Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 18 Oct 2015 21:38:25 +0000 (UTC)
From:      Rui Paulo <rpaulo@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r289549 - in head: contrib/wpa/hostapd contrib/wpa/hs20/client contrib/wpa/patches contrib/wpa/src/ap contrib/wpa/src/common contrib/wpa/src/crypto contrib/wpa/src/drivers contrib/wpa/s...
Message-ID:  <201510182138.t9ILcPrs017288@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: rpaulo
Date: Sun Oct 18 21:38:25 2015
New Revision: 289549
URL: https://svnweb.freebsd.org/changeset/base/289549

Log:
  Update hostapd/wpa_supplicant to version 2.5.
  
  Tested by several people on current@/wireless@.
  
  Relnotes:	yes

Added:
  head/contrib/wpa/patches/openssl-0.9.8zf-tls-extensions.patch
     - copied unchanged from r289285, vendor/wpa/dist/patches/openssl-0.9.8zf-tls-extensions.patch
  head/contrib/wpa/src/crypto/sha384-prf.c
     - copied unchanged from r289285, vendor/wpa/dist/src/crypto/sha384-prf.c
  head/contrib/wpa/src/fst/
     - copied from r289285, vendor/wpa/dist/src/fst/
  head/contrib/wpa/wpa_supplicant/eapol_test.py
     - copied unchanged from r289285, vendor/wpa/dist/wpa_supplicant/eapol_test.py
  head/contrib/wpa/wpa_supplicant/p2p_supplicant_sd.c
     - copied unchanged from r289285, vendor/wpa/dist/wpa_supplicant/p2p_supplicant_sd.c
Deleted:
  head/contrib/wpa/src/crypto/crypto_cryptoapi.c
  head/contrib/wpa/src/crypto/tls_schannel.c
Modified:
  head/contrib/wpa/hostapd/ChangeLog
  head/contrib/wpa/hostapd/config_file.c
  head/contrib/wpa/hostapd/config_file.h
  head/contrib/wpa/hostapd/ctrl_iface.c
  head/contrib/wpa/hostapd/defconfig
  head/contrib/wpa/hostapd/hlr_auc_gw.c
  head/contrib/wpa/hostapd/hlr_auc_gw.milenage_db
  head/contrib/wpa/hostapd/hostapd.conf
  head/contrib/wpa/hostapd/hostapd_cli.c
  head/contrib/wpa/hostapd/main.c
  head/contrib/wpa/hs20/client/Makefile
  head/contrib/wpa/hs20/client/osu_client.c
  head/contrib/wpa/hs20/client/spp_client.c
  head/contrib/wpa/src/ap/accounting.c
  head/contrib/wpa/src/ap/acs.c
  head/contrib/wpa/src/ap/ap_config.c
  head/contrib/wpa/src/ap/ap_config.h
  head/contrib/wpa/src/ap/ap_drv_ops.c
  head/contrib/wpa/src/ap/ap_drv_ops.h
  head/contrib/wpa/src/ap/ap_list.c
  head/contrib/wpa/src/ap/ap_list.h
  head/contrib/wpa/src/ap/authsrv.c
  head/contrib/wpa/src/ap/beacon.c
  head/contrib/wpa/src/ap/beacon.h
  head/contrib/wpa/src/ap/ctrl_iface_ap.c
  head/contrib/wpa/src/ap/dfs.c
  head/contrib/wpa/src/ap/drv_callbacks.c
  head/contrib/wpa/src/ap/eap_user_db.c
  head/contrib/wpa/src/ap/hostapd.c
  head/contrib/wpa/src/ap/hostapd.h
  head/contrib/wpa/src/ap/hw_features.c
  head/contrib/wpa/src/ap/hw_features.h
  head/contrib/wpa/src/ap/ieee802_11.c
  head/contrib/wpa/src/ap/ieee802_11.h
  head/contrib/wpa/src/ap/ieee802_11_auth.c
  head/contrib/wpa/src/ap/ieee802_11_auth.h
  head/contrib/wpa/src/ap/ieee802_11_ht.c
  head/contrib/wpa/src/ap/ieee802_11_vht.c
  head/contrib/wpa/src/ap/ieee802_1x.c
  head/contrib/wpa/src/ap/ieee802_1x.h
  head/contrib/wpa/src/ap/ndisc_snoop.c
  head/contrib/wpa/src/ap/sta_info.c
  head/contrib/wpa/src/ap/sta_info.h
  head/contrib/wpa/src/ap/utils.c
  head/contrib/wpa/src/ap/vlan_init.c
  head/contrib/wpa/src/ap/vlan_init.h
  head/contrib/wpa/src/ap/vlan_util.c
  head/contrib/wpa/src/ap/wmm.c
  head/contrib/wpa/src/ap/wpa_auth.c
  head/contrib/wpa/src/ap/wpa_auth.h
  head/contrib/wpa/src/ap/wpa_auth_ft.c
  head/contrib/wpa/src/ap/wpa_auth_glue.c
  head/contrib/wpa/src/ap/wpa_auth_i.h
  head/contrib/wpa/src/ap/wpa_auth_ie.c
  head/contrib/wpa/src/ap/wps_hostapd.c
  head/contrib/wpa/src/ap/x_snoop.c
  head/contrib/wpa/src/common/common_module_tests.c
  head/contrib/wpa/src/common/defs.h
  head/contrib/wpa/src/common/hw_features_common.c
  head/contrib/wpa/src/common/hw_features_common.h
  head/contrib/wpa/src/common/ieee802_11_common.c
  head/contrib/wpa/src/common/ieee802_11_common.h
  head/contrib/wpa/src/common/ieee802_11_defs.h
  head/contrib/wpa/src/common/privsep_commands.h
  head/contrib/wpa/src/common/qca-vendor.h
  head/contrib/wpa/src/common/sae.c
  head/contrib/wpa/src/common/sae.h
  head/contrib/wpa/src/common/version.h
  head/contrib/wpa/src/common/wpa_common.c
  head/contrib/wpa/src/common/wpa_common.h
  head/contrib/wpa/src/common/wpa_ctrl.c
  head/contrib/wpa/src/common/wpa_ctrl.h
  head/contrib/wpa/src/crypto/crypto.h
  head/contrib/wpa/src/crypto/crypto_module_tests.c
  head/contrib/wpa/src/crypto/crypto_openssl.c
  head/contrib/wpa/src/crypto/dh_groups.c
  head/contrib/wpa/src/crypto/fips_prf_openssl.c
  head/contrib/wpa/src/crypto/ms_funcs.c
  head/contrib/wpa/src/crypto/ms_funcs.h
  head/contrib/wpa/src/crypto/random.c
  head/contrib/wpa/src/crypto/sha1-tlsprf.c
  head/contrib/wpa/src/crypto/sha1-tprf.c
  head/contrib/wpa/src/crypto/sha256-kdf.c
  head/contrib/wpa/src/crypto/sha384.h
  head/contrib/wpa/src/crypto/tls.h
  head/contrib/wpa/src/crypto/tls_gnutls.c
  head/contrib/wpa/src/crypto/tls_internal.c
  head/contrib/wpa/src/crypto/tls_none.c
  head/contrib/wpa/src/crypto/tls_openssl.c
  head/contrib/wpa/src/drivers/driver.h
  head/contrib/wpa/src/drivers/driver_bsd.c
  head/contrib/wpa/src/drivers/driver_ndis.c
  head/contrib/wpa/src/drivers/driver_nl80211.h
  head/contrib/wpa/src/drivers/driver_nl80211_android.c
  head/contrib/wpa/src/drivers/driver_nl80211_capa.c
  head/contrib/wpa/src/drivers/driver_nl80211_event.c
  head/contrib/wpa/src/drivers/driver_nl80211_scan.c
  head/contrib/wpa/src/drivers/driver_privsep.c
  head/contrib/wpa/src/drivers/drivers.c
  head/contrib/wpa/src/eap_common/eap_common.c
  head/contrib/wpa/src/eap_common/eap_fast_common.c
  head/contrib/wpa/src/eap_common/eap_pwd_common.c
  head/contrib/wpa/src/eap_common/eap_pwd_common.h
  head/contrib/wpa/src/eap_common/eap_sake_common.c
  head/contrib/wpa/src/eap_common/ikev2_common.c
  head/contrib/wpa/src/eap_peer/eap.c
  head/contrib/wpa/src/eap_peer/eap.h
  head/contrib/wpa/src/eap_peer/eap_aka.c
  head/contrib/wpa/src/eap_peer/eap_eke.c
  head/contrib/wpa/src/eap_peer/eap_fast.c
  head/contrib/wpa/src/eap_peer/eap_gpsk.c
  head/contrib/wpa/src/eap_peer/eap_i.h
  head/contrib/wpa/src/eap_peer/eap_mschapv2.c
  head/contrib/wpa/src/eap_peer/eap_pax.c
  head/contrib/wpa/src/eap_peer/eap_peap.c
  head/contrib/wpa/src/eap_peer/eap_pwd.c
