Remove now-unused hostapd source files from contrib
authorJohn Marino <draco@marino.st>
Fri, 17 Jul 2015 23:15:16 +0000 (01:15 +0200)
committerJohn Marino <draco@marino.st>
Fri, 17 Jul 2015 23:15:16 +0000 (01:15 +0200)
468 files changed:
contrib/hostapd/COPYING [deleted file]
contrib/hostapd/README [deleted file]
contrib/hostapd/README.DELETED [deleted file]
contrib/hostapd/README.DRAGONFLY [deleted file]
contrib/hostapd/hostapd/ChangeLog [deleted file]
contrib/hostapd/hostapd/README [deleted file]
contrib/hostapd/hostapd/README-WPS [deleted file]
contrib/hostapd/hostapd/config_file.c [deleted file]
contrib/hostapd/hostapd/config_file.h [deleted file]
contrib/hostapd/hostapd/ctrl_iface.c [deleted file]
contrib/hostapd/hostapd/ctrl_iface.h [deleted file]
contrib/hostapd/hostapd/eap_register.c [deleted file]
contrib/hostapd/hostapd/eap_register.h [deleted file]
contrib/hostapd/hostapd/hlr_auc_gw.txt [deleted file]
contrib/hostapd/hostapd/hostapd_cli.c [deleted file]
contrib/hostapd/hostapd/main.c [deleted file]
contrib/hostapd/patches/openssl-0.9.8-tls-extensions.patch [deleted file]
contrib/hostapd/patches/openssl-0.9.8d-tls-extensions.patch [deleted file]
contrib/hostapd/patches/openssl-0.9.8e-tls-extensions.patch [deleted file]
contrib/hostapd/patches/openssl-0.9.8g-tls-extensions.patch [deleted file]
contrib/hostapd/patches/openssl-0.9.8h-tls-extensions.patch [deleted file]
contrib/hostapd/patches/openssl-0.9.8i-tls-extensions.patch [deleted file]
contrib/hostapd/patches/openssl-0.9.8x-tls-extensions.patch [deleted file]
contrib/hostapd/patches/openssl-0.9.9-session-ticket.patch [deleted file]
contrib/hostapd/src/ap/accounting.c [deleted file]
contrib/hostapd/src/ap/accounting.h [deleted file]
contrib/hostapd/src/ap/acs.c [deleted file]
contrib/hostapd/src/ap/acs.h [deleted file]
contrib/hostapd/src/ap/ap_config.c [deleted file]
contrib/hostapd/src/ap/ap_config.h [deleted file]
contrib/hostapd/src/ap/ap_drv_ops.c [deleted file]
contrib/hostapd/src/ap/ap_drv_ops.h [deleted file]
contrib/hostapd/src/ap/ap_list.c [deleted file]
contrib/hostapd/src/ap/ap_list.h [deleted file]
contrib/hostapd/src/ap/ap_mlme.c [deleted file]
contrib/hostapd/src/ap/ap_mlme.h [deleted file]
contrib/hostapd/src/ap/authsrv.c [deleted file]
contrib/hostapd/src/ap/authsrv.h [deleted file]
contrib/hostapd/src/ap/beacon.c [deleted file]
contrib/hostapd/src/ap/beacon.h [deleted file]
contrib/hostapd/src/ap/ctrl_iface_ap.c [deleted file]
contrib/hostapd/src/ap/ctrl_iface_ap.h [deleted file]
contrib/hostapd/src/ap/dfs.c [deleted file]
contrib/hostapd/src/ap/dfs.h [deleted file]
contrib/hostapd/src/ap/drv_callbacks.c [deleted file]
contrib/hostapd/src/ap/eap_user_db.c [deleted file]
contrib/hostapd/src/ap/gas_serv.c [deleted file]
contrib/hostapd/src/ap/gas_serv.h [deleted file]
contrib/hostapd/src/ap/hostapd.c [deleted file]
contrib/hostapd/src/ap/hostapd.h [deleted file]
contrib/hostapd/src/ap/hs20.c [deleted file]
contrib/hostapd/src/ap/hs20.h [deleted file]
contrib/hostapd/src/ap/hw_features.c [deleted file]
contrib/hostapd/src/ap/hw_features.h [deleted file]
contrib/hostapd/src/ap/iapp.c [deleted file]
contrib/hostapd/src/ap/iapp.h [deleted file]
contrib/hostapd/src/ap/ieee802_11.c [deleted file]
contrib/hostapd/src/ap/ieee802_11.h [deleted file]
contrib/hostapd/src/ap/ieee802_11_auth.c [deleted file]
contrib/hostapd/src/ap/ieee802_11_auth.h [deleted file]
contrib/hostapd/src/ap/ieee802_11_ht.c [deleted file]
contrib/hostapd/src/ap/ieee802_11_shared.c [deleted file]
contrib/hostapd/src/ap/ieee802_11_vht.c [deleted file]
contrib/hostapd/src/ap/ieee802_1x.c [deleted file]
contrib/hostapd/src/ap/ieee802_1x.h [deleted file]
contrib/hostapd/src/ap/p2p_hostapd.c [deleted file]
contrib/hostapd/src/ap/p2p_hostapd.h [deleted file]
contrib/hostapd/src/ap/peerkey_auth.c [deleted file]
contrib/hostapd/src/ap/pmksa_cache_auth.c [deleted file]
contrib/hostapd/src/ap/pmksa_cache_auth.h [deleted file]
contrib/hostapd/src/ap/preauth_auth.c [deleted file]
contrib/hostapd/src/ap/preauth_auth.h [deleted file]
contrib/hostapd/src/ap/sta_info.c [deleted file]
contrib/hostapd/src/ap/sta_info.h [deleted file]
contrib/hostapd/src/ap/tkip_countermeasures.c [deleted file]
contrib/hostapd/src/ap/tkip_countermeasures.h [deleted file]
contrib/hostapd/src/ap/utils.c [deleted file]
contrib/hostapd/src/ap/vlan_init.c [deleted file]
contrib/hostapd/src/ap/vlan_init.h [deleted file]
contrib/hostapd/src/ap/vlan_util.c [deleted file]
contrib/hostapd/src/ap/vlan_util.h [deleted file]
contrib/hostapd/src/ap/wmm.c [deleted file]
contrib/hostapd/src/ap/wmm.h [deleted file]
contrib/hostapd/src/ap/wnm_ap.c [deleted file]
contrib/hostapd/src/ap/wnm_ap.h [deleted file]
contrib/hostapd/src/ap/wpa_auth.c [deleted file]
contrib/hostapd/src/ap/wpa_auth.h [deleted file]
contrib/hostapd/src/ap/wpa_auth_ft.c [deleted file]
contrib/hostapd/src/ap/wpa_auth_glue.c [deleted file]
contrib/hostapd/src/ap/wpa_auth_glue.h [deleted file]
contrib/hostapd/src/ap/wpa_auth_i.h [deleted file]
contrib/hostapd/src/ap/wpa_auth_ie.c [deleted file]
contrib/hostapd/src/ap/wpa_auth_ie.h [deleted file]
contrib/hostapd/src/ap/wps_hostapd.c [deleted file]
contrib/hostapd/src/ap/wps_hostapd.h [deleted file]
contrib/hostapd/src/common/defs.h [deleted file]
contrib/hostapd/src/common/eapol_common.h [deleted file]
contrib/hostapd/src/common/gas.c [deleted file]
contrib/hostapd/src/common/gas.h [deleted file]
contrib/hostapd/src/common/ieee802_11_common.c [deleted file]
contrib/hostapd/src/common/ieee802_11_common.h [deleted file]
contrib/hostapd/src/common/ieee802_11_defs.h [deleted file]
contrib/hostapd/src/common/privsep_commands.h [deleted file]
contrib/hostapd/src/common/qca-vendor.h [deleted file]
contrib/hostapd/src/common/sae.c [deleted file]
contrib/hostapd/src/common/sae.h [deleted file]
contrib/hostapd/src/common/version.h [deleted file]
contrib/hostapd/src/common/wpa_common.c [deleted file]
contrib/hostapd/src/common/wpa_common.h [deleted file]
contrib/hostapd/src/common/wpa_ctrl.c [deleted file]
contrib/hostapd/src/common/wpa_ctrl.h [deleted file]
contrib/hostapd/src/crypto/aes-cbc.c [deleted file]
contrib/hostapd/src/crypto/aes-ccm.c [deleted file]
contrib/hostapd/src/crypto/aes-ctr.c [deleted file]
contrib/hostapd/src/crypto/aes-eax.c [deleted file]
contrib/hostapd/src/crypto/aes-encblock.c [deleted file]
contrib/hostapd/src/crypto/aes-gcm.c [deleted file]
contrib/hostapd/src/crypto/aes-internal-dec.c [deleted file]
contrib/hostapd/src/crypto/aes-internal-enc.c [deleted file]
contrib/hostapd/src/crypto/aes-internal.c [deleted file]
contrib/hostapd/src/crypto/aes-omac1.c [deleted file]
contrib/hostapd/src/crypto/aes-unwrap.c [deleted file]
contrib/hostapd/src/crypto/aes-wrap.c [deleted file]
contrib/hostapd/src/crypto/aes.h [deleted file]
contrib/hostapd/src/crypto/aes_i.h [deleted file]
contrib/hostapd/src/crypto/aes_wrap.h [deleted file]
contrib/hostapd/src/crypto/crypto.h [deleted file]
contrib/hostapd/src/crypto/crypto_cryptoapi.c [deleted file]
contrib/hostapd/src/crypto/crypto_gnutls.c [deleted file]
contrib/hostapd/src/crypto/crypto_internal-cipher.c [deleted file]
contrib/hostapd/src/crypto/crypto_internal-modexp.c [deleted file]
contrib/hostapd/src/crypto/crypto_internal-rsa.c [deleted file]
contrib/hostapd/src/crypto/crypto_internal.c [deleted file]
contrib/hostapd/src/crypto/crypto_libtomcrypt.c [deleted file]
contrib/hostapd/src/crypto/crypto_none.c [deleted file]
contrib/hostapd/src/crypto/crypto_nss.c [deleted file]
contrib/hostapd/src/crypto/crypto_openssl.c [deleted file]
contrib/hostapd/src/crypto/des-internal.c [deleted file]
contrib/hostapd/src/crypto/des_i.h [deleted file]
contrib/hostapd/src/crypto/dh_group5.c [deleted file]
contrib/hostapd/src/crypto/dh_group5.h [deleted file]
contrib/hostapd/src/crypto/dh_groups.c [deleted file]
contrib/hostapd/src/crypto/dh_groups.h [deleted file]
contrib/hostapd/src/crypto/fips_prf_cryptoapi.c [deleted file]
contrib/hostapd/src/crypto/fips_prf_gnutls.c [deleted file]
contrib/hostapd/src/crypto/fips_prf_internal.c [deleted file]
contrib/hostapd/src/crypto/fips_prf_nss.c [deleted file]
contrib/hostapd/src/crypto/fips_prf_openssl.c [deleted file]
contrib/hostapd/src/crypto/md4-internal.c [deleted file]
contrib/hostapd/src/crypto/md5-internal.c [deleted file]
contrib/hostapd/src/crypto/md5.c [deleted file]
contrib/hostapd/src/crypto/md5.h [deleted file]
contrib/hostapd/src/crypto/md5_i.h [deleted file]
contrib/hostapd/src/crypto/milenage.c [deleted file]
contrib/hostapd/src/crypto/milenage.h [deleted file]
contrib/hostapd/src/crypto/ms_funcs.c [deleted file]
contrib/hostapd/src/crypto/ms_funcs.h [deleted file]
contrib/hostapd/src/crypto/random.c [deleted file]
contrib/hostapd/src/crypto/random.h [deleted file]
contrib/hostapd/src/crypto/rc4.c [deleted file]
contrib/hostapd/src/crypto/sha1-internal.c [deleted file]
contrib/hostapd/src/crypto/sha1-pbkdf2.c [deleted file]
contrib/hostapd/src/crypto/sha1-prf.c [deleted file]
contrib/hostapd/src/crypto/sha1-tlsprf.c [deleted file]
contrib/hostapd/src/crypto/sha1-tprf.c [deleted file]
contrib/hostapd/src/crypto/sha1.c [deleted file]
contrib/hostapd/src/crypto/sha1.h [deleted file]
contrib/hostapd/src/crypto/sha1_i.h [deleted file]
contrib/hostapd/src/crypto/sha256-internal.c [deleted file]
contrib/hostapd/src/crypto/sha256-prf.c [deleted file]
contrib/hostapd/src/crypto/sha256-tlsprf.c [deleted file]
contrib/hostapd/src/crypto/sha256.c [deleted file]
contrib/hostapd/src/crypto/sha256.h [deleted file]
contrib/hostapd/src/crypto/sha256_i.h [deleted file]
contrib/hostapd/src/crypto/tls.h [deleted file]
contrib/hostapd/src/crypto/tls_gnutls.c [deleted file]
contrib/hostapd/src/crypto/tls_internal.c [deleted file]
contrib/hostapd/src/crypto/tls_none.c [deleted file]
contrib/hostapd/src/crypto/tls_nss.c [deleted file]
contrib/hostapd/src/crypto/tls_openssl.c [deleted file]
contrib/hostapd/src/crypto/tls_schannel.c [deleted file]
contrib/hostapd/src/drivers/android_drv.h [deleted file]
contrib/hostapd/src/drivers/driver.h [deleted file]
contrib/hostapd/src/drivers/driver_atheros.c [deleted file]
contrib/hostapd/src/drivers/driver_bsd.c [deleted file]
contrib/hostapd/src/drivers/driver_common.c [deleted file]
contrib/hostapd/src/drivers/driver_hostap.c [deleted file]
contrib/hostapd/src/drivers/driver_hostap.h [deleted file]
contrib/hostapd/src/drivers/driver_madwifi.c [deleted file]
contrib/hostapd/src/drivers/driver_ndis.c [deleted file]
contrib/hostapd/src/drivers/driver_ndis.h [deleted file]
contrib/hostapd/src/drivers/driver_ndis_.c [deleted file]
contrib/hostapd/src/drivers/driver_nl80211.c [deleted file]
contrib/hostapd/src/drivers/driver_none.c [deleted file]
contrib/hostapd/src/drivers/driver_openbsd.c [deleted file]
contrib/hostapd/src/drivers/driver_privsep.c [deleted file]
contrib/hostapd/src/drivers/driver_roboswitch.c [deleted file]
contrib/hostapd/src/drivers/driver_test.c [deleted file]
contrib/hostapd/src/drivers/driver_wext.c [deleted file]
contrib/hostapd/src/drivers/driver_wext.h [deleted file]
contrib/hostapd/src/drivers/driver_wired.c [deleted file]
contrib/hostapd/src/drivers/drivers.c [deleted file]
contrib/hostapd/src/drivers/linux_ioctl.c [deleted file]
contrib/hostapd/src/drivers/linux_ioctl.h [deleted file]
contrib/hostapd/src/drivers/linux_wext.h [deleted file]
contrib/hostapd/src/drivers/ndis_events.c [deleted file]
contrib/hostapd/src/drivers/netlink.c [deleted file]
contrib/hostapd/src/drivers/netlink.h [deleted file]
contrib/hostapd/src/drivers/nl80211_copy.h [deleted file]
contrib/hostapd/src/drivers/priv_netlink.h [deleted file]
contrib/hostapd/src/drivers/rfkill.c [deleted file]
contrib/hostapd/src/drivers/rfkill.h [deleted file]
contrib/hostapd/src/eap_common/chap.c [deleted file]
contrib/hostapd/src/eap_common/chap.h [deleted file]
contrib/hostapd/src/eap_common/eap_common.c [deleted file]
contrib/hostapd/src/eap_common/eap_common.h [deleted file]
contrib/hostapd/src/eap_common/eap_defs.h [deleted file]
contrib/hostapd/src/eap_common/eap_eke_common.c [deleted file]
contrib/hostapd/src/eap_common/eap_eke_common.h [deleted file]
contrib/hostapd/src/eap_common/eap_fast_common.c [deleted file]
contrib/hostapd/src/eap_common/eap_fast_common.h [deleted file]
contrib/hostapd/src/eap_common/eap_gpsk_common.c [deleted file]
contrib/hostapd/src/eap_common/eap_gpsk_common.h [deleted file]
contrib/hostapd/src/eap_common/eap_ikev2_common.c [deleted file]
contrib/hostapd/src/eap_common/eap_ikev2_common.h [deleted file]
contrib/hostapd/src/eap_common/eap_pax_common.c [deleted file]
contrib/hostapd/src/eap_common/eap_pax_common.h [deleted file]
contrib/hostapd/src/eap_common/eap_peap_common.c [deleted file]
contrib/hostapd/src/eap_common/eap_peap_common.h [deleted file]
contrib/hostapd/src/eap_common/eap_psk_common.c [deleted file]
contrib/hostapd/src/eap_common/eap_psk_common.h [deleted file]
contrib/hostapd/src/eap_common/eap_pwd_common.c [deleted file]
contrib/hostapd/src/eap_common/eap_pwd_common.h [deleted file]
contrib/hostapd/src/eap_common/eap_sake_common.c [deleted file]
contrib/hostapd/src/eap_common/eap_sake_common.h [deleted file]
contrib/hostapd/src/eap_common/eap_sim_common.c [deleted file]
contrib/hostapd/src/eap_common/eap_sim_common.h [deleted file]
contrib/hostapd/src/eap_common/eap_tlv_common.h [deleted file]
contrib/hostapd/src/eap_common/eap_ttls.h [deleted file]
contrib/hostapd/src/eap_common/eap_wsc_common.c [deleted file]
contrib/hostapd/src/eap_common/eap_wsc_common.h [deleted file]
contrib/hostapd/src/eap_common/ikev2_common.c [deleted file]
contrib/hostapd/src/eap_common/ikev2_common.h [deleted file]
contrib/hostapd/src/eap_peer/eap.c [deleted file]
contrib/hostapd/src/eap_peer/eap.h [deleted file]
contrib/hostapd/src/eap_peer/eap_aka.c [deleted file]
contrib/hostapd/src/eap_peer/eap_config.h [deleted file]
contrib/hostapd/src/eap_peer/eap_eke.c [deleted file]
contrib/hostapd/src/eap_peer/eap_fast.c [deleted file]
contrib/hostapd/src/eap_peer/eap_fast_pac.c [deleted file]
contrib/hostapd/src/eap_peer/eap_fast_pac.h [deleted file]
contrib/hostapd/src/eap_peer/eap_gpsk.c [deleted file]
contrib/hostapd/src/eap_peer/eap_gtc.c [deleted file]
contrib/hostapd/src/eap_peer/eap_i.h [deleted file]
contrib/hostapd/src/eap_peer/eap_ikev2.c [deleted file]
contrib/hostapd/src/eap_peer/eap_leap.c [deleted file]
contrib/hostapd/src/eap_peer/eap_md5.c [deleted file]
contrib/hostapd/src/eap_peer/eap_methods.c [deleted file]
contrib/hostapd/src/eap_peer/eap_methods.h [deleted file]
contrib/hostapd/src/eap_peer/eap_mschapv2.c [deleted file]
contrib/hostapd/src/eap_peer/eap_otp.c [deleted file]
contrib/hostapd/src/eap_peer/eap_pax.c [deleted file]
contrib/hostapd/src/eap_peer/eap_peap.c [deleted file]
contrib/hostapd/src/eap_peer/eap_proxy.h [deleted file]
contrib/hostapd/src/eap_peer/eap_proxy_dummy.c [deleted file]
contrib/hostapd/src/eap_peer/eap_psk.c [deleted file]
contrib/hostapd/src/eap_peer/eap_pwd.c [deleted file]
contrib/hostapd/src/eap_peer/eap_sake.c [deleted file]
contrib/hostapd/src/eap_peer/eap_sim.c [deleted file]
contrib/hostapd/src/eap_peer/eap_tls.c [deleted file]
contrib/hostapd/src/eap_peer/eap_tls_common.c [deleted file]
contrib/hostapd/src/eap_peer/eap_tls_common.h [deleted file]
contrib/hostapd/src/eap_peer/eap_tnc.c [deleted file]
contrib/hostapd/src/eap_peer/eap_ttls.c [deleted file]
contrib/hostapd/src/eap_peer/eap_vendor_test.c [deleted file]
contrib/hostapd/src/eap_peer/eap_wsc.c [deleted file]
contrib/hostapd/src/eap_peer/ikev2.c [deleted file]
contrib/hostapd/src/eap_peer/ikev2.h [deleted file]
contrib/hostapd/src/eap_peer/mschapv2.c [deleted file]
contrib/hostapd/src/eap_peer/mschapv2.h [deleted file]
contrib/hostapd/src/eap_peer/tncc.c [deleted file]
contrib/hostapd/src/eap_peer/tncc.h [deleted file]
contrib/hostapd/src/eap_server/eap.h [deleted file]
contrib/hostapd/src/eap_server/eap_i.h [deleted file]
contrib/hostapd/src/eap_server/eap_methods.h [deleted file]
contrib/hostapd/src/eap_server/eap_server.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_aka.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_eke.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_fast.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_gpsk.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_gtc.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_identity.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_ikev2.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_md5.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_methods.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_mschapv2.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_pax.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_peap.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_psk.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_pwd.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_sake.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_sim.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_tls.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_tls_common.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_tnc.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_ttls.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_vendor_test.c [deleted file]
contrib/hostapd/src/eap_server/eap_server_wsc.c [deleted file]
contrib/hostapd/src/eap_server/eap_sim_db.c [deleted file]
contrib/hostapd/src/eap_server/eap_sim_db.h [deleted file]
contrib/hostapd/src/eap_server/eap_tls_common.h [deleted file]
contrib/hostapd/src/eap_server/ikev2.c [deleted file]
contrib/hostapd/src/eap_server/ikev2.h [deleted file]
contrib/hostapd/src/eap_server/tncs.c [deleted file]
contrib/hostapd/src/eap_server/tncs.h [deleted file]
contrib/hostapd/src/eapol_auth/eapol_auth_dump.c [deleted file]
contrib/hostapd/src/eapol_auth/eapol_auth_sm.c [deleted file]
contrib/hostapd/src/eapol_auth/eapol_auth_sm.h [deleted file]
contrib/hostapd/src/eapol_auth/eapol_auth_sm_i.h [deleted file]
contrib/hostapd/src/eapol_supp/eapol_supp_sm.c [deleted file]
contrib/hostapd/src/eapol_supp/eapol_supp_sm.h [deleted file]
contrib/hostapd/src/l2_packet/l2_packet.h [deleted file]
contrib/hostapd/src/l2_packet/l2_packet_freebsd.c [deleted file]
contrib/hostapd/src/l2_packet/l2_packet_linux.c [deleted file]
contrib/hostapd/src/l2_packet/l2_packet_ndis.c [deleted file]
contrib/hostapd/src/l2_packet/l2_packet_none.c [deleted file]
contrib/hostapd/src/l2_packet/l2_packet_pcap.c [deleted file]
contrib/hostapd/src/l2_packet/l2_packet_privsep.c [deleted file]
contrib/hostapd/src/l2_packet/l2_packet_winpcap.c [deleted file]
contrib/hostapd/src/p2p/p2p.c [deleted file]
contrib/hostapd/src/p2p/p2p.h [deleted file]
contrib/hostapd/src/p2p/p2p_build.c [deleted file]
contrib/hostapd/src/p2p/p2p_dev_disc.c [deleted file]
contrib/hostapd/src/p2p/p2p_go_neg.c [deleted file]
contrib/hostapd/src/p2p/p2p_group.c [deleted file]
contrib/hostapd/src/p2p/p2p_i.h [deleted file]
contrib/hostapd/src/p2p/p2p_invitation.c [deleted file]
contrib/hostapd/src/p2p/p2p_parse.c [deleted file]
contrib/hostapd/src/p2p/p2p_pd.c [deleted file]
contrib/hostapd/src/p2p/p2p_sd.c [deleted file]
contrib/hostapd/src/p2p/p2p_utils.c [deleted file]
contrib/hostapd/src/radius/radius.c [deleted file]
contrib/hostapd/src/radius/radius.h [deleted file]
contrib/hostapd/src/radius/radius_client.c [deleted file]
contrib/hostapd/src/radius/radius_client.h [deleted file]
contrib/hostapd/src/radius/radius_das.c [deleted file]
contrib/hostapd/src/radius/radius_das.h [deleted file]
contrib/hostapd/src/radius/radius_server.c [deleted file]
contrib/hostapd/src/radius/radius_server.h [deleted file]
contrib/hostapd/src/rsn_supp/peerkey.c [deleted file]
contrib/hostapd/src/rsn_supp/peerkey.h [deleted file]
contrib/hostapd/src/rsn_supp/pmksa_cache.c [deleted file]
contrib/hostapd/src/rsn_supp/pmksa_cache.h [deleted file]
contrib/hostapd/src/rsn_supp/preauth.c [deleted file]
contrib/hostapd/src/rsn_supp/preauth.h [deleted file]
contrib/hostapd/src/rsn_supp/tdls.c [deleted file]
contrib/hostapd/src/rsn_supp/wpa.c [deleted file]
contrib/hostapd/src/rsn_supp/wpa.h [deleted file]
contrib/hostapd/src/rsn_supp/wpa_ft.c [deleted file]
contrib/hostapd/src/rsn_supp/wpa_i.h [deleted file]
contrib/hostapd/src/rsn_supp/wpa_ie.c [deleted file]
contrib/hostapd/src/rsn_supp/wpa_ie.h [deleted file]
contrib/hostapd/src/tls/asn1.c [deleted file]
contrib/hostapd/src/tls/asn1.h [deleted file]
contrib/hostapd/src/tls/bignum.c [deleted file]
contrib/hostapd/src/tls/bignum.h [deleted file]
contrib/hostapd/src/tls/libtommath.c [deleted file]
contrib/hostapd/src/tls/pkcs1.c [deleted file]
contrib/hostapd/src/tls/pkcs1.h [deleted file]
contrib/hostapd/src/tls/pkcs5.c [deleted file]
contrib/hostapd/src/tls/pkcs5.h [deleted file]
contrib/hostapd/src/tls/pkcs8.c [deleted file]
contrib/hostapd/src/tls/pkcs8.h [deleted file]
contrib/hostapd/src/tls/rsa.c [deleted file]
contrib/hostapd/src/tls/rsa.h [deleted file]
contrib/hostapd/src/tls/tlsv1_client.c [deleted file]
contrib/hostapd/src/tls/tlsv1_client.h [deleted file]
contrib/hostapd/src/tls/tlsv1_client_i.h [deleted file]
contrib/hostapd/src/tls/tlsv1_client_read.c [deleted file]
contrib/hostapd/src/tls/tlsv1_client_write.c [deleted file]
contrib/hostapd/src/tls/tlsv1_common.c [deleted file]
contrib/hostapd/src/tls/tlsv1_common.h [deleted file]
contrib/hostapd/src/tls/tlsv1_cred.c [deleted file]
contrib/hostapd/src/tls/tlsv1_cred.h [deleted file]
contrib/hostapd/src/tls/tlsv1_record.c [deleted file]
contrib/hostapd/src/tls/tlsv1_record.h [deleted file]
contrib/hostapd/src/tls/tlsv1_server.c [deleted file]
contrib/hostapd/src/tls/tlsv1_server.h [deleted file]
contrib/hostapd/src/tls/tlsv1_server_i.h [deleted file]
contrib/hostapd/src/tls/tlsv1_server_read.c [deleted file]
contrib/hostapd/src/tls/tlsv1_server_write.c [deleted file]
contrib/hostapd/src/tls/x509v3.c [deleted file]
contrib/hostapd/src/tls/x509v3.h [deleted file]
contrib/hostapd/src/utils/base64.c [deleted file]
contrib/hostapd/src/utils/base64.h [deleted file]
contrib/hostapd/src/utils/bitfield.c [deleted file]
contrib/hostapd/src/utils/bitfield.h [deleted file]
contrib/hostapd/src/utils/build_config.h [deleted file]
contrib/hostapd/src/utils/common.c [deleted file]
contrib/hostapd/src/utils/common.h [deleted file]
contrib/hostapd/src/utils/edit.c [deleted file]
contrib/hostapd/src/utils/edit.h [deleted file]
contrib/hostapd/src/utils/edit_readline.c [deleted file]
contrib/hostapd/src/utils/edit_simple.c [deleted file]
contrib/hostapd/src/utils/eloop.c [deleted file]
contrib/hostapd/src/utils/eloop.h [deleted file]
contrib/hostapd/src/utils/eloop_win.c [deleted file]
contrib/hostapd/src/utils/ext_password.c [deleted file]
contrib/hostapd/src/utils/ext_password.h [deleted file]
contrib/hostapd/src/utils/ext_password_i.h [deleted file]
contrib/hostapd/src/utils/ext_password_test.c [deleted file]
contrib/hostapd/src/utils/includes.h [deleted file]
contrib/hostapd/src/utils/ip_addr.c [deleted file]
contrib/hostapd/src/utils/ip_addr.h [deleted file]
contrib/hostapd/src/utils/list.h [deleted file]
contrib/hostapd/src/utils/os.h [deleted file]
contrib/hostapd/src/utils/os_internal.c [deleted file]
contrib/hostapd/src/utils/os_none.c [deleted file]
contrib/hostapd/src/utils/os_unix.c [deleted file]
contrib/hostapd/src/utils/os_win32.c [deleted file]
contrib/hostapd/src/utils/pcsc_funcs.c [deleted file]
contrib/hostapd/src/utils/pcsc_funcs.h [deleted file]
contrib/hostapd/src/utils/radiotap.c [deleted file]
contrib/hostapd/src/utils/radiotap.h [deleted file]
contrib/hostapd/src/utils/radiotap_iter.h [deleted file]
contrib/hostapd/src/utils/state_machine.h [deleted file]
contrib/hostapd/src/utils/trace.c [deleted file]
contrib/hostapd/src/utils/trace.h [deleted file]
contrib/hostapd/src/utils/uuid.c [deleted file]
contrib/hostapd/src/utils/uuid.h [deleted file]
contrib/hostapd/src/utils/wpa_debug.c [deleted file]
contrib/hostapd/src/utils/wpa_debug.h [deleted file]
contrib/hostapd/src/utils/wpabuf.c [deleted file]
contrib/hostapd/src/utils/wpabuf.h [deleted file]
contrib/hostapd/src/wps/http.h [deleted file]
contrib/hostapd/src/wps/http_client.c [deleted file]
contrib/hostapd/src/wps/http_client.h [deleted file]
contrib/hostapd/src/wps/http_server.c [deleted file]
contrib/hostapd/src/wps/http_server.h [deleted file]
contrib/hostapd/src/wps/httpread.c [deleted file]
contrib/hostapd/src/wps/httpread.h [deleted file]
contrib/hostapd/src/wps/ndef.c [deleted file]
contrib/hostapd/src/wps/upnp_xml.c [deleted file]
contrib/hostapd/src/wps/upnp_xml.h [deleted file]
contrib/hostapd/src/wps/wps.c [deleted file]
contrib/hostapd/src/wps/wps.h [deleted file]
contrib/hostapd/src/wps/wps_attr_build.c [deleted file]
contrib/hostapd/src/wps/wps_attr_parse.c [deleted file]
contrib/hostapd/src/wps/wps_attr_parse.h [deleted file]
contrib/hostapd/src/wps/wps_attr_process.c [deleted file]
contrib/hostapd/src/wps/wps_common.c [deleted file]
contrib/hostapd/src/wps/wps_defs.h [deleted file]
contrib/hostapd/src/wps/wps_dev_attr.c [deleted file]
contrib/hostapd/src/wps/wps_dev_attr.h [deleted file]
contrib/hostapd/src/wps/wps_enrollee.c [deleted file]
contrib/hostapd/src/wps/wps_er.c [deleted file]
contrib/hostapd/src/wps/wps_er.h [deleted file]
contrib/hostapd/src/wps/wps_er_ssdp.c [deleted file]
contrib/hostapd/src/wps/wps_i.h [deleted file]
contrib/hostapd/src/wps/wps_registrar.c [deleted file]
contrib/hostapd/src/wps/wps_upnp.c [deleted file]
contrib/hostapd/src/wps/wps_upnp.h [deleted file]
contrib/hostapd/src/wps/wps_upnp_ap.c [deleted file]
contrib/hostapd/src/wps/wps_upnp_event.c [deleted file]
contrib/hostapd/src/wps/wps_upnp_i.h [deleted file]
contrib/hostapd/src/wps/wps_upnp_ssdp.c [deleted file]
contrib/hostapd/src/wps/wps_upnp_web.c [deleted file]
contrib/hostapd/src/wps/wps_validate.c [deleted file]

diff --git a/contrib/hostapd/COPYING b/contrib/hostapd/COPYING
deleted file mode 100644 (file)
index 8a98582..0000000
+++ /dev/null
@@ -1,22 +0,0 @@
-wpa_supplicant and hostapd
---------------------------
-
-Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> and contributors
-All Rights Reserved.
