Merge branch 'vendor/HOSTAPD'
authorJohn Marino <draco@marino.st>
Wed, 28 May 2014 15:21:37 +0000 (17:21 +0200)
committerJohn Marino <draco@marino.st>
Wed, 28 May 2014 15:23:16 +0000 (17:23 +0200)
Internally conflicted, use vendor/HOSTAPD in all cases

466 files changed:
contrib/hostapd/COPYING [new file with mode: 0644]
contrib/hostapd/README [new file with mode: 0644]
contrib/hostapd/hostapd/ChangeLog [new file with mode: 0644]
contrib/hostapd/hostapd/README [new file with mode: 0644]
contrib/hostapd/hostapd/README-WPS [new file with mode: 0644]
contrib/hostapd/hostapd/config_file.c [new file with mode: 0644]
contrib/hostapd/hostapd/config_file.h [new file with mode: 0644]
contrib/hostapd/hostapd/ctrl_iface.c [new file with mode: 0644]
contrib/hostapd/hostapd/ctrl_iface.h [new file with mode: 0644]
contrib/hostapd/hostapd/eap_register.c [new file with mode: 0644]
contrib/hostapd/hostapd/eap_register.h [new file with mode: 0644]
contrib/hostapd/hostapd/hlr_auc_gw.txt [new file with mode: 0644]
contrib/hostapd/hostapd/hostapd_cli.c [new file with mode: 0644]
contrib/hostapd/hostapd/main.c [new file with mode: 0644]
contrib/hostapd/patches/openssl-0.9.8-tls-extensions.patch [new file with mode: 0644]
contrib/hostapd/patches/openssl-0.9.8d-tls-extensions.patch [new file with mode: 0644]
contrib/hostapd/patches/openssl-0.9.8e-tls-extensions.patch [new file with mode: 0644]
contrib/hostapd/patches/openssl-0.9.8g-tls-extensions.patch [new file with mode: 0644]
contrib/hostapd/patches/openssl-0.9.8h-tls-extensions.patch [new file with mode: 0644]
contrib/hostapd/patches/openssl-0.9.8i-tls-extensions.patch [new file with mode: 0644]
contrib/hostapd/patches/openssl-0.9.8x-tls-extensions.patch [new file with mode: 0644]
contrib/hostapd/patches/openssl-0.9.9-session-ticket.patch [new file with mode: 0644]
contrib/hostapd/src/ap/accounting.c [new file with mode: 0644]
contrib/hostapd/src/ap/accounting.h [new file with mode: 0644]
contrib/hostapd/src/ap/acs.c [new file with mode: 0644]
contrib/hostapd/src/ap/acs.h [new file with mode: 0644]
contrib/hostapd/src/ap/ap_config.c [new file with mode: 0644]
contrib/hostapd/src/ap/ap_config.h [new file with mode: 0644]
contrib/hostapd/src/ap/ap_drv_ops.c [new file with mode: 0644]
contrib/hostapd/src/ap/ap_drv_ops.h [new file with mode: 0644]
contrib/hostapd/src/ap/ap_list.c [new file with mode: 0644]
contrib/hostapd/src/ap/ap_list.h [new file with mode: 0644]
contrib/hostapd/src/ap/ap_mlme.c [new file with mode: 0644]
contrib/hostapd/src/ap/ap_mlme.h [new file with mode: 0644]
contrib/hostapd/src/ap/authsrv.c [new file with mode: 0644]
contrib/hostapd/src/ap/authsrv.h [new file with mode: 0644]
contrib/hostapd/src/ap/beacon.c [new file with mode: 0644]
contrib/hostapd/src/ap/beacon.h [new file with mode: 0644]
contrib/hostapd/src/ap/ctrl_iface_ap.c [new file with mode: 0644]
contrib/hostapd/src/ap/ctrl_iface_ap.h [new file with mode: 0644]
contrib/hostapd/src/ap/dfs.c [new file with mode: 0644]
contrib/hostapd/src/ap/dfs.h [new file with mode: 0644]
contrib/hostapd/src/ap/drv_callbacks.c [new file with mode: 0644]
contrib/hostapd/src/ap/eap_user_db.c [new file with mode: 0644]
contrib/hostapd/src/ap/gas_serv.c [new file with mode: 0644]
contrib/hostapd/src/ap/gas_serv.h [new file with mode: 0644]
contrib/hostapd/src/ap/hostapd.c [new file with mode: 0644]
contrib/hostapd/src/ap/hostapd.h [new file with mode: 0644]
contrib/hostapd/src/ap/hs20.c [new file with mode: 0644]
contrib/hostapd/src/ap/hs20.h [new file with mode: 0644]
contrib/hostapd/src/ap/hw_features.c [new file with mode: 0644]
contrib/hostapd/src/ap/hw_features.h [new file with mode: 0644]
contrib/hostapd/src/ap/iapp.c [new file with mode: 0644]
contrib/hostapd/src/ap/iapp.h [new file with mode: 0644]
contrib/hostapd/src/ap/ieee802_11.c [new file with mode: 0644]
contrib/hostapd/src/ap/ieee802_11.h [new file with mode: 0644]
contrib/hostapd/src/ap/ieee802_11_auth.c [new file with mode: 0644]
contrib/hostapd/src/ap/ieee802_11_auth.h [new file with mode: 0644]
contrib/hostapd/src/ap/ieee802_11_ht.c [new file with mode: 0644]
contrib/hostapd/src/ap/ieee802_11_shared.c [new file with mode: 0644]
contrib/hostapd/src/ap/ieee802_11_vht.c [new file with mode: 0644]
