Key Holder identifier (dot11FTR1KeyHolderID)
+# 6-octet identifier as a hex string.
+#r1_key_holder=000102030405
+
+# Reassociation deadline in time units (TUs / 1.024 ms; range 1000..65535)
+# (dot11FTReassociationDeadline)
+#reassociation_deadline=1000
+
+# List of R0KHs in the same Mobility Domain
+# format: <MAC address> <NAS Identifier> <128-bit key as hex string>
+# This list is used to map R0KH-ID (NAS Identifier) to a destination MAC
+# address when requesting PMK-R1 key from the R0KH that the STA used during the
+# Initial Mobility Domain Association.
+#r0kh=02:01:02:03:04:05 r0kh-1.example.com 000102030405060708090a0b0c0d0e0f
+#r0kh=02:01:02:03:04:06 r0kh-2.example.com 00112233445566778899aabbccddeeff
+# And so on.. One line per R0KH.
+
+# List of R1KHs in the same Mobility Domain
+# format: <MAC address> <R0KH-ID> <128-bit key as hex string>
+# This list is used to map R1KH-ID to a destination MAC address when sending
+# PMK-R1 key from the R0KH. This is also the list of authorized R1KHs in the MD
+# that can request PMK-R1 keys.
+#r1kh=02:01:02:03:04:05 02:11:22:33:44:55 000102030405060708090a0b0c0d0e0f
+#r1kh=02:01:02:03:04:06 02:11:22:33:44:66 00112233445566778899aabbccddeeff
+# And so on.. One line per R1KH.
+
+# Whether PMK-R1 push is enabled at R0KH
+# 0 = do not push PMK-R1 to all configured R1KHs (default)
+# 1 = push PMK-R1 to all configured R1KHs whenever a new PMK-R0 is derived
+#pmk_r1_push=1
+
+##### Passive scanning ########################################################
+# Scan different channels every N seconds. 0 = disable passive scanning.
+#passive_scan_interval=60
+
+# Listen N usecs on each channel when doing passive scanning.
+# This value plus the time needed for changing channels should be less than
+# 32 milliseconds (i.e. 32000 usec) to avoid interruptions to normal
+# operations. Time needed for channel changing varies based on the used wlan
+# hardware.
+# default: disabled (0)
+#passive_scan_listen=10000
+
+# Passive scanning mode:
+# 0 = scan all supported modes (802.11a/b/g/Turbo) (default)
+# 1 = scan only the mode that is currently used for normal operations
+#passive_scan_mode=1
+
+# Maximum number of entries kept in AP table (either for passive scanning or
+# for detecting Overlapping Legacy BSS Condition). The oldest entry will be
+# removed when adding a new entry that would make the list grow over this
+# limit. Note! Wi-Fi certification for IEEE 802.11g requires that OLBC is
+# enabled, so this field should not be set to 0 when using IEEE 802.11g.
+# default: 255
+#ap_table_max_size=255
+
+# Number of seconds of no frames received after which entries may be deleted
+# from the AP table. Since passive scanning is not usually performed frequently
+# this should not be set to very small value. In addition, there is no
+# guarantee that every scan cycle will receive beacon frames from the
+# neighboring APs.
+# default: 60
+#ap_table_expiration_time=3600
+
+
+##### Multiple BSSID support ##################################################
+#
+# Above configuration is using the default interface (wlan#, or multi-SSID VLAN
+# interfaces). Other BSSIDs can be added by using separator 'bss' with
+# default interface name to be allocated for the data packets of the new BSS.
+#
+# hostapd will generate BSSID mask based on the BSSIDs that are
+# configured. hostapd will verify that dev_addr & MASK == dev_addr. If this is
+# not the case, the MAC address of the radio must be changed before starting
+# hostapd (ifconfig wlan0 hw ether <MAC addr>).
+#
+# BSSIDs are assigned in order to each BSS, unless an explicit BSSID is
+# specified using the 'bssid' parameter.
+# If an explicit BSSID is specified, it must be chosen such that it:
+# - results in a valid MASK that covers it and the dev_addr
+# - is not the same as the MAC address of the radio
+# - is not the same as any other explicitly specified BSSID
+#
+# Please note that hostapd uses some of the values configured for the first BSS
+# as the defaults for the following BSSes. However, it is recommended that all
+# BSSes include explicit configuration of all relevant configuration items.
+#
+#bss=wlan0_0
+#ssid=test2
+# most of the above items can be used here (apart from radio interface specific
+# items, like channel)
+
+#bss=wlan0_1
+#bssid=00:13:10:95:fe:0b
+# ...

hostapd/hostapd.deny

@@ -0,0 +1,5 @@
+# List of MAC addresses that are not allowed to authenticate (IEEE 802.11)
+# with the AP.
+00:20:30:40:50:60
+00:ab:cd:ef:12:34
+00:00:30:40:50:60

hostapd/hostapd.eap_user

@@ -0,0 +1,91 @@
+# hostapd user database for integrated EAP server
+
+# Each line must contain an identity, EAP method(s), and an optional password
+# separated with whitespace (space or tab). The identity and password must be
+# double quoted ("user"). Password can alternatively be stored as
+# NtPasswordHash (16-byte MD4 hash of the unicode presentation of the password
+# in unicode) if it is used for MSCHAP or MSCHAPv2 authentication. This means
+# that the plaintext password does not need to be included in the user file.
+# Password hash is stored as hash:<16-octets of hex data> without quotation
+# marks.
+
+# [2] flag in the end of the line can be used to mark users for tunneled phase
+# 2 authentication (e.g., within EAP-PEAP). In these cases, an anonymous
+# identity can be used in the unencrypted phase 1 and the real user identity
+# is transmitted only within the encrypted tunnel in phase 2. If non-anonymous
+# access is needed, two user entries is needed, one for phase 1 and another
+# with the same username for phase 2.
+#
+# EAP-TLS, EAP-PEAP, EAP-TTLS, EAP-FAST, EAP-SIM, and EAP-AKA do not use
+# password option.
+# EAP-MD5, EAP-MSCHAPV2, EAP-GTC, EAP-PAX, EAP-PSK, and EAP-SAKE require a
+# password.
+# EAP-PEAP, EAP-TTLS, and EAP-FAST require Phase 2 configuration.
+#
+# * can be used as a wildcard to match any user identity. The main purposes for
+# this are to set anonymous phase 1 identity for EAP-PEAP and EAP-TTLS and to
+# avoid having to configure every certificate for EAP-TLS authentication. The
+# first matching entry is selected, so * should be used as the last phase 1
+# user entry.
+#
+# "prefix"* can be used to match the given prefix and anything after this. The
+# main purpose for this is to be able to avoid EAP method negotiation when the
+# method is using known prefix in identities (e.g., EAP-SIM and EAP-AKA). This
+# is only allowed for phase 1 identities.
+#
+# Multiple methods can be configured to make the authenticator try them one by
+# one until the peer accepts one. The method names are separated with a
+# comma (,).
+#
+# [ver=0] and [ver=1] flags after EAP type PEAP can be used to force PEAP
+# version based on the Phase 1 identity. Without this flag, the EAP
+# authenticator advertises the highest supported version and select the version
+# based on the first PEAP packet from the supplicant.
+#
+# EAP-TTLS supports both EAP and non-EAP authentication inside the tunnel.
+# Tunneled EAP methods are configured with standard EAP method name and [2]
+# flag. Non-EAP methods can be enabled by following method names: TTLS-PAP,
+# TTLS-CHAP, TTLS-MSCHAP, TTLS-MSCHAPV2. TTLS-PAP and TTLS-CHAP require a
+# plaintext password while TTLS-MSCHAP and TTLS-MSCHAPV2 can use NT password
+# hash.
+
+# Phase 1 users
+"user"		MD5	"password"
+"test user"	MD5	"secret"
+"example user"	TLS
+"DOMAIN\user"	MSCHAPV2	"password"
+"gtc user"	GTC	"password"
+"pax user"	PAX	"unknown"
+"pax.user@example.com"	PAX	0123456789abcdef0123456789abcdef
+"psk user"	PSK	"unknown"
+"psk.user@example.com"	PSK	0123456789abcdef0123456789abcdef
+"sake.user@example.com"	SAKE	0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
+"ttls"		TTLS
+"not anonymous"	PEAP
+# Default to EAP-SIM and EAP-AKA based on fixed identity prefixes
+"0"*		AKA,TTLS,TLS,PEAP,SIM
+"1"*		SIM,TTLS,TLS,PEAP,AKA
+"2"*		AKA,TTLS,TLS,PEAP,SIM
+"3"*		SIM,TTLS,TLS,PEAP,AKA
+"4"*		AKA,TTLS,TLS,PEAP,SIM
+"5"*		SIM,TTLS,TLS,PEAP,AKA
+
+# Wildcard for all other identities
+*		PEAP,TTLS,TLS,SIM,AKA
+
+# Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users
+"t-md5"		MD5	"password"	[2]
+"DOMAIN\t-mschapv2"	MSCHAPV2	"password"	[2]
+"t-gtc"		GTC	"password"	[2]
+"not anonymous"	MSCHAPV2	"password"	[2]
+"user"		MD5,GTC,MSCHAPV2	"password"	[2]
+"test user"	MSCHAPV2	hash:000102030405060708090a0b0c0d0e0f	[2]
+"ttls-user"	TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS-MSCHAPV2	"password"	[2]
+
+# Default to EAP-SIM and EAP-AKA based on fixed identity prefixes in phase 2
+"0"*		AKA	[2]
+"1"*		SIM	[2]
+"2"*		AKA	[2]
+"3"*		SIM	[2]
+"4"*		AKA	[2]
+"5"*		SIM	[2]

hostapd/hostapd.h

@@ -0,0 +1,239 @@
+/*
+ * hostapd / Initialization and configuration
+ * Host AP kernel driver
+ * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef HOSTAPD_H
+#define HOSTAPD_H
+
+#include "common.h"
+#include "ap.h"
+
+#ifndef ETH_ALEN
+#define ETH_ALEN 6
+#endif
+#ifndef IFNAMSIZ
+#define IFNAMSIZ 16
+#endif
+#ifndef ETH_P_ALL
+#define ETH_P_ALL 0x0003
+#endif
+#ifndef ETH_P_PAE
+#define ETH_P_PAE 0x888E /* Port Access Entity (IEEE 802.1X) */
+#endif /* ETH_P_PAE */
+#ifndef ETH_P_EAPOL
+#define ETH_P_EAPOL ETH_P_PAE
+#endif /* ETH_P_EAPOL */
+
+#ifndef ETH_P_RRB
+#define ETH_P_RRB 0x890D
+#endif /* ETH_P_RRB */
+
+#include "config.h"
+
+#ifdef _MSC_VER
+#pragma pack(push, 1)
+#endif /* _MSC_VER */
+
+#define MAX_VLAN_ID 4094
+
+struct ieee8023_hdr {
+	u8 dest[6];
+	u8 src[6];
+	u16 ethertype;
+} STRUCT_PACKED;
+
+
+struct ieee80211_hdr {
+	le16 frame_control;
+	le16 duration_id;
+	u8 addr1[6];
+	u8 addr2[6];
+	u8 addr3[6];
+	le16 seq_ctrl;
+	/* followed by 'u8 addr4[6];' if ToDS and FromDS is set in data frame
+	 */
+} STRUCT_PACKED;
+
+#ifdef _MSC_VER
+#pragma pack(pop)
+#endif /* _MSC_VER */
+
+#define IEEE80211_DA_FROMDS addr1
+#define IEEE80211_BSSID_FROMDS addr2
+#define IEEE80211_SA_FROMDS addr3
+
+#define IEEE80211_HDRLEN (sizeof(struct ieee80211_hdr))
+
+#define IEEE80211_FC(type, stype) host_to_le16((type << 2) | (stype << 4))
+
+/* MTU to be set for the wlan#ap device; this is mainly needed for IEEE 802.1X
+ * frames that might be longer than normal default MTU and they are not
+ * fragmented */
+#define HOSTAPD_MTU 2290
+
+extern unsigned char rfc1042_header[6];
+
+struct hostap_sta_driver_data {
+	unsigned long rx_packets, tx_packets, rx_bytes, tx_bytes;
+	unsigned long current_tx_rate;
+	unsigned long inactive_msec;
+	unsigned long flags;
+	unsigned long num_ps_buf_frames;
+	unsigned long tx_retry_failed;
+	unsigned long tx_retry_count;
+	int last_rssi;
+	int last_ack_rssi;
+};
+
+struct wpa_driver_ops;
+struct wpa_ctrl_dst;
+struct radius_server_data;
+
+#ifdef CONFIG_FULL_DYNAMIC_VLAN
+struct full_dynamic_vlan;
+#endif /* CONFIG_FULL_DYNAMIC_VLAN */
+
+/**
+ * struct hostapd_data - hostapd per-BSS data structure
+ */
+struct hostapd_data {
+	struct hostapd_iface *iface;
+	struct hostapd_config *iconf;
+	struct hostapd_bss_config *conf;
+	int interface_added; /* virtual interface added for this BSS */
+
+	u8 own_addr[ETH_ALEN];
+
+	int num_sta; /* number of entries in sta_list */
+	struct sta_info *sta_list; /* STA info list head */
+	struct sta_info *sta_hash[STA_HASH_SIZE];
+
+	/* pointers to STA info; based on allocated AID or NULL if AID free
+	 * AID is in the range 1-2007, so sta_aid[0] corresponders to AID 1
+	 * and so on
+	 */
+	struct sta_info *sta_aid[MAX_AID_TABLE_SIZE];
+
+	const struct wpa_driver_ops *driver;
+	void *drv_priv;
+
+	u8 *default_wep_key;
+	u8 default_wep_key_idx;
+
+	struct radius_client_data *radius;
+	int radius_client_reconfigured;
+	u32 acct_session_id_hi, acct_session_id_lo;
+
+	struct iapp_data *iapp;
+
+	enum { DO_NOT_ASSOC = 0, WAIT_BEACON, AUTHENTICATE, ASSOCIATE,
+	       ASSOCIATED } assoc_ap_state;
+	char assoc_ap_ssid[33];
+	int assoc_ap_ssid_len;
+	u16 assoc_ap_aid;
+
+	struct hostapd_cached_radius_acl *acl_cache;
+	struct hostapd_acl_query_data *acl_queries;
+
+	struct wpa_authenticator *wpa_auth;
+	struct eapol_authenticator *eapol_auth;
+
+	struct rsn_preauth_interface *preauth_iface;
+	time_t michael_mic_failure;
+	int michael_mic_failures;
+	int tkip_countermeasures;
+
+	int ctrl_sock;
+	struct wpa_ctrl_dst *ctrl_dst;
+
+	void *ssl_ctx;
+	void *eap_sim_db_priv;
+	struct radius_server_data *radius_srv;
+
+	int parameter_set_count;
+
+#ifdef CONFIG_FULL_DYNAMIC_VLAN
+	struct full_dynamic_vlan *full_dynamic_vlan;
+#endif /* CONFIG_FULL_DYNAMIC_VLAN */
+
+	struct l2_packet_data *l2;
+};
+
+
+/**
+ * hostapd_iface_cb - Generic callback type for per-iface asynchronous requests
+ * @iface: the interface the event occured on.
+ * @status: 0 if the request succeeded; -1 if the request failed.
+ */
+typedef void (*hostapd_iface_cb)(struct hostapd_iface *iface, int status);
+
+
+struct hostapd_config_change;
+
+/**
+ * struct hostapd_iface - hostapd per-interface data structure
+ */
+struct hostapd_iface {
+	char *config_fname;
+	struct hostapd_config *conf;
+
+	hostapd_iface_cb setup_cb;
+
+	size_t num_bss;
+	struct hostapd_data **bss;
+
+	int num_ap; /* number of entries in ap_list */
+	struct ap_info *ap_list; /* AP info list head */
+	struct ap_info *ap_hash[STA_HASH_SIZE];
+	struct ap_info *ap_iter_list;
+
+	struct hostapd_hw_modes *hw_features;
+	int num_hw_features;
+	struct hostapd_hw_modes *current_mode;
+	/* Rates that are currently used (i.e., filtered copy of
+	 * current_mode->channels */
+	int num_rates;
+	struct hostapd_rate_data *current_rates;
+	hostapd_iface_cb hw_mode_sel_cb;
+
+	u16 hw_flags;
+
+	/* Number of associated Non-ERP stations (i.e., stations using 802.11b
+	 * in 802.11g BSS) */
+	int num_sta_non_erp;
+
+	/* Number of associated stations that do not support Short Slot Time */
+	int num_sta_no_short_slot_time;
+
+	/* Number of associated stations that do not support Short Preamble */
+	int num_sta_no_short_preamble;
+
+	int olbc; /* Overlapping Legacy BSS Condition */
+
+	int dfs_enable;
+	u8 pwr_const;
+	unsigned int tx_power;
+	unsigned int sta_max_power;
+
+	unsigned int channel_switch;
+
+	struct hostapd_config_change *change;
+	hostapd_iface_cb reload_iface_cb;
+	hostapd_iface_cb config_reload_cb;
+};
+
+void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
+			   int reassoc);
+
+#endif /* HOSTAPD_H */

hostapd/hostapd.radius_clients

@@ -0,0 +1,4 @@
+# RADIUS client configuration for the RADIUS server
+10.1.2.3	secret passphrase
+192.168.1.0/24	another very secret passphrase
+0.0.0.0/0	radius

hostapd/hostapd.sim_db

@@ -0,0 +1,9 @@
+# Example GSM authentication triplet file for EAP-SIM authenticator
+# IMSI:Kc:SRES:RAND
+# IMSI: ASCII string (numbers)
+# Kc: hex, 8 octets
+# SRES: hex, 4 octets
+# RAND: hex, 16 octets
+234567898765432:A0A1A2A3A4A5A6A7:D1D2D3D4:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+234567898765432:B0B1B2B3B4B5B6B7:E1E2E3E4:BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
+234567898765432:C0C1C2C3C4C5C6C7:F1F2F3F4:CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

hostapd/hostapd.vlan

@@ -0,0 +1,9 @@
+# VLAN ID to network interface mapping
+1	vlan1
+2	vlan2
+3	vlan3
+100	guest
+# Optional wildcard entry matching all VLAN IDs. The first # in the interface
+# name will be replaced with the VLAN ID. The network interfaces are created
+# (and removed) dynamically based on the use.
+*	vlan#

hostapd/hostapd.wpa_psk

@@ -0,0 +1,9 @@
+# List of WPA PSKs. Each line, except for empty lines and lines starting
+# with #, must contain a MAC address and PSK separated with a space.
+# Special MAC address 00:00:00:00:00:00 can be used to configure PSKs that
+# anyone can use. PSK can be configured as an ASCII passphrase of 8..63
+# characters or as a 256-bit hex PSK (64 hex digits).
+00:00:00:00:00:00 secret passphrase
+00:11:22:33:44:55 another passphrase
+00:22:33:44:55:66 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
+00:00:00:00:00:00 another passphrase for all STAs

hostapd/hostapd_cli.1

@@ -0,0 +1,83 @@
+.TH HOSTAPD_CLI 1 "April  7, 2005" hostapd_cli "hostapd command-line interface"
+.SH NAME
+hostapd_cli \- hostapd command-line interface
+.SH SYNOPSIS
+.B hostapd_cli
+[-p<path>] [-i<ifname>] [-hv] [command..]
+.SH DESCRIPTION
+This manual page documents briefly the
+.B hostapd_cli
+utility.
+.PP
+.B hostapd_cli
+is a command-line interface for the
+.B hostapd
+daemon.
+
+.B hostapd
+is a user space daemon for access point and authentication servers.
+It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server.
+For more information about
+.B hostapd
+refer to the
+.BR hostapd (8)
+man page.
+.SH OPTIONS
+A summary of options is included below.
+For a complete description, run
+.BR hostapd_cli
+from the command line.
+.TP
+.B \-p<path>
+Path to find control sockets.
+
+Default: /var/run/hostapd
+.TP
+.B \-i<ifname>
+Interface to listen on.
+
+Default: first interface found in socket path.
+.TP
+.B \-h
+Show usage.
+.TP
+.B \-v
+Show hostapd_cli version.
+.SH COMMANDS
+A summary of commands is included below.
+For a complete description, run
+.BR hostapd_cli
+from the command line.
+.TP
+.B mib
+Get MIB variables (dot1x, dot11, radius).
+.TP
+.B sta <addr>
+Get MIB variables for one station.
+.TP
+.B all_sta
+Get MIB variables for all stations.
+.TP
+.B help
+Get usage help.
+.TP
+.B interface [ifname] 
+Show interfaces/select interface.
+.TP
+.B level <debug level>
+Change debug level.
+.TP
+.B license
+Show full
+.B hostapd_cli
+license.
+.TP
+.B quit
+Exit hostapd_cli.
+.SH SEE ALSO
+.BR hostapd (8).
+.SH AUTHOR
+hostapd_cli was written by Jouni Malinen <j@w1.fi>. 
+.PP
+This manual page was written by Faidon Liambotis <faidon@cube.gr>,
+for the Debian project (but may be used by others).

hostapd/hostapd_cli.c

@@ -0,0 +1,615 @@
+/*
+ * hostapd - command line interface for hostapd daemon
+ * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+#include <dirent.h>
+
+#include "wpa_ctrl.h"
+#include "common.h"
+#include "version.h"
+
+
+static const char *hostapd_cli_version =
+"hostapd_cli v" VERSION_STR "\n"
+"Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi> and contributors";
+
+
+static const char *hostapd_cli_license =
+"This program is free software. You can distribute it and/or modify it\n"
+"under the terms of the GNU General Public License version 2.\n"
+"\n"
+"Alternatively, this software may be distributed under the terms of the\n"
+"BSD license. See README and COPYING for more details.\n";
+
+static const char *hostapd_cli_full_license =
+"This program is free software; you can redistribute it and/or modify\n"
+"it under the terms of the GNU General Public License version 2 as\n"
+"published by the Free Software Foundation.\n"
+"\n"
+"This program is distributed in the hope that it will be useful,\n"
+"but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
+"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n"
+"GNU General Public License for more details.\n"
+"\n"
+"You should have received a copy of the GNU General Public License\n"
+"along with this program; if not, write to the Free Software\n"
+"Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA\n"
+"\n"
+"Alternatively, this software may be distributed under the terms of the\n"
+"BSD license.\n"
+"\n"
+"Redistribution and use in source and binary forms, with or without\n"
+"modification, are permitted provided that the following conditions are\n"
+"met:\n"
+"\n"
+"1. Redistributions of source code must retain the above copyright\n"
+"   notice, this list of conditions and the following disclaimer.\n"
+"\n"
+"2. Redistributions in binary form must reproduce the above copyright\n"
+"   notice, this list of conditions and the following disclaimer in the\n"
+"   documentation and/or other materials provided with the distribution.\n"
+"\n"
+"3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
+"   names of its contributors may be used to endorse or promote products\n"
+"   derived from this software without specific prior written permission.\n"
+"\n"
+"THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
+"\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
+"LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
+"A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n"
+"OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
+"SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
+"LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
+"DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
+"THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
+"(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
+"OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
+"\n";
+
+static const char *commands_help =
+"Commands:\n"
+"   mib                  get MIB variables (dot1x, dot11, radius)\n"
+"   sta <addr>           get MIB variables for one station\n"
+"   all_sta              get MIB variables for all stations\n"
+"   new_sta <addr>       add a new station\n"
+"   help                 show this usage help\n"
+"   interface [ifname]   show interfaces/select interface\n"
+"   level <debug level>  change debug level\n"
+"   license              show full hostapd_cli license\n"
+"   quit                 exit hostapd_cli\n";
+
+static struct wpa_ctrl *ctrl_conn;
+static int hostapd_cli_quit = 0;
+static int hostapd_cli_attached = 0;
+static const char *ctrl_iface_dir = "/var/run/hostapd";
+static char *ctrl_ifname = NULL;
+
+
+static void usage(void)
+{
+	fprintf(stderr, "%s\n", hostapd_cli_version);
+	fprintf(stderr, 
+		"\n"	
+		"usage: hostapd_cli [-p<path>] [-i<ifname>] [-hv] "
+		"[command..]\n"
+		"\n"
+		"Options:\n"
+		"   -h           help (show this usage text)\n"
+		"   -v           shown version information\n"
+		"   -p<path>     path to find control sockets (default: "
+		"/var/run/hostapd)\n"
+		"   -i<ifname>   Interface to listen on (default: first "
+		"interface found in the\n"
+		"                socket path)\n\n"
+		"%s",
+		commands_help);
+}
+
+
+static struct wpa_ctrl * hostapd_cli_open_connection(const char *ifname)
+{
+	char *cfile;
+	int flen;
+
+	if (ifname == NULL)
+		return NULL;
+
+	flen = strlen(ctrl_iface_dir) + strlen(ifname) + 2;
+	cfile = malloc(flen);
+	if (cfile == NULL)
+		return NULL;
+	snprintf(cfile, flen, "%s/%s", ctrl_iface_dir, ifname);
+
+	ctrl_conn = wpa_ctrl_open(cfile);
+	free(cfile);
+	return ctrl_conn;
+}
+
+
+static void hostapd_cli_close_connection(void)
+{
+	if (ctrl_conn == NULL)
+		return;
+
+	if (hostapd_cli_attached) {
+		wpa_ctrl_detach(ctrl_conn);
+		hostapd_cli_attached = 0;
+	}
+	wpa_ctrl_close(ctrl_conn);
+	ctrl_conn = NULL;
+}
+
+
+static void hostapd_cli_msg_cb(char *msg, size_t len)
+{
+	printf("%s\n", msg);
+}
+
+
+static int _wpa_ctrl_command(struct wpa_ctrl *ctrl, char *cmd, int print)
+{
+	char buf[4096];
+	size_t len;
+	int ret;
+
+	if (ctrl_conn == NULL) {
+		printf("Not connected to hostapd - command dropped.\n");
+		return -1;
+	}
+	len = sizeof(buf) - 1;
+	ret = wpa_ctrl_request(ctrl, cmd, strlen(cmd), buf, &len,
+			       hostapd_cli_msg_cb);
+	if (ret == -2) {
+		printf("'%s' command timed out.\n", cmd);
+		return -2;
+	} else if (ret < 0) {
+		printf("'%s' command failed.\n", cmd);
+		return -1;
+	}
+	if (print) {
+		buf[len] = '\0';
+		printf("%s", buf);
+	}
+	return 0;
+}
+
+
+static inline int wpa_ctrl_command(struct wpa_ctrl *ctrl, char *cmd)
+{
+	return _wpa_ctrl_command(ctrl, cmd, 1);
+}
+
+
+static int hostapd_cli_cmd_ping(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+	return wpa_ctrl_command(ctrl, "PING");
+}
+
+
+static int hostapd_cli_cmd_mib(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+	return wpa_ctrl_command(ctrl, "MIB");
+}
+
+
+static int hostapd_cli_cmd_sta(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+	char buf[64];
+	if (argc != 1) {
+		printf("Invalid 'sta' command - exactly one argument, STA "
+		       "address, is required.\n");
+		return -1;
+	}
+	snprintf(buf, sizeof(buf), "STA %s", argv[0]);
+	return wpa_ctrl_command(ctrl, buf);
+}
+
+
+static int hostapd_cli_cmd_new_sta(struct wpa_ctrl *ctrl, int argc,
+				   char *argv[])
+{
+	char buf[64];
+	if (argc != 1) {
+		printf("Invalid 'new_sta' command - exactly one argument, STA "
+		       "address, is required.\n");
+		return -1;
+	}
+	snprintf(buf, sizeof(buf), "NEW_STA %s", argv[0]);
+	return wpa_ctrl_command(ctrl, buf);
+}
+
+
+static int wpa_ctrl_command_sta(struct wpa_ctrl *ctrl, char *cmd,
+				char *addr, size_t addr_len)
+{
+	char buf[4096], *pos;
+	size_t len;
+	int ret;
+
+	if (ctrl_conn == NULL) {
+		printf("Not connected to hostapd - command dropped.\n");
+		return -1;
+	}
+	len = sizeof(buf) - 1;
+	ret = wpa_ctrl_request(ctrl, cmd, strlen(cmd), buf, &len,
+			       hostapd_cli_msg_cb);
+	if (ret == -2) {
+		printf("'%s' command timed out.\n", cmd);
+		return -2;
+	} else if (ret < 0) {
+		printf("'%s' command failed.\n", cmd);
+		return -1;
+	}
+
+	buf[len] = '\0';
+	if (memcmp(buf, "FAIL", 4) == 0)
+		return -1;
+	printf("%s", buf);
+
+	pos = buf;
+	while (*pos != '\0' && *pos != '\n')
+		pos++;
+	*pos = '\0';
+	os_strlcpy(addr, buf, addr_len);
+	return 0;
+}
+
+
+static int hostapd_cli_cmd_all_sta(struct wpa_ctrl *ctrl, int argc,
+				   char *argv[])
+{
+	char addr[32], cmd[64];
+
+	if (wpa_ctrl_command_sta(ctrl, "STA-FIRST", addr, sizeof(addr)))
+		return 0;
+	do {
+		snprintf(cmd, sizeof(cmd), "STA-NEXT %s", addr);
+	} while (wpa_ctrl_command_sta(ctrl, cmd, addr, sizeof(addr)) == 0);
+
+	return -1;
+}
+
+
+static int hostapd_cli_cmd_help(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+	printf("%s", commands_help);
+	return 0;
+}
+
+
+static int hostapd_cli_cmd_license(struct wpa_ctrl *ctrl, int argc,
+				   char *argv[])
+{
+	printf("%s\n\n%s\n", hostapd_cli_version, hostapd_cli_full_license);
+	return 0;
+}
+
+
+static int hostapd_cli_cmd_quit(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+	hostapd_cli_quit = 1;
+	return 0;
+}
+
+
+static int hostapd_cli_cmd_level(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+	char cmd[256];
+	if (argc != 1) {
+		printf("Invalid LEVEL command: needs one argument (debug "
+		       "level)\n");
+		return 0;
+	}
+	snprintf(cmd, sizeof(cmd), "LEVEL %s", argv[0]);
+	return wpa_ctrl_command(ctrl, cmd);
+}
+
+
+static void hostapd_cli_list_interfaces(struct wpa_ctrl *ctrl)
+{
+	struct dirent *dent;
+	DIR *dir;
+
+	dir = opendir(ctrl_iface_dir);
+	if (dir == NULL) {
+		printf("Control interface directory '%s' could not be "
+		       "openned.\n", ctrl_iface_dir);
+		return;
+	}
+
+	printf("Available interfaces:\n");
+	while ((dent = readdir(dir))) {
+		if (strcmp(dent->d_name, ".") == 0 ||
+		    strcmp(dent->d_name, "..") == 0)
+			continue;
+		printf("%s\n", dent->d_name);
+	}
+	closedir(dir);
+}
+
+
+static int hostapd_cli_cmd_interface(struct wpa_ctrl *ctrl, int argc,
+				     char *argv[])
+{
+	if (argc < 1) {
+		hostapd_cli_list_interfaces(ctrl);
+		return 0;
+	}
+
+	hostapd_cli_close_connection();
+	free(ctrl_ifname);
+	ctrl_ifname = strdup(argv[0]);
+
+	if (hostapd_cli_open_connection(ctrl_ifname)) {
+		printf("Connected to interface '%s.\n", ctrl_ifname);
+		if (wpa_ctrl_attach(ctrl_conn) == 0) {
+			hostapd_cli_attached = 1;
+		} else {
+			printf("Warning: Failed to attach to "
+			       "hostapd.\n");
+		}
+	} else {
+		printf("Could not connect to interface '%s' - re-trying\n",
+			ctrl_ifname);
+	}
+	return 0;
+}
+
+
+struct hostapd_cli_cmd {
+	const char *cmd;
+	int (*handler)(struct wpa_ctrl *ctrl, int argc, char *argv[]);
+};
+
+static struct hostapd_cli_cmd hostapd_cli_commands[] = {
+	{ "ping", hostapd_cli_cmd_ping },
+	{ "mib", hostapd_cli_cmd_mib },
+	{ "sta", hostapd_cli_cmd_sta },
+	{ "all_sta", hostapd_cli_cmd_all_sta },
+	{ "new_sta", hostapd_cli_cmd_new_sta },
+	{ "help", hostapd_cli_cmd_help },
+	{ "interface", hostapd_cli_cmd_interface },
+	{ "level", hostapd_cli_cmd_level },
+	{ "license", hostapd_cli_cmd_license },
+	{ "quit", hostapd_cli_cmd_quit },
+	{ NULL, NULL }
+};
+
+
+static void wpa_request(struct wpa_ctrl *ctrl, int argc, char *argv[])
+{
+	struct hostapd_cli_cmd *cmd, *match = NULL;
+	int count;
+
+	count = 0;
+	cmd = hostapd_cli_commands;
+	while (cmd->cmd) {
+		if (strncasecmp(cmd->cmd, argv[0], strlen(argv[0])) == 0) {
+			match = cmd;
+			count++;
+		}
+		cmd++;
+	}
+
+	if (count > 1) {
+		printf("Ambiguous command '%s'; possible commands:", argv[0]);
+		cmd = hostapd_cli_commands;
+		while (cmd->cmd) {
+			if (strncasecmp(cmd->cmd, argv[0], strlen(argv[0])) ==
+			    0) {
+				printf(" %s", cmd->cmd);
+			}
+			cmd++;
+		}
+		printf("\n");
+	} else if (count == 0) {
+		printf("Unknown command '%s'\n", argv[0]);
+	} else {
+		match->handler(ctrl, argc - 1, &argv[1]);
+	}
+}
+
+
+static void hostapd_cli_recv_pending(struct wpa_ctrl *ctrl, int in_read)
+{
+	int first = 1;
+	if (ctrl_conn == NULL)
+		return;
+	while (wpa_ctrl_pending(ctrl)) {
+		char buf[256];
+		size_t len = sizeof(buf) - 1;
+		if (wpa_ctrl_recv(ctrl, buf, &len) == 0) {
+			buf[len] = '\0';
+			if (in_read && first)
+				printf("\n");
+			first = 0;
+			printf("%s\n", buf);
+		} else {
+			printf("Could not read pending message.\n");
+			break;
+		}
+	}
+}
+
+
+static void hostapd_cli_interactive(void)
+{
+	const int max_args = 10;
+	char cmd[256], *res, *argv[max_args], *pos;
+	int argc;
+
+	printf("\nInteractive mode\n\n");
+
+	do {
+		hostapd_cli_recv_pending(ctrl_conn, 0);
+		printf("> ");
+		alarm(1);
+		res = fgets(cmd, sizeof(cmd), stdin);
+		alarm(0);
+		if (res == NULL)
+			break;
+		pos = cmd;
+		while (*pos != '\0') {
+			if (*pos == '\n') {
+				*pos = '\0';
+				break;
+			}
+			pos++;
+		}
+		argc = 0;
+		pos = cmd;
+		for (;;) {
+			while (*pos == ' ')
+				pos++;
+			if (*pos == '\0')
+				break;
+			argv[argc] = pos;
+			argc++;
+			if (argc == max_args)
+				break;
+			while (*pos != '\0' && *pos != ' ')
+				pos++;
+			if (*pos == ' ')
+				*pos++ = '\0';
+		}
+		if (argc)
+			wpa_request(ctrl_conn, argc, argv);
+	} while (!hostapd_cli_quit);
+}
+
+
+static void hostapd_cli_terminate(int sig)
+{
+	hostapd_cli_close_connection();
+	exit(0);
+}
+
+
+static void hostapd_cli_alarm(int sig)
+{
+	if (ctrl_conn && _wpa_ctrl_command(ctrl_conn, "PING", 0)) {
+		printf("Connection to hostapd lost - trying to reconnect\n");
+		hostapd_cli_close_connection();
+	}
+	if (!ctrl_conn) {
+		ctrl_conn = hostapd_cli_open_connection(ctrl_ifname);
+		if (ctrl_conn) {
+			printf("Connection to hostapd re-established\n");
+			if (wpa_ctrl_attach(ctrl_conn) == 0) {
+				hostapd_cli_attached = 1;
+			} else {
+				printf("Warning: Failed to attach to "
+				       "hostapd.\n");
+			}
+		}
+	}
+	if (ctrl_conn)
+		hostapd_cli_recv_pending(ctrl_conn, 1);
+	alarm(1);
+}
+
+
+int main(int argc, char *argv[])
+{
+	int interactive;
+	int warning_displayed = 0;
+	int c;
+
+	for (;;) {
+		c = getopt(argc, argv, "hi:p:v");
+		if (c < 0)
+			break;
+		switch (c) {
+		case 'h':
+			usage();
+			return 0;
+		case 'v':
+			printf("%s\n", hostapd_cli_version);
+			return 0;
+		case 'i':
+			free(ctrl_ifname);
+			ctrl_ifname = strdup(optarg);
+			break;
+		case 'p':
+			ctrl_iface_dir = optarg;
+			break;
+		default:
+			usage();
+			return -1;
+		}
+	}
+
+	interactive = argc == optind;
+
+	if (interactive) {
+		printf("%s\n\n%s\n\n", hostapd_cli_version,
+		       hostapd_cli_license);
+	}
+
+	for (;;) {
+		if (ctrl_ifname == NULL) {
+			struct dirent *dent;
+			DIR *dir = opendir(ctrl_iface_dir);
+			if (dir) {
+				while ((dent = readdir(dir))) {
+					if (strcmp(dent->d_name, ".") == 0 ||
+					    strcmp(dent->d_name, "..") == 0)
+						continue;
+					printf("Selected interface '%s'\n",
+					       dent->d_name);
+					ctrl_ifname = strdup(dent->d_name);
+					break;
+				}
+				closedir(dir);
+			}
+		}
+		ctrl_conn = hostapd_cli_open_connection(ctrl_ifname);
+		if (ctrl_conn) {
+			if (warning_displayed)
+				printf("Connection established.\n");
+			break;
+		}
+
+		if (!interactive) {
+			perror("Failed to connect to hostapd - "
+			       "wpa_ctrl_open");
+			return -1;
+		}
+
+		if (!warning_displayed) {
+			printf("Could not connect to hostapd - re-trying\n");
+			warning_displayed = 1;
+		}
+		sleep(1);
+		continue;
+	}
+
+	signal(SIGINT, hostapd_cli_terminate);
+	signal(SIGTERM, hostapd_cli_terminate);
+	signal(SIGALRM, hostapd_cli_alarm);
+
+	if (interactive) {
+		if (wpa_ctrl_attach(ctrl_conn) == 0) {
+			hostapd_cli_attached = 1;
+		} else {
+			printf("Warning: Failed to attach to hostapd.\n");
+		}
+		hostapd_cli_interactive();
+	} else
+		wpa_request(ctrl_conn, argc - optind, &argv[optind]);
+
+	free(ctrl_ifname);
+	hostapd_cli_close_connection();
+	return 0;
+}

hostapd/hw_features.c

@@ -0,0 +1,432 @@
+/*
+ * hostapd / Hardware feature query and different modes
+ * Copyright 2002-2003, Instant802 Networks, Inc.
+ * Copyright 2005-2006, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "hostapd.h"
+#include "hw_features.h"
+#include "driver.h"
+#include "config.h"
+#include "eloop.h"
+
+
+void hostapd_free_hw_features(struct hostapd_hw_modes *hw_features,
+			      size_t num_hw_features)
+{
+	size_t i;
+
+	if (hw_features == NULL)
+		return;
+
+	for (i = 0; i < num_hw_features; i++) {
+		os_free(hw_features[i].channels);
+		os_free(hw_features[i].rates);
+	}
+
+	os_free(hw_features);
+}
+
+
+int hostapd_get_hw_features(struct hostapd_iface *iface)
+{
+	struct hostapd_data *hapd = iface->bss[0];
+	int ret = 0, i, j;
+	u16 num_modes, flags;
+	struct hostapd_hw_modes *modes;
+
+	modes = hostapd_get_hw_feature_data(hapd, &num_modes, &flags);
+	if (modes == NULL) {
+		hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_DEBUG,
+			       "Fetching hardware channel/rate support not "
+			       "supported.");
+		return -1;
+	}
+
+	iface->hw_flags = flags;
+
+	hostapd_free_hw_features(iface->hw_features, iface->num_hw_features);
+	iface->hw_features = modes;
+	iface->num_hw_features = num_modes;
+
+	for (i = 0; i < num_modes; i++) {
+		struct hostapd_hw_modes *feature = &modes[i];
+		/* set flag for channels we can use in current regulatory
+		 * domain */
+		for (j = 0; j < feature->num_channels; j++) {
+			/* TODO: add regulatory domain lookup */
+			unsigned char power_level = 0;
+			unsigned char antenna_max = 0;
+
+			if ((feature->mode == HOSTAPD_MODE_IEEE80211G ||
+			     feature->mode == HOSTAPD_MODE_IEEE80211B) &&
+			    feature->channels[j].chan >= 1 &&
+			    feature->channels[j].chan <= 11) {
+				power_level = 20;
+				feature->channels[j].flag |=
+					HOSTAPD_CHAN_W_SCAN;
+			} else
+				feature->channels[j].flag &=
+					~HOSTAPD_CHAN_W_SCAN;
+
+			hostapd_set_channel_flag(hapd, feature->mode,
+						 feature->channels[j].chan,
+						 feature->channels[j].flag,
+						 power_level,
+						 antenna_max);
+		}
+	}
+
+	return ret;
+}
+
+
+static int hostapd_prepare_rates(struct hostapd_data *hapd,
+				 struct hostapd_hw_modes *mode)
+{
+	int i, num_basic_rates = 0;
+	int basic_rates_a[] = { 60, 120, 240, -1 };
+	int basic_rates_b[] = { 10, 20, -1 };
+	int basic_rates_g[] = { 10, 20, 55, 110, -1 };
+	int *basic_rates;
+
+	if (hapd->iconf->basic_rates)
+		basic_rates = hapd->iconf->basic_rates;
+	else switch (mode->mode) {
+	case HOSTAPD_MODE_IEEE80211A:
+		basic_rates = basic_rates_a;
+		break;
+	case HOSTAPD_MODE_IEEE80211B:
+		basic_rates = basic_rates_b;
+		break;
+	case HOSTAPD_MODE_IEEE80211G:
+		basic_rates = basic_rates_g;
+		break;
+	default:
+		return -1;
+	}
+
+	if (hostapd_set_rate_sets(hapd, hapd->iconf->supported_rates,
+				  basic_rates, mode->mode)) {
+		wpa_printf(MSG_ERROR, "Failed to update rate sets in kernel "
+			   "module");
+	}
+
+	os_free(hapd->iface->current_rates);
+	hapd->iface->num_rates = 0;
+
+	hapd->iface->current_rates =
+		os_malloc(mode->num_rates * sizeof(struct hostapd_rate_data));
+	if (!hapd->iface->current_rates) {
+		wpa_printf(MSG_ERROR, "Failed to allocate memory for rate "
+			   "table.");
+		return -1;
+	}
+
+	for (i = 0; i < mode->num_rates; i++) {
+		struct hostapd_rate_data *rate;
+
+		if (hapd->iconf->supported_rates &&
+		    !hostapd_rate_found(hapd->iconf->supported_rates,
+					mode->rates[i].rate))
+			continue;
+
+		rate = &hapd->iface->current_rates[hapd->iface->num_rates];
+		os_memcpy(rate, &mode->rates[i],
+			  sizeof(struct hostapd_rate_data));
+		if (hostapd_rate_found(basic_rates, rate->rate)) {
+			rate->flags |= HOSTAPD_RATE_BASIC;
+			num_basic_rates++;
+		} else
+			rate->flags &= ~HOSTAPD_RATE_BASIC;
+		wpa_printf(MSG_DEBUG, "RATE[%d] rate=%d flags=0x%x",
+			   hapd->iface->num_rates, rate->rate, rate->flags);
+		hapd->iface->num_rates++;
+	}
+
+	if (hapd->iface->num_rates == 0 || num_basic_rates == 0) {
+		wpa_printf(MSG_ERROR, "No rates remaining in supported/basic "
+			   "rate sets (%d,%d).",
+			   hapd->iface->num_rates, num_basic_rates);
+		return -1;
+	}
+
+	return 0;
+}
+
+
+static void select_hw_mode_start(void *eloop_data, void *user_ctx);
+static void select_hw_mode2_handler(void *eloop_data, void *user_ctx);
+
+/**
+ * select_hw_mode_finalize - Finish select HW mode & call the callback
+ * @iface: Pointer to interface data.
+ * @status: Status of the select HW mode (0 on success; -1 on failure).
+ * Returns: 0 on success; -1 on failure (e.g., was not in progress).
+ */
+static int select_hw_mode_finalize(struct hostapd_iface *iface, int status)
+{
+	hostapd_iface_cb cb;
+
+	if (!iface->hw_mode_sel_cb)
+		return -1;
+
+	eloop_cancel_timeout(select_hw_mode_start, iface, NULL);
+	eloop_cancel_timeout(select_hw_mode2_handler, iface, NULL);
+
+	cb = iface->hw_mode_sel_cb;
+
+	iface->hw_mode_sel_cb = NULL;
+
+	cb(iface, status);
+
+	return 0;
+}
+
+
+/**
+ * select_hw_mode2 - Select the hardware mode (part 2)
+ * @iface: Pointer to interface data.
+ * @status: Status of auto chanel selection.
+ *
+ * Setup the rates and passive scanning based on the configuration.
+ */
+static void select_hw_mode2(struct hostapd_iface *iface, int status)
+{
+	int ret = status;
+	if (ret)
+		goto fail;
+
+	if (iface->current_mode == NULL) {
+		hostapd_logger(iface->bss[0], NULL, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_WARNING,
+			       "Hardware does not support configured channel");
+		ret = -1;
+		goto fail;
+	}
+
+	if (hostapd_prepare_rates(iface->bss[0], iface->current_mode)) {
+		wpa_printf(MSG_ERROR, "Failed to prepare rates table.");
+		hostapd_logger(iface->bss[0], NULL, HOSTAPD_MODULE_IEEE80211,
+					   HOSTAPD_LEVEL_WARNING,
+					   "Failed to prepare rates table.");
+		ret = -1;
+		goto fail;
+	}
+
+	ret = hostapd_passive_scan(iface->bss[0], 0,
+				   iface->conf->passive_scan_mode,
+				   iface->conf->passive_scan_interval,
+				   iface->conf->passive_scan_listen,
+				   NULL, NULL);
+	if (ret) {
+		wpa_printf(MSG_ERROR, "Could not set passive scanning: %s",
+			   strerror(ret));
+		ret = 0;
+	}
+
+fail:
+	select_hw_mode_finalize(iface, ret);
+}
+
+
+/**
+ * select_hw_mode2_handler - Calls select_hw_mode2 when auto chan isn't used
+ * @eloop_data: Stores the struct hostapd_iface * for the interface.
+ * @user_ctx: Unused.
+ */
+static void select_hw_mode2_handler(void *eloop_data, void *user_ctx)
+{
+	struct hostapd_iface *iface = eloop_data;
+
+	select_hw_mode2(iface, 0);
+}
+
+
+/**
+ * select_hw_mode1 - Select the hardware mode (part 1)
+ * @iface: Pointer to interface data.
+ * Returns: 0 on success; -1 on failure.
+ *
+ * Setup the hardware mode and channel based on the configuration.
+ * Schedules select_hw_mode2() to be called immediately or after automatic
+ * channel selection takes place.
+ */
+static int select_hw_mode1(struct hostapd_iface *iface)
+{
+	int i, j, ok;
+
+	if (iface->num_hw_features < 1)
+		return -1;
+
+	iface->current_mode = NULL;
+	for (i = 0; i < iface->num_hw_features; i++) {
+		struct hostapd_hw_modes *mode = &iface->hw_features[i];
+		if (mode->mode == (int) iface->conf->hw_mode) {
+			iface->current_mode = mode;
+			break;
+		}
+	}
+
+	if (iface->current_mode == NULL) {
+		wpa_printf(MSG_ERROR, "Hardware does not support configured "
+			   "mode");
+		hostapd_logger(iface->bss[0], NULL, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_WARNING,
+			       "Hardware does not support configured mode "
+			       "(%d)", (int) iface->conf->hw_mode);
+		return -1;
+	}
+
+	ok = 0;
+	for (j = 0; j < iface->current_mode->num_channels; j++) {
+		struct hostapd_channel_data *chan =
+			&iface->current_mode->channels[j];
+		if ((chan->flag & HOSTAPD_CHAN_W_SCAN) &&
+		    (chan->chan == iface->conf->channel)) {
+			ok = 1;
+			break;
+		}
+	}
+	if (ok == 0 && iface->conf->channel != 0) {
+		hostapd_logger(iface->bss[0], NULL,
+			       HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_WARNING,
+			       "Configured channel (%d) not found from the "
+			       "channel list of current mode (%d) %s",
+			       iface->conf->channel,
+			       iface->current_mode->mode,
+			       hostapd_hw_mode_txt(iface->current_mode->mode));
+		iface->current_mode = NULL;
+	}
+
+	/*
+	 * Calls select_hw_mode2() via a handler, so that the function is
+	 * always executed from eloop.
+	 */
+	eloop_register_timeout(0, 0, select_hw_mode2_handler, iface, NULL);
+	return 0;
+}
+
+
+/**
+ * select_hw_mode_start - Handler to start select HW mode
+ * @eloop_data: Stores the struct hostapd_iface * for the interface.
+ * @user_ctx: Unused.
+ *
+ * An eloop handler is used so that all errors can be processed by the
+ * callback without introducing stack recursion.
+ */
+static void select_hw_mode_start(void *eloop_data, void *user_ctx)
+{
+	struct hostapd_iface *iface = (struct hostapd_iface *)eloop_data;
+
+	int ret;
+
+	ret = select_hw_mode1(iface);
+	if (ret)
+		select_hw_mode_finalize(iface, ret);
+}
+
+
+/**
+ * hostapd_select_hw_mode_start - Start selection of the hardware mode
+ * @iface: Pointer to interface data.
+ * @cb: The function to callback when done.
+ * Returns:  0 if it starts successfully; cb will be called when done.
+ *          -1 on failure; cb will not be called.
+ *
+ * Sets up the hardware mode, channel, rates, and passive scanning
+ * based on the configuration.
+ */
+int hostapd_select_hw_mode_start(struct hostapd_iface *iface,
+				 hostapd_iface_cb cb)
+{
+	if (iface->hw_mode_sel_cb) {
+		wpa_printf(MSG_DEBUG,
+			   "%s: Hardware mode select already in progress.",
+			   iface->bss[0]->conf->iface);
+		return -1;
+	}
+
+	iface->hw_mode_sel_cb = cb;
+
+	eloop_register_timeout(0, 0, select_hw_mode_start, iface, NULL);
+
+	return 0;
+}
+
+
+/**
+ * hostapd_auto_chan_select_stop - Stops automatic channel selection
+ * @iface: Pointer to interface data.
+ * Returns:  0 if successfully stopped;
+ *          -1 on failure (i.e., was not in progress)
+ */
+int hostapd_select_hw_mode_stop(struct hostapd_iface *iface)
+{
+	return select_hw_mode_finalize(iface, -1);
+}
+
+
+const char * hostapd_hw_mode_txt(int mode)
+{
+	switch (mode) {
+	case HOSTAPD_MODE_IEEE80211A:
+		return "IEEE 802.11a";
+	case HOSTAPD_MODE_IEEE80211B:
+		return "IEEE 802.11b";
+	case HOSTAPD_MODE_IEEE80211G:
+		return "IEEE 802.11g";
+	default:
+		return "UNKNOWN";
+	}
+}
+
+
+int hostapd_hw_get_freq(struct hostapd_data *hapd, int chan)
+{
+	int i;
+
+	if (!hapd->iface->current_mode)
+		return 0;
+
+	for (i = 0; i < hapd->iface->current_mode->num_channels; i++) {
+		struct hostapd_channel_data *ch =
+			&hapd->iface->current_mode->channels[i];
+		if (ch->chan == chan)
+			return ch->freq;
+	}
+
+	return 0;
+}
+
+
+int hostapd_hw_get_channel(struct hostapd_data *hapd, int freq)
+{
+	int i;
+
+	if (!hapd->iface->current_mode)
+		return 0;
+
+	for (i = 0; i < hapd->iface->current_mode->num_channels; i++) {
+		struct hostapd_channel_data *ch =
+			&hapd->iface->current_mode->channels[i];
+		if (ch->freq == freq)
+			return ch->chan;
+	}
+
+	return 0;
+}

