Lines Matching full:for
1 ChangeLog for hostapd
16 * added support for regulatory WMM limitation (for ETSI)
17 * added support for MACsec Key Agreement using IEEE 802.1X/PSK
18 * added experimental support for EAP-TEAP server (RFC 7170)
19 * added experimental support for EAP-TLS server with TLS v1.3
20 * added support for two server certificates/keys (RSA/ECC)
22 determine with AKM was used for an association
29 - added support for SAE Password Identifier
57 - added support for release number 3
59 * added support for RSN operating channel validation
64 * added FT/RRB workaround for short Ethernet frame padding
65 * fixed KEK2 derivation for FILS+FT
74 for PSK (wps_cred_add_sae=1)
77 in preparation for DPP protocol extension
86 * added support for FILS (IEEE 802.11ai) shared key authentication
87 * added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
89 * added support for DPP (Wi-Fi Device Provisioning Protocol)
91 - added local generation of PMK-R0/PMK-R1 for FT-PSK
97 - added support for wildcard R0KH/R1KH
100 - fixed wpa_psk_file use for FT-PSK
104 - added support for SHA384 based AKM
107 - added support for configuring SAE password separately of the
109 - added option to require MFP for SAE associations
112 for SAE;
116 - added support for Password Identifier
117 * hostapd_cli: added support for command history and completion
118 * added support for requesting beacon report
125 * added support for using wolfSSL cryptographic library
129 - added support for setting Venue URL ANQP-element (venue_url)
130 - added support for advertising Hotspot 2.0 operator icons
131 - added support for Roaming Consortium Selection element
132 - added support for Terms and Conditions
133 - added support for OSEN connection in a shared RSN BSS
134 * added support for using OpenSSL 1.1.1
135 * added EAP-pwd server support for salted passwords
142 * extended channel switch support for VHT bandwidth changes
143 * added support for configuring new ANQP-elements with
148 frame sending for not-associated STAs if max_num_sta limit has been
154 * EAP-pwd: added support for Brainpool Elliptic Curves
157 * fixed FTIE generation for 4-way handshake after FT protocol run
164 - minimal support for PKCS #12
166 * added support for OpenSSL 1.1 API changes
167 - drop support for OpenSSL 0.9.8
168 - drop support for OpenSSL 1.0.0
176 - allow server to provide PSK instead of passphrase for WPA-PSK
178 - update full message for interim accounting updates
185 * VHT: added interoperability workaround for 80+80 and 160 MHz channels
189 - added support for full station state operations
194 * added initial functionality for location related operations
200 - fix TX status processing for Address 3 = wildcard BSSID
224 * disable HT for a station that does not support WMM/QoS
225 * added support for hashed password (NtHash) in EAP-pwd server
227 * added EAP-EKE server support for deriving Session-Id
230 * added more 2.4 GHz channels for 20/40 MHz HT co-ex scan
233 * added support for Brainpool Elliptic Curves with SAE
234 * increases maximum value accepted for cwmin/cwmax
235 * added support for CCMP-256 and GCMP-256 as group ciphers with FT
238 (workaround for interoperability issues with iOS 8.4)
239 * added EAP server support for TLS session resumption
240 * fixed key derivation for Suite B 192-bit AKM (this breaks
247 * allow OpenSSL cipher configuration to be set for internal EAP server
252 * add support for Acct-Multi-Session-Id in RADIUS Accounting messages
253 * add support for PMKSA caching with SAE
254 * add support for generating BSS Load element (bss_load_update_period)
257 * add support for learning STA IPv4/IPv6 addresses and configuring
259 * dropped support for the madwifi driver interface
260 * add support for Suite B (128-bit and 192-bit level) key management and
263 * extend EAPOL-Key msg 1/4 retry workaround for changing SNonce
267 * add support for EAP Re-Authentication Protocol (ERP)
271 * add support for vendor specific VHT extension to enable 256 QAM rates
279 * allow chanlist to be used to specify a subset of channels for ACS
292 * fixed DFS and channel switch operation for multi-BSS cases
293 * started to use constant time comparison for various password and hash
298 * added support for number of new RADIUS attributes from RFC 7268
303 * fixed PMKSA cache timeout from Session-Timeout for WPA/WPA2 cases
320 * fixed HT40 co-ex scan for some pri/sec channel switches
323 * fixed HT40 co-ex support to check for overlapping 20 MHz BSS
324 * fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding;
330 * fixed STA validation step for WPS ER commands to prevent a potential
335 * added support for NAS-IP-Address, NAS-identifier, and NAS-IPv6-Address
337 * added mechanism for removing addresses for MAC ACLs by prefixing an
341 * OSEN network for online signup connection