  head/contrib/wpa/src/eap_peer/eap_sake.c
  head/contrib/wpa/src/eap_peer/eap_sim.c
  head/contrib/wpa/src/eap_peer/eap_tls.c
  head/contrib/wpa/src/eap_peer/eap_tls_common.c
  head/contrib/wpa/src/eap_peer/eap_tls_common.h
  head/contrib/wpa/src/eap_peer/eap_ttls.c
  head/contrib/wpa/src/eap_peer/eap_wsc.c
  head/contrib/wpa/src/eap_server/eap.h
  head/contrib/wpa/src/eap_server/eap_i.h
  head/contrib/wpa/src/eap_server/eap_server.c
  head/contrib/wpa/src/eap_server/eap_server_eke.c
  head/contrib/wpa/src/eap_server/eap_server_fast.c
  head/contrib/wpa/src/eap_server/eap_server_mschapv2.c
  head/contrib/wpa/src/eap_server/eap_server_peap.c
  head/contrib/wpa/src/eap_server/eap_server_pwd.c
  head/contrib/wpa/src/eap_server/eap_server_tls.c
  head/contrib/wpa/src/eap_server/eap_server_tls_common.c
  head/contrib/wpa/src/eap_server/eap_server_ttls.c
  head/contrib/wpa/src/eap_server/eap_tls_common.h
  head/contrib/wpa/src/eapol_auth/eapol_auth_sm.c
  head/contrib/wpa/src/eapol_auth/eapol_auth_sm.h
  head/contrib/wpa/src/eapol_supp/eapol_supp_sm.c
  head/contrib/wpa/src/p2p/p2p.c
  head/contrib/wpa/src/p2p/p2p.h
  head/contrib/wpa/src/p2p/p2p_build.c
  head/contrib/wpa/src/p2p/p2p_dev_disc.c
  head/contrib/wpa/src/p2p/p2p_go_neg.c
  head/contrib/wpa/src/p2p/p2p_group.c
  head/contrib/wpa/src/p2p/p2p_i.h
  head/contrib/wpa/src/p2p/p2p_invitation.c
  head/contrib/wpa/src/p2p/p2p_parse.c
  head/contrib/wpa/src/p2p/p2p_pd.c
  head/contrib/wpa/src/p2p/p2p_utils.c
  head/contrib/wpa/src/radius/radius.c
  head/contrib/wpa/src/radius/radius_das.c
  head/contrib/wpa/src/radius/radius_server.c
  head/contrib/wpa/src/radius/radius_server.h
  head/contrib/wpa/src/rsn_supp/tdls.c
  head/contrib/wpa/src/rsn_supp/wpa.c
  head/contrib/wpa/src/rsn_supp/wpa_ft.c
  head/contrib/wpa/src/rsn_supp/wpa_ie.c
  head/contrib/wpa/src/rsn_supp/wpa_ie.h
  head/contrib/wpa/src/tls/libtommath.c
  head/contrib/wpa/src/tls/tlsv1_client.c
  head/contrib/wpa/src/tls/tlsv1_client.h
  head/contrib/wpa/src/tls/tlsv1_server.c
  head/contrib/wpa/src/tls/tlsv1_server.h
  head/contrib/wpa/src/tls/x509v3.c
  head/contrib/wpa/src/utils/browser-wpadebug.c
  head/contrib/wpa/src/utils/common.c
  head/contrib/wpa/src/utils/common.h
  head/contrib/wpa/src/utils/eloop.c
  head/contrib/wpa/src/utils/http_curl.c
  head/contrib/wpa/src/utils/includes.h
  head/contrib/wpa/src/utils/os.h
  head/contrib/wpa/src/utils/os_internal.c
  head/contrib/wpa/src/utils/os_none.c
  head/contrib/wpa/src/utils/os_unix.c
  head/contrib/wpa/src/utils/os_win32.c
  head/contrib/wpa/src/utils/radiotap.c
  head/contrib/wpa/src/utils/utils_module_tests.c
  head/contrib/wpa/src/utils/wpa_debug.c
  head/contrib/wpa/src/utils/wpa_debug.h
  head/contrib/wpa/src/utils/wpabuf.c
  head/contrib/wpa/src/wps/http_client.c
  head/contrib/wpa/src/wps/http_server.c
  head/contrib/wpa/src/wps/httpread.c
  head/contrib/wpa/src/wps/ndef.c
  head/contrib/wpa/src/wps/wps.c
  head/contrib/wpa/src/wps/wps.h
  head/contrib/wpa/src/wps/wps_attr_parse.c
  head/contrib/wpa/src/wps/wps_attr_parse.h
  head/contrib/wpa/src/wps/wps_common.c
  head/contrib/wpa/src/wps/wps_defs.h
  head/contrib/wpa/src/wps/wps_enrollee.c
  head/contrib/wpa/src/wps/wps_er.c
  head/contrib/wpa/src/wps/wps_er_ssdp.c
  head/contrib/wpa/src/wps/wps_module_tests.c
  head/contrib/wpa/src/wps/wps_registrar.c
  head/contrib/wpa/src/wps/wps_upnp.c
  head/contrib/wpa/src/wps/wps_upnp_ap.c
  head/contrib/wpa/src/wps/wps_upnp_event.c
  head/contrib/wpa/src/wps/wps_upnp_ssdp.c
  head/contrib/wpa/src/wps/wps_upnp_web.c
  head/contrib/wpa/src/wps/wps_validate.c
  head/contrib/wpa/wpa_supplicant/ChangeLog
  head/contrib/wpa/wpa_supplicant/ap.c
  head/contrib/wpa/wpa_supplicant/ap.h
  head/contrib/wpa/wpa_supplicant/bss.c
  head/contrib/wpa/wpa_supplicant/bss.h
  head/contrib/wpa/wpa_supplicant/config.c
  head/contrib/wpa/wpa_supplicant/config.h
  head/contrib/wpa/wpa_supplicant/config_file.c
  head/contrib/wpa/wpa_supplicant/config_ssid.h
  head/contrib/wpa/wpa_supplicant/ctrl_iface.c
  head/contrib/wpa/wpa_supplicant/ctrl_iface_named_pipe.c
  head/contrib/wpa/wpa_supplicant/ctrl_iface_udp.c
  head/contrib/wpa/wpa_supplicant/ctrl_iface_unix.c
  head/contrib/wpa/wpa_supplicant/dbus/dbus_new.c
  head/contrib/wpa/wpa_supplicant/dbus/dbus_new.h
  head/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers.c
  head/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers.h
  head/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
  head/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers_p2p.h
  head/contrib/wpa/wpa_supplicant/dbus/dbus_new_handlers_wps.c
  head/contrib/wpa/wpa_supplicant/dbus/dbus_new_helpers.c
  head/contrib/wpa/wpa_supplicant/dbus/dbus_new_introspect.c
  head/contrib/wpa/wpa_supplicant/dbus/dbus_old.c
  head/contrib/wpa/wpa_supplicant/dbus/dbus_old_handlers.c
  head/contrib/wpa/wpa_supplicant/defconfig
  head/contrib/wpa/wpa_supplicant/driver_i.h
  head/contrib/wpa/wpa_supplicant/eapol_test.c
  head/contrib/wpa/wpa_supplicant/events.c
  head/contrib/wpa/wpa_supplicant/hs20_supplicant.c
  head/contrib/wpa/wpa_supplicant/ibss_rsn.c
  head/contrib/wpa/wpa_supplicant/interworking.c
  head/contrib/wpa/wpa_supplicant/main.c
  head/contrib/wpa/wpa_supplicant/mesh.c
  head/contrib/wpa/wpa_supplicant/mesh_mpm.c
  head/contrib/wpa/wpa_supplicant/mesh_rsn.c
  head/contrib/wpa/wpa_supplicant/notify.c
  head/contrib/wpa/wpa_supplicant/notify.h
  head/contrib/wpa/wpa_supplicant/p2p_supplicant.c
  head/contrib/wpa/wpa_supplicant/p2p_supplicant.h
  head/contrib/wpa/wpa_supplicant/preauth_test.c
  head/contrib/wpa/wpa_supplicant/scan.c
  head/contrib/wpa/wpa_supplicant/sme.c
  head/contrib/wpa/wpa_supplicant/wpa_cli.c
  head/contrib/wpa/wpa_supplicant/wpa_priv.c
  head/contrib/wpa/wpa_supplicant/wpa_supplicant.c
  head/contrib/wpa/wpa_supplicant/wpa_supplicant.conf
  head/contrib/wpa/wpa_supplicant/wpa_supplicant_i.h
  head/contrib/wpa/wpa_supplicant/wpas_glue.c
  head/contrib/wpa/wpa_supplicant/wpas_glue.h
  head/contrib/wpa/wpa_supplicant/wps_supplicant.c
  head/contrib/wpa/wpa_supplicant/wps_supplicant.h
  head/usr.sbin/wpa/Makefile.crypto
  head/usr.sbin/wpa/hostapd/Makefile
  head/usr.sbin/wpa/wpa_supplicant/Makefile
Directory Properties:
  head/contrib/wpa/   (props changed)