contrib/hostapd/src/ap/ieee802_1x.c [new file with mode: 0644]
contrib/hostapd/src/ap/ieee802_1x.h [new file with mode: 0644]
contrib/hostapd/src/ap/p2p_hostapd.c [new file with mode: 0644]
contrib/hostapd/src/ap/p2p_hostapd.h [new file with mode: 0644]
contrib/hostapd/src/ap/peerkey_auth.c [new file with mode: 0644]
contrib/hostapd/src/ap/pmksa_cache_auth.c [new file with mode: 0644]
contrib/hostapd/src/ap/pmksa_cache_auth.h [new file with mode: 0644]
contrib/hostapd/src/ap/preauth_auth.c [new file with mode: 0644]
contrib/hostapd/src/ap/preauth_auth.h [new file with mode: 0644]
contrib/hostapd/src/ap/sta_info.c [new file with mode: 0644]
contrib/hostapd/src/ap/sta_info.h [new file with mode: 0644]
contrib/hostapd/src/ap/tkip_countermeasures.c [new file with mode: 0644]
contrib/hostapd/src/ap/tkip_countermeasures.h [new file with mode: 0644]
contrib/hostapd/src/ap/utils.c [new file with mode: 0644]
contrib/hostapd/src/ap/vlan_init.c [new file with mode: 0644]
contrib/hostapd/src/ap/vlan_init.h [new file with mode: 0644]
contrib/hostapd/src/ap/vlan_util.c [new file with mode: 0644]
contrib/hostapd/src/ap/vlan_util.h [new file with mode: 0644]
contrib/hostapd/src/ap/wmm.c [new file with mode: 0644]
contrib/hostapd/src/ap/wmm.h [new file with mode: 0644]
contrib/hostapd/src/ap/wnm_ap.c [new file with mode: 0644]
contrib/hostapd/src/ap/wnm_ap.h [new file with mode: 0644]
contrib/hostapd/src/ap/wpa_auth.c [new file with mode: 0644]
contrib/hostapd/src/ap/wpa_auth.h [new file with mode: 0644]
contrib/hostapd/src/ap/wpa_auth_ft.c [new file with mode: 0644]
contrib/hostapd/src/ap/wpa_auth_glue.c [new file with mode: 0644]
contrib/hostapd/src/ap/wpa_auth_glue.h [new file with mode: 0644]
contrib/hostapd/src/ap/wpa_auth_i.h [new file with mode: 0644]
contrib/hostapd/src/ap/wpa_auth_ie.c [new file with mode: 0644]
contrib/hostapd/src/ap/wpa_auth_ie.h [new file with mode: 0644]
contrib/hostapd/src/ap/wps_hostapd.c [new file with mode: 0644]
contrib/hostapd/src/ap/wps_hostapd.h [new file with mode: 0644]
contrib/hostapd/src/common/defs.h [new file with mode: 0644]
contrib/hostapd/src/common/eapol_common.h [new file with mode: 0644]
contrib/hostapd/src/common/gas.c [new file with mode: 0644]
contrib/hostapd/src/common/gas.h [new file with mode: 0644]
contrib/hostapd/src/common/ieee802_11_common.c [new file with mode: 0644]
contrib/hostapd/src/common/ieee802_11_common.h [new file with mode: 0644]
contrib/hostapd/src/common/ieee802_11_defs.h [new file with mode: 0644]
contrib/hostapd/src/common/privsep_commands.h [new file with mode: 0644]
contrib/hostapd/src/common/qca-vendor.h [new file with mode: 0644]
contrib/hostapd/src/common/sae.c [new file with mode: 0644]
contrib/hostapd/src/common/sae.h [new file with mode: 0644]
contrib/hostapd/src/common/version.h [new file with mode: 0644]
contrib/hostapd/src/common/wpa_common.c [new file with mode: 0644]
contrib/hostapd/src/common/wpa_common.h [new file with mode: 0644]
contrib/hostapd/src/common/wpa_ctrl.c [new file with mode: 0644]
contrib/hostapd/src/common/wpa_ctrl.h [new file with mode: 0644]
contrib/hostapd/src/crypto/aes-cbc.c [new file with mode: 0644]
contrib/hostapd/src/crypto/aes-ccm.c [new file with mode: 0644]
contrib/hostapd/src/crypto/aes-ctr.c [new file with mode: 0644]
contrib/hostapd/src/crypto/aes-eax.c [new file with mode: 0644]
contrib/hostapd/src/crypto/aes-encblock.c [new file with mode: 0644]
contrib/hostapd/src/crypto/aes-gcm.c [new file with mode: 0644]
contrib/hostapd/src/crypto/aes-internal-dec.c [new file with mode: 0644]
contrib/hostapd/src/crypto/aes-internal-enc.c [new file with mode: 0644]
contrib/hostapd/src/crypto/aes-internal.c [new file with mode: 0644]
contrib/hostapd/src/crypto/aes-omac1.c [new file with mode: 0644]
contrib/hostapd/src/crypto/aes-unwrap.c [new file with mode: 0644]
contrib/hostapd/src/crypto/aes-wrap.c [new file with mode: 0644]
contrib/hostapd/src/crypto/aes.h [new file with mode: 0644]
contrib/hostapd/src/crypto/aes_i.h [new file with mode: 0644]
contrib/hostapd/src/crypto/aes_wrap.h [new file with mode: 0644]
contrib/hostapd/src/crypto/crypto.h [new file with mode: 0644]
contrib/hostapd/src/crypto/crypto_cryptoapi.c [new file with mode: 0644]
contrib/hostapd/src/crypto/crypto_gnutls.c [new file with mode: 0644]