hostapd/hw_features.h

@@ -0,0 +1,61 @@
+/*
+ * hostapd / Hardware feature query and different modes
+ * Copyright 2002-2003, Instant802 Networks, Inc.
+ * Copyright 2005-2006, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef HW_FEATURES_H
+#define HW_FEATURES_H
+
+#define HOSTAPD_CHAN_W_SCAN 0x00000001
+#define HOSTAPD_CHAN_W_ACTIVE_SCAN 0x00000002
+#define HOSTAPD_CHAN_W_IBSS 0x00000004
+
+struct hostapd_channel_data {
+	short chan; /* channel number (IEEE 802.11) */
+	short freq; /* frequency in MHz */
+	int flag; /* flag for hostapd use (HOSTAPD_CHAN_*) */
+};
+
+#define HOSTAPD_RATE_ERP 0x00000001
+#define HOSTAPD_RATE_BASIC 0x00000002
+#define HOSTAPD_RATE_PREAMBLE2 0x00000004
+#define HOSTAPD_RATE_SUPPORTED 0x00000010
+#define HOSTAPD_RATE_OFDM 0x00000020
+#define HOSTAPD_RATE_CCK 0x00000040
+#define HOSTAPD_RATE_MANDATORY 0x00000100
+
+struct hostapd_rate_data {
+	int rate; /* rate in 100 kbps */
+	int flags; /* HOSTAPD_RATE_ flags */
+};
+
+struct hostapd_hw_modes {
+	int mode;
+	int num_channels;
+	struct hostapd_channel_data *channels;
+	int num_rates;
+	struct hostapd_rate_data *rates;
+};
+
+
+void hostapd_free_hw_features(struct hostapd_hw_modes *hw_features,
+			      size_t num_hw_features);
+int hostapd_get_hw_features(struct hostapd_iface *iface);
+int hostapd_select_hw_mode_start(struct hostapd_iface *iface,
+				 hostapd_iface_cb cb);
+int hostapd_select_hw_mode_stop(struct hostapd_iface *iface);
+const char * hostapd_hw_mode_txt(int mode);
+int hostapd_hw_get_freq(struct hostapd_data *hapd, int chan);
+int hostapd_hw_get_channel(struct hostapd_data *hapd, int freq);
+
+#endif /* HW_FEATURES_H */

hostapd/iapp.c

@@ -0,0 +1,542 @@
+/*
+ * hostapd / IEEE 802.11F-2003 Inter-Access Point Protocol (IAPP)
+ * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ * Note: IEEE 802.11F-2003 was a experimental use specification. It has expired
+ * and IEEE has withdrawn it. In other words, it is likely better to look at
+ * using some other mechanism for AP-to-AP communication than extenting the
+ * implementation here.
+ */
+
+/* TODO:
+ * Level 1: no administrative or security support
+ *	(e.g., static BSSID to IP address mapping in each AP)
+ * Level 2: support for dynamic mapping of BSSID to IP address
+ * Level 3: support for encryption and authentication of IAPP messages
+ * - add support for MOVE-notify and MOVE-response (this requires support for
+ *   finding out IP address for previous AP using RADIUS)
+ * - add support for Send- and ACK-Security-Block to speedup IEEE 802.1X during
+ *   reassociation to another AP
+ * - implement counters etc. for IAPP MIB
+ * - verify endianness of fields in IAPP messages; are they big-endian as
+ *   used here?
+ * - RADIUS connection for AP registration and BSSID to IP address mapping
+ * - TCP connection for IAPP MOVE, CACHE
+ * - broadcast ESP for IAPP ADD-notify
+ * - ESP for IAPP MOVE messages
+ * - security block sending/processing
+ * - IEEE 802.11 context transfer
+ */
+
+#include "includes.h"
+#include <net/if.h>
+#include <sys/ioctl.h>
+#ifdef USE_KERNEL_HEADERS
+#include <linux/if_packet.h>
+#else /* USE_KERNEL_HEADERS */
+#include <netpacket/packet.h>
+#endif /* USE_KERNEL_HEADERS */
+
+#include "hostapd.h"
+#include "ieee802_11.h"
+#include "iapp.h"
+#include "eloop.h"
+#include "sta_info.h"
+
+
+#define IAPP_MULTICAST "224.0.1.178"
+#define IAPP_UDP_PORT 3517
+#define IAPP_TCP_PORT 3517
+
+struct iapp_hdr {
+	u8 version;
+	u8 command;
+	be16 identifier;
+	be16 length;
+	/* followed by length-6 octets of data */
+} __attribute__ ((packed));
+
+#define IAPP_VERSION 0
+
+enum IAPP_COMMAND {
+	IAPP_CMD_ADD_notify = 0,
+	IAPP_CMD_MOVE_notify = 1,
+	IAPP_CMD_MOVE_response = 2,
+	IAPP_CMD_Send_Security_Block = 3,
+	IAPP_CMD_ACK_Security_Block = 4,
+	IAPP_CMD_CACHE_notify = 5,
+	IAPP_CMD_CACHE_response = 6,
+};
+
+
+/* ADD-notify - multicast UDP on the local LAN */
+struct iapp_add_notify {
+	u8 addr_len; /* ETH_ALEN */
+	u8 reserved;
+	u8 mac_addr[ETH_ALEN];
+	be16 seq_num;
+} __attribute__ ((packed));
+
+
+/* Layer 2 Update frame (802.2 Type 1 LLC XID Update response) */
+struct iapp_layer2_update {
+	u8 da[ETH_ALEN]; /* broadcast */
+	u8 sa[ETH_ALEN]; /* STA addr */
+	be16 len; /* 6 */
+	u8 dsap; /* null DSAP address */
+	u8 ssap; /* null SSAP address, CR=Response */
+	u8 control;
+	u8 xid_info[3];
+} __attribute__ ((packed));
+
+
+/* MOVE-notify - unicast TCP */
+struct iapp_move_notify {
+	u8 addr_len; /* ETH_ALEN */
+	u8 reserved;
+	u8 mac_addr[ETH_ALEN];
+	u16 seq_num;
+	u16 ctx_block_len;
+	/* followed by ctx_block_len bytes */
+} __attribute__ ((packed));
+
+
+/* MOVE-response - unicast TCP */
+struct iapp_move_response {
+	u8 addr_len; /* ETH_ALEN */
+	u8 status;
+	u8 mac_addr[ETH_ALEN];
+	u16 seq_num;
+	u16 ctx_block_len;
+	/* followed by ctx_block_len bytes */
+} __attribute__ ((packed));
+
+enum {
+	IAPP_MOVE_SUCCESSFUL = 0,
+	IAPP_MOVE_DENIED = 1,
+	IAPP_MOVE_STALE_MOVE = 2,
+};
+
+
+/* CACHE-notify */
+struct iapp_cache_notify {
+	u8 addr_len; /* ETH_ALEN */
+	u8 reserved;
+	u8 mac_addr[ETH_ALEN];
+	u16 seq_num;
+	u8 current_ap[ETH_ALEN];
+	u16 ctx_block_len;
+	/* ctx_block_len bytes of context block followed by 16-bit context
+	 * timeout */
+} __attribute__ ((packed));
+
+
+/* CACHE-response - unicast TCP */
+struct iapp_cache_response {
+	u8 addr_len; /* ETH_ALEN */
+	u8 status;
+	u8 mac_addr[ETH_ALEN];
+	u16 seq_num;
+} __attribute__ ((packed));
+
+enum {
+	IAPP_CACHE_SUCCESSFUL = 0,
+	IAPP_CACHE_STALE_CACHE = 1,
+};
+
+
+/* Send-Security-Block - unicast TCP */
+struct iapp_send_security_block {
+	u8 iv[8];
+	u16 sec_block_len;
+	/* followed by sec_block_len bytes of security block */
+} __attribute__ ((packed));
+
+
+/* ACK-Security-Block - unicast TCP */
+struct iapp_ack_security_block {
+	u8 iv[8];
+	u8 new_ap_ack_authenticator[48];
+} __attribute__ ((packed));
+
+
+struct iapp_data {
+	struct hostapd_data *hapd;
+	u16 identifier; /* next IAPP identifier */
+	struct in_addr own, multicast;
+	int udp_sock;
+	int packet_sock;
+};
+
+
+static void iapp_send_add(struct iapp_data *iapp, u8 *mac_addr, u16 seq_num)
+{
+	char buf[128];
+	struct iapp_hdr *hdr;
+	struct iapp_add_notify *add;
+	struct sockaddr_in addr;
+
+	/* Send IAPP ADD-notify to remove possible association from other APs
+	 */
+
+	hdr = (struct iapp_hdr *) buf;
+	hdr->version = IAPP_VERSION;
+	hdr->command = IAPP_CMD_ADD_notify;
+	hdr->identifier = host_to_be16(iapp->identifier++);
+	hdr->length = host_to_be16(sizeof(*hdr) + sizeof(*add));
+
+	add = (struct iapp_add_notify *) (hdr + 1);
+	add->addr_len = ETH_ALEN;
+	add->reserved = 0;
+	os_memcpy(add->mac_addr, mac_addr, ETH_ALEN);
+
+	add->seq_num = host_to_be16(seq_num);
+	
+	os_memset(&addr, 0, sizeof(addr));
+	addr.sin_family = AF_INET;
+	addr.sin_addr.s_addr = iapp->multicast.s_addr;
+	addr.sin_port = htons(IAPP_UDP_PORT);
+	if (sendto(iapp->udp_sock, buf, (char *) (add + 1) - buf, 0,
+		   (struct sockaddr *) &addr, sizeof(addr)) < 0)
+		perror("sendto[IAPP-ADD]");
+}
+
+
+static void iapp_send_layer2_update(struct iapp_data *iapp, u8 *addr)
+{
+	struct iapp_layer2_update msg;
+
+	/* Send Level 2 Update Frame to update forwarding tables in layer 2
+	 * bridge devices */
+
+	/* 802.2 Type 1 Logical Link Control (LLC) Exchange Identifier (XID)
+	 * Update response frame; IEEE Std 802.2-1998, 5.4.1.2.1 */
+
+	os_memset(msg.da, 0xff, ETH_ALEN);
+	os_memcpy(msg.sa, addr, ETH_ALEN);
+	msg.len = host_to_be16(6);
+	msg.dsap = 0; /* NULL DSAP address */
+	msg.ssap = 0x01; /* NULL SSAP address, CR Bit: Response */
+	msg.control = 0xaf; /* XID response lsb.1111F101.
+			     * F=0 (no poll command; unsolicited frame) */
+	msg.xid_info[0] = 0x81; /* XID format identifier */
+	msg.xid_info[1] = 1; /* LLC types/classes: Type 1 LLC */
+	msg.xid_info[2] = 1 << 1; /* XID sender's receive window size (RW)
+				   * FIX: what is correct RW with 802.11? */
+
+	if (send(iapp->packet_sock, &msg, sizeof(msg), 0) < 0)
+		perror("send[L2 Update]");
+}
+
+
+void iapp_new_station(struct iapp_data *iapp, struct sta_info *sta)
+{
+	struct ieee80211_mgmt *assoc;
+	u16 seq;
+
+	if (iapp == NULL)
+		return;
+
+	assoc = sta->last_assoc_req;
+	seq = assoc ? WLAN_GET_SEQ_SEQ(le_to_host16(assoc->seq_ctrl)) : 0;
+
+	/* IAPP-ADD.request(MAC Address, Sequence Number, Timeout) */
+	hostapd_logger(iapp->hapd, sta->addr, HOSTAPD_MODULE_IAPP,
+		       HOSTAPD_LEVEL_DEBUG, "IAPP-ADD.request(seq=%d)", seq);
+	iapp_send_layer2_update(iapp, sta->addr);
+	iapp_send_add(iapp, sta->addr, seq);
+
+	if (assoc && WLAN_FC_GET_STYPE(le_to_host16(assoc->frame_control)) ==
+	    WLAN_FC_STYPE_REASSOC_REQ) {
+		/* IAPP-MOVE.request(MAC Address, Sequence Number, Old AP,
+		 *                   Context Block, Timeout)
+		 */
+		/* TODO: Send IAPP-MOVE to the old AP; Map Old AP BSSID to
+		 * IP address */
+	}
+}
+
+
+static void iapp_process_add_notify(struct iapp_data *iapp,
+				    struct sockaddr_in *from,
+				    struct iapp_hdr *hdr, int len)
+{
+	struct iapp_add_notify *add = (struct iapp_add_notify *) (hdr + 1);
+	struct sta_info *sta;
+
+	if (len != sizeof(*add)) {
+		printf("Invalid IAPP-ADD packet length %d (expected %lu)\n",
+		       len, (unsigned long) sizeof(*add));
+		return;
+	}
+
+	sta = ap_get_sta(iapp->hapd, add->mac_addr);
+
+	/* IAPP-ADD.indication(MAC Address, Sequence Number) */
+	hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP,
+		       HOSTAPD_LEVEL_INFO,
+		       "Received IAPP ADD-notify (seq# %d) from %s:%d%s",
+		       be_to_host16(add->seq_num),
+		       inet_ntoa(from->sin_addr), ntohs(from->sin_port),
+		       sta ? "" : " (STA not found)");
+
+	if (!sta)
+		return;
+
+	/* TODO: could use seq_num to try to determine whether last association
+	 * to this AP is newer than the one advertised in IAPP-ADD. Although,
+	 * this is not really a reliable verification. */
+
+	hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP,
+		       HOSTAPD_LEVEL_DEBUG,
+		       "Removing STA due to IAPP ADD-notify");
+	sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_AUTHORIZED);
+	eloop_cancel_timeout(ap_handle_timer, iapp->hapd, sta);
+	eloop_register_timeout(0, 0, ap_handle_timer, iapp->hapd, sta);
+	sta->timeout_next = STA_REMOVE;
+}
+
+
+static void iapp_receive_udp(int sock, void *eloop_ctx, void *sock_ctx)
+{
+	struct iapp_data *iapp = eloop_ctx;
+	int len, hlen;
+	unsigned char buf[128];
+	struct sockaddr_in from;
+	socklen_t fromlen;
+	struct iapp_hdr *hdr;
+
+	/* Handle incoming IAPP frames (over UDP/IP) */
+
+	fromlen = sizeof(from);
+	len = recvfrom(iapp->udp_sock, buf, sizeof(buf), 0,
+		       (struct sockaddr *) &from, &fromlen);
+	if (len < 0) {
+		perror("recvfrom");
+		return;
+	}
+
+	if (from.sin_addr.s_addr == iapp->own.s_addr)
+		return; /* ignore own IAPP messages */
+
+	hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP,
+		       HOSTAPD_LEVEL_DEBUG,
+		       "Received %d byte IAPP frame from %s%s\n",
+		       len, inet_ntoa(from.sin_addr),
+		       len < (int) sizeof(*hdr) ? " (too short)" : "");
+
+	if (len < (int) sizeof(*hdr))
+		return;
+
+	hdr = (struct iapp_hdr *) buf;
+	hlen = be_to_host16(hdr->length);
+	hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP,
+		       HOSTAPD_LEVEL_DEBUG,
+		       "RX: version=%d command=%d id=%d len=%d\n",
+		       hdr->version, hdr->command,
+		       be_to_host16(hdr->identifier), hlen);
+	if (hdr->version != IAPP_VERSION) {
+		printf("Dropping IAPP frame with unknown version %d\n",
+		       hdr->version);
+		return;
+	}
+	if (hlen > len) {
+		printf("Underflow IAPP frame (hlen=%d len=%d)\n", hlen, len);
+		return;
+	}
+	if (hlen < len) {
+		printf("Ignoring %d extra bytes from IAPP frame\n",
+		       len - hlen);
+		len = hlen;
+	}
+
+	switch (hdr->command) {
+	case IAPP_CMD_ADD_notify:
+		iapp_process_add_notify(iapp, &from, hdr, hlen - sizeof(*hdr));
+		break;
+	case IAPP_CMD_MOVE_notify:
+		/* TODO: MOVE is using TCP; so move this to TCP handler once it
+		 * is implemented.. */
+		/* IAPP-MOVE.indication(MAC Address, New BSSID,
+		 * Sequence Number, AP Address, Context Block) */
+		/* TODO: process */
+		break;
+	default:
+		printf("Unknown IAPP command %d\n", hdr->command);
+		break;
+	}
+}
+
+
+struct iapp_data * iapp_init(struct hostapd_data *hapd, const char *iface)
+{
+	struct ifreq ifr;
+	struct sockaddr_ll addr;
+	int ifindex;
+	struct sockaddr_in *paddr, uaddr;
+	struct iapp_data *iapp;
+	struct ip_mreqn mreq;
+
+	iapp = os_zalloc(sizeof(*iapp));
+	if (iapp == NULL)
+		return NULL;
+	iapp->hapd = hapd;
+	iapp->udp_sock = iapp->packet_sock = -1;
+
+	/* TODO:
+	 * open socket for sending and receiving IAPP frames over TCP
+	 */
+
+	iapp->udp_sock = socket(PF_INET, SOCK_DGRAM, 0);
+	if (iapp->udp_sock < 0) {
+		perror("socket[PF_INET,SOCK_DGRAM]");
+		iapp_deinit(iapp);
+		return NULL;
+	}
+
+	os_memset(&ifr, 0, sizeof(ifr));
+	os_strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name));
+	if (ioctl(iapp->udp_sock, SIOCGIFINDEX, &ifr) != 0) {
+		perror("ioctl(SIOCGIFINDEX)");
+		iapp_deinit(iapp);
+		return NULL;
+	}
+	ifindex = ifr.ifr_ifindex;
+
+	if (ioctl(iapp->udp_sock, SIOCGIFADDR, &ifr) != 0) {
+		perror("ioctl(SIOCGIFADDR)");
+		iapp_deinit(iapp);
+		return NULL;
+	}
+	paddr = (struct sockaddr_in *) &ifr.ifr_addr;
+	if (paddr->sin_family != AF_INET) {
+		printf("Invalid address family %i (SIOCGIFADDR)\n",
+		       paddr->sin_family);
+		iapp_deinit(iapp);
+		return NULL;
+	}
+	iapp->own.s_addr = paddr->sin_addr.s_addr;
+
+	if (ioctl(iapp->udp_sock, SIOCGIFBRDADDR, &ifr) != 0) {
+		perror("ioctl(SIOCGIFBRDADDR)");
+		iapp_deinit(iapp);
+		return NULL;
+	}
+	paddr = (struct sockaddr_in *) &ifr.ifr_addr;
+	if (paddr->sin_family != AF_INET) {
+		printf("Invalid address family %i (SIOCGIFBRDADDR)\n",
+		       paddr->sin_family);
+		iapp_deinit(iapp);
+		return NULL;
+	}
+	inet_aton(IAPP_MULTICAST, &iapp->multicast);
+
+	os_memset(&uaddr, 0, sizeof(uaddr));
+	uaddr.sin_family = AF_INET;
+	uaddr.sin_port = htons(IAPP_UDP_PORT);
+	if (bind(iapp->udp_sock, (struct sockaddr *) &uaddr,
+		 sizeof(uaddr)) < 0) {
+		perror("bind[UDP]");
+		iapp_deinit(iapp);
+		return NULL;
+	}
+
+	os_memset(&mreq, 0, sizeof(mreq));
+	mreq.imr_multiaddr = iapp->multicast;
+	mreq.imr_address.s_addr = INADDR_ANY;
+	mreq.imr_ifindex = 0;
+	if (setsockopt(iapp->udp_sock, SOL_IP, IP_ADD_MEMBERSHIP, &mreq,
+		       sizeof(mreq)) < 0) {
+		perror("setsockopt[UDP,IP_ADD_MEMBERSHIP]");
+		iapp_deinit(iapp);
+		return NULL;
+	}
+
+	iapp->packet_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
+	if (iapp->packet_sock < 0) {
+		perror("socket[PF_PACKET,SOCK_RAW]");
+		iapp_deinit(iapp);
+		return NULL;
+	}
+
+	os_memset(&addr, 0, sizeof(addr));
+	addr.sll_family = AF_PACKET;
+	addr.sll_ifindex = ifindex;
+	if (bind(iapp->packet_sock, (struct sockaddr *) &addr,
+		 sizeof(addr)) < 0) {
+		perror("bind[PACKET]");
+		iapp_deinit(iapp);
+		return NULL;
+	}
+
+	if (eloop_register_read_sock(iapp->udp_sock, iapp_receive_udp,
+				     iapp, NULL)) {
+		printf("Could not register read socket for IAPP.\n");
+		iapp_deinit(iapp);
+		return NULL;
+	}
+
+	printf("IEEE 802.11F (IAPP) using interface %s\n", iface);
+
+	/* TODO: For levels 2 and 3: send RADIUS Initiate-Request, receive
+	 * RADIUS Initiate-Accept or Initiate-Reject. IAPP port should actually
+	 * be openned only after receiving Initiate-Accept. If Initiate-Reject
+	 * is received, IAPP is not started. */
+
+	return iapp;
+}
+
+
+void iapp_deinit(struct iapp_data *iapp)
+{
+	struct ip_mreqn mreq;
+
+	if (iapp == NULL)
+		return;
+
+	if (iapp->udp_sock >= 0) {
+		os_memset(&mreq, 0, sizeof(mreq));
+		mreq.imr_multiaddr = iapp->multicast;
+		mreq.imr_address.s_addr = INADDR_ANY;
+		mreq.imr_ifindex = 0;
+		if (setsockopt(iapp->udp_sock, SOL_IP, IP_DROP_MEMBERSHIP,
+			       &mreq, sizeof(mreq)) < 0) {
+			perror("setsockopt[UDP,IP_DEL_MEMBERSHIP]");
+		}
+
+		eloop_unregister_read_sock(iapp->udp_sock);
+		close(iapp->udp_sock);
+	}
+	if (iapp->packet_sock >= 0) {
+		eloop_unregister_read_sock(iapp->packet_sock);
+		close(iapp->packet_sock);
+	}
+	os_free(iapp);
+}
+
+int iapp_reconfig(struct hostapd_data *hapd, struct hostapd_config *oldconf,
+		  struct hostapd_bss_config *oldbss)
+{
+	if (hapd->conf->ieee802_11f != oldbss->ieee802_11f ||
+	    os_strcmp(hapd->conf->iapp_iface, oldbss->iapp_iface) != 0) {
+		iapp_deinit(hapd->iapp);
+		hapd->iapp = NULL;
+
+		if (hapd->conf->ieee802_11f) {
+			hapd->iapp = iapp_init(hapd, hapd->conf->iapp_iface);
+			if (hapd->iapp == NULL)
+				return -1;
+		}
+	}
+
+	return 0;
+}

hostapd/iapp.h

@@ -0,0 +1,54 @@
+/*
+ * hostapd / IEEE 802.11F-2003 Inter-Access Point Protocol (IAPP)
+ * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef IAPP_H
+#define IAPP_H
+
+struct iapp_data;
+
+#ifdef CONFIG_IAPP
+
+void iapp_new_station(struct iapp_data *iapp, struct sta_info *sta);
+struct iapp_data * iapp_init(struct hostapd_data *hapd, const char *iface);
+void iapp_deinit(struct iapp_data *iapp);
+int iapp_reconfig(struct hostapd_data *hapd, struct hostapd_config *oldconf,
+		  struct hostapd_bss_config *oldbss);
+
+#else /* CONFIG_IAPP */
+
+static inline void iapp_new_station(struct iapp_data *iapp,
+				    struct sta_info *sta)
+{
+}
+
+static inline struct iapp_data * iapp_init(struct hostapd_data *hapd,
+					   const char *iface)
+{
+	return NULL;
+}
+
+static inline void iapp_deinit(struct iapp_data *iapp)
+{
+}
+
+static inline int
+iapp_reconfig(struct hostapd_data *hapd, struct hostapd_config *oldconf,
+	      struct hostapd_bss_config *oldbss)
+{
+	return 0;
+}
+
+#endif /* CONFIG_IAPP */
+
+#endif /* IAPP_H */