-
-
-See the README file for the current license terms.
-
-This software was previously distributed under BSD/GPL v2 dual license
-terms that allowed either of those license alternatives to be
-selected. As of February 11, 2012, the project has chosen to use only
-the BSD license option for future distribution. As such, the GPL v2
-license option is no longer used. It should be noted that the BSD
-license option (the one with advertisement clause removed) is compatible
-with GPL and as such, does not prevent use of this software in projects
-that use GPL.
-
-Some of the files may still include pointers to GPL version 2 license
-terms. However, such copyright and license notifications are maintained
-only for attribution purposes and any distribution of this software
-after February 11, 2012 is no longer under the GPL v2 option.
diff --git a/contrib/hostapd/README b/contrib/hostapd/README
deleted file mode 100644 (file)
index 8de14a6..0000000
+++ /dev/null
@@ -1,56 +0,0 @@
-wpa_supplicant and hostapd
---------------------------
-
-Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi> and contributors
-All Rights Reserved.
-
-These programs are licensed under the BSD license (the one with
-advertisement clause removed).
-
-If you are submitting changes to the project, please see CONTRIBUTIONS
-file for more instructions.
-
-
-This package may include either wpa_supplicant, hostapd, or both. See
-README file respective subdirectories (wpa_supplicant/README or
-hostapd/README) for more details.
-
-Source code files were moved around in v0.6.x releases and compared to
-earlier releases, the programs are now built by first going to a
-subdirectory (wpa_supplicant or hostapd) and creating build
-configuration (.config) and running 'make' there (for Linux/BSD/cygwin
-builds).
-
-
-License
--------
-
-This software may be distributed, used, and modified under the terms of
-BSD license:
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-3. Neither the name(s) of the above-listed copyright holder(s) nor the
-   names of its contributors may be used to endorse or promote products
-   derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/contrib/hostapd/README.DELETED b/contrib/hostapd/README.DELETED
deleted file mode 100644 (file)
index c2a92d4..0000000
+++ /dev/null
@@ -1,47 +0,0 @@
-hostapd/Android.mk
-hostapd/Makefile
-hostapd/android.config
-hostapd/defconfig
-hostapd/eap_testing.txt
-hostapd/hlr_auc_gw.c
-hostapd/hlr_auc_gw.milenage_db
-hostapd/hostapd.8
-hostapd/hostapd.accept
-hostapd/hostapd.conf
-hostapd/hostapd.deny
-hostapd/hostapd.eap_user
-hostapd/hostapd.eap_user_sqlite
-hostapd/hostapd.radius_clients
-hostapd/hostapd.sim_db
-hostapd/hostapd.vlan
-hostapd/hostapd.wpa_psk
-hostapd/hostapd_cli.1
-hostapd/logwatch/
-hostapd/nt_password_hash.c
-hostapd/wired.conf
-hostapd/wps-ap-nfc.py
-src/Makefile
-src/ap/Makefile
-src/common/Makefile
-src/crypto/.gitignore
-src/crypto/Makefile
-src/drivers/.gitignore
-src/drivers/Makefile
-src/drivers/drivers.mak
-src/drivers/drivers.mk
-src/eap_common/Makefile
-src/eap_peer/Makefile
-src/eap_server/Makefile
-src/eapol_auth/Makefile
-src/eapol_supp/Makefile
-src/l2_packet/Makefile
-src/lib.rules
-src/p2p/Makefile
-src/radius/.gitignore
-src/radius/Makefile
-src/rsn_supp/Makefile
-src/tls/.gitignore
-src/tls/Makefile
-src/utils/.gitignore
-src/utils/Makefile
-src/wps/Makefile
diff --git a/contrib/hostapd/README.DRAGONFLY b/contrib/hostapd/README.DRAGONFLY
deleted file mode 100644 (file)
index 0d5224d..0000000
+++ /dev/null
@@ -1,17 +0,0 @@
-HOSTAPD 2.1
-===========
-
-This directory contains a selected set of files from hostapd-2.1.
-Original source can be downloaded from:
-
-       http://hostap.epitest.fi/hostapd/
-
-file = hostapd-2.1.tar.gz
-date = 23 May 2014
-size = 1490215
-sha1 = 5c1a1ead3ccf89bceb035bd6b5a6e516d44f4b2b
-
-
-The following files have been added or patched:
-===============================================
-       modified:   src/wps/wps_upnp.c
diff --git a/contrib/hostapd/hostapd/ChangeLog b/contrib/hostapd/hostapd/ChangeLog
deleted file mode 100644 (file)
index 5ef9676..0000000
+++ /dev/null
@@ -1,885 +0,0 @@
-ChangeLog for hostapd
-
-2014-02-04 - v2.1
-       * added support for simultaneous authentication of equals (SAE) for
-         stronger password-based authentication with WPA2-Personal
-       * added nl80211 functionality
-         - VHT configuration for nl80211
-         - support split wiphy dump
-         - driver-based MAC ACL
-         - QoS Mapping configuration
-       * added fully automated regression testing with mac80211_hwsim
-       * allow ctrl_iface group to be specified on command line (-G<group>)
-       * allow single hostapd process to control independent WPS interfaces
-         (wps_independent=1) instead of synchronized operations through all
-         configured interfaces within a process
-       * avoid processing received management frames multiple times when using
-         nl80211 with multiple BSSes
-       * added support for DFS (processing radar detection events, CAC, channel
-         re-selection)
-       * added EAP-EKE server
-       * added automatic channel selection (ACS)
-       * added option for using per-BSS (vif) configuration files with
-         -b<phyname>:<config file name>
-       * extended global control interface ADD/REMOVE commands to allow BSSes
-         of a radio to be removed individually without having to add/remove all
-         other BSSes of the radio at the same time
-       * added support for sending debug info to Linux tracing (-T on command
-         line)
-       * replace dump_file functionality with same information being available
-         through the hostapd control interface
-       * added support for using Protected Dual of Public Action frames for
-         GAS/ANQP exchanges when PMF is enabled
-       * added support for WPS+NFC updates
-         - improved protocol
-         - option to fetch and report alternative carrier records for external
-           NFC operations
-       * various bug fixes
-
-2013-01-12 - v2.0
-       * added AP-STA-DISCONNECTED ctrl_iface event
-       * improved debug logging (human readable event names, interface name
-         included in more entries)
-       * added number of small changes to make it easier for static analyzers
-         to understand the implementation
-       * added a workaround for Windows 7 Michael MIC failure reporting and
-         use of the Secure bit in EAPOL-Key msg 3/4
-       * fixed number of small bugs (see git logs for more details)
-       * changed OpenSSL to read full certificate chain from server_cert file
-       * nl80211: number of updates to use new cfg80211/nl80211 functionality
-         - replace monitor interface with nl80211 commands
-         - additional information for driver-based AP SME
-       * EAP-pwd:
-         - fix KDF for group 21 and zero-padding
-         - added support for fragmentation
-         - increased maximum number of hunting-and-pecking iterations
-       * avoid excessive Probe Response retries for broadcast Probe Request
-         frames (only with drivers using hostapd SME/MLME)
-       * added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
-       * fixed WPS operation stopping on dual concurrent AP
-       * added wps_rf_bands configuration parameter for overriding RF Bands
-         value for WPS
-       * added support for getting per-device PSK from RADIUS Tunnel-Password
-       * added support for libnl 3.2 and newer
-       * increased initial group key handshake retransmit timeout to 500 ms
-       * added a workaround for 4-way handshake to update SNonce even after
-         having sent EAPOL-Key 3/4 to avoid issues with some supplicant
-         implementations that can change SNonce for each EAP-Key 2/4
-       * added a workaround for EAPOL-Key 4/4 using incorrect type value in
-         WPA2 mode (some deployed stations use WPA type in that message)
-       * added a WPS workaround for mixed mode AP Settings with Windows 7
-       * changed WPS AP PIN disabling mechanism to disable the PIN after 10
-         consecutive failures in addition to using the exponential lockout
-         period
-       * added support for WFA Hotspot 2.0
-         - GAS/ANQP advertisement of network information
-         - disable_dgaf parameter to disable downstream group-addressed
-           forwarding
-       * simplified licensing terms by selecting the BSD license as the only
-         alternative
-       * EAP-SIM: fixed re-authentication not to update pseudonym
-       * EAP-SIM: use Notification round before EAP-Failure
-       * EAP-AKA: added support for AT_COUNTER_TOO_SMALL
-       * EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
-       * EAP-AKA': fixed identity for MK derivation
-       * EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
-         breaks interoperability with older versions
-       * EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
-       * changed ANonce to be a random number instead of Counter-based
-       * added support for canceling WPS operations with hostapd_cli wps_cancel
-       * fixed EAP/WPS to PSK transition on reassociation in cases where
-         deauthentication is missed
-       * hlr_auc_gw enhancements:
-         - a new command line parameter -u can be used to enable updating of
-           SQN in Milenage file
-         - use 5 bit IND for SQN updates
-         - SQLite database can now be used to store Milenage information
-       * EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
-         and reauth data
-       * added support for Chargeable-User-Identity (RFC 4372)
-       * added radius_auth_req_attr and radius_acct_req_attr configuration
-         parameters to allow adding/overriding of RADIUS attributes in
-         Access-Request and Accounting-Request packets
-       * added support for RADIUS dynamic authorization server (RFC 5176)
-       * added initial support for WNM operations
-         - BSS max idle period
-         - WNM-Sleep Mode
-       * added new WPS NFC ctrl_iface mechanism
-         - removed obsoleted WPS_OOB command (including support for deprecated
-           UFD config_method)
-       * added FT support for drivers that implement MLME internally
-       * added SA Query support for drivers that implement MLME internally
-       * removed default ACM=1 from AC_VO and AC_VI
-       * changed VENDOR-TEST EAP method to use proper private enterprise number
-         (this will not interoperate with older versions)
-       * added hostapd.conf parameter vendor_elements to allow arbitrary vendor
-         specific elements to be added to the Beacon and Probe Response frames
-       * added support for configuring GCMP cipher for IEEE 802.11ad
-       * added support for 256-bit AES with internal TLS implementation
-       * changed EAPOL transmission to use AC_VO if WMM is active
-       * fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
-         correctly; invalid messages could have caused the hostapd process to
-         terminate before this fix [CVE-2012-4445]
-       * limit number of active wildcard PINs for WPS Registrar to one to avoid
-         confusing behavior with multiple wildcard PINs
-       * added a workaround for WPS PBC session overlap detection to avoid
-         interop issues with deployed station implementations that do not
-         remove active PBC indication from Probe Request frames properly
-       * added support for using SQLite for the eap_user database
-       * added Acct-Session-Id attribute into Access-Request messages
-       * fixed EAPOL frame transmission to non-QoS STAs with nl80211
-         (do not send QoS frames if the STA did not negotiate use of QoS for
-         this association)
-
-2012-05-10 - v1.0
-       * Add channel selection support in hostapd. See hostapd.conf.
-       * Add support for IEEE 802.11v Time Advertisement mechanism with UTC
-         TSF offset. See hostapd.conf for config info.
-       * Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
-         This allows the driver to use PS buffering of Deauthentication and
-         Disassociation frames when the STA is in power save sleep. Only
-         available with drivers that provide TX status events for Deauth/
-         Disassoc frames (nl80211).
-       * Allow PMKSA caching to be disabled on the Authenticator. See
-         hostap.conf config parameter disable_pmksa_caching.
-       * atheros: Add support for IEEE 802.11w configuration.
-       * bsd: Add support for setting HT values in IFM_MMASK.
-       * Allow client isolation to be configured with ap_isolate. Client
-         isolation can be used to prevent low-level bridging of frames
-         between associated stations in the BSS. By default, this bridging
-         is allowed.
-       * Allow coexistance of HT BSSes with WEP/TKIP BSSes.
-       * Add require_ht config parameter, which can be used to configure
-         hostapd to reject association with any station that does not support
-         HT PHY.
-       * Add support for writing debug log to a file using "-f" option. Also
-         add relog CLI command to re-open the log file.
-       * Add bridge handling for WDS STA interfaces. By default they are
-         added to the configured bridge of the AP interface (if present),
-         but the user can also specify a separate bridge using cli command
-         wds_bridge.
-       * hostapd_cli:
-         - Add wds_bridge command for specifying bridge for WDS STA
-           interfaces.
-         - Add relog command for reopening log file.
-         - Send AP-STA-DISCONNECTED event when an AP disconnects a station
-           due to inactivity.
-         - Add wps_config ctrl_interface command for configuring AP. This
-           command can be used to configure the AP using the internal WPS
-           registrar. It works in the same way as new AP settings received
-           from an ER.
-         - Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
-         - Add command get version, that returns hostapd version string.
-       * WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
-         Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
-         notification to the STA.
-       * Allow AP mode to disconnect STAs based on low ACK condition (when
-         the data connection is not working properly, e.g., due to the STA
-         going outside the range of the AP). Disabled by default, enable by
-         config option disassoc_low_ack.
-       * Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
-         config file.
-       * WPS:
-         - Send AP Settings as a wrapped Credential attribute to ctrl_iface
-           in WPS-NEW-AP-SETTINGS.
-         - Dispatch more WPS events through hostapd ctrl_iface.
-         - Add mechanism for indicating non-standard WPS errors.
-         - Change concurrent radio AP to use only one WPS UPnP instance.
-         - Add wps_check_pin command for processing PIN from user input.
-           UIs can use this command to process a PIN entered by a user and to
-           validate the checksum digit (if present).
-         - Add hostap_cli get_config command to display current AP config.
-         - Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
-           runtime and support dynamic AP PIN management.
-         - Disable AP PIN after 10 consecutive failures. Slow down attacks
-           on failures up to 10.
-         - Allow AP to start in Enrollee mode without AP PIN for probing,
-           to be compatible with Windows 7.
-         - Add Config Error into WPS-FAIL events to provide more info
-           to the user on how to resolve the issue.
-         - When controlling multiple interfaces:
-            - apply WPS commands to all interfaces configured to use WPS
-            - apply WPS config changes to all interfaces that use WPS
-            - when an attack is detected on any interface, disable AP PIN on
-              all interfaces
-       * WPS ER:
-         - Show SetSelectedRegistrar events as ctrl_iface events.
-         - Add special AP Setup Locked mode to allow read only ER.
-           ap_setup_locked=2 can now be used to enable a special mode where
-           WPS ER can learn the current AP settings, but cannot change them.
-       * WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
-         - Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
-           for testing protocol extensibility.
-         - Add build option CONFIG_WPS_STRICT to allow disabling of WPS
-           workarounds.
-         - Add support for AuthorizedMACs attribute.
-       * TDLS:
-         - Allow TDLS use or TDLS channel switching in the BSS to be
-           prohibited in the BSS, using config params tdls_prohibit and
-           tdls_prohibit_chan_switch.
-       * EAP server: Add support for configuring fragment size (see
-         fragment_size in hostapd.conf).
-       * wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
-         wlantest can be used to capture frames from a monitor interface
-         for realtime capturing or from pcap files for offline analysis.
-       * Interworking: Support added for 802.11u. Enable in .config with
-         CONFIG_INTERWORKING. See hostapd.conf for config parameters for
-         interworking.
-       * Android: Add build and runtime support for Android hostapd.
-       * Add a new debug message level for excessive information. Use
-         -ddd to enable.
-       * TLS: Add support for tls_disable_time_checks=1 in client mode.
-       * Internal TLS:
-         - Add support for TLS v1.1 (RFC 4346). Enable with build parameter
-           CONFIG_TLSV11.
-         - Add domainComponent parser for X.509 names
-       * Reorder some IEs to get closer to IEEE 802.11 standard. Move
-         WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
-         Move HT IEs to be later in (Re)Assoc Resp.
-       * Many bugfixes.