Modified: head/contrib/wpa/hostapd/ChangeLog
==============================================================================
--- head/contrib/wpa/hostapd/ChangeLog	Sun Oct 18 20:37:10 2015	(r289548)
+++ head/contrib/wpa/hostapd/ChangeLog	Sun Oct 18 21:38:25 2015	(r289549)
@@ -1,5 +1,41 @@
 ChangeLog for hostapd
 
+2015-09-27 - v2.5
+	* fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
+	  [http://w1.fi/security/2015-2/] (CVE-2015-4141)
+	* fixed WMM Action frame parser
+	  [http://w1.fi/security/2015-3/] (CVE-2015-4142)
+	* fixed EAP-pwd server missing payload length validation
+	  [http://w1.fi/security/2015-4/]
+	  (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145)
+	* fixed validation of WPS and P2P NFC NDEF record payload length
+	  [http://w1.fi/security/2015-5/]
+	* nl80211:
+	  - fixed vendor command handling to check OUI properly
+	* fixed hlr_auc_gw build with OpenSSL
+	* hlr_auc_gw: allow Milenage RES length to be reduced
+	* disable HT for a station that does not support WMM/QoS
+	* added support for hashed password (NtHash) in EAP-pwd server
+	* fixed and extended dynamic VLAN cases
+	* added EAP-EKE server support for deriving Session-Id
+	* set Acct-Session-Id to a random value to make it more likely to be
+	  unique even if the device does not have a proper clock
+	* added more 2.4 GHz channels for 20/40 MHz HT co-ex scan
+	* modified SAE routines to be more robust and PWE generation to be
+	  stronger against timing attacks
+	* added support for Brainpool Elliptic Curves with SAE
+	* increases maximum value accepted for cwmin/cwmax
+	* added support for CCMP-256 and GCMP-256 as group ciphers with FT
+	* added Fast Session Transfer (FST) module
+	* removed optional fields from RSNE when using FT with PMF
+	  (workaround for interoperability issues with iOS 8.4)
+	* added EAP server support for TLS session resumption
+	* fixed key derivation for Suite B 192-bit AKM (this breaks
+	  compatibility with the earlier version)
+	* added mechanism to track unconnected stations and do minimal band
+	  steering
+	* number of small fixes
+
 2015-03-15 - v2.4
 	* allow OpenSSL cipher configuration to be set for internal EAP server
 	  (openssl_ciphers parameter)

Modified: head/contrib/wpa/hostapd/config_file.c
==============================================================================
--- head/contrib/wpa/hostapd/config_file.c	Sun Oct 18 20:37:10 2015	(r289548)
+++ head/contrib/wpa/hostapd/config_file.c	Sun Oct 18 21:38:25 2015	(r289549)
@@ -222,9 +222,15 @@ static int hostapd_config_read_eap_user(
 		return 0;
 
 	if (os_strncmp(fname, "sqlite:", 7) == 0) {
+#ifdef CONFIG_SQLITE
 		os_free(conf->eap_user_sqlite);
 		conf->eap_user_sqlite = os_strdup(fname + 7);
 		return 0;
+#else /* CONFIG_SQLITE */
+		wpa_printf(MSG_ERROR,
+			   "EAP user file in SQLite DB, but CONFIG_SQLITE was not enabled in the build.");
+		return -1;
+#endif /* CONFIG_SQLITE */
 	}
 
 	f = fopen(fname, "r");
@@ -775,6 +781,24 @@ static int hostapd_config_read_wep(struc
 }
 
 
+static int hostapd_parse_chanlist(struct hostapd_config *conf, char *val)
+{
+	char *pos;
+
+	/* for backwards compatibility, translate ' ' in conf str to ',' */
+	pos = val;
+	while (pos) {
+		pos = os_strchr(pos, ' ');
+		if (pos)
+			*pos++ = ',';
+	}
+	if (freq_range_list_parse(&conf->acs_ch_list, val))
+		return -1;
+
+	return 0;
+}
+
+
 static int hostapd_parse_intlist(int **int_list, char *val)
 {
 	int *list;
@@ -875,7 +899,9 @@ static int hostapd_config_read_int10(con
 static int valid_cw(int cw)
 {
 	return (cw == 1 || cw == 3 || cw == 7 || cw == 15 || cw == 31 ||
-		cw == 63 || cw == 127 || cw == 255 || cw == 511 || cw == 1023);
+		cw == 63 || cw == 127 || cw == 255 || cw == 511 || cw == 1023 ||
+		cw == 2047 || cw == 4095 || cw == 8191 || cw == 16383 ||
+		cw == 32767);
 }
 