hostapd/ieee802_11.c

@@ -0,0 +1,1749 @@
+/*
+ * hostapd / IEEE 802.11 Management
+ * Copyright (c) 2002-2008, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#ifndef CONFIG_NATIVE_WINDOWS
+
+#include <net/if.h>
+
+#include "eloop.h"
+#include "hostapd.h"
+#include "ieee802_11.h"
+#include "beacon.h"
+#include "hw_features.h"
+#include "radius/radius.h"
+#include "radius/radius_client.h"
+#include "ieee802_11_auth.h"
+#include "sta_info.h"
+#include "rc4.h"
+#include "ieee802_1x.h"
+#include "wpa.h"
+#include "wme.h"
+#include "ap_list.h"
+#include "accounting.h"
+#include "driver.h"
+#include "ieee802_11h.h"
+#include "mlme.h"
+
+
+u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
+{
+	u8 *pos = eid;
+	int i, num, count;
+
+	if (hapd->iface->current_rates == NULL)
+		return eid;
+
+	*pos++ = WLAN_EID_SUPP_RATES;
+	num = hapd->iface->num_rates;
+	if (num > 8) {
+		/* rest of the rates are encoded in Extended supported
+		 * rates element */
+		num = 8;
+	}
+
+	*pos++ = num;
+	count = 0;
+	for (i = 0, count = 0; i < hapd->iface->num_rates && count < num;
+	     i++) {
+		count++;
+		*pos = hapd->iface->current_rates[i].rate / 5;
+		if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
+			*pos |= 0x80;
+		pos++;
+	}
+
+	return pos;
+}
+
+
+u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid)
+{
+	u8 *pos = eid;
+	int i, num, count;
+
+	if (hapd->iface->current_rates == NULL)
+		return eid;
+
+	num = hapd->iface->num_rates;
+	if (num <= 8)
+		return eid;
+	num -= 8;
+
+	*pos++ = WLAN_EID_EXT_SUPP_RATES;
+	*pos++ = num;
+	count = 0;
+	for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8;
+	     i++) {
+		count++;
+		if (count <= 8)
+			continue; /* already in SuppRates IE */
+		*pos = hapd->iface->current_rates[i].rate / 5;
+		if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
+			*pos |= 0x80;
+		pos++;
+	}
+
+	return pos;
+}
+
+
+u16 hostapd_own_capab_info(struct hostapd_data *hapd, struct sta_info *sta,
+			   int probe)
+{
+	int capab = WLAN_CAPABILITY_ESS;
+	int privacy;
+
+	if (hapd->iface->num_sta_no_short_preamble == 0 &&
+	    hapd->iconf->preamble == SHORT_PREAMBLE)
+		capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
+
+	privacy = hapd->conf->ssid.wep.keys_set;
+
+	if (hapd->conf->ieee802_1x &&
+	    (hapd->conf->default_wep_key_len ||
+	     hapd->conf->individual_wep_key_len))
+		privacy = 1;
+
+	if (hapd->conf->wpa)
+		privacy = 1;
+
+	if (sta) {
+		int policy, def_klen;
+		if (probe && sta->ssid_probe) {
+			policy = sta->ssid_probe->security_policy;
+			def_klen = sta->ssid_probe->wep.default_len;
+		} else {
+			policy = sta->ssid->security_policy;
+			def_klen = sta->ssid->wep.default_len;
+		}
+		privacy = policy != SECURITY_PLAINTEXT;
+		if (policy == SECURITY_IEEE_802_1X && def_klen == 0)
+			privacy = 0;
+	}
+
+	if (privacy)
+		capab |= WLAN_CAPABILITY_PRIVACY;
+
+	if (hapd->iface->current_mode &&
+	    hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G &&
+	    hapd->iface->num_sta_no_short_slot_time == 0)
+		capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
+
+	if (hapd->iface->dfs_enable) 
+		capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
+
+	return capab;
+}
+
+
+#define OUI_MICROSOFT 0x0050f2 /* Microsoft (also used in Wi-Fi specs)
+				* 00:50:F2 */
+
+static int ieee802_11_parse_vendor_specific(struct hostapd_data *hapd,
+					    u8 *pos, size_t elen,
+					    struct ieee802_11_elems *elems,
+					    int show_errors)
+{
+	unsigned int oui;
+
+	/* first 3 bytes in vendor specific information element are the IEEE
+	 * OUI of the vendor. The following byte is used a vendor specific
+	 * sub-type. */
+	if (elen < 4) {
+		if (show_errors) {
+			wpa_printf(MSG_MSGDUMP, "short vendor specific "
+				   "information element ignored (len=%lu)",
+				   (unsigned long) elen);
+		}
+		return -1;
+	}
+
+	oui = WPA_GET_BE24(pos);
+	switch (oui) {
+	case OUI_MICROSOFT:
+		/* Microsoft/Wi-Fi information elements are further typed and
+		 * subtyped */
+		switch (pos[3]) {
+		case 1:
+			/* Microsoft OUI (00:50:F2) with OUI Type 1:
+			 * real WPA information element */
+			elems->wpa_ie = pos;
+			elems->wpa_ie_len = elen;
+			break;
+		case WME_OUI_TYPE: /* this is a Wi-Fi WME info. element */
+			if (elen < 5) {
+				wpa_printf(MSG_MSGDUMP, "short WME "
+					   "information element ignored "
+					   "(len=%lu)",
+					   (unsigned long) elen);
+				return -1;
+			}
+			switch (pos[4]) {
+			case WME_OUI_SUBTYPE_INFORMATION_ELEMENT:
+			case WME_OUI_SUBTYPE_PARAMETER_ELEMENT:
+				elems->wme = pos;
+				elems->wme_len = elen;
+				break;
+			case WME_OUI_SUBTYPE_TSPEC_ELEMENT:
+				elems->wme_tspec = pos;
+				elems->wme_tspec_len = elen;
+				break;
+			default:
+				wpa_printf(MSG_MSGDUMP, "unknown WME "
+					   "information element ignored "
+					   "(subtype=%d len=%lu)",
+					   pos[4], (unsigned long) elen);
+				return -1;
+			}
+			break;
+		default:
+			wpa_printf(MSG_MSGDUMP, "Unknown Microsoft "
+				   "information element ignored "
+				   "(type=%d len=%lu)\n",
+				   pos[3], (unsigned long) elen);
+			return -1;
+		}
+		break;
+
+	default:
+		wpa_printf(MSG_MSGDUMP, "unknown vendor specific information "
+			   "element ignored (vendor OUI %02x:%02x:%02x "
+			   "len=%lu)",
+			   pos[0], pos[1], pos[2], (unsigned long) elen);
+		return -1;
+	}
+
+	return 0;
+}
+
+
+ParseRes ieee802_11_parse_elems(struct hostapd_data *hapd, u8 *start,
+				size_t len,
+				struct ieee802_11_elems *elems,
+				int show_errors)
+{
+	size_t left = len;
+	u8 *pos = start;
+	int unknown = 0;
+
+	os_memset(elems, 0, sizeof(*elems));
+
+	while (left >= 2) {
+		u8 id, elen;
+
+		id = *pos++;
+		elen = *pos++;
+		left -= 2;
+
+		if (elen > left) {
+			if (show_errors) {
+				wpa_printf(MSG_DEBUG, "IEEE 802.11 element "
+					   "parse failed (id=%d elen=%d "
+					   "left=%lu)",
+					   id, elen, (unsigned long) left);
+				wpa_hexdump(MSG_MSGDUMP, "IEs", start, len);
+			}
+			return ParseFailed;
+		}
+
+		switch (id) {
+		case WLAN_EID_SSID:
+			elems->ssid = pos;
+			elems->ssid_len = elen;
+			break;
+		case WLAN_EID_SUPP_RATES:
+			elems->supp_rates = pos;
+			elems->supp_rates_len = elen;
+			break;
+		case WLAN_EID_FH_PARAMS:
+			elems->fh_params = pos;
+			elems->fh_params_len = elen;
+			break;
+		case WLAN_EID_DS_PARAMS:
+			elems->ds_params = pos;
+			elems->ds_params_len = elen;
+			break;
+		case WLAN_EID_CF_PARAMS:
+			elems->cf_params = pos;
+			elems->cf_params_len = elen;
+			break;
+		case WLAN_EID_TIM:
+			elems->tim = pos;
+			elems->tim_len = elen;
+			break;
+		case WLAN_EID_IBSS_PARAMS:
+			elems->ibss_params = pos;
+			elems->ibss_params_len = elen;
+			break;
+		case WLAN_EID_CHALLENGE:
+			elems->challenge = pos;
+			elems->challenge_len = elen;
+			break;
+		case WLAN_EID_ERP_INFO:
+			elems->erp_info = pos;
+			elems->erp_info_len = elen;
+			break;
+		case WLAN_EID_EXT_SUPP_RATES:
+			elems->ext_supp_rates = pos;
+			elems->ext_supp_rates_len = elen;
+			break;
+		case WLAN_EID_VENDOR_SPECIFIC:
+			if (ieee802_11_parse_vendor_specific(hapd, pos, elen,
+							     elems,
+							     show_errors))
+				unknown++;
+			break;
+		case WLAN_EID_RSN:
+			elems->rsn_ie = pos;
+			elems->rsn_ie_len = elen;
+			break;
+		case WLAN_EID_PWR_CAPABILITY:
+			elems->power_cap = pos;
+			elems->power_cap_len = elen;
+			break;
+		case WLAN_EID_SUPPORTED_CHANNELS:
+			elems->supp_channels = pos;
+			elems->supp_channels_len = elen;
+			break;
+		case WLAN_EID_MOBILITY_DOMAIN:
+			elems->mdie = pos;
+			elems->mdie_len = elen;
+			break;
+		case WLAN_EID_FAST_BSS_TRANSITION:
+			elems->ftie = pos;
+			elems->ftie_len = elen;
+			break;
+		default:
+			unknown++;
+			if (!show_errors)
+				break;
+			wpa_printf(MSG_MSGDUMP, "IEEE 802.11 element parse "
+				   "ignored unknown element (id=%d elen=%d)",
+				   id, elen);
+			break;
+		}
+
+		left -= elen;
+		pos += elen;
+	}
+
+	if (left)
+		return ParseFailed;
+
+	return unknown ? ParseUnknown : ParseOK;
+}
+
+
+void ieee802_11_print_ssid(char *buf, const u8 *ssid, u8 len)
+{
+	int i;
+	if (len > HOSTAPD_MAX_SSID_LEN)
+		len = HOSTAPD_MAX_SSID_LEN;
+	for (i = 0; i < len; i++) {
+		if (ssid[i] >= 32 && ssid[i] < 127)
+			buf[i] = ssid[i];
+		else
+			buf[i] = '.';
+	}
+	buf[len] = '\0';
+}
+
+
+void ieee802_11_send_deauth(struct hostapd_data *hapd, u8 *addr, u16 reason)
+{
+	struct ieee80211_mgmt mgmt;
+	char buf[30];
+
+	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
+		       HOSTAPD_LEVEL_DEBUG,
+		       "deauthenticate - reason %d", reason);
+	os_snprintf(buf, sizeof(buf), "SEND-DEAUTHENTICATE %d", reason);
+	os_memset(&mgmt, 0, sizeof(mgmt));
+	mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+					  WLAN_FC_STYPE_DEAUTH);
+	os_memcpy(mgmt.da, addr, ETH_ALEN);
+	os_memcpy(mgmt.sa, hapd->own_addr, ETH_ALEN);
+	os_memcpy(mgmt.bssid, hapd->own_addr, ETH_ALEN);
+	mgmt.u.deauth.reason_code = host_to_le16(reason);
+	if (hostapd_send_mgmt_frame(hapd, &mgmt, IEEE80211_HDRLEN +
+				    sizeof(mgmt.u.deauth), 0) < 0)
+		perror("ieee802_11_send_deauth: send");
+}
+
+
+static void ieee802_11_sta_authenticate(void *eloop_ctx, void *timeout_ctx)
+{
+	struct hostapd_data *hapd = eloop_ctx;
+	struct ieee80211_mgmt mgmt;
+	char ssid_txt[33];
+
+	if (hapd->assoc_ap_state == WAIT_BEACON)
+		hapd->assoc_ap_state = AUTHENTICATE;
+	if (hapd->assoc_ap_state != AUTHENTICATE)
+		return;
+
+	ieee802_11_print_ssid(ssid_txt, (u8 *) hapd->assoc_ap_ssid,
+			      hapd->assoc_ap_ssid_len);
+	printf("Authenticate with AP " MACSTR " SSID=%s (as station)\n",
+	       MAC2STR(hapd->conf->assoc_ap_addr), ssid_txt);
+
+	os_memset(&mgmt, 0, sizeof(mgmt));
+	mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+					  WLAN_FC_STYPE_AUTH);
+	/* Request TX callback */
+	mgmt.frame_control |= host_to_le16(BIT(1));
+	os_memcpy(mgmt.da, hapd->conf->assoc_ap_addr, ETH_ALEN);
+	os_memcpy(mgmt.sa, hapd->own_addr, ETH_ALEN);
+	os_memcpy(mgmt.bssid, hapd->conf->assoc_ap_addr, ETH_ALEN);
+	mgmt.u.auth.auth_alg = host_to_le16(WLAN_AUTH_OPEN);
+	mgmt.u.auth.auth_transaction = host_to_le16(1);
+	mgmt.u.auth.status_code = host_to_le16(0);
+	if (hostapd_send_mgmt_frame(hapd, &mgmt, IEEE80211_HDRLEN +
+				    sizeof(mgmt.u.auth), 0) < 0)
+		perror("ieee802_11_sta_authenticate: send");
+
+	/* Try to authenticate again, if this attempt fails or times out. */
+	eloop_register_timeout(5, 0, ieee802_11_sta_authenticate, hapd, NULL);
+}
+
+
+static void ieee802_11_sta_associate(void *eloop_ctx, void *timeout_ctx)
+{
+	struct hostapd_data *hapd = eloop_ctx;
+	u8 buf[256];
+	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) buf;
+	u8 *p;
+	char ssid_txt[33];
+
+	if (hapd->assoc_ap_state == AUTHENTICATE)
+		hapd->assoc_ap_state = ASSOCIATE;
+	if (hapd->assoc_ap_state != ASSOCIATE)
+		return;
+
+	ieee802_11_print_ssid(ssid_txt, (u8 *) hapd->assoc_ap_ssid,
+			      hapd->assoc_ap_ssid_len);
+	printf("Associate with AP " MACSTR " SSID=%s (as station)\n",
+	       MAC2STR(hapd->conf->assoc_ap_addr), ssid_txt);
+
+	os_memset(mgmt, 0, sizeof(*mgmt));
+	mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+					  WLAN_FC_STYPE_ASSOC_REQ);
+	/* Request TX callback */
+	mgmt->frame_control |= host_to_le16(BIT(1));
+	os_memcpy(mgmt->da, hapd->conf->assoc_ap_addr, ETH_ALEN);
+	os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
+	os_memcpy(mgmt->bssid, hapd->conf->assoc_ap_addr, ETH_ALEN);
+	mgmt->u.assoc_req.capab_info = host_to_le16(0);
+	mgmt->u.assoc_req.listen_interval = host_to_le16(1);
+	p = &mgmt->u.assoc_req.variable[0];
+
+	*p++ = WLAN_EID_SSID;
+	*p++ = hapd->assoc_ap_ssid_len;
+	os_memcpy(p, hapd->assoc_ap_ssid, hapd->assoc_ap_ssid_len);
+	p += hapd->assoc_ap_ssid_len;
+
+	p = hostapd_eid_supp_rates(hapd, p);
+	p = hostapd_eid_ext_supp_rates(hapd, p);
+
+	if (hostapd_send_mgmt_frame(hapd, mgmt, p - (u8 *) mgmt, 0) < 0)
+		perror("ieee802_11_sta_associate: send");
+
+	/* Try to authenticate again, if this attempt fails or times out. */
+	eloop_register_timeout(5, 0, ieee802_11_sta_associate, hapd, NULL);
+}
+
+
+static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta,
+			   u16 auth_transaction, u8 *challenge, int iswep)
+{
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+		       HOSTAPD_LEVEL_DEBUG,
+		       "authentication (shared key, transaction %d)",
+		       auth_transaction);
+
+	if (auth_transaction == 1) {
+		if (!sta->challenge) {
+			/* Generate a pseudo-random challenge */
+			u8 key[8];
+			time_t now;
+			int r;
+			sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN);
+			if (sta->challenge == NULL)
+				return WLAN_STATUS_UNSPECIFIED_FAILURE;
+
+			now = time(NULL);
+			r = random();
+			os_memcpy(key, &now, 4);
+			os_memcpy(key + 4, &r, 4);
+			rc4(sta->challenge, WLAN_AUTH_CHALLENGE_LEN,
+			    key, sizeof(key));
+		}
+		return 0;
+	}
+
+	if (auth_transaction != 3)
+		return WLAN_STATUS_UNSPECIFIED_FAILURE;
+
+	/* Transaction 3 */
+	if (!iswep || !sta->challenge || !challenge ||
+	    os_memcmp(sta->challenge, challenge, WLAN_AUTH_CHALLENGE_LEN)) {
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_INFO,
+			       "shared key authentication - invalid "
+			       "challenge-response");
+		return WLAN_STATUS_CHALLENGE_FAIL;
+	}
+
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+		       HOSTAPD_LEVEL_DEBUG,
+		       "authentication OK (shared key)");
+#ifdef IEEE80211_REQUIRE_AUTH_ACK
+	/* Station will be marked authenticated if it ACKs the
+	 * authentication reply. */
+#else
+	sta->flags |= WLAN_STA_AUTH;
+	wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
+#endif
+	os_free(sta->challenge);
+	sta->challenge = NULL;
+
+	return 0;
+}
+
+
+static void send_auth_reply(struct hostapd_data *hapd,
+			    const u8 *dst, const u8 *bssid,
+			    u16 auth_alg, u16 auth_transaction, u16 resp,
+			    const u8 *ies, size_t ies_len)
+{
+	struct ieee80211_mgmt *reply;
+	u8 *buf;
+	size_t rlen;
+
+	rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len;
+	buf = os_zalloc(rlen);
+	if (buf == NULL)
+		return;
+
+	reply = (struct ieee80211_mgmt *) buf;
+	reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+					    WLAN_FC_STYPE_AUTH);
+	/* Request TX callback */
+	reply->frame_control |= host_to_le16(BIT(1));
+	os_memcpy(reply->da, dst, ETH_ALEN);
+	os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN);
+	os_memcpy(reply->bssid, bssid, ETH_ALEN);
+
+	reply->u.auth.auth_alg = host_to_le16(auth_alg);
+	reply->u.auth.auth_transaction = host_to_le16(auth_transaction);
+	reply->u.auth.status_code = host_to_le16(resp);
+
+	if (ies && ies_len)
+		os_memcpy(reply->u.auth.variable, ies, ies_len);
+
+	wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR
+		   " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu)",
+		   MAC2STR(dst), auth_alg, auth_transaction,
+		   resp, (unsigned long) ies_len);
+	if (hostapd_send_mgmt_frame(hapd, reply, rlen, 0) < 0)
+		perror("send_auth_reply: send");
+
+	os_free(buf);
+}
+
+
+#ifdef CONFIG_IEEE80211R
+static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid,
+				  u16 auth_transaction, u16 status,
+				  const u8 *ies, size_t ies_len)
+{
+	struct hostapd_data *hapd = ctx;
+	struct sta_info *sta;
+
+	send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT, auth_transaction,
+			status, ies, ies_len);
+
+	if (status != WLAN_STATUS_SUCCESS)
+		return;
+
+	sta = ap_get_sta(hapd, dst);
+	if (sta == NULL)
+		return;
+
+	hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211,
+		       HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)");
+	sta->flags |= WLAN_STA_AUTH;
+	mlme_authenticate_indication(hapd, sta);
+}
+#endif /* CONFIG_IEEE80211R */
+
+
+static void handle_auth(struct hostapd_data *hapd, struct ieee80211_mgmt *mgmt,
+			size_t len)
+{
+	u16 auth_alg, auth_transaction, status_code;
+	u16 resp = WLAN_STATUS_SUCCESS;
+	struct sta_info *sta = NULL;
+	int res;
+	u16 fc;
+	u8 *challenge = NULL;
+	u32 session_timeout, acct_interim_interval;
+	int vlan_id = 0;
+	u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
+	size_t resp_ies_len = 0;
+
+	if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
+		printf("handle_auth - too short payload (len=%lu)\n",
+		       (unsigned long) len);
+		return;
+	}
+
+	auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
+	auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
+	status_code = le_to_host16(mgmt->u.auth.status_code);
+	fc = le_to_host16(mgmt->frame_control);
+
+	if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) +
+	    2 + WLAN_AUTH_CHALLENGE_LEN &&
+	    mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE &&
+	    mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN)
+		challenge = &mgmt->u.auth.variable[2];
+
+	wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d "
+		   "auth_transaction=%d status_code=%d wep=%d%s",
+		   MAC2STR(mgmt->sa), auth_alg, auth_transaction,
+		   status_code, !!(fc & WLAN_FC_ISWEP),
+		   challenge ? " challenge" : "");
+
+	if (hapd->assoc_ap_state == AUTHENTICATE && auth_transaction == 2 &&
+	    os_memcmp(mgmt->sa, hapd->conf->assoc_ap_addr, ETH_ALEN) == 0 &&
+	    os_memcmp(mgmt->bssid, hapd->conf->assoc_ap_addr, ETH_ALEN) == 0) {
+		if (status_code != 0) {
+			printf("Authentication (as station) with AP "
+			       MACSTR " failed (status_code=%d)\n",
+			       MAC2STR(hapd->conf->assoc_ap_addr),
+			       status_code);
+			return;
+		}
+		printf("Authenticated (as station) with AP " MACSTR "\n",
+		       MAC2STR(hapd->conf->assoc_ap_addr));
+		ieee802_11_sta_associate(hapd, NULL);
+		return;
+	}
+
+	if (hapd->tkip_countermeasures) {
+		resp = WLAN_REASON_MICHAEL_MIC_FAILURE;
+		goto fail;
+	}
+
+	if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) &&
+	       auth_alg == WLAN_AUTH_OPEN) ||
+#ifdef CONFIG_IEEE80211R
+	      (hapd->conf->wpa &&
+	       (hapd->conf->wpa_key_mgmt &
+		(WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_FT_PSK)) &&
+	       auth_alg == WLAN_AUTH_FT) ||
+#endif /* CONFIG_IEEE80211R */
+	      ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) &&
+	       auth_alg == WLAN_AUTH_SHARED_KEY))) {
+		printf("Unsupported authentication algorithm (%d)\n",
+		       auth_alg);
+		resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
+		goto fail;
+	}
+
+	if (!(auth_transaction == 1 ||
+	      (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) {
+		printf("Unknown authentication transaction number (%d)\n",
+		       auth_transaction);
+		resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
+		goto fail;
+	}
+
+	if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
+		printf("Station " MACSTR " not allowed to authenticate.\n",
+		       MAC2STR(mgmt->sa));
+		resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+		goto fail;
+	}
+
+	res = hostapd_allowed_address(hapd, mgmt->sa, (u8 *) mgmt, len,
+				      &session_timeout,
+				      &acct_interim_interval, &vlan_id);
+	if (res == HOSTAPD_ACL_REJECT) {
+		printf("Station " MACSTR " not allowed to authenticate.\n",
+		       MAC2STR(mgmt->sa));
+		resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+		goto fail;
+	}
+	if (res == HOSTAPD_ACL_PENDING) {
+		wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR
+			   " waiting for an external authentication",
+			   MAC2STR(mgmt->sa));
+		/* Authentication code will re-send the authentication frame
+		 * after it has received (and cached) information from the
+		 * external source. */
+		return;
+	}
+
+	sta = ap_sta_add(hapd, mgmt->sa);
+	if (!sta) {
+		resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+		goto fail;
+	}
+
+	if (vlan_id > 0) {
+		if (hostapd_get_vlan_id_ifname(hapd->conf->vlan,
+					       sta->vlan_id) == NULL) {
+			hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
+				       HOSTAPD_LEVEL_INFO, "Invalid VLAN ID "
+				       "%d received from RADIUS server",
+				       vlan_id);
+			resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+			goto fail;
+		}
+		sta->vlan_id = vlan_id;
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
+			       HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id);
+	}
+
+	sta->flags &= ~WLAN_STA_PREAUTH;
+	ieee802_1x_notify_pre_auth(sta->eapol_sm, 0);
+
+	if (hapd->conf->radius->acct_interim_interval == 0 &&
+	    acct_interim_interval)
+		sta->acct_interim_interval = acct_interim_interval;
+	if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT)
+		ap_sta_session_timeout(hapd, sta, session_timeout);
+	else
+		ap_sta_no_session_timeout(hapd, sta);
+
+	switch (auth_alg) {
+	case WLAN_AUTH_OPEN:
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_DEBUG,
+			       "authentication OK (open system)");
+#ifdef IEEE80211_REQUIRE_AUTH_ACK
+		/* Station will be marked authenticated if it ACKs the
+		 * authentication reply. */
+#else
+		sta->flags |= WLAN_STA_AUTH;
+		wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
+		sta->auth_alg = WLAN_AUTH_OPEN;
+		mlme_authenticate_indication(hapd, sta);
+#endif
+		break;
+	case WLAN_AUTH_SHARED_KEY:
+		resp = auth_shared_key(hapd, sta, auth_transaction, challenge,
+				       fc & WLAN_FC_ISWEP);
+		sta->auth_alg = WLAN_AUTH_SHARED_KEY;
+		mlme_authenticate_indication(hapd, sta);
+		if (sta->challenge && auth_transaction == 1) {
+			resp_ies[0] = WLAN_EID_CHALLENGE;
+			resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN;
+			os_memcpy(resp_ies + 2, sta->challenge,
+				  WLAN_AUTH_CHALLENGE_LEN);
+			resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN;
+		}
+		break;
+#ifdef CONFIG_IEEE80211R
+	case WLAN_AUTH_FT:
+		sta->auth_alg = WLAN_AUTH_FT;
+		if (sta->wpa_sm == NULL)
+			sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
+							sta->addr);
+		if (sta->wpa_sm == NULL) {
+			wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA "
+				   "state machine");
+			resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+			goto fail;
+		}
+		wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid,
+				    auth_transaction, mgmt->u.auth.variable,
+				    len - IEEE80211_HDRLEN -
+				    sizeof(mgmt->u.auth),
+				    handle_auth_ft_finish, hapd);
+		/* handle_auth_ft_finish() callback will complete auth. */
+		return;
+#endif /* CONFIG_IEEE80211R */
+	}
+
+ fail:
+	send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg,
+			auth_transaction + 1, resp, resp_ies, resp_ies_len);
+}
+
+
+static void handle_assoc(struct hostapd_data *hapd,
+			 struct ieee80211_mgmt *mgmt, size_t len, int reassoc)
+{
+	u16 capab_info, listen_interval;
+	u16 resp = WLAN_STATUS_SUCCESS;
+	u8 *pos, *wpa_ie;
+	size_t wpa_ie_len;
+	int send_deauth = 0, send_len, left, i;
+	struct sta_info *sta;
+	struct ieee802_11_elems elems;
+	u8 buf[sizeof(struct ieee80211_mgmt) + 512];
+	struct ieee80211_mgmt *reply;
+
+	if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
+				      sizeof(mgmt->u.assoc_req))) {
+		printf("handle_assoc(reassoc=%d) - too short payload (len=%lu)"
+		       "\n", reassoc, (unsigned long) len);
+		return;
+	}
+
+	if (reassoc) {
+		capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info);
+		listen_interval = le_to_host16(
+			mgmt->u.reassoc_req.listen_interval);
+		wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR
+			   " capab_info=0x%02x listen_interval=%d current_ap="
+			   MACSTR,
+			   MAC2STR(mgmt->sa), capab_info, listen_interval,
+			   MAC2STR(mgmt->u.reassoc_req.current_ap));
+		left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req));
+		pos = mgmt->u.reassoc_req.variable;
+	} else {
+		capab_info = le_to_host16(mgmt->u.assoc_req.capab_info);
+		listen_interval = le_to_host16(
+			mgmt->u.assoc_req.listen_interval);
+		wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR
+			   " capab_info=0x%02x listen_interval=%d",
+			   MAC2STR(mgmt->sa), capab_info, listen_interval);
+		left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req));
+		pos = mgmt->u.assoc_req.variable;
+	}
+
+	sta = ap_get_sta(hapd, mgmt->sa);
+#ifdef CONFIG_IEEE80211R
+	if (sta && sta->auth_alg == WLAN_AUTH_FT &&
+	    (sta->flags & WLAN_STA_AUTH) == 0) {
+		wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate "
+			   "prior to authentication since it is using "
+			   "over-the-DS FT", MAC2STR(mgmt->sa));
+	} else
+#endif /* CONFIG_IEEE80211R */
+	if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) {
+		printf("STA " MACSTR " trying to associate before "
+		       "authentication\n", MAC2STR(mgmt->sa));
+		if (sta) {
+			printf("  sta: addr=" MACSTR " aid=%d flags=0x%04x\n",
+			       MAC2STR(sta->addr), sta->aid, sta->flags);
+		}
+		send_deauth = 1;
+		resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+		goto fail;
+	}
+
+	if (hapd->tkip_countermeasures) {
+		resp = WLAN_REASON_MICHAEL_MIC_FAILURE;
+		goto fail;
+	}
+
+	if (reassoc) {
+		os_memcpy(sta->previous_ap, mgmt->u.reassoc_req.current_ap,
+			  ETH_ALEN);
+	}
+
+	sta->capability = capab_info;
+
+	/* followed by SSID and Supported rates */
+	if (ieee802_11_parse_elems(hapd, pos, left, &elems, 1) == ParseFailed
+	    || !elems.ssid) {
+		printf("STA " MACSTR " sent invalid association request\n",
+		       MAC2STR(sta->addr));
+		resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+		goto fail;
+	}
+
+	if (elems.ssid_len != hapd->conf->ssid.ssid_len ||
+	    os_memcmp(elems.ssid, hapd->conf->ssid.ssid, elems.ssid_len) != 0)
+	{
+		char ssid_txt[33];
+		ieee802_11_print_ssid(ssid_txt, elems.ssid, elems.ssid_len);
+		printf("Station " MACSTR " tried to associate with "
+		       "unknown SSID '%s'\n", MAC2STR(sta->addr), ssid_txt);
+		resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+		goto fail;
+	}
+
+	sta->flags &= ~WLAN_STA_WME;
+	if (elems.wme && hapd->conf->wme_enabled) {
+		if (hostapd_eid_wme_valid(hapd, elems.wme, elems.wme_len))
+			hostapd_logger(hapd, sta->addr,
+				       HOSTAPD_MODULE_WPA,
+				       HOSTAPD_LEVEL_DEBUG,
+				       "invalid WME element in association "
+				       "request");
+		else
+			sta->flags |= WLAN_STA_WME;
+	}
+
+	if (!elems.supp_rates) {
+		hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_DEBUG,
+			       "No supported rates element in AssocReq");
+		resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+		goto fail;
+	}
+
+	if (elems.supp_rates_len > sizeof(sta->supported_rates)) {
+		hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_DEBUG,
+			       "Invalid supported rates element length %d",
+			       elems.supp_rates_len);
+		resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+		goto fail;
+	}
+
+	os_memset(sta->supported_rates, 0, sizeof(sta->supported_rates));
+	os_memcpy(sta->supported_rates, elems.supp_rates,
+		  elems.supp_rates_len);
+	sta->supported_rates_len = elems.supp_rates_len;
+
+	if (elems.ext_supp_rates) {
+		if (elems.supp_rates_len + elems.ext_supp_rates_len >
+		    sizeof(sta->supported_rates)) {
+			hostapd_logger(hapd, mgmt->sa,
+				       HOSTAPD_MODULE_IEEE80211,
+				       HOSTAPD_LEVEL_DEBUG,
+				       "Invalid supported rates element length"
+				       " %d+%d", elems.supp_rates_len,
+				       elems.ext_supp_rates_len);
+			resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+			goto fail;
+		}
+
+		os_memcpy(sta->supported_rates + elems.supp_rates_len,
+			  elems.ext_supp_rates, elems.ext_supp_rates_len);
+		sta->supported_rates_len += elems.ext_supp_rates_len;
+	}
+
+	if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) {
+		wpa_ie = elems.rsn_ie;
+		wpa_ie_len = elems.rsn_ie_len;
+	} else if ((hapd->conf->wpa & WPA_PROTO_WPA) &&
+		   elems.wpa_ie) {
+		wpa_ie = elems.wpa_ie;
+		wpa_ie_len = elems.wpa_ie_len;
+	} else {
+		wpa_ie = NULL;
+		wpa_ie_len = 0;
+	}
+	if (hapd->conf->wpa && wpa_ie == NULL) {
+		printf("STA " MACSTR ": No WPA/RSN IE in association "
+		       "request\n", MAC2STR(sta->addr));
+		resp = WLAN_STATUS_INVALID_IE;
+		goto fail;
+	}
+
+	if (hapd->conf->wpa && wpa_ie) {
+		int res;
+		wpa_ie -= 2;
+		wpa_ie_len += 2;
+		if (sta->wpa_sm == NULL)
+			sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
+							sta->addr);
+		if (sta->wpa_sm == NULL) {
+			printf("Failed to initialize WPA state machine\n");
+			resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+			goto fail;
+		}
+		res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
+					  wpa_ie, wpa_ie_len,
+					  elems.mdie, elems.mdie_len);
+		if (res == WPA_INVALID_GROUP)
+			resp = WLAN_STATUS_GROUP_CIPHER_NOT_VALID;
+		else if (res == WPA_INVALID_PAIRWISE)
+			resp = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID;
+		else if (res == WPA_INVALID_AKMP)
+			resp = WLAN_STATUS_AKMP_NOT_VALID;
+		else if (res == WPA_ALLOC_FAIL)
+			resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+#ifdef CONFIG_IEEE80211W
+		else if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION)
+			resp = WLAN_STATUS_UNSPECIFIED_FAILURE; /* FIX */
+		else if (res == WPA_INVALID_MGMT_GROUP_CIPHER)
+			resp = WLAN_STATUS_UNSPECIFIED_FAILURE; /* FIX */
+#endif /* CONFIG_IEEE80211W */
+		else if (res == WPA_INVALID_MDIE)
+			resp = WLAN_STATUS_INVALID_MDIE;
+		else if (res != WPA_IE_OK)
+			resp = WLAN_STATUS_INVALID_IE;
+		if (resp != WLAN_STATUS_SUCCESS)
+			goto fail;
+
+#ifdef CONFIG_IEEE80211R
+		if (sta->auth_alg == WLAN_AUTH_FT) {
+			if (!reassoc) {
+				wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried "
+					   "to use association (not "
+					   "re-association) with FT auth_alg",
+					   MAC2STR(sta->addr));
+				resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+				goto fail;
+			}
+
+			resp = wpa_ft_validate_reassoc(sta->wpa_sm, pos, left);
+			if (resp != WLAN_STATUS_SUCCESS)
+				goto fail;
+		}
+#endif /* CONFIG_IEEE80211R */
+	}
+
+	if (hapd->iface->dfs_enable &&
+	    hapd->iconf->ieee80211h == SPECT_STRICT_BINDING) {
+		if (hostapd_check_power_cap(hapd, elems.power_cap,
+					    elems.power_cap_len)) {
+			resp = WLAN_STATUS_PWR_CAPABILITY_NOT_VALID;
+			hostapd_logger(hapd, sta->addr,
+				       HOSTAPD_MODULE_IEEE80211,
+				       HOSTAPD_LEVEL_DEBUG,
+				       "Power capabilities of the station not "
+				       "acceptable");
+			goto fail;
+		}
+	}
+
+	if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G)
+		sta->flags |= WLAN_STA_NONERP;
+	for (i = 0; i < sta->supported_rates_len; i++) {
+		if ((sta->supported_rates[i] & 0x7f) > 22) {
+			sta->flags &= ~WLAN_STA_NONERP;
+			break;
+		}
+	}
+	if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) {
+		sta->nonerp_set = 1;
+		hapd->iface->num_sta_non_erp++;
+		if (hapd->iface->num_sta_non_erp == 1)
+			ieee802_11_set_beacons(hapd->iface);
+	}
+
+	if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) &&
+	    !sta->no_short_slot_time_set) {
+		sta->no_short_slot_time_set = 1;
+		hapd->iface->num_sta_no_short_slot_time++;
+		if (hapd->iface->current_mode->mode ==
+		    HOSTAPD_MODE_IEEE80211G &&
+		    hapd->iface->num_sta_no_short_slot_time == 1)
+			ieee802_11_set_beacons(hapd->iface);
+	}
+
+	if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE)
+		sta->flags |= WLAN_STA_SHORT_PREAMBLE;
+	else
+		sta->flags &= ~WLAN_STA_SHORT_PREAMBLE;
+
+	if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) &&
+	    !sta->no_short_preamble_set) {
+		sta->no_short_preamble_set = 1;
+		hapd->iface->num_sta_no_short_preamble++;
+		if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
+		    && hapd->iface->num_sta_no_short_preamble == 1)
+			ieee802_11_set_beacons(hapd->iface);
+	}
+
+	/* get a unique AID */
+	if (sta->aid > 0) {
+		wpa_printf(MSG_DEBUG, "  old AID %d", sta->aid);
+	} else {
+		for (sta->aid = 1; sta->aid <= MAX_AID_TABLE_SIZE; sta->aid++)
+			if (hapd->sta_aid[sta->aid - 1] == NULL)
+				break;
+		if (sta->aid > MAX_AID_TABLE_SIZE) {
+			sta->aid = 0;
+			resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
+			wpa_printf(MSG_ERROR, "  no room for more AIDs");
+			goto fail;
+		} else {
+			hapd->sta_aid[sta->aid - 1] = sta;
+			wpa_printf(MSG_DEBUG, "  new AID %d", sta->aid);
+		}
+	}
+
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+		       HOSTAPD_LEVEL_DEBUG,
+		       "association OK (aid %d)", sta->aid);
+	/* Station will be marked associated, after it acknowledges AssocResp
+	 */
+
+	if (sta->last_assoc_req)
+		os_free(sta->last_assoc_req);
+	sta->last_assoc_req = os_malloc(len);
+	if (sta->last_assoc_req)
+		os_memcpy(sta->last_assoc_req, mgmt, len);
+
+	/* Make sure that the previously registered inactivity timer will not
+	 * remove the STA immediately. */
+	sta->timeout_next = STA_NULLFUNC;
+
+ fail:
+	os_memset(buf, 0, sizeof(buf));
+	reply = (struct ieee80211_mgmt *) buf;
+	reply->frame_control =
+		IEEE80211_FC(WLAN_FC_TYPE_MGMT,
+			     (send_deauth ? WLAN_FC_STYPE_DEAUTH :
+			      (reassoc ? WLAN_FC_STYPE_REASSOC_RESP :
+			       WLAN_FC_STYPE_ASSOC_RESP)));
+	os_memcpy(reply->da, mgmt->sa, ETH_ALEN);
+	os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN);
+	os_memcpy(reply->bssid, mgmt->bssid, ETH_ALEN);
+
+	send_len = IEEE80211_HDRLEN;
+	if (send_deauth) {
+		send_len += sizeof(reply->u.deauth);
+		reply->u.deauth.reason_code = host_to_le16(resp);
+	} else {
+		u8 *p;
+		send_len += sizeof(reply->u.assoc_resp);
+		reply->u.assoc_resp.capab_info =
+			host_to_le16(hostapd_own_capab_info(hapd, sta, 0));
+		reply->u.assoc_resp.status_code = host_to_le16(resp);
+		reply->u.assoc_resp.aid = host_to_le16((sta ? sta->aid : 0)
+						       | BIT(14) | BIT(15));
+		/* Supported rates */
+		p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable);
+		/* Extended supported rates */
+		p = hostapd_eid_ext_supp_rates(hapd, p);
+		if (sta->flags & WLAN_STA_WME)
+			p = hostapd_eid_wme(hapd, p);
+
+#ifdef CONFIG_IEEE80211R
+		if (resp == WLAN_STATUS_SUCCESS) {
+			/* IEEE 802.11r: Mobility Domain Information, Fast BSS
+			 * Transition Information, RSN */
+			p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p,
+							buf + sizeof(buf) - p,
+							sta->auth_alg);
+		}
+#endif /* CONFIG_IEEE80211R */
+
+		send_len += p - reply->u.assoc_resp.variable;
+
+		/* Request TX callback */
+		reply->frame_control |= host_to_le16(BIT(1));
+	}
+
+	if (hostapd_send_mgmt_frame(hapd, reply, send_len, 0) < 0)
+		perror("handle_assoc: send");
+}
+
+
+static void handle_assoc_resp(struct hostapd_data *hapd,
+			      struct ieee80211_mgmt *mgmt, size_t len)
+{
+	u16 status_code, aid;
+
+	if (hapd->assoc_ap_state != ASSOCIATE) {
+		printf("Unexpected association response received from " MACSTR
+		       "\n", MAC2STR(mgmt->sa));
+		return;
+	}
+
+	if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_resp)) {
+		printf("handle_assoc_resp - too short payload (len=%lu)\n",
+		       (unsigned long) len);
+		return;
+	}
+
+	if (os_memcmp(mgmt->sa, hapd->conf->assoc_ap_addr, ETH_ALEN) != 0 ||
+	    os_memcmp(mgmt->bssid, hapd->conf->assoc_ap_addr, ETH_ALEN) != 0) {
+		printf("Received association response from unexpected address "
+		       "(SA=" MACSTR " BSSID=" MACSTR "\n",
+		       MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid));
+		return;
+	}
+
+	status_code = le_to_host16(mgmt->u.assoc_resp.status_code);
+	aid = le_to_host16(mgmt->u.assoc_resp.aid);
+	aid &= ~(BIT(14) | BIT(15));
+
+	if (status_code != 0) {
+		printf("Association (as station) with AP " MACSTR " failed "
+		       "(status_code=%d)\n",
+		       MAC2STR(hapd->conf->assoc_ap_addr), status_code);
+		/* Try to authenticate again */
+		hapd->assoc_ap_state = AUTHENTICATE;
+		eloop_register_timeout(5, 0, ieee802_11_sta_authenticate,
+				       hapd, NULL);
+	}
+
+	printf("Associated (as station) with AP " MACSTR " (aid=%d)\n",
+	       MAC2STR(hapd->conf->assoc_ap_addr), aid);
+	hapd->assoc_ap_aid = aid;
+	hapd->assoc_ap_state = ASSOCIATED;
+
+	if (hostapd_set_assoc_ap(hapd, hapd->conf->assoc_ap_addr)) {
+		printf("Could not set associated AP address to kernel "
+		       "driver.\n");
+	}
+}
+
+
+static void handle_disassoc(struct hostapd_data *hapd,
+			    struct ieee80211_mgmt *mgmt, size_t len)
+{
+	struct sta_info *sta;
+
+	if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) {
+		printf("handle_disassoc - too short payload (len=%lu)\n",
+		       (unsigned long) len);
+		return;
+	}
+
+	wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
+		   MAC2STR(mgmt->sa),
+		   le_to_host16(mgmt->u.disassoc.reason_code));
+
+	if (hapd->assoc_ap_state != DO_NOT_ASSOC &&
+	    os_memcmp(mgmt->sa, hapd->conf->assoc_ap_addr, ETH_ALEN) == 0) {
+		printf("Assoc AP " MACSTR " sent disassociation "
+		       "(reason_code=%d) - try to authenticate\n",
+		       MAC2STR(hapd->conf->assoc_ap_addr),
+		       le_to_host16(mgmt->u.disassoc.reason_code));
+		hapd->assoc_ap_state = AUTHENTICATE;
+		ieee802_11_sta_authenticate(hapd, NULL);
+		eloop_register_timeout(0, 500000, ieee802_11_sta_authenticate,
+				       hapd, NULL);
+		return;
+	}
+
+	sta = ap_get_sta(hapd, mgmt->sa);
+	if (sta == NULL) {
+		printf("Station " MACSTR " trying to disassociate, but it "
+		       "is not associated.\n", MAC2STR(mgmt->sa));
+		return;
+	}
+
+	sta->flags &= ~WLAN_STA_ASSOC;
+	wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC);
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+		       HOSTAPD_LEVEL_INFO, "disassociated");
+	sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
+	ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
+	/* Stop Accounting and IEEE 802.1X sessions, but leave the STA
+	 * authenticated. */
+	accounting_sta_stop(hapd, sta);
+	ieee802_1x_free_station(sta);
+	hostapd_sta_remove(hapd, sta->addr);
+
+	if (sta->timeout_next == STA_NULLFUNC ||
+	    sta->timeout_next == STA_DISASSOC) {
+		sta->timeout_next = STA_DEAUTH;
+		eloop_cancel_timeout(ap_handle_timer, hapd, sta);
+		eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
+				       hapd, sta);
+	}
+
+	mlme_disassociate_indication(
+		hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code));
+}
+
+
+static void handle_deauth(struct hostapd_data *hapd,
+			  struct ieee80211_mgmt *mgmt, size_t len)
+{
+	struct sta_info *sta;
+
+	if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) {
+		printf("handle_deauth - too short payload (len=%lu)\n",
+		       (unsigned long) len);
+		return;
+	}
+
+	wpa_printf(MSG_DEBUG, "deauthentication: STA=" MACSTR
+		   " reason_code=%d",
+		   MAC2STR(mgmt->sa),
+		   le_to_host16(mgmt->u.deauth.reason_code));
+
+	if (hapd->assoc_ap_state != DO_NOT_ASSOC &&
+	    os_memcmp(mgmt->sa, hapd->conf->assoc_ap_addr, ETH_ALEN) == 0) {
+		printf("Assoc AP " MACSTR " sent deauthentication "
+		       "(reason_code=%d) - try to authenticate\n",
+		       MAC2STR(hapd->conf->assoc_ap_addr),
+		       le_to_host16(mgmt->u.deauth.reason_code));
+		hapd->assoc_ap_state = AUTHENTICATE;
+		eloop_register_timeout(0, 500000, ieee802_11_sta_authenticate,
+				       hapd, NULL);
+		return;
+	}
+
+	sta = ap_get_sta(hapd, mgmt->sa);
+	if (sta == NULL) {
+		printf("Station " MACSTR " trying to deauthenticate, but it "
+		       "is not authenticated.\n", MAC2STR(mgmt->sa));
+		return;
+	}
+
+	sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
+	wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+		       HOSTAPD_LEVEL_DEBUG, "deauthenticated");
+	mlme_deauthenticate_indication(
+		hapd, sta, le_to_host16(mgmt->u.deauth.reason_code));
+	sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
+	ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
+	ap_free_sta(hapd, sta);
+}
+
+
+static void handle_beacon(struct hostapd_data *hapd,
+			  struct ieee80211_mgmt *mgmt, size_t len,
+			  struct hostapd_frame_info *fi)
+{
+	struct ieee802_11_elems elems;
+
+	if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) {
+		printf("handle_beacon - too short payload (len=%lu)\n",
+		       (unsigned long) len);
+		return;
+	}
+
+	(void) ieee802_11_parse_elems(hapd, mgmt->u.beacon.variable,
+				      len - (IEEE80211_HDRLEN +
+					     sizeof(mgmt->u.beacon)), &elems,
+				      0);
+
+	if (hapd->assoc_ap_state == WAIT_BEACON &&
+	    os_memcmp(mgmt->sa, hapd->conf->assoc_ap_addr, ETH_ALEN) == 0) {
+		if (elems.ssid && elems.ssid_len <= 32) {
+			os_memcpy(hapd->assoc_ap_ssid, elems.ssid,
+				  elems.ssid_len);
+			hapd->assoc_ap_ssid[elems.ssid_len] = '\0';
+			hapd->assoc_ap_ssid_len = elems.ssid_len;
+		}
+		ieee802_11_sta_authenticate(hapd, NULL);
+	}
+
+	ap_list_process_beacon(hapd->iface, mgmt, &elems, fi);
+}
+
+
+static void handle_action(struct hostapd_data *hapd,
+			  struct ieee80211_mgmt *mgmt, size_t len)
+{
+	if (len < IEEE80211_HDRLEN + 1) {
+		hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_DEBUG,
+			       "handle_action - too short payload (len=%lu)",
+			       (unsigned long) len);
+		return;
+	}
+
+	switch (mgmt->u.action.category) {
+#ifdef CONFIG_IEEE80211R
+	case WLAN_ACTION_FT:
+	{
+		struct sta_info *sta;
+
+		sta = ap_get_sta(hapd, mgmt->sa);
+		if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) {
+			wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored FT Action "
+				   "frame from unassociated STA " MACSTR,
+				   MAC2STR(mgmt->sa));
+			return;
+		}
+
+		if (wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action,
+				     len - IEEE80211_HDRLEN))
+			break;
+
+		return;
+	}
+#endif /* CONFIG_IEEE80211R */
+	case WME_ACTION_CATEGORY:
+		hostapd_wme_action(hapd, mgmt, len);
+		return;
+	}
+
+	hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
+		       HOSTAPD_LEVEL_DEBUG,
+		       "handle_action - unknown action category %d or invalid "
+		       "frame",
+		       mgmt->u.action.category);
+	if (!(mgmt->da[0] & 0x01) && !(mgmt->u.action.category & 0x80) &&
+	    !(mgmt->sa[0] & 0x01)) {
+		/*
+		 * IEEE 802.11-REVma/D9.0 - 7.3.1.11
+		 * Return the Action frame to the source without change
+		 * except that MSB of the Category set to 1.
+		 */
+		wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action "
+			   "frame back to sender");
+		os_memcpy(mgmt->da, mgmt->sa, ETH_ALEN);
+		os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
+		os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN);
+		mgmt->u.action.category |= 0x80;
+
+		hostapd_send_mgmt_frame(hapd, mgmt, len, 0);
+	}
+}
+
+
+/**
+ * ieee802_11_mgmt - process incoming IEEE 802.11 management frames
+ * @hapd: hostapd BSS data structure (the BSS to which the management frame was
+ * sent to)
+ * @buf: management frame data (starting from IEEE 802.11 header)
+ * @len: length of frame data in octets
+ * @stype: management frame subtype from frame control field
+ *
+ * Process all incoming IEEE 802.11 management frames. This will be called for
+ * each frame received from the kernel driver through wlan#ap interface. In
+ * addition, it can be called to re-inserted pending frames (e.g., when using
+ * external RADIUS server as an MAC ACL).
+ */
+void ieee802_11_mgmt(struct hostapd_data *hapd, u8 *buf, size_t len, u16 stype,
+		     struct hostapd_frame_info *fi)
+{
+	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) buf;
+	int broadcast;
+
+	if (stype == WLAN_FC_STYPE_BEACON) {
+		handle_beacon(hapd, mgmt, len, fi);
+		return;
+	}
+
+	if (fi && fi->passive_scan)
+		return;
+
+	broadcast = mgmt->bssid[0] == 0xff && mgmt->bssid[1] == 0xff &&
+		mgmt->bssid[2] == 0xff && mgmt->bssid[3] == 0xff &&
+		mgmt->bssid[4] == 0xff && mgmt->bssid[5] == 0xff;
+
+	if (!broadcast &&
+	    os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0 &&
+	    (hapd->assoc_ap_state == DO_NOT_ASSOC ||
+	     os_memcmp(mgmt->bssid, hapd->conf->assoc_ap_addr, ETH_ALEN) != 0))
+	{
+		printf("MGMT: BSSID=" MACSTR " not our address\n",
+		       MAC2STR(mgmt->bssid));
+		return;
+	}
+
+
+	if (stype == WLAN_FC_STYPE_PROBE_REQ) {
+		handle_probe_req(hapd, mgmt, len);
+		return;
+	}
+
+	if (os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) {
+		hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_DEBUG,
+			       "MGMT: DA=" MACSTR " not our address",
+			       MAC2STR(mgmt->da));
+		return;
+	}
+
+	switch (stype) {
+	case WLAN_FC_STYPE_AUTH:
+		wpa_printf(MSG_DEBUG, "mgmt::auth");
+		handle_auth(hapd, mgmt, len);
+		break;
+	case WLAN_FC_STYPE_ASSOC_REQ:
+		wpa_printf(MSG_DEBUG, "mgmt::assoc_req");
+		handle_assoc(hapd, mgmt, len, 0);
+		break;
+	case WLAN_FC_STYPE_ASSOC_RESP:
+		wpa_printf(MSG_DEBUG, "mgmt::assoc_resp");
+		handle_assoc_resp(hapd, mgmt, len);
+		break;
+	case WLAN_FC_STYPE_REASSOC_REQ:
+		wpa_printf(MSG_DEBUG, "mgmt::reassoc_req");
+		handle_assoc(hapd, mgmt, len, 1);
+		break;
+	case WLAN_FC_STYPE_DISASSOC:
+		wpa_printf(MSG_DEBUG, "mgmt::disassoc");
+		handle_disassoc(hapd, mgmt, len);
+		break;
+	case WLAN_FC_STYPE_DEAUTH:
+		wpa_printf(MSG_DEBUG, "mgmt::deauth");
+		handle_deauth(hapd, mgmt, len);
+		break;
+	case WLAN_FC_STYPE_ACTION:
+		wpa_printf(MSG_DEBUG, "mgmt::action");
+		handle_action(hapd, mgmt, len);
+		break;
+	default:
+		hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_DEBUG,
+			       "unknown mgmt frame subtype %d", stype);
+		break;
+	}
+}
+
+
+static void handle_auth_cb(struct hostapd_data *hapd,
+			   struct ieee80211_mgmt *mgmt,
+			   size_t len, int ok)
+{
+	u16 auth_alg, auth_transaction, status_code;
+	struct sta_info *sta;
+
+	if (!ok) {
+		hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_NOTICE,
+			       "did not acknowledge authentication response");
+		return;
+	}
+
+	if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
+		printf("handle_auth_cb - too short payload (len=%lu)\n",
+		       (unsigned long) len);
+		return;
+	}
+
+	auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
+	auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
+	status_code = le_to_host16(mgmt->u.auth.status_code);
+
+	sta = ap_get_sta(hapd, mgmt->da);
+	if (!sta) {
+		printf("handle_auth_cb: STA " MACSTR " not found\n",
+		       MAC2STR(mgmt->da));
+		return;
+	}
+
+	if (status_code == WLAN_STATUS_SUCCESS &&
+	    ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) ||
+	     (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) {
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_INFO, "authenticated");
+		sta->flags |= WLAN_STA_AUTH;
+	}
+}
+
+
+static void handle_assoc_cb(struct hostapd_data *hapd,
+			    struct ieee80211_mgmt *mgmt,
+			    size_t len, int reassoc, int ok)
+{
+	u16 status;
+	struct sta_info *sta;
+	int new_assoc = 1;
+
+	if (!ok) {
+		hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_DEBUG,
+			       "did not acknowledge association response");
+		return;
+	}
+
+	if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) :
+				      sizeof(mgmt->u.assoc_resp))) {
+		printf("handle_assoc_cb(reassoc=%d) - too short payload "
+		       "(len=%lu)\n", reassoc, (unsigned long) len);
+		return;
+	}
+
+	if (reassoc)
+		status = le_to_host16(mgmt->u.reassoc_resp.status_code);
+	else
+		status = le_to_host16(mgmt->u.assoc_resp.status_code);
+
+	sta = ap_get_sta(hapd, mgmt->da);
+	if (!sta) {
+		printf("handle_assoc_cb: STA " MACSTR " not found\n",
+		       MAC2STR(mgmt->da));
+		return;
+	}
+
+	if (status != WLAN_STATUS_SUCCESS)
+		goto fail;
+
+	/* Stop previous accounting session, if one is started, and allocate
+	 * new session id for the new session. */
+	accounting_sta_stop(hapd, sta);
+	accounting_sta_get_id(hapd, sta);
+
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+		       HOSTAPD_LEVEL_INFO,
+		       "associated (aid %d, accounting session %08X-%08X)",
+		       sta->aid, sta->acct_session_id_hi,
+		       sta->acct_session_id_lo);
+
+	if (sta->flags & WLAN_STA_ASSOC)
+		new_assoc = 0;
+	sta->flags |= WLAN_STA_ASSOC;
+
+	if (reassoc)
+		mlme_reassociate_indication(hapd, sta);
+	else
+		mlme_associate_indication(hapd, sta);
+
+	if (hostapd_sta_add(hapd->conf->iface, hapd, sta->addr, sta->aid,
+			    sta->capability, sta->supported_rates,
+			    sta->supported_rates_len, 0)) {
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_NOTICE,
+			       "Could not add STA to kernel driver");
+	}
+
+	if (sta->eapol_sm == NULL) {
+		/*
+		 * This STA does not use RADIUS server for EAP authentication,
+		 * so bind it to the selected VLAN interface now, since the
+		 * interface selection is not going to change anymore.
+		 */
+		ap_sta_bind_vlan(hapd, sta, 0);
+	} else if (sta->vlan_id) {
+		/* VLAN ID already set (e.g., by PMKSA caching), so bind STA */
+		ap_sta_bind_vlan(hapd, sta, 0);
+	}
+	if (sta->flags & WLAN_STA_SHORT_PREAMBLE) {
+		hostapd_sta_set_flags(hapd, sta->addr, sta->flags,
+				      WLAN_STA_SHORT_PREAMBLE, ~0);
+	} else {
+		hostapd_sta_set_flags(hapd, sta->addr, sta->flags,
+				      0, ~WLAN_STA_SHORT_PREAMBLE);
+	}
+
+	if (sta->auth_alg == WLAN_AUTH_FT)
+		wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT);
+	else
+		wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC);
+	hostapd_new_assoc_sta(hapd, sta, !new_assoc);
+
+	ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
+
+ fail:
+	/* Copy of the association request is not needed anymore */
+	if (sta->last_assoc_req) {
+		os_free(sta->last_assoc_req);
+		sta->last_assoc_req = NULL;
+	}
+}
+
+
+void ieee802_11_mgmt_cb(struct hostapd_data *hapd, u8 *buf, size_t len,
+			u16 stype, int ok)
+{
+	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) buf;
+
+	switch (stype) {
+	case WLAN_FC_STYPE_AUTH:
+		wpa_printf(MSG_DEBUG, "mgmt::auth cb");
+		handle_auth_cb(hapd, mgmt, len, ok);
+		break;
+	case WLAN_FC_STYPE_ASSOC_RESP:
+		wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb");
+		handle_assoc_cb(hapd, mgmt, len, 0, ok);
+		break;
+	case WLAN_FC_STYPE_REASSOC_RESP:
+		wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb");
+		handle_assoc_cb(hapd, mgmt, len, 1, ok);
+		break;
+	case WLAN_FC_STYPE_PROBE_RESP:
+		wpa_printf(MSG_DEBUG, "mgmt::proberesp cb");
+		break;
+	case WLAN_FC_STYPE_DEAUTH:
+		/* ignore */
+		break;
+	default:
+		printf("unknown mgmt cb frame subtype %d\n", stype);
+		break;
+	}
+}
+
+
+static void ieee80211_tkip_countermeasures_stop(void *eloop_ctx,
+						void *timeout_ctx)
+{
+	struct hostapd_data *hapd = eloop_ctx;
+	hapd->tkip_countermeasures = 0;
+	hostapd_set_countermeasures(hapd, 0);
+	hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
+		       HOSTAPD_LEVEL_INFO, "TKIP countermeasures ended");
+}
+
+
+static void ieee80211_tkip_countermeasures_start(struct hostapd_data *hapd)
+{
+	struct sta_info *sta;
+
+	hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
+		       HOSTAPD_LEVEL_INFO, "TKIP countermeasures initiated");
+
+	wpa_auth_countermeasures_start(hapd->wpa_auth);
+	hapd->tkip_countermeasures = 1;
+	hostapd_set_countermeasures(hapd, 1);
+	wpa_gtk_rekey(hapd->wpa_auth);
+	eloop_cancel_timeout(ieee80211_tkip_countermeasures_stop, hapd, NULL);
+	eloop_register_timeout(60, 0, ieee80211_tkip_countermeasures_stop,
+			       hapd, NULL);
+	for (sta = hapd->sta_list; sta != NULL; sta = sta->next) {
+		hostapd_sta_deauth(hapd, sta->addr,
+				   WLAN_REASON_MICHAEL_MIC_FAILURE);
+		sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
+				WLAN_STA_AUTHORIZED);
+		hostapd_sta_remove(hapd, sta->addr);
+	}
+}
+
+
+void ieee80211_michael_mic_failure(struct hostapd_data *hapd, const u8 *addr,
+				   int local)
+{
+	time_t now;
+
+	if (addr && local) {
+		struct sta_info *sta = ap_get_sta(hapd, addr);
+		if (sta != NULL) {
+			wpa_auth_sta_local_mic_failure_report(sta->wpa_sm);
+			hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
+				       HOSTAPD_LEVEL_INFO,
+				       "Michael MIC failure detected in "
+				       "received frame");
+			mlme_michaelmicfailure_indication(hapd, addr);
+		} else {
+			wpa_printf(MSG_DEBUG,
+				   "MLME-MICHAELMICFAILURE.indication "
+				   "for not associated STA (" MACSTR
+				   ") ignored", MAC2STR(addr));
+			return;
+		}
+	}
+
+	time(&now);
+	if (now > hapd->michael_mic_failure + 60) {
+		hapd->michael_mic_failures = 1;
+	} else {
+		hapd->michael_mic_failures++;
+		if (hapd->michael_mic_failures > 1)
+			ieee80211_tkip_countermeasures_start(hapd);
+	}
+	hapd->michael_mic_failure = now;
+}
+
+
+int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
+{
+	/* TODO */
+	return 0;
+}
+
+
+int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
+			   char *buf, size_t buflen)
+{
+	/* TODO */
+	return 0;
+}
+
+#endif /* CONFIG_NATIVE_WINDOWS */

hostapd/ieee802_11.h

@@ -0,0 +1,95 @@
+/*
+ * hostapd / IEEE 802.11 Management
+ * Copyright (c) 2002-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef IEEE802_11_H
+#define IEEE802_11_H
+
+#include "ieee802_11_defs.h"
+
+/* Parsed Information Elements */
+struct ieee802_11_elems {
+	u8 *ssid;
+	u8 ssid_len;
+	u8 *supp_rates;
+	u8 supp_rates_len;
+	u8 *fh_params;
+	u8 fh_params_len;
+	u8 *ds_params;
+	u8 ds_params_len;
+	u8 *cf_params;
+	u8 cf_params_len;
+	u8 *tim;
+	u8 tim_len;
+	u8 *ibss_params;
+	u8 ibss_params_len;
+	u8 *challenge;
+	u8 challenge_len;
+	u8 *erp_info;
+	u8 erp_info_len;
+	u8 *ext_supp_rates;
+	u8 ext_supp_rates_len;
+	u8 *wpa_ie;
+	u8 wpa_ie_len;
+	u8 *rsn_ie;
+	u8 rsn_ie_len;
+	u8 *wme;
+	u8 wme_len;
+	u8 *wme_tspec;
+	u8 wme_tspec_len;
+	u8 *power_cap;
+	u8 power_cap_len;
+	u8 *supp_channels;
+	u8 supp_channels_len;
+	u8 *mdie;
+	u8 mdie_len;
+	u8 *ftie;
+	u8 ftie_len;
+};
+
+typedef enum { ParseOK = 0, ParseUnknown = 1, ParseFailed = -1 } ParseRes;
+
+
+struct hostapd_frame_info {
+	u32 phytype;
+	u32 channel;
+	u32 datarate;
+	u32 ssi_signal;
+
+	unsigned int passive_scan:1;
+};
+
+struct hostapd_data;
+struct sta_info;
+
+void ieee802_11_send_deauth(struct hostapd_data *hapd, u8 *addr, u16 reason);
+void ieee802_11_mgmt(struct hostapd_data *hapd, u8 *buf, size_t len,
+		     u16 stype, struct hostapd_frame_info *fi);
+void ieee802_11_mgmt_cb(struct hostapd_data *hapd, u8 *buf, size_t len,
+			u16 stype, int ok);
+ParseRes ieee802_11_parse_elems(struct hostapd_data *hapd, u8 *start,
+				size_t len,
+				struct ieee802_11_elems *elems,
+				int show_errors);
+void ieee802_11_print_ssid(char *buf, const u8 *ssid, u8 len);
+void ieee80211_michael_mic_failure(struct hostapd_data *hapd, const u8 *addr,
+				   int local);
+int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen);
+int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
+			   char *buf, size_t buflen);
+u16 hostapd_own_capab_info(struct hostapd_data *hapd, struct sta_info *sta,
+			   int probe);
+u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid);
+u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid);
+
+#endif /* IEEE802_11_H */

