[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: pkgsrc/net/wpa_gui
Don't mind me - just forgetting the ChangeLog/NEWS (for net/wpa_supplicant too):
2013-01-12 - v2.0
* removed Qt3-based wpa_gui (obsoleted by wpa_qui-qt4)
* removed unmaintained driver wrappers broadcom, iphone, osx, ralink,
hostap, madwifi (hostap and madwifi remain available for hostapd;
their wpa_supplicant functionality is obsoleted by wext)
* improved debug logging (human readable event names, interface name
included in more entries)
* changed AP mode behavior to enable WPS only for open and
* improved P2P concurrency operations
- better coordination of concurrent scan and P2P search operations
- avoid concurrent remain-on-channel operation requests by canceling
previous operations prior to starting a new one
- reject operations that would require multi-channel concurrency if
the driver does not support it
- add parameter to select whether STA or P2P connection is preferred
if the driver cannot support both at the same time
- allow driver to indicate channel changes
- added optional delay=<search delay in milliseconds> parameter for
p2p_find to avoid taking all radio resources
- use 500 ms p2p_find search delay by default during concurrent
- allow all channels in GO Negotiation if the driver supports
* added number of small changes to make it easier for static analyzers
to understand the implementation
* fixed number of small bugs (see git logs for more details)
* nl80211: number of updates to use new cfg80211/nl80211 functionality
- replace monitor interface with nl80211 commands for AP mode
- additional information for driver-based AP SME
- STA entry authorization in RSN IBSS
- fixed KDF for group 21 and zero-padding
- added support for fragmentation
- increased maximum number of hunting-and-pecking iterations
* avoid excessive Probe Response retries for broadcast Probe Request
frames (only with drivers using wpa_supplicant AP mode SME/MLME)
* added "GET country" ctrl_iface command
* do not save an invalid network block in wpa_supplicant.conf to avoid
problems reading the file on next start
* send STA connected/disconnected ctrl_iface events to both the P2P
group and parent interfaces
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
* added "SET pno <1/0>" ctrl_iface command to start/stop preferred
network offload with sched_scan driver command
* merged in number of changes from Android repository for P2P, nl80211,
and build parameters
* changed P2P GO mode configuration to use driver capabilities to
automatically enable HT operations when supported
* added "wpa_cli status wps" command to fetch WPA2-Personal passhrase
for WPS use cases in AP mode
* EAP-AKA: keep pseudonym identity across EAP exchanges to match EAP-SIM
* improved reassociation behavior in cases where association is rejected
or when an AP disconnects us to handle common load balancing
- try to avoid extra scans when the needed information is available
* added optional "join" argument for p2p_prov_disc ctrl_iface command
* added group ifname to P2P-PROV-DISC-* events
* added P2P Device Address to AP-STA-DISCONNECTED event and use
p2p_dev_addr parameter name with AP-STA-CONNECTED
* added workarounds for WPS PBC overlap detection for some P2P use cases
where deployed stations work incorrectly
* optimize WPS connection speed by disconnecting prior to WPS scan and
by using single channel scans when AP channel is known
* PCSC and SIM/USIM improvements:
- accept 0x67 (Wrong length) as a response to READ RECORD to fix
issues with some USIM cards
- try to read MNC length from SIM/USIM
- build realm according to 3GPP TS 23.003 with identity from the SIM
- allow T1 protocol to be enabled
* added more WPS and P2P information available through D-Bus
* improve P2P negotiation robustness
- extra waits to get ACK frames through
- longer timeouts for cases where deployed devices have been
identified have issues meeting the specification requirements
- more retries for some P2P frames
- handle race conditions in GO Negotiation start by both devices
- ignore unexpected GO Negotiation Response frame
* added support for libnl 3.2 and newer
* added P2P persistent group info to P2P_PEER data
* maintain a list of P2P Clients for persistent group on GO
* AP: increased initial group key handshake retransmit timeout to 500 ms
* added optional dev_id parameter for p2p_find
* added P2P-FIND-STOPPED ctrl_iface event
* fixed issues in WPA/RSN element validation when roaming with ap_scan=1
and driver-based BSS selection
* do not expire P2P peer entries while connected with the peer in a
* fixed WSC element inclusion in cases where P2P is disabled
* AP: added a WPS workaround for mixed mode AP Settings with Windows 7
* EAP-SIM: fixed AT_COUNTER_TOO_SMALL use
* EAP-SIM/AKA: append realm to pseudonym identity
* EAP-SIM/AKA: store pseudonym identity in network configuration to
allow it to persist over multiple EAP sessions and wpa_supplicant