 
@@ -886,11 +912,11 @@ enum {
 	IEEE80211_TX_QUEUE_DATA3 = 3 /* used for EDCA AC_BK data */
 };
 
-static int hostapd_config_tx_queue(struct hostapd_config *conf, char *name,
-				   char *val)
+static int hostapd_config_tx_queue(struct hostapd_config *conf,
+				   const char *name, const char *val)
 {
 	int num;
-	char *pos;
+	const char *pos;
 	struct hostapd_tx_queue_params *queue;
 
 	/* skip 'tx_queue_' prefix */
@@ -1134,13 +1160,23 @@ static int hostapd_config_vht_capab(stru
 	if (os_strstr(capab, "[BF-ANTENNA-2]") &&
 	    (conf->vht_capab & VHT_CAP_SU_BEAMFORMEE_CAPABLE))
 		conf->vht_capab |= (1 << VHT_CAP_BEAMFORMEE_STS_OFFSET);
+	if (os_strstr(capab, "[BF-ANTENNA-3]") &&
+	    (conf->vht_capab & VHT_CAP_SU_BEAMFORMEE_CAPABLE))
+		conf->vht_capab |= (2 << VHT_CAP_BEAMFORMEE_STS_OFFSET);
+	if (os_strstr(capab, "[BF-ANTENNA-4]") &&
+	    (conf->vht_capab & VHT_CAP_SU_BEAMFORMEE_CAPABLE))
+		conf->vht_capab |= (3 << VHT_CAP_BEAMFORMEE_STS_OFFSET);
 	if (os_strstr(capab, "[SOUNDING-DIMENSION-2]") &&
 	    (conf->vht_capab & VHT_CAP_SU_BEAMFORMER_CAPABLE))
 		conf->vht_capab |= (1 << VHT_CAP_SOUNDING_DIMENSION_OFFSET);
+	if (os_strstr(capab, "[SOUNDING-DIMENSION-3]") &&
+	    (conf->vht_capab & VHT_CAP_SU_BEAMFORMER_CAPABLE))
+		conf->vht_capab |= (2 << VHT_CAP_SOUNDING_DIMENSION_OFFSET);
+	if (os_strstr(capab, "[SOUNDING-DIMENSION-4]") &&
+	    (conf->vht_capab & VHT_CAP_SU_BEAMFORMER_CAPABLE))
+		conf->vht_capab |= (3 << VHT_CAP_SOUNDING_DIMENSION_OFFSET);
 	if (os_strstr(capab, "[MU-BEAMFORMER]"))
 		conf->vht_capab |= VHT_CAP_MU_BEAMFORMER_CAPABLE;
-	if (os_strstr(capab, "[MU-BEAMFORMEE]"))
-		conf->vht_capab |= VHT_CAP_MU_BEAMFORMEE_CAPABLE;
 	if (os_strstr(capab, "[VHT-TXOP-PS]"))
 		conf->vht_capab |= VHT_CAP_VHT_TXOP_PS;
 	if (os_strstr(capab, "[HTC-VHT]"))
@@ -1699,7 +1735,7 @@ static int hs20_parse_osu_ssid(struct ho
 	char *str;
 
 	str = wpa_config_parse_string(pos, &slen);
-	if (str == NULL || slen < 1 || slen > HOSTAPD_MAX_SSID_LEN) {
+	if (str == NULL || slen < 1 || slen > SSID_MAX_LEN) {
 		wpa_printf(MSG_ERROR, "Line %d: Invalid SSID '%s'", line, pos);
 		os_free(str);
 		return -1;
@@ -1900,7 +1936,7 @@ fail:
 