-
-2010-04-18 - v0.7.2
-       * fix WPS internal Registrar use when an external Registrar is also
-         active
-       * bsd: Cleaned up driver wrapper and added various low-level
-         configuration options
-       * TNC: fixed issues with fragmentation
-       * EAP-TNC: add Flags field into fragment acknowledgement (needed to
-         interoperate with other implementations; may potentially breaks
-         compatibility with older wpa_supplicant/hostapd versions)
-       * cleaned up driver wrapper API for multi-BSS operations
-       * nl80211: fix multi-BSS and VLAN operations
-       * fix number of issues with IEEE 802.11r/FT; this version is not
-         backwards compatible with old versions
-       * add SA Query Request processing in AP mode (IEEE 802.11w)
-       * fix IGTK PN in group rekeying (IEEE 802.11w)
-       * fix WPS PBC session overlap detection to use correct attribute
-       * hostapd_notif_Assoc() can now be called with all IEs to simplify
-         driver wrappers
-       * work around interoperability issue with some WPS External Registrar
-         implementations
-       * nl80211: fix WPS IE update
-       * hostapd_cli: add support for action script operations (run a script
-         on hostapd events)
-       * fix DH padding with internal crypto code (mainly, for WPS)
-       * fix WPS association with both WPS IE and WPA/RSN IE present with
-         driver wrappers that use hostapd MLME (e.g., nl80211)
-
-2010-01-16 - v0.7.1
-       * cleaned up driver wrapper API (struct wpa_driver_ops); the new API
-         is not fully backwards compatible, so out-of-tree driver wrappers
-         will need modifications
-       * cleaned up various module interfaces
-       * merge hostapd and wpa_supplicant developers' documentation into a
-         single document
-       * fixed HT Capabilities IE with nl80211 drivers
-       * moved generic AP functionality code into src/ap
-       * WPS: handle Selected Registrar as union of info from all Registrars
-       * remove obsolte Prism54.org driver wrapper
-       * added internal debugging mechanism with backtrace support and memory
-         allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
-       * EAP-FAST server: piggyback Phase 2 start with the end of Phase 1
-       * WPS: add support for dynamically selecting whether to provision the
-         PSK as an ASCII passphrase or PSK
-       * added support for WDS (4-address frame) mode with per-station virtual
-         interfaces (wds_sta=1 in config file; only supported with
-         driver=nl80211 for now)
-       * fixed WPS Probe Request processing to handle missing required
-         attribute
-       * fixed PKCS#12 use with OpenSSL 1.0.0
-       * detect bridge interface automatically so that bridge parameter in
-         hostapd.conf becomes optional (though, it may now be used to
-         automatically add then WLAN interface into a bridge with
-         driver=nl80211)
-
-2009-11-21 - v0.7.0
-       * increased hostapd_cli ping interval to 5 seconds and made this
-         configurable with a new command line options (-G<seconds>)
-       * driver_nl80211: use Linux socket filter to improve performance
-       * added support for external Registrars with WPS (UPnP transport)
-       * 802.11n: scan for overlapping BSSes before starting 20/40 MHz channel
-       * driver_nl80211: fixed STA accounting data collection (TX/RX bytes
-         reported correctly; TX/RX packets not yet available from kernel)
-       * added support for WPS USBA out-of-band mechanism with USB Flash
-         Drives (UFD) (CONFIG_WPS_UFD=y)
-       * fixed EAPOL/EAP reauthentication when using an external RADIUS
-         authentication server
-       * fixed TNC with EAP-TTLS
-       * fixed IEEE 802.11r key derivation function to match with the standard
-         (note: this breaks interoperability with previous version) [Bug 303]
-       * fixed SHA-256 based key derivation function to match with the
-         standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
-         (note: this breaks interoperability with previous version) [Bug 307]
-       * added number of code size optimizations to remove unnecessary
-         functionality from the program binary based on build configuration
-         (part of this automatic; part configurable with CONFIG_NO_* build
-         options)
-       * use shared driver wrapper files with wpa_supplicant
-       * driver_nl80211: multiple updates to provide support for new Linux
-         nl80211/mac80211 functionality
-       * updated management frame protection to use IEEE Std 802.11w-2009
-       * fixed number of small WPS issues and added workarounds to
-         interoperate with common deployed broken implementations
-       * added some IEEE 802.11n co-existence rules to disable 40 MHz channels
-         or modify primary/secondary channels if needed based on neighboring
-         networks
-       * added support for NFC out-of-band mechanism with WPS
-       * added preliminary support for IEEE 802.11r RIC processing
-
-2009-01-06 - v0.6.7
-       * added support for Wi-Fi Protected Setup (WPS)
-         (hostapd can now be configured to act as an integrated WPS Registrar
-         and provision credentials for WPS Enrollees using PIN and PBC
-         methods; external wireless Registrar can configure the AP, but
-         external WLAN Manager Registrars are not supported); WPS support can
-         be enabled by adding CONFIG_WPS=y into .config and setting the
-         runtime configuration variables in hostapd.conf (see WPS section in
-         the example configuration file); new hostapd_cli commands wps_pin and
-         wps_pbc are used to configure WPS negotiation; see README-WPS for
-         more details
-       * added IEEE 802.11n HT capability configuration (ht_capab)
-       * added support for generating Country IE based on nl80211 regulatory
-         information (added if ieee80211d=1 in configuration)
-       * fixed WEP authentication (both Open System and Shared Key) with
-         mac80211
-       * added support for EAP-AKA' (draft-arkko-eap-aka-kdf)
-       * added support for using driver_test over UDP socket
-       * changed EAP-GPSK to use the IANA assigned EAP method type 51
-       * updated management frame protection to use IEEE 802.11w/D7.0
-       * fixed retransmission of EAP requests if no response is received
-
-2008-11-23 - v0.6.6
-       * added a new configuration option, wpa_ptk_rekey, that can be used to
-         enforce frequent PTK rekeying, e.g., to mitigate some attacks against
-         TKIP deficiencies
-       * updated OpenSSL code for EAP-FAST to use an updated version of the
-         session ticket overriding API that was included into the upstream
-         OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is
-         needed with that version anymore)
-       * changed channel flags configuration to read the information from
-         the driver (e.g., via driver_nl80211 when using mac80211) instead of
-         using hostapd as the source of the regulatory information (i.e.,
-         information from CRDA is now used with mac80211); this allows 5 GHz
-         channels to be used with hostapd (if allowed in the current
-         regulatory domain)
-       * fixed EAP-TLS message processing for the last TLS message if it is
-         large enough to require fragmentation (e.g., if a large Session
-         Ticket data is included)
-       * fixed listen interval configuration for nl80211 drivers
-
-2008-11-01 - v0.6.5
-       * added support for SHA-256 as X.509 certificate digest when using the
-         internal X.509/TLSv1 implementation
-       * fixed EAP-FAST PAC-Opaque padding (0.6.4 broke this for some peer
-         identity lengths)
-       * fixed internal TLSv1 implementation for abbreviated handshake (used
-         by EAP-FAST server)
-       * added support for setting VLAN ID for STAs based on local MAC ACL
-         (accept_mac_file) as an alternative for RADIUS server-based
-         configuration
-       * updated management frame protection to use IEEE 802.11w/D6.0
-         (adds a new association ping to protect against unauthenticated
-         authenticate or (re)associate request frames dropping association)
-       * added support for using SHA256-based stronger key derivation for WPA2
-         (IEEE 802.11w)
-       * added new "driver wrapper" for RADIUS-only configuration
-         (driver=none in hostapd.conf; CONFIG_DRIVER_NONE=y in .config)
-       * fixed WPA/RSN IE validation to verify that the proto (WPA vs. WPA2)
-         is enabled in configuration
-       * changed EAP-FAST configuration to use separate fields for A-ID and
-         A-ID-Info (eap_fast_a_id_info) to allow A-ID to be set to a fixed
-         16-octet len binary value for better interoperability with some peer
-         implementations; eap_fast_a_id is now configured as a hex string
-       * driver_nl80211: Updated to match the current Linux mac80211 AP mode
-         configuration (wireless-testing.git and Linux kernel releases
-         starting from 2.6.29)
-
-2008-08-10 - v0.6.4
-       * added peer identity into EAP-FAST PAC-Opaque and skip Phase 2
-         Identity Request if identity is already known
-       * added support for EAP Sequences in EAP-FAST Phase 2
-       * added support for EAP-TNC (Trusted Network Connect)
-         (this version implements the EAP-TNC method and EAP-TTLS/EAP-FAST
-         changes needed to run two methods in sequence (IF-T) and the IF-IMV
-         and IF-TNCCS interfaces from TNCS)
-       * added support for optional cryptobinding with PEAPv0
-       * added fragmentation support for EAP-TNC
-       * added support for fragmenting EAP-TTLS/PEAP/FAST Phase 2 (tunneled)
-         data
-       * added support for opportunistic key caching (OKC)
-
-2008-02-22 - v0.6.3
-       * fixed Reassociation Response callback processing when using internal
-         MLME (driver_{hostap,nl80211,test}.c)
-       * updated FT support to use the latest draft, IEEE 802.11r/D9.0
-       * copy optional Proxy-State attributes into RADIUS response when acting
-         as a RADIUS authentication server
-       * fixed EAPOL state machine to handle a case in which no response is
-         received from the RADIUS authentication server; previous version
-         could have triggered a crash in some cases after a timeout
-       * fixed EAP-SIM/AKA realm processing to allow decorated usernames to
-         be used
-       * added a workaround for EAP-SIM/AKA peers that include incorrect null
-         termination in the username
-       * fixed EAP-SIM/AKA protected result indication to include AT_COUNTER
-         attribute in notification messages only when using fast
-         reauthentication
-       * fixed EAP-SIM Start response processing for fast reauthentication
-         case
-       * added support for pending EAP processing in EAP-{PEAP,TTLS,FAST}
-         phase 2 to allow EAP-SIM and EAP-AKA to be used as the Phase 2 method
-
-2008-01-01 - v0.6.2
-       * fixed EAP-SIM and EAP-AKA message parser to validate attribute
-         lengths properly to avoid potential crash caused by invalid messages
-       * added data structure for storing allocated buffers (struct wpabuf);
-         this does not affect hostapd usage, but many of the APIs changed
-         and various interfaces (e.g., EAP) is not compatible with old
-         versions
-       * added support for protecting EAP-AKA/Identity messages with
-         AT_CHECKCODE (optional feature in RFC 4187)
-       * added support for protected result indication with AT_RESULT_IND for
-         EAP-SIM and EAP-AKA (eap_sim_aka_result_ind=1)
-       * added support for configuring EAP-TTLS phase 2 non-EAP methods in
-         EAP server configuration; previously all four were enabled for every
-         phase 2 user, now all four are disabled by default and need to be
-         enabled with new method names TTLS-PAP, TTLS-CHAP, TTLS-MSCHAP,
-         TTLS-MSCHAPV2
-       * removed old debug printing mechanism and the related 'debug'
-         parameter in the configuration file; debug verbosity is now set with
-         -d (or -dd) command line arguments
-       * added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt);
-         only shared key/password authentication is supported in this version
-
-2007-11-24 - v0.6.1
-       * added experimental, integrated TLSv1 server implementation with the
-         needed X.509/ASN.1/RSA/bignum processing (this can be enabled by
-         setting CONFIG_TLS=internal and CONFIG_INTERNAL_LIBTOMMATH=y in
-         .config); this can be useful, e.g., if the target system does not
-         have a suitable TLS library and a minimal code size is required
-       * added support for EAP-FAST server method to the integrated EAP
-         server
-       * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
-         draft (draft-ietf-emu-eap-gpsk-07.txt)
-       * added a new configuration parameter, rsn_pairwise, to allow different
-         pairwise cipher suites to be enabled for WPA and RSN/WPA2
-         (note: if wpa_pairwise differs from rsn_pairwise, the driver will
-         either need to support this or will have to use the WPA/RSN IEs from
-         hostapd; currently, the included madwifi and bsd driver interfaces do
-         not have support for this)
-       * updated FT support to use the latest draft, IEEE 802.11r/D8.0
-
-2007-05-28 - v0.6.0
-       * added experimental IEEE 802.11r/D6.0 support
-       * updated EAP-SAKE to RFC 4763 and the IANA-allocated EAP type 48
-       * updated EAP-PSK to use the IANA-allocated EAP type 47
-       * fixed EAP-PSK bit ordering of the Flags field
-       * fixed configuration reloading (SIGHUP) to re-initialize WPA PSKs
-         by reading wpa_psk_file [Bug 181]
-       * fixed EAP-TTLS AVP parser processing for too short AVP lengths
-       * fixed IPv6 connection to RADIUS accounting server
-       * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
-         draft (draft-ietf-emu-eap-gpsk-04.txt)
-       * hlr_auc_gw: read GSM triplet file into memory and rotate through the
-         entries instead of only using the same three triplets every time
-         (this does not work properly with tests using multiple clients, but
-         provides bit better triplet data for testing a single client; anyway,
-         if a better quality triplets are needed, GSM-Milenage should be used
-         instead of hardcoded triplet file)
-       * fixed EAP-MSCHAPv2 server to use a space between S and M parameters
-         in Success Request [Bug 203]
-       * added support for sending EAP-AKA Notifications in error cases
-       * updated to use IEEE 802.11w/D2.0 for management frame protection
-         (still experimental)
-       * RADIUS server: added support for processing duplicate messages
-         (retransmissions from RADIUS client) by replying with the previous
-         reply
-
-2006-11-24 - v0.5.6
-       * added support for configuring and controlling multiple BSSes per
-         radio interface (bss=<ifname> in hostapd.conf); this is only
-         available with Devicescape and test driver interfaces
-       * fixed PMKSA cache update in the end of successful RSN
-         pre-authentication
-       * added support for dynamic VLAN configuration (i.e., selecting VLAN-ID
-         for each STA based on RADIUS Access-Accept attributes); this requires
-         VLAN support from the kernel driver/802.11 stack and this is
-         currently only available with Devicescape and test driver interfaces
-       * driver_madwifi: fixed configuration of unencrypted modes (plaintext
-         and IEEE 802.1X without WEP)
-       * removed STAKey handshake since PeerKey handshake has replaced it in
-         IEEE 802.11ma and there are no known deployments of STAKey
-       * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
-         draft (draft-ietf-emu-eap-gpsk-01.txt)
-       * added preliminary implementation of IEEE 802.11w/D1.0 (management
-         frame protection)
-         (Note: this requires driver support to work properly.)
-         (Note2: IEEE 802.11w is an unapproved draft and subject to change.)
-       * hlr_auc_gw: added support for GSM-Milenage (for EAP-SIM)
-       * hlr_auc_gw: added support for reading per-IMSI Milenage keys and
-         parameters from a text file to make it possible to implement proper
-         GSM/UMTS authentication server for multiple SIM/USIM cards using
-         EAP-SIM/EAP-AKA
-       * fixed session timeout processing with drivers that do not use
-         ieee802_11.c (e.g., madwifi)
-
-2006-08-27 - v0.5.5
-       * added 'hostapd_cli new_sta <addr>' command for adding a new STA into
-         hostapd (e.g., to initialize wired network authentication based on an
-         external signal)
-       * fixed hostapd to add PMKID KDE into 4-Way Handshake Message 1 when
-         using WPA2 even if PMKSA caching is not used
-       * added -P<pid file> argument for hostapd to write the current process
-         id into a file
-       * added support for RADIUS Authentication Server MIB (RFC 2619)
-
-2006-06-20 - v0.5.4
-       * fixed nt_password_hash build [Bug 144]
-       * added PeerKey handshake implementation for IEEE 802.11e
-         direct link setup (DLS) to replace STAKey handshake
-       * added support for EAP Generalized Pre-Shared Key (EAP-GPSK,
-         draft-clancy-emu-eap-shared-secret-00.txt)
-       * fixed a segmentation fault when RSN pre-authentication was completed
-         successfully [Bug 152]
-
-2006-04-27 - v0.5.3
-       * do not build nt_password_hash and hlr_auc_gw by default to avoid
-         requiring a TLS library for a successful build; these programs can be
-         build with 'make nt_password_hash' and 'make hlr_auc_gw'
-       * added a new configuration option, eapol_version, that can be used to
-         set EAPOL version to 1 (default is 2) to work around broken client
-         implementations that drop EAPOL frames which use version number 2
-         [Bug 89]
-       * added support for EAP-SAKE (no EAP method number allocated yet, so
-         this is using the same experimental type 255 as EAP-PSK)
-       * fixed EAP-MSCHAPv2 message length validation
-
-2006-03-19 - v0.5.2
-       * fixed stdarg use in hostapd_logger(): if both stdout and syslog
-         logging was enabled, hostapd could trigger a segmentation fault in
-         vsyslog on some CPU -- C library combinations
-       * moved HLR/AuC gateway implementation for EAP-SIM/AKA into an external
-         program to make it easier to use for implementing real SS7 gateway;
-         eap_sim_db is not anymore used as a file name for GSM authentication
-         triplets; instead, it is path to UNIX domain socket that will be used
-         to communicate with the external gateway program (e.g., hlr_auc_gw)
-       * added example HLR/AuC gateway implementation, hlr_auc_gw, that uses
-         local information (GSM authentication triplets from a text file and
-         hardcoded AKA authentication data); this can be used to test EAP-SIM
-         and EAP-AKA
-       * added Milenage algorithm (example 3GPP AKA algorithm) to hlr_auc_gw
-         to make it possible to test EAP-AKA with real USIM cards (this is
-         disabled by default; define AKA_USE_MILENAGE when building hlr_auc_gw
-         to enable this)
-       * driver_madwifi: added support for getting station RSN IE from
-         madwifi-ng svn r1453 and newer; this fixes RSN that was apparently
-         broken with earlier change (r1357) in the driver
-       * changed EAP method registration to use a dynamic list of methods
-         instead of a static list generated at build time
-       * fixed WPA message 3/4 not to encrypt Key Data field (WPA IE)
-         [Bug 125]
-       * added ap_max_inactivity configuration parameter
-
-2006-01-29 - v0.5.1
-       * driver_test: added better support for multiple APs and STAs by using
-         a directory with sockets that include MAC address for each device in
-         the name (test_socket=DIR:/tmp/test)
-       * added support for EAP expanded type (vendor specific EAP methods)
-
-2005-12-18 - v0.5.0 (beginning of 0.5.x development releases)
-       * added experimental STAKey handshake implementation for IEEE 802.11e
-         direct link setup (DLS); note: this is disabled by default in both
-         build and runtime configuration (can be enabled with CONFIG_STAKEY=y
-         and stakey=1)
-       * added support for EAP methods to use callbacks to external programs
-         by buffering a pending request and processing it after the EAP method
-         is ready to continue
-       * improved EAP-SIM database interface to allow external request to GSM
-         HLR/AuC without blocking hostapd process
-       * added support for using EAP-SIM pseudonyms and fast re-authentication
-       * added support for EAP-AKA in the integrated EAP authenticator
-       * added support for matching EAP identity prefixes (e.g., "1"*) in EAP
-         user database to allow EAP-SIM/AKA selection without extra roundtrip
-         for EAP-Nak negotiation
-       * added support for storing EAP user password as NtPasswordHash instead
-         of plaintext password when using MSCHAP or MSCHAPv2 for
-         authentication (hash:<16-octet hex value>); added nt_password_hash
-         tool for hashing password to generate NtPasswordHash
-
-2005-11-20 - v0.4.7 (beginning of 0.4.x stable releases)
-       * driver_wired: fixed EAPOL sending to optionally use PAE group address
-         as the destination instead of supplicant MAC address; this is
-         disabled by default, but should be enabled with use_pae_group_addr=1
-         in configuration file if the wired interface is used by only one
-         device at the time (common switch configuration)
-       * driver_madwifi: configure driver to use TKIP countermeasures in order
-         to get correct behavior (IEEE 802.11 association failing; previously,
-         association succeeded, but hostpad forced disassociation immediately)
-       * driver_madwifi: added support for madwifi-ng
-
-2005-10-27 - v0.4.6
-       * added support for replacing user identity from EAP with RADIUS
-         User-Name attribute from Access-Accept message, if that is included,
-         for the RADIUS accounting messages (e.g., for EAP-PEAP/TTLS to get
-         tunneled identity into accounting messages when the RADIUS server
-         does not support better way of doing this with Class attribute)
-       * driver_madwifi: fixed EAPOL packet receive for configuration where
-         ath# is part of a bridge interface
-       * added a configuration file and log analyzer script for logwatch
-       * fixed EAPOL state machine step function to process all state
-         transitions before processing new events; this resolves a race
-         condition in which EAPOL-Start message could trigger hostapd to send
-         two EAP-Response/Identity frames to the authentication server
-
-2005-09-25 - v0.4.5
-       * added client CA list to the TLS certificate request in order to make
-         it easier for the client to select which certificate to use
-       * added experimental support for EAP-PSK
-       * added support for WE-19 (hostap, madwifi)
-
-2005-08-21 - v0.4.4
-       * fixed build without CONFIG_RSN_PREAUTH
-       * fixed FreeBSD build
-
-2005-06-26 - v0.4.3
-       * fixed PMKSA caching to copy User-Name and Class attributes so that
-         RADIUS accounting gets correct information
-       * start RADIUS accounting only after successful completion of WPA
-         4-Way Handshake if WPA-PSK is used
-       * fixed PMKSA caching for the case where STA (re)associates without
-         first disassociating
-
-2005-06-12 - v0.4.2
-       * EAP-PAX is now registered as EAP type 46
-       * fixed EAP-PAX MAC calculation
-       * fixed EAP-PAX CK and ICK key derivation
-       * renamed eap_authenticator configuration variable to eap_server to
-         better match with RFC 3748 (EAP) terminology
-       * driver_test: added support for testing hostapd with wpa_supplicant
-         by using test driver interface without any kernel drivers or network
-         cards
-
-2005-05-22 - v0.4.1
-       * fixed RADIUS server initialization when only auth or acct server
-         is configured and the other one is left empty
-       * driver_madwifi: added support for RADIUS accounting
-       * driver_madwifi: added preliminary support for compiling against 'BSD'
-         branch of madwifi CVS tree
-       * driver_madwifi: fixed pairwise key removal to allow WPA reauth
-         without disassociation
-       * added support for reading additional certificates from PKCS#12 files
-         and adding them to the certificate chain
-       * fixed RADIUS Class attribute processing to only use Access-Accept
-         packets to update Class; previously, other RADIUS authentication
-         packets could have cleared Class attribute
-       * added support for more than one Class attribute in RADIUS packets
-       * added support for verifying certificate revocation list (CRL) when
-         using integrated EAP authenticator for EAP-TLS; new hostapd.conf
-         options 'check_crl'; CRL must be included in the ca_cert file for now
-
-2005-04-25 - v0.4.0 (beginning of 0.4.x development releases)
-       * added support for including network information into
-         EAP-Request/Identity message (ASCII-0 (nul) in eap_message)
-         (e.g., to implement draft-adrange-eap-network-discovery-07.txt)
-       * fixed a bug which caused some RSN pre-authentication cases to use
-         freed memory and potentially crash hostapd
-       * fixed private key loading for cases where passphrase is not set
-       * added support for sending TLS alerts and aborting authentication
-         when receiving a TLS alert
-       * fixed WPA2 to add PMKSA cache entry when using integrated EAP
-         authenticator
-       * fixed PMKSA caching (EAP authentication was not skipped correctly
-         with the new state machine changes from IEEE 802.1X draft)
-       * added support for RADIUS over IPv6; own_ip_addr, auth_server_addr,
-         and acct_server_addr can now be IPv6 addresses (CONFIG_IPV6=y needs
-         to be added to .config to include IPv6 support); for RADIUS server,
-         radius_server_ipv6=1 needs to be set in hostapd.conf and addresses
-         in RADIUS clients file can then use IPv6 format
-       * added experimental support for EAP-PAX
-       * replaced hostapd control interface library (hostapd_ctrl.[ch]) with
-         the same implementation that wpa_supplicant is using (wpa_ctrl.[ch])
-
-2005-02-12 - v0.3.7 (beginning of 0.3.x stable releases)
-
-2005-01-23 - v0.3.5
-       * added support for configuring a forced PEAP version based on the
-         Phase 1 identity
-       * fixed PEAPv1 to use tunneled EAP-Success/Failure instead of EAP-TLV
-         to terminate authentication
-       * fixed EAP identifier duplicate processing with the new IEEE 802.1X
-         draft
-       * clear accounting data in the driver when starting a new accounting
-         session
-       * driver_madwifi: filter wireless events based on ifindex to allow more
-         than one network interface to be used
-       * fixed WPA message 2/4 processing not to cancel timeout for TimeoutEvt
-         setting if the packet does not pass MIC verification (e.g., due to
-         incorrect PSK); previously, message 1/4 was not tried again if an
-         invalid message 2/4 was received
-       * fixed reconfiguration of RADIUS client retransmission timer when
-         adding a new message to the pending list; previously, timer was not
-         updated at this point and if there was a pending message with long
-         time for the next retry, the new message needed to wait that long for
-         its first retry, too
-
-2005-01-09 - v0.3.4
-       * added support for configuring multiple allowed EAP types for Phase 2
-         authentication (EAP-PEAP, EAP-TTLS)
-       * fixed EAPOL-Start processing to trigger WPA reauthentication
-         (previously, only EAPOL authentication was done)
-
-2005-01-02 - v0.3.3
-       * added support for EAP-PEAP in the integrated EAP authenticator
-       * added support for EAP-GTC in the integrated EAP authenticator
-       * added support for configuring list of EAP methods for Phase 1 so that
-         the integrated EAP authenticator can, e.g., use the wildcard entry
-         for EAP-TLS and EAP-PEAP
-       * added support for EAP-TTLS in the integrated EAP authenticator
-       * added support for EAP-SIM in the integrated EAP authenticator
-       * added support for using hostapd as a RADIUS authentication server
-         with the integrated EAP authenticator taking care of EAP
-         authentication (new hostapd.conf options: radius_server_clients and
-         radius_server_auth_port); this is not included in default build; use
-         CONFIG_RADIUS_SERVER=y in .config to include
-
-2004-12-19 - v0.3.2
-       * removed 'daemonize' configuration file option since it has not really
-         been used at all for more than year
-       * driver_madwifi: fixed group key setup and added get_ssid method
-       * added support for EAP-MSCHAPv2 in the integrated EAP authenticator
-
-2004-12-12 - v0.3.1
-       * added support for integrated EAP-TLS authentication (new hostapd.conf
-         variables: ca_cert, server_cert, private_key, private_key_passwd);
-         this enabled dynamic keying (WPA2/WPA/IEEE 802.1X/WEP) without
-         external RADIUS server
-       * added support for reading PKCS#12 (PFX) files (as a replacement for
-         PEM/DER) to get certificate and private key (CONFIG_PKCS12)
-
-2004-12-05 - v0.3.0 (beginning of 0.3.x development releases)
-       * added support for Acct-{Input,Output}-Gigawords
-       * added support for Event-Timestamp (in RADIUS Accounting-Requests)
-       * added support for RADIUS Authentication Client MIB (RFC2618)
-       * added support for RADIUS Accounting Client MIB (RFC2620)
-       * made EAP re-authentication period configurable (eap_reauth_period)
-       * fixed EAPOL reauthentication to trigger WPA/WPA2 reauthentication
-       * fixed EAPOL state machine to stop if STA is removed during
-         eapol_sm_step(); this fixes at least one segfault triggering bug with
-         IEEE 802.11i pre-authentication
-       * added support for multiple WPA pre-shared keys (e.g., one for each
-         client MAC address or keys shared by a group of clients);
-         new hostapd.conf field wpa_psk_file for setting path to a text file
-         containing PSKs, see hostapd.wpa_psk for an example
-       * added support for multiple driver interfaces to allow hostapd to be
-         used with other drivers
-       * added wired authenticator driver interface (driver=wired in
-         hostapd.conf, see wired.conf for example configuration)
-       * added madwifi driver interface (driver=madwifi in hostapd.conf, see
-         madwifi.conf for example configuration; Note: include files from
-         madwifi project is needed for building and a configuration file,
-         .config, needs to be created in hostapd directory with
-         CONFIG_DRIVER_MADWIFI=y to include this driver interface in hostapd
-         build)
-       * fixed an alignment issue that could cause SHA-1 to fail on some
-         platforms (e.g., Intel ixp425 with a compiler that does not 32-bit
-         align variables)
-       * fixed RADIUS reconnection after an error in sending interim
-         accounting packets
-       * added hostapd control interface for external programs and an example
-         CLI, hostapd_cli (like wpa_cli for wpa_supplicant)
-       * started adding dot11, dot1x, radius MIBs ('hostapd_cli mib',
-         'hostapd_cli sta <addr>')
-       * finished update from IEEE 802.1X-2001 to IEEE 802.1X-REV (now d11)
-       * added support for strict GTK rekeying (wpa_strict_rekey in
-         hostapd.conf)
-       * updated IAPP to use UDP port 3517 and multicast address 224.0.1.178
-         (instead of broadcast) for IAPP ADD-notify (moved from draft 3 to
-         IEEE 802.11F-2003)
-       * added Prism54 driver interface (driver=prism54 in hostapd.conf;
-         note: .config needs to be created in hostapd directory with
-         CONFIG_DRIVER_PRISM54=y to include this driver interface in hostapd
-         build)
-       * dual-licensed hostapd (GPLv2 and BSD licenses)
-       * fixed RADIUS accounting to generate a new session id for cases where
-         a station reassociates without first being complete deauthenticated
-       * fixed STA disassociation handler to mark next timeout state to
-         deauthenticate the station, i.e., skip long wait for inactivity poll
-         and extra disassociation, if the STA disassociates without
-         deauthenticating
-       * added integrated EAP authenticator that can be used instead of
-         external RADIUS authentication server; currently, only EAP-MD5 is
-         supported, so this cannot yet be used for key distribution; the EAP
-         method interface is generic, though, so adding new EAP methods should
-         be straightforward; new hostapd.conf variables: 'eap_authenticator'
-         and 'eap_user_file'; this obsoletes "minimal authentication server"
-         ('minimal_eap' in hostapd.conf) which is now removed
-       * added support for FreeBSD and driver interface for the BSD net80211
-         layer (driver=bsd in hostapd.conf and CONFIG_DRIVER_BSD=y in
-         .config); please note that some of the required kernel mods have not
-         yet been committed
-
-2004-07-17 - v0.2.4 (beginning of 0.2.x stable releases)
-       * fixed some accounting cases where Accounting-Start was sent when
-         IEEE 802.1X port was being deauthorized
-
-2004-06-20 - v0.2.3
-       * modified RADIUS client to re-connect the socket in case of certain
-         error codes that are generated when a network interface state is
-         changes (e.g., when IP address changes or the interface is set UP)
-       * fixed couple of cases where EAPOL state for a station was freed
-         twice causing a segfault for hostapd
-       * fixed couple of bugs in processing WPA deauthentication (freed data
-         was used)
-
-2004-05-31 - v0.2.2
-       * fixed WPA/WPA2 group rekeying to use key index correctly (GN/GM)
-       * fixed group rekeying to send zero TSC in EAPOL-Key messages to fix
-         cases where STAs dropped multicast frames as replay attacks
-       * added support for copying RADIUS Attribute 'Class' from
-         authentication messages into accounting messages
-       * send canned EAP failure if RADIUS server sends Access-Reject without
-         EAP message (previously, Supplicant was not notified in this case)
-       * fixed mixed WPA-PSK and WPA-EAP mode to work with WPA-PSK (i.e., do
-         not start EAPOL state machines if the STA selected to use WPA-PSK)
-
-2004-05-06 - v0.2.1
-       * added WPA and IEEE 802.11i/RSN (WPA2) Authenticator functionality
-         - based on IEEE 802.11i/D10.0 but modified to interoperate with WPA
-           (i.e., IEEE 802.11i/D3.0)
-         - supports WPA-only, RSN-only, and mixed WPA/RSN mode
-         - both WPA-PSK and WPA-RADIUS/EAP are supported
-         - PMKSA caching and pre-authentication
-         - new hostapd.conf variables: wpa, wpa_psk, wpa_passphrase,
-           wpa_key_mgmt, wpa_pairwise, wpa_group_rekey, wpa_gmk_rekey,
-           rsn_preauth, rsn_preauth_interfaces
-       * fixed interim accounting to remove any pending accounting messages
-         to the STA before sending a new one
-
-2004-02-15 - v0.2.0
-       * added support for Acct-Interim-Interval:
-         - draft-ietf-radius-acct-interim-01.txt
-         - use Acct-Interim-Interval attribute from Access-Accept if local
-           'radius_acct_interim_interval' is not set
-         - allow different update intervals for each STA
-       * fixed event loop to call signal handlers only after returning from
-         the real signal handler
-       * reset sta->timeout_next after successful association to make sure
-         that the previously registered inactivity timer will not remove the
-         STA immediately (e.g., if STA deauthenticates and re-associates
-         before the timer is triggered).