contrib/hostapd/src/crypto/crypto_internal-cipher.c [new file with mode: 0644]
contrib/hostapd/src/crypto/crypto_internal-modexp.c [new file with mode: 0644]
contrib/hostapd/src/crypto/crypto_internal-rsa.c [new file with mode: 0644]
contrib/hostapd/src/crypto/crypto_internal.c [new file with mode: 0644]
contrib/hostapd/src/crypto/crypto_libtomcrypt.c [new file with mode: 0644]
contrib/hostapd/src/crypto/crypto_none.c [new file with mode: 0644]
contrib/hostapd/src/crypto/crypto_nss.c [new file with mode: 0644]
contrib/hostapd/src/crypto/crypto_openssl.c [new file with mode: 0644]
contrib/hostapd/src/crypto/des-internal.c [new file with mode: 0644]
contrib/hostapd/src/crypto/des_i.h [new file with mode: 0644]
contrib/hostapd/src/crypto/dh_group5.c [new file with mode: 0644]
contrib/hostapd/src/crypto/dh_group5.h [new file with mode: 0644]
contrib/hostapd/src/crypto/dh_groups.c [new file with mode: 0644]
contrib/hostapd/src/crypto/dh_groups.h [new file with mode: 0644]
contrib/hostapd/src/crypto/fips_prf_cryptoapi.c [new file with mode: 0644]
contrib/hostapd/src/crypto/fips_prf_gnutls.c [new file with mode: 0644]
contrib/hostapd/src/crypto/fips_prf_internal.c [new file with mode: 0644]
contrib/hostapd/src/crypto/fips_prf_nss.c [new file with mode: 0644]
contrib/hostapd/src/crypto/fips_prf_openssl.c [new file with mode: 0644]
contrib/hostapd/src/crypto/md4-internal.c [new file with mode: 0644]
contrib/hostapd/src/crypto/md5-internal.c [new file with mode: 0644]
contrib/hostapd/src/crypto/md5.c [new file with mode: 0644]
contrib/hostapd/src/crypto/md5.h [new file with mode: 0644]
contrib/hostapd/src/crypto/md5_i.h [new file with mode: 0644]
contrib/hostapd/src/crypto/milenage.c [new file with mode: 0644]
contrib/hostapd/src/crypto/milenage.h [new file with mode: 0644]
contrib/hostapd/src/crypto/ms_funcs.c [new file with mode: 0644]
contrib/hostapd/src/crypto/ms_funcs.h [new file with mode: 0644]
contrib/hostapd/src/crypto/random.c [new file with mode: 0644]
contrib/hostapd/src/crypto/random.h [new file with mode: 0644]
contrib/hostapd/src/crypto/rc4.c [new file with mode: 0644]
contrib/hostapd/src/crypto/sha1-internal.c [new file with mode: 0644]
contrib/hostapd/src/crypto/sha1-pbkdf2.c [new file with mode: 0644]
contrib/hostapd/src/crypto/sha1-prf.c [new file with mode: 0644]
contrib/hostapd/src/crypto/sha1-tlsprf.c [new file with mode: 0644]
contrib/hostapd/src/crypto/sha1-tprf.c [new file with mode: 0644]
contrib/hostapd/src/crypto/sha1.c [new file with mode: 0644]
contrib/hostapd/src/crypto/sha1.h [new file with mode: 0644]
contrib/hostapd/src/crypto/sha1_i.h [new file with mode: 0644]
contrib/hostapd/src/crypto/sha256-internal.c [new file with mode: 0644]
contrib/hostapd/src/crypto/sha256-prf.c [new file with mode: 0644]
contrib/hostapd/src/crypto/sha256-tlsprf.c [new file with mode: 0644]
contrib/hostapd/src/crypto/sha256.c [new file with mode: 0644]
contrib/hostapd/src/crypto/sha256.h [new file with mode: 0644]
contrib/hostapd/src/crypto/sha256_i.h [new file with mode: 0644]
contrib/hostapd/src/crypto/tls.h [new file with mode: 0644]
contrib/hostapd/src/crypto/tls_gnutls.c [new file with mode: 0644]
contrib/hostapd/src/crypto/tls_internal.c [new file with mode: 0644]
contrib/hostapd/src/crypto/tls_none.c [new file with mode: 0644]
contrib/hostapd/src/crypto/tls_nss.c [new file with mode: 0644]
contrib/hostapd/src/crypto/tls_openssl.c [new file with mode: 0644]
contrib/hostapd/src/crypto/tls_schannel.c [new file with mode: 0644]
contrib/hostapd/src/drivers/android_drv.h [new file with mode: 0644]
contrib/hostapd/src/drivers/driver.h [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_atheros.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_bsd.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_common.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_hostap.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_hostap.h [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_madwifi.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_ndis.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_ndis.h [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_ndis_.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_nl80211.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_none.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_openbsd.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_privsep.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_roboswitch.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_test.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_wext.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_wext.h [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_wired.c [new file with mode: 0644]