hostapd/ieee802_11_auth.c

@@ -0,0 +1,471 @@
+/*
+ * hostapd / IEEE 802.11 authentication (ACL)
+ * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#ifndef CONFIG_NATIVE_WINDOWS
+
+#include "hostapd.h"
+#include "ieee802_11.h"
+#include "ieee802_11_auth.h"
+#include "radius/radius.h"
+#include "radius/radius_client.h"
+#include "eloop.h"
+
+#define RADIUS_ACL_TIMEOUT 30
+
+
+struct hostapd_cached_radius_acl {
+	time_t timestamp;
+	macaddr addr;
+	int accepted; /* HOSTAPD_ACL_* */
+	struct hostapd_cached_radius_acl *next;
+	u32 session_timeout;
+	u32 acct_interim_interval;
+	int vlan_id;
+};
+
+
+struct hostapd_acl_query_data {
+	time_t timestamp;
+	u8 radius_id;
+	macaddr addr;
+	u8 *auth_msg; /* IEEE 802.11 authentication frame from station */
+	size_t auth_msg_len;
+	struct hostapd_acl_query_data *next;
+};
+
+
+static void hostapd_acl_cache_free(struct hostapd_cached_radius_acl *acl_cache)
+{
+	struct hostapd_cached_radius_acl *prev;
+
+	while (acl_cache) {
+		prev = acl_cache;
+		acl_cache = acl_cache->next;
+		os_free(prev);
+	}
+}
+
+
+static int hostapd_acl_cache_get(struct hostapd_data *hapd, const u8 *addr,
+				 u32 *session_timeout,
+				 u32 *acct_interim_interval, int *vlan_id)
+{
+	struct hostapd_cached_radius_acl *entry;
+	time_t now;
+
+	time(&now);
+	entry = hapd->acl_cache;
+
+	while (entry) {
+		if (os_memcmp(entry->addr, addr, ETH_ALEN) == 0) {
+			if (now - entry->timestamp > RADIUS_ACL_TIMEOUT)
+				return -1; /* entry has expired */
+			if (entry->accepted == HOSTAPD_ACL_ACCEPT_TIMEOUT)
+				*session_timeout = entry->session_timeout;
+			*acct_interim_interval = entry->acct_interim_interval;
+			if (vlan_id)
+				*vlan_id = entry->vlan_id;
+			return entry->accepted;
+		}
+
+		entry = entry->next;
+	}
+
+	return -1;
+}
+
+
+static void hostapd_acl_query_free(struct hostapd_acl_query_data *query)
+{
+	if (query == NULL)
+		return;
+	os_free(query->auth_msg);
+	os_free(query);
+}
+
+
+static int hostapd_radius_acl_query(struct hostapd_data *hapd, const u8 *addr,
+				    struct hostapd_acl_query_data *query)
+{
+	struct radius_msg *msg;
+	char buf[128];
+
+	query->radius_id = radius_client_get_id(hapd->radius);
+	msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST, query->radius_id);
+	if (msg == NULL)
+		return -1;
+
+	radius_msg_make_authenticator(msg, addr, ETH_ALEN);
+
+	os_snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT, MAC2STR(addr));
+	if (!radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME, (u8 *) buf,
+				 os_strlen(buf))) {
+		wpa_printf(MSG_DEBUG, "Could not add User-Name");
+		goto fail;
+	}
+
+	if (!radius_msg_add_attr_user_password(
+		    msg, (u8 *) buf, os_strlen(buf),
+		    hapd->conf->radius->auth_server->shared_secret,
+		    hapd->conf->radius->auth_server->shared_secret_len)) {
+		wpa_printf(MSG_DEBUG, "Could not add User-Password");
+		goto fail;
+	}
+
+	if (hapd->conf->own_ip_addr.af == AF_INET &&
+	    !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
+				 (u8 *) &hapd->conf->own_ip_addr.u.v4, 4)) {
+		wpa_printf(MSG_DEBUG, "Could not add NAS-IP-Address");
+		goto fail;
+	}
+
+#ifdef CONFIG_IPV6
+	if (hapd->conf->own_ip_addr.af == AF_INET6 &&
+	    !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IPV6_ADDRESS,
+				 (u8 *) &hapd->conf->own_ip_addr.u.v6, 16)) {
+		wpa_printf(MSG_DEBUG, "Could not add NAS-IPv6-Address");
+		goto fail;
+	}
+#endif /* CONFIG_IPV6 */
+
+	if (hapd->conf->nas_identifier &&
+	    !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IDENTIFIER,
+				 (u8 *) hapd->conf->nas_identifier,
+				 os_strlen(hapd->conf->nas_identifier))) {
+		wpa_printf(MSG_DEBUG, "Could not add NAS-Identifier");
+		goto fail;
+	}
+
+	os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT ":%s",
+		    MAC2STR(hapd->own_addr), hapd->conf->ssid.ssid);
+	if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLED_STATION_ID,
+				 (u8 *) buf, os_strlen(buf))) {
+		wpa_printf(MSG_DEBUG, "Could not add Called-Station-Id");
+		goto fail;
+	}
+
+	os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
+		    MAC2STR(addr));
+	if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID,
+				 (u8 *) buf, os_strlen(buf))) {
+		wpa_printf(MSG_DEBUG, "Could not add Calling-Station-Id");
+		goto fail;
+	}
+
+	if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT_TYPE,
+				       RADIUS_NAS_PORT_TYPE_IEEE_802_11)) {
+		wpa_printf(MSG_DEBUG, "Could not add NAS-Port-Type");
+		goto fail;
+	}
+
+	os_snprintf(buf, sizeof(buf), "CONNECT 11Mbps 802.11b");
+	if (!radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO,
+				 (u8 *) buf, os_strlen(buf))) {
+		wpa_printf(MSG_DEBUG, "Could not add Connect-Info");
+		goto fail;
+	}
+
+	radius_client_send(hapd->radius, msg, RADIUS_AUTH, addr);
+	return 0;
+
+ fail:
+	radius_msg_free(msg);
+	os_free(msg);
+	return -1;
+}
+
+
+int hostapd_allowed_address(struct hostapd_data *hapd, const u8 *addr,
+			    const u8 *msg, size_t len, u32 *session_timeout,
+			    u32 *acct_interim_interval, int *vlan_id)
+{
+	*session_timeout = 0;
+	*acct_interim_interval = 0;
+	if (vlan_id)
+		*vlan_id = 0;
+
+	if (hostapd_maclist_found(hapd->conf->accept_mac,
+				  hapd->conf->num_accept_mac, addr))
+		return HOSTAPD_ACL_ACCEPT;
+
+	if (hostapd_maclist_found(hapd->conf->deny_mac,
+				  hapd->conf->num_deny_mac, addr))
+		return HOSTAPD_ACL_REJECT;
+
+	if (hapd->conf->macaddr_acl == ACCEPT_UNLESS_DENIED)
+		return HOSTAPD_ACL_ACCEPT;
+	if (hapd->conf->macaddr_acl == DENY_UNLESS_ACCEPTED)
+		return HOSTAPD_ACL_REJECT;
+
+	if (hapd->conf->macaddr_acl == USE_EXTERNAL_RADIUS_AUTH) {
+		struct hostapd_acl_query_data *query;
+
+		/* Check whether ACL cache has an entry for this station */
+		int res = hostapd_acl_cache_get(hapd, addr, session_timeout,
+						acct_interim_interval,
+						vlan_id);
+		if (res == HOSTAPD_ACL_ACCEPT ||
+		    res == HOSTAPD_ACL_ACCEPT_TIMEOUT)
+			return res;
+		if (res == HOSTAPD_ACL_REJECT)
+			return HOSTAPD_ACL_REJECT;
+
+		query = hapd->acl_queries;
+		while (query) {
+			if (os_memcmp(query->addr, addr, ETH_ALEN) == 0) {
+				/* pending query in RADIUS retransmit queue;
+				 * do not generate a new one */
+				return HOSTAPD_ACL_PENDING;
+			}
+			query = query->next;
+		}
+
+		if (!hapd->conf->radius->auth_server)
+			return HOSTAPD_ACL_REJECT;
+
+		/* No entry in the cache - query external RADIUS server */
+		query = os_zalloc(sizeof(*query));
+		if (query == NULL) {
+			wpa_printf(MSG_ERROR, "malloc for query data failed");
+			return HOSTAPD_ACL_REJECT;
+		}
+		time(&query->timestamp);
+		os_memcpy(query->addr, addr, ETH_ALEN);
+		if (hostapd_radius_acl_query(hapd, addr, query)) {
+			wpa_printf(MSG_DEBUG, "Failed to send Access-Request "
+				   "for ACL query.");
+			hostapd_acl_query_free(query);
+			return HOSTAPD_ACL_REJECT;
+		}
+
+		query->auth_msg = os_malloc(len);
+		if (query->auth_msg == NULL) {
+			wpa_printf(MSG_ERROR, "Failed to allocate memory for "
+				   "auth frame.");
+			hostapd_acl_query_free(query);
+			return HOSTAPD_ACL_REJECT;
+		}
+		os_memcpy(query->auth_msg, msg, len);
+		query->auth_msg_len = len;
+		query->next = hapd->acl_queries;
+		hapd->acl_queries = query;
+
+		/* Queued data will be processed in hostapd_acl_recv_radius()
+		 * when RADIUS server replies to the sent Access-Request. */
+		return HOSTAPD_ACL_PENDING;
+	}
+
+	return HOSTAPD_ACL_REJECT;
+}
+
+
+static void hostapd_acl_expire_cache(struct hostapd_data *hapd, time_t now)
+{
+	struct hostapd_cached_radius_acl *prev, *entry, *tmp;
+
+	prev = NULL;
+	entry = hapd->acl_cache;
+
+	while (entry) {
+		if (now - entry->timestamp > RADIUS_ACL_TIMEOUT) {
+			wpa_printf(MSG_DEBUG, "Cached ACL entry for " MACSTR
+				   " has expired.", MAC2STR(entry->addr));
+			if (prev)
+				prev->next = entry->next;
+			else
+				hapd->acl_cache = entry->next;
+
+			tmp = entry;
+			entry = entry->next;
+			os_free(tmp);
+			continue;
+		}
+
+		prev = entry;
+		entry = entry->next;
+	}
+}
+
+
+static void hostapd_acl_expire_queries(struct hostapd_data *hapd, time_t now)
+{
+	struct hostapd_acl_query_data *prev, *entry, *tmp;
+
+	prev = NULL;
+	entry = hapd->acl_queries;
+
+	while (entry) {
+		if (now - entry->timestamp > RADIUS_ACL_TIMEOUT) {
+			wpa_printf(MSG_DEBUG, "ACL query for " MACSTR
+				   " has expired.", MAC2STR(entry->addr));
+			if (prev)
+				prev->next = entry->next;
+			else
+				hapd->acl_queries = entry->next;
+
+			tmp = entry;
+			entry = entry->next;
+			hostapd_acl_query_free(tmp);
+			continue;
+		}
+
+		prev = entry;
+		entry = entry->next;
+	}
+}
+
+
+static void hostapd_acl_expire(void *eloop_ctx, void *timeout_ctx)
+{
+	struct hostapd_data *hapd = eloop_ctx;
+	time_t now;
+
+	time(&now);
+	hostapd_acl_expire_cache(hapd, now);
+	hostapd_acl_expire_queries(hapd, now);
+
+	eloop_register_timeout(10, 0, hostapd_acl_expire, hapd, NULL);
+}
+
+
+/* Return 0 if RADIUS message was a reply to ACL query (and was processed here)
+ * or -1 if not. */
+static RadiusRxResult
+hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
+			u8 *shared_secret, size_t shared_secret_len,
+			void *data)
+{
+	struct hostapd_data *hapd = data;
+	struct hostapd_acl_query_data *query, *prev;
+	struct hostapd_cached_radius_acl *cache;
+
+	query = hapd->acl_queries;
+	prev = NULL;
+	while (query) {
+		if (query->radius_id == msg->hdr->identifier)
+			break;
+		prev = query;
+		query = query->next;
+	}
+	if (query == NULL)
+		return RADIUS_RX_UNKNOWN;
+
+	wpa_printf(MSG_DEBUG, "Found matching Access-Request for RADIUS "
+		   "message (id=%d)", query->radius_id);
+
+	if (radius_msg_verify(msg, shared_secret, shared_secret_len, req, 0)) {
+		wpa_printf(MSG_INFO, "Incoming RADIUS packet did not have "
+			   "correct authenticator - dropped\n");
+		return RADIUS_RX_INVALID_AUTHENTICATOR;
+	}
+
+	if (msg->hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
+	    msg->hdr->code != RADIUS_CODE_ACCESS_REJECT) {
+		wpa_printf(MSG_DEBUG, "Unknown RADIUS message code %d to ACL "
+			   "query", msg->hdr->code);
+		return RADIUS_RX_UNKNOWN;
+	}
+
+	/* Insert Accept/Reject info into ACL cache */
+	cache = os_zalloc(sizeof(*cache));
+	if (cache == NULL) {
+		wpa_printf(MSG_DEBUG, "Failed to add ACL cache entry");
+		goto done;
+	}
+	time(&cache->timestamp);
+	os_memcpy(cache->addr, query->addr, sizeof(cache->addr));
+	if (msg->hdr->code == RADIUS_CODE_ACCESS_ACCEPT) {
+		if (radius_msg_get_attr_int32(msg, RADIUS_ATTR_SESSION_TIMEOUT,
+					      &cache->session_timeout) == 0)
+			cache->accepted = HOSTAPD_ACL_ACCEPT_TIMEOUT;
+		else
+			cache->accepted = HOSTAPD_ACL_ACCEPT;
+
+		if (radius_msg_get_attr_int32(
+			    msg, RADIUS_ATTR_ACCT_INTERIM_INTERVAL,
+			    &cache->acct_interim_interval) == 0 &&
+		    cache->acct_interim_interval < 60) {
+			wpa_printf(MSG_DEBUG, "Ignored too small "
+				   "Acct-Interim-Interval %d for STA " MACSTR,
+				   cache->acct_interim_interval,
+				   MAC2STR(query->addr));
+			cache->acct_interim_interval = 0;
+		}
+
+		cache->vlan_id = radius_msg_get_vlanid(msg);
+	} else
+		cache->accepted = HOSTAPD_ACL_REJECT;
+	cache->next = hapd->acl_cache;
+	hapd->acl_cache = cache;
+
+	/* Re-send original authentication frame for 802.11 processing */
+	wpa_printf(MSG_DEBUG, "Re-sending authentication frame after "
+		   "successful RADIUS ACL query");
+	ieee802_11_mgmt(hapd, query->auth_msg, query->auth_msg_len,
+			WLAN_FC_STYPE_AUTH, NULL);
+
+ done:
+	if (prev == NULL)
+		hapd->acl_queries = query->next;
+	else
+		prev->next = query->next;
+
+	hostapd_acl_query_free(query);
+
+	return RADIUS_RX_PROCESSED;
+}
+
+
+int hostapd_acl_init(struct hostapd_data *hapd)
+{
+	if (radius_client_register(hapd->radius, RADIUS_AUTH,
+				   hostapd_acl_recv_radius, hapd))
+		return -1;
+
+	eloop_register_timeout(10, 0, hostapd_acl_expire, hapd, NULL);
+
+	return 0;
+}
+
+
+void hostapd_acl_deinit(struct hostapd_data *hapd)
+{
+	struct hostapd_acl_query_data *query, *prev;
+
+	eloop_cancel_timeout(hostapd_acl_expire, hapd, NULL);
+
+	hostapd_acl_cache_free(hapd->acl_cache);
+
+	query = hapd->acl_queries;
+	while (query) {
+		prev = query;
+		query = query->next;
+		hostapd_acl_query_free(prev);
+	}
+}
+
+
+int hostapd_acl_reconfig(struct hostapd_data *hapd,
+			 struct hostapd_config *oldconf)
+{
+	if (!hapd->radius_client_reconfigured)
+		return 0;
+
+	hostapd_acl_deinit(hapd);
+	return hostapd_acl_init(hapd);
+}
+
+#endif /* CONFIG_NATIVE_WINDOWS */

hostapd/ieee802_11_auth.h

@@ -0,0 +1,33 @@
+/*
+ * hostapd / IEEE 802.11 authentication (ACL)
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef IEEE802_11_AUTH_H
+#define IEEE802_11_AUTH_H
+
+enum {
+	HOSTAPD_ACL_REJECT = 0,
+	HOSTAPD_ACL_ACCEPT = 1,
+	HOSTAPD_ACL_PENDING = 2,
+	HOSTAPD_ACL_ACCEPT_TIMEOUT = 3
+};
+
+int hostapd_allowed_address(struct hostapd_data *hapd, const u8 *addr,
+			    const u8 *msg, size_t len, u32 *session_timeout,
+			    u32 *acct_interim_interval, int *vlan_id);
+int hostapd_acl_init(struct hostapd_data *hapd);
+void hostapd_acl_deinit(struct hostapd_data *hapd);
+int hostapd_acl_reconfig(struct hostapd_data *hapd,
+			 struct hostapd_config *oldconf);
+
+#endif /* IEEE802_11_AUTH_H */

hostapd/ieee802_11h.c

@@ -0,0 +1,33 @@
+/*
+ * hostapd / IEEE 802.11h
+ * Copyright (c) 2005-2006, Devicescape Software, Inc.
+ * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "hostapd.h"
+
+
+int hostapd_check_power_cap(struct hostapd_data *hapd, u8 *power, u8 len)
+{
+	unsigned int max_pwr;
+
+	if (len < 2) {
+		wpa_printf(MSG_DEBUG, "Too short power capability IE");
+		return -1;
+	}
+	max_pwr = power[1];
+	if (max_pwr > hapd->iface->sta_max_power)
+		return -1;
+	return 0;
+}

hostapd/ieee802_11h.h

@@ -0,0 +1,27 @@
+/*
+ * hostapd / IEEE 802.11h
+ * Copyright (c) 2005-2006, Devicescape Software, Inc.
+ * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef IEEE802_11H_H
+#define IEEE802_11H_H
+
+#define SPECT_LOOSE_BINDING	1
+#define SPECT_STRICT_BINDING	2
+
+#define CHAN_SWITCH_MODE_NOISY	0
+#define CHAN_SWITCH_MODE_QUIET	1
+
+int hostapd_check_power_cap(struct hostapd_data *hapd, u8 *power, u8 len);
+
+#endif /* IEEE802_11H_H */

