On Sa, 2016-09-24 at 23:07 +0200, M. Braun wrote: > With respect to the changes from Benjamin Berg from 2016-09-19, I > don't think > they really supersede this series, but they are not really superseded by this > series either. I can rebase this series on that series if needed. > > Regarding using R0-Identifier = R0-BSSID: This series uses an extra broadcast > step, but does not interfere with RADIUS NAS-Identifier. Your implementation seems sane to me, and I don't see any advantage of having two separate solutions for the same issue. I'll run some test using your patchset. > Regarding cache limitation: This series makes cache time configurable and > triggers cache purge by time. This series lacks cache size limitation. Probably not really necessary in almost all cases. The two potential corner cases that might be relevant are rogue clients trying to generate cache entries and weird configurations where the timeouts are set so that cached items never expire. > Regarding his 6/6 "l2: Add outgoing listener to catch packets from other > hostapd". This should also be covered by using the new ft_iface due to the way > MACVLAN "bridge"-mode works, thought I'm unsure about platform support. Sounds like it should work fine with MACVLAN enabled. It might make sense to at least document the limitation if MACVLAN support is not enabled. Could ft_iface collide with rsn_preauth_interfaces if the same interface is used? Benjamin > Sincerely, > M. Braun > > Michael Braun (33): > FT: generate PMK_R0 and PMK_R1 for FT-PSK locally > test: FT with locally generated PMK_R0/PMK_R1 from PSK > test: FT: EAP test for mismatching keys > FT: add support for wildcard R0KH / R1KH > test: FT with broadcasts > FT: cache newly detected R0KH / R1KH when using wildcard > FT: resend pull request > FT: negative caching when using wilcard r0kh > FT: new rrb message format > FT: add expiration to PMK-R0 and PMK-R1 cache > FT: add IEEE vlan support (including tagged vlans) > test: FT-EAP with VLAN > test: FT-PSK with VLAN > FT: add r1_max_key_lifetime > 802.11 Factor out authentication code for reuse with FT-over-DS > FT-over-DS: use macaddr_acl > tests: FT test macaddr-acl > factor out ifconfig for use with macvlan > FT: separate RRB interface > test: FT ft_macvlan generation > FT: include identity and radius_cui in pull/resp frames > tests: FT with CUI > FT: add session_timeout to push/resp > Prepare 802.11i pre-authentication for full dynamic vlan. > Enable 802.11i pre-authentication with full dynamic vlans > test: pre-authentification with full dynamic vlans > STA: avoid driver warning when configuring not connected STAs for > WPA > FT: radius accounting after roaming > FT: handle OVER_DS reassociate client retry > FT: convert r0_key_lifetime to seconds > FT OVER_DS with fullstate station driver > nl80211: fix CMD_FRAME used with VLANs > FT: do not change ANonce during re-sent auth request > > hostapd/Makefile | 32 +- > hostapd/config_file.c | 23 + > hostapd/defconfig | 11 + > hostapd/hostapd.conf | 81 +- > src/ap/ap_config.c | 32 + > src/ap/ap_config.h | 22 + > src/ap/ap_drv_ops.c | 15 +- > src/ap/ap_drv_ops.h | 3 + > src/ap/hostapd.h | 6 + > src/ap/ieee802_11.c | 171 ++-- > src/ap/ieee802_11.h | 4 + > src/ap/ieee802_11_auth.c | 110 ++- > src/ap/ieee802_11_auth.h | 24 +- > src/ap/ieee802_1x.c | 18 +- > src/ap/l2_snoop.h | 72 ++ > src/ap/l2_snoop_pcap.c | 134 +++ > src/ap/macvlan.c | 130 +++ > src/ap/macvlan.h | 10 + > src/ap/preauth_auth.c | 278 +++++- > src/ap/preauth_auth.h | 19 + > src/ap/sta_info.c | 29 +- > src/ap/sta_info.h | 6 +- > src/ap/vlan_full.c | 23 +- > src/ap/vlan_ifconfig.c | 9 +- > src/ap/vlan_ifconfig.h | 16 + > src/ap/vlan_init.c | 20 + > src/ap/vlan_util.h | 3 - > src/ap/wpa_auth.c | 6 +- > src/ap/wpa_auth.h | 150 +-- > src/ap/wpa_auth_ft.c | 1834 > ++++++++++++++++++++++++++++++----- > src/ap/wpa_auth_glue.c | 430 +++++++- > src/ap/wpa_auth_i.h | 4 +- > src/common/defs.h | 5 + > src/common/wpa_common.c | 3 + > src/common/wpa_common.h | 3 + > src/drivers/driver.h | 3 +- > src/drivers/driver_atheros.c | 3 +- > src/drivers/driver_hostap.c | 10 +- > src/drivers/driver_nl80211.c | 53 +- > tests/hwsim/auth_serv/eap_user.conf | 5 + > tests/hwsim/example-hostapd.config | 3 + > tests/hwsim/test_ap_ft.py | 466 ++++++++- > tests/hwsim/test_pmksa_cache.py | 19 + > wpa_supplicant/driver_i.h | 2 +- > 44 files changed, 3773 insertions(+), 527 deletions(-) > create mode 100644 src/ap/l2_snoop.h > create mode 100644 src/ap/l2_snoop_pcap.c > create mode 100644 src/ap/macvlan.c > create mode 100644 src/ap/macvlan.h > create mode 100644 src/ap/vlan_ifconfig.h >
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