contrib/hostapd/src/drivers/drivers.c [new file with mode: 0644]
contrib/hostapd/src/drivers/linux_ioctl.c [new file with mode: 0644]
contrib/hostapd/src/drivers/linux_ioctl.h [new file with mode: 0644]
contrib/hostapd/src/drivers/linux_wext.h [new file with mode: 0644]
contrib/hostapd/src/drivers/ndis_events.c [new file with mode: 0644]
contrib/hostapd/src/drivers/netlink.c [new file with mode: 0644]
contrib/hostapd/src/drivers/netlink.h [new file with mode: 0644]
contrib/hostapd/src/drivers/nl80211_copy.h [new file with mode: 0644]
contrib/hostapd/src/drivers/priv_netlink.h [new file with mode: 0644]
contrib/hostapd/src/drivers/rfkill.c [new file with mode: 0644]
contrib/hostapd/src/drivers/rfkill.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/chap.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/chap.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_defs.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_eke_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_eke_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_fast_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_fast_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_gpsk_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_gpsk_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_ikev2_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_ikev2_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_pax_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_pax_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_peap_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_peap_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_psk_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_psk_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_pwd_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_pwd_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_sake_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_sake_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_sim_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_sim_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_tlv_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_ttls.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_wsc_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_wsc_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/ikev2_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/ikev2_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap.h [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_aka.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_config.h [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_eke.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_fast.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_fast_pac.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_fast_pac.h [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_gpsk.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_gtc.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_i.h [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_ikev2.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_leap.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_md5.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_methods.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_methods.h [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_mschapv2.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_otp.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_pax.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_peap.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_proxy.h [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_proxy_dummy.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_psk.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_pwd.