hostapd/ieee802_1x.c

@@ -0,0 +1,1971 @@
+/*
+ * hostapd / IEEE 802.1X-2004 Authenticator
+ * Copyright (c) 2002-2008, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "hostapd.h"
+#include "ieee802_1x.h"
+#include "accounting.h"
+#include "radius/radius.h"
+#include "radius/radius_client.h"
+#include "eapol_sm.h"
+#include "md5.h"
+#include "rc4.h"
+#include "eloop.h"
+#include "sta_info.h"
+#include "wpa.h"
+#include "preauth.h"
+#include "pmksa_cache.h"
+#include "driver.h"
+#include "hw_features.h"
+#include "eap_server/eap.h"
+
+
+static void ieee802_1x_finished(struct hostapd_data *hapd,
+				struct sta_info *sta, int success);
+
+
+static void ieee802_1x_send(struct hostapd_data *hapd, struct sta_info *sta,
+			    u8 type, const u8 *data, size_t datalen)
+{
+	u8 *buf;
+	struct ieee802_1x_hdr *xhdr;
+	size_t len;
+	int encrypt = 0;
+
+	len = sizeof(*xhdr) + datalen;
+	buf = os_zalloc(len);
+	if (buf == NULL) {
+		wpa_printf(MSG_ERROR, "malloc() failed for "
+			   "ieee802_1x_send(len=%lu)",
+			   (unsigned long) len);
+		return;
+	}
+
+	xhdr = (struct ieee802_1x_hdr *) buf;
+	xhdr->version = hapd->conf->eapol_version;
+	xhdr->type = type;
+	xhdr->length = host_to_be16(datalen);
+
+	if (datalen > 0 && data != NULL)
+		os_memcpy(xhdr + 1, data, datalen);
+
+	if (wpa_auth_pairwise_set(sta->wpa_sm))
+		encrypt = 1;
+	if (sta->flags & WLAN_STA_PREAUTH) {
+		rsn_preauth_send(hapd, sta, buf, len);
+	} else {
+		hostapd_send_eapol(hapd, sta->addr, buf, len, encrypt);
+	}
+
+	os_free(buf);
+}
+
+
+void ieee802_1x_set_sta_authorized(struct hostapd_data *hapd,
+				   struct sta_info *sta, int authorized)
+{
+	int res;
+
+	if (sta->flags & WLAN_STA_PREAUTH)
+		return;
+
+	if (authorized) {
+		sta->flags |= WLAN_STA_AUTHORIZED;
+		res = hostapd_sta_set_flags(hapd, sta->addr, sta->flags,
+					    WLAN_STA_AUTHORIZED, ~0);
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+			       HOSTAPD_LEVEL_DEBUG, "authorizing port");
+	} else {
+		sta->flags &= ~WLAN_STA_AUTHORIZED;
+		res = hostapd_sta_set_flags(hapd, sta->addr, sta->flags,
+					    0, ~WLAN_STA_AUTHORIZED);
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+			       HOSTAPD_LEVEL_DEBUG, "unauthorizing port");
+	}
+
+	if (res && errno != ENOENT) {
+		printf("Could not set station " MACSTR " flags for kernel "
+		       "driver (errno=%d).\n", MAC2STR(sta->addr), errno);
+	}
+
+	if (authorized)
+		accounting_sta_start(hapd, sta);
+}
+
+
+static void ieee802_1x_eap_timeout(void *eloop_ctx, void *timeout_ctx)
+{
+	struct sta_info *sta = eloop_ctx;
+	struct eapol_state_machine *sm = sta->eapol_sm;
+	if (sm == NULL)
+		return;
+	hostapd_logger(sm->hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+		       HOSTAPD_LEVEL_DEBUG, "EAP timeout");
+	sm->eap_if->eapTimeout = TRUE;
+	eapol_auth_step(sm);
+}
+
+
+static void ieee802_1x_tx_key_one(struct hostapd_data *hapd,
+				  struct sta_info *sta,
+				  int idx, int broadcast,
+				  u8 *key_data, size_t key_len)
+{
+	u8 *buf, *ekey;
+	struct ieee802_1x_hdr *hdr;
+	struct ieee802_1x_eapol_key *key;
+	size_t len, ekey_len;
+	struct eapol_state_machine *sm = sta->eapol_sm;
+
+	if (sm == NULL)
+		return;
+
+	len = sizeof(*key) + key_len;
+	buf = os_zalloc(sizeof(*hdr) + len);
+	if (buf == NULL)
+		return;
+
+	hdr = (struct ieee802_1x_hdr *) buf;
+	key = (struct ieee802_1x_eapol_key *) (hdr + 1);
+	key->type = EAPOL_KEY_TYPE_RC4;
+	key->key_length = htons(key_len);
+	wpa_get_ntp_timestamp(key->replay_counter);
+
+	if (os_get_random(key->key_iv, sizeof(key->key_iv))) {
+		wpa_printf(MSG_ERROR, "Could not get random numbers");
+		os_free(buf);
+		return;
+	}
+
+	key->key_index = idx | (broadcast ? 0 : BIT(7));
+	if (hapd->conf->eapol_key_index_workaround) {
+		/* According to some information, WinXP Supplicant seems to
+		 * interpret bit7 as an indication whether the key is to be
+		 * activated, so make it possible to enable workaround that
+		 * sets this bit for all keys. */
+		key->key_index |= BIT(7);
+	}
+
+	/* Key is encrypted using "Key-IV + MSK[0..31]" as the RC4-key and
+	 * MSK[32..63] is used to sign the message. */
+	if (sm->eap_if->eapKeyData == NULL || sm->eap_if->eapKeyDataLen < 64) {
+		wpa_printf(MSG_ERROR, "No eapKeyData available for encrypting "
+			   "and signing EAPOL-Key");
+		os_free(buf);
+		return;
+	}
+	os_memcpy((u8 *) (key + 1), key_data, key_len);
+	ekey_len = sizeof(key->key_iv) + 32;
+	ekey = os_malloc(ekey_len);
+	if (ekey == NULL) {
+		wpa_printf(MSG_ERROR, "Could not encrypt key");
+		os_free(buf);
+		return;
+	}
+	os_memcpy(ekey, key->key_iv, sizeof(key->key_iv));
+	os_memcpy(ekey + sizeof(key->key_iv), sm->eap_if->eapKeyData, 32);
+	rc4((u8 *) (key + 1), key_len, ekey, ekey_len);
+	os_free(ekey);
+
+	/* This header is needed here for HMAC-MD5, but it will be regenerated
+	 * in ieee802_1x_send() */
+	hdr->version = hapd->conf->eapol_version;
+	hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
+	hdr->length = host_to_be16(len);
+	hmac_md5(sm->eap_if->eapKeyData + 32, 32, buf, sizeof(*hdr) + len,
+		 key->key_signature);
+
+	wpa_printf(MSG_DEBUG, "IEEE 802.1X: Sending EAPOL-Key to " MACSTR
+		   " (%s index=%d)", MAC2STR(sm->addr),
+		   broadcast ? "broadcast" : "unicast", idx);
+	ieee802_1x_send(hapd, sta, IEEE802_1X_TYPE_EAPOL_KEY, (u8 *) key, len);
+	if (sta->eapol_sm)
+		sta->eapol_sm->dot1xAuthEapolFramesTx++;
+	os_free(buf);
+}
+
+
+static struct hostapd_wep_keys *
+ieee802_1x_group_alloc(struct hostapd_data *hapd, const char *ifname)
+{
+	struct hostapd_wep_keys *key;
+
+	key = os_zalloc(sizeof(*key));
+	if (key == NULL)
+		return NULL;
+
+	key->default_len = hapd->conf->default_wep_key_len;
+
+	if (key->idx >= hapd->conf->broadcast_key_idx_max ||
+	    key->idx < hapd->conf->broadcast_key_idx_min)
+		key->idx = hapd->conf->broadcast_key_idx_min;
+	else
+		key->idx++;
+
+	if (!key->key[key->idx])
+		key->key[key->idx] = os_malloc(key->default_len);
+	if (key->key[key->idx] == NULL ||
+	    os_get_random(key->key[key->idx], key->default_len)) {
+		printf("Could not generate random WEP key (dynamic VLAN).\n");
+		os_free(key->key[key->idx]);
+		key->key[key->idx] = NULL;
+		os_free(key);
+		return NULL;
+	}
+	key->len[key->idx] = key->default_len;
+
+	wpa_printf(MSG_DEBUG, "%s: Default WEP idx %d for dynamic VLAN\n",
+		   ifname, key->idx);
+	wpa_hexdump_key(MSG_DEBUG, "Default WEP key (dynamic VLAN)",
+			key->key[key->idx], key->len[key->idx]);
+
+	if (hostapd_set_encryption(ifname, hapd, "WEP", NULL, key->idx,
+				   key->key[key->idx], key->len[key->idx], 1))
+		printf("Could not set dynamic VLAN WEP encryption key.\n");
+
+	hostapd_set_ieee8021x(ifname, hapd, 1);
+
+	return key;
+}
+
+
+static struct hostapd_wep_keys *
+ieee802_1x_get_group(struct hostapd_data *hapd, struct hostapd_ssid *ssid,
+		     size_t vlan_id)
+{
+	const char *ifname;
+
+	if (vlan_id == 0)
+		return &ssid->wep;
+
+	if (vlan_id <= ssid->max_dyn_vlan_keys && ssid->dyn_vlan_keys &&
+	    ssid->dyn_vlan_keys[vlan_id])
+		return ssid->dyn_vlan_keys[vlan_id];
+
+	wpa_printf(MSG_DEBUG, "IEEE 802.1X: Creating new group "
+		   "state machine for VLAN ID %lu",
+		   (unsigned long) vlan_id);
+
+	ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan, vlan_id);
+	if (ifname == NULL) {
+		wpa_printf(MSG_DEBUG, "IEEE 802.1X: Unknown VLAN ID %lu - "
+			   "cannot create group key state machine",
+			   (unsigned long) vlan_id);
+		return NULL;
+	}
+
+	if (ssid->dyn_vlan_keys == NULL) {
+		int size = (vlan_id + 1) * sizeof(ssid->dyn_vlan_keys[0]);
+		ssid->dyn_vlan_keys = os_zalloc(size);
+		if (ssid->dyn_vlan_keys == NULL)
+			return NULL;
+		ssid->max_dyn_vlan_keys = vlan_id;
+	}
+
+	if (ssid->max_dyn_vlan_keys < vlan_id) {
+		struct hostapd_wep_keys **na;
+		int size = (vlan_id + 1) * sizeof(ssid->dyn_vlan_keys[0]);
+		na = os_realloc(ssid->dyn_vlan_keys, size);
+		if (na == NULL)
+			return NULL;
+		ssid->dyn_vlan_keys = na;
+		os_memset(&ssid->dyn_vlan_keys[ssid->max_dyn_vlan_keys + 1], 0,
+			  (vlan_id - ssid->max_dyn_vlan_keys) *
+			  sizeof(ssid->dyn_vlan_keys[0]));
+		ssid->max_dyn_vlan_keys = vlan_id;
+	}
+
+	ssid->dyn_vlan_keys[vlan_id] = ieee802_1x_group_alloc(hapd, ifname);
+
+	return ssid->dyn_vlan_keys[vlan_id];
+}
+
+
+void ieee802_1x_tx_key(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	struct hostapd_wep_keys *key = NULL;
+	struct eapol_state_machine *sm = sta->eapol_sm;
+	int vlan_id;
+
+	if (sm == NULL || !sm->eap_if->eapKeyData)
+		return;
+
+	wpa_printf(MSG_DEBUG, "IEEE 802.1X: Sending EAPOL-Key(s) to " MACSTR,
+		   MAC2STR(sta->addr));
+
+	vlan_id = sta->vlan_id;
+	if (vlan_id < 0 || vlan_id > MAX_VLAN_ID)
+		vlan_id = 0;
+
+	if (vlan_id) {
+		key = ieee802_1x_get_group(hapd, sta->ssid, vlan_id);
+		if (key && key->key[key->idx])
+			ieee802_1x_tx_key_one(hapd, sta, key->idx, 1,
+					      key->key[key->idx],
+					      key->len[key->idx]);
+	} else if (hapd->default_wep_key) {
+		ieee802_1x_tx_key_one(hapd, sta, hapd->default_wep_key_idx, 1,
+				      hapd->default_wep_key,
+				      hapd->conf->default_wep_key_len);
+	}
+
+	if (hapd->conf->individual_wep_key_len > 0) {
+		u8 *ikey;
+		ikey = os_malloc(hapd->conf->individual_wep_key_len);
+		if (ikey == NULL ||
+		    os_get_random(ikey, hapd->conf->individual_wep_key_len)) {
+			wpa_printf(MSG_ERROR, "Could not generate random "
+				   "individual WEP key.");
+			os_free(ikey);
+			return;
+		}
+
+		wpa_hexdump_key(MSG_DEBUG, "Individual WEP key",
+				ikey, hapd->conf->individual_wep_key_len);
+
+		ieee802_1x_tx_key_one(hapd, sta, 0, 0, ikey,
+				      hapd->conf->individual_wep_key_len);
+
+		/* TODO: set encryption in TX callback, i.e., only after STA
+		 * has ACKed EAPOL-Key frame */
+		if (hostapd_set_encryption(hapd->conf->iface, hapd, "WEP",
+					   sta->addr, 0, ikey,
+					   hapd->conf->individual_wep_key_len,
+					   1)) {
+			wpa_printf(MSG_ERROR, "Could not set individual WEP "
+				   "encryption.");
+		}
+
+		os_free(ikey);
+	}
+}
+
+
+const char *radius_mode_txt(struct hostapd_data *hapd)
+{
+	if (hapd->iface->current_mode == NULL)
+		return "802.11";
+
+	switch (hapd->iface->current_mode->mode) {
+	case HOSTAPD_MODE_IEEE80211A:
+		return "802.11a";
+	case HOSTAPD_MODE_IEEE80211G:
+		return "802.11g";
+	case HOSTAPD_MODE_IEEE80211B:
+	default:
+		return "802.11b";
+	}
+}
+
+
+int radius_sta_rate(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	int i;
+	u8 rate = 0;
+
+	for (i = 0; i < sta->supported_rates_len; i++)
+		if ((sta->supported_rates[i] & 0x7f) > rate)
+			rate = sta->supported_rates[i] & 0x7f;
+
+	return rate;
+}
+
+
+static void ieee802_1x_learn_identity(struct hostapd_data *hapd,
+				      struct eapol_state_machine *sm,
+				      const u8 *eap, size_t len)
+{
+	const u8 *identity;
+	size_t identity_len;
+
+	if (len <= sizeof(struct eap_hdr) ||
+	    eap[sizeof(struct eap_hdr)] != EAP_TYPE_IDENTITY)
+		return;
+
+	identity = eap_get_identity(sm->eap, &identity_len);
+	if (identity == NULL)
+		return;
+
+	/* Save station identity for future RADIUS packets */
+	os_free(sm->identity);
+	sm->identity = os_malloc(identity_len + 1);
+	if (sm->identity == NULL) {
+		sm->identity_len = 0;
+		return;
+	}
+
+	os_memcpy(sm->identity, identity, identity_len);
+	sm->identity_len = identity_len;
+	sm->identity[identity_len] = '\0';
+	hostapd_logger(hapd, sm->addr, HOSTAPD_MODULE_IEEE8021X,
+		       HOSTAPD_LEVEL_DEBUG, "STA identity '%s'", sm->identity);
+	sm->dot1xAuthEapolRespIdFramesRx++;
+}
+
+
+static void ieee802_1x_encapsulate_radius(struct hostapd_data *hapd,
+					  struct sta_info *sta,
+					  const u8 *eap, size_t len)
+{
+	struct radius_msg *msg;
+	char buf[128];
+	struct eapol_state_machine *sm = sta->eapol_sm;
+
+	if (sm == NULL)
+		return;
+
+	ieee802_1x_learn_identity(hapd, sm, eap, len);
+
+	wpa_printf(MSG_DEBUG, "Encapsulating EAP message into a RADIUS "
+		   "packet");
+
+	sm->radius_identifier = radius_client_get_id(hapd->radius);
+	msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST,
+			     sm->radius_identifier);
+	if (msg == NULL) {
+		printf("Could not create net RADIUS packet\n");
+		return;
+	}
+
+	radius_msg_make_authenticator(msg, (u8 *) sta, sizeof(*sta));
+
+	if (sm->identity &&
+	    !radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME,
+				 sm->identity, sm->identity_len)) {
+		printf("Could not add User-Name\n");
+		goto fail;
+	}
+
+	if (hapd->conf->own_ip_addr.af == AF_INET &&
+	    !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
+				 (u8 *) &hapd->conf->own_ip_addr.u.v4, 4)) {
+		printf("Could not add NAS-IP-Address\n");
+		goto fail;
+	}
+
+#ifdef CONFIG_IPV6
+	if (hapd->conf->own_ip_addr.af == AF_INET6 &&
+	    !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IPV6_ADDRESS,
+				 (u8 *) &hapd->conf->own_ip_addr.u.v6, 16)) {
+		printf("Could not add NAS-IPv6-Address\n");
+		goto fail;
+	}
+#endif /* CONFIG_IPV6 */
+
+	if (hapd->conf->nas_identifier &&
+	    !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IDENTIFIER,
+				 (u8 *) hapd->conf->nas_identifier,
+				 os_strlen(hapd->conf->nas_identifier))) {
+		printf("Could not add NAS-Identifier\n");
+		goto fail;
+	}
+
+	if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT, sta->aid)) {
+		printf("Could not add NAS-Port\n");
+		goto fail;
+	}
+
+	os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT ":%s",
+		    MAC2STR(hapd->own_addr), hapd->conf->ssid.ssid);
+	buf[sizeof(buf) - 1] = '\0';
+	if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLED_STATION_ID,
+				 (u8 *) buf, os_strlen(buf))) {
+		printf("Could not add Called-Station-Id\n");
+		goto fail;
+	}
+
+	os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
+		    MAC2STR(sta->addr));
+	buf[sizeof(buf) - 1] = '\0';
+	if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID,
+				 (u8 *) buf, os_strlen(buf))) {
+		printf("Could not add Calling-Station-Id\n");
+		goto fail;
+	}
+
+	/* TODO: should probably check MTU from driver config; 2304 is max for
+	 * IEEE 802.11, but use 1400 to avoid problems with too large packets
+	 */
+	if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_FRAMED_MTU, 1400)) {
+		printf("Could not add Framed-MTU\n");
+		goto fail;
+	}
+
+	if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT_TYPE,
+				       RADIUS_NAS_PORT_TYPE_IEEE_802_11)) {
+		printf("Could not add NAS-Port-Type\n");
+		goto fail;
+	}
+
+	if (sta->flags & WLAN_STA_PREAUTH) {
+		os_strlcpy(buf, "IEEE 802.11i Pre-Authentication",
+			   sizeof(buf));
+	} else {
+		os_snprintf(buf, sizeof(buf), "CONNECT %d%sMbps %s",
+			    radius_sta_rate(hapd, sta) / 2,
+			    (radius_sta_rate(hapd, sta) & 1) ? ".5" : "",
+			    radius_mode_txt(hapd));
+		buf[sizeof(buf) - 1] = '\0';
+	}
+	if (!radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO,
+				 (u8 *) buf, os_strlen(buf))) {
+		printf("Could not add Connect-Info\n");
+		goto fail;
+	}
+
+	if (eap && !radius_msg_add_eap(msg, eap, len)) {
+		printf("Could not add EAP-Message\n");
+		goto fail;
+	}
+
+	/* State attribute must be copied if and only if this packet is
+	 * Access-Request reply to the previous Access-Challenge */
+	if (sm->last_recv_radius && sm->last_recv_radius->hdr->code ==
+	    RADIUS_CODE_ACCESS_CHALLENGE) {
+		int res = radius_msg_copy_attr(msg, sm->last_recv_radius,
+					       RADIUS_ATTR_STATE);
+		if (res < 0) {
+			printf("Could not copy State attribute from previous "
+			       "Access-Challenge\n");
+			goto fail;
+		}
+		if (res > 0) {
+			wpa_printf(MSG_DEBUG, "Copied RADIUS State Attribute");
+		}
+	}
+
+	radius_client_send(hapd->radius, msg, RADIUS_AUTH, sta->addr);
+	return;
+
+ fail:
+	radius_msg_free(msg);
+	os_free(msg);
+}
+
+
+char *eap_type_text(u8 type)
+{
+	switch (type) {
+	case EAP_TYPE_IDENTITY: return "Identity";
+	case EAP_TYPE_NOTIFICATION: return "Notification";
+	case EAP_TYPE_NAK: return "Nak";
+	case EAP_TYPE_MD5: return "MD5-Challenge";
+	case EAP_TYPE_OTP: return "One-Time Password";
+	case EAP_TYPE_GTC: return "Generic Token Card";
+	case EAP_TYPE_TLS: return "TLS";
+	case EAP_TYPE_TTLS: return "TTLS";
+	case EAP_TYPE_PEAP: return "PEAP";
+	case EAP_TYPE_SIM: return "SIM";
+	case EAP_TYPE_FAST: return "FAST";
+	case EAP_TYPE_SAKE: return "SAKE";
+	case EAP_TYPE_PSK: return "PSK";
+	case EAP_TYPE_PAX: return "PAX";
+	default: return "Unknown";
+	}
+}
+
+
+static void handle_eap_response(struct hostapd_data *hapd,
+				struct sta_info *sta, struct eap_hdr *eap,
+				size_t len)
+{
+	u8 type, *data;
+	struct eapol_state_machine *sm = sta->eapol_sm;
+	if (sm == NULL)
+		return;
+
+	data = (u8 *) (eap + 1);
+
+	if (len < sizeof(*eap) + 1) {
+		printf("handle_eap_response: too short response data\n");
+		return;
+	}
+
+	sm->eap_type_supp = type = data[0];
+	eloop_cancel_timeout(ieee802_1x_eap_timeout, sta, NULL);
+
+	hostapd_logger(hapd, sm->addr, HOSTAPD_MODULE_IEEE8021X,
+		       HOSTAPD_LEVEL_DEBUG, "received EAP packet (code=%d "
+		       "id=%d len=%d) from STA: EAP Response-%s (%d)",
+		       eap->code, eap->identifier, be_to_host16(eap->length),
+		       eap_type_text(type), type);
+
+	sm->dot1xAuthEapolRespFramesRx++;
+
+	wpabuf_free(sm->eap_if->eapRespData);
+	sm->eap_if->eapRespData = wpabuf_alloc_copy(eap, len);
+	sm->eapolEap = TRUE;
+}
+
+
+/* Process incoming EAP packet from Supplicant */
+static void handle_eap(struct hostapd_data *hapd, struct sta_info *sta,
+		       u8 *buf, size_t len)
+{
+	struct eap_hdr *eap;
+	u16 eap_len;
+
+	if (len < sizeof(*eap)) {
+		printf("   too short EAP packet\n");
+		return;
+	}
+
+	eap = (struct eap_hdr *) buf;
+
+	eap_len = be_to_host16(eap->length);
+	wpa_printf(MSG_DEBUG, "EAP: code=%d identifier=%d length=%d",
+		   eap->code, eap->identifier, eap_len);
+	if (eap_len < sizeof(*eap)) {
+		wpa_printf(MSG_DEBUG, "   Invalid EAP length");
+		return;
+	} else if (eap_len > len) {
+		wpa_printf(MSG_DEBUG, "   Too short frame to contain this EAP "
+			   "packet");
+		return;
+	} else if (eap_len < len) {
+		wpa_printf(MSG_DEBUG, "   Ignoring %lu extra bytes after EAP "
+			   "packet", (unsigned long) len - eap_len);
+	}
+
+	switch (eap->code) {
+	case EAP_CODE_REQUEST:
+		wpa_printf(MSG_DEBUG, " (request)");
+		return;
+	case EAP_CODE_RESPONSE:
+		wpa_printf(MSG_DEBUG, " (response)");
+		handle_eap_response(hapd, sta, eap, eap_len);
+		break;
+	case EAP_CODE_SUCCESS:
+		wpa_printf(MSG_DEBUG, " (success)");
+		return;
+	case EAP_CODE_FAILURE:
+		wpa_printf(MSG_DEBUG, " (failure)");
+		return;
+	default:
+		wpa_printf(MSG_DEBUG, " (unknown code)");
+		return;
+	}
+}
+
+
+/* Process the EAPOL frames from the Supplicant */
+void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
+			size_t len)
+{
+	struct sta_info *sta;
+	struct ieee802_1x_hdr *hdr;
+	struct ieee802_1x_eapol_key *key;
+	u16 datalen;
+	struct rsn_pmksa_cache_entry *pmksa;
+
+	if (!hapd->conf->ieee802_1x && !hapd->conf->wpa)
+		return;
+
+	wpa_printf(MSG_DEBUG, "IEEE 802.1X: %lu bytes from " MACSTR,
+		   (unsigned long) len, MAC2STR(sa));
+	sta = ap_get_sta(hapd, sa);
+	if (!sta) {
+		printf("   no station information available\n");
+		return;
+	}
+
+	if (len < sizeof(*hdr)) {
+		printf("   too short IEEE 802.1X packet\n");
+		return;
+	}
+
+	hdr = (struct ieee802_1x_hdr *) buf;
+	datalen = be_to_host16(hdr->length);
+	wpa_printf(MSG_DEBUG, "   IEEE 802.1X: version=%d type=%d length=%d",
+		   hdr->version, hdr->type, datalen);
+
+	if (len - sizeof(*hdr) < datalen) {
+		printf("   frame too short for this IEEE 802.1X packet\n");
+		if (sta->eapol_sm)
+			sta->eapol_sm->dot1xAuthEapLengthErrorFramesRx++;
+		return;
+	}
+	if (len - sizeof(*hdr) > datalen) {
+		wpa_printf(MSG_DEBUG, "   ignoring %lu extra octets after "
+			   "IEEE 802.1X packet",
+			   (unsigned long) len - sizeof(*hdr) - datalen);
+	}
+
+	if (sta->eapol_sm) {
+		sta->eapol_sm->dot1xAuthLastEapolFrameVersion = hdr->version;
+		sta->eapol_sm->dot1xAuthEapolFramesRx++;
+	}
+
+	key = (struct ieee802_1x_eapol_key *) (hdr + 1);
+	if (datalen >= sizeof(struct ieee802_1x_eapol_key) &&
+	    hdr->type == IEEE802_1X_TYPE_EAPOL_KEY &&
+	    (key->type == EAPOL_KEY_TYPE_WPA ||
+	     key->type == EAPOL_KEY_TYPE_RSN)) {
+		wpa_receive(hapd->wpa_auth, sta->wpa_sm, (u8 *) hdr,
+			    sizeof(*hdr) + datalen);
+		return;
+	}
+
+	if (!hapd->conf->ieee802_1x ||
+	    wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_PSK ||
+	    wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_FT_PSK)
+		return;
+
+	if (!sta->eapol_sm) {
+		sta->eapol_sm = eapol_auth_alloc(hapd->eapol_auth, sta->addr,
+						 sta->flags & WLAN_STA_PREAUTH,
+						 sta);
+		if (!sta->eapol_sm)
+			return;
+	}
+
+	/* since we support version 1, we can ignore version field and proceed
+	 * as specified in version 1 standard [IEEE Std 802.1X-2001, 7.5.5] */
+	/* TODO: actually, we are not version 1 anymore.. However, Version 2
+	 * does not change frame contents, so should be ok to process frames
+	 * more or less identically. Some changes might be needed for
+	 * verification of fields. */
+
+	switch (hdr->type) {
+	case IEEE802_1X_TYPE_EAP_PACKET:
+		handle_eap(hapd, sta, (u8 *) (hdr + 1), datalen);
+		break;
+
+	case IEEE802_1X_TYPE_EAPOL_START:
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+			       HOSTAPD_LEVEL_DEBUG, "received EAPOL-Start "
+			       "from STA");
+		sta->eapol_sm->flags &= ~EAPOL_SM_WAIT_START;
+		pmksa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
+		if (pmksa) {
+			hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
+				       HOSTAPD_LEVEL_DEBUG, "cached PMKSA "
+				       "available - ignore it since "
+				       "STA sent EAPOL-Start");
+			wpa_auth_sta_clear_pmksa(sta->wpa_sm, pmksa);
+		}
+		sta->eapol_sm->eapolStart = TRUE;
+		sta->eapol_sm->dot1xAuthEapolStartFramesRx++;
+		wpa_auth_sm_event(sta->wpa_sm, WPA_REAUTH_EAPOL);
+		break;
+
+	case IEEE802_1X_TYPE_EAPOL_LOGOFF:
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+			       HOSTAPD_LEVEL_DEBUG, "received EAPOL-Logoff "
+			       "from STA");
+		sta->acct_terminate_cause =
+			RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
+		sta->eapol_sm->eapolLogoff = TRUE;
+		sta->eapol_sm->dot1xAuthEapolLogoffFramesRx++;
+		break;
+
+	case IEEE802_1X_TYPE_EAPOL_KEY:
+		wpa_printf(MSG_DEBUG, "   EAPOL-Key");
+		if (!(sta->flags & WLAN_STA_AUTHORIZED)) {
+			wpa_printf(MSG_DEBUG, "   Dropped key data from "
+				   "unauthorized Supplicant");
+			break;
+		}
+		break;
+
+	case IEEE802_1X_TYPE_EAPOL_ENCAPSULATED_ASF_ALERT:
+		wpa_printf(MSG_DEBUG, "   EAPOL-Encapsulated-ASF-Alert");
+		/* TODO: implement support for this; show data */
+		break;
+
+	default:
+		wpa_printf(MSG_DEBUG, "   unknown IEEE 802.1X packet type");
+		sta->eapol_sm->dot1xAuthInvalidEapolFramesRx++;
+		break;
+	}
+
+	eapol_auth_step(sta->eapol_sm);
+}
+
+
+void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	struct rsn_pmksa_cache_entry *pmksa;
+	int reassoc = 1;
+	int force_1x = 0;
+
+	if ((!force_1x && !hapd->conf->ieee802_1x) ||
+	    wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_PSK ||
+	    wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_FT_PSK)
+		return;
+
+	if (sta->eapol_sm == NULL) {
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+			       HOSTAPD_LEVEL_DEBUG, "start authentication");
+		sta->eapol_sm = eapol_auth_alloc(hapd->eapol_auth, sta->addr,
+						 sta->flags & WLAN_STA_PREAUTH,
+						 sta);
+		if (sta->eapol_sm == NULL) {
+			hostapd_logger(hapd, sta->addr,
+				       HOSTAPD_MODULE_IEEE8021X,
+				       HOSTAPD_LEVEL_INFO,
+				       "failed to allocate state machine");
+			return;
+		}
+		reassoc = 0;
+	}
+
+	sta->eapol_sm->eap_if->portEnabled = TRUE;
+
+	pmksa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
+	if (pmksa) {
+		int old_vlanid;
+
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+			       HOSTAPD_LEVEL_DEBUG,
+			       "PMK from PMKSA cache - skip IEEE 802.1X/EAP");
+		/* Setup EAPOL state machines to already authenticated state
+		 * because of existing PMKSA information in the cache. */
+		sta->eapol_sm->keyRun = TRUE;
+		sta->eapol_sm->eap_if->eapKeyAvailable = TRUE;
+		sta->eapol_sm->auth_pae_state = AUTH_PAE_AUTHENTICATING;
+		sta->eapol_sm->be_auth_state = BE_AUTH_SUCCESS;
+		sta->eapol_sm->authSuccess = TRUE;
+		if (sta->eapol_sm->eap)
+			eap_sm_notify_cached(sta->eapol_sm->eap);
+		old_vlanid = sta->vlan_id;
+		pmksa_cache_to_eapol_data(pmksa, sta->eapol_sm);
+		if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED)
+			sta->vlan_id = 0;
+		ap_sta_bind_vlan(hapd, sta, old_vlanid);
+	} else {
+		if (reassoc) {
+			/*
+			 * Force EAPOL state machines to start
+			 * re-authentication without having to wait for the
+			 * Supplicant to send EAPOL-Start.
+			 */
+			sta->eapol_sm->reAuthenticate = TRUE;
+		}
+		eapol_auth_step(sta->eapol_sm);
+	}
+}
+
+
+void ieee802_1x_free_radius_class(struct radius_class_data *class)
+{
+	size_t i;
+	if (class == NULL)
+		return;
+	for (i = 0; i < class->count; i++)
+		os_free(class->attr[i].data);
+	os_free(class->attr);
+	class->attr = NULL;
+	class->count = 0;
+}
+
+
+int ieee802_1x_copy_radius_class(struct radius_class_data *dst,
+				 struct radius_class_data *src)
+{
+	size_t i;
+
+	if (src->attr == NULL)
+		return 0;
+
+	dst->attr = os_zalloc(src->count * sizeof(struct radius_attr_data));
+	if (dst->attr == NULL)
+		return -1;
+
+	dst->count = 0;
+
+	for (i = 0; i < src->count; i++) {
+		dst->attr[i].data = os_malloc(src->attr[i].len);
+		if (dst->attr[i].data == NULL)
+			break;
+		dst->count++;
+		os_memcpy(dst->attr[i].data, src->attr[i].data,
+			  src->attr[i].len);
+		dst->attr[i].len = src->attr[i].len;
+	}
+
+	return 0;
+}
+
+
+void ieee802_1x_free_station(struct sta_info *sta)
+{
+	struct eapol_state_machine *sm = sta->eapol_sm;
+
+	eloop_cancel_timeout(ieee802_1x_eap_timeout, sta, NULL);
+
+	if (sm == NULL)
+		return;
+
+	sta->eapol_sm = NULL;
+
+	if (sm->last_recv_radius) {
+		radius_msg_free(sm->last_recv_radius);
+		os_free(sm->last_recv_radius);
+	}
+
+	os_free(sm->identity);
+	ieee802_1x_free_radius_class(&sm->radius_class);
+	eapol_auth_free(sm);
+}
+
+
+static void ieee802_1x_decapsulate_radius(struct hostapd_data *hapd,
+					  struct sta_info *sta)
+{
+	u8 *eap;
+	size_t len;
+	struct eap_hdr *hdr;
+	int eap_type = -1;
+	char buf[64];
+	struct radius_msg *msg;
+	struct eapol_state_machine *sm = sta->eapol_sm;
+
+	if (sm == NULL || sm->last_recv_radius == NULL) {
+		if (sm)
+			sm->eap_if->aaaEapNoReq = TRUE;
+		return;
+	}
+
+	msg = sm->last_recv_radius;
+
+	eap = radius_msg_get_eap(msg, &len);
+	if (eap == NULL) {
+		/* RFC 3579, Chap. 2.6.3:
+		 * RADIUS server SHOULD NOT send Access-Reject/no EAP-Message
+		 * attribute */
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+			       HOSTAPD_LEVEL_WARNING, "could not extract "
+			       "EAP-Message from RADIUS message");
+		sm->eap_if->aaaEapNoReq = TRUE;
+		return;
+	}
+
+	if (len < sizeof(*hdr)) {
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+			       HOSTAPD_LEVEL_WARNING, "too short EAP packet "
+			       "received from authentication server");
+		os_free(eap);
+		sm->eap_if->aaaEapNoReq = TRUE;
+		return;
+	}
+
+	if (len > sizeof(*hdr))
+		eap_type = eap[sizeof(*hdr)];
+
+	hdr = (struct eap_hdr *) eap;
+	switch (hdr->code) {
+	case EAP_CODE_REQUEST:
+		if (eap_type >= 0)
+			sm->eap_type_authsrv = eap_type;
+		os_snprintf(buf, sizeof(buf), "EAP-Request-%s (%d)",
+			    eap_type >= 0 ? eap_type_text(eap_type) : "??",
+			    eap_type);
+		break;
+	case EAP_CODE_RESPONSE:
+		os_snprintf(buf, sizeof(buf), "EAP Response-%s (%d)",
+			    eap_type >= 0 ? eap_type_text(eap_type) : "??",
+			    eap_type);
+		break;
+	case EAP_CODE_SUCCESS:
+		os_strlcpy(buf, "EAP Success", sizeof(buf));
+		break;
+	case EAP_CODE_FAILURE:
+		os_strlcpy(buf, "EAP Failure", sizeof(buf));
+		break;
+	default:
+		os_strlcpy(buf, "unknown EAP code", sizeof(buf));
+		break;
+	}
+	buf[sizeof(buf) - 1] = '\0';
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+		       HOSTAPD_LEVEL_DEBUG, "decapsulated EAP packet (code=%d "
+		       "id=%d len=%d) from RADIUS server: %s",
+		       hdr->code, hdr->identifier, be_to_host16(hdr->length),
+		       buf);
+	sm->eap_if->aaaEapReq = TRUE;
+
+	wpabuf_free(sm->eap_if->aaaEapReqData);
+	sm->eap_if->aaaEapReqData = wpabuf_alloc_ext_data(eap, len);
+}
+
+
+static void ieee802_1x_get_keys(struct hostapd_data *hapd,
+				struct sta_info *sta, struct radius_msg *msg,
+				struct radius_msg *req,
+				u8 *shared_secret, size_t shared_secret_len)
+{
+	struct radius_ms_mppe_keys *keys;
+	struct eapol_state_machine *sm = sta->eapol_sm;
+	if (sm == NULL)
+		return;
+
+	keys = radius_msg_get_ms_keys(msg, req, shared_secret,
+				      shared_secret_len);
+
+	if (keys && keys->send && keys->recv) {
+		size_t len = keys->send_len + keys->recv_len;
+		wpa_hexdump_key(MSG_DEBUG, "MS-MPPE-Send-Key",
+				keys->send, keys->send_len);
+		wpa_hexdump_key(MSG_DEBUG, "MS-MPPE-Recv-Key",
+				keys->recv, keys->recv_len);
+
+		os_free(sm->eap_if->aaaEapKeyData);
+		sm->eap_if->aaaEapKeyData = os_malloc(len);
+		if (sm->eap_if->aaaEapKeyData) {
+			os_memcpy(sm->eap_if->aaaEapKeyData, keys->recv,
+				  keys->recv_len);
+			os_memcpy(sm->eap_if->aaaEapKeyData + keys->recv_len,
+				  keys->send, keys->send_len);
+			sm->eap_if->aaaEapKeyDataLen = len;
+			sm->eap_if->aaaEapKeyAvailable = TRUE;
+		}
+	}
+
+	if (keys) {
+		os_free(keys->send);
+		os_free(keys->recv);
+		os_free(keys);
+	}
+}
+
+
+static void ieee802_1x_store_radius_class(struct hostapd_data *hapd,
+					  struct sta_info *sta,
+					  struct radius_msg *msg)
+{
+	u8 *class;
+	size_t class_len;
+	struct eapol_state_machine *sm = sta->eapol_sm;
+	int count, i;
+	struct radius_attr_data *nclass;
+	size_t nclass_count;
+
+	if (!hapd->conf->radius->acct_server || hapd->radius == NULL ||
+	    sm == NULL)
+		return;
+
+	ieee802_1x_free_radius_class(&sm->radius_class);
+	count = radius_msg_count_attr(msg, RADIUS_ATTR_CLASS, 1);
+	if (count <= 0)
+		return;
+
+	nclass = os_zalloc(count * sizeof(struct radius_attr_data));
+	if (nclass == NULL)
+		return;
+
+	nclass_count = 0;
+
+	class = NULL;
+	for (i = 0; i < count; i++) {
+		do {
+			if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_CLASS,
+						    &class, &class_len,
+						    class) < 0) {
+				i = count;
+				break;
+			}
+		} while (class_len < 1);
+
+		nclass[nclass_count].data = os_malloc(class_len);
+		if (nclass[nclass_count].data == NULL)
+			break;
+
+		os_memcpy(nclass[nclass_count].data, class, class_len);
+		nclass[nclass_count].len = class_len;
+		nclass_count++;
+	}
+
+	sm->radius_class.attr = nclass;
+	sm->radius_class.count = nclass_count;
+	wpa_printf(MSG_DEBUG, "IEEE 802.1X: Stored %lu RADIUS Class "
+		   "attributes for " MACSTR,
+		   (unsigned long) sm->radius_class.count,
+		   MAC2STR(sta->addr));
+}
+
+
+/* Update sta->identity based on User-Name attribute in Access-Accept */
+static void ieee802_1x_update_sta_identity(struct hostapd_data *hapd,
+					   struct sta_info *sta,
+					   struct radius_msg *msg)
+{
+	u8 *buf, *identity;
+	size_t len;
+	struct eapol_state_machine *sm = sta->eapol_sm;
+
+	if (sm == NULL)
+		return;
+
+	if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_USER_NAME, &buf, &len,
+				    NULL) < 0)
+		return;
+
+	identity = os_malloc(len + 1);
+	if (identity == NULL)
+		return;
+
+	os_memcpy(identity, buf, len);
+	identity[len] = '\0';
+
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+		       HOSTAPD_LEVEL_DEBUG, "old identity '%s' updated with "
+		       "User-Name from Access-Accept '%s'",
+		       sm->identity ? (char *) sm->identity : "N/A",
+		       (char *) identity);
+
+	os_free(sm->identity);
+	sm->identity = identity;
+	sm->identity_len = len;
+}
+
+
+struct sta_id_search {
+	u8 identifier;
+	struct eapol_state_machine *sm;
+};
+
+
+static int ieee802_1x_select_radius_identifier(struct hostapd_data *hapd,
+					       struct sta_info *sta,
+					       void *ctx)
+{
+	struct sta_id_search *id_search = ctx;
+	struct eapol_state_machine *sm = sta->eapol_sm;
+
+	if (sm && sm->radius_identifier >= 0 &&
+	    sm->radius_identifier == id_search->identifier) {
+		id_search->sm = sm;
+		return 1;
+	}
+	return 0;
+}
+
+
+static struct eapol_state_machine *
+ieee802_1x_search_radius_identifier(struct hostapd_data *hapd, u8 identifier)
+{
+	struct sta_id_search id_search;
+	id_search.identifier = identifier;
+	id_search.sm = NULL;
+	ap_for_each_sta(hapd, ieee802_1x_select_radius_identifier, &id_search);
+	return id_search.sm;
+}
+
+
+/* Process the RADIUS frames from Authentication Server */
+static RadiusRxResult
+ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
+			u8 *shared_secret, size_t shared_secret_len,
+			void *data)
+{
+	struct hostapd_data *hapd = data;
+	struct sta_info *sta;
+	u32 session_timeout = 0, termination_action, acct_interim_interval;
+	int session_timeout_set, old_vlanid = 0;
+	int eap_timeout;
+	struct eapol_state_machine *sm;
+	int override_eapReq = 0;
+
+	sm = ieee802_1x_search_radius_identifier(hapd, msg->hdr->identifier);
+	if (sm == NULL) {
+		wpa_printf(MSG_DEBUG, "IEEE 802.1X: Could not find matching "
+			   "station for this RADIUS message");
+		return RADIUS_RX_UNKNOWN;
+	}
+	sta = sm->sta;
+
+	/* RFC 2869, Ch. 5.13: valid Message-Authenticator attribute MUST be
+	 * present when packet contains an EAP-Message attribute */
+	if (msg->hdr->code == RADIUS_CODE_ACCESS_REJECT &&
+	    radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL,
+				0) < 0 &&
+	    radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) {
+		wpa_printf(MSG_DEBUG, "Allowing RADIUS Access-Reject without "
+			   "Message-Authenticator since it does not include "
+			   "EAP-Message");
+	} else if (radius_msg_verify(msg, shared_secret, shared_secret_len,
+				     req, 1)) {
+		printf("Incoming RADIUS packet did not have correct "
+		       "Message-Authenticator - dropped\n");
+		return RADIUS_RX_INVALID_AUTHENTICATOR;
+	}
+
+	if (msg->hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
+	    msg->hdr->code != RADIUS_CODE_ACCESS_REJECT &&
+	    msg->hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) {
+		printf("Unknown RADIUS message code\n");
+		return RADIUS_RX_UNKNOWN;
+	}
+
+	sm->radius_identifier = -1;
+	wpa_printf(MSG_DEBUG, "RADIUS packet matching with station " MACSTR,
+		   MAC2STR(sta->addr));
+
+	if (sm->last_recv_radius) {
+		radius_msg_free(sm->last_recv_radius);
+		os_free(sm->last_recv_radius);
+	}
+
+	sm->last_recv_radius = msg;
+
+	session_timeout_set =
+		!radius_msg_get_attr_int32(msg, RADIUS_ATTR_SESSION_TIMEOUT,
+					   &session_timeout);
+	if (radius_msg_get_attr_int32(msg, RADIUS_ATTR_TERMINATION_ACTION,
+				      &termination_action))
+		termination_action = RADIUS_TERMINATION_ACTION_DEFAULT;
+
+	if (hapd->conf->radius->acct_interim_interval == 0 &&
+	    msg->hdr->code == RADIUS_CODE_ACCESS_ACCEPT &&
+	    radius_msg_get_attr_int32(msg, RADIUS_ATTR_ACCT_INTERIM_INTERVAL,
+				      &acct_interim_interval) == 0) {
+		if (acct_interim_interval < 60) {
+			hostapd_logger(hapd, sta->addr,
+				       HOSTAPD_MODULE_IEEE8021X,
+				       HOSTAPD_LEVEL_INFO,
+				       "ignored too small "
+				       "Acct-Interim-Interval %d",
+				       acct_interim_interval);
+		} else
+			sta->acct_interim_interval = acct_interim_interval;
+	}
+
+
+	switch (msg->hdr->code) {
+	case RADIUS_CODE_ACCESS_ACCEPT:
+		if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED)
+			sta->vlan_id = 0;
+		else {
+			old_vlanid = sta->vlan_id;
+			sta->vlan_id = radius_msg_get_vlanid(msg);
+		}
+		if (sta->vlan_id > 0 &&
+		    hostapd_get_vlan_id_ifname(hapd->conf->vlan,
+					       sta->vlan_id)) {
+			hostapd_logger(hapd, sta->addr,
+				       HOSTAPD_MODULE_RADIUS,
+				       HOSTAPD_LEVEL_INFO,
+				       "VLAN ID %d", sta->vlan_id);
+		} else if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_REQUIRED) {
+			sta->eapol_sm->authFail = TRUE;
+			hostapd_logger(hapd, sta->addr,
+				       HOSTAPD_MODULE_IEEE8021X,
+				       HOSTAPD_LEVEL_INFO, "authentication "
+				       "server did not include required VLAN "
+				       "ID in Access-Accept");
+			break;
+		}
+
+		ap_sta_bind_vlan(hapd, sta, old_vlanid);
+
+		/* RFC 3580, Ch. 3.17 */
+		if (session_timeout_set && termination_action ==
+		    RADIUS_TERMINATION_ACTION_RADIUS_REQUEST) {
+			sm->reAuthPeriod = session_timeout;
+		} else if (session_timeout_set)
+			ap_sta_session_timeout(hapd, sta, session_timeout);
+
+		sm->eap_if->aaaSuccess = TRUE;
+		override_eapReq = 1;
+		ieee802_1x_get_keys(hapd, sta, msg, req, shared_secret,
+				    shared_secret_len);
+		ieee802_1x_store_radius_class(hapd, sta, msg);
+		ieee802_1x_update_sta_identity(hapd, sta, msg);
+		if (sm->eap_if->eapKeyAvailable &&
+		    wpa_auth_pmksa_add(sta->wpa_sm, sm->eapol_key_crypt,
+				       session_timeout_set ?
+				       (int) session_timeout : -1, sm) == 0) {
+			hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
+				       HOSTAPD_LEVEL_DEBUG,
+				       "Added PMKSA cache entry");
+		}
+		break;
+	case RADIUS_CODE_ACCESS_REJECT:
+		sm->eap_if->aaaFail = TRUE;
+		override_eapReq = 1;
+		break;
+	case RADIUS_CODE_ACCESS_CHALLENGE:
+		sm->eap_if->aaaEapReq = TRUE;
+		if (session_timeout_set) {
+			/* RFC 2869, Ch. 2.3.2; RFC 3580, Ch. 3.17 */
+			eap_timeout = session_timeout;
+		} else
+			eap_timeout = 30;
+		hostapd_logger(hapd, sm->addr, HOSTAPD_MODULE_IEEE8021X,
+			       HOSTAPD_LEVEL_DEBUG,
+			       "using EAP timeout of %d seconds%s",
+			       eap_timeout,
+			       session_timeout_set ? " (from RADIUS)" : "");
+		eloop_cancel_timeout(ieee802_1x_eap_timeout, sta, NULL);
+		eloop_register_timeout(eap_timeout, 0, ieee802_1x_eap_timeout,
+				       sta, NULL);
+		sm->eap_if->eapTimeout = FALSE;
+		break;
+	}
+
+	ieee802_1x_decapsulate_radius(hapd, sta);
+	if (override_eapReq)
+		sm->eap_if->aaaEapReq = FALSE;
+
+	eapol_auth_step(sm);
+
+	return RADIUS_RX_QUEUED;
+}
+
+
+void ieee802_1x_abort_auth(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	struct eapol_state_machine *sm = sta->eapol_sm;
+	if (sm == NULL)
+		return;
+
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+		       HOSTAPD_LEVEL_DEBUG, "aborting authentication");
+
+	if (sm->last_recv_radius) {
+		radius_msg_free(sm->last_recv_radius);
+		os_free(sm->last_recv_radius);
+		sm->last_recv_radius = NULL;
+	}
+}
+
+
+#ifdef HOSTAPD_DUMP_STATE
+static void fprint_char(FILE *f, char c)
+{
+	if (c >= 32 && c < 127)
+		fprintf(f, "%c", c);
+	else
+		fprintf(f, "<%02x>", c);
+}
+
+
+void ieee802_1x_dump_state(FILE *f, const char *prefix, struct sta_info *sta)
+{
+	struct eapol_state_machine *sm = sta->eapol_sm;
+	if (sm == NULL)
+		return;
+
+	fprintf(f, "%sIEEE 802.1X:\n", prefix);
+
+	if (sm->identity) {
+		size_t i;
+		fprintf(f, "%sidentity=", prefix);
+		for (i = 0; i < sm->identity_len; i++)
+			fprint_char(f, sm->identity[i]);
+		fprintf(f, "\n");
+	}
+
+	fprintf(f, "%slast EAP type: Authentication Server: %d (%s) "
+		"Supplicant: %d (%s)\n", prefix,
+		sm->eap_type_authsrv, eap_type_text(sm->eap_type_authsrv),
+		sm->eap_type_supp, eap_type_text(sm->eap_type_supp));
+
+	fprintf(f, "%scached_packets=%s\n", prefix,
+		sm->last_recv_radius ? "[RX RADIUS]" : "");
+
+	eapol_auth_dump_state(f, prefix, sm);
+}
+#endif /* HOSTAPD_DUMP_STATE */
+
+
+static int ieee802_1x_rekey_broadcast(struct hostapd_data *hapd)
+{
+	if (hapd->conf->default_wep_key_len < 1)
+		return 0;
+
+	os_free(hapd->default_wep_key);
+	hapd->default_wep_key = os_malloc(hapd->conf->default_wep_key_len);
+	if (hapd->default_wep_key == NULL ||
+	    os_get_random(hapd->default_wep_key,
+			  hapd->conf->default_wep_key_len)) {
+		printf("Could not generate random WEP key.\n");
+		os_free(hapd->default_wep_key);
+		hapd->default_wep_key = NULL;
+		return -1;
+	}
+
+	wpa_hexdump_key(MSG_DEBUG, "IEEE 802.1X: New default WEP key",
+			hapd->default_wep_key,
+			hapd->conf->default_wep_key_len);
+
+	return 0;
+}
+
+
+static int ieee802_1x_sta_key_available(struct hostapd_data *hapd,
+					struct sta_info *sta, void *ctx)
+{
+	if (sta->eapol_sm) {
+		sta->eapol_sm->eap_if->eapKeyAvailable = TRUE;
+		eapol_auth_step(sta->eapol_sm);
+	}
+	return 0;
+}
+
+
+static void ieee802_1x_rekey(void *eloop_ctx, void *timeout_ctx)
+{
+	struct hostapd_data *hapd = eloop_ctx;
+
+	if (hapd->default_wep_key_idx >= 3)
+		hapd->default_wep_key_idx =
+			hapd->conf->individual_wep_key_len > 0 ? 1 : 0;
+	else
+		hapd->default_wep_key_idx++;
+
+	wpa_printf(MSG_DEBUG, "IEEE 802.1X: New default WEP key index %d",
+		   hapd->default_wep_key_idx);
+		      
+	if (ieee802_1x_rekey_broadcast(hapd)) {
+		hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE8021X,
+			       HOSTAPD_LEVEL_WARNING, "failed to generate a "
+			       "new broadcast key");
+		os_free(hapd->default_wep_key);
+		hapd->default_wep_key = NULL;
+		return;
+	}
+
+	/* TODO: Could setup key for RX here, but change default TX keyid only
+	 * after new broadcast key has been sent to all stations. */
+	if (hostapd_set_encryption(hapd->conf->iface, hapd, "WEP", NULL,
+				   hapd->default_wep_key_idx,
+				   hapd->default_wep_key,
+				   hapd->conf->default_wep_key_len, 1)) {
+		hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE8021X,
+			       HOSTAPD_LEVEL_WARNING, "failed to configure a "
+			       "new broadcast key");
+		os_free(hapd->default_wep_key);
+		hapd->default_wep_key = NULL;
+		return;
+	}
+
+	ap_for_each_sta(hapd, ieee802_1x_sta_key_available, NULL);
+
+	if (hapd->conf->wep_rekeying_period > 0) {
+		eloop_register_timeout(hapd->conf->wep_rekeying_period, 0,
+				       ieee802_1x_rekey, hapd, NULL);
+	}
+}
+
+
+static void ieee802_1x_eapol_send(void *ctx, void *sta_ctx, u8 type,
+				  const u8 *data, size_t datalen)
+{
+	ieee802_1x_send(ctx, sta_ctx, type, data, datalen);
+}
+
+
+static void ieee802_1x_aaa_send(void *ctx, void *sta_ctx,
+				const u8 *data, size_t datalen)
+{
+	struct hostapd_data *hapd = ctx;
+	struct sta_info *sta = sta_ctx;
+
+	ieee802_1x_encapsulate_radius(hapd, sta, data, datalen);
+}
+
+
+static void _ieee802_1x_finished(void *ctx, void *sta_ctx, int success,
+				 int preauth)
+{
+	struct hostapd_data *hapd = ctx;
+	struct sta_info *sta = sta_ctx;
+	if (preauth)
+		rsn_preauth_finished(hapd, sta, success);
+	else
+		ieee802_1x_finished(hapd, sta, success);
+}
+
+
+static int ieee802_1x_get_eap_user(void *ctx, const u8 *identity,
+				   size_t identity_len, int phase2,
+				   struct eap_user *user)
+{
+	struct hostapd_data *hapd = ctx;
+	const struct hostapd_eap_user *eap_user;
+	int i, count;
+
+	eap_user = hostapd_get_eap_user(hapd->conf, identity,
+					identity_len, phase2);
+	if (eap_user == NULL)
+		return -1;
+
+	os_memset(user, 0, sizeof(*user));
+	user->phase2 = phase2;
+	count = EAP_USER_MAX_METHODS;
+	if (count > EAP_MAX_METHODS)
+		count = EAP_MAX_METHODS;
+	for (i = 0; i < count; i++) {
+		user->methods[i].vendor = eap_user->methods[i].vendor;
+		user->methods[i].method = eap_user->methods[i].method;
+	}
+
+	if (eap_user->password) {
+		user->password = os_malloc(eap_user->password_len);
+		if (user->password == NULL)
+			return -1;
+		os_memcpy(user->password, eap_user->password,
+			  eap_user->password_len);
+		user->password_len = eap_user->password_len;
+	}
+	user->force_version = eap_user->force_version;
+	user->ttls_auth = eap_user->ttls_auth;
+
+	return 0;
+}
+
+
+static int ieee802_1x_sta_entry_alive(void *ctx, const u8 *addr)
+{
+	struct hostapd_data *hapd = ctx;
+	struct sta_info *sta;
+	sta = ap_get_sta(hapd, addr);
+	if (sta == NULL || sta->eapol_sm == NULL)
+		return 0;
+	return 1;
+}
+
+
+static void ieee802_1x_logger(void *ctx, const u8 *addr,
+			      eapol_logger_level level, const char *txt)
+{
+	struct hostapd_data *hapd = ctx;
+	int hlevel;
+
+	switch (level) {
+	case EAPOL_LOGGER_WARNING:
+		hlevel = HOSTAPD_LEVEL_WARNING;
+		break;
+	case EAPOL_LOGGER_INFO:
+		hlevel = HOSTAPD_LEVEL_INFO;
+		break;
+	case EAPOL_LOGGER_DEBUG:
+	default:
+		hlevel = HOSTAPD_LEVEL_DEBUG;
+		break;
+	}
+
+	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE8021X, hlevel, "%s",
+		       txt);
+}
+
+
+static void ieee802_1x_set_port_authorized(void *ctx, void *sta_ctx,
+					   int authorized)
+{
+	struct hostapd_data *hapd = ctx;
+	struct sta_info *sta = sta_ctx;
+	ieee802_1x_set_sta_authorized(hapd, sta, authorized);
+}
+
+
+static void _ieee802_1x_abort_auth(void *ctx, void *sta_ctx)
+{
+	struct hostapd_data *hapd = ctx;
+	struct sta_info *sta = sta_ctx;
+	ieee802_1x_abort_auth(hapd, sta);
+}
+
+
+static void _ieee802_1x_tx_key(void *ctx, void *sta_ctx)
+{
+	struct hostapd_data *hapd = ctx;
+	struct sta_info *sta = sta_ctx;
+	ieee802_1x_tx_key(hapd, sta);
+}
+
+
+int ieee802_1x_init(struct hostapd_data *hapd)
+{
+	int i;
+	struct eapol_auth_config conf;
+	struct eapol_auth_cb cb;
+
+	os_memset(&conf, 0, sizeof(conf));
+	conf.hapd = hapd;
+	conf.eap_reauth_period = hapd->conf->eap_reauth_period;
+	conf.wpa = hapd->conf->wpa;
+	conf.individual_wep_key_len = hapd->conf->individual_wep_key_len;
+	conf.eap_server = hapd->conf->eap_server;
+	conf.ssl_ctx = hapd->ssl_ctx;
+	conf.eap_sim_db_priv = hapd->eap_sim_db_priv;
+	conf.eap_req_id_text = hapd->conf->eap_req_id_text;
+	conf.eap_req_id_text_len = hapd->conf->eap_req_id_text_len;
+	conf.pac_opaque_encr_key = hapd->conf->pac_opaque_encr_key;
+	conf.eap_fast_a_id = hapd->conf->eap_fast_a_id;
+	conf.eap_sim_aka_result_ind = hapd->conf->eap_sim_aka_result_ind;
+
+	os_memset(&cb, 0, sizeof(cb));
+	cb.eapol_send = ieee802_1x_eapol_send;
+	cb.aaa_send = ieee802_1x_aaa_send;
+	cb.finished = _ieee802_1x_finished;
+	cb.get_eap_user = ieee802_1x_get_eap_user;
+	cb.sta_entry_alive = ieee802_1x_sta_entry_alive;
+	cb.logger = ieee802_1x_logger;
+	cb.set_port_authorized = ieee802_1x_set_port_authorized;
+	cb.abort_auth = _ieee802_1x_abort_auth;
+	cb.tx_key = _ieee802_1x_tx_key;
+
+	hapd->eapol_auth = eapol_auth_init(&conf, &cb);
+	if (hapd->eapol_auth == NULL)
+		return -1;
+
+	if ((hapd->conf->ieee802_1x || hapd->conf->wpa) &&
+	    hostapd_set_ieee8021x(hapd->conf->iface, hapd, 1))
+		return -1;
+
+	if (radius_client_register(hapd->radius, RADIUS_AUTH,
+				   ieee802_1x_receive_auth, hapd))
+		return -1;
+
+	if (hapd->conf->default_wep_key_len) {
+		hostapd_set_privacy(hapd, 1);
+
+		for (i = 0; i < 4; i++)
+			hostapd_set_encryption(hapd->conf->iface, hapd,
+					       "none", NULL, i, NULL, 0, 0);
+
+		ieee802_1x_rekey(hapd, NULL);
+
+		if (hapd->default_wep_key == NULL)
+			return -1;
+	}
+
+	return 0;
+}
+
+
+void ieee802_1x_deinit(struct hostapd_data *hapd)
+{
+	eloop_cancel_timeout(ieee802_1x_rekey, hapd, NULL);
+
+	if (hapd->driver != NULL &&
+	    (hapd->conf->ieee802_1x || hapd->conf->wpa))
+		hostapd_set_ieee8021x(hapd->conf->iface, hapd, 0);
+
+	eapol_auth_deinit(hapd->eapol_auth);
+	hapd->eapol_auth = NULL;
+}
+
+
+int ieee802_1x_reconfig(struct hostapd_data *hapd, 
+			struct hostapd_config *oldconf,
+			struct hostapd_bss_config *oldbss)
+{
+	ieee802_1x_deinit(hapd);
+	return ieee802_1x_init(hapd);
+}
+
+
+int ieee802_1x_tx_status(struct hostapd_data *hapd, struct sta_info *sta,
+			 u8 *buf, size_t len, int ack)
+{
+	struct ieee80211_hdr *hdr;
+	struct ieee802_1x_hdr *xhdr;
+	struct ieee802_1x_eapol_key *key;
+	u8 *pos;
+	const unsigned char rfc1042_hdr[ETH_ALEN] =
+		{ 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
+
+	if (sta == NULL)
+		return -1;
+	if (len < sizeof(*hdr) + sizeof(rfc1042_hdr) + 2 + sizeof(*xhdr))
+		return 0;
+
+	hdr = (struct ieee80211_hdr *) buf;
+	pos = (u8 *) (hdr + 1);
+	if (os_memcmp(pos, rfc1042_hdr, sizeof(rfc1042_hdr)) != 0)
+		return 0;
+	pos += sizeof(rfc1042_hdr);
+	if (WPA_GET_BE16(pos) != ETH_P_PAE)
+		return 0;
+	pos += 2;
+
+	xhdr = (struct ieee802_1x_hdr *) pos;
+	pos += sizeof(*xhdr);
+
+	wpa_printf(MSG_DEBUG, "IEEE 802.1X: " MACSTR " TX status - version=%d "
+		   "type=%d length=%d - ack=%d",
+		   MAC2STR(sta->addr), xhdr->version, xhdr->type,
+		   be_to_host16(xhdr->length), ack);
+
+	/* EAPOL EAP-Packet packets are eventually re-sent by either Supplicant
+	 * or Authenticator state machines, but EAPOL-Key packets are not
+	 * retransmitted in case of failure. Try to re-sent failed EAPOL-Key
+	 * packets couple of times because otherwise STA keys become
+	 * unsynchronized with AP. */
+	if (xhdr->type == IEEE802_1X_TYPE_EAPOL_KEY && !ack &&
+	    pos + sizeof(*key) <= buf + len) {
+		key = (struct ieee802_1x_eapol_key *) pos;
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+			       HOSTAPD_LEVEL_DEBUG, "did not Ack EAPOL-Key "
+			       "frame (%scast index=%d)",
+			       key->key_index & BIT(7) ? "uni" : "broad",
+			       key->key_index & ~BIT(7));
+		/* TODO: re-send EAPOL-Key couple of times (with short delay
+		 * between them?). If all attempt fail, report error and
+		 * deauthenticate STA so that it will get new keys when
+		 * authenticating again (e.g., after returning in range).
+		 * Separate limit/transmit state needed both for unicast and
+		 * broadcast keys(?) */
+	}
+	/* TODO: could move unicast key configuration from ieee802_1x_tx_key()
+	 * to here and change the key only if the EAPOL-Key packet was Acked.
+	 */
+
+	return 1;
+}
+
+
+u8 * ieee802_1x_get_identity(struct eapol_state_machine *sm, size_t *len)
+{
+	if (sm == NULL || sm->identity == NULL)
+		return NULL;
+
+	*len = sm->identity_len;
+	return sm->identity;
+}
+
+
+u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len,
+				 int idx)
+{
+	if (sm == NULL || sm->radius_class.attr == NULL ||
+	    idx >= (int) sm->radius_class.count)
+		return NULL;
+
+	*len = sm->radius_class.attr[idx].len;
+	return sm->radius_class.attr[idx].data;
+}
+
+
+const u8 * ieee802_1x_get_key(struct eapol_state_machine *sm, size_t *len)
+{
+	if (sm == NULL)
+		return NULL;
+
+	*len = sm->eap_if->eapKeyDataLen;
+	return sm->eap_if->eapKeyData;
+}
+
+
+void ieee802_1x_notify_port_enabled(struct eapol_state_machine *sm,
+				    int enabled)
+{
+	if (sm == NULL)
+		return;
+	sm->eap_if->portEnabled = enabled ? TRUE : FALSE;
+	eapol_auth_step(sm);
+}
+
+
+void ieee802_1x_notify_port_valid(struct eapol_state_machine *sm,
+				  int valid)
+{
+	if (sm == NULL)
+		return;
+	sm->portValid = valid ? TRUE : FALSE;
+	eapol_auth_step(sm);
+}
+
+
+void ieee802_1x_notify_pre_auth(struct eapol_state_machine *sm, int pre_auth)
+{
+	if (sm == NULL)
+		return;
+	if (pre_auth)
+		sm->flags |= EAPOL_SM_PREAUTH;
+	else
+		sm->flags &= ~EAPOL_SM_PREAUTH;
+}
+
+
+static const char * bool_txt(Boolean bool)
+{
+	return bool ? "TRUE" : "FALSE";
+}
+
+
+int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
+{
+	/* TODO */
+	return 0;
+}
+
+
+int ieee802_1x_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
+			   char *buf, size_t buflen)
+{
+	int len = 0, ret;
+	struct eapol_state_machine *sm = sta->eapol_sm;
+
+	if (sm == NULL)
+		return 0;
+
+	ret = os_snprintf(buf + len, buflen - len,
+			  "dot1xPaePortNumber=%d\n"
+			  "dot1xPaePortProtocolVersion=%d\n"
+			  "dot1xPaePortCapabilities=1\n"
+			  "dot1xPaePortInitialize=%d\n"
+			  "dot1xPaePortReauthenticate=FALSE\n",
+			  sta->aid,
+			  EAPOL_VERSION,
+			  sm->initialize);
+	if (ret < 0 || (size_t) ret >= buflen - len)
+		return len;
+	len += ret;
+
+	/* dot1xAuthConfigTable */
+	ret = os_snprintf(buf + len, buflen - len,
+			  "dot1xAuthPaeState=%d\n"
+			  "dot1xAuthBackendAuthState=%d\n"
+			  "dot1xAuthAdminControlledDirections=%d\n"
+			  "dot1xAuthOperControlledDirections=%d\n"
+			  "dot1xAuthAuthControlledPortStatus=%d\n"
+			  "dot1xAuthAuthControlledPortControl=%d\n"
+			  "dot1xAuthQuietPeriod=%u\n"
+			  "dot1xAuthServerTimeout=%u\n"
+			  "dot1xAuthReAuthPeriod=%u\n"
+			  "dot1xAuthReAuthEnabled=%s\n"
+			  "dot1xAuthKeyTxEnabled=%s\n",
+			  sm->auth_pae_state + 1,
+			  sm->be_auth_state + 1,
+			  sm->adminControlledDirections,
+			  sm->operControlledDirections,
+			  sm->authPortStatus,
+			  sm->portControl,
+			  sm->quietPeriod,
+			  sm->serverTimeout,
+			  sm->reAuthPeriod,
+			  bool_txt(sm->reAuthEnabled),
+			  bool_txt(sm->keyTxEnabled));
+	if (ret < 0 || (size_t) ret >= buflen - len)
+		return len;
+	len += ret;
+
+	/* dot1xAuthStatsTable */
+	ret = os_snprintf(buf + len, buflen - len,
+			  "dot1xAuthEapolFramesRx=%u\n"
+			  "dot1xAuthEapolFramesTx=%u\n"
+			  "dot1xAuthEapolStartFramesRx=%u\n"
+			  "dot1xAuthEapolLogoffFramesRx=%u\n"
+			  "dot1xAuthEapolRespIdFramesRx=%u\n"
+			  "dot1xAuthEapolRespFramesRx=%u\n"
+			  "dot1xAuthEapolReqIdFramesTx=%u\n"
+			  "dot1xAuthEapolReqFramesTx=%u\n"
+			  "dot1xAuthInvalidEapolFramesRx=%u\n"
+			  "dot1xAuthEapLengthErrorFramesRx=%u\n"
+			  "dot1xAuthLastEapolFrameVersion=%u\n"
+			  "dot1xAuthLastEapolFrameSource=" MACSTR "\n",
+			  sm->dot1xAuthEapolFramesRx,
+			  sm->dot1xAuthEapolFramesTx,
+			  sm->dot1xAuthEapolStartFramesRx,
+			  sm->dot1xAuthEapolLogoffFramesRx,
+			  sm->dot1xAuthEapolRespIdFramesRx,
+			  sm->dot1xAuthEapolRespFramesRx,
+			  sm->dot1xAuthEapolReqIdFramesTx,
+			  sm->dot1xAuthEapolReqFramesTx,
+			  sm->dot1xAuthInvalidEapolFramesRx,
+			  sm->dot1xAuthEapLengthErrorFramesRx,
+			  sm->dot1xAuthLastEapolFrameVersion,
+			  MAC2STR(sm->addr));
+	if (ret < 0 || (size_t) ret >= buflen - len)
+		return len;
+	len += ret;
+
+	/* dot1xAuthDiagTable */
+	ret = os_snprintf(buf + len, buflen - len,
+			  "dot1xAuthEntersConnecting=%u\n"
+			  "dot1xAuthEapLogoffsWhileConnecting=%u\n"
+			  "dot1xAuthEntersAuthenticating=%u\n"
+			  "dot1xAuthAuthSuccessesWhileAuthenticating=%u\n"
+			  "dot1xAuthAuthTimeoutsWhileAuthenticating=%u\n"
+			  "dot1xAuthAuthFailWhileAuthenticating=%u\n"
+			  "dot1xAuthAuthEapStartsWhileAuthenticating=%u\n"
+			  "dot1xAuthAuthEapLogoffWhileAuthenticating=%u\n"
+			  "dot1xAuthAuthReauthsWhileAuthenticated=%u\n"
+			  "dot1xAuthAuthEapStartsWhileAuthenticated=%u\n"
+			  "dot1xAuthAuthEapLogoffWhileAuthenticated=%u\n"
+			  "dot1xAuthBackendResponses=%u\n"
+			  "dot1xAuthBackendAccessChallenges=%u\n"
+			  "dot1xAuthBackendOtherRequestsToSupplicant=%u\n"
+			  "dot1xAuthBackendAuthSuccesses=%u\n"
+			  "dot1xAuthBackendAuthFails=%u\n",
+			  sm->authEntersConnecting,
+			  sm->authEapLogoffsWhileConnecting,
+			  sm->authEntersAuthenticating,
+			  sm->authAuthSuccessesWhileAuthenticating,
+			  sm->authAuthTimeoutsWhileAuthenticating,
+			  sm->authAuthFailWhileAuthenticating,
+			  sm->authAuthEapStartsWhileAuthenticating,
+			  sm->authAuthEapLogoffWhileAuthenticating,
+			  sm->authAuthReauthsWhileAuthenticated,
+			  sm->authAuthEapStartsWhileAuthenticated,
+			  sm->authAuthEapLogoffWhileAuthenticated,
+			  sm->backendResponses,
+			  sm->backendAccessChallenges,
+			  sm->backendOtherRequestsToSupplicant,
+			  sm->backendAuthSuccesses,
+			  sm->backendAuthFails);
+	if (ret < 0 || (size_t) ret >= buflen - len)
+		return len;
+	len += ret;
+
+	/* dot1xAuthSessionStatsTable */
+	ret = os_snprintf(buf + len, buflen - len,
+			  /* TODO: dot1xAuthSessionOctetsRx */
+			  /* TODO: dot1xAuthSessionOctetsTx */
+			  /* TODO: dot1xAuthSessionFramesRx */
+			  /* TODO: dot1xAuthSessionFramesTx */
+			  "dot1xAuthSessionId=%08X-%08X\n"
+			  "dot1xAuthSessionAuthenticMethod=%d\n"
+			  "dot1xAuthSessionTime=%u\n"
+			  "dot1xAuthSessionTerminateCause=999\n"
+			  "dot1xAuthSessionUserName=%s\n",
+			  sta->acct_session_id_hi, sta->acct_session_id_lo,
+			  (wpa_auth_sta_key_mgmt(sta->wpa_sm) ==
+			   WPA_KEY_MGMT_IEEE8021X ||
+			   wpa_auth_sta_key_mgmt(sta->wpa_sm) ==
+			   WPA_KEY_MGMT_FT_IEEE8021X) ? 1 : 2,
+			  (unsigned int) (time(NULL) -
+					  sta->acct_session_start),
+			  sm->identity);
+	if (ret < 0 || (size_t) ret >= buflen - len)
+		return len;
+	len += ret;
+
+	return len;
+}
+
+
+static void ieee802_1x_finished(struct hostapd_data *hapd,
+				struct sta_info *sta, int success)
+{
+	const u8 *key;
+	size_t len;
+	/* TODO: get PMKLifetime from WPA parameters */
+	static const int dot11RSNAConfigPMKLifetime = 43200;
+
+	key = ieee802_1x_get_key(sta->eapol_sm, &len);
+	if (success && key && len >= PMK_LEN &&
+	    wpa_auth_pmksa_add(sta->wpa_sm, key, dot11RSNAConfigPMKLifetime,
+			       sta->eapol_sm) == 0) {
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
+			       HOSTAPD_LEVEL_DEBUG,
+			       "Added PMKSA cache entry (IEEE 802.1X)");
+	}
+}

hostapd/ieee802_1x.h

@@ -0,0 +1,87 @@
+/*
+ * hostapd / IEEE 802.1X-2004 Authenticator
+ * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef IEEE802_1X_H
+#define IEEE802_1X_H
+
+struct hostapd_data;
+struct sta_info;
+struct eapol_state_machine;
+struct hostapd_config;
+struct hostapd_bss_config;
+
+/* RFC 3580, 4. RC4 EAPOL-Key Frame */
+
+struct ieee802_1x_eapol_key {
+	u8 type;
+	u16 key_length;
+	u8 replay_counter[8]; /* does not repeat within the life of the keying
+			       * material used to encrypt the Key field;
+			       * 64-bit NTP timestamp MAY be used here */
+	u8 key_iv[16]; /* cryptographically random number */
+	u8 key_index; /* key flag in the most significant bit:
+		       * 0 = broadcast (default key),
+		       * 1 = unicast (key mapping key); key index is in the
+		       * 7 least significant bits */
+	u8 key_signature[16]; /* HMAC-MD5 message integrity check computed with
+			       * MS-MPPE-Send-Key as the key */
+
+	/* followed by key: if packet body length = 44 + key length, then the
+	 * key field (of key_length bytes) contains the key in encrypted form;
+	 * if packet body length = 44, key field is absent and key_length
+	 * represents the number of least significant octets from
+	 * MS-MPPE-Send-Key attribute to be used as the keying material;
+	 * RC4 key used in encryption = Key-IV + MS-MPPE-Recv-Key */
+} __attribute__ ((packed));
+
+
+void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
+			size_t len);
+void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta);
+void ieee802_1x_free_station(struct sta_info *sta);
+
+void ieee802_1x_tx_key(struct hostapd_data *hapd, struct sta_info *sta);
+void ieee802_1x_abort_auth(struct hostapd_data *hapd, struct sta_info *sta);
+void ieee802_1x_set_sta_authorized(struct hostapd_data *hapd,
+				   struct sta_info *sta, int authorized);
+void ieee802_1x_dump_state(FILE *f, const char *prefix, struct sta_info *sta);
+int ieee802_1x_init(struct hostapd_data *hapd);
+void ieee802_1x_deinit(struct hostapd_data *hapd);
+int ieee802_1x_reconfig(struct hostapd_data *hapd,
+			struct hostapd_config *oldconf,
+			struct hostapd_bss_config *oldbss);
+int ieee802_1x_tx_status(struct hostapd_data *hapd, struct sta_info *sta,
+			 u8 *buf, size_t len, int ack);
+u8 * ieee802_1x_get_identity(struct eapol_state_machine *sm, size_t *len);
+u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len,
+				 int idx);
+const u8 * ieee802_1x_get_key(struct eapol_state_machine *sm, size_t *len);
+void ieee802_1x_notify_port_enabled(struct eapol_state_machine *sm,
+				    int enabled);
+void ieee802_1x_notify_port_valid(struct eapol_state_machine *sm,
+				  int valid);
+void ieee802_1x_notify_pre_auth(struct eapol_state_machine *sm, int pre_auth);
+int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen);
+int ieee802_1x_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
+			   char *buf, size_t buflen);
+void hostapd_get_ntp_timestamp(u8 *buf);
+char *eap_type_text(u8 type);
+
+struct radius_class_data;
+
+void ieee802_1x_free_radius_class(struct radius_class_data *class);
+int ieee802_1x_copy_radius_class(struct radius_class_data *dst,
+				 struct radius_class_data *src);
+
+#endif /* IEEE802_1X_H */

hostapd/logwatch/README

@@ -0,0 +1,9 @@
+Logwatch is a utility for analyzing system logs and provide a human
+readable summary. This directory has a configuration file and a log
+analyzer script for parsing hostapd system log entries for logwatch.
+These files can be installed by copying them to following locations:
+
+/etc/log.d/conf/services/hostapd.conf
+/etc/log.d/scripts/services/hostapd
+
+More information about logwatch is available from http://www.logwatch.org/

hostapd/logwatch/hostapd.conf

@@ -0,0 +1,10 @@
+# Logwatch configuration for hostapd
+#
+# Copyright 2005 Henrik Brix Andersen <brix@gentoo.org>
+# Distributed under the terms of the GNU General Public License v2
+# Alternatively, this file may be distributed under the terms of the BSD License
+
+Title = "hostapd"
+LogFile = messages
+*OnlyService = hostapd
+*RemoveHeaders

hostapd/mlme.c

@@ -0,0 +1,180 @@
+/*
+ * hostapd / IEEE 802.11 MLME
+ * Copyright 2003-2006, Jouni Malinen <j@w1.fi>
+ * Copyright 2003-2004, Instant802 Networks, Inc.
+ * Copyright 2005-2006, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "hostapd.h"
+#include "ieee802_11.h"
+#include "wpa.h"
+#include "mlme.h"
+
+
+static const char * mlme_auth_alg_str(int alg)
+{
+	switch (alg) {
+	case WLAN_AUTH_OPEN:
+		return "OPEN_SYSTEM";
+	case WLAN_AUTH_SHARED_KEY:
+		return "SHARED_KEY";
+	case WLAN_AUTH_FT:
+		return "FT";
+	}
+
+	return "unknown";
+}
+
+
+/**
+ * mlme_authenticate_indication - Report the establishment of an authentication
+ * relationship with a specific peer MAC entity
+ * @hapd: BSS data
+ * @sta: peer STA data
+ *
+ * MLME calls this function as a result of the establishment of an
+ * authentication relationship with a specific peer MAC entity that
+ * resulted from an authentication procedure that was initiated by
+ * that specific peer MAC entity.
+ *
+ * PeerSTAAddress = sta->addr
+ * AuthenticationType = sta->auth_alg (WLAN_AUTH_OPEN / WLAN_AUTH_SHARED_KEY)
+ */
+void mlme_authenticate_indication(struct hostapd_data *hapd,
+				  struct sta_info *sta)
+{
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_MLME,
+		       HOSTAPD_LEVEL_DEBUG,
+		       "MLME-AUTHENTICATE.indication(" MACSTR ", %s)",
+		       MAC2STR(sta->addr), mlme_auth_alg_str(sta->auth_alg));
+	if (sta->auth_alg != WLAN_AUTH_FT)
+		mlme_deletekeys_request(hapd, sta);
+}
+
+
+/**
+ * mlme_deauthenticate_indication - Report the invalidation of an
+ * authentication relationship with a specific peer MAC entity
+ * @hapd: BSS data
+ * @sta: Peer STA data
+ * @reason_code: ReasonCode from Deauthentication frame
+ *
+ * MLME calls this function as a result of the invalidation of an
+ * authentication relationship with a specific peer MAC entity.
+ *
+ * PeerSTAAddress = sta->addr
+ */
+void mlme_deauthenticate_indication(struct hostapd_data *hapd,
+				    struct sta_info *sta, u16 reason_code)
+{
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_MLME,
+		       HOSTAPD_LEVEL_DEBUG,
+		       "MLME-DEAUTHENTICATE.indication(" MACSTR ", %d)",
+		       MAC2STR(sta->addr), reason_code);
+	mlme_deletekeys_request(hapd, sta);
+}
+
+
+/**
+ * mlme_associate_indication - Report the establishment of an association with
+ * a specific peer MAC entity
+ * @hapd: BSS data
+ * @sta: peer STA data
+ *
+ * MLME calls this function as a result of the establishment of an
+ * association with a specific peer MAC entity that resulted from an
+ * association procedure that was initiated by that specific peer MAC entity.
+ *
+ * PeerSTAAddress = sta->addr
+ */
+void mlme_associate_indication(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_MLME,
+		       HOSTAPD_LEVEL_DEBUG,
+		       "MLME-ASSOCIATE.indication(" MACSTR ")",
+		       MAC2STR(sta->addr));
+	if (sta->auth_alg != WLAN_AUTH_FT)
+		mlme_deletekeys_request(hapd, sta);
+}
+
+
+/**
+ * mlme_reassociate_indication - Report the establishment of an reassociation
+ * with a specific peer MAC entity
+ * @hapd: BSS data
+ * @sta: peer STA data
+ *
+ * MLME calls this function as a result of the establishment of an
+ * reassociation with a specific peer MAC entity that resulted from a
+ * reassociation procedure that was initiated by that specific peer MAC entity.
+ *
+ * PeerSTAAddress = sta->addr
+ *
+ * sta->previous_ap contains the "Current AP" information from ReassocReq.
+ */
+void mlme_reassociate_indication(struct hostapd_data *hapd,
+				 struct sta_info *sta)
+{
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_MLME,
+		       HOSTAPD_LEVEL_DEBUG,
+		       "MLME-REASSOCIATE.indication(" MACSTR ")",
+		       MAC2STR(sta->addr));
+	if (sta->auth_alg != WLAN_AUTH_FT)
+		mlme_deletekeys_request(hapd, sta);
+}
+
+
+/**
+ * mlme_disassociate_indication - Report disassociation with a specific peer
+ * MAC entity
+ * @hapd: BSS data
+ * @sta: Peer STA data
+ * @reason_code: ReasonCode from Disassociation frame
+ *
+ * MLME calls this function as a result of the invalidation of an association
+ * relationship with a specific peer MAC entity.
+ *
+ * PeerSTAAddress = sta->addr
+ */
+void mlme_disassociate_indication(struct hostapd_data *hapd,
+				  struct sta_info *sta, u16 reason_code)
+{
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_MLME,
+		       HOSTAPD_LEVEL_DEBUG,
+		       "MLME-DISASSOCIATE.indication(" MACSTR ", %d)",
+		       MAC2STR(sta->addr), reason_code);
+	mlme_deletekeys_request(hapd, sta);
+}
+
+
+void mlme_michaelmicfailure_indication(struct hostapd_data *hapd,
+				       const u8 *addr)
+{
+	hostapd_logger(hapd, addr, HOSTAPD_MODULE_MLME,
+		       HOSTAPD_LEVEL_DEBUG,
+		       "MLME-MichaelMICFailure.indication(" MACSTR ")",
+		       MAC2STR(addr));
+}
+
+
+void mlme_deletekeys_request(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_MLME,
+		       HOSTAPD_LEVEL_DEBUG,
+		       "MLME-DELETEKEYS.request(" MACSTR ")",
+		       MAC2STR(sta->addr));
+
+	if (sta->wpa_sm)
+		wpa_remove_ptk(sta->wpa_sm);
+}