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
breaks interoperability with older versions
* added support for WFA Hotspot 2.0
- GAS/ANQP to fetch network information
- credential configuration and automatic network selections based on
credential match with ANQP information
* limited PMKSA cache entries to be used only with the network context
that was used to create them
* improved PMKSA cache expiration to avoid unnecessary disconnections
* adjusted bgscan_simple fast-scan backoff to avoid too frequent
* removed ctrl_iface event on P2P PD Response in join-group case
* added option to fetch BSS table entry based on P2P Device Address
("BSS p2p_dev_addr=<P2P Device Address>")
* added BSS entry age to ctrl_iface BSS command output
* added optional MASK=0xH option for ctrl_iface BSS command to select
which fields are included in the response
* added optional RANGE=ALL|N1-N2 option for ctrl_iface BSS command to
fetch information about several BSSes in one call
* simplified licensing terms by selecting the BSD license as the only
* added "P2P_SET disallow_freq <freq list>" ctrl_iface command to
disable channels from P2P use
* added p2p_pref_chan configuration parameter to allow preferred P2P
channels to be specified
* added support for advertising immediate availability of a WPS
credential for P2P use cases
* optimized scan operations for P2P use cases (use single channel scan
for a specific SSID when possible)
* EAP-TTLS: fixed peer challenge generation for MSCHAPv2
* SME: do not use reassociation after explicit disconnection request
(local or a notification from an AP)
* added support for sending debug info to Linux tracing (-T on command
* added support for using Deauthentication reason code 3 as an
indication of P2P group termination
* added wps_vendor_ext_m1 configuration parameter to allow vendor
specific attributes to be added to WPS M1
* started using separate TLS library context for tunneled TLS
(EAP-PEAP/TLS, EAP-TTLS/TLS, EAP-FAST/TLS) to support different CA
certificate configuration between Phase 1 and Phase 2
* added optional "auto" parameter for p2p_connect to request automatic
GO Negotiation vs. join-a-group selection
* added disabled_scan_offload parameter to disable automatic scan
* added optional persistent=<network id> parameter for p2p_connect to
allow forcing of a specific SSID/passphrase for GO Negotiation
* added support for OBSS scan requests and 20/40 BSS coexistence reports
* reject PD Request for unknown group
* removed scripts and notes related to Windows binary releases (which
have not been used starting from 1.x)
* added initial support for WNM operations
- Keep-alive based on BSS max idle period
- WNM-Sleep Mode
- minimal BSS Transition Management processing
* added autoscan module to control scanning behavior while not connected
- autoscan_periodic and autoscan_exponential modules
* added new WPS NFC ctrl_iface mechanism
- added initial support NFC connection handover
- removed obsoleted WPS_OOB command (including support for deprecated
* added optional framework for external password storage ("ext:<name>")
* wpa_cli: added optional support for controlling wpa_supplicant
remotely over UDP (CONFIG_CTRL_IFACE=udp-remote) for testing purposes
* wpa_cli: extended tab completion to more commands
* changed SSID output to use printf-escaped strings instead of masking
of non-ASCII characters
- SSID can now be configured in the same format: ssid=P"abc\x00test"
* removed default ACM=1 from AC_VO and AC_VI
* added optional "ht40" argument for P2P ctrl_iface commands to allow
40 MHz channels to be requested on the 5 GHz band
* added optional parameters for p2p_invite command to specify channel
when reinvoking a persistent group as the GO
* improved FIPS mode builds with OpenSSL
- "make fips" with CONFIG_FIPS=y to build wpa_supplicant with the
OpenSSL FIPS object module
- replace low level OpenSSL AES API calls to use EVP
- use OpenSSL keying material exporter when possible
- do not export TLS keys in FIPS mode
- remove MD5 from CONFIG_FIPS=y builds
- use OpenSSL function for PKBDF2 passphrase-to-PSK
- use OpenSSL HMAC implementation
- mix RAND_bytes() output into random_get_bytes() to force OpenSSL
DRBG to be used in FIPS mode
- use OpenSSL CMAC implementation
* added mechanism to disable TLS Session Ticket extension
- a workaround for servers that do not support TLS extensions that
was enabled by default in recent OpenSSL versions
- automatically disable TLS Session Ticket extension by default when
using EAP-TLS/PEAP/TTLS (i.e., only use it with EAP-FAST)
* changed VENDOR-TEST EAP method to use proper private enterprise number
(this will not interoperate with older versions)
* disable network block temporarily on authentication failures
* improved WPS AP selection during WPS PIN iteration
* added support for configuring GCMP cipher for IEEE 802.11ad
* added support for Wi-Fi Display extensions