-       * added new hostapd.conf variable, nas_identifier, that can be used to
-         add an optional RADIUS Attribute, NAS-Identifier, into authentication
-         and accounting messages
-       * added support for Accounting-On and Accounting-Off messages
-       * fixed accounting session handling to send Accounting-Start only once
-         per session and not to send Accounting-Stop if the session was not
-         initialized properly
-       * fixed Accounting-Stop statistics in cases where the message was
-         previously sent after the kernel entry for the STA (and/or IEEE
-         802.1X data) was removed
-
-
-Note:
-
-Older changes up to and including v0.1.0 are included in the ChangeLog
-of the Host AP driver.
diff --git a/contrib/hostapd/hostapd/README b/contrib/hostapd/hostapd/README
deleted file mode 100644 (file)
index 50868ee..0000000
+++ /dev/null
@@ -1,372 +0,0 @@
-hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP
-         Authenticator and RADIUS authentication server
-================================================================
-
-Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi> and contributors
-All Rights Reserved.
-
-This program is licensed under the BSD license (the one with
-advertisement clause removed).
-
-If you are submitting changes to the project, please see CONTRIBUTIONS
-file for more instructions.
-
-
-
-License
--------
-
-This software may be distributed, used, and modified under the terms of
-BSD license:
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-3. Neither the name(s) of the above-listed copyright holder(s) nor the
-   names of its contributors may be used to endorse or promote products
-   derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-
-Introduction
-============
-
-Originally, hostapd was an optional user space component for Host AP
-driver. It adds more features to the basic IEEE 802.11 management
-included in the kernel driver: using external RADIUS authentication
-server for MAC address based access control, IEEE 802.1X Authenticator
-and dynamic WEP keying, RADIUS accounting, WPA/WPA2 (IEEE 802.11i/RSN)
-Authenticator and dynamic TKIP/CCMP keying.
-
-The current version includes support for other drivers, an integrated
-EAP server (i.e., allow full authentication without requiring
-an external RADIUS authentication server), and RADIUS authentication
-server for EAP authentication.
-
-
-Requirements
-------------
-
-Current hardware/software requirements:
-- drivers:
-       Host AP driver for Prism2/2.5/3.
-       (http://hostap.epitest.fi/)
-       Please note that station firmware version needs to be 1.7.0 or newer
-       to work in WPA mode.
-
-       madwifi driver for cards based on Atheros chip set (ar521x)
-       (http://sourceforge.net/projects/madwifi/)
-       Please note that you will need to add the correct path for
-       madwifi driver root directory in .config (see defconfig file for
-       an example: CFLAGS += -I<path>)
-
-       mac80211-based drivers that support AP mode (with driver=nl80211).
-       This includes drivers for Atheros (ath9k) and Broadcom (b43)
-       chipsets.
-
-       Any wired Ethernet driver for wired IEEE 802.1X authentication
-       (experimental code)
-
-       FreeBSD -current (with some kernel mods that have not yet been
-       committed when hostapd v0.3.0 was released)
-       BSD net80211 layer (e.g., Atheros driver)
-
-
-Build configuration
--------------------
-
-In order to be able to build hostapd, you will need to create a build
-time configuration file, .config that selects which optional
-components are included. See defconfig file for example configuration
-and list of available options.
-
-
-
-IEEE 802.1X
-===========
-
-IEEE Std 802.1X-2001 is a standard for port-based network access
-control. In case of IEEE 802.11 networks, a "virtual port" is used
-between each associated station and the AP. IEEE 802.11 specifies
-minimal authentication mechanism for stations, whereas IEEE 802.1X
-introduces a extensible mechanism for authenticating and authorizing
-users.
-
-IEEE 802.1X uses elements called Supplicant, Authenticator, Port
-Access Entity, and Authentication Server. Supplicant is a component in
-a station and it performs the authentication with the Authentication
-Server. An access point includes an Authenticator that relays the packets
-between a Supplicant and an Authentication Server. In addition, it has a
-Port Access Entity (PAE) with Authenticator functionality for
-controlling the virtual port authorization, i.e., whether to accept
-packets from or to the station.
-
-IEEE 802.1X uses Extensible Authentication Protocol (EAP). The frames
-between a Supplicant and an Authenticator are sent using EAP over LAN
-(EAPOL) and the Authenticator relays these frames to the Authentication
-Server (and similarly, relays the messages from the Authentication
-Server to the Supplicant). The Authentication Server can be colocated with the
-Authenticator, in which case there is no need for additional protocol
-for EAP frame transmission. However, a more common configuration is to
-use an external Authentication Server and encapsulate EAP frame in the
-frames used by that server. RADIUS is suitable for this, but IEEE
-802.1X would also allow other mechanisms.
-
-Host AP driver includes PAE functionality in the kernel driver. It
-is a relatively simple mechanism for denying normal frames going to
-or coming from an unauthorized port. PAE allows IEEE 802.1X related
-frames to be passed between the Supplicant and the Authenticator even
-on an unauthorized port.
-
-User space daemon, hostapd, includes Authenticator functionality. It
-receives 802.1X (EAPOL) frames from the Supplicant using the wlan#ap
-device that is also used with IEEE 802.11 management frames. The
-frames to the Supplicant are sent using the same device.
-
-The normal configuration of the Authenticator would use an external
-Authentication Server. hostapd supports RADIUS encapsulation of EAP
-packets, so the Authentication Server should be a RADIUS server, like
-FreeRADIUS (http://www.freeradius.org/). The Authenticator in hostapd
-relays the frames between the Supplicant and the Authentication
-Server. It also controls the PAE functionality in the kernel driver by
-controlling virtual port authorization, i.e., station-AP
-connection, based on the IEEE 802.1X state.
-
-When a station would like to use the services of an access point, it
-will first perform IEEE 802.11 authentication. This is normally done
-with open systems authentication, so there is no security. After
-this, IEEE 802.11 association is performed. If IEEE 802.1X is
-configured to be used, the virtual port for the station is set in
-Unauthorized state and only IEEE 802.1X frames are accepted at this
-point. The Authenticator will then ask the Supplicant to authenticate
-with the Authentication Server. After this is completed successfully,
-the virtual port is set to Authorized state and frames from and to the
-station are accepted.
-
-Host AP configuration for IEEE 802.1X
--------------------------------------
-
-The user space daemon has its own configuration file that can be used to
-define AP options. Distribution package contains an example
-configuration file (hostapd/hostapd.conf) that can be used as a basis
-for configuration. It includes examples of all supported configuration
-options and short description of each option. hostapd should be started
-with full path to the configuration file as the command line argument,
-e.g., './hostapd /etc/hostapd.conf'. If you have more that one wireless
-LAN card, you can use one hostapd process for multiple interfaces by
-giving a list of configuration files (one per interface) in the command
-line.
-
-hostapd includes a minimal co-located IEEE 802.1X server which can be
-used to test IEEE 802.1X authentication. However, it should not be
-used in normal use since it does not provide any security. This can be
-configured by setting ieee8021x and minimal_eap options in the
-configuration file.
-
-An external Authentication Server (RADIUS) is configured with
-auth_server_{addr,port,shared_secret} options. In addition,
-ieee8021x and own_ip_addr must be set for this mode. With such
-configuration, the co-located Authentication Server is not used and EAP
-frames will be relayed using EAPOL between the Supplicant and the
-Authenticator and RADIUS encapsulation between the Authenticator and
-the Authentication Server. Other than this, the functionality is similar
-to the case with the co-located Authentication Server.
-
-Authentication Server and Supplicant
-------------------------------------
-
-Any RADIUS server supporting EAP should be usable as an IEEE 802.1X
-Authentication Server with hostapd Authenticator. FreeRADIUS
-(http://www.freeradius.org/) has been successfully tested with hostapd
-Authenticator and both Xsupplicant (http://www.open1x.org) and Windows
-XP Supplicants. EAP/TLS was used with Xsupplicant and
-EAP/MD5-Challenge with Windows XP.
-
-http://www.missl.cs.umd.edu/wireless/eaptls/ has useful information
-about using EAP/TLS with FreeRADIUS and Xsupplicant (just replace
-Cisco access point with Host AP driver, hostapd daemon, and a Prism2
-card ;-). http://www.freeradius.org/doc/EAP-MD5.html has information
-about using EAP/MD5 with FreeRADIUS, including instructions for WinXP
-configuration. http://www.denobula.com/EAPTLS.pdf has a HOWTO on
-EAP/TLS use with WinXP Supplicant.
-
-Automatic WEP key configuration
--------------------------------
-
-EAP/TLS generates a session key that can be used to send WEP keys from
-an AP to authenticated stations. The Authenticator in hostapd can be
-configured to automatically select a random default/broadcast key
-(shared by all authenticated stations) with wep_key_len_broadcast
-option (5 for 40-bit WEP or 13 for 104-bit WEP). In addition,
-wep_key_len_unicast option can be used to configure individual unicast
-keys for stations. This requires support for individual keys in the
-station driver.
-
-WEP keys can be automatically updated by configuring rekeying. This
-will improve security of the network since same WEP key will only be
-used for a limited period of time. wep_rekey_period option sets the
-interval for rekeying in seconds.
-
-
-WPA/WPA2
-========
-
-Features
---------
-
-Supported WPA/IEEE 802.11i features:
-- WPA-PSK ("WPA-Personal")
-- WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise")
-- key management for CCMP, TKIP, WEP104, WEP40
-- RSN/WPA2 (IEEE 802.11i), including PMKSA caching and pre-authentication
-
-WPA
----
-
-The original security mechanism of IEEE 802.11 standard was not
-designed to be strong and has proved to be insufficient for most
-networks that require some kind of security. Task group I (Security)
-of IEEE 802.11 working group (http://www.ieee802.org/11/) has worked
-to address the flaws of the base standard and has in practice
-completed its work in May 2004. The IEEE 802.11i amendment to the IEEE
-802.11 standard was approved in June 2004 and this amendment is likely
-to be published in July 2004.
-
-Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version of the
-IEEE 802.11i work (draft 3.0) to define a subset of the security
-enhancements that can be implemented with existing wlan hardware. This
-is called Wi-Fi Protected Access<TM> (WPA). This has now become a
-mandatory component of interoperability testing and certification done
-by Wi-Fi Alliance. Wi-Fi provides information about WPA at its web
-site (http://www.wi-fi.org/OpenSection/protected_access.asp).
-
-IEEE 802.11 standard defined wired equivalent privacy (WEP) algorithm
-for protecting wireless networks. WEP uses RC4 with 40-bit keys,
-24-bit initialization vector (IV), and CRC32 to protect against packet
-forgery. All these choices have proven to be insufficient: key space is
-too small against current attacks, RC4 key scheduling is insufficient
-(beginning of the pseudorandom stream should be skipped), IV space is
-too small and IV reuse makes attacks easier, there is no replay
-protection, and non-keyed authentication does not protect against bit
-flipping packet data.
-
-WPA is an intermediate solution for the security issues. It uses
-Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP is a
-compromise on strong security and possibility to use existing
-hardware. It still uses RC4 for the encryption like WEP, but with
-per-packet RC4 keys. In addition, it implements replay protection,
-keyed packet authentication mechanism (Michael MIC).
-
-Keys can be managed using two different mechanisms. WPA can either use
-an external authentication server (e.g., RADIUS) and EAP just like
-IEEE 802.1X is using or pre-shared keys without need for additional
-servers. Wi-Fi calls these "WPA-Enterprise" and "WPA-Personal",
-respectively. Both mechanisms will generate a master session key for
-the Authenticator (AP) and Supplicant (client station).
-
-WPA implements a new key handshake (4-Way Handshake and Group Key
-Handshake) for generating and exchanging data encryption keys between
-the Authenticator and Supplicant. This handshake is also used to
-verify that both Authenticator and Supplicant know the master session
-key. These handshakes are identical regardless of the selected key
-management mechanism (only the method for generating master session
-key changes).
-
-
-IEEE 802.11i / WPA2
--------------------
-
-The design for parts of IEEE 802.11i that were not included in WPA has
-finished (May 2004) and this amendment to IEEE 802.11 was approved in
-June 2004. Wi-Fi Alliance is using the final IEEE 802.11i as a new
-version of WPA called WPA2. This includes, e.g., support for more
-robust encryption algorithm (CCMP: AES in Counter mode with CBC-MAC)
-to replace TKIP and optimizations for handoff (reduced number of
-messages in initial key handshake, pre-authentication, and PMKSA caching).
-
-Some wireless LAN vendors are already providing support for CCMP in
-their WPA products. There is no "official" interoperability
-certification for CCMP and/or mixed modes using both TKIP and CCMP, so
-some interoperability issues can be expected even though many
-combinations seem to be working with equipment from different vendors.
-Testing for WPA2 is likely to start during the second half of 2004.
-
-hostapd configuration for WPA/WPA2
-----------------------------------
-
-TODO
-
-# Enable WPA. Setting this variable configures the AP to require WPA (either
-# WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either
-# wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK.
-# For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys),
-# RADIUS authentication server must be configured, and WPA-EAP must be included
-# in wpa_key_mgmt.
-# This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
-# and/or WPA2 (full IEEE 802.11i/RSN):
-# bit0 = WPA
-# bit1 = IEEE 802.11i/RSN (WPA2)
-#wpa=1
-
-# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit
-# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase
-# (8..63 characters) that will be converted to PSK. This conversion uses SSID
-# so the PSK changes when ASCII passphrase is used and the SSID is changed.
-#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
-#wpa_passphrase=secret passphrase
-
-# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The
-# entries are separated with a space.
-#wpa_key_mgmt=WPA-PSK WPA-EAP
-
-# Set of accepted cipher suites (encryption algorithms) for pairwise keys
-# (unicast packets). This is a space separated list of algorithms:
-# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i]
-# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i]
-# Group cipher suite (encryption algorithm for broadcast and multicast frames)
-# is automatically selected based on this configuration. If only CCMP is
-# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
-# TKIP will be used as the group cipher.
-#wpa_pairwise=TKIP CCMP
-
-# Time interval for rekeying GTK (broadcast/multicast encryption keys) in
-# seconds.
-#wpa_group_rekey=600
-
-# Time interval for rekeying GMK (master key used internally to generate GTKs
-# (in seconds).
-#wpa_gmk_rekey=86400
-
-# Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up
-# roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN
-# authentication and key handshake before actually associating with a new AP.
-#rsn_preauth=1
-#
-# Space separated list of interfaces from which pre-authentication frames are
-# accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This list should include all
-# interface that are used for connections to other APs. This could include
-# wired interfaces and WDS links. The normal wireless data interface towards
-# associated stations (e.g., wlan0) should not be added, since
-# pre-authentication is only used with APs other than the currently associated
-# one.
-#rsn_preauth_interfaces=eth0
diff --git a/contrib/hostapd/hostapd/README-WPS b/contrib/hostapd/hostapd/README-WPS
deleted file mode 100644 (file)
index 654b5bc..0000000
+++ /dev/null
@@ -1,354 +0,0 @@
-hostapd and Wi-Fi Protected Setup (WPS)
-=======================================
-
-This document describes how the WPS implementation in hostapd can be
-configured and how an external component on an AP (e.g., web UI) is
-used to enable enrollment of client devices.
-
-
-Introduction to WPS
--------------------
-
-Wi-Fi Protected Setup (WPS) is a mechanism for easy configuration of a
-wireless network. It allows automated generation of random keys (WPA
-passphrase/PSK) and configuration of an access point and client
-devices. WPS includes number of methods for setting up connections
-with PIN method and push-button configuration (PBC) being the most
-commonly deployed options.
-
-While WPS can enable more home networks to use encryption in the
-wireless network, it should be noted that the use of the PIN and
-especially PBC mechanisms for authenticating the initial key setup is
-not very secure. As such, use of WPS may not be suitable for
-environments that require secure network access without chance for
-allowing outsiders to gain access during the setup phase.
-
-WPS uses following terms to describe the entities participating in the
-network setup:
-- access point: the WLAN access point
-- Registrar: a device that control a network and can authorize
-  addition of new devices); this may be either in the AP ("internal
-  Registrar") or in an external device, e.g., a laptop, ("external
-  Registrar")
-- Enrollee: a device that is being authorized to use the network
-
-It should also be noted that the AP and a client device may change
-roles (i.e., AP acts as an Enrollee and client device as a Registrar)
-when WPS is used to configure the access point.
-
-
-More information about WPS is available from Wi-Fi Alliance:
-http://www.wi-fi.org/wifi-protected-setup
-
-
-hostapd implementation
-----------------------
-
-hostapd includes an optional WPS component that can be used as an
-internal WPS Registrar to manage addition of new WPS enabled clients
-to the network. In addition, WPS Enrollee functionality in hostapd can
-be used to allow external WPS Registrars to configure the access
-point, e.g., for initial network setup. In addition, hostapd can proxy a
-WPS registration between a wireless Enrollee and an external Registrar
-(e.g., Microsoft Vista or Atheros JumpStart) with UPnP.
-
-
-hostapd configuration
----------------------
-
-WPS is an optional component that needs to be enabled in hostapd build
-configuration (.config). Here is an example configuration that
-includes WPS support and uses madwifi driver interface:
-
-CONFIG_DRIVER_MADWIFI=y
-CFLAGS += -I/usr/src/madwifi-0.9.3
-CONFIG_WPS=y
-CONFIG_WPS2=y
-CONFIG_WPS_UPNP=y
-
-Following parameter can be used to enable support for NFC config method:
-
-CONFIG_WPS_NFC=y
-
-
-Following section shows an example runtime configuration
-(hostapd.conf) that enables WPS:
-
-# Configure the driver and network interface
-driver=madwifi
-interface=ath0
-
-# WPA2-Personal configuration for the AP
-ssid=wps-test
-wpa=2
-wpa_key_mgmt=WPA-PSK
-wpa_pairwise=CCMP
-# Default WPA passphrase for legacy (non-WPS) clients
-wpa_passphrase=12345678
-# Enable random per-device PSK generation for WPS clients
-# Please note that the file has to exists for hostapd to start (i.e., create an
-# empty file as a starting point).
-wpa_psk_file=/etc/hostapd.psk
-
-# Enable control interface for PBC/PIN entry
-ctrl_interface=/var/run/hostapd
-
-# Enable internal EAP server for EAP-WSC (part of Wi-Fi Protected Setup)
-eap_server=1
-
-# WPS configuration (AP configured, do not allow external WPS Registrars)
-wps_state=2
-ap_setup_locked=1
-# If UUID is not configured, it will be generated based on local MAC address.
-uuid=87654321-9abc-def0-1234-56789abc0000
-wps_pin_requests=/var/run/hostapd.pin-req
-device_name=Wireless AP
-manufacturer=Company
-model_name=WAP
-model_number=123
-serial_number=12345
-device_type=6-0050F204-1
-os_version=01020300
-config_methods=label display push_button keypad
-
-# if external Registrars are allowed, UPnP support could be added:
-#upnp_iface=br0
-#friendly_name=WPS Access Point
-
-
-External operations
--------------------
-
-WPS requires either a device PIN code (usually, 8-digit number) or a
-pushbutton event (for PBC) to allow a new WPS Enrollee to join the
-network. hostapd uses the control interface as an input channel for
-these events.
-
-The PIN value used in the commands must be processed by an UI to
-remove non-digit characters and potentially, to verify the checksum
-digit. "hostapd_cli wps_check_pin <PIN>" can be used to do such
-processing. It returns FAIL if the PIN is invalid, or FAIL-CHECKSUM if
-the checksum digit is incorrect, or the processed PIN (non-digit
-characters removed) if the PIN is valid.
-
-When a client device (WPS Enrollee) connects to hostapd (WPS
-Registrar) in order to start PIN mode negotiation for WPS, an
-identifier (Enrollee UUID) is sent. hostapd will need to be configured
-with a device password (PIN) for this Enrollee. This is an operation
-that requires user interaction (assuming there are no pre-configured
-PINs on the AP for a set of Enrollee).
-
-The PIN request with information about the device is appended to the
-wps_pin_requests file (/var/run/hostapd.pin-req in this example). In
-addition, hostapd control interface event is sent as a notification of
-a new device. The AP could use, e.g., a web UI for showing active
-Enrollees to the user and request a PIN for an Enrollee.
-
-The PIN request file has one line for every Enrollee that connected to
-the AP, but for which there was no PIN. Following information is
-provided for each Enrollee (separated with tabulators):
-- timestamp (seconds from 1970-01-01)
-- Enrollee UUID
-- MAC address
-- Device name
-- Manufacturer
-- Model Name
-- Model Number
-- Serial Number
-- Device category
-
-Example line in the /var/run/hostapd.pin-req file:
-1200188391     53b63a98-d29e-4457-a2ed-094d7e6a669c    Intel(R) Centrino(R)    Intel Corporation       Intel(R) Centrino(R)    -       -       1-0050F204-1
-
-Control interface data:
-WPS-PIN-NEEDED [UUID-E|MAC Address|Device Name|Manufacturer|Model Name|Model Number|Serial Number|Device Category]
-For example:
-<2>WPS-PIN-NEEDED [53b63a98-d29e-4457-a2ed-094d7e6a669c|02:12:34:56:78:9a|Device|Manuf|Model|Model Number|Serial Number|1-0050F204-1]
-
-When the user enters a PIN for a pending Enrollee, e.g., on the web
-UI), hostapd needs to be notified of the new PIN over the control
-interface. This can be done either by using the UNIX domain socket
--based control interface directly (src/common/wpa_ctrl.c provides
-helper functions for using the interface) or by calling hostapd_cli.
-
-Example command to add a PIN (12345670) for an Enrollee:
-
-hostapd_cli wps_pin 53b63a98-d29e-4457-a2ed-094d7e6a669c 12345670
-
-If the UUID-E is not available (e.g., Enrollee waits for the Registrar
-to be selected before connecting), wildcard UUID may be used to allow
-the PIN to be used once with any UUID:
-
-hostapd_cli wps_pin any 12345670
-
-To reduce likelihood of PIN being used with other devices or of
-forgetting an active PIN available for potential attackers, expiration
-time in seconds can be set for the new PIN (value 0 indicates no
-expiration):
-
-hostapd_cli wps_pin any 12345670 300
-
-If the MAC address of the enrollee is known, it should be configured
-to allow the AP to advertise list of authorized enrollees:
-
-hostapd_cli wps_pin 53b63a98-d29e-4457-a2ed-094d7e6a669c \
-       12345670 300 00:11:22:33:44:55
-
-
-After this, the Enrollee can connect to the AP again and complete WPS
-negotiation. At that point, a new, random WPA PSK is generated for the
-client device and the client can then use that key to connect to the
-AP to access the network.