 static int hostapd_config_fill(struct hostapd_config *conf,
 			       struct hostapd_bss_config *bss,
-			       char *buf, char *pos, int line)
+			       const char *buf, char *pos, int line)
 {
 	if (os_strcmp(buf, "interface") == 0) {
 		os_strlcpy(conf->bss[0]->iface, pos,
@@ -1946,7 +1982,7 @@ static int hostapd_config_fill(struct ho
 			   line);
 	} else if (os_strcmp(buf, "ssid") == 0) {
 		bss->ssid.ssid_len = os_strlen(pos);
-		if (bss->ssid.ssid_len > HOSTAPD_MAX_SSID_LEN ||
+		if (bss->ssid.ssid_len > SSID_MAX_LEN ||
 		    bss->ssid.ssid_len < 1) {
 			wpa_printf(MSG_ERROR, "Line %d: invalid SSID '%s'",
 				   line, pos);
@@ -1957,7 +1993,7 @@ static int hostapd_config_fill(struct ho
 	} else if (os_strcmp(buf, "ssid2") == 0) {
 		size_t slen;
 		char *str = wpa_config_parse_string(pos, &slen);
-		if (str == NULL || slen < 1 || slen > HOSTAPD_MAX_SSID_LEN) {
+		if (str == NULL || slen < 1 || slen > SSID_MAX_LEN) {
 			wpa_printf(MSG_ERROR, "Line %d: invalid SSID '%s'",
 				   line, pos);
 			os_free(str);
@@ -2043,6 +2079,8 @@ static int hostapd_config_fill(struct ho
 		bss->private_key_passwd = os_strdup(pos);
 	} else if (os_strcmp(buf, "check_crl") == 0) {
 		bss->check_crl = atoi(pos);
+	} else if (os_strcmp(buf, "tls_session_lifetime") == 0) {
+		bss->tls_session_lifetime = atoi(pos);
 	} else if (os_strcmp(buf, "ocsp_stapling_response") == 0) {
 		os_free(bss->ocsp_stapling_response);
 		bss->ocsp_stapling_response = os_strdup(pos);
@@ -2515,13 +2553,17 @@ static int hostapd_config_fill(struct ho
 			conf->hw_mode = HOSTAPD_MODE_IEEE80211G;
 		else if (os_strcmp(pos, "ad") == 0)
 			conf->hw_mode = HOSTAPD_MODE_IEEE80211AD;
+		else if (os_strcmp(pos, "any") == 0)
+			conf->hw_mode = HOSTAPD_MODE_IEEE80211ANY;
 		else {
 			wpa_printf(MSG_ERROR, "Line %d: unknown hw_mode '%s'",
 				   line, pos);
 			return 1;
 		}
 	} else if (os_strcmp(buf, "wps_rf_bands") == 0) {
-		if (os_strcmp(pos, "a") == 0)
+		if (os_strcmp(pos, "ad") == 0)
+			bss->wps_rf_bands = WPS_RF_60GHZ;
+		else if (os_strcmp(pos, "a") == 0)
 			bss->wps_rf_bands = WPS_RF_50GHZ;
 		else if (os_strcmp(pos, "g") == 0 ||
 			 os_strcmp(pos, "b") == 0)
@@ -2542,12 +2584,15 @@ static int hostapd_config_fill(struct ho
 				   line);
 			return 1;
 #else /* CONFIG_ACS */
+			conf->acs = 1;
 			conf->channel = 0;
 #endif /* CONFIG_ACS */
-		} else
+		} else {
 			conf->channel = atoi(pos);
+			conf->acs = conf->channel == 0;
+		}
 	} else if (os_strcmp(buf, "chanlist") == 0) {
-		if (hostapd_parse_intlist(&conf->chanlist, pos)) {
+		if (hostapd_parse_chanlist(conf, pos)) {
 			wpa_printf(MSG_ERROR, "Line %d: invalid channel list",
 				   line);
 			return 1;
@@ -2810,7 +2855,7 @@ static int hostapd_config_fill(struct ho
 		os_free(bss->wps_pin_requests);
 		bss->wps_pin_requests = os_strdup(pos);
 	} else if (os_strcmp(buf, "device_name") == 0) {
-		if (os_strlen(pos) > 32) {
+		if (os_strlen(pos) > WPS_DEV_NAME_MAX_LEN) {
 			wpa_printf(MSG_ERROR, "Line %d: Too long "
 				   "device_name", line);
 			return 1;
@@ -3111,6 +3156,8 @@ static int hostapd_config_fill(struct ho
 		bss->disable_dgaf = atoi(pos);
 	} else if (os_strcmp(buf, "proxy_arp") == 0) {
 		bss->proxy_arp = atoi(pos);
+	} else if (os_strcmp(buf, "na_mcast_to_ucast") == 0) {
+		bss->na_mcast_to_ucast = atoi(pos);
 	} else if (os_strcmp(buf, "osen") == 0) {
 		bss->osen = atoi(pos);
 	} else if (os_strcmp(buf, "anqp_domain_id") == 0) {
@@ -3223,6 +3270,24 @@ static int hostapd_config_fill(struct ho
 		bss->bss_load_test_set = 1;
 	} else if (os_strcmp(buf, "radio_measurements") == 0) {
 		bss->radio_measurements = atoi(pos);
+	} else if (os_strcmp(buf, "own_ie_override") == 0) {
+		struct wpabuf *tmp;
+		size_t len = os_strlen(pos) / 2;
+
+		tmp = wpabuf_alloc(len);
+		if (!tmp)
+			return 1;
+
+		if (hexstr2bin(pos, wpabuf_put(tmp, len), len)) {
+			wpabuf_free(tmp);
+			wpa_printf(MSG_ERROR,
+				   "Line %d: Invalid own_ie_override '%s'",
+				   line, pos);
+			return 1;
+		}
+
+		wpabuf_free(bss->own_ie_override);
+		bss->own_ie_override = tmp;
 #endif /* CONFIG_TESTING_OPTIONS */
 	} else if (os_strcmp(buf, "vendor_elements") == 0) {
 		struct wpabuf *elems;
@@ -3276,6 +3341,74 @@ static int hostapd_config_fill(struct ho
 	} else if (os_strcmp(buf, "wowlan_triggers") == 0) {
 		os_free(bss->wowlan_triggers);
 		bss->wowlan_triggers = os_strdup(pos);
+#ifdef CONFIG_FST
+	} else if (os_strcmp(buf, "fst_group_id") == 0) {
+		size_t len = os_strlen(pos);
+
+		if (!len || len >= sizeof(conf->fst_cfg.group_id)) {
+			wpa_printf(MSG_ERROR,
+				   "Line %d: Invalid fst_group_id value '%s'",
+				   line, pos);
+			return 1;
+		}
+
+		if (conf->fst_cfg.group_id[0]) {
+			wpa_printf(MSG_ERROR,
+				   "Line %d: Duplicate fst_group value '%s'",
+				   line, pos);
+			return 1;
+		}
+
+		os_strlcpy(conf->fst_cfg.group_id, pos,
+			   sizeof(conf->fst_cfg.group_id));
+	} else if (os_strcmp(buf, "fst_priority") == 0) {
+		char *endp;
+		long int val;
+
+		if (!*pos) {
+			wpa_printf(MSG_ERROR,
+				   "Line %d: fst_priority value not supplied (expected 1..%u)",
+				   line, FST_MAX_PRIO_VALUE);
+			return -1;
+		}
+
+		val = strtol(pos, &endp, 0);
+		if (*endp || val < 1 || val > FST_MAX_PRIO_VALUE) {
+			wpa_printf(MSG_ERROR,
+				   "Line %d: Invalid fst_priority %ld (%s) (expected 1..%u)",
+				   line, val, pos, FST_MAX_PRIO_VALUE);
+			return 1;
+		}
+		conf->fst_cfg.priority = (u8) val;
+	} else if (os_strcmp(buf, "fst_llt") == 0) {
+		char *endp;
+		long int val;
+
+		if (!*pos) {
+			wpa_printf(MSG_ERROR,
+				   "Line %d: fst_llt value not supplied (expected 1..%u)",
+				   line, FST_MAX_LLT_MS);
+			return -1;
+		}
+		val = strtol(pos, &endp, 0);
+		if (*endp || val < 1 || val > FST_MAX_LLT_MS) {
+			wpa_printf(MSG_ERROR,
+				   "Line %d: Invalid fst_llt %ld (%s) (expected 1..%u)",
+				   line, val, pos, FST_MAX_LLT_MS);
+			return 1;
+		}
+		conf->fst_cfg.llt = (u32) val;
+#endif /* CONFIG_FST */
+	} else if (os_strcmp(buf, "track_sta_max_num") == 0) {
+		conf->track_sta_max_num = atoi(pos);
+	} else if (os_strcmp(buf, "track_sta_max_age") == 0) {
+		conf->track_sta_max_age = atoi(pos);
+	} else if (os_strcmp(buf, "no_probe_resp_if_seen_on") == 0) {
+		os_free(bss->no_probe_resp_if_seen_on);
+		bss->no_probe_resp_if_seen_on = os_strdup(pos);
+	} else if (os_strcmp(buf, "no_auth_if_seen_on") == 0) {
+		os_free(bss->no_auth_if_seen_on);
+		bss->no_auth_if_seen_on = os_strdup(pos);
 	} else {
 		wpa_printf(MSG_ERROR,
 			   "Line %d: unknown configuration item '%s'",
@@ -3378,7 +3511,8 @@ struct hostapd_config * hostapd_config_r
 
 
 int hostapd_set_iface(struct hostapd_config *conf,
-		      struct hostapd_bss_config *bss, char *field, char *value)
+		      struct hostapd_bss_config *bss, const char *field,
+		      char *value)
 {
 	int errors;
 	size_t i;

Modified: head/contrib/wpa/hostapd/config_file.h
==============================================================================
--- head/contrib/wpa/hostapd/config_file.h	Sun Oct 18 20:37:10 2015	(r289548)
+++ head/contrib/wpa/hostapd/config_file.h	Sun Oct 18 21:38:25 2015	(r289549)
@@ -11,7 +11,7 @@
 
 struct hostapd_config * hostapd_config_read(const char *fname);
 int hostapd_set_iface(struct hostapd_config *conf,
-		      struct hostapd_bss_config *bss, char *field,
+		      struct hostapd_bss_config *bss, const char *field,
 		      char *value);
 
 #endif /* CONFIG_FILE_H */

Modified: head/contrib/wpa/hostapd/ctrl_iface.c
==============================================================================
--- head/contrib/wpa/hostapd/ctrl_iface.c	Sun Oct 18 20:37:10 2015	(r289548)
+++ head/contrib/wpa/hostapd/ctrl_iface.c	Sun Oct 18 21:38:25 2015	(r289549)
@@ -25,6 +25,7 @@
 #include "common/ieee802_11_defs.h"
 #include "crypto/tls.h"
 #include "drivers/driver.h"
+#include "eapol_auth/eapol_auth_sm.h"
 #include "radius/radius_client.h"
 #include "radius/radius_server.h"
 #include "l2_packet/l2_packet.h"
@@ -43,10 +44,13 @@
 #include "ap/beacon.h"
 #include "wps/wps_defs.h"
 #include "wps/wps.h"
+#include "fst/fst_ctrl_iface.h"
 #include "config_file.h"
 #include "ctrl_iface.h"
 