- WFD_SUBELEMENT_SET ctrl_iface command to configure WFD subelements
- SET wifi_display <0/1> to disable/enable WFD support
- WFD service discovery
- an external program is needed to manage the audio/video streaming
* optimized scan result use for network selection
- use the internal BSS table instead of raw scan results
- allow unnecessary scans to be skipped if fresh information is
available (e.g., after GAS/ANQP round for Interworking)
* added support for 256-bit AES with internal TLS implementation
* allow peer to propose channel in P2P invitation process for a
* added disallow_aps parameter to allow BSSIDs/SSIDs to be disallowed
from network selection
* re-enable the networks disabled during WPS operations
* allow P2P functionality to be disabled per interface (p2p_disabled=1)
* added secondary device types into P2P_PEER output
* added an option to disable use of a separate P2P group interface
* fixed P2P Bonjour SD to match entries with both compressed and not
compressed domain name format and support multiple Bonjour PTR matches
for the same key
* use deauthentication instead of disassociation for all disconnection
operations; this removes the now unused disassociate() wpa_driver_ops
* optimized PSK generation on P2P GO by caching results to avoid
multiple PBKDF2 operations
* added okc=1 global configuration parameter to allow OKC to be enabled
by default for all network blocks
* added a workaround for WPS PBC session overlap detection to avoid
interop issues with deployed station implementations that do not
remove active PBC indication from Probe Request frames properly
* added basic support for 60 GHz band
* extend EAPOL frames processing workaround for roaming cases
(postpone processing of unexpected EAPOL frame until association
event to handle reordered events)
2012-05-10 - v1.0
* bsd: Add support for setting HT values in IFM_MMASK.
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. Only
available with drivers that provide TX status events for Deauth/
Disassoc frames (nl80211).
* Drop oldest unknown BSS table entries first. This makes it less
likely to hit connection issues in environments with huge number
of visible APs.
* Add systemd support.
* Add support for setting the syslog facility from the config file
at build time.
* atheros: Add support for IEEE 802.11w configuration.
* AP mode: Allow enable HT20 if driver supports it, by setting the
config parameter ieee80211n.
* Allow AP mode to disconnect STAs based on low ACK condition (when
the data connection is not working properly, e.g., due to the STA
going outside the range of the AP). Disabled by default, enable by
config option disassoc_low_ack.
- Support GTK rekey offload.
- Support PMKSA candidate events. This adds support for RSN
pre-authentication with nl80211 interface and drivers that handle
- Add a DBus signal for EAP SM requests, emitted on the Interface
- Export max scan ssids supported by the driver as MaxScanSSID.
- Add signal Certification for information about server certification.
- Add BSSExpireAge and BSSExpireCount interface properties and
support set/get, which allows for setting BSS cache expiration age
and expiration scan count.
- Add ConfigFile to AddInterface properties.
- Add Interface.Country property and support to get/set the value.
- Add DBus property CurrentAuthMode.
- P2P DBus API added.
- Emit property changed events (for property BSSs) when adding/
- Treat '' in SSIDs of Interface.Scan as a request for broadcast
scan, instead of ignoring it.
- Add DBus getter/setter for FastReauth.
- Raise PropertiesChanged on org.freedesktop.DBus.Properties.
- Send AP-STA-DISCONNECTED event when an AP disconnects a station
due to inactivity.
- Make second argument to set command optional. This can be used to
indicate a zero length value.
- Add signal_poll command.
- Add bss_expire_age and bss_expire_count commands to set/get BSS
cache expiration age and expiration scan count.
- Add ability to set scan interval (the time in seconds wpa_s waits
before requesting a new scan after failing to find a suitable
network in scan results) using scan_interval command.
- Add event CTRL-EVENT-ASSOC-REJECT for association rejected.
- Add command get version, that returns wpa_supplicant version string.
- Add command sta_autoconnect for disabling automatic reconnection
on receiving disconnection event.
- Setting bssid parameter to an empty string "" or any can now be
used to clear the bssid_set flag in a network block, i.e., to remove
- Add tdls_testing command to add a special testing feature for
changing TDLS behavior. Build param CONFIG_TDLS_TESTING must be
enabled as well.
- For interworking, add wpa_cli commands interworking_select,
interworking_connect, anqp_get, fetch_anqp, and stop_fetch_anqp.
- Many P2P commands were added. See README-P2P.
- Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
- Allow set command to change global config parameters.