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_sake.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_sim.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_tls.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_tls_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_tls_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_tnc.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_ttls.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_vendor_test.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_wsc.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/ikev2.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/ikev2.h [new file with mode: 0644]
contrib/hostapd/src/eap_peer/mschapv2.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/mschapv2.h [new file with mode: 0644]
contrib/hostapd/src/eap_peer/tncc.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/tncc.h [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap.h [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_i.h [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_methods.h [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_aka.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_eke.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_fast.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_gpsk.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_gtc.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_identity.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_ikev2.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_md5.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_methods.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_mschapv2.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_pax.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_peap.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_psk.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_pwd.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_sake.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_sim.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_tls.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_tls_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_tnc.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_ttls.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_vendor_test.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_server_wsc.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_sim_db.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_sim_db.h [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_tls_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_server/ikev2.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/ikev2.h [new file with mode: 0644]
contrib/hostapd/src/eap_server/tncs.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/tncs.h [new file with mode: 0644]
contrib/hostapd/src/eapol_auth/eapol_auth_dump.c [new file with mode: 0644]
contrib/hostapd/src/eapol_auth/eapol_auth_sm.c [new file with mode: 0644]
contrib/hostapd/src/eapol_auth/eapol_auth_sm.h [new file with mode: 0644]
contrib/hostapd/src/eapol_auth/eapol_auth_sm_i.h [new file with mode: 0644]
contrib/hostapd/src/eapol_supp/eapol_supp_sm.c [new file with mode: 0644]
contrib/hostapd/src/eapol_supp/eapol_supp_sm.h [new file with mode: 0644]
contrib/hostapd/src/l2_packet/l2_packet.h [new file with mode: 0644]
contrib/hostapd/src/l2_packet/l2_packet_freebsd.c [new file with mode: 0644]
contrib/hostapd/src/l2_packet/l2_packet_linux.c [new file with mode: 0644]
contrib/hostapd/src/l2_packet/l2_packet_ndis.c [new file with mode: 0644]
contrib/hostapd/src/l2_packet/l2_packet_none.c [new file with mode: 0644]
contrib/hostapd/src/l2_packet/l2_packet_pcap.c [new file with mode: 0644]
contrib/hostapd/src/l2_packet/l2_packet_privsep.c [new file with mode: 0644]
contrib/hostapd/src/l2_packet/l2_packet_winpcap.c [new file with mode: 0644]
contrib/hostapd/src/p2p/p2p.c [new file with mode: 0644]
contrib/hostapd/src/p2p/p2p.h [new file with mode: 0644]
contrib/hostapd/src/p2p/p2p_build.c [new file with mode: 0644]
contrib/hostapd/src/p2p/p2p_dev_disc.c [new file with mode: 0644]
contrib/hostapd/src/p2p/p2p_go_neg.c [new file with mode: 0644]