343 control interface HS20_WNM_NOTIF for testing purposes)
346 control interface WNM_DEAUTH_REQ for testing purposes)
348 * hs20_icon config parameter to configure icon files for OSU
349 * osu_* config parameters for OSU Providers list
361 - fix X.509 validation of PKCS#1 signature to check for extra data
366 - added option for TLS protocol testing of an EAP peer by simulating
368 - MAC ACL support for testing purposes
369 * fixed PTK derivation for CCMP-256 and GCMP-256
374 * fixed AP mode default TXOP Limit values for AC_VI and AC_VO (these
376 * added support for postponing FT response in case PMK-R1 needs to be
397 * added support for simultaneous authentication of equals (SAE) for
400 - VHT configuration for nl80211
411 * added support for DFS (processing radar detection events, CAC, channel
415 * added option for using per-BSS (vif) configuration files with
420 * added support for sending debug info to Linux tracing (-T on command
424 * added support for using Protected Dual of Public Action frames for
426 * added support for WPS+NFC updates
428 - option to fetch and report alternative carrier records for external
436 * added number of small changes to make it easier for static analyzers
438 * added a workaround for Windows 7 Michael MIC failure reporting and
440 * fixed number of small bugs (see git logs for more details)
444 - additional information for driver-based AP SME
446 - fix KDF for group 21 and zero-padding
447 - added support for fragmentation
449 * avoid excessive Probe Response retries for broadcast Probe Request
451 * added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
453 * added wps_rf_bands configuration parameter for overriding RF Bands
454 value for WPS
455 * added support for getting per-device PSK from RADIUS Tunnel-Password
456 * added support for libnl 3.2 and newer
458 * added a workaround for 4-way handshake to update SNonce even after
460 implementations that can change SNonce for each EAP-Key 2/4
461 * added a workaround for EAPOL-Key 4/4 using incorrect type value in
463 * added a WPS workaround for mixed mode AP Settings with Windows 7
467 * added support for WFA Hotspot 2.0
475 * EAP-AKA: added support for AT_COUNTER_TOO_SMALL
477 * EAP-AKA': fixed identity for MK derivation
482 * added support for canceling WPS operations with hostapd_cli wps_cancel
488 - use 5 bit IND for SQN updates
490 * EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
492 * added support for Chargeable-User-Identity (RFC 4372)
496 * added support for RADIUS dynamic authorization server (RFC 5176)
497 * added initial support for WNM operations
501 - removed obsoleted WPS_OOB command (including support for deprecated
503 * added FT support for drivers that implement MLME internally
504 * added SA Query support for drivers that implement MLME internally
510 * added support for configuring GCMP cipher for IEEE 802.11ad
511 * added support for 256-bit AES with internal TLS implementation
516 * limit number of active wildcard PINs for WPS Registrar to one to avoid
518 * added a workaround for WPS PBC session overlap detection to avoid
521 * added support for using SQLite for the eap_user database
524 (do not send QoS frames if the STA did not negotiate use of QoS for
529 * Add support for IEEE 802.11v Time Advertisement mechanism with UTC
530 TSF offset. See hostapd.conf for config info.
534 available with drivers that provide TX status events for Deauth/
538 * atheros: Add support for IEEE 802.11w configuration.
539 * bsd: Add support for setting HT values in IFM_MMASK.
548 * Add support for writing debug log to a file using "-f" option. Also
550 * Add bridge handling for WDS STA interfaces. By default they are
555 - Add wds_bridge command for specifying bridge for WDS STA
557 - Add relog command for reopening log file.
560 - Add wps_config ctrl_interface command for configuring AP. This
564 - Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
566 * WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
579 - Add mechanism for indicating non-standard WPS errors.
581 - Add wps_check_pin command for processing PIN from user input.
589 - Allow AP to start in Enrollee mode without AP PIN for probing,
603 * WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
605 for testing protocol extensibility.
608 - Add support for AuthorizedMACs attribute.
613 * EAP server: Add support for configuring fragment size (see
615 * wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
617 for realtime capturing or from pcap files for offline analysis.
618 * Interworking: Support added for 802.11u. Enable in .config with
619 CONFIG_INTERWORKING. See hostapd.conf for config parameters for
621 * Android: Add build and runtime support for Android hostapd.
622 * Add a new debug message level for excessive information. Use
624 * TLS: Add support for tls_disable_time_checks=1 in client mode.