hostapd/mlme.h

@@ -0,0 +1,40 @@
+/*
+ * hostapd / IEEE 802.11 MLME
+ * Copyright 2003, Jouni Malinen <j@w1.fi>
+ * Copyright 2003-2004, Instant802 Networks, Inc.
+ * Copyright 2005-2006, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef MLME_H
+#define MLME_H
+
+void mlme_authenticate_indication(struct hostapd_data *hapd,
+				  struct sta_info *sta);
+
+void mlme_deauthenticate_indication(struct hostapd_data *hapd,
+				    struct sta_info *sta, u16 reason_code);
+
+void mlme_associate_indication(struct hostapd_data *hapd,
+			       struct sta_info *sta);
+
+void mlme_reassociate_indication(struct hostapd_data *hapd,
+				 struct sta_info *sta);
+
+void mlme_disassociate_indication(struct hostapd_data *hapd,
+				  struct sta_info *sta, u16 reason_code);
+
+void mlme_michaelmicfailure_indication(struct hostapd_data *hapd,
+				       const u8 *addr);
+
+void mlme_deletekeys_request(struct hostapd_data *hapd, struct sta_info *sta);
+
+#endif /* MLME_H */

hostapd/nt_password_hash.c

@@ -0,0 +1,52 @@
+/*
+ * hostapd - Plaintext password to NtPasswordHash
+ * Copyright (c) 2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "ms_funcs.h"
+
+
+int main(int argc, char *argv[])
+{
+	unsigned char password_hash[16];
+	size_t i;
+	char *password, buf[64], *pos;
+
+	if (argc > 1)
+		password = argv[1];
+	else {
+		if (fgets(buf, sizeof(buf), stdin) == NULL) {
+			printf("Failed to read password\n");
+			return 1;
+		}
+		buf[sizeof(buf) - 1] = '\0';
+		pos = buf;
+		while (*pos != '\0') {
+			if (*pos == '\r' || *pos == '\n') {
+				*pos = '\0';
+				break;
+			}
+			pos++;
+		}
+		password = buf;
+	}
+
+	nt_password_hash((u8 *) password, strlen(password), password_hash);
+	for (i = 0; i < sizeof(password_hash); i++)
+		printf("%02x", password_hash[i]);
+	printf("\n");
+
+	return 0;
+}

hostapd/peerkey.c

@@ -0,0 +1,396 @@
+/*
+ * hostapd - PeerKey for Direct Link Setup (DLS)
+ * Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "eloop.h"
+#include "sha1.h"
+#include "wpa.h"
+#include "defs.h"
+#include "wpa_auth_i.h"
+#include "wpa_auth_ie.h"
+
+#ifdef CONFIG_PEERKEY
+
+static void wpa_stsl_step(void *eloop_ctx, void *timeout_ctx)
+{
+#if 0
+	struct wpa_authenticator *wpa_auth = eloop_ctx;
+	struct wpa_stsl_negotiation *neg = timeout_ctx;
+#endif
+
+	/* TODO: ? */
+}
+
+
+struct wpa_stsl_search {
+	const u8 *addr;
+	struct wpa_state_machine *sm;
+};
+
+
+static int wpa_stsl_select_sta(struct wpa_state_machine *sm, void *ctx)
+{
+	struct wpa_stsl_search *search = ctx;
+	if (os_memcmp(search->addr, sm->addr, ETH_ALEN) == 0) {
+		search->sm = sm;
+		return 1;
+	}
+	return 0;
+}
+
+
+static void wpa_smk_send_error(struct wpa_authenticator *wpa_auth,
+			       struct wpa_state_machine *sm, const u8 *peer,
+			       u16 mui, u16 error_type)
+{
+	u8 kde[2 + RSN_SELECTOR_LEN + ETH_ALEN +
+	       2 + RSN_SELECTOR_LEN + sizeof(struct rsn_error_kde)];
+	u8 *pos;
+	struct rsn_error_kde error;
+
+	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
+			"Sending SMK Error");
+
+	pos = kde;
+
+	if (peer) {
+		pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN,
+				  NULL, 0);
+	}
+
+	error.mui = host_to_be16(mui);
+	error.error_type = host_to_be16(error_type);
+	pos = wpa_add_kde(pos, RSN_KEY_DATA_ERROR,
+			  (u8 *) &error, sizeof(error), NULL, 0);
+
+	__wpa_send_eapol(wpa_auth, sm,
+			 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
+			 WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_ERROR,
+			 NULL, NULL, kde, pos - kde, 0, 0, 0);
+}
+
+
+void wpa_smk_m1(struct wpa_authenticator *wpa_auth,
+		struct wpa_state_machine *sm, struct wpa_eapol_key *key)
+{
+	struct wpa_eapol_ie_parse kde;
+	struct wpa_stsl_search search;
+	u8 *buf, *pos;
+	size_t buf_len;
+
+	if (wpa_parse_kde_ies((const u8 *) (key + 1),
+			      WPA_GET_BE16(key->key_data_length), &kde) < 0) {
+		wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M1");
+		return;
+	}
+
+	if (kde.rsn_ie == NULL || kde.mac_addr == NULL ||
+	    kde.mac_addr_len < ETH_ALEN) {
+		wpa_printf(MSG_INFO, "RSN: No RSN IE or MAC address KDE in "
+			   "SMK M1");
+		return;
+	}
+
+	/* Initiator = sm->addr; Peer = kde.mac_addr */
+
+	search.addr = kde.mac_addr;
+	search.sm = NULL;
+	if (wpa_auth_for_each_sta(wpa_auth, wpa_stsl_select_sta, &search) ==
+	    0 || search.sm == NULL) {
+		wpa_printf(MSG_DEBUG, "RSN: SMK handshake with " MACSTR
+			   " aborted - STA not associated anymore",
+			   MAC2STR(kde.mac_addr));
+		wpa_smk_send_error(wpa_auth, sm, kde.mac_addr, STK_MUI_SMK,
+				   STK_ERR_STA_NR);
+		/* FIX: wpa_stsl_remove(wpa_auth, neg); */
+		return;
+	}
+
+	buf_len = kde.rsn_ie_len + 2 + RSN_SELECTOR_LEN + ETH_ALEN;
+	buf = os_malloc(buf_len);
+	if (buf == NULL)
+		return;
+	/* Initiator RSN IE */
+	os_memcpy(buf, kde.rsn_ie, kde.rsn_ie_len);
+	pos = buf + kde.rsn_ie_len;
+	/* Initiator MAC Address */
+	pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, sm->addr, ETH_ALEN,
+			  NULL, 0);
+
+	/* SMK M2:
+	 * EAPOL-Key(S=1, M=1, A=1, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce,
+	 *           MIC=MIC, DataKDs=(RSNIE_I, MAC_I KDE)
+	 */
+
+	wpa_auth_logger(wpa_auth, search.sm->addr, LOGGER_DEBUG,
+			"Sending SMK M2");
+
+	__wpa_send_eapol(wpa_auth, search.sm,
+			 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
+			 WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE,
+			 NULL, key->key_nonce, buf, pos - buf, 0, 0, 0);
+
+	os_free(buf);
+}
+
+
+static void wpa_send_smk_m4(struct wpa_authenticator *wpa_auth,
+			    struct wpa_state_machine *sm,
+			    struct wpa_eapol_key *key,
+			    struct wpa_eapol_ie_parse *kde,
+			    const u8 *smk)
+{
+	u8 *buf, *pos;
+	size_t buf_len;
+	u32 lifetime;
+
+	/* SMK M4:
+	 * EAPOL-Key(S=1, M=1, A=0, I=1, K=0, SM=1, KeyRSC=0, Nonce=PNonce,
+	 *           MIC=MIC, DataKDs=(MAC_I KDE, INonce KDE, SMK KDE,
+	 *           Lifetime KDE)
+	 */
+
+	buf_len = 2 + RSN_SELECTOR_LEN + ETH_ALEN +
+		2 + RSN_SELECTOR_LEN + WPA_NONCE_LEN +
+		2 + RSN_SELECTOR_LEN + PMK_LEN + WPA_NONCE_LEN +
+		2 + RSN_SELECTOR_LEN + sizeof(lifetime);
+	pos = buf = os_malloc(buf_len);
+	if (buf == NULL)
+		return;
+
+	/* Initiator MAC Address */
+	pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, kde->mac_addr, ETH_ALEN,
+			  NULL, 0);
+
+	/* Initiator Nonce */
+	pos = wpa_add_kde(pos, RSN_KEY_DATA_NONCE, kde->nonce, WPA_NONCE_LEN,
+			  NULL, 0);
+
+	/* SMK with PNonce */
+	pos = wpa_add_kde(pos, RSN_KEY_DATA_SMK, smk, PMK_LEN,
+			  key->key_nonce, WPA_NONCE_LEN);
+
+	/* Lifetime */
+	lifetime = htonl(43200); /* dot11RSNAConfigSMKLifetime */
+	pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
+			  (u8 *) &lifetime, sizeof(lifetime), NULL, 0);
+
+	wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
+			"Sending SMK M4");
+
+	__wpa_send_eapol(wpa_auth, sm,
+			 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
+			 WPA_KEY_INFO_INSTALL | WPA_KEY_INFO_SMK_MESSAGE,
+			 NULL, key->key_nonce, buf, pos - buf, 0, 1, 0);
+
+	os_free(buf);
+}
+
+
+static void wpa_send_smk_m5(struct wpa_authenticator *wpa_auth,
+			    struct wpa_state_machine *sm,
+			    struct wpa_eapol_key *key,
+			    struct wpa_eapol_ie_parse *kde,
+			    const u8 *smk, const u8 *peer)
+{
+	u8 *buf, *pos;
+	size_t buf_len;
+	u32 lifetime;
+
+	/* SMK M5:
+	 * EAPOL-Key(S=1, M=1, A=0, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce,
+	 *           MIC=MIC, DataKDs=(RSNIE_P, MAC_P KDE, PNonce, SMK KDE,
+	 *                             Lifetime KDE))
+	 */
+
+	buf_len = kde->rsn_ie_len +
+		2 + RSN_SELECTOR_LEN + ETH_ALEN +
+		2 + RSN_SELECTOR_LEN + WPA_NONCE_LEN +
+		2 + RSN_SELECTOR_LEN + PMK_LEN + WPA_NONCE_LEN +
+		2 + RSN_SELECTOR_LEN + sizeof(lifetime);
+	pos = buf = os_malloc(buf_len);
+	if (buf == NULL)
+		return;
+
+	/* Peer RSN IE */
+	os_memcpy(buf, kde->rsn_ie, kde->rsn_ie_len);
+	pos = buf + kde->rsn_ie_len;
+
+	/* Peer MAC Address */
+	pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN, NULL, 0);
+
+	/* PNonce */
+	pos = wpa_add_kde(pos, RSN_KEY_DATA_NONCE, key->key_nonce,
+			  WPA_NONCE_LEN, NULL, 0);
+
+	/* SMK and INonce */
+	pos = wpa_add_kde(pos, RSN_KEY_DATA_SMK, smk, PMK_LEN,
+			  kde->nonce, WPA_NONCE_LEN);
+
+	/* Lifetime */
+	lifetime = htonl(43200); /* dot11RSNAConfigSMKLifetime */
+	pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
+			  (u8 *) &lifetime, sizeof(lifetime), NULL, 0);
+
+	wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
+			"Sending SMK M5");
+
+	__wpa_send_eapol(wpa_auth, sm,
+			 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
+			 WPA_KEY_INFO_SMK_MESSAGE,
+			 NULL, kde->nonce, buf, pos - buf, 0, 1, 0);
+
+	os_free(buf);
+}
+
+
+void wpa_smk_m3(struct wpa_authenticator *wpa_auth,
+		struct wpa_state_machine *sm, struct wpa_eapol_key *key)
+{
+	struct wpa_eapol_ie_parse kde;
+	struct wpa_stsl_search search;
+	u8 smk[32], buf[ETH_ALEN + 8 + 2 * WPA_NONCE_LEN], *pos;
+
+	if (wpa_parse_kde_ies((const u8 *) (key + 1),
+			      WPA_GET_BE16(key->key_data_length), &kde) < 0) {
+		wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M3");
+		return;
+	}
+
+	if (kde.rsn_ie == NULL ||
+	    kde.mac_addr == NULL || kde.mac_addr_len < ETH_ALEN ||
+	    kde.nonce == NULL || kde.nonce_len < WPA_NONCE_LEN) {
+		wpa_printf(MSG_INFO, "RSN: No RSN IE, MAC address KDE, or "
+			   "Nonce KDE in SMK M3");
+		return;
+	}
+
+	/* Peer = sm->addr; Initiator = kde.mac_addr;
+	 * Peer Nonce = key->key_nonce; Initiator Nonce = kde.nonce */
+
+	search.addr = kde.mac_addr;
+	search.sm = NULL;
+	if (wpa_auth_for_each_sta(wpa_auth, wpa_stsl_select_sta, &search) ==
+	    0 || search.sm == NULL) {
+		wpa_printf(MSG_DEBUG, "RSN: SMK handshake with " MACSTR
+			   " aborted - STA not associated anymore",
+			   MAC2STR(kde.mac_addr));
+		wpa_smk_send_error(wpa_auth, sm, kde.mac_addr, STK_MUI_SMK,
+				   STK_ERR_STA_NR);
+		/* FIX: wpa_stsl_remove(wpa_auth, neg); */
+		return;
+	}
+
+	if (os_get_random(smk, PMK_LEN)) {
+		wpa_printf(MSG_DEBUG, "RSN: Failed to generate SMK");
+		return;
+	}
+
+	/* SMK = PRF-256(Random number, "SMK Derivation",
+	 *               AA || Time || INonce || PNonce)
+	 */
+	os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
+	pos = buf + ETH_ALEN;
+	wpa_get_ntp_timestamp(pos);
+	pos += 8;
+	os_memcpy(pos, kde.nonce, WPA_NONCE_LEN);
+	pos += WPA_NONCE_LEN;
+	os_memcpy(pos, key->key_nonce, WPA_NONCE_LEN);
+	sha1_prf(smk, PMK_LEN, "SMK Derivation", buf, sizeof(buf),
+		 smk, PMK_LEN);
+
+	wpa_hexdump_key(MSG_DEBUG, "RSN: SMK", smk, PMK_LEN);
+
+	wpa_send_smk_m4(wpa_auth, sm, key, &kde, smk);
+	wpa_send_smk_m5(wpa_auth, search.sm, key, &kde, smk, sm->addr);
+
+	/* Authenticator does not need SMK anymore and it is required to forget
+	 * it. */
+	os_memset(smk, 0, sizeof(*smk));
+}
+
+
+void wpa_smk_error(struct wpa_authenticator *wpa_auth,
+		   struct wpa_state_machine *sm, struct wpa_eapol_key *key)
+{
+	struct wpa_eapol_ie_parse kde;
+	struct wpa_stsl_search search;
+	struct rsn_error_kde error;
+	u16 mui, error_type;
+
+	if (wpa_parse_kde_ies((const u8 *) (key + 1),
+			      WPA_GET_BE16(key->key_data_length), &kde) < 0) {
+		wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK Error");
+		return;
+	}
+
+	if (kde.mac_addr == NULL || kde.mac_addr_len < ETH_ALEN ||
+	    kde.error == NULL || kde.error_len < sizeof(error)) {
+		wpa_printf(MSG_INFO, "RSN: No MAC address or Error KDE in "
+			   "SMK Error");
+		return;
+	}
+
+	search.addr = kde.mac_addr;
+	search.sm = NULL;
+	if (wpa_auth_for_each_sta(wpa_auth, wpa_stsl_select_sta, &search) ==
+	    0 || search.sm == NULL) {
+		wpa_printf(MSG_DEBUG, "RSN: Peer STA " MACSTR " not "
+			   "associated for SMK Error message from " MACSTR,
+			   MAC2STR(kde.mac_addr), MAC2STR(sm->addr));
+		return;
+	}
+
+	os_memcpy(&error, kde.error, sizeof(error));
+	mui = be_to_host16(error.mui);
+	error_type = be_to_host16(error.error_type);
+	wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
+			 "STA reported SMK Error: Peer " MACSTR
+			 " MUI %d Error Type %d",
+			 MAC2STR(kde.mac_addr), mui, error_type);
+
+	wpa_smk_send_error(wpa_auth, search.sm, sm->addr, mui, error_type);
+}
+
+
+int wpa_stsl_remove(struct wpa_authenticator *wpa_auth,
+		    struct wpa_stsl_negotiation *neg)
+{
+	struct wpa_stsl_negotiation *pos, *prev;
+
+	if (wpa_auth == NULL)
+		return -1;
+	pos = wpa_auth->stsl_negotiations;
+	prev = NULL;
+	while (pos) {
+		if (pos == neg) {
+			if (prev)
+				prev->next = pos->next;
+			else
+				wpa_auth->stsl_negotiations = pos->next;
+
+			eloop_cancel_timeout(wpa_stsl_step, wpa_auth, pos);
+			os_free(pos);
+			return 0;
+		}
+		prev = pos;
+		pos = pos->next;
+	}
+
+	return -1;
+}
+
+#endif /* CONFIG_PEERKEY */

hostapd/pmksa_cache.c

@@ -0,0 +1,368 @@
+/*
+ * hostapd - PMKSA cache for IEEE 802.11i RSN
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "ap.h"
+#include "config.h"
+#include "common.h"
+#include "eloop.h"
+#include "sha1.h"
+#include "ieee802_1x.h"
+#include "eapol_sm.h"
+#include "pmksa_cache.h"
+
+
+static const int pmksa_cache_max_entries = 1024;
+static const int dot11RSNAConfigPMKLifetime = 43200;
+
+struct rsn_pmksa_cache {
+#define PMKID_HASH_SIZE 128
+#define PMKID_HASH(pmkid) (unsigned int) ((pmkid)[0] & 0x7f)
+	struct rsn_pmksa_cache_entry *pmkid[PMKID_HASH_SIZE];
+	struct rsn_pmksa_cache_entry *pmksa;
+	int pmksa_count;
+
+	void (*free_cb)(struct rsn_pmksa_cache_entry *entry, void *ctx);
+	void *ctx;
+};
+
+
+/**
+ * rsn_pmkid - Calculate PMK identifier
+ * @pmk: Pairwise master key
+ * @pmk_len: Length of pmk in bytes
+ * @aa: Authenticator address
+ * @spa: Supplicant address
+ *
+ * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy
+ * PMKID = HMAC-SHA1-128(PMK, "PMK Name" || AA || SPA)
+ */
+void rsn_pmkid(const u8 *pmk, size_t pmk_len, const u8 *aa, const u8 *spa,
+	       u8 *pmkid)
+{
+	char *title = "PMK Name";
+	const u8 *addr[3];
+	const size_t len[3] = { 8, ETH_ALEN, ETH_ALEN };
+	unsigned char hash[SHA1_MAC_LEN];
+
+	addr[0] = (u8 *) title;
+	addr[1] = aa;
+	addr[2] = spa;
+
+	hmac_sha1_vector(pmk, pmk_len, 3, addr, len, hash);
+	os_memcpy(pmkid, hash, PMKID_LEN);
+}
+
+
+static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa);
+
+
+static void _pmksa_cache_free_entry(struct rsn_pmksa_cache_entry *entry)
+{
+	if (entry == NULL)
+		return;
+	os_free(entry->identity);
+	ieee802_1x_free_radius_class(&entry->radius_class);
+	os_free(entry);
+}
+
+
+static void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa,
+				   struct rsn_pmksa_cache_entry *entry)
+{
+	struct rsn_pmksa_cache_entry *pos, *prev;
+
+	pmksa->pmksa_count--;
+	pmksa->free_cb(entry, pmksa->ctx);
+	pos = pmksa->pmkid[PMKID_HASH(entry->pmkid)];
+	prev = NULL;
+	while (pos) {
+		if (pos == entry) {
+			if (prev != NULL) {
+				prev->hnext = pos->hnext;
+			} else {
+				pmksa->pmkid[PMKID_HASH(entry->pmkid)] =
+					pos->hnext;
+			}
+			break;
+		}
+		prev = pos;
+		pos = pos->hnext;
+	}
+
+	pos = pmksa->pmksa;
+	prev = NULL;
+	while (pos) {
+		if (pos == entry) {
+			if (prev != NULL)
+				prev->next = pos->next;
+			else
+				pmksa->pmksa = pos->next;
+			break;
+		}
+		prev = pos;
+		pos = pos->next;
+	}
+	_pmksa_cache_free_entry(entry);
+}
+
+
+static void pmksa_cache_expire(void *eloop_ctx, void *timeout_ctx)
+{
+	struct rsn_pmksa_cache *pmksa = eloop_ctx;
+	struct os_time now;
+
+	os_get_time(&now);
+	while (pmksa->pmksa && pmksa->pmksa->expiration <= now.sec) {
+		struct rsn_pmksa_cache_entry *entry = pmksa->pmksa;
+		pmksa->pmksa = entry->next;
+		wpa_printf(MSG_DEBUG, "RSN: expired PMKSA cache entry for "
+			   MACSTR, MAC2STR(entry->spa));
+		pmksa_cache_free_entry(pmksa, entry);
+	}
+
+	pmksa_cache_set_expiration(pmksa);
+}
+
+
+static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa)
+{
+	int sec;
+	struct os_time now;
+
+	eloop_cancel_timeout(pmksa_cache_expire, pmksa, NULL);
+	if (pmksa->pmksa == NULL)
+		return;
+	os_get_time(&now);
+	sec = pmksa->pmksa->expiration - now.sec;
+	if (sec < 0)
+		sec = 0;
+	eloop_register_timeout(sec + 1, 0, pmksa_cache_expire, pmksa, NULL);
+}
+
+
+static void pmksa_cache_from_eapol_data(struct rsn_pmksa_cache_entry *entry,
+					struct eapol_state_machine *eapol)
+{
+	if (eapol == NULL)
+		return;
+
+	if (eapol->identity) {
+		entry->identity = os_malloc(eapol->identity_len);
+		if (entry->identity) {
+			entry->identity_len = eapol->identity_len;
+			os_memcpy(entry->identity, eapol->identity,
+				  eapol->identity_len);
+		}
+	}
+
+	ieee802_1x_copy_radius_class(&entry->radius_class,
+				     &eapol->radius_class);
+
+	entry->eap_type_authsrv = eapol->eap_type_authsrv;
+	entry->vlan_id = eapol->sta->vlan_id;
+}
+
+
+void pmksa_cache_to_eapol_data(struct rsn_pmksa_cache_entry *entry,
+			       struct eapol_state_machine *eapol)
+{
+	if (entry == NULL || eapol == NULL)
+		return;
+
+	if (entry->identity) {
+		os_free(eapol->identity);
+		eapol->identity = os_malloc(entry->identity_len);
+		if (eapol->identity) {
+			eapol->identity_len = entry->identity_len;
+			os_memcpy(eapol->identity, entry->identity,
+				  entry->identity_len);
+		}
+		wpa_hexdump_ascii(MSG_DEBUG, "STA identity from PMKSA",
+				  eapol->identity, eapol->identity_len);
+	}
+
+	ieee802_1x_free_radius_class(&eapol->radius_class);
+	ieee802_1x_copy_radius_class(&eapol->radius_class,
+				     &entry->radius_class);
+	if (eapol->radius_class.attr) {
+		wpa_printf(MSG_DEBUG, "Copied %lu Class attribute(s) from "
+			   "PMKSA", (unsigned long) eapol->radius_class.count);
+	}
+
+	eapol->eap_type_authsrv = entry->eap_type_authsrv;
+	eapol->sta->vlan_id = entry->vlan_id;
+}
+
+
+/**
+ * pmksa_cache_add - Add a PMKSA cache entry
+ * @pmksa: Pointer to PMKSA cache data from pmksa_cache_init()
+ * @pmk: The new pairwise master key
+ * @pmk_len: PMK length in bytes, usually PMK_LEN (32)
+ * @aa: Authenticator address
+ * @spa: Supplicant address
+ * @session_timeout: Session timeout
+ * @eapol: Pointer to EAPOL state machine data
+ * Returns: Pointer to the added PMKSA cache entry or %NULL on error
+ *
+ * This function create a PMKSA entry for a new PMK and adds it to the PMKSA
+ * cache. If an old entry is already in the cache for the same Supplicant,
+ * this entry will be replaced with the new entry. PMKID will be calculated
+ * based on the PMK.
+ */
+struct rsn_pmksa_cache_entry *
+pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
+		const u8 *aa, const u8 *spa, int session_timeout,
+		struct eapol_state_machine *eapol)
+{
+	struct rsn_pmksa_cache_entry *entry, *pos, *prev;
+	struct os_time now;
+
+	if (pmk_len > PMK_LEN)
+		return NULL;
+
+	entry = os_zalloc(sizeof(*entry));
+	if (entry == NULL)
+		return NULL;
+	os_memcpy(entry->pmk, pmk, pmk_len);
+	entry->pmk_len = pmk_len;
+	rsn_pmkid(pmk, pmk_len, aa, spa, entry->pmkid);
+	os_get_time(&now);
+	entry->expiration = now.sec;
+	if (session_timeout > 0)
+		entry->expiration += session_timeout;
+	else
+		entry->expiration += dot11RSNAConfigPMKLifetime;
+	entry->akmp = WPA_KEY_MGMT_IEEE8021X;
+	os_memcpy(entry->spa, spa, ETH_ALEN);
+	pmksa_cache_from_eapol_data(entry, eapol);
+
+	/* Replace an old entry for the same STA (if found) with the new entry
+	 */
+	pos = pmksa_cache_get(pmksa, spa, NULL);
+	if (pos)
+		pmksa_cache_free_entry(pmksa, pos);
+
+	if (pmksa->pmksa_count >= pmksa_cache_max_entries && pmksa->pmksa) {
+		/* Remove the oldest entry to make room for the new entry */
+		wpa_printf(MSG_DEBUG, "RSN: removed the oldest PMKSA cache "
+			   "entry (for " MACSTR ") to make room for new one",
+			   MAC2STR(pmksa->pmksa->spa));
+		pmksa_cache_free_entry(pmksa, pmksa->pmksa);
+	}
+
+	/* Add the new entry; order by expiration time */
+	pos = pmksa->pmksa;
+	prev = NULL;
+	while (pos) {
+		if (pos->expiration > entry->expiration)
+			break;
+		prev = pos;
+		pos = pos->next;
+	}
+	if (prev == NULL) {
+		entry->next = pmksa->pmksa;
+		pmksa->pmksa = entry;
+	} else {
+		entry->next = prev->next;
+		prev->next = entry;
+	}
+	entry->hnext = pmksa->pmkid[PMKID_HASH(entry->pmkid)];
+	pmksa->pmkid[PMKID_HASH(entry->pmkid)] = entry;
+
+	pmksa->pmksa_count++;
+	wpa_printf(MSG_DEBUG, "RSN: added PMKSA cache entry for " MACSTR,
+		   MAC2STR(entry->spa));
+	wpa_hexdump(MSG_DEBUG, "RSN: added PMKID", entry->pmkid, PMKID_LEN);
+
+	return entry;
+}
+
+
+/**
+ * pmksa_cache_deinit - Free all entries in PMKSA cache
+ * @pmksa: Pointer to PMKSA cache data from pmksa_cache_init()
+ */
+void pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa)
+{
+	struct rsn_pmksa_cache_entry *entry, *prev;
+	int i;
+
+	if (pmksa == NULL)
+		return;
+
+	entry = pmksa->pmksa;
+	while (entry) {
+		prev = entry;
+		entry = entry->next;
+		_pmksa_cache_free_entry(prev);
+	}
+	eloop_cancel_timeout(pmksa_cache_expire, pmksa, NULL);
+	for (i = 0; i < PMKID_HASH_SIZE; i++)
+		pmksa->pmkid[i] = NULL;
+	os_free(pmksa);
+}
+
+
+/**
+ * pmksa_cache_get - Fetch a PMKSA cache entry
+ * @pmksa: Pointer to PMKSA cache data from pmksa_cache_init()
+ * @spa: Supplicant address or %NULL to match any
+ * @pmkid: PMKID or %NULL to match any
+ * Returns: Pointer to PMKSA cache entry or %NULL if no match was found
+ */
+struct rsn_pmksa_cache_entry * pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
+					       const u8 *spa, const u8 *pmkid)
+{
+	struct rsn_pmksa_cache_entry *entry;
+
+	if (pmkid)
+		entry = pmksa->pmkid[PMKID_HASH(pmkid)];
+	else
+		entry = pmksa->pmksa;
+	while (entry) {
+		if ((spa == NULL ||
+		     os_memcmp(entry->spa, spa, ETH_ALEN) == 0) &&
+		    (pmkid == NULL ||
+		     os_memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0))
+			return entry;
+		entry = pmkid ? entry->hnext : entry->next;
+	}
+	return NULL;
+}
+
+
+/**
+ * pmksa_cache_init - Initialize PMKSA cache
+ * @free_cb: Callback function to be called when a PMKSA cache entry is freed
+ * @ctx: Context pointer for free_cb function
+ * Returns: Pointer to PMKSA cache data or %NULL on failure
+ */
+struct rsn_pmksa_cache *
+pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
+				 void *ctx), void *ctx)
+{
+	struct rsn_pmksa_cache *pmksa;
+
+	pmksa = os_zalloc(sizeof(*pmksa));
+	if (pmksa) {
+		pmksa->free_cb = free_cb;
+		pmksa->ctx = ctx;
+	}
+
+	return pmksa;
+}

hostapd/pmksa_cache.h

@@ -0,0 +1,54 @@
+/*
+ * hostapd - PMKSA cache for IEEE 802.11i RSN
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef PMKSA_CACHE_H
+#define PMKSA_CACHE_H
+
+/**
+ * struct rsn_pmksa_cache_entry - PMKSA cache entry
+ */
+struct rsn_pmksa_cache_entry {
+	struct rsn_pmksa_cache_entry *next, *hnext;
+	u8 pmkid[PMKID_LEN];
+	u8 pmk[PMK_LEN];
+	size_t pmk_len;
+	os_time_t expiration;
+	int akmp; /* WPA_KEY_MGMT_* */
+	u8 spa[ETH_ALEN];
+
+	u8 *identity;
+	size_t identity_len;
+	struct radius_class_data radius_class;
+	u8 eap_type_authsrv;
+	int vlan_id;
+};
+
+struct rsn_pmksa_cache;
+
+struct rsn_pmksa_cache *
+pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
+				 void *ctx), void *ctx);
+void pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa);
+struct rsn_pmksa_cache_entry * pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
+					       const u8 *spa, const u8 *pmkid);
+struct rsn_pmksa_cache_entry *
+pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
+		const u8 *aa, const u8 *spa, int session_timeout,
+		struct eapol_state_machine *eapol);
+void pmksa_cache_to_eapol_data(struct rsn_pmksa_cache_entry *entry,
+			       struct eapol_state_machine *eapol);
+void rsn_pmkid(const u8 *pmk, size_t pmk_len, const u8 *aa, const u8 *spa,
+	       u8 *pmkid);
+
+#endif /* PMKSA_CACHE_H */

hostapd/preauth.c

@@ -0,0 +1,275 @@
+/*
+ * hostapd - Authenticator for IEEE 802.11i RSN pre-authentication
+ * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#ifdef CONFIG_RSN_PREAUTH
+
+#include "hostapd.h"
+#include "l2_packet/l2_packet.h"
+#include "ieee802_1x.h"
+#include "eloop.h"
+#include "sta_info.h"
+#include "wpa_common.h"
+#include "eapol_sm.h"
+#include "wpa.h"
+#include "preauth.h"
+
+#ifndef ETH_P_PREAUTH
+#define ETH_P_PREAUTH 0x88C7 /* IEEE 802.11i pre-authentication */
+#endif /* ETH_P_PREAUTH */
+
+static const int dot11RSNAConfigPMKLifetime = 43200;
+
+struct rsn_preauth_interface {
+	struct rsn_preauth_interface *next;
+	struct hostapd_data *hapd;
+	struct l2_packet_data *l2;
+	char *ifname;
+	int ifindex;
+};
+
+
+static void rsn_preauth_receive(void *ctx, const u8 *src_addr,
+				const u8 *buf, size_t len)
+{
+	struct rsn_preauth_interface *piface = ctx;
+	struct hostapd_data *hapd = piface->hapd;
+	struct ieee802_1x_hdr *hdr;
+	struct sta_info *sta;
+	struct l2_ethhdr *ethhdr;
+
+	wpa_printf(MSG_DEBUG, "RSN: receive pre-auth packet "
+		   "from interface '%s'", piface->ifname);
+	if (len < sizeof(*ethhdr) + sizeof(*hdr)) {
+		wpa_printf(MSG_DEBUG, "RSN: too short pre-auth packet "
+			   "(len=%lu)", (unsigned long) len);
+		return;
+	}
+
+	ethhdr = (struct l2_ethhdr *) buf;
+	hdr = (struct ieee802_1x_hdr *) (ethhdr + 1);
+
+	if (os_memcmp(ethhdr->h_dest, hapd->own_addr, ETH_ALEN) != 0) {
+		wpa_printf(MSG_DEBUG, "RSN: pre-auth for foreign address "
+			   MACSTR, MAC2STR(ethhdr->h_dest));
+		return;
+	}
+
+	sta = ap_get_sta(hapd, ethhdr->h_source);
+	if (sta && (sta->flags & WLAN_STA_ASSOC)) {
+		wpa_printf(MSG_DEBUG, "RSN: pre-auth for already association "
+			   "STA " MACSTR, MAC2STR(sta->addr));
+		return;
+	}
+	if (!sta && hdr->type == IEEE802_1X_TYPE_EAPOL_START) {
+		sta = ap_sta_add(hapd, ethhdr->h_source);
+		if (sta == NULL)
+			return;
+		sta->flags = WLAN_STA_PREAUTH;
+
+		ieee802_1x_new_station(hapd, sta);
+		if (sta->eapol_sm == NULL) {
+			ap_free_sta(hapd, sta);
+			sta = NULL;
+		} else {
+			sta->eapol_sm->radius_identifier = -1;
+			sta->eapol_sm->portValid = TRUE;
+			sta->eapol_sm->flags |= EAPOL_SM_PREAUTH;
+		}
+	}
+	if (sta == NULL)
+		return;
+	sta->preauth_iface = piface;
+	ieee802_1x_receive(hapd, ethhdr->h_source, (u8 *) (ethhdr + 1),
+			   len - sizeof(*ethhdr));
+}
+
+
+static int rsn_preauth_iface_add(struct hostapd_data *hapd, const char *ifname)
+{
+	struct rsn_preauth_interface *piface;
+
+	wpa_printf(MSG_DEBUG, "RSN pre-auth interface '%s'", ifname);
+
+	piface = os_zalloc(sizeof(*piface));
+	if (piface == NULL)
+		return -1;
+	piface->hapd = hapd;
+
+	piface->ifname = os_strdup(ifname);
+	if (piface->ifname == NULL) {
+		goto fail1;
+	}
+
+	piface->l2 = l2_packet_init(piface->ifname, NULL, ETH_P_PREAUTH,
+				    rsn_preauth_receive, piface, 1);
+	if (piface->l2 == NULL) {
+		wpa_printf(MSG_ERROR, "Failed to open register layer 2 access "
+			   "to ETH_P_PREAUTH");
+		goto fail2;
+	}
+
+	piface->next = hapd->preauth_iface;
+	hapd->preauth_iface = piface;
+	return 0;
+
+fail2:
+	os_free(piface->ifname);
+fail1:
+	os_free(piface);
+	return -1;
+}
+
+
+void rsn_preauth_iface_deinit(struct hostapd_data *hapd)
+{
+	struct rsn_preauth_interface *piface, *prev;
+
+	piface = hapd->preauth_iface;
+	hapd->preauth_iface = NULL;
+	while (piface) {
+		prev = piface;
+		piface = piface->next;
+		l2_packet_deinit(prev->l2);
+		os_free(prev->ifname);
+		os_free(prev);
+	}
+}
+
+
+int rsn_preauth_iface_init(struct hostapd_data *hapd)
+{
+	char *tmp, *start, *end;
+
+	if (hapd->conf->rsn_preauth_interfaces == NULL)
+		return 0;
+
+	tmp = os_strdup(hapd->conf->rsn_preauth_interfaces);
+	if (tmp == NULL)
+		return -1;
+	start = tmp;
+	for (;;) {
+		while (*start == ' ')
+			start++;
+		if (*start == '\0')
+			break;
+		end = os_strchr(start, ' ');
+		if (end)
+			*end = '\0';
+
+		if (rsn_preauth_iface_add(hapd, start)) {
+			rsn_preauth_iface_deinit(hapd);
+			return -1;
+		}
+
+		if (end)
+			start = end + 1;
+		else
+			break;
+	}
+	os_free(tmp);
+	return 0;
+}
+
+
+static void rsn_preauth_finished_cb(void *eloop_ctx, void *timeout_ctx)
+{
+	struct hostapd_data *hapd = eloop_ctx;
+	struct sta_info *sta = timeout_ctx;
+	wpa_printf(MSG_DEBUG, "RSN: Removing pre-authentication STA entry for "
+		   MACSTR, MAC2STR(sta->addr));
+	ap_free_sta(hapd, sta);
+}
+
+
+void rsn_preauth_finished(struct hostapd_data *hapd, struct sta_info *sta,
+			  int success)
+{
+	const u8 *key;
+	size_t len;
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
+		       HOSTAPD_LEVEL_INFO, "pre-authentication %s",
+		       success ? "succeeded" : "failed");
+
+	key = ieee802_1x_get_key(sta->eapol_sm, &len);
+	if (len > PMK_LEN)
+		len = PMK_LEN;
+	if (success && key) {
+		if (wpa_auth_pmksa_add_preauth(hapd->wpa_auth, key, len,
+					       sta->addr,
+					       dot11RSNAConfigPMKLifetime,
+					       sta->eapol_sm) == 0) {
+			hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
+				       HOSTAPD_LEVEL_DEBUG,
+				       "added PMKSA cache entry (pre-auth)");
+		} else {
+			hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
+				       HOSTAPD_LEVEL_DEBUG,
+				       "failed to add PMKSA cache entry "
+				       "(pre-auth)");
+		}
+	}
+
+	/*
+	 * Finish STA entry removal from timeout in order to avoid freeing
+	 * STA data before the caller has finished processing.
+	 */
+	eloop_register_timeout(0, 0, rsn_preauth_finished_cb, hapd, sta);
+}
+
+
+void rsn_preauth_send(struct hostapd_data *hapd, struct sta_info *sta,
+		      u8 *buf, size_t len)
+{
+	struct rsn_preauth_interface *piface;
+	struct l2_ethhdr *ethhdr;
+
+	piface = hapd->preauth_iface;
+	while (piface) {
+		if (piface == sta->preauth_iface)
+			break;
+		piface = piface->next;
+	}
+
+	if (piface == NULL) {
+		wpa_printf(MSG_DEBUG, "RSN: Could not find pre-authentication "
+			   "interface for " MACSTR, MAC2STR(sta->addr));
+		return;
+	}
+
+	ethhdr = os_malloc(sizeof(*ethhdr) + len);
+	if (ethhdr == NULL)
+		return;
+
+	os_memcpy(ethhdr->h_dest, sta->addr, ETH_ALEN);
+	os_memcpy(ethhdr->h_source, hapd->own_addr, ETH_ALEN);
+	ethhdr->h_proto = htons(ETH_P_PREAUTH);
+	os_memcpy(ethhdr + 1, buf, len);
+
+	if (l2_packet_send(piface->l2, sta->addr, ETH_P_PREAUTH, (u8 *) ethhdr,
+			   sizeof(*ethhdr) + len) < 0) {
+		wpa_printf(MSG_ERROR, "Failed to send preauth packet using "
+			   "l2_packet_send\n");
+	}
+	os_free(ethhdr);
+}
+
+
+void rsn_preauth_free_station(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	eloop_cancel_timeout(rsn_preauth_finished_cb, hapd, sta);
+}
+
+#endif /* CONFIG_RSN_PREAUTH */

hostapd/preauth.h

@@ -0,0 +1,58 @@
+/*
+ * hostapd - Authenticator for IEEE 802.11i RSN pre-authentication
+ * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef PREAUTH_H
+#define PREAUTH_H
+
+#ifdef CONFIG_RSN_PREAUTH
+
+int rsn_preauth_iface_init(struct hostapd_data *hapd);
+void rsn_preauth_iface_deinit(struct hostapd_data *hapd);
+void rsn_preauth_finished(struct hostapd_data *hapd, struct sta_info *sta,
+			  int success);
+void rsn_preauth_send(struct hostapd_data *hapd, struct sta_info *sta,
+		      u8 *buf, size_t len);
+void rsn_preauth_free_station(struct hostapd_data *hapd, struct sta_info *sta);
+
+#else /* CONFIG_RSN_PREAUTH */
+
+static inline int rsn_preauth_iface_init(struct hostapd_data *hapd)
+{
+	return 0;
+}
+
+static inline void rsn_preauth_iface_deinit(struct hostapd_data *hapd)
+{
+}
+
+static inline void rsn_preauth_finished(struct hostapd_data *hapd,
+					struct sta_info *sta,
+					int success)
+{
+}
+
+static inline void rsn_preauth_send(struct hostapd_data *hapd,
+				    struct sta_info *sta,
+				    u8 *buf, size_t len)
+{
+}
+
+static inline void rsn_preauth_free_station(struct hostapd_data *hapd,
+					    struct sta_info *sta)
+{
+}
+
+#endif /* CONFIG_RSN_PREAUTH */
+
+#endif /* PREAUTH_H */

hostapd/prism54.h

@@ -0,0 +1,177 @@
+#ifndef PRISM54_H
+#define PRISM54_H
+
+struct ieee802_3_hdr_s {
+	unsigned char da[6];
+	unsigned char sa[6];
+	unsigned short type;
+} __attribute__ ((packed));
+
+typedef struct ieee802_3_hdr_s ieee802_3_hdr;
+
+#define PIMOP_GET	0
+#define PIMOP_SET	1
+#define PIMOP_RESPONSE	2
+#define PIMOP_ERROR	3
+#define PIMOP_TRAP	4
+
+struct pimdev_hdr_s {
+	int op;
+	unsigned long oid;
+} __attribute__ ((packed));
+
+typedef struct pimdev_hdr_s pimdev_hdr;
+
+#define DOT11_OID_ATTACHMENT	0x19000003
+
+/* really need to check */
+#define DOT11_PKT_BEACON	0x80
+#define DOT11_PKT_ASSOC_RESP	0x10
+#define DOT11_PKT_REASSOC_RESP	0x30
+#define DOT11_PKT_PROBE_RESP	0x50
+
+struct obj_attachment_hdr {
+	char type;
+	char reserved;
+	short id;
+	short size;
+} __attribute__ ((packed));
+
+struct obj_attachment {
+	char type;
+	char reserved;
+	short id;
+	short size;
+	char data[1];
+} __attribute__ ((packed));
+
+#define DOT11_OID_MLMEAUTOLEVEL		0x19000001
+#define DOT11_MLME_AUTO			0
+#define DOT11_MLME_INTERMEDIATE		0x01000000
+#define DOT11_MLME_EXTENDED		0x02000000
+
+#define DOT11_OID_DEAUTHENTICATE	0x18000000
+#define DOT11_OID_AUTHENTICATE		0x18000001
+#define DOT11_OID_DISASSOCIATE		0x18000002
+#define DOT11_OID_ASSOCIATE		0x18000003
+#define DOT11_OID_BEACON		0x18000005
+#define DOT11_OID_PROBE			0x18000006
+#define DOT11_OID_REASSOCIATE		0x1800000b
+
+struct obj_mlme {
+	char address[6];
+	short id;
+	short state;
+	short code;
+} __attribute__ ((packed));
+
+#define DOT11_OID_DEAUTHENTICATEEX	0x18000007
+#define DOT11_OID_AUTHENTICATEEX	0x18000008
+#define DOT11_OID_DISASSOCIATEEX	0x18000009
+#define DOT11_OID_ASSOCIATEEX		0x1800000a
+#define DOT11_OID_REASSOCIATEEX		0x1800000c
+
+struct obj_mlmeex {
+	char address[6];
+	short id;
+	short state;
+	short code;
+	short size;
+	char data[1];
+} __attribute__ ((packed));
+
+#define DOT11_OID_STAKEY        0x12000008
+
+#define DOT11_PRIV_WEP  0
+#define DOT11_PRIV_TKIP 1
+
+/* endian reversed to bigger endian */
+#define DOT11_STAKEY_OPTION_DEFAULTKEY	0x100
+
+struct obj_stakey {
+	char address[6];
+	char keyid;
+	char reserved;
+	short options;
+	char type;
+	char length;
+	char key[32];
+} __attribute__ ((packed));
+
+#define DOT11_OID_DEFKEYID	0x12000003
+#define DOT11_OID_DEFKEY1	0x12000004
+#define DOT11_OID_DEFKEY2	0x12000005
+#define DOT11_OID_DEFKEY3       0x12000006
+#define DOT11_OID_DEFKEY4       0x12000007
+
+struct obj_key {
+	char type;
+	char length;
+	char key[32];
+} __attribute__ ((packed));
+
+#define DOT11_OID_STASC		0x1200000a
+
+struct obj_stasc {
+	char address[6];
+	char keyid;
+	char tx_sc;
+	unsigned long sc_high;
+	unsigned short sc_low;
+} __attribute__ ((packed));
+
+#define DOT11_OID_CLIENTS	0x15000001
+#define DOT11_OID_CLIENTSASSOCIATED	0x15000002
+#define DOT11_OID_CLIENTST	0x15000003
+#define DOT11_OID_CLIENTEND	0x150007d9
+#define DOT11_OID_CLIENTFIND	0x150007db
+
+#define DOT11_NODE_UNKNOWN
+#define DOT11_NODE_CLIENT
+#define DOT11_NODE_AP
+
+/* endian reversed to bigger endian */
+#define DOT11_STATE_NONE	0
+#define DOT11_STATE_AUTHING	0x100
+#define DOT11_STATE_AUTH	0x200
+#define DOT11_STATE_ASSOCING	0x300
+#define DOT11_STATE_REASSOCING	0x400
+#define DOT11_STATE_ASSOC	0x500
+#define DOT11_STATE_WDS		0x600
+
+struct obj_sta {
+	char address[6];
+	char pad[2];
+	char state;
+	char node;
+	short age;
+	char reserved1;
+	char rssi;
+	char rate;
+	char reserved2;
+} __attribute__ ((packed));
+
+#define DOT11_OID_SSID		0x10000002
+#define DOT11_OID_SSIDOVERRIDE	0x10000006
+
+struct obj_ssid {
+	char length;
+	char octets[33];
+} __attribute__ ((packed));
+
+#define DOT11_OID_EAPAUTHSTA		0x150007de
+#define DOT11_OID_EAPUNAUTHSTA		0x150007df
+/* not in 38801 datasheet??? */
+#define DOT11_OID_DOT1XENABLE		0x150007e0
+#define DOT11_OID_MICFAILURE		0x150007e1
+#define DOT11_OID_AUTHENABLE		0x12000000
+#define DOT11_OID_PRIVACYINVOKED	0x12000001
+#define DOT11_OID_EXUNENCRYPTED		0x12000002
+
+#define DOT11_AUTH_OS			0x01000000
+#define DOT11_AUTH_SK			0x02000000
+#define DOT11_AUTH_BOTH			0x03000000
+
+#define DOT11_BOOL_TRUE			0x01000000
+
+#endif /* PRISM54_H */