 
+#define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256
+
 struct wpa_ctrl_dst {
 	struct wpa_ctrl_dst *next;
 	struct sockaddr_un addr;
@@ -57,6 +61,7 @@ struct wpa_ctrl_dst {
 
 
 static void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level,
+				    enum wpa_msg_type type,
 				    const char *buf, size_t len);
 
 
@@ -1055,6 +1060,97 @@ static int hostapd_ctrl_iface_bss_tm_req
 #endif /* CONFIG_WNM */
 
 
+static int hostapd_ctrl_iface_get_key_mgmt(struct hostapd_data *hapd,
+					   char *buf, size_t buflen)
+{
+	int ret = 0;
+	char *pos, *end;
+
+	pos = buf;
+	end = buf + buflen;
+
+	WPA_ASSERT(hapd->conf->wpa_key_mgmt);
+
+	if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
+		ret = os_snprintf(pos, end - pos, "WPA-PSK ");
+		if (os_snprintf_error(end - pos, ret))
+			return pos - buf;
+		pos += ret;
+	}
+	if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
+		ret = os_snprintf(pos, end - pos, "WPA-EAP ");
+		if (os_snprintf_error(end - pos, ret))
+			return pos - buf;
+		pos += ret;
+	}
+#ifdef CONFIG_IEEE80211R
+	if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
+		ret = os_snprintf(pos, end - pos, "FT-PSK ");
+		if (os_snprintf_error(end - pos, ret))
+			return pos - buf;
+		pos += ret;
+	}
+	if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
+		ret = os_snprintf(pos, end - pos, "FT-EAP ");
+		if (os_snprintf_error(end - pos, ret))
+			return pos - buf;
+		pos += ret;
+	}
+#ifdef CONFIG_SAE
+	if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) {
+		ret = os_snprintf(pos, end - pos, "FT-SAE ");
+		if (os_snprintf_error(end - pos, ret))
+			return pos - buf;
+		pos += ret;
+	}
+#endif /* CONFIG_SAE */
+#endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_IEEE80211W
+	if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
+		ret = os_snprintf(pos, end - pos, "WPA-PSK-SHA256 ");
+		if (os_snprintf_error(end - pos, ret))
+			return pos - buf;
+		pos += ret;
+	}
+	if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
+		ret = os_snprintf(pos, end - pos, "WPA-EAP-SHA256 ");
+		if (os_snprintf_error(end - pos, ret))
+			return pos - buf;
+		pos += ret;
+	}
+#endif /* CONFIG_IEEE80211W */
+#ifdef CONFIG_SAE
+	if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) {
+		ret = os_snprintf(pos, end - pos, "SAE ");
+		if (os_snprintf_error(end - pos, ret))
+			return pos - buf;
+		pos += ret;
+	}
+#endif /* CONFIG_SAE */
+	if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
+		ret = os_snprintf(pos, end - pos, "WPA-EAP-SUITE-B ");
+		if (os_snprintf_error(end - pos, ret))
+			return pos - buf;
+		pos += ret;
+	}
+	if (hapd->conf->wpa_key_mgmt &
+	    WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
+		ret = os_snprintf(pos, end - pos,
+				  "WPA-EAP-SUITE-B-192 ");
+		if (os_snprintf_error(end - pos, ret))
+			return pos - buf;
+		pos += ret;
+	}
+
+	if (pos > buf && *(pos - 1) == ' ') {
+		*(pos - 1) = '\0';
+		pos--;
+	}
+
+	return pos - buf;
+}
+
+
 static int hostapd_ctrl_iface_get_config(struct hostapd_data *hapd,
 					 char *buf, size_t buflen)
 {
@@ -1104,82 +1200,20 @@ static int hostapd_ctrl_iface_get_config
 	}
 #endif /* CONFIG_WPS */
 
+	if (hapd->conf->wpa) {
+		ret = os_snprintf(pos, end - pos, "wpa=%d\n", hapd->conf->wpa);
+		if (os_snprintf_error(end - pos, ret))
+			return pos - buf;
+		pos += ret;
+	}
+
 	if (hapd->conf->wpa && hapd->conf->wpa_key_mgmt) {
 		ret = os_snprintf(pos, end - pos, "key_mgmt=");
 		if (os_snprintf_error(end - pos, ret))
 			return pos - buf;
 		pos += ret;
 
-		if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
-			ret = os_snprintf(pos, end - pos, "WPA-PSK ");
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-		}
-		if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
-			ret = os_snprintf(pos, end - pos, "WPA-EAP ");
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-		}
-#ifdef CONFIG_IEEE80211R
-		if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
-			ret = os_snprintf(pos, end - pos, "FT-PSK ");
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-		}
-		if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
-			ret = os_snprintf(pos, end - pos, "FT-EAP ");
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-		}
-#ifdef CONFIG_SAE
-		if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) {
-			ret = os_snprintf(pos, end - pos, "FT-SAE ");
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-		}
-#endif /* CONFIG_SAE */
-#endif /* CONFIG_IEEE80211R */
-#ifdef CONFIG_IEEE80211W
-		if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
-			ret = os_snprintf(pos, end - pos, "WPA-PSK-SHA256 ");
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-		}
-		if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
-			ret = os_snprintf(pos, end - pos, "WPA-EAP-SHA256 ");
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-		}
-#endif /* CONFIG_IEEE80211W */
-#ifdef CONFIG_SAE
-		if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) {
-			ret = os_snprintf(pos, end - pos, "SAE ");
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-		}
-#endif /* CONFIG_SAE */
-		if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
-			ret = os_snprintf(pos, end - pos, "WPA-EAP-SUITE-B ");
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-		}
-		if (hapd->conf->wpa_key_mgmt &
-		    WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
-			ret = os_snprintf(pos, end - pos,
-					  "WPA-EAP-SUITE-B-192 ");
-			if (os_snprintf_error(end - pos, ret))
-				return pos - buf;
-			pos += ret;
-		}
+		pos += hostapd_ctrl_iface_get_key_mgmt(hapd, pos, end - pos);
 
 		ret = os_snprintf(pos, end - pos, "\n");
 		if (os_snprintf_error(end - pos, ret))
@@ -1528,7 +1562,7 @@ void hostapd_data_test_rx(void *ctx, con
 {
 	struct hostapd_data *hapd = ctx;
 	const struct ether_header *eth;
-	const struct iphdr *ip;
+	struct iphdr ip;
 	const u8 *pos;
 	unsigned int i;
 
@@ -1536,14 +1570,14 @@ void hostapd_data_test_rx(void *ctx, con
 		return;
 
 	eth = (const struct ether_header *) buf;
-	ip = (const struct iphdr *) (eth + 1);
-	pos = (const u8 *) (ip + 1);
+	os_memcpy(&ip, eth + 1, sizeof(ip));
+	pos = &buf[sizeof(*eth) + sizeof(ip)];
 
-	if (ip->ihl != 5 || ip->version != 4 ||
-	    ntohs(ip->tot_len) != HWSIM_IP_LEN)
+	if (ip.ihl != 5 || ip.version != 4 ||
+	    ntohs(ip.tot_len) != HWSIM_IP_LEN)
 		return;
 