626 - Add support for TLS v1.1 (RFC 4346). Enable with build parameter
628 - Add domainComponent parser for X.509 names
643 * cleaned up driver wrapper API for multi-BSS operations
655 * hostapd_cli: add support for action script operations (run a script
657 * fix DH padding with internal crypto code (mainly, for WPS)
675 * WPS: add support for dynamically selecting whether to provision the
677 * added support for WDS (4-address frame) mode with per-station virtual
679 driver=nl80211 for now)
692 * added support for external Registrars with WPS (UPnP transport)
693 * 802.11n: scan for overlapping BSSes before starting 20/40 MHz channel
696 * added support for WPS USBA out-of-band mechanism with USB Flash
704 standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
711 * driver_nl80211: multiple updates to provide support for new Linux
719 * added support for NFC out-of-band mechanism with WPS
720 * added preliminary support for IEEE 802.11r RIC processing
723 * added support for Wi-Fi Protected Setup (WPS)
725 and provision credentials for WPS Enrollees using PIN and PBC
731 wps_pbc are used to configure WPS negotiation; see README-WPS for
734 * added support for generating Country IE based on nl80211 regulatory
738 * added support for EAP-AKA' (draft-arkko-eap-aka-kdf)
739 * added support for using driver_test over UDP socket
748 * updated OpenSSL code for EAP-FAST to use an updated version of the
758 * fixed EAP-TLS message processing for the last TLS message if it is
761 * fixed listen interval configuration for nl80211 drivers
764 * added support for SHA-256 as X.509 certificate digest when using the
766 * fixed EAP-FAST PAC-Opaque padding (0.6.4 broke this for some peer
768 * fixed internal TLSv1 implementation for abbreviated handshake (used
770 * added support for setting VLAN ID for STAs based on local MAC ACL
771 (accept_mac_file) as an alternative for RADIUS server-based
776 * added support for using SHA256-based stronger key derivation for WPA2
778 * added new "driver wrapper" for RADIUS-only configuration
782 * changed EAP-FAST configuration to use separate fields for A-ID and
784 16-octet len binary value for better interoperability with some peer
793 * added support for EAP Sequences in EAP-FAST Phase 2
794 * added support for EAP-TNC (Trusted Network Connect)
798 * added support for optional cryptobinding with PEAPv0
799 * added fragmentation support for EAP-TNC
800 * added support for fragmenting EAP-TTLS/PEAP/FAST Phase 2 (tunneled)
802 * added support for opportunistic key caching (OKC)
815 * added a workaround for EAP-SIM/AKA peers that include incorrect null
820 * fixed EAP-SIM Start response processing for fast reauthentication
822 * added support for pending EAP processing in EAP-{PEAP,TTLS,FAST}
828 * added data structure for storing allocated buffers (struct wpabuf);
832 * added support for protecting EAP-AKA/Identity messages with
834 * added support for protected result indication with AT_RESULT_IND for
836 * added support for configuring EAP-TTLS phase 2 non-EAP methods in
837 EAP server configuration; previously all four were enabled for every
844 * added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt);
853 * added support for EAP-FAST server method to the integrated EAP
858 pairwise cipher suites to be enabled for WPA and RSN/WPA2
862 not have support for this)
872 * fixed EAP-TTLS AVP parser processing for too short AVP lengths
879 provides bit better triplet data for testing a single client; anyway,
884 * added support for sending EAP-AKA Notifications in error cases
885 * updated to use IEEE 802.11w/D2.0 for management frame protection
887 * RADIUS server: added support for processing duplicate messages
892 * added support for configuring and controlling multiple BSSes per
897 * added support for dynamic VLAN configuration (i.e., selecting VLAN-ID
898 for each STA based on RADIUS Access-Accept attributes); this requires
911 * hlr_auc_gw: added support for GSM-Milenage (for EAP-SIM)
912 * hlr_auc_gw: added support for reading per-IMSI Milenage keys and
914 GSM/UMTS authentication server for multiple SIM/USIM cards using
920 * added 'hostapd_cli new_sta <addr>' command for adding a new STA into
925 * added -P<pid file> argument for hostapd to write the current process
927 * added support for RADIUS Authentication Server MIB (RFC 2619)
931 * added PeerKey handshake implementation for IEEE 802.11e
933 * added support for EAP Generalized Pre-Shared Key (EAP-GPSK,
940 requiring a TLS library for a successful build; these programs can be
946 * added support for EAP-SAKE (no EAP method number allocated yet, so
954 * moved HLR/AuC gateway implementation for EAP-SIM/AKA into an external
955 program to make it easier to use for implementing real SS7 gateway;
956 eap_sim_db is not anymore used as a file name for GSM authentication
967 * driver_madwifi: added support for getting station RSN IE from
977 * driver_test: added better support for multiple APs and STAs by using