- Add log_level command, which can be used to display the current
debugging level and to change the log level during run time.
- Add note command, which can be used to insert notes to the debug
- Add internal line edit implementation. CONFIG_WPA_CLI_EDIT=y
can now be used to build wpa_cli with internal implementation of
line editing and history support. This can be used as a replacement
* AP mode: Add max_num_sta config option, which can be used to limit
the number of stations allowed to connect to the AP.
* Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
* wext: Increase scan timeout from 5 to 10 seconds.
* Add blacklist command, allowing an external program to
manage the BSS blacklist and display its current contents.
- Add wpa_cli wps_pin get command for generating random PINs. This can
be used in a UI to generate a PIN without starting WPS (or P2P)
- Set RF bands based on driver capabilities, instead of hardcoding
- Add mechanism for indicating non-standard WPS errors.
- Add CONFIG_WPS_REG_DISABLE_OPEN=y option to disable open networks
- Add wps_ap_pin cli command for wpa_supplicant AP mode.
- Add wps_check_pin cli command for processing PIN from user input.
UIs can use this command to process a PIN entered by a user and to
validate the checksum digit (if present).
- Cancel WPS operation on PBC session overlap detection.
- New wps_cancel command in wpa_cli will cancel a pending WPS
- wpa_cli action: Add WPS_EVENT_SUCCESS and WPS_EVENT_FAIL handlers.
- Trigger WPS config update on Manufacturer, Model Name, Model
Number, and Serial Number changes.
- Fragment size is now configurable for EAP-WSC peer. Use
wpa_cli set wps_fragment_size <val>.
- Disable AP PIN after 10 consecutive failures. Slow down attacks on
failures up to 10.
- Allow AP to start in Enrollee mode without AP PIN for probing, to
be compatible with Windows 7.
- Add Config Error into WPS-FAIL events to provide more info to the
user on how to resolve the issue.
- Label and Display config methods are not allowed to be enabled
at the same time, since it is unclear which PIN to use if both
methods are advertised.
- When controlling multiple interfaces:
- apply WPS commands to all interfaces configured to use WPS
- apply WPS config changes to all interfaces that use WPS
- when an attack is detected on any interface, disable AP PIN on
* WPS ER:
- Add special AP Setup Locked mode to allow read only ER.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change them.
- Show SetSelectedRegistrar events as ctrl_iface events
- Add wps_er_set_config to enroll a network based on a local
network configuration block instead of having to (re-)learn the
current AP settings with wps_er_learn.
- Allow AP filtering based on IP address, add ctrl_iface event for
learned AP settings, add wps_er_config command to configure an AP.
* WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
- Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
for testing protocol extensibility.
- Add build option CONFIG_WPS_STRICT to allow disabling of WPS
- Add support for AuthorizedMACs attribute.
- Propogate TDLS related nl80211 capability flags from kernel and
add them as driver capability flags. If the driver doesn't support
capabilities, assume TDLS is supported internally. When TDLS is
explicitly not supported, disable all user facing TDLS operations.
- Allow TDLS to be disabled at runtime (mostly for testing).
Use set tdls_disabled.
- Honor AP TDLS settings that prohibit/allow TDLS.
- Add a special testing feature for changing TDLS behavior. Use
CONFIG_TDLS_TESTING build param to enable. Configure at runtime
with tdls_testing cli command.
- Add support for TDLS 802.11z.
* wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
wlantest can be used to capture frames from a monitor interface
for realtime capturing or from pcap files for offline analysis.
* Interworking: Support added for 802.11u. Enable in .config with
CONFIG_INTERWORKING. See wpa_supplicant.conf for config parameters
for interworking. wpa_cli commands added to support this are
interworking_select, interworking_connect, anqp_get, fetch_anqp,
* Android: Add build and runtime support for Android wpa_supplicant.
* bgscan learn: Add new bgscan that learns BSS information based on
previous scans, and uses that information to dynamically generate
the list of channels for background scans.
* Add a new debug message level for excessive information. Use
-ddd to enable.
* TLS: Add support for tls_disable_time_checks=1 in client mode.
* Internal TLS:
- Add support for TLS v1.1 (RFC 4346). Enable with build parameter
- Add domainComponent parser for X.509 names.
* Linux: Add RFKill support by adding an interface state "disabled".
* Reorder some IEs to get closer to IEEE 802.11 standard. Move
WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
Move HT IEs to be later in (Re)Assoc Resp.
* Solaris: Add support for wired 802.1X client.
* Wi-Fi Direct support. See README-P2P for more information.
* Many bugfixes.
Main Index |
Thread Index |