-	for (i = 0; i < HWSIM_IP_LEN - sizeof(*ip); i++) {
+	for (i = 0; i < HWSIM_IP_LEN - sizeof(ip); i++) {
 		if (*pos != (u8) i)
 			return;
 		pos++;
@@ -1599,7 +1633,7 @@ static int hostapd_ctrl_iface_data_test_
 	int used;
 	long int val;
 	u8 tos;
-	u8 buf[HWSIM_PACKETLEN];
+	u8 buf[2 + HWSIM_PACKETLEN];
 	struct ether_header *eth;
 	struct iphdr *ip;
 	u8 *dpos;
@@ -1627,7 +1661,7 @@ static int hostapd_ctrl_iface_data_test_
 		return -1;
 	tos = val;
 
-	eth = (struct ether_header *) buf;
+	eth = (struct ether_header *) &buf[2];
 	os_memcpy(eth->ether_dhost, dst, ETH_ALEN);
 	os_memcpy(eth->ether_shost, src, ETH_ALEN);
 	eth->ether_type = htons(ETHERTYPE_IP);
@@ -1639,14 +1673,14 @@ static int hostapd_ctrl_iface_data_test_
 	ip->tos = tos;
 	ip->tot_len = htons(HWSIM_IP_LEN);
 	ip->protocol = 1;
-	ip->saddr = htonl(192 << 24 | 168 << 16 | 1 << 8 | 1);
-	ip->daddr = htonl(192 << 24 | 168 << 16 | 1 << 8 | 2);
+	ip->saddr = htonl(192U << 24 | 168 << 16 | 1 << 8 | 1);
+	ip->daddr = htonl(192U << 24 | 168 << 16 | 1 << 8 | 2);
 	ip->check = ipv4_hdr_checksum(ip, sizeof(*ip));
 	dpos = (u8 *) (ip + 1);
 	for (i = 0; i < HWSIM_IP_LEN - sizeof(*ip); i++)
 		*dpos++ = i;
 
-	if (l2_packet_send(hapd->l2_test, dst, ETHERTYPE_IP, buf,
+	if (l2_packet_send(hapd->l2_test, dst, ETHERTYPE_IP, &buf[2],
 			   HWSIM_PACKETLEN) < 0)
 		return -1;
 
@@ -1746,6 +1780,45 @@ static int hostapd_ctrl_get_alloc_fail(s
 #endif /* WPA_TRACE_BFD */
 }
 
+
+static int hostapd_ctrl_test_fail(struct hostapd_data *hapd, char *cmd)
+{
+#ifdef WPA_TRACE_BFD
+	extern char wpa_trace_test_fail_func[256];
+	extern unsigned int wpa_trace_test_fail_after;
+	char *pos;
+
+	wpa_trace_test_fail_after = atoi(cmd);
+	pos = os_strchr(cmd, ':');
+	if (pos) {
+		pos++;
+		os_strlcpy(wpa_trace_test_fail_func, pos,
+			   sizeof(wpa_trace_test_fail_func));
+	} else {
+		wpa_trace_test_fail_after = 0;
+	}
+
+	return 0;
+#else /* WPA_TRACE_BFD */
+	return -1;
+#endif /* WPA_TRACE_BFD */
+}
+
+
+static int hostapd_ctrl_get_fail(struct hostapd_data *hapd,
+				 char *buf, size_t buflen)
+{
+#ifdef WPA_TRACE_BFD
+	extern char wpa_trace_test_fail_func[256];
+	extern unsigned int wpa_trace_test_fail_after;
+
+	return os_snprintf(buf, buflen, "%u:%s", wpa_trace_test_fail_after,
+			   wpa_trace_test_fail_func);
+#else /* WPA_TRACE_BFD */
+	return -1;
+#endif /* WPA_TRACE_BFD */
+}
+
 #endif /* CONFIG_TESTING_OPTIONS */
 
 
@@ -1847,41 +1920,134 @@ static int hostapd_ctrl_iface_vendor(str
 }
 
 
-static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
-				       void *sock_ctx)
+static int hostapd_ctrl_iface_eapol_reauth(struct hostapd_data *hapd,
+					   const char *cmd)
 {
-	struct hostapd_data *hapd = eloop_ctx;
-	char buf[4096];
-	int res;
-	struct sockaddr_un from;
-	socklen_t fromlen = sizeof(from);
-	char *reply;
-	const int reply_size = 4096;
-	int reply_len;
-	int level = MSG_DEBUG;
+	u8 addr[ETH_ALEN];
+	struct sta_info *sta;
 
-	res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
-		       (struct sockaddr *) &from, &fromlen);
-	if (res < 0) {
-		wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
-			   strerror(errno));
-		return;
+	if (hwaddr_aton(cmd, addr))
+		return -1;
+
+	sta = ap_get_sta(hapd, addr);
+	if (!sta || !sta->eapol_sm)
+		return -1;
+
+	eapol_auth_reauthenticate(sta->eapol_sm);
+	return 0;
+}
+
+
+static int hostapd_ctrl_iface_eapol_set(struct hostapd_data *hapd, char *cmd)
+{
+	u8 addr[ETH_ALEN];
+	struct sta_info *sta;
+	char *pos = cmd, *param;
+
+	if (hwaddr_aton(pos, addr) || pos[17] != ' ')
+		return -1;
+	pos += 18;
+	param = pos;
+	pos = os_strchr(pos, ' ');
+	if (!pos)
+		return -1;
+	*pos++ = '\0';
+
+	sta = ap_get_sta(hapd, addr);
+	if (!sta || !sta->eapol_sm)
+		return -1;
+
+	return eapol_auth_set_conf(sta->eapol_sm, param, pos);
+}
+
+
+static int hostapd_ctrl_iface_log_level(struct hostapd_data *hapd, char *cmd,
+					char *buf, size_t buflen)
+{
+	char *pos, *end, *stamp;
+	int ret;
+
+	/* cmd: "LOG_LEVEL [<level>]" */
+	if (*cmd == '\0') {
+		pos = buf;
+		end = buf + buflen;
+		ret = os_snprintf(pos, end - pos, "Current level: %s\n"
+				  "Timestamp: %d\n",
+				  debug_level_str(wpa_debug_level),
+				  wpa_debug_timestamp);
+		if (os_snprintf_error(end - pos, ret))
+			ret = 0;
+
+		return ret;
 	}
-	buf[res] = '\0';
-	if (os_strcmp(buf, "PING") == 0)
-		level = MSG_EXCESSIVE;
-	wpa_hexdump_ascii(level, "RX ctrl_iface", (u8 *) buf, res);
 
-	reply = os_malloc(reply_size);
-	if (reply == NULL) {
-		if (sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
-			   fromlen) < 0) {
-			wpa_printf(MSG_DEBUG, "CTRL: sendto failed: %s",
-				   strerror(errno));
+	while (*cmd == ' ')
+		cmd++;
+
+	stamp = os_strchr(cmd, ' ');
+	if (stamp) {
+		*stamp++ = '\0';
+		while (*stamp == ' ') {
+			stamp++;
 		}
-		return;
 	}
 