978 a directory with sockets that include MAC address for each device in
980 * added support for EAP expanded type (vendor specific EAP methods)
983 * added experimental STAKey handshake implementation for IEEE 802.11e
987 * added support for EAP methods to use callbacks to external programs
992 * added support for using EAP-SIM pseudonyms and fast re-authentication
993 * added support for EAP-AKA in the integrated EAP authenticator
994 * added support for matching EAP identity prefixes (e.g., "1"*) in EAP
996 for EAP-Nak negotiation
997 * added support for storing EAP user password as NtPasswordHash instead
998 of plaintext password when using MSCHAP or MSCHAPv2 for
1000 tool for hashing password to generate NtPasswordHash
1011 * driver_madwifi: added support for madwifi-ng
1014 * added support for replacing user identity from EAP with RADIUS
1016 for the RADIUS accounting messages (e.g., for EAP-PEAP/TTLS to get
1019 * driver_madwifi: fixed EAPOL packet receive for configuration where
1021 * added a configuration file and log analyzer script for logwatch
1029 it easier for the client to select which certificate to use
1030 * added experimental support for EAP-PSK
1031 * added support for WE-19 (hostap, madwifi)
1042 * fixed PMKSA caching for the case where STA (re)associates without
1051 * driver_test: added support for testing hostapd with wpa_supplicant
1058 * driver_madwifi: added support for RADIUS accounting
1059 * driver_madwifi: added preliminary support for compiling against 'BSD'
1063 * added support for reading additional certificates from PKCS#12 files
1068 * added support for more than one Class attribute in RADIUS packets
1069 * added support for verifying certificate revocation list (CRL) when
1070 using integrated EAP authenticator for EAP-TLS; new hostapd.conf
1071 options 'check_crl'; CRL must be included in the ca_cert file for now
1074 * added support for including network information into
1079 * fixed private key loading for cases where passphrase is not set
1080 * added support for sending TLS alerts and aborting authentication
1086 * added support for RADIUS over IPv6; own_ip_addr, auth_server_addr,
1088 to be added to .config to include IPv6 support); for RADIUS server,
1091 * added experimental support for EAP-PAX
1098 * added support for configuring a forced PEAP version based on the
1108 * fixed WPA message 2/4 processing not to cancel timeout for TimeoutEvt
1115 time for the next retry, the new message needed to wait that long for
1119 * added support for configuring multiple allowed EAP types for Phase 2
1125 * added support for EAP-PEAP in the integrated EAP authenticator
1126 * added support for EAP-GTC in the integrated EAP authenticator
1127 * added support for configuring list of EAP methods for Phase 1 so that
1129 for EAP-TLS and EAP-PEAP
1130 * added support for EAP-TTLS in the integrated EAP authenticator
1131 * added support for EAP-SIM in the integrated EAP authenticator
1132 * added support for using hostapd as a RADIUS authentication server
1140 been used at all for more than year
1142 * added support for EAP-MSCHAPv2 in the integrated EAP authenticator
1145 * added support for integrated EAP-TLS authentication (new hostapd.conf
1149 * added support for reading PKCS#12 (PFX) files (as a replacement for
1153 * added support for Acct-{Input,Output}-Gigawords
1154 * added support for Event-Timestamp (in RADIUS Accounting-Requests)
1155 * added support for RADIUS Authentication Client MIB (RFC2618)
1156 * added support for RADIUS Accounting Client MIB (RFC2620)
1162 * added support for multiple WPA pre-shared keys (e.g., one for each
1164 new hostapd.conf field wpa_psk_file for setting path to a text file
1165 containing PSKs, see hostapd.wpa_psk for an example
1166 * added support for multiple driver interfaces to allow hostapd to be
1169 hostapd.conf, see wired.conf for example configuration)
1171 madwifi.conf for example configuration; Note: include files from
1172 madwifi project is needed for building and a configuration file,
1181 * added hostapd control interface for external programs and an example
1182 CLI, hostapd_cli (like wpa_cli for wpa_supplicant)
1186 * added support for strict GTK rekeying (wpa_strict_rekey in
1189 (instead of broadcast) for IAPP ADD-notify (moved from draft 3 to
1196 * fixed RADIUS accounting to generate a new session id for cases where
1199 deauthenticate the station, i.e., skip long wait for inactivity poll
1204 supported, so this cannot yet be used for key distribution; the EAP
1209 * added support for FreeBSD and driver interface for the BSD net80211
1222 * fixed couple of cases where EAPOL state for a station was freed
1223 twice causing a segfault for hostapd
1231 * added support for copying RADIUS Attribute 'Class' from
1252 * added support for Acct-Interim-Interval:
1256 - allow different update intervals for each STA
1266 * added support for Accounting-On and Accounting-Off messages
1271 previously sent after the kernel entry for the STA (and/or IEEE