-
-
-If the AP includes a pushbutton, WPS PBC mode can be used. It is
-enabled by pushing a button on both the AP and the client at about the
-same time (2 minute window). hostapd needs to be notified about the AP
-button pushed event over the control interface, e.g., by calling
-hostapd_cli:
-
-hostapd_cli wps_pbc
-
-At this point, the client has two minutes to complete WPS negotiation
-which will generate a new WPA PSK in the same way as the PIN method
-described above.
-
-
-When an external Registrar is used, the AP can act as an Enrollee and
-use its AP PIN. A static AP PIN (e.g., one one a label in the AP
-device) can be configured in hostapd.conf (ap_pin parameter). A more
-secure option is to use hostapd_cli wps_ap_pin command to enable the
-AP PIN only based on user action (and even better security by using a
-random AP PIN for each session, i.e., by using "wps_ap_pin random"
-command with a timeout value). Following commands are available for
-managing the dynamic AP PIN operations:
-
-hostapd_cli wps_ap_pin disable
-- disable AP PIN (i.e., do not allow external Registrars to use it to
-  learn the current AP settings or to reconfigure the AP)
-
-hostapd_cli wps_ap_pin random [timeout]
-- generate a random AP PIN and enable it
-- if the optional timeout parameter is given, the AP PIN will be enabled
-  for the specified number of seconds
-
-hostapd_cli wps_ap_pin get
-- fetch the current AP PIN
-
-hostapd_cli wps_ap_pin set <PIN> [timeout]
-- set the AP PIN and enable it
-- if the optional timeout parameter is given, the AP PIN will be enabled
-  for the specified number of seconds
-
-hostapd_cli get_config
-- display the current configuration
-
-hostapd_cli wps_config <new SSID> <auth> <encr> <new key>
-examples:
-  hostapd_cli wps_config testing WPA2PSK CCMP 12345678
-  hostapd_cli wps_config "no security" OPEN NONE ""
-
-<auth> must be one of the following: OPEN WPAPSK WPA2PSK
-<encr> must be one of the following: NONE WEP TKIP CCMP
-
-
-Credential generation and configuration changes
------------------------------------------------
-
-By default, hostapd generates credentials for Enrollees and processing
-AP configuration updates internally. However, it is possible to
-control these operations from external programs, if desired.
-
-The internal credential generation can be disabled with
-skip_cred_build=1 option in the configuration. extra_cred option will
-then need to be used to provide pre-configured Credential attribute(s)
-for hostapd to use. The exact data from this binary file will be sent,
-i.e., it will have to include valid WPS attributes. extra_cred can
-also be used to add additional networks if the Registrar is used to
-configure credentials for multiple networks.
-
-Processing of received configuration updates can be disabled with
-wps_cred_processing=1 option. When this is used, an external program
-is responsible for creating hostapd configuration files and processing
-configuration updates based on messages received from hostapd over
-control interface. This will also include the initial configuration on
-first successful registration if the AP is initially set in
-unconfigured state.
-
-Following control interface messages are sent out for external programs:
-
-WPS-REG-SUCCESS <Enrollee MAC address <UUID-E>
-For example:
-<2>WPS-REG-SUCCESS 02:66:a0:ee:17:27 2b7093f1-d6fb-5108-adbb-bea66bb87333
-
-This can be used to trigger change from unconfigured to configured
-state (random configuration based on the first successful WPS
-registration). In addition, this can be used to update AP UI about the
-status of WPS registration progress.
-
-
-WPS-NEW-AP-SETTINGS <hexdump of AP Setup attributes>
-For example:
-<2>WPS-NEW-AP-SETTINGS 10260001011045000c6a6b6d2d7770732d74657374100300020020100f00020008102700403065346230343536633236366665306433396164313535346131663462663731323433376163666462376633393965353466316631623032306164343438623510200006024231cede15101e000844
-
-This can be used to update the externally stored AP configuration and
-then update hostapd configuration (followed by restarting of hostapd).
-
-
-WPS with NFC
-------------
-
-WPS can be used with NFC-based configuration method. An NFC tag
-containing a password token from the Enrollee can be used to
-authenticate the connection instead of the PIN. In addition, an NFC tag
-with a configuration token can be used to transfer AP settings without
-going through the WPS protocol.
-
-When the AP acts as an Enrollee, a local NFC tag with a password token
-can be used by touching the NFC interface of an external Registrar. The
-wps_nfc_token command is used to manage use of the NFC password token
-from the AP. "wps_nfc_token enable" enables the use of the AP's NFC
-password token (in place of AP PIN) and "wps_nfc_token disable" disables
-the NFC password token.
-
-The NFC password token that is either pre-configured in the
-configuration file (wps_nfc_dev_pw_id, wps_nfc_dh_pubkey,
-wps_nfc_dh_privkey, wps_nfc_dev_pw) or generated dynamically with
-"wps_nfc_token <WPS|NDEF>" command. The nfc_pw_token tool from
-wpa_supplicant can be used to generate NFC password tokens during
-manufacturing (each AP needs to have its own random keys).
-
-The "wps_nfc_config_token <WPS/NDEF>" command can be used to build an
-NFC configuration token. The output value from this command is a hexdump
-of the current AP configuration (WPS parameter requests this to include
-only the WPS attributes; NDEF parameter requests additional NDEF
-encapsulation to be included). This data needs to be written to an NFC
-tag with an external program. Once written, the NFC configuration token
-can be used to touch an NFC interface on a station to provision the
-credentials needed to access the network.
-
-When the NFC device on the AP reads an NFC tag with a MIME media type
-"application/vnd.wfa.wsc", the NDEF message payload (with or without
-NDEF encapsulation) can be delivered to hostapd using the
-following hostapd_cli command:
-
-wps_nfc_tag_read <hexdump of payload>
-
-If the NFC tag contains a password token, the token is added to the
-internal Registrar. This allows station Enrollee from which the password
-token was received to run through WPS protocol to provision the
-credential.
-
-"nfc_get_handover_sel <NDEF> <WPS>" command can be used to build the
-contents of a Handover Select Message for connection handover when this
-does not depend on the contents of the Handover Request Message. The
-first argument selects the format of the output data and the second
-argument selects which type of connection handover is requested (WPS =
-Wi-Fi handover as specified in WSC 2.0).
-
-"nfc_report_handover <INIT/RESP> WPS <carrier from handover request>
-<carrier from handover select>" is used to report completed NFC
-connection handover. The first parameter indicates whether the local
-device initiated or responded to the connection handover and the carrier
-records are the selected carrier from the handover request and select
-messages as a hexdump.
diff --git a/contrib/hostapd/hostapd/config_file.c b/contrib/hostapd/hostapd/config_file.c
deleted file mode 100644 (file)
index 54e4af9..0000000
+++ /dev/null
@@ -1,3030 +0,0 @@
-/*
- * hostapd / Configuration file parser
- * Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "utils/includes.h"
-#ifndef CONFIG_NATIVE_WINDOWS
-#include <grp.h>
-#endif /* CONFIG_NATIVE_WINDOWS */
-
-#include "utils/common.h"
-#include "utils/uuid.h"
-#include "common/ieee802_11_defs.h"
-#include "drivers/driver.h"
-#include "eap_server/eap.h"
-#include "radius/radius_client.h"
-#include "ap/wpa_auth.h"
-#include "ap/ap_config.h"
-#include "config_file.h"
-
-
-#ifndef CONFIG_NO_VLAN
-static int hostapd_config_read_vlan_file(struct hostapd_bss_config *bss,
-                                        const char *fname)
-{
-       FILE *f;
-       char buf[128], *pos, *pos2;
-       int line = 0, vlan_id;
-       struct hostapd_vlan *vlan;
-
-       f = fopen(fname, "r");
-       if (!f) {
-               wpa_printf(MSG_ERROR, "VLAN file '%s' not readable.", fname);
-               return -1;
-       }
-
-       while (fgets(buf, sizeof(buf), f)) {
-               line++;
-
-               if (buf[0] == '#')
-                       continue;
-               pos = buf;
-               while (*pos != '\0') {
-                       if (*pos == '\n') {
-                               *pos = '\0';
-                               break;
-                       }
-                       pos++;
-               }
-               if (buf[0] == '\0')
-                       continue;
-
-               if (buf[0] == '*') {
-                       vlan_id = VLAN_ID_WILDCARD;
-                       pos = buf + 1;
-               } else {
-                       vlan_id = strtol(buf, &pos, 10);
-                       if (buf == pos || vlan_id < 1 ||
-                           vlan_id > MAX_VLAN_ID) {
-                               wpa_printf(MSG_ERROR, "Invalid VLAN ID at "
-                                          "line %d in '%s'", line, fname);
-                               fclose(f);
-                               return -1;
-                       }
-               }
-
-               while (*pos == ' ' || *pos == '\t')
-                       pos++;
-               pos2 = pos;
-               while (*pos2 != ' ' && *pos2 != '\t' && *pos2 != '\0')
-                       pos2++;
-               *pos2 = '\0';
-               if (*pos == '\0' || os_strlen(pos) > IFNAMSIZ) {
-                       wpa_printf(MSG_ERROR, "Invalid VLAN ifname at line %d "
-                                  "in '%s'", line, fname);
-                       fclose(f);
-                       return -1;
-               }
-
-               vlan = os_zalloc(sizeof(*vlan));
-               if (vlan == NULL) {
-                       wpa_printf(MSG_ERROR, "Out of memory while reading "
-                                  "VLAN interfaces from '%s'", fname);
-                       fclose(f);
-                       return -1;
-               }
-
-               vlan->vlan_id = vlan_id;
-               os_strlcpy(vlan->ifname, pos, sizeof(vlan->ifname));
-               vlan->next = bss->vlan;
-               bss->vlan = vlan;
-       }
-
-       fclose(f);
-
-       return 0;
-}
-#endif /* CONFIG_NO_VLAN */
-
-
-static int hostapd_acl_comp(const void *a, const void *b)
-{
-       const struct mac_acl_entry *aa = a;
-       const struct mac_acl_entry *bb = b;
-       return os_memcmp(aa->addr, bb->addr, sizeof(macaddr));
-}
-
-
-static int hostapd_config_read_maclist(const char *fname,
-                                      struct mac_acl_entry **acl, int *num)
-{
-       FILE *f;
-       char buf[128], *pos;
-       int line = 0;
-       u8 addr[ETH_ALEN];
-       struct mac_acl_entry *newacl;
-       int vlan_id;
-
-       if (!fname)
-               return 0;
-
-       f = fopen(fname, "r");
-       if (!f) {
-               wpa_printf(MSG_ERROR, "MAC list file '%s' not found.", fname);
-               return -1;
-       }
-
-       while (fgets(buf, sizeof(buf), f)) {
-               line++;
-
-               if (buf[0] == '#')
-                       continue;
-               pos = buf;
-               while (*pos != '\0') {
-                       if (*pos == '\n') {
-                               *pos = '\0';
-                               break;
-                       }
-                       pos++;
-               }
-               if (buf[0] == '\0')
-                       continue;
-
-               if (hwaddr_aton(buf, addr)) {
-                       wpa_printf(MSG_ERROR, "Invalid MAC address '%s' at "
-                                  "line %d in '%s'", buf, line, fname);
-                       fclose(f);
-                       return -1;
-               }
-
-               vlan_id = 0;
-               pos = buf;
-               while (*pos != '\0' && *pos != ' ' && *pos != '\t')
-                       pos++;
-               while (*pos == ' ' || *pos == '\t')
-                       pos++;
-               if (*pos != '\0')
-                       vlan_id = atoi(pos);
-
-               newacl = os_realloc_array(*acl, *num + 1, sizeof(**acl));
-               if (newacl == NULL) {
-                       wpa_printf(MSG_ERROR, "MAC list reallocation failed");
-                       fclose(f);
-                       return -1;
-               }
-
-               *acl = newacl;
-               os_memcpy((*acl)[*num].addr, addr, ETH_ALEN);
-               (*acl)[*num].vlan_id = vlan_id;
-               (*num)++;
-       }
-
-       fclose(f);
-
-       qsort(*acl, *num, sizeof(**acl), hostapd_acl_comp);
-
-       return 0;
-}
-
-
-#ifdef EAP_SERVER
-static int hostapd_config_read_eap_user(const char *fname,
-                                       struct hostapd_bss_config *conf)
-{
-       FILE *f;
-       char buf[512], *pos, *start, *pos2;
-       int line = 0, ret = 0, num_methods;
-       struct hostapd_eap_user *user, *tail = NULL;
-
-       if (!fname)
-               return 0;
-
-       if (os_strncmp(fname, "sqlite:", 7) == 0) {
-               os_free(conf->eap_user_sqlite);
-               conf->eap_user_sqlite = os_strdup(fname + 7);
-               return 0;
-       }
-
-       f = fopen(fname, "r");
-       if (!f) {
-               wpa_printf(MSG_ERROR, "EAP user file '%s' not found.", fname);
-               return -1;
-       }
-
-       /* Lines: "user" METHOD,METHOD2 "password" (password optional) */
-       while (fgets(buf, sizeof(buf), f)) {
-               line++;
-
-               if (buf[0] == '#')
-                       continue;
-               pos = buf;
-               while (*pos != '\0') {
-                       if (*pos == '\n') {
-                               *pos = '\0';
-                               break;
-                       }
-                       pos++;
-               }
-               if (buf[0] == '\0')
-                       continue;
-
-               user = NULL;
-
-               if (buf[0] != '"' && buf[0] != '*') {
-                       wpa_printf(MSG_ERROR, "Invalid EAP identity (no \" in "
-                                  "start) on line %d in '%s'", line, fname);
-                       goto failed;
-               }
-
-               user = os_zalloc(sizeof(*user));
-               if (user == NULL) {
-                       wpa_printf(MSG_ERROR, "EAP user allocation failed");
-                       goto failed;
-               }
-               user->force_version = -1;
-
-               if (buf[0] == '*') {
-                       pos = buf;
-               } else {
-                       pos = buf + 1;
-                       start = pos;
-                       while (*pos != '"' && *pos != '\0')
-                               pos++;
-                       if (*pos == '\0') {
-                               wpa_printf(MSG_ERROR, "Invalid EAP identity "
-                                          "(no \" in end) on line %d in '%s'",
-                                          line, fname);
-                               goto failed;
-                       }
-
-                       user->identity = os_malloc(pos - start);
-                       if (user->identity == NULL) {
-                               wpa_printf(MSG_ERROR, "Failed to allocate "
-                                          "memory for EAP identity");
-                               goto failed;
-                       }
-                       os_memcpy(user->identity, start, pos - start);
-                       user->identity_len = pos - start;
-
-                       if (pos[0] == '"' && pos[1] == '*') {
-                               user->wildcard_prefix = 1;
-                               pos++;
-                       }
-               }
-               pos++;
-               while (*pos == ' ' || *pos == '\t')
-                       pos++;
-
-               if (*pos == '\0') {
-                       wpa_printf(MSG_ERROR, "No EAP method on line %d in "
-                                  "'%s'", line, fname);
-                       goto failed;
-               }
-
-               start = pos;
-               while (*pos != ' ' && *pos != '\t' && *pos != '\0')
-                       pos++;
-               if (*pos == '\0') {
-                       pos = NULL;
-               } else {
-                       *pos = '\0';
-                       pos++;
-               }
-               num_methods = 0;
-               while (*start) {
-                       char *pos3 = os_strchr(start, ',');
-                       if (pos3) {
-                               *pos3++ = '\0';
-                       }
-                       user->methods[num_methods].method =
-                               eap_server_get_type(
-                                       start,
-                                       &user->methods[num_methods].vendor);
-                       if (user->methods[num_methods].vendor ==
-                           EAP_VENDOR_IETF &&
-                           user->methods[num_methods].method == EAP_TYPE_NONE)
-                       {
-                               if (os_strcmp(start, "TTLS-PAP") == 0) {
-                                       user->ttls_auth |= EAP_TTLS_AUTH_PAP;
-                                       goto skip_eap;
-                               }
-                               if (os_strcmp(start, "TTLS-CHAP") == 0) {
-                                       user->ttls_auth |= EAP_TTLS_AUTH_CHAP;
-                                       goto skip_eap;
-                               }
-                               if (os_strcmp(start, "TTLS-MSCHAP") == 0) {
-                                       user->ttls_auth |=
-                                               EAP_TTLS_AUTH_MSCHAP;
-                                       goto skip_eap;
-                               }
-                               if (os_strcmp(start, "TTLS-MSCHAPV2") == 0) {
-                                       user->ttls_auth |=
-                                               EAP_TTLS_AUTH_MSCHAPV2;
-                                       goto skip_eap;
-                               }
-                               wpa_printf(MSG_ERROR, "Unsupported EAP type "
-                                          "'%s' on line %d in '%s'",
-                                          start, line, fname);
-                               goto failed;
-                       }
-
-                       num_methods++;
-                       if (num_methods >= EAP_MAX_METHODS)
-                               break;
-               skip_eap:
-                       if (pos3 == NULL)
-                               break;
-                       start = pos3;
-               }
-               if (num_methods == 0 && user->ttls_auth == 0) {
-                       wpa_printf(MSG_ERROR, "No EAP types configured on "
-                                  "line %d in '%s'", line, fname);
-                       goto failed;
-               }
-
-               if (pos == NULL)
-                       goto done;
-
-               while (*pos == ' ' || *pos == '\t')
-                       pos++;
-               if (*pos == '\0')
-                       goto done;
-
-               if (os_strncmp(pos, "[ver=0]", 7) == 0) {
-                       user->force_version = 0;
-                       goto done;
-               }
-
-               if (os_strncmp(pos, "[ver=1]", 7) == 0) {
-                       user->force_version = 1;
-                       goto done;
-               }
-
-               if (os_strncmp(pos, "[2]", 3) == 0) {
-                       user->phase2 = 1;
-                       goto done;
-               }
-
-               if (*pos == '"') {
-                       pos++;
-                       start = pos;
-                       while (*pos != '"' && *pos != '\0')
-                               pos++;
-                       if (*pos == '\0') {
-                               wpa_printf(MSG_ERROR, "Invalid EAP password "
-                                          "(no \" in end) on line %d in '%s'",
-                                          line, fname);
-                               goto failed;
-                       }
-
-                       user->password = os_malloc(pos - start);
-                       if (user->password == NULL) {
-                               wpa_printf(MSG_ERROR, "Failed to allocate "
-                                          "memory for EAP password");
-                               goto failed;
-                       }
-                       os_memcpy(user->password, start, pos - start);
-                       user->password_len = pos - start;
-
-                       pos++;
-               } else if (os_strncmp(pos, "hash:", 5) == 0) {
-                       pos += 5;
-                       pos2 = pos;
-                       while (*pos2 != '\0' && *pos2 != ' ' &&
-                              *pos2 != '\t' && *pos2 != '#')
-                               pos2++;
-                       if (pos2 - pos != 32) {
-                               wpa_printf(MSG_ERROR, "Invalid password hash "
-                                          "on line %d in '%s'", line, fname);
-                               goto failed;
-                       }
-                       user->password = os_malloc(16);
-                       if (user->password == NULL) {
-                               wpa_printf(MSG_ERROR, "Failed to allocate "
-                                          "memory for EAP password hash");
-                               goto failed;
-                       }
-                       if (hexstr2bin(pos, user->password, 16) < 0) {
-                               wpa_printf(MSG_ERROR, "Invalid hash password "
-                                          "on line %d in '%s'", line, fname);
-                               goto failed;
-                       }
-                       user->password_len = 16;
-                       user->password_hash = 1;
-                       pos = pos2;
-               } else {
-                       pos2 = pos;
-                       while (*pos2 != '\0' && *pos2 != ' ' &&
-                              *pos2 != '\t' && *pos2 != '#')
-                               pos2++;
-                       if ((pos2 - pos) & 1) {
-                               wpa_printf(MSG_ERROR, "Invalid hex password "
-                                          "on line %d in '%s'", line, fname);
-                               goto failed;
-                       }
-                       user->password = os_malloc((pos2 - pos) / 2);
-                       if (user->password == NULL) {
-                               wpa_printf(MSG_ERROR, "Failed to allocate "
-                                          "memory for EAP password");
-                               goto failed;
-                       }
-                       if (hexstr2bin(pos, user->password,
-                                      (pos2 - pos) / 2) < 0) {
-                               wpa_printf(MSG_ERROR, "Invalid hex password "
-                                          "on line %d in '%s'", line, fname);
-                               goto failed;
-                       }
-                       user->password_len = (pos2 - pos) / 2;
-                       pos = pos2;
-               }
-
-               while (*pos == ' ' || *pos == '\t')
-                       pos++;
-               if (os_strncmp(pos, "[2]", 3) == 0) {
-                       user->phase2 = 1;
-               }
-
-       done:
-               if (tail == NULL) {
-                       tail = conf->eap_user = user;
-               } else {
-                       tail->next = user;
-                       tail = user;
-               }
-               continue;
-
-       failed:
-               if (user) {
-                       os_free(user->password);
-                       os_free(user->identity);
-                       os_free(user);
-               }
-               ret = -1;
-               break;
-       }
-
-       fclose(f);
-
-       return ret;
-}
-#endif /* EAP_SERVER */
-
-
-#ifndef CONFIG_NO_RADIUS
-static int
-hostapd_config_read_radius_addr(struct hostapd_radius_server **server,
-                               int *num_server, const char *val, int def_port,
-                               struct hostapd_radius_server **curr_serv)
-{
-       struct hostapd_radius_server *nserv;
-       int ret;
-       static int server_index = 1;
-
-       nserv = os_realloc_array(*server, *num_server + 1, sizeof(*nserv));
-       if (nserv == NULL)
-               return -1;
-
-       *server = nserv;
-       nserv = &nserv[*num_server];
-       (*num_server)++;
-       (*curr_serv) = nserv;
-
-       os_memset(nserv, 0, sizeof(*nserv));
-       nserv->port = def_port;
-       ret = hostapd_parse_ip_addr(val, &nserv->addr);
-       nserv->index = server_index++;
-
-       return ret;
-}
-
-
-static struct hostapd_radius_attr *
-hostapd_parse_radius_attr(const char *value)
-{
-       const char *pos;
-       char syntax;
-       struct hostapd_radius_attr *attr;
-       size_t len;
-
-       attr = os_zalloc(sizeof(*attr));
-       if (attr == NULL)
-               return NULL;
-
-       attr->type = atoi(value);
-
-       pos = os_strchr(value, ':');
-       if (pos == NULL) {
-               attr->val = wpabuf_alloc(1);
-               if (attr->val == NULL) {