+	if (os_strlen(cmd)) {
+		int level = str_to_debug_level(cmd);
+		if (level < 0)
+			return -1;
+		wpa_debug_level = level;
+	}
+
+	if (stamp && os_strlen(stamp))
+		wpa_debug_timestamp = atoi(stamp);
+
+	os_memcpy(buf, "OK\n", 3);
+	return 3;
+}
+
+
+#ifdef NEED_AP_MLME
+static int hostapd_ctrl_iface_track_sta_list(struct hostapd_data *hapd,
+					     char *buf, size_t buflen)
+{
+	struct hostapd_iface *iface = hapd->iface;
+	char *pos, *end;
+	struct hostapd_sta_info *info;
+	struct os_reltime now;
+
+	sta_track_expire(iface, 0);
+
+	pos = buf;
+	end = buf + buflen;
+
+	os_get_reltime(&now);
+	dl_list_for_each_reverse(info, &iface->sta_seen,
+				 struct hostapd_sta_info, list) {
+		struct os_reltime age;
+		int ret;
+
+		os_reltime_sub(&now, &info->last_seen, &age);
+		ret = os_snprintf(pos, end - pos, MACSTR " %u\n",
+				  MAC2STR(info->addr), (unsigned int) age.sec);
+		if (os_snprintf_error(end - pos, ret))
+			break;
+		pos += ret;
+	}
+
+	return pos - buf;
+}
+#endif /* NEED_AP_MLME */
+
+
+static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
+					      char *buf, char *reply,
+					      int reply_size,
+					      struct sockaddr_un *from,
+					      socklen_t fromlen)
+{
+	int reply_len, res;
+
 	os_memcpy(reply, "OK\n", 3);
 	reply_len = 3;
 
@@ -1938,13 +2104,13 @@ static void hostapd_ctrl_iface_receive(i
 		reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
 							reply_size);
 	} else if (os_strcmp(buf, "ATTACH") == 0) {
-		if (hostapd_ctrl_iface_attach(hapd, &from, fromlen))
+		if (hostapd_ctrl_iface_attach(hapd, from, fromlen))
 			reply_len = -1;
 	} else if (os_strcmp(buf, "DETACH") == 0) {
-		if (hostapd_ctrl_iface_detach(hapd, &from, fromlen))
+		if (hostapd_ctrl_iface_detach(hapd, from, fromlen))
 			reply_len = -1;
 	} else if (os_strncmp(buf, "LEVEL ", 6) == 0) {
-		if (hostapd_ctrl_iface_level(hapd, &from, fromlen,
+		if (hostapd_ctrl_iface_level(hapd, from, fromlen,
 						    buf + 6))
 			reply_len = -1;
 	} else if (os_strncmp(buf, "NEW_STA ", 8) == 0) {
@@ -2079,6 +2245,11 @@ static void hostapd_ctrl_iface_receive(i
 	} else if (os_strcmp(buf, "GET_ALLOC_FAIL") == 0) {
 		reply_len = hostapd_ctrl_get_alloc_fail(hapd, reply,
 							reply_size);
+	} else if (os_strncmp(buf, "TEST_FAIL ", 10) == 0) {
+		if (hostapd_ctrl_test_fail(hapd, buf + 10) < 0)
+			reply_len = -1;
+	} else if (os_strcmp(buf, "GET_FAIL") == 0) {
+		reply_len = hostapd_ctrl_get_fail(hapd, reply, reply_size);
 #endif /* CONFIG_TESTING_OPTIONS */
 	} else if (os_strncmp(buf, "CHAN_SWITCH ", 12) == 0) {
 		if (hostapd_ctrl_iface_chan_switch(hapd->iface, buf + 12))
@@ -2091,6 +2262,20 @@ static void hostapd_ctrl_iface_receive(i
 #ifdef RADIUS_SERVER
 		radius_server_erp_flush(hapd->radius_srv);
 #endif /* RADIUS_SERVER */
+	} else if (os_strncmp(buf, "EAPOL_REAUTH ", 13) == 0) {
+		if (hostapd_ctrl_iface_eapol_reauth(hapd, buf + 13))
+			reply_len = -1;
+	} else if (os_strncmp(buf, "EAPOL_SET ", 10) == 0) {
+		if (hostapd_ctrl_iface_eapol_set(hapd, buf + 10))
+			reply_len = -1;
+	} else if (os_strncmp(buf, "LOG_LEVEL", 9) == 0) {
+		reply_len = hostapd_ctrl_iface_log_level(
+			hapd, buf + 9, reply, reply_size);
+#ifdef NEED_AP_MLME
+	} else if (os_strcmp(buf, "TRACK_STA_LIST") == 0) {
+		reply_len = hostapd_ctrl_iface_track_sta_list(
+			hapd, reply, reply_size);
+#endif /* NEED_AP_MLME */
 	} else {
 		os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
 		reply_len = 16;
@@ -2100,6 +2285,50 @@ static void hostapd_ctrl_iface_receive(i
 		os_memcpy(reply, "FAIL\n", 5);
 		reply_len = 5;
 	}
+
+	return reply_len;
+}
+
+
+static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
+				       void *sock_ctx)
+{
+	struct hostapd_data *hapd = eloop_ctx;
+	char buf[4096];
+	int res;
+	struct sockaddr_un from;
+	socklen_t fromlen = sizeof(from);
+	char *reply;
+	const int reply_size = 4096;
+	int reply_len;
+	int level = MSG_DEBUG;
+
+	res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
+		       (struct sockaddr *) &from, &fromlen);
+	if (res < 0) {
+		wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
+			   strerror(errno));
+		return;
+	}
+	buf[res] = '\0';
+	if (os_strcmp(buf, "PING") == 0)
+		level = MSG_EXCESSIVE;
+	wpa_hexdump_ascii(level, "RX ctrl_iface", (u8 *) buf, res);
+
+	reply = os_malloc(reply_size);
+	if (reply == NULL) {
+		if (sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
+			   fromlen) < 0) {
+			wpa_printf(MSG_DEBUG, "CTRL: sendto failed: %s",
+				   strerror(errno));
+		}
+		return;
+	}
+
+	reply_len = hostapd_ctrl_iface_receive_process(hapd, buf,
+						       reply, reply_size,
+						       &from, fromlen);
+
 	if (sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
 		   fromlen) < 0) {
 		wpa_printf(MSG_DEBUG, "CTRL: sendto failed: %s",
@@ -2130,13 +2359,14 @@ static char * hostapd_ctrl_iface_path(st
 }
 
 
-static void hostapd_ctrl_iface_msg_cb(void *ctx, int level, int global,
+static void hostapd_ctrl_iface_msg_cb(void *ctx, int level,
+				      enum wpa_msg_type type,
 				      const char *txt, size_t len)
 {
 	struct hostapd_data *hapd = ctx;
 	if (hapd == NULL)
 		return;
-	hostapd_ctrl_iface_send(hapd, level, txt, len);
+	hostapd_ctrl_iface_send(hapd, level, type, txt, len);
 }
 
 
@@ -2359,6 +2589,58 @@ static int hostapd_ctrl_iface_remove(str
 }
 
 
+static int hostapd_global_ctrl_iface_attach(struct hapd_interfaces *interfaces,
+					    struct sockaddr_un *from,
+					    socklen_t fromlen)
+{
+	struct wpa_ctrl_dst *dst;
+
+	dst = os_zalloc(sizeof(*dst));
+	if (dst == NULL)
+		return -1;
+	os_memcpy(&dst->addr, from, sizeof(struct sockaddr_un));
+	dst->addrlen = fromlen;
+	dst->debug_level = MSG_INFO;
+	dst->next = interfaces->global_ctrl_dst;
+	interfaces->global_ctrl_dst = dst;
+	wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor attached (global)",
+		    from->sun_path,
+		    fromlen - offsetof(struct sockaddr_un, sun_path));
+	return 0;
+}
+
+
+static int hostapd_global_ctrl_iface_detach(struct hapd_interfaces *interfaces,
+					    struct sockaddr_un *from,

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201510182138.t9ILcPrs017288>