hostapd/priv_netlink.h

@@ -0,0 +1,71 @@
+#ifndef PRIV_NETLINK_H
+#define PRIV_NETLINK_H
+
+/* Private copy of needed Linux netlink/rtnetlink definitions.
+ *
+ * This should be replaced with user space header once one is available with C
+ * library, etc..
+ */
+
+#ifndef IFLA_IFNAME
+#define IFLA_IFNAME 3
+#endif
+#ifndef IFLA_WIRELESS
+#define IFLA_WIRELESS 11
+#endif
+
+#define NETLINK_ROUTE 0
+#define RTMGRP_LINK 1
+#define RTM_BASE 0x10
+#define RTM_NEWLINK (RTM_BASE + 0)
+#define RTM_DELLINK (RTM_BASE + 1)
+
+#define NLMSG_ALIGNTO 4
+#define NLMSG_ALIGN(len) (((len) + NLMSG_ALIGNTO - 1) & ~(NLMSG_ALIGNTO - 1))
+#define NLMSG_LENGTH(len) ((len) + NLMSG_ALIGN(sizeof(struct nlmsghdr)))
+#define NLMSG_DATA(nlh) ((void*) (((char*) nlh) + NLMSG_LENGTH(0)))
+
+#define RTA_ALIGNTO 4
+#define RTA_ALIGN(len) (((len) + RTA_ALIGNTO - 1) & ~(RTA_ALIGNTO - 1))
+#define RTA_OK(rta,len) \
+((len) > 0 && (rta)->rta_len >= sizeof(struct rtattr) && \
+(rta)->rta_len <= (len))
+#define RTA_NEXT(rta,attrlen) \
+((attrlen) -= RTA_ALIGN((rta)->rta_len), \
+(struct rtattr *) (((char *)(rta)) + RTA_ALIGN((rta)->rta_len)))
+
+
+struct sockaddr_nl
+{
+	sa_family_t nl_family;
+	unsigned short nl_pad;
+	u32 nl_pid;
+	u32 nl_groups;
+};
+
+struct nlmsghdr
+{
+	u32 nlmsg_len;
+	u16 nlmsg_type;
+	u16 nlmsg_flags;
+	u32 nlmsg_seq;
+	u32 nlmsg_pid;
+};
+
+struct ifinfomsg
+{
+	unsigned char ifi_family;
+	unsigned char __ifi_pad;
+	unsigned short ifi_type;
+	int ifi_index;
+	unsigned ifi_flags;
+	unsigned ifi_change;
+};
+
+struct rtattr
+{
+	unsigned short rta_len;
+	unsigned short rta_type;
+};
+
+#endif /* PRIV_NETLINK_H */

hostapd/radiotap.c

@@ -0,0 +1,287 @@
+/*
+ * Radiotap parser
+ *
+ * Copyright 2007		Andy Green <andy@warmcat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ *
+ *
+ * Modified for userspace by Johannes Berg <johannes@sipsolutions.net>
+ * I only modified some things on top to ease syncing should bugs be found.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "radiotap_iter.h"
+
+#define le16_to_cpu		le_to_host16
+#define le32_to_cpu		le_to_host32
+#define __le32			uint32_t
+#define ulong			unsigned long
+#define unlikely(cond)		(cond)
+#define get_unaligned(p)					\
+({								\
+	struct packed_dummy_struct {				\
+		typeof(*(p)) __val;				\
+	} __attribute__((packed)) *__ptr = (void *) (p);	\
+								\
+	__ptr->__val;						\
+})
+
+/* function prototypes and related defs are in radiotap_iter.h */
+
+/**
+ * ieee80211_radiotap_iterator_init - radiotap parser iterator initialization
+ * @iterator: radiotap_iterator to initialize
+ * @radiotap_header: radiotap header to parse
+ * @max_length: total length we can parse into (eg, whole packet length)
+ *
+ * Returns: 0 or a negative error code if there is a problem.
+ *
+ * This function initializes an opaque iterator struct which can then
+ * be passed to ieee80211_radiotap_iterator_next() to visit every radiotap
+ * argument which is present in the header.  It knows about extended
+ * present headers and handles them.
+ *
+ * How to use:
+ * call __ieee80211_radiotap_iterator_init() to init a semi-opaque iterator
+ * struct ieee80211_radiotap_iterator (no need to init the struct beforehand)
+ * checking for a good 0 return code.  Then loop calling
+ * __ieee80211_radiotap_iterator_next()... it returns either 0,
+ * -ENOENT if there are no more args to parse, or -EINVAL if there is a problem.
+ * The iterator's @this_arg member points to the start of the argument
+ * associated with the current argument index that is present, which can be
+ * found in the iterator's @this_arg_index member.  This arg index corresponds
+ * to the IEEE80211_RADIOTAP_... defines.
+ *
+ * Radiotap header length:
+ * You can find the CPU-endian total radiotap header length in
+ * iterator->max_length after executing ieee80211_radiotap_iterator_init()
+ * successfully.
+ *
+ * Alignment Gotcha:
+ * You must take care when dereferencing iterator.this_arg
+ * for multibyte types... the pointer is not aligned.  Use
+ * get_unaligned((type *)iterator.this_arg) to dereference
+ * iterator.this_arg for type "type" safely on all arches.
+ *
+ * Example code:
+ * See Documentation/networking/radiotap-headers.txt
+ */
+
+int ieee80211_radiotap_iterator_init(
+    struct ieee80211_radiotap_iterator *iterator,
+    struct ieee80211_radiotap_header *radiotap_header,
+    int max_length)
+{
+	/* Linux only supports version 0 radiotap format */
+	if (radiotap_header->it_version)
+		return -EINVAL;
+
+	/* sanity check for allowed length and radiotap length field */
+	if (max_length < le16_to_cpu(get_unaligned(&radiotap_header->it_len)))
+		return -EINVAL;
+
+	iterator->rtheader = radiotap_header;
+	iterator->max_length = le16_to_cpu(get_unaligned(
+						&radiotap_header->it_len));
+	iterator->arg_index = 0;
+	iterator->bitmap_shifter = le32_to_cpu(get_unaligned(
+						&radiotap_header->it_present));
+	iterator->arg = (u8 *)radiotap_header + sizeof(*radiotap_header);
+	iterator->this_arg = NULL;
+
+	/* find payload start allowing for extended bitmap(s) */
+
+	if (unlikely(iterator->bitmap_shifter & (1<<IEEE80211_RADIOTAP_EXT))) {
+		while (le32_to_cpu(get_unaligned((__le32 *)iterator->arg)) &
+				   (1<<IEEE80211_RADIOTAP_EXT)) {
+			iterator->arg += sizeof(u32);
+
+			/*
+			 * check for insanity where the present bitmaps
+			 * keep claiming to extend up to or even beyond the
+			 * stated radiotap header length
+			 */
+
+			if (((ulong)iterator->arg - (ulong)iterator->rtheader)
+			    > (ulong)iterator->max_length)
+				return -EINVAL;
+		}
+
+		iterator->arg += sizeof(u32);
+
+		/*
+		 * no need to check again for blowing past stated radiotap
+		 * header length, because ieee80211_radiotap_iterator_next
+		 * checks it before it is dereferenced
+		 */
+	}
+
+	/* we are all initialized happily */
+
+	return 0;
+}
+
+
+/**
+ * ieee80211_radiotap_iterator_next - return next radiotap parser iterator arg
+ * @iterator: radiotap_iterator to move to next arg (if any)
+ *
+ * Returns: 0 if there is an argument to handle,
+ * -ENOENT if there are no more args or -EINVAL
+ * if there is something else wrong.
+ *
+ * This function provides the next radiotap arg index (IEEE80211_RADIOTAP_*)
+ * in @this_arg_index and sets @this_arg to point to the
+ * payload for the field.  It takes care of alignment handling and extended
+ * present fields.  @this_arg can be changed by the caller (eg,
+ * incremented to move inside a compound argument like
+ * IEEE80211_RADIOTAP_CHANNEL).  The args pointed to are in
+ * little-endian format whatever the endianess of your CPU.
+ *
+ * Alignment Gotcha:
+ * You must take care when dereferencing iterator.this_arg
+ * for multibyte types... the pointer is not aligned.  Use
+ * get_unaligned((type *)iterator.this_arg) to dereference
+ * iterator.this_arg for type "type" safely on all arches.
+ */
+
+int ieee80211_radiotap_iterator_next(
+    struct ieee80211_radiotap_iterator *iterator)
+{
+
+	/*
+	 * small length lookup table for all radiotap types we heard of
+	 * starting from b0 in the bitmap, so we can walk the payload
+	 * area of the radiotap header
+	 *
+	 * There is a requirement to pad args, so that args
+	 * of a given length must begin at a boundary of that length
+	 * -- but note that compound args are allowed (eg, 2 x u16
+	 * for IEEE80211_RADIOTAP_CHANNEL) so total arg length is not
+	 * a reliable indicator of alignment requirement.
+	 *
+	 * upper nybble: content alignment for arg
+	 * lower nybble: content length for arg
+	 */
+
+	static const u8 rt_sizes[] = {
+		[IEEE80211_RADIOTAP_TSFT] = 0x88,
+		[IEEE80211_RADIOTAP_FLAGS] = 0x11,
+		[IEEE80211_RADIOTAP_RATE] = 0x11,
+		[IEEE80211_RADIOTAP_CHANNEL] = 0x24,
+		[IEEE80211_RADIOTAP_FHSS] = 0x22,
+		[IEEE80211_RADIOTAP_DBM_ANTSIGNAL] = 0x11,
+		[IEEE80211_RADIOTAP_DBM_ANTNOISE] = 0x11,
+		[IEEE80211_RADIOTAP_LOCK_QUALITY] = 0x22,
+		[IEEE80211_RADIOTAP_TX_ATTENUATION] = 0x22,
+		[IEEE80211_RADIOTAP_DB_TX_ATTENUATION] = 0x22,
+		[IEEE80211_RADIOTAP_DBM_TX_POWER] = 0x11,
+		[IEEE80211_RADIOTAP_ANTENNA] = 0x11,
+		[IEEE80211_RADIOTAP_DB_ANTSIGNAL] = 0x11,
+		[IEEE80211_RADIOTAP_DB_ANTNOISE] = 0x11,
+		[IEEE80211_RADIOTAP_RX_FLAGS] = 0x22,
+		[IEEE80211_RADIOTAP_TX_FLAGS] = 0x22,
+		[IEEE80211_RADIOTAP_RTS_RETRIES] = 0x11,
+		[IEEE80211_RADIOTAP_DATA_RETRIES] = 0x11,
+		/*
+		 * add more here as they are defined in
+		 * include/net/ieee80211_radiotap.h
+		 */
+	};
+
+	/*
+	 * for every radiotap entry we can at
+	 * least skip (by knowing the length)...
+	 */
+
+	while (iterator->arg_index < (int) sizeof(rt_sizes)) {
+		int hit = 0;
+		int pad;
+
+		if (!(iterator->bitmap_shifter & 1))
+			goto next_entry; /* arg not present */
+
+		/*
+		 * arg is present, account for alignment padding
+		 *  8-bit args can be at any alignment
+		 * 16-bit args must start on 16-bit boundary
+		 * 32-bit args must start on 32-bit boundary
+		 * 64-bit args must start on 64-bit boundary
+		 *
+		 * note that total arg size can differ from alignment of
+		 * elements inside arg, so we use upper nybble of length
+		 * table to base alignment on
+		 *
+		 * also note: these alignments are ** relative to the
+		 * start of the radiotap header **.  There is no guarantee
+		 * that the radiotap header itself is aligned on any
+		 * kind of boundary.
+		 *
+		 * the above is why get_unaligned() is used to dereference
+		 * multibyte elements from the radiotap area
+		 */
+
+		pad = (((ulong)iterator->arg) -
+			((ulong)iterator->rtheader)) &
+			((rt_sizes[iterator->arg_index] >> 4) - 1);
+
+		if (pad)
+			iterator->arg +=
+				(rt_sizes[iterator->arg_index] >> 4) - pad;
+
+		/*
+		 * this is what we will return to user, but we need to
+		 * move on first so next call has something fresh to test
+		 */
+		iterator->this_arg_index = iterator->arg_index;
+		iterator->this_arg = iterator->arg;
+		hit = 1;
+
+		/* internally move on the size of this arg */
+		iterator->arg += rt_sizes[iterator->arg_index] & 0x0f;
+
+		/*
+		 * check for insanity where we are given a bitmap that
+		 * claims to have more arg content than the length of the
+		 * radiotap section.  We will normally end up equalling this
+		 * max_length on the last arg, never exceeding it.
+		 */
+
+		if (((ulong)iterator->arg - (ulong)iterator->rtheader) >
+		    (ulong) iterator->max_length)
+			return -EINVAL;
+
+	next_entry:
+		iterator->arg_index++;
+		if (unlikely((iterator->arg_index & 31) == 0)) {
+			/* completed current u32 bitmap */
+			if (iterator->bitmap_shifter & 1) {
+				/* b31 was set, there is more */
+				/* move to next u32 bitmap */
+				iterator->bitmap_shifter = le32_to_cpu(
+					get_unaligned(iterator->next_bitmap));
+				iterator->next_bitmap++;
+			} else
+				/* no more bitmaps: end */
+				iterator->arg_index = sizeof(rt_sizes);
+		} else /* just try the next bit */
+			iterator->bitmap_shifter >>= 1;
+
+		/* if we found a valid arg earlier, return it now */
+		if (hit)
+			return 0;
+	}
+
+	/* we don't know how to handle any more args, we're done */
+	return -ENOENT;
+}

hostapd/radiotap.h

@@ -0,0 +1,242 @@
+/* $FreeBSD: src/sys/net80211/ieee80211_radiotap.h,v 1.5 2005/01/22 20:12:05 sam Exp $ */
+/* $NetBSD: ieee80211_radiotap.h,v 1.11 2005/06/22 06:16:02 dyoung Exp $ */
+
+/*-
+ * Copyright (c) 2003, 2004 David Young.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of David Young may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY DAVID YOUNG ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL DAVID
+ * YOUNG BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+/*
+ * Modifications to fit into the linux IEEE 802.11 stack,
+ * Mike Kershaw (dragorn@kismetwireless.net)
+ */
+
+#ifndef IEEE80211RADIOTAP_H
+#define IEEE80211RADIOTAP_H
+
+#include <stdint.h>
+
+/* Base version of the radiotap packet header data */
+#define PKTHDR_RADIOTAP_VERSION		0
+
+/* A generic radio capture format is desirable. There is one for
+ * Linux, but it is neither rigidly defined (there were not even
+ * units given for some fields) nor easily extensible.
+ *
+ * I suggest the following extensible radio capture format. It is
+ * based on a bitmap indicating which fields are present.
+ *
+ * I am trying to describe precisely what the application programmer
+ * should expect in the following, and for that reason I tell the
+ * units and origin of each measurement (where it applies), or else I
+ * use sufficiently weaselly language ("is a monotonically nondecreasing
+ * function of...") that I cannot set false expectations for lawyerly
+ * readers.
+ */
+
+/* The radio capture header precedes the 802.11 header.
+ * All data in the header is little endian on all platforms.
+ */
+struct ieee80211_radiotap_header {
+	uint8_t it_version;	/* Version 0. Only increases
+				 * for drastic changes,
+				 * introduction of compatible
+				 * new fields does not count.
+				 */
+	uint8_t it_pad;
+	uint16_t it_len;	/* length of the whole
+				 * header in bytes, including
+				 * it_version, it_pad,
+				 * it_len, and data fields.
+				 */
+	uint32_t it_present;	/* A bitmap telling which
+				 * fields are present. Set bit 31
+				 * (0x80000000) to extend the
+				 * bitmap by another 32 bits.
+				 * Additional extensions are made
+				 * by setting bit 31.
+				 */
+};
+
+/* Name                                 Data type    Units
+ * ----                                 ---------    -----
+ *
+ * IEEE80211_RADIOTAP_TSFT              __le64       microseconds
+ *
+ *      Value in microseconds of the MAC's 64-bit 802.11 Time
+ *      Synchronization Function timer when the first bit of the
+ *      MPDU arrived at the MAC. For received frames, only.
+ *
+ * IEEE80211_RADIOTAP_CHANNEL           2 x uint16_t   MHz, bitmap
+ *
+ *      Tx/Rx frequency in MHz, followed by flags (see below).
+ *
+ * IEEE80211_RADIOTAP_FHSS              uint16_t       see below
+ *
+ *      For frequency-hopping radios, the hop set (first byte)
+ *      and pattern (second byte).
+ *
+ * IEEE80211_RADIOTAP_RATE              u8           500kb/s
+ *
+ *      Tx/Rx data rate
+ *
+ * IEEE80211_RADIOTAP_DBM_ANTSIGNAL     s8           decibels from
+ *                                                   one milliwatt (dBm)
+ *
+ *      RF signal power at the antenna, decibel difference from
+ *      one milliwatt.
+ *
+ * IEEE80211_RADIOTAP_DBM_ANTNOISE      s8           decibels from
+ *                                                   one milliwatt (dBm)
+ *
+ *      RF noise power at the antenna, decibel difference from one
+ *      milliwatt.
+ *
+ * IEEE80211_RADIOTAP_DB_ANTSIGNAL      u8           decibel (dB)
+ *
+ *      RF signal power at the antenna, decibel difference from an
+ *      arbitrary, fixed reference.
+ *
+ * IEEE80211_RADIOTAP_DB_ANTNOISE       u8           decibel (dB)
+ *
+ *      RF noise power at the antenna, decibel difference from an
+ *      arbitrary, fixed reference point.
+ *
+ * IEEE80211_RADIOTAP_LOCK_QUALITY      uint16_t       unitless
+ *
+ *      Quality of Barker code lock. Unitless. Monotonically
+ *      nondecreasing with "better" lock strength. Called "Signal
+ *      Quality" in datasheets.  (Is there a standard way to measure
+ *      this?)
+ *
+ * IEEE80211_RADIOTAP_TX_ATTENUATION    uint16_t       unitless
+ *
+ *      Transmit power expressed as unitless distance from max
+ *      power set at factory calibration.  0 is max power.
+ *      Monotonically nondecreasing with lower power levels.
+ *
+ * IEEE80211_RADIOTAP_DB_TX_ATTENUATION uint16_t       decibels (dB)
+ *
+ *      Transmit power expressed as decibel distance from max power
+ *      set at factory calibration.  0 is max power.  Monotonically
+ *      nondecreasing with lower power levels.
+ *
+ * IEEE80211_RADIOTAP_DBM_TX_POWER      s8           decibels from
+ *                                                   one milliwatt (dBm)
+ *
+ *      Transmit power expressed as dBm (decibels from a 1 milliwatt
+ *      reference). This is the absolute power level measured at
+ *      the antenna port.
+ *
+ * IEEE80211_RADIOTAP_FLAGS             u8           bitmap
+ *
+ *      Properties of transmitted and received frames. See flags
+ *      defined below.
+ *
+ * IEEE80211_RADIOTAP_ANTENNA           u8           antenna index
+ *
+ *      Unitless indication of the Rx/Tx antenna for this packet.
+ *      The first antenna is antenna 0.
+ *
+ * IEEE80211_RADIOTAP_RX_FLAGS          uint16_t       bitmap
+ *
+ *     Properties of received frames. See flags defined below.
+ *
+ * IEEE80211_RADIOTAP_TX_FLAGS          uint16_t       bitmap
+ *
+ *     Properties of transmitted frames. See flags defined below.
+ *
+ * IEEE80211_RADIOTAP_RTS_RETRIES       u8           data
+ *
+ *     Number of rts retries a transmitted frame used.
+ *
+ * IEEE80211_RADIOTAP_DATA_RETRIES      u8           data
+ *
+ *     Number of unicast retries a transmitted frame used.
+ *
+ */
+enum ieee80211_radiotap_type {
+	IEEE80211_RADIOTAP_TSFT = 0,
+	IEEE80211_RADIOTAP_FLAGS = 1,
+	IEEE80211_RADIOTAP_RATE = 2,
+	IEEE80211_RADIOTAP_CHANNEL = 3,
+	IEEE80211_RADIOTAP_FHSS = 4,
+	IEEE80211_RADIOTAP_DBM_ANTSIGNAL = 5,
+	IEEE80211_RADIOTAP_DBM_ANTNOISE = 6,
+	IEEE80211_RADIOTAP_LOCK_QUALITY = 7,
+	IEEE80211_RADIOTAP_TX_ATTENUATION = 8,
+	IEEE80211_RADIOTAP_DB_TX_ATTENUATION = 9,
+	IEEE80211_RADIOTAP_DBM_TX_POWER = 10,
+	IEEE80211_RADIOTAP_ANTENNA = 11,
+	IEEE80211_RADIOTAP_DB_ANTSIGNAL = 12,
+	IEEE80211_RADIOTAP_DB_ANTNOISE = 13,
+	IEEE80211_RADIOTAP_RX_FLAGS = 14,
+	IEEE80211_RADIOTAP_TX_FLAGS = 15,
+	IEEE80211_RADIOTAP_RTS_RETRIES = 16,
+	IEEE80211_RADIOTAP_DATA_RETRIES = 17,
+	IEEE80211_RADIOTAP_EXT = 31
+};
+
+/* Channel flags. */
+#define	IEEE80211_CHAN_TURBO	0x0010	/* Turbo channel */
+#define	IEEE80211_CHAN_CCK	0x0020	/* CCK channel */
+#define	IEEE80211_CHAN_OFDM	0x0040	/* OFDM channel */
+#define	IEEE80211_CHAN_2GHZ	0x0080	/* 2 GHz spectrum channel. */
+#define	IEEE80211_CHAN_5GHZ	0x0100	/* 5 GHz spectrum channel */
+#define	IEEE80211_CHAN_PASSIVE	0x0200	/* Only passive scan allowed */
+#define	IEEE80211_CHAN_DYN	0x0400	/* Dynamic CCK-OFDM channel */
+#define	IEEE80211_CHAN_GFSK	0x0800	/* GFSK channel (FHSS PHY) */
+
+/* For IEEE80211_RADIOTAP_FLAGS */
+#define	IEEE80211_RADIOTAP_F_CFP	0x01	/* sent/received
+						 * during CFP
+						 */
+#define	IEEE80211_RADIOTAP_F_SHORTPRE	0x02	/* sent/received
+						 * with short
+						 * preamble
+						 */
+#define	IEEE80211_RADIOTAP_F_WEP	0x04	/* sent/received
+						 * with WEP encryption
+						 */
+#define	IEEE80211_RADIOTAP_F_FRAG	0x08	/* sent/received
+						 * with fragmentation
+						 */
+#define	IEEE80211_RADIOTAP_F_FCS	0x10	/* frame includes FCS */
+#define	IEEE80211_RADIOTAP_F_DATAPAD	0x20	/* frame has padding between
+						 * 802.11 header and payload
+						 * (to 32-bit boundary)
+						 */
+/* For IEEE80211_RADIOTAP_RX_FLAGS */
+#define IEEE80211_RADIOTAP_F_RX_BADFCS	0x0001	/* frame failed crc check */
+
+/* For IEEE80211_RADIOTAP_TX_FLAGS */
+#define IEEE80211_RADIOTAP_F_TX_FAIL	0x0001	/* failed due to excessive
+						 * retries */
+#define IEEE80211_RADIOTAP_F_TX_CTS	0x0002	/* used cts 'protection' */
+#define IEEE80211_RADIOTAP_F_TX_RTS	0x0004	/* used rts/cts handshake */
+
+#endif				/* IEEE80211_RADIOTAP_H */

hostapd/radiotap_iter.h

@@ -0,0 +1,41 @@
+#ifndef __RADIOTAP_ITER_H
+#define __RADIOTAP_ITER_H
+
+#include "radiotap.h"
+
+/* Radiotap header iteration
+ *   implemented in radiotap.c
+ */
+/**
+ * struct ieee80211_radiotap_iterator - tracks walk thru present radiotap args
+ * @rtheader: pointer to the radiotap header we are walking through
+ * @max_length: length of radiotap header in cpu byte ordering
+ * @this_arg_index: IEEE80211_RADIOTAP_... index of current arg
+ * @this_arg: pointer to current radiotap arg
+ * @arg_index: internal next argument index
+ * @arg: internal next argument pointer
+ * @next_bitmap: internal pointer to next present u32
+ * @bitmap_shifter: internal shifter for curr u32 bitmap, b0 set == arg present
+ */
+
+struct ieee80211_radiotap_iterator {
+	struct ieee80211_radiotap_header *rtheader;
+	int max_length;
+	int this_arg_index;
+	unsigned char *this_arg;
+
+	int arg_index;
+	unsigned char *arg;
+	uint32_t *next_bitmap;
+	uint32_t bitmap_shifter;
+};
+
+extern int ieee80211_radiotap_iterator_init(
+   struct ieee80211_radiotap_iterator *iterator,
+   struct ieee80211_radiotap_header *radiotap_header,
+   int max_length);
+
+extern int ieee80211_radiotap_iterator_next(
+   struct ieee80211_radiotap_iterator *iterator);
+
+#endif /* __RADIOTAP_ITER_H */

hostapd/reconfig.c

@@ -0,0 +1,712 @@
+/*
+ * hostapd / Configuration reloading
+ * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2004, Instant802 Networks, Inc.
+ * Copyright (c) 2005-2006, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "hostapd.h"
+#include "beacon.h"
+#include "hw_features.h"
+#include "driver.h"
+#include "sta_info.h"
+#include "radius/radius_client.h"
+#include "ieee802_11.h"
+#include "iapp.h"
+#include "ap_list.h"
+#include "wpa.h"
+#include "vlan_init.h"
+#include "ieee802_11_auth.h"
+#include "ieee802_1x.h"
+#include "accounting.h"
+#include "eloop.h"
+
+
+/**
+ * struct hostapd_config_change - Configuration change information
+ * This is for two purposes:
+ * - Storing configuration information in the hostapd_iface during
+ *   the asynchronous parts of reconfiguration.
+ * - Passing configuration information for per-station reconfiguration.
+ */
+struct hostapd_config_change {
+	struct hostapd_data *hapd;
+	struct hostapd_config *newconf, *oldconf;
+	struct hostapd_bss_config *newbss, *oldbss;
+	int mac_acl_changed;
+	int num_sta_remove; /* number of STAs that need to be removed */
+	int beacon_changed;
+	struct hostapd_iface *hapd_iface;
+	struct hostapd_data **new_hapd, **old_hapd;
+	int num_old_hapd;
+};
+
+
+static int hostapd_config_reload_sta(struct hostapd_data *hapd,
+				     struct sta_info *sta, void *data)
+{
+	struct hostapd_config_change *change = data;
+	struct hostapd_bss_config *newbss, *oldbss;
+	int deauth = 0;
+	u8 reason = WLAN_REASON_PREV_AUTH_NOT_VALID;
+
+	newbss = change->newbss;
+	oldbss = change->oldbss;
+	hapd = change->hapd;
+
+	if (sta->ssid == &oldbss->ssid) {
+		sta->ssid = &newbss->ssid;
+
+		if (newbss->ssid.ssid_len != oldbss->ssid.ssid_len ||
+		    os_memcmp(newbss->ssid.ssid, oldbss->ssid.ssid,
+			      newbss->ssid.ssid_len) != 0) {
+			/* main SSID was changed - kick STA out */
+			deauth++;
+		}
+	}
+	sta->ssid_probe = sta->ssid;
+
+	/*
+	 * If MAC ACL configuration has changed, deauthenticate stations that
+	 * have been removed from accepted list or have been added to denied
+	 * list. If external RADIUS server is used for ACL, all stations are
+	 * deauthenticated and they will need to authenticate again. This
+	 * limits sudden load on the RADIUS server since the verification will
+	 * be done over the time needed for the STAs to reauthenticate
+	 * themselves.
+	 */
+	if (change->mac_acl_changed &&
+	    (newbss->macaddr_acl == USE_EXTERNAL_RADIUS_AUTH ||
+	     !hostapd_allowed_address(hapd, sta->addr, NULL, 0, NULL, NULL,
+				      NULL)))
+		deauth++;
+
+	if (newbss->ieee802_1x != oldbss->ieee802_1x &&
+	    sta->ssid == &hapd->conf->ssid)
+		deauth++;
+
+	if (newbss->wpa != oldbss->wpa)
+		deauth++;
+
+	if (!newbss->wme_enabled && (sta->flags & WLAN_STA_WME))
+		deauth++;
+
+	if (newbss->auth_algs != oldbss->auth_algs &&
+	    ((sta->auth_alg == WLAN_AUTH_OPEN &&
+	      !(newbss->auth_algs & WPA_AUTH_ALG_OPEN)) ||
+	     (sta->auth_alg == WLAN_AUTH_SHARED_KEY &&
+	      !(newbss->auth_algs & WPA_AUTH_ALG_SHARED))))
+		deauth++;
+
+	if (change->num_sta_remove > 0) {
+		deauth++;
+		reason = WLAN_REASON_DISASSOC_AP_BUSY;
+	}
+
+	if (deauth) {
+		wpa_printf(MSG_DEBUG, "STA " MACSTR " deauthenticated during "
+			   "config reloading (reason=%d)",
+			   MAC2STR(sta->addr), reason);
+		ieee802_11_send_deauth(hapd, sta->addr, reason);
+		ap_sta_deauthenticate(hapd, sta, reason);
+		change->num_sta_remove--;
+	}
+
+	return 0;
+}
+
+
+static void hostapd_reconfig_tx_queue_params(struct hostapd_data *hapd,
+					     struct hostapd_config *newconf,
+					     struct hostapd_config *oldconf)
+{
+	int i;
+	struct hostapd_tx_queue_params *o, *n;
+
+	for (i = 0; i < NUM_TX_QUEUES; i++) {
+		o = &oldconf->tx_queue[i];
+		n = &newconf->tx_queue[i];
+
+		if (!n->configured)
+			continue;
+
+		if ((n->aifs != o->aifs || n->cwmin != o->cwmin ||
+		     n->cwmax != o->cwmax || n->burst != o->burst) &&
+		    hostapd_set_tx_queue_params(hapd, i, n->aifs, n->cwmin,
+						n->cwmax, n->burst))
+			printf("Failed to set TX queue parameters for queue %d"
+			       ".\n", i);
+	}
+}
+
+
+static int hostapd_reconfig_wme(struct hostapd_data *hapd,
+				struct hostapd_config *newconf,
+				struct hostapd_config *oldconf)
+{
+	int beacon_changed = 0;
+	size_t i;
+	struct hostapd_wme_ac_params *o, *n;
+
+	for (i = 0; i < sizeof(newconf->wme_ac_params) /
+			sizeof(newconf->wme_ac_params[0]); i++) {
+		o = &oldconf->wme_ac_params[i];
+		n = &newconf->wme_ac_params[i];
+		if (n->cwmin != o->cwmin ||
+		    n->cwmax != o->cwmax ||
+		    n->aifs != o->aifs ||
+		    n->txopLimit != o->txopLimit ||
+		    n->admission_control_mandatory !=
+		    o->admission_control_mandatory) {
+			beacon_changed++;
+			hapd->parameter_set_count++;
+		}
+	}
+
+	return beacon_changed;
+}
+
+
+static int rate_array_diff(int *a1, int *a2)
+{
+	int i;
+
+	if (a1 == NULL && a2 == NULL)
+		return 0;
+	if (a1 == NULL || a2 == NULL)
+		return 1;
+
+	i = 0;
+	for (;;) {
+		if (a1[i] != a2[i])
+			return 1;
+		if (a1[i] == -1)
+			break;
+		i++;
+	}
+
+	return 0;
+}
+
+
+static int hostapd_acl_diff(struct hostapd_bss_config *a,
+			    struct hostapd_bss_config *b)
+{
+	int i;
+
+	if (a->macaddr_acl != b->macaddr_acl ||
+	    a->num_accept_mac != b->num_accept_mac ||
+	    a->num_deny_mac != b->num_deny_mac)
+		return 1;
+
+	for (i = 0; i < a->num_accept_mac; i++) {
+		if (os_memcmp(a->accept_mac[i], b->accept_mac[i], ETH_ALEN) !=
+		    0)
+			return 1;
+	}
+
+	for (i = 0; i < a->num_deny_mac; i++) {
+		if (os_memcmp(a->deny_mac[i], b->deny_mac[i], ETH_ALEN) != 0)
+			return 1;
+	}
+
+	return 0;
+}
+
+
+/**
+ * reload_iface2 - Part 2 of reload_iface
+ * @hapd_iface: Pointer to hostapd interface data.
+ */
+static void reload_iface2(struct hostapd_iface *hapd_iface)
+{
+	struct hostapd_data *hapd = hapd_iface->bss[0];
+	struct hostapd_config *newconf = hapd_iface->change->newconf;
+	struct hostapd_config *oldconf = hapd_iface->change->oldconf;
+	int beacon_changed = hapd_iface->change->beacon_changed;
+	hostapd_iface_cb cb = hapd_iface->reload_iface_cb;
+
+	if (newconf->preamble != oldconf->preamble) {
+		if (hostapd_set_preamble(hapd, hapd->iconf->preamble))
+			printf("Could not set preamble for kernel driver\n");
+		beacon_changed++;
+	}
+
+	if (newconf->beacon_int != oldconf->beacon_int) {
+		/* Need to change beacon interval if it has changed or if
+		 * auto channel selection was used. */
+		if (hostapd_set_beacon_int(hapd, newconf->beacon_int))
+			printf("Could not set beacon interval for kernel "
+			       "driver\n");
+		if (newconf->beacon_int != oldconf->beacon_int)
+			beacon_changed++;
+	}
+
+	if (newconf->cts_protection_type != oldconf->cts_protection_type)
+		beacon_changed++;
+
+	if (newconf->rts_threshold > -1 &&
+	    newconf->rts_threshold != oldconf->rts_threshold &&
+	    hostapd_set_rts(hapd, newconf->rts_threshold))
+		printf("Could not set RTS threshold for kernel driver\n");
+
+	if (newconf->fragm_threshold > -1 &&
+	    newconf->fragm_threshold != oldconf->fragm_threshold &&
+	    hostapd_set_frag(hapd, newconf->fragm_threshold))
+		printf("Could not set fragmentation threshold for kernel "
+		       "driver\n");
+
+	hostapd_reconfig_tx_queue_params(hapd, newconf, oldconf);
+
+	if (hostapd_reconfig_wme(hapd, newconf, oldconf) > 0)
+		beacon_changed++;
+
+	ap_list_reconfig(hapd_iface, oldconf);
+
+	hapd_iface->change->beacon_changed = beacon_changed;
+
+	hapd_iface->reload_iface_cb = NULL;
+	cb(hapd_iface, 0);
+}
+
+
+/**
+ * reload_iface2_handler - Handler that calls reload_face2
+ * @eloop_data: Stores the struct hostapd_iface for the interface.
+ * @user_ctx: Unused.
+ */
+static void reload_iface2_handler(void *eloop_data, void *user_ctx)
+{
+	struct hostapd_iface *hapd_iface = eloop_data;
+
+	reload_iface2(hapd_iface);
+}
+
+
+/**
+ * reload_hw_mode_done - Callback for after the HW mode is setup
+ * @hapd_iface: Pointer to interface data.
+ * @status: Status of the HW mode setup.
+ */
+static void reload_hw_mode_done(struct hostapd_iface *hapd_iface, int status)
+{
+	struct hostapd_data *hapd = hapd_iface->bss[0];
+	struct hostapd_config_change *change = hapd_iface->change;
+	struct hostapd_config *newconf = change->newconf;
+	hostapd_iface_cb cb;
+	int freq;
+
+	if (status) {
+		printf("Failed to select hw_mode.\n");
+
+		cb = hapd_iface->reload_iface_cb;
+		hapd_iface->reload_iface_cb = NULL;
+		cb(hapd_iface, -1);
+
+		return;
+	}
+
+	freq = hostapd_hw_get_freq(hapd, newconf->channel);
+	wpa_printf(MSG_DEBUG, "Mode: %s  Channel: %d  Frequency: %d MHz",
+		   hostapd_hw_mode_txt(newconf->hw_mode),
+		   newconf->channel, freq);
+
+	if (hostapd_set_freq(hapd, newconf->hw_mode, freq)) {
+		printf("Could not set channel %d (%d MHz) for kernel "
+		       "driver\n", newconf->channel, freq);
+	}
+
+	change->beacon_changed++;
+
+	reload_iface2(hapd_iface);
+}
+
+
+/**
+ * hostapd_config_reload_iface_start - Start interface reload
+ * @hapd_iface: Pointer to interface data.
+ * @cb: The function to callback when done.
+ * Returns:  0 if it starts successfully; cb will be called when done.
+ *          -1 on failure; cb will not be called.
+ */
+static int hostapd_config_reload_iface_start(struct hostapd_iface *hapd_iface,
+					     hostapd_iface_cb cb)
+{
+	struct hostapd_config_change *change = hapd_iface->change;
+	struct hostapd_config *newconf = change->newconf;
+	struct hostapd_config *oldconf = change->oldconf;
+	struct hostapd_data *hapd = hapd_iface->bss[0];
+
+	if (hapd_iface->reload_iface_cb) {
+		wpa_printf(MSG_DEBUG,
+			   "%s: Interface reload already in progress.",
+			   hapd_iface->bss[0]->conf->iface);
+		return -1;
+	}
+
+	hapd_iface->reload_iface_cb = cb;
+
+	if (newconf->bridge_packets != oldconf->bridge_packets &&
+	    hapd->iconf->bridge_packets != INTERNAL_BRIDGE_DO_NOT_CONTROL &&
+	    hostapd_set_internal_bridge(hapd, hapd->iconf->bridge_packets))
+		printf("Failed to set bridge_packets for kernel driver\n");
+
+	if (newconf->channel != oldconf->channel ||
+	    newconf->hw_mode != oldconf->hw_mode ||
+	    rate_array_diff(newconf->supported_rates,
+			    oldconf->supported_rates) ||
+	    rate_array_diff(newconf->basic_rates, oldconf->basic_rates)) {
+		hostapd_free_stas(hapd);
+
+		if (hostapd_get_hw_features(hapd_iface)) {
+			printf("Could not read HW feature info from the kernel"
+			       " driver.\n");
+			hapd_iface->reload_iface_cb = NULL;
+			return -1;
+		}
+
+		if (hostapd_select_hw_mode_start(hapd_iface,
+						 reload_hw_mode_done)) {
+			printf("Failed to start select hw_mode.\n");
+			hapd_iface->reload_iface_cb = NULL;
+			return -1;
+		}
+
+		return 0;
+	}
+
+	eloop_register_timeout(0, 0, reload_iface2_handler, hapd_iface, NULL);
+	return 0;
+}
+
+
+static void hostapd_reconfig_bss(struct hostapd_data *hapd,
+				 struct hostapd_bss_config *newbss,
+				 struct hostapd_bss_config *oldbss,
+				 struct hostapd_config *oldconf,
+				 int beacon_changed)
+{
+	struct hostapd_config_change change;
+	int encr_changed = 0;
+	struct radius_client_data *old_radius;
+
+	radius_client_flush(hapd->radius, 0);
+
+	if (hostapd_set_dtim_period(hapd, newbss->dtim_period))
+		printf("Could not set DTIM period for kernel driver\n");
+
+	if (newbss->ssid.ssid_len != oldbss->ssid.ssid_len ||
+	    os_memcmp(newbss->ssid.ssid, oldbss->ssid.ssid,
+		      newbss->ssid.ssid_len) != 0) {
+		if (hostapd_set_ssid(hapd, (u8 *) newbss->ssid.ssid,
+				     newbss->ssid.ssid_len))
+			printf("Could not set SSID for kernel driver\n");
+		beacon_changed++;
+	}
+
+	if (newbss->ignore_broadcast_ssid != oldbss->ignore_broadcast_ssid)
+		beacon_changed++;
+
+	if (hostapd_wep_key_cmp(&newbss->ssid.wep, &oldbss->ssid.wep)) {
+		encr_changed++;
+		beacon_changed++;
+	}
+
+	vlan_reconfig(hapd, oldconf, oldbss);
+
+	if (beacon_changed) {
+		wpa_printf(MSG_DEBUG, "Updating beacon frame information");
+		ieee802_11_set_beacon(hapd);
+	}
+
+	change.hapd = hapd;
+	change.oldconf = oldconf;
+	change.newconf = hapd->iconf;
+	change.oldbss = oldbss;
+	change.newbss = newbss;
+	change.mac_acl_changed = hostapd_acl_diff(newbss, oldbss);
+	if (newbss->max_num_sta != oldbss->max_num_sta &&
+	    newbss->max_num_sta < hapd->num_sta) {
+		change.num_sta_remove = hapd->num_sta - newbss->max_num_sta;
+	} else
+		change.num_sta_remove = 0;
+	ap_for_each_sta(hapd, hostapd_config_reload_sta, &change);
+
+	old_radius = hapd->radius;
+	hapd->radius = radius_client_reconfig(hapd->radius, hapd,
+					      oldbss->radius, newbss->radius);
+	hapd->radius_client_reconfigured = old_radius != hapd->radius ||
+		hostapd_ip_diff(&newbss->own_ip_addr, &oldbss->own_ip_addr);
+
+	ieee802_1x_reconfig(hapd, oldconf, oldbss);
+	iapp_reconfig(hapd, oldconf, oldbss);
+
+	hostapd_acl_reconfig(hapd, oldconf);
+	accounting_reconfig(hapd, oldconf);
+}
+
+
+/**
+ * config_reload2 - Part 2 of configuration reloading
+ * @hapd_iface:
+ */
+static void config_reload2(struct hostapd_iface *hapd_iface, int status)
+{
+	struct hostapd_config_change *change = hapd_iface->change;
+	struct hostapd_data *hapd = change->hapd;
+	struct hostapd_config *newconf = change->newconf;
+	struct hostapd_config *oldconf = change->oldconf;
+	int beacon_changed = change->beacon_changed;
+	struct hostapd_data **new_hapd = change->new_hapd;
+	struct hostapd_data **old_hapd = change->old_hapd;
+	int num_old_hapd = change->num_old_hapd;
+	size_t i, j, max_bss, same_bssid;
+	struct hostapd_bss_config *newbss, *oldbss;
+	u8 *prev_addr;
+	hostapd_iface_cb cb;
+
+	os_free(change);
+	hapd_iface->change = NULL;
+
+	if (status) {
+		printf("Failed to setup new interface config\n");
+
+		cb = hapd_iface->config_reload_cb;
+		hapd_iface->config_reload_cb = NULL;
+
+		/* Invalid configuration - cleanup and terminate hostapd */
+		hapd_iface->bss = old_hapd;
+		hapd_iface->num_bss = num_old_hapd;
+		hapd_iface->conf = hapd->iconf = oldconf;
+		hapd->conf = &oldconf->bss[0];
+		hostapd_config_free(newconf);
+		os_free(new_hapd);
+
+		cb(hapd_iface, -2);
+
+		return;
+	}
+
+	/*
+	 * If any BSSes have been removed, added, or had their BSSIDs changed,
+	 * completely remove and reinitialize such BSSes and all the BSSes
+	 * following them since their BSSID might have changed.
+	 */
+	max_bss = oldconf->num_bss;
+	if (max_bss > newconf->num_bss)
+		max_bss = newconf->num_bss;
+
+	for (i = 0; i < max_bss; i++) {
+		if (os_strcmp(oldconf->bss[i].iface, newconf->bss[i].iface) !=
+		    0 || hostapd_mac_comp(oldconf->bss[i].bssid,
+					  newconf->bss[i].bssid) != 0)
+			break;
+	}
+	same_bssid = i;
+
+	for (i = 0; i < oldconf->num_bss; i++) {
+		oldbss = &oldconf->bss[i];
+		newbss = NULL;
+		for (j = 0; j < newconf->num_bss; j++) {
+			if (os_strcmp(oldbss->iface, newconf->bss[j].iface) ==
+			    0) {
+				newbss = &newconf->bss[j];
+				break;
+			}
+		}
+
+		if (newbss && i < same_bssid) {
+			hapd = hapd_iface->bss[j] = old_hapd[i];
+			hapd->iconf = newconf;
+			hapd->conf = newbss;
+			hostapd_reconfig_bss(hapd, newbss, oldbss, oldconf,
+					     beacon_changed);
+		} else {
+			hapd = old_hapd[i];
+			wpa_printf(MSG_DEBUG, "Removing BSS (ifname %s)",
+				   hapd->conf->iface);
+			hostapd_free_stas(hapd);
+			/* Send broadcast deauthentication for this BSS, but do
+			 * not clear all STAs from the driver since other BSSes
+			 * may have STA entries. The driver will remove all STA
+			 * entries for this BSS anyway when the interface is
+			 * being removed. */
+#if 0
+			hostapd_deauth_all_stas(hapd);
+			hostapd_cleanup(hapd);
+#endif
+
+			os_free(hapd);
+		}
+	}
+
+
+	prev_addr = hapd_iface->bss[0]->own_addr;
+	hapd = hapd_iface->bss[0];
+	for (j = 0; j < newconf->num_bss; j++) {
+		if (hapd_iface->bss[j] != NULL) {
+			prev_addr = hapd_iface->bss[j]->own_addr;
+			continue;
+		}
+
+		newbss = &newconf->bss[j];
+
+		wpa_printf(MSG_DEBUG, "Reconfiguration: adding new BSS "
+			   "(ifname=%s)", newbss->iface);
+
+#if 0
+		hapd = hapd_iface->bss[j] =
+			hostapd_alloc_bss_data(hapd_iface, newconf, newbss);
+		if (hapd == NULL) {
+			printf("Failed to initialize new BSS\n");
+			/* FIX: This one is somewhat hard to recover
+			 * from.. Would need to remove this BSS from
+			 * conf and BSS list. */
+			exit(1);
+		}
+#endif
+		hapd->driver = hapd_iface->bss[0]->driver;
+		hapd->iface = hapd_iface;
+		hapd->iconf = newconf;
+		hapd->conf = newbss;
+
+		os_memcpy(hapd->own_addr, prev_addr, ETH_ALEN);
+		if (hostapd_mac_comp_empty(hapd->conf->bssid) == 0)
+			prev_addr = hapd->own_addr;
+
+#if 0
+		if (hostapd_setup_bss(hapd, j == 0)) {
+			printf("Failed to setup new BSS\n");
+			/* FIX */
+			exit(1);
+		}
+#endif
+
+	}
+
+	os_free(old_hapd);
+	hostapd_config_free(oldconf);
+
+	cb = hapd_iface->config_reload_cb;
+	hapd_iface->config_reload_cb = NULL;
+
+	cb(hapd_iface, 0);
+}
+
+
+/**
+ * hostapd_config_reload_start - Start reconfiguration of an interface
+ * @hapd_iface: Pointer to hostapd interface data
+ * @cb: Function to be called back when done.
+ *      The status indicates:
+ *       0 = success, new configuration in use;
+ *      -1 = failed to update configuraiton, old configuration in use;
+ *      -2 = failed to update configuration and failed to recover; caller
+ *           should cleanup and terminate hostapd
+ * Returns:
+ *  0 = reconfiguration started;
+ * -1 = failed to update configuration, old configuration in use;
+ * -2 = failed to update configuration and failed to recover; caller
+ *      should cleanup and terminate hostapd
+ */
+int hostapd_config_reload_start(struct hostapd_iface *hapd_iface,
+				hostapd_iface_cb cb)
+{
+	struct hostapd_config *newconf, *oldconf;
+	struct hostapd_config_change *change;
+	struct hostapd_data *hapd = NULL;
+	struct hostapd_data **old_hapd, **new_hapd;
+	int num_old_hapd;
+
+	if (hapd_iface->config_reload_cb) {
+		wpa_printf(MSG_DEBUG, "%s: Config reload already in progress.",
+			   hapd_iface->bss[0]->conf->iface);
+		return -1;
+	}
+
+	newconf = hostapd_config_read(hapd_iface->config_fname);
+	if (newconf == NULL) {
+		printf("Failed to read new configuration file - continuing "
+		       "with old.\n");
+		return -1;
+	}
+
+	if (os_strcmp(newconf->bss[0].iface, hapd_iface->conf->bss[0].iface) !=
+	    0) {
+		printf("Interface name changing is not allowed in "
+		       "configuration reloading (%s -> %s).\n",
+		       hapd_iface->conf->bss[0].iface,  newconf->bss[0].iface);
+		hostapd_config_free(newconf);
+		return -1;
+	}
+
+	new_hapd = os_zalloc(newconf->num_bss *
+			     sizeof(struct hostapd_data *));
+	if (new_hapd == NULL) {
+		hostapd_config_free(newconf);
+		return -1;
+	}
+	old_hapd = hapd_iface->bss;
+	num_old_hapd = hapd_iface->num_bss;
+
+	hapd_iface->bss = new_hapd;
+	hapd_iface->num_bss = newconf->num_bss;
+	/*
+	 * First BSS remains the same since interface name changing was
+	 * prohibited above. Now, this is only used in
+	 * hostapd_config_reload_iface() and following loop will anyway set
+	 * this again.
+	 */
+	hapd = hapd_iface->bss[0] = old_hapd[0];
+
+	oldconf = hapd_iface->conf;
+	hapd->iconf = hapd_iface->conf = newconf;
+	hapd->conf = &newconf->bss[0];
+
+	change = os_zalloc(sizeof(struct hostapd_config_change));
+	if (change == NULL) {
+		hostapd_config_free(newconf);
+		return -1;
+	}
+
+	change->hapd = hapd;
+	change->newconf = newconf;
+	change->oldconf = oldconf;
+	change->beacon_changed = 0;
+	change->hapd_iface = hapd_iface;
+	change->new_hapd = new_hapd;
+	change->old_hapd = old_hapd;
+	change->num_old_hapd = num_old_hapd;
+
+	hapd_iface->config_reload_cb = cb;
+	hapd_iface->change = change;
+	if (hostapd_config_reload_iface_start(hapd_iface, config_reload2)) {
+		printf("Failed to start setup of new interface config\n");
+
+		hapd_iface->config_reload_cb = NULL;
+		os_free(change);
+		hapd_iface->change = NULL;
+
+		/* Invalid configuration - cleanup and terminate hostapd */
+		hapd_iface->bss = old_hapd;
+		hapd_iface->num_bss = num_old_hapd;
+		hapd_iface->conf = hapd->iconf = oldconf;
+		hapd->conf = &oldconf->bss[0];
+		hostapd_config_free(newconf);
+		os_free(new_hapd);
+		return -2;
+	}
+
+	return 0;
+}