-                       os_free(attr);
-                       return NULL;
-               }
-               wpabuf_put_u8(attr->val, 0);
-               return attr;
-       }
-
-       pos++;
-       if (pos[0] == '\0' || pos[1] != ':') {
-               os_free(attr);
-               return NULL;
-       }
-       syntax = *pos++;
-       pos++;
-
-       switch (syntax) {
-       case 's':
-               attr->val = wpabuf_alloc_copy(pos, os_strlen(pos));
-               break;
-       case 'x':
-               len = os_strlen(pos);
-               if (len & 1)
-                       break;
-               len /= 2;
-               attr->val = wpabuf_alloc(len);
-               if (attr->val == NULL)
-                       break;
-               if (hexstr2bin(pos, wpabuf_put(attr->val, len), len) < 0) {
-                       wpabuf_free(attr->val);
-                       os_free(attr);
-                       return NULL;
-               }
-               break;
-       case 'd':
-               attr->val = wpabuf_alloc(4);
-               if (attr->val)
-                       wpabuf_put_be32(attr->val, atoi(pos));
-               break;
-       default:
-               os_free(attr);
-               return NULL;
-       }
-
-       if (attr->val == NULL) {
-               os_free(attr);
-               return NULL;
-       }
-
-       return attr;
-}
-
-
-static int hostapd_parse_das_client(struct hostapd_bss_config *bss,
-                                   const char *val)
-{
-       char *secret;
-
-       secret = os_strchr(val, ' ');
-       if (secret == NULL)
-               return -1;
-
-       secret++;
-
-       if (hostapd_parse_ip_addr(val, &bss->radius_das_client_addr))
-               return -1;
-
-       os_free(bss->radius_das_shared_secret);
-       bss->radius_das_shared_secret = (u8 *) os_strdup(secret);
-       if (bss->radius_das_shared_secret == NULL)
-               return -1;
-       bss->radius_das_shared_secret_len = os_strlen(secret);
-
-       return 0;
-}
-#endif /* CONFIG_NO_RADIUS */
-
-
-static int hostapd_config_parse_key_mgmt(int line, const char *value)
-{
-       int val = 0, last;
-       char *start, *end, *buf;
-
-       buf = os_strdup(value);
-       if (buf == NULL)
-               return -1;
-       start = buf;
-
-       while (*start != '\0') {
-               while (*start == ' ' || *start == '\t')
-                       start++;
-               if (*start == '\0')
-                       break;
-               end = start;
-               while (*end != ' ' && *end != '\t' && *end != '\0')
-                       end++;
-               last = *end == '\0';
-               *end = '\0';
-               if (os_strcmp(start, "WPA-PSK") == 0)
-                       val |= WPA_KEY_MGMT_PSK;
-               else if (os_strcmp(start, "WPA-EAP") == 0)
-                       val |= WPA_KEY_MGMT_IEEE8021X;
-#ifdef CONFIG_IEEE80211R
-               else if (os_strcmp(start, "FT-PSK") == 0)
-                       val |= WPA_KEY_MGMT_FT_PSK;
-               else if (os_strcmp(start, "FT-EAP") == 0)
-                       val |= WPA_KEY_MGMT_FT_IEEE8021X;
-#endif /* CONFIG_IEEE80211R */
-#ifdef CONFIG_IEEE80211W
-               else if (os_strcmp(start, "WPA-PSK-SHA256") == 0)
-                       val |= WPA_KEY_MGMT_PSK_SHA256;
-               else if (os_strcmp(start, "WPA-EAP-SHA256") == 0)
-                       val |= WPA_KEY_MGMT_IEEE8021X_SHA256;
-#endif /* CONFIG_IEEE80211W */
-#ifdef CONFIG_SAE
-               else if (os_strcmp(start, "SAE") == 0)
-                       val |= WPA_KEY_MGMT_SAE;
-               else if (os_strcmp(start, "FT-SAE") == 0)
-                       val |= WPA_KEY_MGMT_FT_SAE;
-#endif /* CONFIG_SAE */
-               else {
-                       wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'",
-                                  line, start);
-                       os_free(buf);
-                       return -1;
-               }
-
-               if (last)
-                       break;
-               start = end + 1;
-       }
-
-       os_free(buf);
-       if (val == 0) {
-               wpa_printf(MSG_ERROR, "Line %d: no key_mgmt values "
-                          "configured.", line);
-               return -1;
-       }
-
-       return val;
-}
-
-
-static int hostapd_config_parse_cipher(int line, const char *value)
-{
-       int val = wpa_parse_cipher(value);
-       if (val < 0) {
-               wpa_printf(MSG_ERROR, "Line %d: invalid cipher '%s'.",
-                          line, value);
-               return -1;
-       }
-       if (val == 0) {
-               wpa_printf(MSG_ERROR, "Line %d: no cipher values configured.",
-                          line);
-               return -1;
-       }
-       return val;
-}
-
-
-static int hostapd_config_read_wep(struct hostapd_wep_keys *wep, int keyidx,
-                                  char *val)
-{
-       size_t len = os_strlen(val);
-
-       if (keyidx < 0 || keyidx > 3 || wep->key[keyidx] != NULL)
-               return -1;
-
-       if (val[0] == '"') {
-               if (len < 2 || val[len - 1] != '"')
-                       return -1;
-               len -= 2;
-               wep->key[keyidx] = os_malloc(len);
-               if (wep->key[keyidx] == NULL)
-                       return -1;
-               os_memcpy(wep->key[keyidx], val + 1, len);
-               wep->len[keyidx] = len;
-       } else {
-               if (len & 1)
-                       return -1;
-               len /= 2;
-               wep->key[keyidx] = os_malloc(len);
-               if (wep->key[keyidx] == NULL)
-                       return -1;
-               wep->len[keyidx] = len;
-               if (hexstr2bin(val, wep->key[keyidx], len) < 0)
-                       return -1;
-       }
-
-       wep->keys_set++;
-
-       return 0;
-}
-
-
-static int hostapd_parse_intlist(int **int_list, char *val)
-{
-       int *list;
-       int count;
-       char *pos, *end;
-
-       os_free(*int_list);
-       *int_list = NULL;
-
-       pos = val;
-       count = 0;
-       while (*pos != '\0') {
-               if (*pos == ' ')
-                       count++;
-               pos++;
-       }
-
-       list = os_malloc(sizeof(int) * (count + 2));
-       if (list == NULL)
-               return -1;
-       pos = val;
-       count = 0;
-       while (*pos != '\0') {
-               end = os_strchr(pos, ' ');
-               if (end)
-                       *end = '\0';
-
-               list[count++] = atoi(pos);
-               if (!end)
-                       break;
-               pos = end + 1;
-       }
-       list[count] = -1;
-
-       *int_list = list;
-       return 0;
-}
-
-
-static int hostapd_config_bss(struct hostapd_config *conf, const char *ifname)
-{
-       struct hostapd_bss_config **all, *bss;
-
-       if (*ifname == '\0')
-               return -1;
-
-       all = os_realloc_array(conf->bss, conf->num_bss + 1,
-                              sizeof(struct hostapd_bss_config *));
-       if (all == NULL) {
-               wpa_printf(MSG_ERROR, "Failed to allocate memory for "
-                          "multi-BSS entry");
-               return -1;
-       }
-       conf->bss = all;
-
-       bss = os_zalloc(sizeof(*bss));
-       if (bss == NULL)
-               return -1;
-       bss->radius = os_zalloc(sizeof(*bss->radius));
-       if (bss->radius == NULL) {
-               wpa_printf(MSG_ERROR, "Failed to allocate memory for "
-                          "multi-BSS RADIUS data");
-               os_free(bss);
-               return -1;
-       }
-
-       conf->bss[conf->num_bss++] = bss;
-       conf->last_bss = bss;
-
-       hostapd_config_defaults_bss(bss);
-       os_strlcpy(bss->iface, ifname, sizeof(bss->iface));
-       os_memcpy(bss->ssid.vlan, bss->iface, IFNAMSIZ + 1);
-
-       return 0;
-}
-
-
-/* convert floats with one decimal place to value*10 int, i.e.,
- * "1.5" will return 15 */
-static int hostapd_config_read_int10(const char *value)
-{
-       int i, d;
-       char *pos;
-
-       i = atoi(value);
-       pos = os_strchr(value, '.');
-       d = 0;
-       if (pos) {
-               pos++;
-               if (*pos >= '0' && *pos <= '9')
-                       d = *pos - '0';
-       }
-
-       return i * 10 + d;
-}
-
-
-static int valid_cw(int cw)
-{
-       return (cw == 1 || cw == 3 || cw == 7 || cw == 15 || cw == 31 ||
-               cw == 63 || cw == 127 || cw == 255 || cw == 511 || cw == 1023);
-}
-
-
-enum {
-       IEEE80211_TX_QUEUE_DATA0 = 0, /* used for EDCA AC_VO data */
-       IEEE80211_TX_QUEUE_DATA1 = 1, /* used for EDCA AC_VI data */
-       IEEE80211_TX_QUEUE_DATA2 = 2, /* used for EDCA AC_BE data */
-       IEEE80211_TX_QUEUE_DATA3 = 3 /* used for EDCA AC_BK data */
-};
-
-static int hostapd_config_tx_queue(struct hostapd_config *conf, char *name,
-                                  char *val)
-{
-       int num;
-       char *pos;
-       struct hostapd_tx_queue_params *queue;
-
-       /* skip 'tx_queue_' prefix */
-       pos = name + 9;
-       if (os_strncmp(pos, "data", 4) == 0 &&
-           pos[4] >= '0' && pos[4] <= '9' && pos[5] == '_') {
-               num = pos[4] - '0';
-               pos += 6;
-       } else if (os_strncmp(pos, "after_beacon_", 13) == 0 ||
-                  os_strncmp(pos, "beacon_", 7) == 0) {
-               wpa_printf(MSG_INFO, "DEPRECATED: '%s' not used", name);
-               return 0;
-       } else {
-               wpa_printf(MSG_ERROR, "Unknown tx_queue name '%s'", pos);
-               return -1;
-       }
-
-       if (num >= NUM_TX_QUEUES) {
-               /* for backwards compatibility, do not trigger failure */
-               wpa_printf(MSG_INFO, "DEPRECATED: '%s' not used", name);
-               return 0;
-       }
-
-       queue = &conf->tx_queue[num];
-
-       if (os_strcmp(pos, "aifs") == 0) {
-               queue->aifs = atoi(val);
-               if (queue->aifs < 0 || queue->aifs > 255) {
-                       wpa_printf(MSG_ERROR, "Invalid AIFS value %d",
-                                  queue->aifs);
-                       return -1;
-               }
-       } else if (os_strcmp(pos, "cwmin") == 0) {
-               queue->cwmin = atoi(val);
-               if (!valid_cw(queue->cwmin)) {
-                       wpa_printf(MSG_ERROR, "Invalid cwMin value %d",
-                                  queue->cwmin);
-                       return -1;
-               }
-       } else if (os_strcmp(pos, "cwmax") == 0) {
-               queue->cwmax = atoi(val);
-               if (!valid_cw(queue->cwmax)) {
-                       wpa_printf(MSG_ERROR, "Invalid cwMax value %d",
-                                  queue->cwmax);
-                       return -1;
-               }
-       } else if (os_strcmp(pos, "burst") == 0) {
-               queue->burst = hostapd_config_read_int10(val);
-       } else {
-               wpa_printf(MSG_ERROR, "Unknown tx_queue field '%s'", pos);
-               return -1;
-       }
-
-       return 0;
-}
-
-
-#ifdef CONFIG_IEEE80211R
-static int add_r0kh(struct hostapd_bss_config *bss, char *value)
-{
-       struct ft_remote_r0kh *r0kh;
-       char *pos, *next;
-
-       r0kh = os_zalloc(sizeof(*r0kh));
-       if (r0kh == NULL)
-               return -1;
-
-       /* 02:01:02:03:04:05 a.example.com 000102030405060708090a0b0c0d0e0f */
-       pos = value;
-       next = os_strchr(pos, ' ');
-       if (next)
-               *next++ = '\0';
-       if (next == NULL || hwaddr_aton(pos, r0kh->addr)) {
-               wpa_printf(MSG_ERROR, "Invalid R0KH MAC address: '%s'", pos);
-               os_free(r0kh);
-               return -1;
-       }
-
-       pos = next;
-       next = os_strchr(pos, ' ');
-       if (next)
-               *next++ = '\0';
-       if (next == NULL || next - pos > FT_R0KH_ID_MAX_LEN) {
-               wpa_printf(MSG_ERROR, "Invalid R0KH-ID: '%s'", pos);
-               os_free(r0kh);
-               return -1;
-       }
-       r0kh->id_len = next - pos - 1;
-       os_memcpy(r0kh->id, pos, r0kh->id_len);
-
-       pos = next;
-       if (hexstr2bin(pos, r0kh->key, sizeof(r0kh->key))) {
-               wpa_printf(MSG_ERROR, "Invalid R0KH key: '%s'", pos);
-               os_free(r0kh);
-               return -1;
-       }
-
-       r0kh->next = bss->r0kh_list;
-       bss->r0kh_list = r0kh;
-
-       return 0;
-}
-
-
-static int add_r1kh(struct hostapd_bss_config *bss, char *value)
-{
-       struct ft_remote_r1kh *r1kh;
-       char *pos, *next;
-
-       r1kh = os_zalloc(sizeof(*r1kh));
-       if (r1kh == NULL)
-               return -1;
-
-       /* 02:01:02:03:04:05 02:01:02:03:04:05
-        * 000102030405060708090a0b0c0d0e0f */
-       pos = value;
-       next = os_strchr(pos, ' ');
-       if (next)
-               *next++ = '\0';
-       if (next == NULL || hwaddr_aton(pos, r1kh->addr)) {
-               wpa_printf(MSG_ERROR, "Invalid R1KH MAC address: '%s'", pos);
-               os_free(r1kh);
-               return -1;
-       }
-
-       pos = next;
-       next = os_strchr(pos, ' ');
-       if (next)
-               *next++ = '\0';
-       if (next == NULL || hwaddr_aton(pos, r1kh->id)) {
-               wpa_printf(MSG_ERROR, "Invalid R1KH-ID: '%s'", pos);
-               os_free(r1kh);
-               return -1;
-       }
-
-       pos = next;
-       if (hexstr2bin(pos, r1kh->key, sizeof(r1kh->key))) {
-               wpa_printf(MSG_ERROR, "Invalid R1KH key: '%s'", pos);
-               os_free(r1kh);
-               return -1;
-       }
-
-       r1kh->next = bss->r1kh_list;
-       bss->r1kh_list = r1kh;
-
-       return 0;
-}
-#endif /* CONFIG_IEEE80211R */
-
-
-#ifdef CONFIG_IEEE80211N
-static int hostapd_config_ht_capab(struct hostapd_config *conf,
-                                  const char *capab)
-{
-       if (os_strstr(capab, "[LDPC]"))
-               conf->ht_capab |= HT_CAP_INFO_LDPC_CODING_CAP;
-       if (os_strstr(capab, "[HT40-]")) {
-               conf->ht_capab |= HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET;
-               conf->secondary_channel = -1;
-       }
-       if (os_strstr(capab, "[HT40+]")) {
-               conf->ht_capab |= HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET;
-               conf->secondary_channel = 1;
-       }
-       if (os_strstr(capab, "[SMPS-STATIC]")) {
-               conf->ht_capab &= ~HT_CAP_INFO_SMPS_MASK;
-               conf->ht_capab |= HT_CAP_INFO_SMPS_STATIC;
-       }
-       if (os_strstr(capab, "[SMPS-DYNAMIC]")) {
-               conf->ht_capab &= ~HT_CAP_INFO_SMPS_MASK;
-               conf->ht_capab |= HT_CAP_INFO_SMPS_DYNAMIC;
-       }
-       if (os_strstr(capab, "[GF]"))
-               conf->ht_capab |= HT_CAP_INFO_GREEN_FIELD;
-       if (os_strstr(capab, "[SHORT-GI-20]"))
-               conf->ht_capab |= HT_CAP_INFO_SHORT_GI20MHZ;
-       if (os_strstr(capab, "[SHORT-GI-40]"))
-               conf->ht_capab |= HT_CAP_INFO_SHORT_GI40MHZ;
-       if (os_strstr(capab, "[TX-STBC]"))
-               conf->ht_capab |= HT_CAP_INFO_TX_STBC;
-       if (os_strstr(capab, "[RX-STBC1]")) {
-               conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
-               conf->ht_capab |= HT_CAP_INFO_RX_STBC_1;
-       }
-       if (os_strstr(capab, "[RX-STBC12]")) {
-               conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
-               conf->ht_capab |= HT_CAP_INFO_RX_STBC_12;
-       }
-       if (os_strstr(capab, "[RX-STBC123]")) {
-               conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
-               conf->ht_capab |= HT_CAP_INFO_RX_STBC_123;
-       }
-       if (os_strstr(capab, "[DELAYED-BA]"))
-               conf->ht_capab |= HT_CAP_INFO_DELAYED_BA;
-       if (os_strstr(capab, "[MAX-AMSDU-7935]"))
-               conf->ht_capab |= HT_CAP_INFO_MAX_AMSDU_SIZE;
-       if (os_strstr(capab, "[DSSS_CCK-40]"))
-               conf->ht_capab |= HT_CAP_INFO_DSSS_CCK40MHZ;
-       if (os_strstr(capab, "[PSMP]"))
-               conf->ht_capab |= HT_CAP_INFO_PSMP_SUPP;
-       if (os_strstr(capab, "[LSIG-TXOP-PROT]"))
-               conf->ht_capab |= HT_CAP_INFO_LSIG_TXOP_PROTECT_SUPPORT;
-
-       return 0;
-}
-#endif /* CONFIG_IEEE80211N */
-
-
-#ifdef CONFIG_IEEE80211AC
-static int hostapd_config_vht_capab(struct hostapd_config *conf,
-                                   const char *capab)
-{
-       if (os_strstr(capab, "[MAX-MPDU-7991]"))
-               conf->vht_capab |= VHT_CAP_MAX_MPDU_LENGTH_7991;
-       if (os_strstr(capab, "[MAX-MPDU-11454]"))
-               conf->vht_capab |= VHT_CAP_MAX_MPDU_LENGTH_11454;
-       if (os_strstr(capab, "[VHT160]"))
-               conf->vht_capab |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
-       if (os_strstr(capab, "[VHT160-80PLUS80]"))
-               conf->vht_capab |= VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
-       if (os_strstr(capab, "[VHT160-80PLUS80]"))
-               conf->vht_capab |= VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
-       if (os_strstr(capab, "[RXLDPC]"))
-               conf->vht_capab |= VHT_CAP_RXLDPC;
-       if (os_strstr(capab, "[SHORT-GI-80]"))
-               conf->vht_capab |= VHT_CAP_SHORT_GI_80;
-       if (os_strstr(capab, "[SHORT-GI-160]"))
-               conf->vht_capab |= VHT_CAP_SHORT_GI_160;
-       if (os_strstr(capab, "[TX-STBC-2BY1]"))
-               conf->vht_capab |= VHT_CAP_TXSTBC;
-       if (os_strstr(capab, "[RX-STBC-1]"))
-               conf->vht_capab |= VHT_CAP_RXSTBC_1;
-       if (os_strstr(capab, "[RX-STBC-12]"))
-               conf->vht_capab |= VHT_CAP_RXSTBC_2;
-       if (os_strstr(capab, "[RX-STBC-123]"))
-               conf->vht_capab |= VHT_CAP_RXSTBC_3;
-       if (os_strstr(capab, "[RX-STBC-1234]"))
-               conf->vht_capab |= VHT_CAP_RXSTBC_4;
-       if (os_strstr(capab, "[SU-BEAMFORMER]"))
-               conf->vht_capab |= VHT_CAP_SU_BEAMFORMER_CAPABLE;
-       if (os_strstr(capab, "[SU-BEAMFORMEE]"))
-               conf->vht_capab |= VHT_CAP_SU_BEAMFORMEE_CAPABLE;
-       if (os_strstr(capab, "[BF-ANTENNA-2]") &&
-           (conf->vht_capab & VHT_CAP_SU_BEAMFORMEE_CAPABLE))
-               conf->vht_capab |= (1 << VHT_CAP_BEAMFORMEE_STS_OFFSET);
-       if (os_strstr(capab, "[SOUNDING-DIMENSION-2]") &&
-           (conf->vht_capab & VHT_CAP_SU_BEAMFORMER_CAPABLE))
-               conf->vht_capab |= (1 << VHT_CAP_SOUNDING_DIMENSION_OFFSET);
-       if (os_strstr(capab, "[MU-BEAMFORMER]"))
-               conf->vht_capab |= VHT_CAP_MU_BEAMFORMER_CAPABLE;
-       if (os_strstr(capab, "[MU-BEAMFORMEE]"))
-               conf->vht_capab |= VHT_CAP_MU_BEAMFORMEE_CAPABLE;
-       if (os_strstr(capab, "[VHT-TXOP-PS]"))
-               conf->vht_capab |= VHT_CAP_VHT_TXOP_PS;
-       if (os_strstr(capab, "[HTC-VHT]"))
-               conf->vht_capab |= VHT_CAP_HTC_VHT;
-       if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP0]"))
-               conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT;
-       if (os_strstr(capab, "[VHT-LINK-ADAPT2]") &&
-           (conf->vht_capab & VHT_CAP_HTC_VHT))
-               conf->vht_capab |= VHT_CAP_VHT_LINK_ADAPTATION_VHT_UNSOL_MFB;
-       if (os_strstr(capab, "[VHT-LINK-ADAPT3]") &&
-           (conf->vht_capab & VHT_CAP_HTC_VHT))
-               conf->vht_capab |= VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB;
-       if (os_strstr(capab, "[RX-ANTENNA-PATTERN]"))
-               conf->vht_capab |= VHT_CAP_RX_ANTENNA_PATTERN;
-       if (os_strstr(capab, "[TX-ANTENNA-PATTERN]"))
-               conf->vht_capab |= VHT_CAP_TX_ANTENNA_PATTERN;
-       return 0;
-}
-#endif /* CONFIG_IEEE80211AC */
-
-
-#ifdef CONFIG_INTERWORKING
-static int parse_roaming_consortium(struct hostapd_bss_config *bss, char *pos,
-                                   int line)
-{
-       size_t len = os_strlen(pos);
-       u8 oi[MAX_ROAMING_CONSORTIUM_LEN];
-
-       struct hostapd_roaming_consortium *rc;
-
-       if ((len & 1) || len < 2 * 3 || len / 2 > MAX_ROAMING_CONSORTIUM_LEN ||
-           hexstr2bin(pos, oi, len / 2)) {
-               wpa_printf(MSG_ERROR, "Line %d: invalid roaming_consortium "
-                          "'%s'", line, pos);
-               return -1;
-       }
-       len /= 2;
-
-       rc = os_realloc_array(bss->roaming_consortium,
-                             bss->roaming_consortium_count + 1,
-                             sizeof(struct hostapd_roaming_consortium));
-       if (rc == NULL)
-               return -1;
-
-       os_memcpy(rc[bss->roaming_consortium_count].oi, oi, len);
-       rc[bss->roaming_consortium_count].len = len;
-
-       bss->roaming_consortium = rc;
-       bss->roaming_consortium_count++;
-
-       return 0;
-}
-
-
-static int parse_lang_string(struct hostapd_lang_string **array,
-                            unsigned int *count, char *pos)
-{
-       char *sep, *str = NULL;
-       size_t clen, nlen, slen;
-       struct hostapd_lang_string *ls;
-       int ret = -1;
-
-       if (*pos == '"' || (*pos == 'P' && pos[1] == '"')) {
-               str = wpa_config_parse_string(pos, &slen);
-               if (!str)
-                       return -1;
-               pos = str;
-       }
-
-       sep = os_strchr(pos, ':');
-       if (sep == NULL)
-               goto fail;
-       *sep++ = '\0';
-
-       clen = os_strlen(pos);
-       if (clen < 2 || clen > sizeof(ls->lang))
-               goto fail;
-       nlen = os_strlen(sep);
-       if (nlen > 252)
-               goto fail;
-
-       ls = os_realloc_array(*array, *count + 1,
-                             sizeof(struct hostapd_lang_string));
-       if (ls == NULL)
-               goto fail;
-
-       *array = ls;
-       ls = &(*array)[*count];
-       (*count)++;
-
-       os_memset(ls->lang, 0, sizeof(ls->lang));
-       os_memcpy(ls->lang, pos, clen);
-       ls->name_len = nlen;
-       os_memcpy(ls->name, sep, nlen);
-
-       ret = 0;
-fail:
-       os_free(str);
-       return ret;
-}
-
-
-static int parse_venue_name(struct hostapd_bss_config *bss, char *pos,
-                           int line)
-{
-       if (parse_lang_string(&bss->venue_name, &bss->venue_name_count, pos)) {
-               wpa_printf(MSG_ERROR, "Line %d: Invalid venue_name '%s'",
-                          line, pos);
-               return -1;
-       }
-       return 0;
-}
-
-
-static int parse_3gpp_cell_net(struct hostapd_bss_config *bss, char *buf,
-                              int line)
-{
-       size_t count;
-       char *pos;
-       u8 *info = NULL, *ipos;
-
-       /* format: <MCC1,MNC1>[;<MCC2,MNC2>][;...] */
-
-       count = 1;
-       for (pos = buf; *pos; pos++) {
-               if ((*pos < '0' && *pos > '9') && *pos != ';' && *pos != ',')
-                       goto fail;
-               if (*pos == ';')
-                       count++;
-       }
-       if (1 + count * 3 > 0x7f)
-               goto fail;
-
-       info = os_zalloc(2 + 3 + count * 3);
-       if (info == NULL)
-               return -1;
-
-       ipos = info;
-       *ipos++ = 0; /* GUD - Version 1 */
-       *ipos++ = 3 + count * 3; /* User Data Header Length (UDHL) */
-       *ipos++ = 0; /* PLMN List IEI */
-       /* ext(b8) | Length of PLMN List value contents(b7..1) */
-       *ipos++ = 1 + count * 3;
-       *ipos++ = count; /* Number of PLMNs */
-
-       pos = buf;
-       while (pos && *pos) {
-               char *mcc, *mnc;
-               size_t mnc_len;
-
-               mcc = pos;
-               mnc = os_strchr(pos, ',');
-               if (mnc == NULL)
-                       goto fail;
-               *mnc++ = '\0';
-               pos = os_strchr(mnc, ';');
-               if (pos)
-                       *pos++ = '\0';
-
-               mnc_len = os_strlen(mnc);
-               if (os_strlen(mcc) != 3 || (mnc_len != 2 && mnc_len != 3))
-                       goto fail;
-
-               /* BC coded MCC,MNC */
-               /* MCC digit 2 | MCC digit 1 */
-               *ipos++ = ((mcc[1] - '0') << 4) | (mcc[0] - '0');
-               /* MNC digit 3 | MCC digit 3 */
-               *ipos++ = (((mnc_len == 2) ? 0xf0 : ((mnc[2] - '0') << 4))) |
-                       (mcc[2] - '0');
-               /* MNC digit 2 | MNC digit 1 */
-               *ipos++ = ((mnc[1] - '0') << 4) | (mnc[0] - '0');
-       }
-
-       os_free(bss->anqp_3gpp_cell_net);
-       bss->anqp_3gpp_cell_net = info;
-       bss->anqp_3gpp_cell_net_len = 2 + 3 + 3 * count;
-       wpa_hexdump(MSG_MSGDUMP, "3GPP Cellular Network information",
-                   bss->anqp_3gpp_cell_net, bss->anqp_3gpp_cell_net_len);
-
-       return 0;
-
-fail:
-       wpa_printf(MSG_ERROR, "Line %d: Invalid anqp_3gpp_cell_net: %s",
-                  line, buf);
-       os_free(info);
-       return -1;
-}
-
-
-static int parse_nai_realm(struct hostapd_bss_config *bss, char *buf, int line)
-{
-       struct hostapd_nai_realm_data *realm;
-       size_t i, j, len;
-       int *offsets;
-       char *pos, *end, *rpos;
-
-       offsets = os_calloc(bss->nai_realm_count * MAX_NAI_REALMS,
-                           sizeof(int));
-       if (offsets == NULL)
-               return -1;
-
-       for (i = 0; i < bss->nai_realm_count; i++) {
-               realm = &bss->nai_realm_data[i];
-               for (j = 0; j < MAX_NAI_REALMS; j++) {
-                       offsets[i * MAX_NAI_REALMS + j] =
-                               realm->realm[j] ?