contrib/hostapd/src/p2p/p2p_group.c [new file with mode: 0644]
contrib/hostapd/src/p2p/p2p_i.h [new file with mode: 0644]
contrib/hostapd/src/p2p/p2p_invitation.c [new file with mode: 0644]
contrib/hostapd/src/p2p/p2p_parse.c [new file with mode: 0644]
contrib/hostapd/src/p2p/p2p_pd.c [new file with mode: 0644]
contrib/hostapd/src/p2p/p2p_sd.c [new file with mode: 0644]
contrib/hostapd/src/p2p/p2p_utils.c [new file with mode: 0644]
contrib/hostapd/src/radius/radius.c [new file with mode: 0644]
contrib/hostapd/src/radius/radius.h [new file with mode: 0644]
contrib/hostapd/src/radius/radius_client.c [new file with mode: 0644]
contrib/hostapd/src/radius/radius_client.h [new file with mode: 0644]
contrib/hostapd/src/radius/radius_das.c [new file with mode: 0644]
contrib/hostapd/src/radius/radius_das.h [new file with mode: 0644]
contrib/hostapd/src/radius/radius_server.c [new file with mode: 0644]
contrib/hostapd/src/radius/radius_server.h [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/peerkey.c [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/peerkey.h [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/pmksa_cache.c [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/pmksa_cache.h [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/preauth.c [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/preauth.h [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/tdls.c [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/wpa.c [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/wpa.h [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/wpa_ft.c [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/wpa_i.h [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/wpa_ie.c [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/wpa_ie.h [new file with mode: 0644]
contrib/hostapd/src/tls/asn1.c [new file with mode: 0644]
contrib/hostapd/src/tls/asn1.h [new file with mode: 0644]
contrib/hostapd/src/tls/bignum.c [new file with mode: 0644]
contrib/hostapd/src/tls/bignum.h [new file with mode: 0644]
contrib/hostapd/src/tls/libtommath.c [new file with mode: 0644]
contrib/hostapd/src/tls/pkcs1.c [new file with mode: 0644]
contrib/hostapd/src/tls/pkcs1.h [new file with mode: 0644]
contrib/hostapd/src/tls/pkcs5.c [new file with mode: 0644]
contrib/hostapd/src/tls/pkcs5.h [new file with mode: 0644]
contrib/hostapd/src/tls/pkcs8.c [new file with mode: 0644]
contrib/hostapd/src/tls/pkcs8.h [new file with mode: 0644]
contrib/hostapd/src/tls/rsa.c [new file with mode: 0644]
contrib/hostapd/src/tls/rsa.h [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_client.c [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_client.h [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_client_i.h [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_client_read.c [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_client_write.c [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_common.c [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_common.h [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_cred.c [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_cred.h [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_record.c [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_record.h [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_server.c [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_server.h [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_server_i.h [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_server_read.c [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_server_write.c [new file with mode: 0644]
contrib/hostapd/src/tls/x509v3.c [new file with mode: 0644]
contrib/hostapd/src/tls/x509v3.h [new file with mode: 0644]
contrib/hostapd/src/utils/base64.c [new file with mode: 0644]
contrib/hostapd/src/utils/base64.h [new file with mode: 0644]
contrib/hostapd/src/utils/bitfield.c [new file with mode: 0644]
contrib/hostapd/src/utils/bitfield.h [new file with mode: 0644]
contrib/hostapd/src/utils/build_config.h [new file with mode: 0644]
contrib/hostapd/src/utils/common.c [new file with mode: 0644]
contrib/hostapd/src/utils/common.h [new file with mode: 0644]
contrib/hostapd/src/utils/edit.c [new file with mode: 0644]