hostapd/sta_info.c

@@ -0,0 +1,580 @@
+/*
+ * hostapd / Station table
+ * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "hostapd.h"
+#include "sta_info.h"
+#include "eloop.h"
+#include "accounting.h"
+#include "ieee802_1x.h"
+#include "ieee802_11.h"
+#include "radius/radius.h"
+#include "wpa.h"
+#include "preauth.h"
+#include "radius/radius_client.h"
+#include "driver.h"
+#include "beacon.h"
+#include "hw_features.h"
+#include "mlme.h"
+#include "vlan_init.h"
+
+static int ap_sta_in_other_bss(struct hostapd_data *hapd,
+			       struct sta_info *sta, u32 flags);
+static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx);
+
+int ap_for_each_sta(struct hostapd_data *hapd,
+		    int (*cb)(struct hostapd_data *hapd, struct sta_info *sta,
+			      void *ctx),
+		    void *ctx)
+{
+	struct sta_info *sta;
+
+	for (sta = hapd->sta_list; sta; sta = sta->next) {
+		if (cb(hapd, sta, ctx))
+			return 1;
+	}
+
+	return 0;
+}
+
+
+struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta)
+{
+	struct sta_info *s;
+
+	s = hapd->sta_hash[STA_HASH(sta)];
+	while (s != NULL && os_memcmp(s->addr, sta, 6) != 0)
+		s = s->hnext;
+	return s;
+}
+
+
+static void ap_sta_list_del(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	struct sta_info *tmp;
+
+	if (hapd->sta_list == sta) {
+		hapd->sta_list = sta->next;
+		return;
+	}
+
+	tmp = hapd->sta_list;
+	while (tmp != NULL && tmp->next != sta)
+		tmp = tmp->next;
+	if (tmp == NULL) {
+		wpa_printf(MSG_DEBUG, "Could not remove STA " MACSTR " from "
+			   "list.", MAC2STR(sta->addr));
+	} else
+		tmp->next = sta->next;
+}
+
+
+void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	sta->hnext = hapd->sta_hash[STA_HASH(sta->addr)];
+	hapd->sta_hash[STA_HASH(sta->addr)] = sta;
+}
+
+
+static void ap_sta_hash_del(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	struct sta_info *s;
+
+	s = hapd->sta_hash[STA_HASH(sta->addr)];
+	if (s == NULL) return;
+	if (os_memcmp(s->addr, sta->addr, 6) == 0) {
+		hapd->sta_hash[STA_HASH(sta->addr)] = s->hnext;
+		return;
+	}
+
+	while (s->hnext != NULL &&
+	       os_memcmp(s->hnext->addr, sta->addr, ETH_ALEN) != 0)
+		s = s->hnext;
+	if (s->hnext != NULL)
+		s->hnext = s->hnext->hnext;
+	else
+		wpa_printf(MSG_DEBUG, "AP: could not remove STA " MACSTR
+			   " from hash table", MAC2STR(sta->addr));
+}
+
+
+void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	int set_beacon = 0;
+
+	accounting_sta_stop(hapd, sta);
+
+	if (!ap_sta_in_other_bss(hapd, sta, WLAN_STA_ASSOC) &&
+	    !(sta->flags & WLAN_STA_PREAUTH))
+		hostapd_sta_remove(hapd, sta->addr);
+
+	ap_sta_hash_del(hapd, sta);
+	ap_sta_list_del(hapd, sta);
+
+	if (sta->aid > 0)
+		hapd->sta_aid[sta->aid - 1] = NULL;
+
+	hapd->num_sta--;
+	if (sta->nonerp_set) {
+		sta->nonerp_set = 0;
+		hapd->iface->num_sta_non_erp--;
+		if (hapd->iface->num_sta_non_erp == 0)
+			set_beacon++;
+	}
+
+	if (sta->no_short_slot_time_set) {
+		sta->no_short_slot_time_set = 0;
+		hapd->iface->num_sta_no_short_slot_time--;
+		if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
+		    && hapd->iface->num_sta_no_short_slot_time == 0)
+			set_beacon++;
+	}
+
+	if (sta->no_short_preamble_set) {
+		sta->no_short_preamble_set = 0;
+		hapd->iface->num_sta_no_short_preamble--;
+		if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
+		    && hapd->iface->num_sta_no_short_preamble == 0)
+			set_beacon++;
+	}
+
+	if (set_beacon)
+		ieee802_11_set_beacons(hapd->iface);
+
+	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
+	eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
+
+	ieee802_1x_free_station(sta);
+	wpa_auth_sta_deinit(sta->wpa_sm);
+	rsn_preauth_free_station(hapd, sta);
+	radius_client_flush_auth(hapd->radius, sta->addr);
+
+	os_free(sta->last_assoc_req);
+	os_free(sta->challenge);
+	os_free(sta);
+}
+
+
+void hostapd_free_stas(struct hostapd_data *hapd)
+{
+	struct sta_info *sta, *prev;
+
+	sta = hapd->sta_list;
+
+	while (sta) {
+		prev = sta;
+		if (sta->flags & WLAN_STA_AUTH) {
+			mlme_deauthenticate_indication(
+				hapd, sta, WLAN_REASON_UNSPECIFIED);
+		}
+		sta = sta->next;
+		wpa_printf(MSG_DEBUG, "Removing station " MACSTR,
+			   MAC2STR(prev->addr));
+		ap_free_sta(hapd, prev);
+	}
+}
+
+
+void ap_handle_timer(void *eloop_ctx, void *timeout_ctx)
+{
+	struct hostapd_data *hapd = eloop_ctx;
+	struct sta_info *sta = timeout_ctx;
+	unsigned long next_time = 0;
+
+	if (sta->timeout_next == STA_REMOVE) {
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
+			       "local deauth request");
+		ap_free_sta(hapd, sta);
+		return;
+	}
+
+	if ((sta->flags & WLAN_STA_ASSOC) &&
+	    (sta->timeout_next == STA_NULLFUNC ||
+	     sta->timeout_next == STA_DISASSOC)) {
+		int inactive_sec;
+		wpa_printf(MSG_DEBUG, "Checking STA " MACSTR " inactivity:",
+			   MAC2STR(sta->addr));
+		inactive_sec = hostapd_get_inact_sec(hapd, sta->addr);
+		if (inactive_sec == -1) {
+			wpa_printf(MSG_DEBUG, "Could not get station info "
+				   "from kernel driver for " MACSTR ".",
+				   MAC2STR(sta->addr));
+		} else if (inactive_sec < hapd->conf->ap_max_inactivity &&
+			   sta->flags & WLAN_STA_ASSOC) {
+			/* station activity detected; reset timeout state */
+			wpa_printf(MSG_DEBUG, "  Station has been active");
+			sta->timeout_next = STA_NULLFUNC;
+			next_time = hapd->conf->ap_max_inactivity -
+				inactive_sec;
+		}
+	}
+
+	if ((sta->flags & WLAN_STA_ASSOC) &&
+	    sta->timeout_next == STA_DISASSOC &&
+	    !(sta->flags & WLAN_STA_PENDING_POLL)) {
+		wpa_printf(MSG_DEBUG, "  Station has ACKed data poll");
+		/* data nullfunc frame poll did not produce TX errors; assume
+		 * station ACKed it */
+		sta->timeout_next = STA_NULLFUNC;
+		next_time = hapd->conf->ap_max_inactivity;
+	}
+
+	if (next_time) {
+		eloop_register_timeout(next_time, 0, ap_handle_timer, hapd,
+				       sta);
+		return;
+	}
+
+	if (sta->timeout_next == STA_NULLFUNC &&
+	    (sta->flags & WLAN_STA_ASSOC)) {
+		/* send data frame to poll STA and check whether this frame
+		 * is ACKed */
+		struct ieee80211_hdr hdr;
+
+		wpa_printf(MSG_DEBUG, "  Polling STA with data frame");
+		sta->flags |= WLAN_STA_PENDING_POLL;
+
+#ifndef CONFIG_NATIVE_WINDOWS
+		/* FIX: WLAN_FC_STYPE_NULLFUNC would be more appropriate, but
+		 * it is apparently not retried so TX Exc events are not
+		 * received for it */
+		os_memset(&hdr, 0, sizeof(hdr));
+		hdr.frame_control =
+			IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
+		hdr.frame_control |= host_to_le16(BIT(1));
+		hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS);
+		os_memcpy(hdr.IEEE80211_DA_FROMDS, sta->addr, ETH_ALEN);
+		os_memcpy(hdr.IEEE80211_BSSID_FROMDS, hapd->own_addr,
+			  ETH_ALEN);
+		os_memcpy(hdr.IEEE80211_SA_FROMDS, hapd->own_addr, ETH_ALEN);
+
+		if (hostapd_send_mgmt_frame(hapd, &hdr, sizeof(hdr), 0) < 0)
+			perror("ap_handle_timer: send");
+#endif /* CONFIG_NATIVE_WINDOWS */
+	} else if (sta->timeout_next != STA_REMOVE) {
+		int deauth = sta->timeout_next == STA_DEAUTH;
+
+		wpa_printf(MSG_DEBUG, "Sending %s info to STA " MACSTR,
+			   deauth ? "deauthentication" : "disassociation",
+			   MAC2STR(sta->addr));
+
+		if (deauth) {
+			hostapd_sta_deauth(hapd, sta->addr,
+					   WLAN_REASON_PREV_AUTH_NOT_VALID);
+		} else {
+			hostapd_sta_disassoc(
+				hapd, sta->addr,
+				WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
+		}
+	}
+
+	switch (sta->timeout_next) {
+	case STA_NULLFUNC:
+		sta->timeout_next = STA_DISASSOC;
+		eloop_register_timeout(AP_DISASSOC_DELAY, 0, ap_handle_timer,
+				       hapd, sta);
+		break;
+	case STA_DISASSOC:
+		sta->flags &= ~WLAN_STA_ASSOC;
+		ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
+		if (!sta->acct_terminate_cause)
+			sta->acct_terminate_cause =
+				RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
+		accounting_sta_stop(hapd, sta);
+		ieee802_1x_free_station(sta);
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_INFO, "disassociated due to "
+			       "inactivity");
+		sta->timeout_next = STA_DEAUTH;
+		eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
+				       hapd, sta);
+		mlme_disassociate_indication(
+			hapd, sta, WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
+		break;
+	case STA_DEAUTH:
+	case STA_REMOVE:
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
+			       "inactivity");
+		if (!sta->acct_terminate_cause)
+			sta->acct_terminate_cause =
+				RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
+		mlme_deauthenticate_indication(
+			hapd, sta,
+			WLAN_REASON_PREV_AUTH_NOT_VALID);
+		ap_free_sta(hapd, sta);
+		break;
+	}
+}
+
+
+static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx)
+{
+	struct hostapd_data *hapd = eloop_ctx;
+	struct sta_info *sta = timeout_ctx;
+	u8 addr[ETH_ALEN];
+
+	if (!(sta->flags & WLAN_STA_AUTH))
+		return;
+
+	mlme_deauthenticate_indication(hapd, sta,
+				       WLAN_REASON_PREV_AUTH_NOT_VALID);
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+		       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
+		       "session timeout");
+	sta->acct_terminate_cause =
+		RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT;
+	os_memcpy(addr, sta->addr, ETH_ALEN);
+	ap_free_sta(hapd, sta);
+	hostapd_sta_deauth(hapd, addr, WLAN_REASON_PREV_AUTH_NOT_VALID);
+}
+
+
+void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta,
+			    u32 session_timeout)
+{
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+		       HOSTAPD_LEVEL_DEBUG, "setting session timeout to %d "
+		       "seconds", session_timeout);
+	eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
+	eloop_register_timeout(session_timeout, 0, ap_handle_session_timer,
+			       hapd, sta);
+}
+
+
+void ap_sta_no_session_timeout(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
+}
+
+
+struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr)
+{
+	struct sta_info *sta;
+
+	sta = ap_get_sta(hapd, addr);
+	if (sta)
+		return sta;
+
+	wpa_printf(MSG_DEBUG, "  New STA");
+	if (hapd->num_sta >= hapd->conf->max_num_sta) {
+		/* FIX: might try to remove some old STAs first? */
+		wpa_printf(MSG_DEBUG, "no more room for new STAs (%d/%d)",
+			   hapd->num_sta, hapd->conf->max_num_sta);
+		return NULL;
+	}
+
+	sta = os_zalloc(sizeof(struct sta_info));
+	if (sta == NULL) {
+		wpa_printf(MSG_ERROR, "malloc failed");
+		return NULL;
+	}
+	sta->acct_interim_interval = hapd->conf->radius->acct_interim_interval;
+
+	/* initialize STA info data */
+	eloop_register_timeout(hapd->conf->ap_max_inactivity, 0,
+			       ap_handle_timer, hapd, sta);
+	os_memcpy(sta->addr, addr, ETH_ALEN);
+	sta->next = hapd->sta_list;
+	hapd->sta_list = sta;
+	hapd->num_sta++;
+	ap_sta_hash_add(hapd, sta);
+	sta->ssid = &hapd->conf->ssid;
+
+	return sta;
+}
+
+
+static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta)
+{
+	ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
+
+	wpa_printf(MSG_DEBUG, "Removing STA " MACSTR " from kernel driver",
+		   MAC2STR(sta->addr));
+	if (hostapd_sta_remove(hapd, sta->addr) &&
+	    sta->flags & WLAN_STA_ASSOC) {
+		wpa_printf(MSG_DEBUG, "Could not remove station " MACSTR
+			   " from kernel driver.", MAC2STR(sta->addr));
+		return -1;
+	}
+	return 0;
+}
+
+
+static int ap_sta_in_other_bss(struct hostapd_data *hapd,
+			       struct sta_info *sta, u32 flags)
+{
+	struct hostapd_iface *iface = hapd->iface;
+	size_t i;
+
+	for (i = 0; i < iface->num_bss; i++) {
+		struct hostapd_data *bss = iface->bss[i];
+		struct sta_info *sta2;
+		/* bss should always be set during operation, but it may be
+		 * NULL during reconfiguration. Assume the STA is not
+		 * associated to another BSS in that case to avoid NULL pointer
+		 * dereferences. */
+		if (bss == hapd || bss == NULL)
+			continue;
+		sta2 = ap_get_sta(bss, sta->addr);
+		if (sta2 && ((sta2->flags & flags) == flags))
+			return 1;
+	}
+
+	return 0;
+}
+
+
+void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta,
+			 u16 reason)
+{
+	wpa_printf(MSG_DEBUG, "%s: disassociate STA " MACSTR,
+		   hapd->conf->iface, MAC2STR(sta->addr));
+	sta->flags &= ~WLAN_STA_ASSOC;
+	if (!ap_sta_in_other_bss(hapd, sta, WLAN_STA_ASSOC))
+		ap_sta_remove(hapd, sta);
+	sta->timeout_next = STA_DEAUTH;
+	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
+	eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DISASSOC, 0,
+			       ap_handle_timer, hapd, sta);
+	accounting_sta_stop(hapd, sta);
+	ieee802_1x_free_station(sta);
+
+	mlme_disassociate_indication(hapd, sta, reason);
+}
+
+
+void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta,
+			   u16 reason)
+{
+	wpa_printf(MSG_DEBUG, "%s: deauthenticate STA " MACSTR,
+		   hapd->conf->iface, MAC2STR(sta->addr));
+	sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
+	if (!ap_sta_in_other_bss(hapd, sta, WLAN_STA_ASSOC))
+		ap_sta_remove(hapd, sta);
+	sta->timeout_next = STA_REMOVE;
+	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
+	eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
+			       ap_handle_timer, hapd, sta);
+	accounting_sta_stop(hapd, sta);
+	ieee802_1x_free_station(sta);
+
+	mlme_deauthenticate_indication(hapd, sta, reason);
+}
+
+
+int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta,
+		     int old_vlanid)
+{
+	const char *iface;
+	struct hostapd_vlan *vlan = NULL;
+
+	/*
+	 * Do not proceed furthur if the vlan id remains same. We do not want
+	 * duplicate dynamic vlan entries.
+	 */
+	if (sta->vlan_id == old_vlanid)
+		return 0;
+
+	/*
+	 * During 1x reauth, if the vlan id changes, then remove the old id and
+	 * proceed furthur to add the new one.
+	 */
+	if (old_vlanid > 0)
+		vlan_remove_dynamic(hapd, old_vlanid);
+
+	iface = hapd->conf->iface;
+	if (sta->ssid->vlan[0])
+		iface = sta->ssid->vlan;
+
+	if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED)
+		sta->vlan_id = 0;
+	else if (sta->vlan_id > 0) {
+		vlan = hapd->conf->vlan;
+		while (vlan) {
+			if (vlan->vlan_id == sta->vlan_id ||
+			    vlan->vlan_id == VLAN_ID_WILDCARD) {
+				iface = vlan->ifname;
+				break;
+			}
+			vlan = vlan->next;
+		}
+	}
+
+	if (sta->vlan_id > 0 && vlan == NULL) {
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_DEBUG, "could not find VLAN for "
+			       "binding station to (vlan_id=%d)",
+			       sta->vlan_id);
+		return -1;
+	} else if (sta->vlan_id > 0 && vlan->vlan_id == VLAN_ID_WILDCARD) {
+		vlan = vlan_add_dynamic(hapd, vlan, sta->vlan_id);
+		if (vlan == NULL) {
+			hostapd_logger(hapd, sta->addr,
+				       HOSTAPD_MODULE_IEEE80211,
+				       HOSTAPD_LEVEL_DEBUG, "could not add "
+				       "dynamic VLAN interface for vlan_id=%d",
+				       sta->vlan_id);
+			return -1;
+		}
+
+		iface = vlan->ifname;
+		if (vlan_setup_encryption_dyn(hapd, sta->ssid, iface) != 0) {
+			hostapd_logger(hapd, sta->addr,
+				       HOSTAPD_MODULE_IEEE80211,
+				       HOSTAPD_LEVEL_DEBUG, "could not "
+				       "configure encryption for dynamic VLAN "
+				       "interface for vlan_id=%d",
+				       sta->vlan_id);
+		}
+
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_DEBUG, "added new dynamic VLAN "
+			       "interface '%s'", iface);
+	} else if (vlan && vlan->vlan_id == sta->vlan_id) {
+		if (sta->vlan_id > 0) {
+			vlan->dynamic_vlan++;
+			hostapd_logger(hapd, sta->addr,
+				       HOSTAPD_MODULE_IEEE80211,
+				       HOSTAPD_LEVEL_DEBUG, "updated existing "
+				       "dynamic VLAN interface '%s'", iface);
+		}
+
+		/*
+		 * Update encryption configuration for statically generated
+		 * VLAN interface. This is only used for static WEP
+		 * configuration for the case where hostapd did not yet know
+		 * which keys are to be used when the interface was added.
+		 */
+		if (vlan_setup_encryption_dyn(hapd, sta->ssid, iface) != 0) {
+			hostapd_logger(hapd, sta->addr,
+				       HOSTAPD_MODULE_IEEE80211,
+				       HOSTAPD_LEVEL_DEBUG, "could not "
+				       "configure encryption for VLAN "
+				       "interface for vlan_id=%d",
+				       sta->vlan_id);
+		}
+	}
+
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+		       HOSTAPD_LEVEL_DEBUG, "binding station to interface "
+		       "'%s'", iface);
+
+	if (wpa_auth_sta_set_vlan(sta->wpa_sm, sta->vlan_id) < 0)
+		wpa_printf(MSG_INFO, "Failed to update VLAN-ID for WPA");
+
+	return hostapd_set_sta_vlan(iface, hapd, sta->addr, sta->vlan_id);
+}

hostapd/sta_info.h

@@ -0,0 +1,40 @@
+/*
+ * hostapd / Station table
+ * Copyright (c) 2002-2004, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef STA_INFO_H
+#define STA_INFO_H
+
+int ap_for_each_sta(struct hostapd_data *hapd,
+		    int (*cb)(struct hostapd_data *hapd, struct sta_info *sta,
+			      void *ctx),
+		    void *ctx);
+struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta);
+void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta);
+void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta);
+void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta);
+void hostapd_free_stas(struct hostapd_data *hapd);
+void ap_handle_timer(void *eloop_ctx, void *timeout_ctx);
+void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta,
+			    u32 session_timeout);
+void ap_sta_no_session_timeout(struct hostapd_data *hapd,
+			       struct sta_info *sta);
+struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr);
+void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta,
+			 u16 reason);
+void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta,
+			   u16 reason);
+int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta,
+		     int old_vlanid);
+
+#endif /* STA_INFO_H */

hostapd/vlan_init.c

@@ -0,0 +1,832 @@
+/*
+ * hostapd / VLAN initialization
+ * Copyright 2003, Instant802 Networks, Inc.
+ * Copyright 2005-2006, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "hostapd.h"
+#include "driver.h"
+#include "vlan_init.h"
+
+
+#ifdef CONFIG_FULL_DYNAMIC_VLAN
+
+#include <net/if.h>
+#include <sys/ioctl.h>
+#include <linux/sockios.h>
+#include <linux/if_vlan.h>
+typedef __uint64_t __u64;
+typedef __uint32_t __u32;
+typedef __int32_t __s32;
+typedef __uint16_t __u16;
+typedef __int16_t __s16;
+typedef __uint8_t __u8;
+#include <linux/if_bridge.h>
+
+#include "priv_netlink.h"
+#include "eloop.h"
+
+
+struct full_dynamic_vlan {
+	int s; /* socket on which to listen for new/removed interfaces. */
+};
+
+
+static int ifconfig_helper(const char *if_name, int up)
+{
+	int fd;
+	struct ifreq ifr;
+
+	if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+		perror("socket[AF_INET,SOCK_STREAM]");
+		return -1;
+	}
+
+	os_memset(&ifr, 0, sizeof(ifr));
+	os_strlcpy(ifr.ifr_name, if_name, IFNAMSIZ);
+
+	if (ioctl(fd, SIOCGIFFLAGS, &ifr) != 0) {
+		perror("ioctl[SIOCGIFFLAGS]");
+		close(fd);
+		return -1;
+	}
+
+	if (up)
+		ifr.ifr_flags |= IFF_UP;
+	else
+		ifr.ifr_flags &= ~IFF_UP;
+
+	if (ioctl(fd, SIOCSIFFLAGS, &ifr) != 0) {
+		perror("ioctl[SIOCSIFFLAGS]");
+		close(fd);
+		return -1;
+	}
+
+	close(fd);
+	return 0;
+}
+
+
+static int ifconfig_up(const char *if_name)
+{
+	return ifconfig_helper(if_name, 1);
+}
+
+
+static int ifconfig_down(const char *if_name)
+{
+	return ifconfig_helper(if_name, 0);
+}
+
+
+/*
+ * These are only available in recent linux headers (without the leading
+ * underscore).
+ */
+#define _GET_VLAN_REALDEV_NAME_CMD	8
+#define _GET_VLAN_VID_CMD		9
+
+/* This value should be 256 ONLY. If it is something else, then hostapd
+ * might crash!, as this value has been hard-coded in 2.4.x kernel
+ * bridging code.
+ */
+#define MAX_BR_PORTS      		256
+
+static int br_delif(const char *br_name, const char *if_name)
+{
+	int fd;
+	struct ifreq ifr;
+	unsigned long args[2];
+	int if_index;
+
+	if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+		perror("socket[AF_INET,SOCK_STREAM]");
+		return -1;
+	}
+
+	if_index = if_nametoindex(if_name);
+
+	if (if_index == 0) {
+		printf("Failure determining interface index for '%s'\n",
+		       if_name);
+		close(fd);
+		return -1;
+	}
+
+	args[0] = BRCTL_DEL_IF;
+	args[1] = if_index;
+
+	os_strlcpy(ifr.ifr_name, br_name, sizeof(ifr.ifr_name));
+	ifr.ifr_data = (__caddr_t) args;
+
+	if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0 && errno != EINVAL) {
+		/* No error if interface already removed. */
+		perror("ioctl[SIOCDEVPRIVATE,BRCTL_DEL_IF]");
+		close(fd);
+		return -1;
+	}
+
+	close(fd);
+	return 0;
+}
+
+
+/*
+	Add interface 'if_name' to the bridge 'br_name'
+
+	returns -1 on error
+	returns 1 if the interface is already part of the bridge
+	returns 0 otherwise
+*/
+static int br_addif(const char *br_name, const char *if_name)
+{
+	int fd;
+	struct ifreq ifr;
+	unsigned long args[2];
+	int if_index;
+
+	if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+		perror("socket[AF_INET,SOCK_STREAM]");
+		return -1;
+	}
+
+	if_index = if_nametoindex(if_name);
+
+	if (if_index == 0) {
+		printf("Failure determining interface index for '%s'\n",
+		       if_name);
+		close(fd);
+		return -1;
+	}
+
+	args[0] = BRCTL_ADD_IF;
+	args[1] = if_index;
+
+	os_strlcpy(ifr.ifr_name, br_name, sizeof(ifr.ifr_name));
+	ifr.ifr_data = (__caddr_t) args;
+
+	if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0) {
+		if (errno == EBUSY) {
+			/* The interface is already added. */
+			close(fd);
+			return 1;
+		}
+
+		perror("ioctl[SIOCDEVPRIVATE,BRCTL_ADD_IF]");
+		close(fd);
+		return -1;
+	}
+
+	close(fd);
+	return 0;
+}
+
+
+static int br_delbr(const char *br_name)
+{
+	int fd;
+	unsigned long arg[2];
+
+	if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+		perror("socket[AF_INET,SOCK_STREAM]");
+		return -1;
+	}
+
+	arg[0] = BRCTL_DEL_BRIDGE;
+	arg[1] = (unsigned long) br_name;
+
+	if (ioctl(fd, SIOCGIFBR, arg) < 0 && errno != ENXIO) {
+		/* No error if bridge already removed. */
+		perror("ioctl[BRCTL_DEL_BRIDGE]");
+		close(fd);
+		return -1;
+	}
+
+	close(fd);
+	return 0;
+}
+
+
+/*
+	Add a bridge with the name 'br_name'.
+
+	returns -1 on error
+	returns 1 if the bridge already exists
+	returns 0 otherwise
+*/
+static int br_addbr(const char *br_name)
+{
+	int fd;
+	unsigned long arg[2];
+
+	if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+		perror("socket[AF_INET,SOCK_STREAM]");
+		return -1;
+	}
+
+	arg[0] = BRCTL_ADD_BRIDGE;
+	arg[1] = (unsigned long) br_name;
+
+	if (ioctl(fd, SIOCGIFBR, arg) < 0) {
+ 		if (errno == EEXIST) {
+			/* The bridge is already added. */
+			close(fd);
+			return 1;
+		} else {
+			perror("ioctl[BRCTL_ADD_BRIDGE]");
+			close(fd);
+			return -1;
+		}
+	}
+
+	close(fd);
+	return 0;
+}
+
+
+static int br_getnumports(const char *br_name)
+{
+	int fd;
+	int i;
+	int port_cnt = 0;
+	unsigned long arg[4];
+	int ifindices[MAX_BR_PORTS];
+	struct ifreq ifr;
+
+	if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+		perror("socket[AF_INET,SOCK_STREAM]");
+		return -1;
+	}
+
+	arg[0] = BRCTL_GET_PORT_LIST;
+	arg[1] = (unsigned long) ifindices;
+	arg[2] = MAX_BR_PORTS;
+	arg[3] = 0;
+
+	os_memset(ifindices, 0, sizeof(ifindices));
+	os_strlcpy(ifr.ifr_name, br_name, sizeof(ifr.ifr_name));
+	ifr.ifr_data = (__caddr_t) arg;
+
+	if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0) {
+		perror("ioctl[SIOCDEVPRIVATE,BRCTL_GET_PORT_LIST]");
+		close(fd);
+		return -1;
+	}
+
+	for (i = 1; i < MAX_BR_PORTS; i++) {
+		if (ifindices[i] > 0) {
+			port_cnt++;
+		}
+	}
+
+	close(fd);
+	return port_cnt;
+}
+
+
+static int vlan_rem(const char *if_name)
+{
+	int fd;
+	struct vlan_ioctl_args if_request;
+
+	if ((os_strlen(if_name) + 1) > sizeof(if_request.device1)) {
+		fprintf(stderr, "Interface name to long.\n");
+		return -1;
+	}
+
+	if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+		perror("socket[AF_INET,SOCK_STREAM]");
+		return -1;
+	}
+
+	os_memset(&if_request, 0, sizeof(if_request));
+
+	os_strlcpy(if_request.device1, if_name, sizeof(if_request.device1));
+	if_request.cmd = DEL_VLAN_CMD;
+
+	if (ioctl(fd, SIOCSIFVLAN, &if_request) < 0) {
+		perror("ioctl[SIOCSIFVLAN,DEL_VLAN_CMD]");
+		close(fd);
+		return -1;
+	}
+
+	close(fd);
+	return 0;
+}
+
+
+/*
+	Add a vlan interface with VLAN ID 'vid' and tagged interface
+	'if_name'.
+
+	returns -1 on error
+	returns 1 if the interface already exists
+	returns 0 otherwise
+*/
+static int vlan_add(const char *if_name, int vid)
+{
+	int fd;
+	struct vlan_ioctl_args if_request;
+
+	ifconfig_up(if_name);
+
+	if ((os_strlen(if_name) + 1) > sizeof(if_request.device1)) {
+		fprintf(stderr, "Interface name to long.\n");
+		return -1;
+	}
+
+	if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+		perror("socket[AF_INET,SOCK_STREAM]");
+		return -1;
+	}
+
+	os_memset(&if_request, 0, sizeof(if_request));
+
+	/* Determine if a suitable vlan device already exists. */
+
+	os_snprintf(if_request.device1, sizeof(if_request.device1), "vlan%d",
+		    vid);
+
+	if_request.cmd = _GET_VLAN_VID_CMD;
+
+	if (ioctl(fd, SIOCSIFVLAN, &if_request) == 0) {
+
+		if (if_request.u.VID == vid) {
+			if_request.cmd = _GET_VLAN_REALDEV_NAME_CMD;
+
+			if (ioctl(fd, SIOCSIFVLAN, &if_request) == 0 &&
+			    os_strncmp(if_request.u.device2, if_name,
+				       sizeof(if_request.u.device2)) == 0) {
+				close(fd);
+				return 1;
+			}
+		}
+	}
+
+	/* A suitable vlan device does not already exist, add one. */
+
+	os_memset(&if_request, 0, sizeof(if_request));
+	os_strlcpy(if_request.device1, if_name, sizeof(if_request.device1));
+	if_request.u.VID = vid;
+	if_request.cmd = ADD_VLAN_CMD;
+
+	if (ioctl(fd, SIOCSIFVLAN, &if_request) < 0) {
+		perror("ioctl[SIOCSIFVLAN,ADD_VLAN_CMD]");
+		close(fd);
+		return -1;
+	}
+
+	close(fd);
+	return 0;
+}
+
+
+static int vlan_set_name_type(unsigned int name_type)
+{
+	int fd;
+	struct vlan_ioctl_args if_request;
+
+	if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+		perror("socket[AF_INET,SOCK_STREAM]");
+		return -1;
+	}
+
+	os_memset(&if_request, 0, sizeof(if_request));
+
+	if_request.u.name_type = name_type;
+	if_request.cmd = SET_VLAN_NAME_TYPE_CMD;
+	if (ioctl(fd, SIOCSIFVLAN, &if_request) < 0) {
+		perror("ioctl[SIOCSIFVLAN,SET_VLAN_NAME_TYPE_CMD]");
+		close(fd);
+		return -1;
+	}
+
+	close(fd);
+	return 0;
+}
+
+
+static void vlan_newlink(char *ifname, struct hostapd_data *hapd)
+{
+	char vlan_ifname[IFNAMSIZ];
+	char br_name[IFNAMSIZ];
+	struct hostapd_vlan *vlan = hapd->conf->vlan;
+	char *tagged_interface = hapd->conf->ssid.vlan_tagged_interface;
+
+	while (vlan) {
+		if (os_strcmp(ifname, vlan->ifname) == 0) {
+
+			os_snprintf(br_name, sizeof(br_name), "brvlan%d",
+				    vlan->vlan_id);
+
+			if (!br_addbr(br_name))
+				vlan->clean |= DVLAN_CLEAN_BR;
+
+			ifconfig_up(br_name);
+
+			if (tagged_interface) {
+
+				if (!vlan_add(tagged_interface, vlan->vlan_id))
+					vlan->clean |= DVLAN_CLEAN_VLAN;
+
+				os_snprintf(vlan_ifname, sizeof(vlan_ifname),
+					    "vlan%d", vlan->vlan_id);
+
+				if (!br_addif(br_name, vlan_ifname))
+					vlan->clean |= DVLAN_CLEAN_VLAN_PORT;
+
+				ifconfig_up(vlan_ifname);
+			}
+
+			if (!br_addif(br_name, ifname))
+				vlan->clean |= DVLAN_CLEAN_WLAN_PORT;
+
+			ifconfig_up(ifname);
+
+			break;
+		}
+		vlan = vlan->next;
+	}
+}
+
+
+static void vlan_dellink(char *ifname, struct hostapd_data *hapd)
+{
+	char vlan_ifname[IFNAMSIZ];
+	char br_name[IFNAMSIZ];
+	struct hostapd_vlan *first, *prev, *vlan = hapd->conf->vlan;
+	char *tagged_interface = hapd->conf->ssid.vlan_tagged_interface;
+	int numports;
+
+	first = prev = vlan;
+
+	while (vlan) {
+		if (os_strcmp(ifname, vlan->ifname) == 0) {
+			os_snprintf(br_name, sizeof(br_name), "brvlan%d",
+				    vlan->vlan_id);
+
+			if (tagged_interface) {
+				os_snprintf(vlan_ifname, sizeof(vlan_ifname),
+					    "vlan%d", vlan->vlan_id);
+
+				numports = br_getnumports(br_name);
+				if (numports == 1) {
+					br_delif(br_name, vlan_ifname);
+
+					vlan_rem(vlan_ifname);
+
+					ifconfig_down(br_name);
+					br_delbr(br_name);
+				}
+			}
+
+			if (vlan == first) {
+				hapd->conf->vlan = vlan->next;
+			} else {
+				prev->next = vlan->next;
+			}
+			os_free(vlan);
+
+			break;
+		}
+		prev = vlan;
+		vlan = vlan->next;
+	}
+}
+
+
+static void
+vlan_read_ifnames(struct nlmsghdr *h, size_t len, int del,
+		  struct hostapd_data *hapd)
+{
+	struct ifinfomsg *ifi;
+	int attrlen, nlmsg_len, rta_len;
+	struct rtattr *attr;
+
+	if (len < sizeof(*ifi))
+		return;
+
+	ifi = NLMSG_DATA(h);
+
+	nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
+
+	attrlen = h->nlmsg_len - nlmsg_len;
+	if (attrlen < 0)
+		return;
+
+	attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
+
+	rta_len = RTA_ALIGN(sizeof(struct rtattr));
+	while (RTA_OK(attr, attrlen)) {
+		char ifname[IFNAMSIZ + 1];
+
+		if (attr->rta_type == IFLA_IFNAME) {
+			int n = attr->rta_len - rta_len;
+			if (n < 0)
+				break;
+
+			os_memset(ifname, 0, sizeof(ifname));
+
+			if ((size_t) n > sizeof(ifname))
+				n = sizeof(ifname);
+			os_memcpy(ifname, ((char *) attr) + rta_len, n);
+
+			if (del)
+				vlan_dellink(ifname, hapd);
+			else
+				vlan_newlink(ifname, hapd);
+		}
+
+		attr = RTA_NEXT(attr, attrlen);
+	}
+}
+
+
+static void vlan_event_receive(int sock, void *eloop_ctx, void *sock_ctx)
+{
+	char buf[8192];
+	int left;
+	struct sockaddr_nl from;
+	socklen_t fromlen;
+	struct nlmsghdr *h;
+	struct hostapd_data *hapd = eloop_ctx;
+
+	fromlen = sizeof(from);
+	left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
+			(struct sockaddr *) &from, &fromlen);
+	if (left < 0) {
+		if (errno != EINTR && errno != EAGAIN)
+			perror("recvfrom(netlink)");
+		return;
+	}
+
+	h = (struct nlmsghdr *) buf;
+	while (left >= (int) sizeof(*h)) {
+		int len, plen;
+
+		len = h->nlmsg_len;
+		plen = len - sizeof(*h);
+		if (len > left || plen < 0) {
+			printf("Malformed netlink message: "
+			       "len=%d left=%d plen=%d", len, left, plen);
+			break;
+		}
+
+		switch (h->nlmsg_type) {
+		case RTM_NEWLINK:
+			vlan_read_ifnames(h, plen, 0, hapd);
+			break;
+		case RTM_DELLINK:
+			vlan_read_ifnames(h, plen, 1, hapd);
+			break;
+		}
+
+		len = NLMSG_ALIGN(len);
+		left -= len;
+		h = (struct nlmsghdr *) ((char *) h + len);
+	}
+
+	if (left > 0) {
+		printf("%d extra bytes in the end of netlink message",
+		       left);
+	}
+}
+
+
+static struct full_dynamic_vlan *
+full_dynamic_vlan_init(struct hostapd_data *hapd)
+{
+	struct sockaddr_nl local;
+	struct full_dynamic_vlan *priv;
+
+	priv = os_zalloc(sizeof(*priv));
+	if (priv == NULL)
+		return NULL;
+
+	vlan_set_name_type(VLAN_NAME_TYPE_PLUS_VID_NO_PAD);
+
+	priv->s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+	if (priv->s < 0) {
+		perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
+		os_free(priv);
+		return NULL;
+	}
+
+	os_memset(&local, 0, sizeof(local));
+	local.nl_family = AF_NETLINK;
+	local.nl_groups = RTMGRP_LINK;
+	if (bind(priv->s, (struct sockaddr *) &local, sizeof(local)) < 0) {
+		perror("bind(netlink)");
+		close(priv->s);
+		os_free(priv);
+		return NULL;
+	}
+
+	if (eloop_register_read_sock(priv->s, vlan_event_receive, hapd, NULL))
+	{
+		close(priv->s);
+		os_free(priv);
+		return NULL;
+	}
+
+	return priv;
+}
+
+
+static void full_dynamic_vlan_deinit(struct full_dynamic_vlan *priv)
+{
+	if (priv == NULL)
+		return;
+	eloop_unregister_read_sock(priv->s);
+	close(priv->s);
+	os_free(priv);
+}
+#endif /* CONFIG_FULL_DYNAMIC_VLAN */
+
+
+int vlan_setup_encryption_dyn(struct hostapd_data *hapd,
+			      struct hostapd_ssid *mssid, const char *dyn_vlan)
+{
+        int i;
+
+        if (dyn_vlan == NULL)
+		return 0;
+
+	/* Static WEP keys are set here; IEEE 802.1X and WPA uses their own
+	 * functions for setting up dynamic broadcast keys. */
+	for (i = 0; i < 4; i++) {
+		if (mssid->wep.key[i] &&
+		    hostapd_set_encryption(dyn_vlan, hapd, "WEP", NULL,
+					   i, mssid->wep.key[i],
+					   mssid->wep.len[i],
+					   i == mssid->wep.idx)) {
+			printf("VLAN: Could not set WEP encryption for "
+			       "dynamic VLAN.\n");
+			return -1;
+		}
+	}
+
+	return 0;
+}
+
+
+static int vlan_dynamic_add(struct hostapd_data *hapd,
+			    struct hostapd_vlan *vlan)
+{
+	while (vlan) {
+		if (vlan->vlan_id != VLAN_ID_WILDCARD &&
+		    hostapd_if_add(hapd, HOSTAPD_IF_VLAN, vlan->ifname, NULL))
+		{
+			if (errno != EEXIST) {
+				printf("Could not add VLAN iface: %s: %s\n",
+				       vlan->ifname, strerror(errno));
+				return -1;
+			}
+		}
+
+		vlan = vlan->next;
+	}
+
+	return 0;
+}
+
+
+static void vlan_dynamic_remove(struct hostapd_data *hapd,
+				struct hostapd_vlan *vlan)
+{
+	struct hostapd_vlan *next;
+
+	while (vlan) {
+		next = vlan->next;
+
+		if (vlan->vlan_id != VLAN_ID_WILDCARD &&
+		    hostapd_if_remove(hapd, HOSTAPD_IF_VLAN, vlan->ifname,
+				      NULL)) {
+			printf("Could not remove VLAN iface: %s: %s\n",
+			       vlan->ifname, strerror(errno));
+		}
+#ifdef CONFIG_FULL_DYNAMIC_VLAN
+		if (vlan->clean)
+			vlan_dellink(vlan->ifname, hapd);
+#endif /* CONFIG_FULL_DYNAMIC_VLAN */
+
+		vlan = next;
+	}
+}
+
+
+int vlan_init(struct hostapd_data *hapd)
+{
+	if (vlan_dynamic_add(hapd, hapd->conf->vlan))
+		return -1;
+
+#ifdef CONFIG_FULL_DYNAMIC_VLAN
+	hapd->full_dynamic_vlan = full_dynamic_vlan_init(hapd);
+#endif /* CONFIG_FULL_DYNAMIC_VLAN */
+
+        return 0;
+}
+
+
+void vlan_deinit(struct hostapd_data *hapd)
+{
+	vlan_dynamic_remove(hapd, hapd->conf->vlan);
+
+#ifdef CONFIG_FULL_DYNAMIC_VLAN
+	full_dynamic_vlan_deinit(hapd->full_dynamic_vlan);
+#endif /* CONFIG_FULL_DYNAMIC_VLAN */
+}
+
+
+int vlan_reconfig(struct hostapd_data *hapd, struct hostapd_config *oldconf,
+		  struct hostapd_bss_config *oldbss)
+{
+	vlan_dynamic_remove(hapd, oldbss->vlan);
+	if (vlan_dynamic_add(hapd, hapd->conf->vlan))
+		return -1;
+
+	return 0;
+}
+
+
+struct hostapd_vlan * vlan_add_dynamic(struct hostapd_data *hapd,
+				       struct hostapd_vlan *vlan,
+				       int vlan_id)
+{
+	struct hostapd_vlan *n;
+	char *ifname, *pos;
+
+	if (vlan == NULL || vlan_id <= 0 || vlan_id > MAX_VLAN_ID ||
+	    vlan->vlan_id != VLAN_ID_WILDCARD)
+		return NULL;
+
+	ifname = os_strdup(vlan->ifname);
+	if (ifname == NULL)
+		return NULL;
+	pos = os_strchr(ifname, '#');
+	if (pos == NULL) {
+		os_free(ifname);
+		return NULL;
+	}
+	*pos++ = '\0';
+
+	n = os_zalloc(sizeof(*n));
+	if (n == NULL) {
+		os_free(ifname);
+		return NULL;
+	}
+
+	n->vlan_id = vlan_id;
+	n->dynamic_vlan = 1;
+
+	os_snprintf(n->ifname, sizeof(n->ifname), "%s%d%s", ifname, vlan_id,
+		    pos);
+	os_free(ifname);
+
+	if (hostapd_if_add(hapd, HOSTAPD_IF_VLAN, n->ifname, NULL)) {
+		os_free(n);
+		return NULL;
+	}
+
+	n->next = hapd->conf->vlan;
+	hapd->conf->vlan = n;
+
+	return n;
+}
+
+
+int vlan_remove_dynamic(struct hostapd_data *hapd, int vlan_id)
+{
+	struct hostapd_vlan *vlan;
+
+	if (vlan_id <= 0 || vlan_id > MAX_VLAN_ID)
+		return 1;
+
+	vlan = hapd->conf->vlan;
+	while (vlan) {
+		if (vlan->vlan_id == vlan_id && vlan->dynamic_vlan > 0) {
+			vlan->dynamic_vlan--;
+			break;
+		}
+		vlan = vlan->next;
+	}
+
+	if (vlan == NULL)
+		return 1;
+
+	if (vlan->dynamic_vlan == 0)
+		hostapd_if_remove(hapd, HOSTAPD_IF_VLAN, vlan->ifname, NULL);
+
+	return 0;
+}

hostapd/vlan_init.h

@@ -0,0 +1,31 @@
+/*
+ * hostapd / VLAN initialization
+ * Copyright 2003, Instant802 Networks, Inc.
+ * Copyright 2005, Devicescape Software, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef VLAN_INIT_H
+#define VLAN_INIT_H
+
+int vlan_init(struct hostapd_data *hapd);
+void vlan_deinit(struct hostapd_data *hapd);
+int vlan_reconfig(struct hostapd_data *hapd, struct hostapd_config *oldconf,
+		  struct hostapd_bss_config *oldbss);
+struct hostapd_vlan * vlan_add_dynamic(struct hostapd_data *hapd,
+				       struct hostapd_vlan *vlan,
+				       int vlan_id);
+int vlan_remove_dynamic(struct hostapd_data *hapd, int vlan_id);
+int vlan_setup_encryption_dyn(struct hostapd_data *hapd,
+			      struct hostapd_ssid *mssid,
+			      const char *dyn_vlan);
+
+#endif /* VLAN_INIT_H */

hostapd/wired.conf

@@ -0,0 +1,40 @@
+##### hostapd configuration file ##############################################
+# Empty lines and lines starting with # are ignored
+
+# Example configuration file for wired authenticator. See hostapd.conf for
+# more details.
+
+interface=eth0
+driver=wired
+logger_stdout=-1
+logger_stdout_level=1
+debug=2
+dump_file=/tmp/hostapd.dump
+
+ieee8021x=1
+eap_reauth_period=3600
+
+use_pae_group_addr=1
+
+
+##### RADIUS configuration ####################################################
+# for IEEE 802.1X with external Authentication Server, IEEE 802.11
+# authentication with external ACL for MAC addresses, and accounting
+
+# The own IP address of the access point (used as NAS-IP-Address)
+own_ip_addr=127.0.0.1
+
+# Optional NAS-Identifier string for RADIUS messages. When used, this should be
+# a unique to the NAS within the scope of the RADIUS server. For example, a
+# fully qualified domain name can be used here.
+nas_identifier=ap.example.com
+
+# RADIUS authentication server
+auth_server_addr=127.0.0.1
+auth_server_port=1812
+auth_server_shared_secret=radius
+
+# RADIUS accounting server
+acct_server_addr=127.0.0.1
+acct_server_port=1813
+acct_server_shared_secret=radius