-                               realm->realm[j] - realm->realm_buf : -1;
-               }
-       }
-
-       realm = os_realloc_array(bss->nai_realm_data, bss->nai_realm_count + 1,
-                                sizeof(struct hostapd_nai_realm_data));
-       if (realm == NULL) {
-               os_free(offsets);
-               return -1;
-       }
-       bss->nai_realm_data = realm;
-
-       /* patch the pointers after realloc */
-       for (i = 0; i < bss->nai_realm_count; i++) {
-               realm = &bss->nai_realm_data[i];
-               for (j = 0; j < MAX_NAI_REALMS; j++) {
-                       int offs = offsets[i * MAX_NAI_REALMS + j];
-                       if (offs >= 0)
-                               realm->realm[j] = realm->realm_buf + offs;
-                       else
-                               realm->realm[j] = NULL;
-               }
-       }
-       os_free(offsets);
-
-       realm = &bss->nai_realm_data[bss->nai_realm_count];
-       os_memset(realm, 0, sizeof(*realm));
-
-       pos = buf;
-       realm->encoding = atoi(pos);
-       pos = os_strchr(pos, ',');
-       if (pos == NULL)
-               goto fail;
-       pos++;
-
-       end = os_strchr(pos, ',');
-       if (end) {
-               len = end - pos;
-               *end = '\0';
-       } else {
-               len = os_strlen(pos);
-       }
-
-       if (len > MAX_NAI_REALMLEN) {
-               wpa_printf(MSG_ERROR, "Too long a realm string (%d > max %d "
-                          "characters)", (int) len, MAX_NAI_REALMLEN);
-               goto fail;
-       }
-       os_memcpy(realm->realm_buf, pos, len);
-
-       if (end)
-               pos = end + 1;
-       else
-               pos = NULL;
-
-       while (pos && *pos) {
-               struct hostapd_nai_realm_eap *eap;
-
-               if (realm->eap_method_count >= MAX_NAI_EAP_METHODS) {
-                       wpa_printf(MSG_ERROR, "Too many EAP methods");
-                       goto fail;
-               }
-
-               eap = &realm->eap_method[realm->eap_method_count];
-               realm->eap_method_count++;
-
-               end = os_strchr(pos, ',');
-               if (end == NULL)
-                       end = pos + os_strlen(pos);
-
-               eap->eap_method = atoi(pos);
-               for (;;) {
-                       pos = os_strchr(pos, '[');
-                       if (pos == NULL || pos > end)
-                               break;
-                       pos++;
-                       if (eap->num_auths >= MAX_NAI_AUTH_TYPES) {
-                               wpa_printf(MSG_ERROR, "Too many auth params");
-                               goto fail;
-                       }
-                       eap->auth_id[eap->num_auths] = atoi(pos);
-                       pos = os_strchr(pos, ':');
-                       if (pos == NULL || pos > end)
-                               goto fail;
-                       pos++;
-                       eap->auth_val[eap->num_auths] = atoi(pos);
-                       pos = os_strchr(pos, ']');
-                       if (pos == NULL || pos > end)
-                               goto fail;
-                       pos++;
-                       eap->num_auths++;
-               }
-
-               if (*end != ',')
-                       break;
-
-               pos = end + 1;
-       }
-
-       /* Split realm list into null terminated realms */
-       rpos = realm->realm_buf;
-       i = 0;
-       while (*rpos) {
-               if (i >= MAX_NAI_REALMS) {
-                       wpa_printf(MSG_ERROR, "Too many realms");
-                       goto fail;
-               }
-               realm->realm[i++] = rpos;
-               rpos = os_strchr(rpos, ';');
-               if (rpos == NULL)
-                       break;
-               *rpos++ = '\0';
-       }
-
-       bss->nai_realm_count++;
-
-       return 0;
-
-fail:
-       wpa_printf(MSG_ERROR, "Line %d: invalid nai_realm '%s'", line, buf);
-       return -1;
-}
-
-
-static int parse_qos_map_set(struct hostapd_bss_config *bss,
-                            char *buf, int line)
-{
-       u8 qos_map_set[16 + 2 * 21], count = 0;
-       char *pos = buf;
-       int val;
-
-       for (;;) {
-               if (count == sizeof(qos_map_set)) {
-                       wpa_printf(MSG_ERROR, "Line %d: Too many qos_map_set "
-                                  "parameters '%s'", line, buf);
-                       return -1;
-               }
-
-               val = atoi(pos);
-               if (val > 255 || val < 0) {
-                       wpa_printf(MSG_ERROR, "Line %d: Invalid qos_map_set "
-                                  "'%s'", line, buf);
-                       return -1;
-               }
-
-               qos_map_set[count++] = val;
-               pos = os_strchr(pos, ',');
-               if (!pos)
-                       break;
-               pos++;
-       }
-
-       if (count < 16 || count & 1) {
-               wpa_printf(MSG_ERROR, "Line %d: Invalid qos_map_set '%s'",
-                          line, buf);
-               return -1;
-       }
-
-       os_memcpy(bss->qos_map_set, qos_map_set, count);
-       bss->qos_map_set_len = count;
-
-       return 0;
-}
-
-#endif /* CONFIG_INTERWORKING */
-
-
-#ifdef CONFIG_HS20
-static int hs20_parse_conn_capab(struct hostapd_bss_config *bss, char *buf,
-                                int line)
-{
-       u8 *conn_cap;
-       char *pos;
-
-       if (bss->hs20_connection_capability_len >= 0xfff0)
-               return -1;
-
-       conn_cap = os_realloc(bss->hs20_connection_capability,
-                             bss->hs20_connection_capability_len + 4);
-       if (conn_cap == NULL)
-               return -1;
-
-       bss->hs20_connection_capability = conn_cap;
-       conn_cap += bss->hs20_connection_capability_len;
-       pos = buf;
-       conn_cap[0] = atoi(pos);
-       pos = os_strchr(pos, ':');
-       if (pos == NULL)
-               return -1;
-       pos++;
-       WPA_PUT_LE16(conn_cap + 1, atoi(pos));
-       pos = os_strchr(pos, ':');
-       if (pos == NULL)
-               return -1;
-       pos++;
-       conn_cap[3] = atoi(pos);
-       bss->hs20_connection_capability_len += 4;
-
-       return 0;
-}
-
-
-static int hs20_parse_wan_metrics(struct hostapd_bss_config *bss, char *buf,
-                                 int line)
-{
-       u8 *wan_metrics;
-       char *pos;
-
-       /* <WAN Info>:<DL Speed>:<UL Speed>:<DL Load>:<UL Load>:<LMD> */
-
-       wan_metrics = os_zalloc(13);
-       if (wan_metrics == NULL)
-               return -1;
-
-       pos = buf;
-       /* WAN Info */
-       if (hexstr2bin(pos, wan_metrics, 1) < 0)
-               goto fail;
-       pos += 2;
-       if (*pos != ':')
-               goto fail;
-       pos++;
-
-       /* Downlink Speed */
-       WPA_PUT_LE32(wan_metrics + 1, atoi(pos));
-       pos = os_strchr(pos, ':');
-       if (pos == NULL)
-               goto fail;
-       pos++;
-
-       /* Uplink Speed */
-       WPA_PUT_LE32(wan_metrics + 5, atoi(pos));
-       pos = os_strchr(pos, ':');
-       if (pos == NULL)
-               goto fail;
-       pos++;
-
-       /* Downlink Load */
-       wan_metrics[9] = atoi(pos);
-       pos = os_strchr(pos, ':');
-       if (pos == NULL)
-               goto fail;
-       pos++;
-
-       /* Uplink Load */
-       wan_metrics[10] = atoi(pos);
-       pos = os_strchr(pos, ':');
-       if (pos == NULL)
-               goto fail;
-       pos++;
-
-       /* LMD */
-       WPA_PUT_LE16(wan_metrics + 11, atoi(pos));
-
-       os_free(bss->hs20_wan_metrics);
-       bss->hs20_wan_metrics = wan_metrics;
-
-       return 0;
-
-fail:
-       wpa_printf(MSG_ERROR, "Line %d: Invalid hs20_wan_metrics '%s'",
-                  line, pos);
-       os_free(wan_metrics);
-       return -1;
-}
-
-
-static int hs20_parse_oper_friendly_name(struct hostapd_bss_config *bss,
-                                        char *pos, int line)
-{
-       if (parse_lang_string(&bss->hs20_oper_friendly_name,
-                             &bss->hs20_oper_friendly_name_count, pos)) {
-               wpa_printf(MSG_ERROR, "Line %d: Invalid "
-                          "hs20_oper_friendly_name '%s'", line, pos);
-               return -1;
-       }
-       return 0;
-}
-#endif /* CONFIG_HS20 */
-
-
-#ifdef CONFIG_WPS_NFC
-static struct wpabuf * hostapd_parse_bin(const char *buf)
-{
-       size_t len;
-       struct wpabuf *ret;
-
-       len = os_strlen(buf);
-       if (len & 0x01)
-               return NULL;
-       len /= 2;
-
-       ret = wpabuf_alloc(len);
-       if (ret == NULL)
-               return NULL;
-
-       if (hexstr2bin(buf, wpabuf_put(ret, len), len)) {
-               wpabuf_free(ret);
-               return NULL;
-       }
-
-       return ret;
-}
-#endif /* CONFIG_WPS_NFC */
-
-
-static int hostapd_config_fill(struct hostapd_config *conf,
-                              struct hostapd_bss_config *bss,
-                              char *buf, char *pos, int line)
-{
-       int errors = 0;
-
-       {
-               if (os_strcmp(buf, "interface") == 0) {
-                       os_strlcpy(conf->bss[0]->iface, pos,
-                                  sizeof(conf->bss[0]->iface));
-               } else if (os_strcmp(buf, "bridge") == 0) {
-                       os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
-               } else if (os_strcmp(buf, "vlan_bridge") == 0) {
-                       os_strlcpy(bss->vlan_bridge, pos,
-                                  sizeof(bss->vlan_bridge));
-               } else if (os_strcmp(buf, "wds_bridge") == 0) {
-                       os_strlcpy(bss->wds_bridge, pos,
-                                  sizeof(bss->wds_bridge));
-               } else if (os_strcmp(buf, "driver") == 0) {
-                       int j;
-                       /* clear to get error below if setting is invalid */
-                       conf->driver = NULL;
-                       for (j = 0; wpa_drivers[j]; j++) {
-                               if (os_strcmp(pos, wpa_drivers[j]->name) == 0)
-                               {
-                                       conf->driver = wpa_drivers[j];
-                                       break;
-                               }
-                       }
-                       if (conf->driver == NULL) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid/"
-                                          "unknown driver '%s'", line, pos);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "debug") == 0) {
-                       wpa_printf(MSG_DEBUG, "Line %d: DEPRECATED: 'debug' "
-                                  "configuration variable is not used "
-                                  "anymore", line);
-               } else if (os_strcmp(buf, "logger_syslog_level") == 0) {
-                       bss->logger_syslog_level = atoi(pos);
-               } else if (os_strcmp(buf, "logger_stdout_level") == 0) {
-                       bss->logger_stdout_level = atoi(pos);
-               } else if (os_strcmp(buf, "logger_syslog") == 0) {
-                       bss->logger_syslog = atoi(pos);
-               } else if (os_strcmp(buf, "logger_stdout") == 0) {
-                       bss->logger_stdout = atoi(pos);
-               } else if (os_strcmp(buf, "dump_file") == 0) {
-                       wpa_printf(MSG_INFO, "Line %d: DEPRECATED: 'dump_file' configuration variable is not used anymore",
-                                  line);
-               } else if (os_strcmp(buf, "ssid") == 0) {
-                       bss->ssid.ssid_len = os_strlen(pos);
-                       if (bss->ssid.ssid_len > HOSTAPD_MAX_SSID_LEN ||
-                           bss->ssid.ssid_len < 1) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid SSID "
-                                          "'%s'", line, pos);
-                               errors++;
-                       } else {
-                               os_memcpy(bss->ssid.ssid, pos,
-                                         bss->ssid.ssid_len);
-                               bss->ssid.ssid_set = 1;
-                       }
-               } else if (os_strcmp(buf, "ssid2") == 0) {
-                       size_t slen;
-                       char *str = wpa_config_parse_string(pos, &slen);
-                       if (str == NULL || slen < 1 ||
-                                  slen > HOSTAPD_MAX_SSID_LEN) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid SSID "
-                                          "'%s'", line, pos);
-                               errors++;
-                       } else {
-                               os_memcpy(bss->ssid.ssid, str, slen);
-                               bss->ssid.ssid_len = slen;
-                               bss->ssid.ssid_set = 1;
-                       }
-                       os_free(str);
-               } else if (os_strcmp(buf, "utf8_ssid") == 0) {
-                       bss->ssid.utf8_ssid = atoi(pos) > 0;
-               } else if (os_strcmp(buf, "macaddr_acl") == 0) {
-                       bss->macaddr_acl = atoi(pos);
-                       if (bss->macaddr_acl != ACCEPT_UNLESS_DENIED &&
-                           bss->macaddr_acl != DENY_UNLESS_ACCEPTED &&
-                           bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
-                               wpa_printf(MSG_ERROR, "Line %d: unknown "
-                                          "macaddr_acl %d",
-                                          line, bss->macaddr_acl);
-                       }
-               } else if (os_strcmp(buf, "accept_mac_file") == 0) {
-                       if (hostapd_config_read_maclist(pos, &bss->accept_mac,
-                                                       &bss->num_accept_mac))
-                       {
-                               wpa_printf(MSG_ERROR, "Line %d: Failed to "
-                                          "read accept_mac_file '%s'",
-                                          line, pos);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "deny_mac_file") == 0) {
-                       if (hostapd_config_read_maclist(pos, &bss->deny_mac,
-                                                       &bss->num_deny_mac)) {
-                               wpa_printf(MSG_ERROR, "Line %d: Failed to "
-                                          "read deny_mac_file '%s'",
-                                          line, pos);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "wds_sta") == 0) {
-                       bss->wds_sta = atoi(pos);
-               } else if (os_strcmp(buf, "start_disabled") == 0) {
-                       bss->start_disabled = atoi(pos);
-               } else if (os_strcmp(buf, "ap_isolate") == 0) {
-                       bss->isolate = atoi(pos);
-               } else if (os_strcmp(buf, "ap_max_inactivity") == 0) {
-                       bss->ap_max_inactivity = atoi(pos);
-               } else if (os_strcmp(buf, "skip_inactivity_poll") == 0) {
-                       bss->skip_inactivity_poll = atoi(pos);
-               } else if (os_strcmp(buf, "country_code") == 0) {
-                       os_memcpy(conf->country, pos, 2);
-                       /* FIX: make this configurable */
-                       conf->country[2] = ' ';
-               } else if (os_strcmp(buf, "ieee80211d") == 0) {
-                       conf->ieee80211d = atoi(pos);
-               } else if (os_strcmp(buf, "ieee80211h") == 0) {
-                       conf->ieee80211h = atoi(pos);
-               } else if (os_strcmp(buf, "ieee8021x") == 0) {
-                       bss->ieee802_1x = atoi(pos);
-               } else if (os_strcmp(buf, "eapol_version") == 0) {
-                       bss->eapol_version = atoi(pos);
-                       if (bss->eapol_version < 1 ||
-                           bss->eapol_version > 2) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid EAPOL "
-                                          "version (%d): '%s'.",
-                                          line, bss->eapol_version, pos);
-                               errors++;
-                       } else
-                               wpa_printf(MSG_DEBUG, "eapol_version=%d",
-                                          bss->eapol_version);
-#ifdef EAP_SERVER
-               } else if (os_strcmp(buf, "eap_authenticator") == 0) {
-                       bss->eap_server = atoi(pos);
-                       wpa_printf(MSG_ERROR, "Line %d: obsolete "
-                                  "eap_authenticator used; this has been "
-                                  "renamed to eap_server", line);
-               } else if (os_strcmp(buf, "eap_server") == 0) {
-                       bss->eap_server = atoi(pos);
-               } else if (os_strcmp(buf, "eap_user_file") == 0) {
-                       if (hostapd_config_read_eap_user(pos, bss))
-                               errors++;
-               } else if (os_strcmp(buf, "ca_cert") == 0) {
-                       os_free(bss->ca_cert);
-                       bss->ca_cert = os_strdup(pos);
-               } else if (os_strcmp(buf, "server_cert") == 0) {
-                       os_free(bss->server_cert);
-                       bss->server_cert = os_strdup(pos);
-               } else if (os_strcmp(buf, "private_key") == 0) {
-                       os_free(bss->private_key);
-                       bss->private_key = os_strdup(pos);
-               } else if (os_strcmp(buf, "private_key_passwd") == 0) {
-                       os_free(bss->private_key_passwd);
-                       bss->private_key_passwd = os_strdup(pos);
-               } else if (os_strcmp(buf, "check_crl") == 0) {
-                       bss->check_crl = atoi(pos);
-               } else if (os_strcmp(buf, "ocsp_stapling_response") == 0) {
-                       os_free(bss->ocsp_stapling_response);
-                       bss->ocsp_stapling_response = os_strdup(pos);
-               } else if (os_strcmp(buf, "dh_file") == 0) {
-                       os_free(bss->dh_file);
-                       bss->dh_file = os_strdup(pos);
-               } else if (os_strcmp(buf, "fragment_size") == 0) {
-                       bss->fragment_size = atoi(pos);
-#ifdef EAP_SERVER_FAST
-               } else if (os_strcmp(buf, "pac_opaque_encr_key") == 0) {
-                       os_free(bss->pac_opaque_encr_key);
-                       bss->pac_opaque_encr_key = os_malloc(16);
-                       if (bss->pac_opaque_encr_key == NULL) {
-                               wpa_printf(MSG_ERROR, "Line %d: No memory for "
-                                          "pac_opaque_encr_key", line);
-                               errors++;
-                       } else if (hexstr2bin(pos, bss->pac_opaque_encr_key,
-                                             16)) {
-                               wpa_printf(MSG_ERROR, "Line %d: Invalid "
-                                          "pac_opaque_encr_key", line);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "eap_fast_a_id") == 0) {
-                       size_t idlen = os_strlen(pos);
-                       if (idlen & 1) {
-                               wpa_printf(MSG_ERROR, "Line %d: Invalid "
-                                          "eap_fast_a_id", line);
-                               errors++;
-                       } else {
-                               os_free(bss->eap_fast_a_id);
-                               bss->eap_fast_a_id = os_malloc(idlen / 2);
-                               if (bss->eap_fast_a_id == NULL ||
-                                   hexstr2bin(pos, bss->eap_fast_a_id,
-                                              idlen / 2)) {
-                                       wpa_printf(MSG_ERROR, "Line %d: "
-                                                  "Failed to parse "
-                                                  "eap_fast_a_id", line);
-                                       errors++;
-                               } else
-                                       bss->eap_fast_a_id_len = idlen / 2;
-                       }
-               } else if (os_strcmp(buf, "eap_fast_a_id_info") == 0) {
-                       os_free(bss->eap_fast_a_id_info);
-                       bss->eap_fast_a_id_info = os_strdup(pos);
-               } else if (os_strcmp(buf, "eap_fast_prov") == 0) {
-                       bss->eap_fast_prov = atoi(pos);
-               } else if (os_strcmp(buf, "pac_key_lifetime") == 0) {
-                       bss->pac_key_lifetime = atoi(pos);
-               } else if (os_strcmp(buf, "pac_key_refresh_time") == 0) {
-                       bss->pac_key_refresh_time = atoi(pos);
-#endif /* EAP_SERVER_FAST */
-#ifdef EAP_SERVER_SIM
-               } else if (os_strcmp(buf, "eap_sim_db") == 0) {
-                       os_free(bss->eap_sim_db);
-                       bss->eap_sim_db = os_strdup(pos);
-               } else if (os_strcmp(buf, "eap_sim_aka_result_ind") == 0) {
-                       bss->eap_sim_aka_result_ind = atoi(pos);
-#endif /* EAP_SERVER_SIM */
-#ifdef EAP_SERVER_TNC
-               } else if (os_strcmp(buf, "tnc") == 0) {
-                       bss->tnc = atoi(pos);
-#endif /* EAP_SERVER_TNC */
-#ifdef EAP_SERVER_PWD
-               } else if (os_strcmp(buf, "pwd_group") == 0) {
-                       bss->pwd_group = atoi(pos);
-#endif /* EAP_SERVER_PWD */
-#endif /* EAP_SERVER */
-               } else if (os_strcmp(buf, "eap_message") == 0) {
-                       char *term;
-                       bss->eap_req_id_text = os_strdup(pos);
-                       if (bss->eap_req_id_text == NULL) {
-                               wpa_printf(MSG_ERROR, "Line %d: Failed to "
-                                          "allocate memory for "
-                                          "eap_req_id_text", line);
-                               errors++;
-                               return errors;
-                       }
-                       bss->eap_req_id_text_len =
-                               os_strlen(bss->eap_req_id_text);
-                       term = os_strstr(bss->eap_req_id_text, "\\0");
-                       if (term) {
-                               *term++ = '\0';
-                               os_memmove(term, term + 1,
-                                          bss->eap_req_id_text_len -
-                                          (term - bss->eap_req_id_text) - 1);
-                               bss->eap_req_id_text_len--;
-                       }
-               } else if (os_strcmp(buf, "wep_key_len_broadcast") == 0) {
-                       bss->default_wep_key_len = atoi(pos);
-                       if (bss->default_wep_key_len > 13) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid WEP "
-                                          "key len %lu (= %lu bits)", line,
-                                          (unsigned long)
-                                          bss->default_wep_key_len,
-                                          (unsigned long)
-                                          bss->default_wep_key_len * 8);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "wep_key_len_unicast") == 0) {
-                       bss->individual_wep_key_len = atoi(pos);
-                       if (bss->individual_wep_key_len < 0 ||
-                           bss->individual_wep_key_len > 13) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid WEP "
-                                          "key len %d (= %d bits)", line,
-                                          bss->individual_wep_key_len,
-                                          bss->individual_wep_key_len * 8);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "wep_rekey_period") == 0) {
-                       bss->wep_rekeying_period = atoi(pos);
-                       if (bss->wep_rekeying_period < 0) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid "
-                                          "period %d",
-                                          line, bss->wep_rekeying_period);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "eap_reauth_period") == 0) {
-                       bss->eap_reauth_period = atoi(pos);
-                       if (bss->eap_reauth_period < 0) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid "
-                                          "period %d",
-                                          line, bss->eap_reauth_period);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "eapol_key_index_workaround") == 0) {
-                       bss->eapol_key_index_workaround = atoi(pos);
-#ifdef CONFIG_IAPP
-               } else if (os_strcmp(buf, "iapp_interface") == 0) {
-                       bss->ieee802_11f = 1;
-                       os_strlcpy(bss->iapp_iface, pos,
-                                  sizeof(bss->iapp_iface));
-#endif /* CONFIG_IAPP */
-               } else if (os_strcmp(buf, "own_ip_addr") == 0) {
-                       if (hostapd_parse_ip_addr(pos, &bss->own_ip_addr)) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid IP "
-                                          "address '%s'", line, pos);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "nas_identifier") == 0) {
-                       bss->nas_identifier = os_strdup(pos);
-#ifndef CONFIG_NO_RADIUS
-               } else if (os_strcmp(buf, "auth_server_addr") == 0) {
-                       if (hostapd_config_read_radius_addr(
-                                   &bss->radius->auth_servers,
-                                   &bss->radius->num_auth_servers, pos, 1812,
-                                   &bss->radius->auth_server)) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid IP "
-                                          "address '%s'", line, pos);
-                               errors++;
-                       }
-               } else if (bss->radius->auth_server &&
-                          os_strcmp(buf, "auth_server_port") == 0) {
-                       bss->radius->auth_server->port = atoi(pos);
-               } else if (bss->radius->auth_server &&
-                          os_strcmp(buf, "auth_server_shared_secret") == 0) {
-                       int len = os_strlen(pos);
-                       if (len == 0) {
-                               /* RFC 2865, Ch. 3 */
-                               wpa_printf(MSG_ERROR, "Line %d: empty shared "
-                                          "secret is not allowed.", line);
-                               errors++;
-                       }
-                       bss->radius->auth_server->shared_secret =
-                               (u8 *) os_strdup(pos);
-                       bss->radius->auth_server->shared_secret_len = len;
-               } else if (os_strcmp(buf, "acct_server_addr") == 0) {
-                       if (hostapd_config_read_radius_addr(
-                                   &bss->radius->acct_servers,
-                                   &bss->radius->num_acct_servers, pos, 1813,
-                                   &bss->radius->acct_server)) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid IP "
-                                          "address '%s'", line, pos);
-                               errors++;
-                       }
-               } else if (bss->radius->acct_server &&
-                          os_strcmp(buf, "acct_server_port") == 0) {
-                       bss->radius->acct_server->port = atoi(pos);
-               } else if (bss->radius->acct_server &&
-                          os_strcmp(buf, "acct_server_shared_secret") == 0) {
-                       int len = os_strlen(pos);
-                       if (len == 0) {
-                               /* RFC 2865, Ch. 3 */
-                               wpa_printf(MSG_ERROR, "Line %d: empty shared "
-                                          "secret is not allowed.", line);
-                               errors++;
-                       }
-                       bss->radius->acct_server->shared_secret =
-                               (u8 *) os_strdup(pos);
-                       bss->radius->acct_server->shared_secret_len = len;
-               } else if (os_strcmp(buf, "radius_retry_primary_interval") ==
-                          0) {
-                       bss->radius->retry_primary_interval = atoi(pos);
-               } else if (os_strcmp(buf, "radius_acct_interim_interval") == 0)
-               {
-                       bss->acct_interim_interval = atoi(pos);
-               } else if (os_strcmp(buf, "radius_request_cui") == 0) {
-                       bss->radius_request_cui = atoi(pos);
-               } else if (os_strcmp(buf, "radius_auth_req_attr") == 0) {
-                       struct hostapd_radius_attr *attr, *a;
-                       attr = hostapd_parse_radius_attr(pos);
-                       if (attr == NULL) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid "
-                                          "radius_auth_req_attr", line);
-                               errors++;
-                       } else if (bss->radius_auth_req_attr == NULL) {
-                               bss->radius_auth_req_attr = attr;
-                       } else {
-                               a = bss->radius_auth_req_attr;
-                               while (a->next)
-                                       a = a->next;
-                               a->next = attr;
-                       }
-               } else if (os_strcmp(buf, "radius_acct_req_attr") == 0) {
-                       struct hostapd_radius_attr *attr, *a;
-                       attr = hostapd_parse_radius_attr(pos);
-                       if (attr == NULL) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid "
-                                          "radius_acct_req_attr", line);
-                               errors++;
-                       } else if (bss->radius_acct_req_attr == NULL) {
-                               bss->radius_acct_req_attr = attr;
-                       } else {
-                               a = bss->radius_acct_req_attr;
-                               while (a->next)
-                                       a = a->next;
-                               a->next = attr;
-                       }
-               } else if (os_strcmp(buf, "radius_das_port") == 0) {
-                       bss->radius_das_port = atoi(pos);
-               } else if (os_strcmp(buf, "radius_das_client") == 0) {
-                       if (hostapd_parse_das_client(bss, pos) < 0) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid "
-                                          "DAS client", line);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "radius_das_time_window") == 0) {
-                       bss->radius_das_time_window = atoi(pos);
-               } else if (os_strcmp(buf, "radius_das_require_event_timestamp")
-                          == 0) {
-                       bss->radius_das_require_event_timestamp = atoi(pos);
-#endif /* CONFIG_NO_RADIUS */
-               } else if (os_strcmp(buf, "auth_algs") == 0) {
-                       bss->auth_algs = atoi(pos);
-                       if (bss->auth_algs == 0) {
-                               wpa_printf(MSG_ERROR, "Line %d: no "
-                                          "authentication algorithms allowed",
-                                          line);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "max_num_sta") == 0) {
-                       bss->max_num_sta = atoi(pos);
-                       if (bss->max_num_sta < 0 ||
-                           bss->max_num_sta > MAX_STA_COUNT) {
-                               wpa_printf(MSG_ERROR, "Line %d: Invalid "
-                                          "max_num_sta=%d; allowed range "
-                                          "0..%d", line, bss->max_num_sta,
-                                          MAX_STA_COUNT);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "wpa") == 0) {
-                       bss->wpa = atoi(pos);
-               } else if (os_strcmp(buf, "wpa_group_rekey") == 0) {
-                       bss->wpa_group_rekey = atoi(pos);
-               } else if (os_strcmp(buf, "wpa_strict_rekey") == 0) {
-                       bss->wpa_strict_rekey = atoi(pos);
-               } else if (os_strcmp(buf, "wpa_gmk_rekey") == 0) {
-                       bss->wpa_gmk_rekey = atoi(pos);
-               } else if (os_strcmp(buf, "wpa_ptk_rekey") == 0) {
-                       bss->wpa_ptk_rekey = atoi(pos);
-               } else if (os_strcmp(buf, "wpa_passphrase") == 0) {
-                       int len = os_strlen(pos);
-                       if (len < 8 || len > 63) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid WPA "
-                                          "passphrase length %d (expected "
-                                          "8..63)", line, len);
-                               errors++;
-                       } else {
-                               os_free(bss->ssid.wpa_passphrase);
-                               bss->ssid.wpa_passphrase = os_strdup(pos);
-                               if (bss->ssid.wpa_passphrase) {
-                                       os_free(bss->ssid.wpa_psk);
-                                       bss->ssid.wpa_psk = NULL;
-                                       bss->ssid.wpa_passphrase_set = 1;
-                               }
-                       }
-               } else if (os_strcmp(buf, "wpa_psk") == 0) {
-                       os_free(bss->ssid.wpa_psk);
-                       bss->ssid.wpa_psk =
-                               os_zalloc(sizeof(struct hostapd_wpa_psk));
-                       if (bss->ssid.wpa_psk == NULL)
-                               errors++;
-                       else if (hexstr2bin(pos, bss->ssid.wpa_psk->psk,
-                                           PMK_LEN) ||
-                                pos[PMK_LEN * 2] != '\0') {
-                               wpa_printf(MSG_ERROR, "Line %d: Invalid PSK "
-                                          "'%s'.", line, pos);
-                               errors++;
-                       } else {
-                               bss->ssid.wpa_psk->group = 1;
-                               os_free(bss->ssid.wpa_passphrase);
-                               bss->ssid.wpa_passphrase = NULL;
-                               bss->ssid.wpa_psk_set = 1;
-                       }
-               } else if (os_strcmp(buf, "wpa_psk_file") == 0) {
-                       os_free(bss->ssid.wpa_psk_file);
-                       bss->ssid.wpa_psk_file = os_strdup(pos);
-                       if (!bss->ssid.wpa_psk_file) {
-                               wpa_printf(MSG_ERROR, "Line %d: allocation "
-                                          "failed", line);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "wpa_key_mgmt") == 0) {
-                       bss->wpa_key_mgmt =
-                               hostapd_config_parse_key_mgmt(line, pos);
-                       if (bss->wpa_key_mgmt == -1)
-                               errors++;
-               } else if (os_strcmp(buf, "wpa_psk_radius") == 0) {
-                       bss->wpa_psk_radius = atoi(pos);
-                       if (bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&
-                           bss->wpa_psk_radius != PSK_RADIUS_ACCEPTED &&
-                           bss->wpa_psk_radius != PSK_RADIUS_REQUIRED) {
-                               wpa_printf(MSG_ERROR, "Line %d: unknown "
-                                          "wpa_psk_radius %d",
-                                          line, bss->wpa_psk_radius);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "wpa_pairwise") == 0) {
-                       bss->wpa_pairwise =
-                               hostapd_config_parse_cipher(line, pos);
-                       if (bss->wpa_pairwise == -1 ||
-                           bss->wpa_pairwise == 0)
-                               errors++;
-                       else if (bss->wpa_pairwise &
-                                (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 |
-                                 WPA_CIPHER_WEP104)) {
-                               wpa_printf(MSG_ERROR, "Line %d: unsupported "
-                                          "pairwise cipher suite '%s'",
-                                          bss->wpa_pairwise, pos);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "rsn_pairwise") == 0) {
-                       bss->rsn_pairwise =
-                               hostapd_config_parse_cipher(line, pos);
-                       if (bss->rsn_pairwise == -1 ||
-                           bss->rsn_pairwise == 0)
-                               errors++;
-                       else if (bss->rsn_pairwise &
-                                (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 |
-                                 WPA_CIPHER_WEP104)) {
-                               wpa_printf(MSG_ERROR, "Line %d: unsupported "
-                                          "pairwise cipher suite '%s'",
-                                          bss->rsn_pairwise, pos);
-                               errors++;
-                       }
-#ifdef CONFIG_RSN_PREAUTH
-               } else if (os_strcmp(buf, "rsn_preauth") == 0) {
-                       bss->rsn_preauth = atoi(pos);
-               } else if (os_strcmp(buf, "rsn_preauth_interfaces") == 0) {
-                       bss->rsn_preauth_interfaces = os_strdup(pos);
-#endif /* CONFIG_RSN_PREAUTH */
-#ifdef CONFIG_PEERKEY
-               } else if (os_strcmp(buf, "peerkey") == 0) {
-                       bss->peerkey = atoi(pos);
-#endif /* CONFIG_PEERKEY */
-#ifdef CONFIG_IEEE80211R
-               } else if (os_strcmp(buf, "mobility_domain") == 0) {
-                       if (os_strlen(pos) != 2 * MOBILITY_DOMAIN_ID_LEN ||
-                           hexstr2bin(pos, bss->mobility_domain,
-                                      MOBILITY_DOMAIN_ID_LEN) != 0) {
-                               wpa_printf(MSG_DEBUG, "Line %d: Invalid "
-                                          "mobility_domain '%s'", line, pos);
-                               errors++;
-                               return errors;
-                       }
-               } else if (os_strcmp(buf, "r1_key_holder") == 0) {
-                       if (os_strlen(pos) != 2 * FT_R1KH_ID_LEN ||
-                           hexstr2bin(pos, bss->r1_key_holder,
-                                      FT_R1KH_ID_LEN) != 0) {
-                               wpa_printf(MSG_DEBUG, "Line %d: Invalid "
-                                          "r1_key_holder '%s'", line, pos);
-                               errors++;
-                               return errors;
-                       }
-               } else if (os_strcmp(buf, "r0_key_lifetime") == 0) {
-                       bss->r0_key_lifetime = atoi(pos);
-               } else if (os_strcmp(buf, "reassociation_deadline") == 0) {
-                       bss->reassociation_deadline = atoi(pos);
-               } else if (os_strcmp(buf, "r0kh") == 0) {
-                       if (add_r0kh(bss, pos) < 0) {
-                               wpa_printf(MSG_DEBUG, "Line %d: Invalid "
-                                          "r0kh '%s'", line, pos);
-                               errors++;
-                               return errors;
-                       }
-               } else if (os_strcmp(buf, "r1kh") == 0) {
-                       if (add_r1kh(bss, pos) < 0) {
-                               wpa_printf(MSG_DEBUG, "Line %d: Invalid "
-                                          "r1kh '%s'", line, pos);
-                               errors++;
-                               return errors;
-                       }
-               } else if (os_strcmp(buf, "pmk_r1_push") == 0) {
-                       bss->pmk_r1_push = atoi(pos);
-               } else if (os_strcmp(buf, "ft_over_ds") == 0) {
-                       bss->ft_over_ds = atoi(pos);
-#endif /* CONFIG_IEEE80211R */
-#ifndef CONFIG_NO_CTRL_IFACE
-               } else if (os_strcmp(buf, "ctrl_interface") == 0) {
-                       os_free(bss->ctrl_interface);
-                       bss->ctrl_interface = os_strdup(pos);
-               } else if (os_strcmp(buf, "ctrl_interface_group") == 0) {
-#ifndef CONFIG_NATIVE_WINDOWS
-                       struct group *grp;
-                       char *endp;
-                       const char *group = pos;
-
-                       grp = getgrnam(group);
-                       if (grp) {
-                               bss->ctrl_interface_gid = grp->gr_gid;
-                               bss->ctrl_interface_gid_set = 1;
-                               wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d"
-                                          " (from group name '%s')",
-                                          bss->ctrl_interface_gid, group);
-                               return errors;
-                       }
-
-                       /* Group name not found - try to parse this as gid */
-                       bss->ctrl_interface_gid = strtol(group, &endp, 10);
-                       if (*group == '\0' || *endp != '\0') {
-                               wpa_printf(MSG_DEBUG, "Line %d: Invalid group "
-                                          "'%s'", line, group);
-                               errors++;
-                               return errors;
-                       }
-                       bss->ctrl_interface_gid_set = 1;
-                       wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
-                                  bss->ctrl_interface_gid);
-#endif /* CONFIG_NATIVE_WINDOWS */
-#endif /* CONFIG_NO_CTRL_IFACE */
-#ifdef RADIUS_SERVER
-               } else if (os_strcmp(buf, "radius_server_clients") == 0) {
-                       os_free(bss->radius_server_clients);
-                       bss->radius_server_clients = os_strdup(pos);
-               } else if (os_strcmp(buf, "radius_server_auth_port") == 0) {
-                       bss->radius_server_auth_port = atoi(pos);
-               } else if (os_strcmp(buf, "radius_server_ipv6") == 0) {
-                       bss->radius_server_ipv6 = atoi(pos);
-#endif /* RADIUS_SERVER */
-               } else if (os_strcmp(buf, "test_socket") == 0) {
-                       os_free(bss->test_socket);
-                       bss->test_socket = os_strdup(pos);
-               } else if (os_strcmp(buf, "use_pae_group_addr") == 0) {
-                       bss->use_pae_group_addr = atoi(pos);
-               } else if (os_strcmp(buf, "hw_mode") == 0) {
-                       if (os_strcmp(pos, "a") == 0)
-                               conf->hw_mode = HOSTAPD_MODE_IEEE80211A;
-                       else if (os_strcmp(pos, "b") == 0)
-                               conf->hw_mode = HOSTAPD_MODE_IEEE80211B;
-                       else if (os_strcmp(pos, "g") == 0)
-                               conf->hw_mode = HOSTAPD_MODE_IEEE80211G;
-                       else if (os_strcmp(pos, "ad") == 0)
-                               conf->hw_mode = HOSTAPD_MODE_IEEE80211AD;
-                       else {
-                               wpa_printf(MSG_ERROR, "Line %d: unknown "
-                                          "hw_mode '%s'", line, pos);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "wps_rf_bands") == 0) {
-                       if (os_strcmp(pos, "a") == 0)
-                               bss->wps_rf_bands = WPS_RF_50GHZ;
-                       else if (os_strcmp(pos, "g") == 0 ||
-                                os_strcmp(pos, "b") == 0)
-                               bss->wps_rf_bands = WPS_RF_24GHZ;
-                       else if (os_strcmp(pos, "ag") == 0 ||
-                                os_strcmp(pos, "ga") == 0)
-                               bss->wps_rf_bands =
-                                       WPS_RF_24GHZ | WPS_RF_50GHZ;
-                       else {
-                               wpa_printf(MSG_ERROR, "Line %d: unknown "
-                                          "wps_rf_band '%s'", line, pos);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "channel") == 0) {
-                       if (os_strcmp(pos, "acs_survey") == 0) {
-#ifndef CONFIG_ACS
-                               wpa_printf(MSG_ERROR, "Line %d: tries to enable ACS but CONFIG_ACS disabled",
-                                          line);
-                               errors++;
-#endif /* CONFIG_ACS */
-                               conf->channel = 0;
-                       } else
-                               conf->channel = atoi(pos);
-               } else if (os_strcmp(buf, "beacon_int") == 0) {
-                       int val = atoi(pos);
-                       /* MIB defines range as 1..65535, but very small values
-                        * cause problems with the current implementation.
-                        * Since it is unlikely that this small numbers are
-                        * useful in real life scenarios, do not allow beacon
-                        * period to be set below 15 TU. */
-                       if (val < 15 || val > 65535) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid "
-                                          "beacon_int %d (expected "
-                                          "15..65535)", line, val);
-                               errors++;
-                       } else
-                               conf->beacon_int = val;
-#ifdef CONFIG_ACS
-               } else if (os_strcmp(buf, "acs_num_scans") == 0) {
-                       int val = atoi(pos);
-                       if (val <= 0 || val > 100) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid acs_num_scans %d (expected 1..100)",
-                                          line, val);
-                               errors++;
-                       } else
-                               conf->acs_num_scans = val;
-#endif /* CONFIG_ACS */
-               } else if (os_strcmp(buf, "dtim_period") == 0) {
-                       bss->dtim_period = atoi(pos);
-                       if (bss->dtim_period < 1 || bss->dtim_period > 255) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid "
-                                          "dtim_period %d",
-                                          line, bss->dtim_period);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "rts_threshold") == 0) {
-                       conf->rts_threshold = atoi(pos);
-                       if (conf->rts_threshold < 0 ||
-                           conf->rts_threshold > 2347) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid "
-                                          "rts_threshold %d",
-                                          line, conf->rts_threshold);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "fragm_threshold") == 0) {
-                       conf->fragm_threshold = atoi(pos);
-                       if (conf->fragm_threshold < 256 ||
-                           conf->fragm_threshold > 2346) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid "
-                                          "fragm_threshold %d",
-                                          line, conf->fragm_threshold);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "send_probe_response") == 0) {
-                       int val = atoi(pos);
-                       if (val != 0 && val != 1) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid "
-                                          "send_probe_response %d (expected "
-                                          "0 or 1)", line, val);
-                       } else
-                               conf->send_probe_response = val;
-               } else if (os_strcmp(buf, "supported_rates") == 0) {
-                       if (hostapd_parse_intlist(&conf->supported_rates, pos))
-                       {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid rate "
-                                          "list", line);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "basic_rates") == 0) {
-                       if (hostapd_parse_intlist(&conf->basic_rates, pos)) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid rate "
-                                          "list", line);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "preamble") == 0) {
-                       if (atoi(pos))
-                               conf->preamble = SHORT_PREAMBLE;
-                       else
-                               conf->preamble = LONG_PREAMBLE;
-               } else if (os_strcmp(buf, "ignore_broadcast_ssid") == 0) {
-                       bss->ignore_broadcast_ssid = atoi(pos);
-               } else if (os_strcmp(buf, "wep_default_key") == 0) {
-                       bss->ssid.wep.idx = atoi(pos);
-                       if (bss->ssid.wep.idx > 3) {
-                               wpa_printf(MSG_ERROR, "Invalid "
-                                          "wep_default_key index %d",
-                                          bss->ssid.wep.idx);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "wep_key0") == 0 ||
-                          os_strcmp(buf, "wep_key1") == 0 ||
-                          os_strcmp(buf, "wep_key2") == 0 ||
-                          os_strcmp(buf, "wep_key3") == 0) {
-                       if (hostapd_config_read_wep(&bss->ssid.wep,
-                                                   buf[7] - '0', pos)) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid WEP "
-                                          "key '%s'", line, buf);
-                               errors++;
-                       }
-#ifndef CONFIG_NO_VLAN
-               } else if (os_strcmp(buf, "dynamic_vlan") == 0) {
-                       bss->ssid.dynamic_vlan = atoi(pos);
-               } else if (os_strcmp(buf, "vlan_file") == 0) {
-                       if (hostapd_config_read_vlan_file(bss, pos)) {
-                               wpa_printf(MSG_ERROR, "Line %d: failed to "
-                                          "read VLAN file '%s'", line, pos);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "vlan_naming") == 0) {
-                       bss->ssid.vlan_naming = atoi(pos);
-                       if (bss->ssid.vlan_naming >= DYNAMIC_VLAN_NAMING_END ||
-                           bss->ssid.vlan_naming < 0) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid "
-                                          "naming scheme %d", line,
-                                           bss->ssid.vlan_naming);
-                               errors++;
-                        }
-#ifdef CONFIG_FULL_DYNAMIC_VLAN
-               } else if (os_strcmp(buf, "vlan_tagged_interface") == 0) {
-                       bss->ssid.vlan_tagged_interface = os_strdup(pos);
-#endif /* CONFIG_FULL_DYNAMIC_VLAN */
-#endif /* CONFIG_NO_VLAN */
-               } else if (os_strcmp(buf, "ap_table_max_size") == 0) {
-                       conf->ap_table_max_size = atoi(pos);
-               } else if (os_strcmp(buf, "ap_table_expiration_time") == 0) {
-                       conf->ap_table_expiration_time = atoi(pos);
-               } else if (os_strncmp(buf, "tx_queue_", 9) == 0) {
-                       if (hostapd_config_tx_queue(conf, buf, pos)) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid TX "
-                                          "queue item", line);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "wme_enabled") == 0 ||
-                          os_strcmp(buf, "wmm_enabled") == 0) {
-                       bss->wmm_enabled = atoi(pos);
-               } else if (os_strcmp(buf, "uapsd_advertisement_enabled") == 0) {
-                       bss->wmm_uapsd = atoi(pos);
-               } else if (os_strncmp(buf, "wme_ac_", 7) == 0 ||
-                          os_strncmp(buf, "wmm_ac_", 7) == 0) {
-                       if (hostapd_config_wmm_ac(conf->wmm_ac_params, buf,
-                                                 pos)) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid WMM "
-                                          "ac item", line);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "bss") == 0) {
-                       if (hostapd_config_bss(conf, pos)) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid bss "
-                                          "item", line);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "bssid") == 0) {
-                       if (hwaddr_aton(pos, bss->bssid)) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid bssid "
-                                          "item", line);
-                               errors++;
-                       }
-#ifdef CONFIG_IEEE80211W
-               } else if (os_strcmp(buf, "ieee80211w") == 0) {
-                       bss->ieee80211w = atoi(pos);
-               } else if (os_strcmp(buf, "assoc_sa_query_max_timeout") == 0) {
-                       bss->assoc_sa_query_max_timeout = atoi(pos);
-                       if (bss->assoc_sa_query_max_timeout == 0) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid "
-                                          "assoc_sa_query_max_timeout", line);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "assoc_sa_query_retry_timeout") == 0)
-               {
-                       bss->assoc_sa_query_retry_timeout = atoi(pos);
-                       if (bss->assoc_sa_query_retry_timeout == 0) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid "
-                                          "assoc_sa_query_retry_timeout",
-                                          line);
-                               errors++;
-                       }
-#endif /* CONFIG_IEEE80211W */
-#ifdef CONFIG_IEEE80211N
-               } else if (os_strcmp(buf, "ieee80211n") == 0) {
-                       conf->ieee80211n = atoi(pos);
-               } else if (os_strcmp(buf, "ht_capab") == 0) {
-                       if (hostapd_config_ht_capab(conf, pos) < 0) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid "
-                                          "ht_capab", line);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "require_ht") == 0) {
-                       conf->require_ht = atoi(pos);
-               } else if (os_strcmp(buf, "obss_interval") == 0) {
-                       conf->obss_interval = atoi(pos);
-#endif /* CONFIG_IEEE80211N */
-#ifdef CONFIG_IEEE80211AC
-               } else if (os_strcmp(buf, "ieee80211ac") == 0) {
-                       conf->ieee80211ac = atoi(pos);
-               } else if (os_strcmp(buf, "vht_capab") == 0) {
-                       if (hostapd_config_vht_capab(conf, pos) < 0) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid "
-                                          "vht_capab", line);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "require_vht") == 0) {
-                       conf->require_vht = atoi(pos);
-               } else if (os_strcmp(buf, "vht_oper_chwidth") == 0) {
-                       conf->vht_oper_chwidth = atoi(pos);
-               } else if (os_strcmp(buf, "vht_oper_centr_freq_seg0_idx") == 0)
-               {
-                       conf->vht_oper_centr_freq_seg0_idx = atoi(pos);
-               } else if (os_strcmp(buf, "vht_oper_centr_freq_seg1_idx") == 0)
-               {
-                       conf->vht_oper_centr_freq_seg1_idx = atoi(pos);
-#endif /* CONFIG_IEEE80211AC */
-               } else if (os_strcmp(buf, "max_listen_interval") == 0) {
-                       bss->max_listen_interval = atoi(pos);
-               } else if (os_strcmp(buf, "disable_pmksa_caching") == 0) {
-                       bss->disable_pmksa_caching = atoi(pos);
-               } else if (os_strcmp(buf, "okc") == 0) {
-                       bss->okc = atoi(pos);
-#ifdef CONFIG_WPS
-               } else if (os_strcmp(buf, "wps_state") == 0) {
-                       bss->wps_state = atoi(pos);
-                       if (bss->wps_state < 0 || bss->wps_state > 2) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid "
-                                          "wps_state", line);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "wps_independent") == 0) {
-                       bss->wps_independent = atoi(pos);
-               } else if (os_strcmp(buf, "ap_setup_locked") == 0) {
-                       bss->ap_setup_locked = atoi(pos);
-               } else if (os_strcmp(buf, "uuid") == 0) {
-                       if (uuid_str2bin(pos, bss->uuid)) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid UUID",
-                                          line);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "wps_pin_requests") == 0) {
-                       os_free(bss->wps_pin_requests);
-                       bss->wps_pin_requests = os_strdup(pos);
-               } else if (os_strcmp(buf, "device_name") == 0) {
-                       if (os_strlen(pos) > 32) {
-                               wpa_printf(MSG_ERROR, "Line %d: Too long "
-                                          "device_name", line);
-                               errors++;
-                       }
-                       os_free(bss->device_name);
-                       bss->device_name = os_strdup(pos);
-               } else if (os_strcmp(buf, "manufacturer") == 0) {
-                       if (os_strlen(pos) > 64) {
-                               wpa_printf(MSG_ERROR, "Line %d: Too long "
-                                          "manufacturer", line);
-                               errors++;
-                       }
-                       os_free(bss->manufacturer);
-                       bss->manufacturer = os_strdup(pos);
-               } else if (os_strcmp(buf, "model_name") == 0) {
-                       if (os_strlen(pos) > 32) {
-                               wpa_printf(MSG_ERROR, "Line %d: Too long "
-                                          "model_name", line);
-                               errors++;
-                       }
-                       os_free(bss->model_name);
-                       bss->model_name = os_strdup(pos);
-               } else if (os_strcmp(buf, "model_number") == 0) {
-                       if (os_strlen(pos) > 32) {
-                               wpa_printf(MSG_ERROR, "Line %d: Too long "
-                                          "model_number", line);
-                               errors++;
-                       }
-                       os_free(bss->model_number);
-                       bss->model_number = os_strdup(pos);
-               } else if (os_strcmp(buf, "serial_number") == 0) {
-                       if (os_strlen(pos) > 32) {
-                               wpa_printf(MSG_ERROR, "Line %d: Too long "
-                                          "serial_number", line);
-                               errors++;
-                       }
-                       os_free(bss->serial_number);
-                       bss->serial_number = os_strdup(pos);
-               } else if (os_strcmp(buf, "device_type") == 0) {
-                       if (wps_dev_type_str2bin(pos, bss->device_type))
-                               errors++;
-               } else if (os_strcmp(buf, "config_methods") == 0) {
-                       os_free(bss->config_methods);
-                       bss->config_methods = os_strdup(pos);
-               } else if (os_strcmp(buf, "os_version") == 0) {
-                       if (hexstr2bin(pos, bss->os_version, 4)) {
-                               wpa_printf(MSG_ERROR, "Line %d: invalid "
-                                          "os_version", line);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "ap_pin") == 0) {
-                       os_free(bss->ap_pin);
-                       bss->ap_pin = os_strdup(pos);
-               } else if (os_strcmp(buf, "skip_cred_build") == 0) {
-                       bss->skip_cred_build = atoi(pos);
-               } else if (os_strcmp(buf, "extra_cred") == 0) {
-                       os_free(bss->extra_cred);
-                       bss->extra_cred =
-                               (u8 *) os_readfile(pos, &bss->extra_cred_len);
-                       if (bss->extra_cred == NULL) {
-                               wpa_printf(MSG_ERROR, "Line %d: could not "
-                                          "read Credentials from '%s'",
-                                          line, pos);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "wps_cred_processing") == 0) {
-                       bss->wps_cred_processing = atoi(pos);
-               } else if (os_strcmp(buf, "ap_settings") == 0) {
-                       os_free(bss->ap_settings);
-                       bss->ap_settings =
-                               (u8 *) os_readfile(pos, &bss->ap_settings_len);
-                       if (bss->ap_settings == NULL) {
-                               wpa_printf(MSG_ERROR, "Line %d: could not "
-                                          "read AP Settings from '%s'",
-                                          line, pos);
-                               errors++;
-                       }
-               } else if (os_strcmp(buf, "upnp_iface") == 0) {
-                       bss->upnp_iface = os_strdup(pos);
-               } else if (os_strcmp(buf, "friendly_name") == 0) {
-                       os_free(bss->friendly_name);
-                       bss->friendly_name = os_strdup(pos);
-               } else if (os_strcmp(buf, "manufacturer_url") == 0) {
-                       os_free(bss->manufacturer_url);
-                       bss->manufacturer_url = os_strdup(pos);
-            &