contrib/hostapd/src/utils/edit.h [new file with mode: 0644]
contrib/hostapd/src/utils/edit_readline.c [new file with mode: 0644]
contrib/hostapd/src/utils/edit_simple.c [new file with mode: 0644]
contrib/hostapd/src/utils/eloop.c [new file with mode: 0644]
contrib/hostapd/src/utils/eloop.h [new file with mode: 0644]
contrib/hostapd/src/utils/eloop_win.c [new file with mode: 0644]
contrib/hostapd/src/utils/ext_password.c [new file with mode: 0644]
contrib/hostapd/src/utils/ext_password.h [new file with mode: 0644]
contrib/hostapd/src/utils/ext_password_i.h [new file with mode: 0644]
contrib/hostapd/src/utils/ext_password_test.c [new file with mode: 0644]
contrib/hostapd/src/utils/includes.h [new file with mode: 0644]
contrib/hostapd/src/utils/ip_addr.c [new file with mode: 0644]
contrib/hostapd/src/utils/ip_addr.h [new file with mode: 0644]
contrib/hostapd/src/utils/list.h [new file with mode: 0644]
contrib/hostapd/src/utils/os.h [new file with mode: 0644]
contrib/hostapd/src/utils/os_internal.c [new file with mode: 0644]
contrib/hostapd/src/utils/os_none.c [new file with mode: 0644]
contrib/hostapd/src/utils/os_unix.c [new file with mode: 0644]
contrib/hostapd/src/utils/os_win32.c [new file with mode: 0644]
contrib/hostapd/src/utils/pcsc_funcs.c [new file with mode: 0644]
contrib/hostapd/src/utils/pcsc_funcs.h [new file with mode: 0644]
contrib/hostapd/src/utils/radiotap.c [new file with mode: 0644]
contrib/hostapd/src/utils/radiotap.h [new file with mode: 0644]
contrib/hostapd/src/utils/radiotap_iter.h [new file with mode: 0644]
contrib/hostapd/src/utils/state_machine.h [new file with mode: 0644]
contrib/hostapd/src/utils/trace.c [new file with mode: 0644]
contrib/hostapd/src/utils/trace.h [new file with mode: 0644]
contrib/hostapd/src/utils/uuid.c [new file with mode: 0644]
contrib/hostapd/src/utils/uuid.h [new file with mode: 0644]
contrib/hostapd/src/utils/wpa_debug.c [new file with mode: 0644]
contrib/hostapd/src/utils/wpa_debug.h [new file with mode: 0644]
contrib/hostapd/src/utils/wpabuf.c [new file with mode: 0644]
contrib/hostapd/src/utils/wpabuf.h [new file with mode: 0644]
contrib/hostapd/src/wps/http.h [new file with mode: 0644]
contrib/hostapd/src/wps/http_client.c [new file with mode: 0644]
contrib/hostapd/src/wps/http_client.h [new file with mode: 0644]
contrib/hostapd/src/wps/http_server.c [new file with mode: 0644]
contrib/hostapd/src/wps/http_server.h [new file with mode: 0644]
contrib/hostapd/src/wps/httpread.c [new file with mode: 0644]
contrib/hostapd/src/wps/httpread.h [new file with mode: 0644]
contrib/hostapd/src/wps/ndef.c [new file with mode: 0644]
contrib/hostapd/src/wps/upnp_xml.c [new file with mode: 0644]
contrib/hostapd/src/wps/upnp_xml.h [new file with mode: 0644]
contrib/hostapd/src/wps/wps.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps.h [new file with mode: 0644]
contrib/hostapd/src/wps/wps_attr_build.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_attr_parse.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_attr_parse.h [new file with mode: 0644]
contrib/hostapd/src/wps/wps_attr_process.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_common.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_defs.h [new file with mode: 0644]
contrib/hostapd/src/wps/wps_dev_attr.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_dev_attr.h [new file with mode: 0644]
contrib/hostapd/src/wps/wps_enrollee.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_er.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_er.h [new file with mode: 0644]
contrib/hostapd/src/wps/wps_er_ssdp.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_i.h [new file with mode: 0644]
contrib/hostapd/src/wps/wps_registrar.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_upnp.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_upnp.h [new file with mode: 0644]
contrib/hostapd/src/wps/wps_upnp_ap.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_upnp_event.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_upnp_i.h [new file with mode: 0644]
contrib/hostapd/src/wps/wps_upnp_ssdp.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_upnp_web.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_validate.c [new file with mode: 0644]

diff --git a/contrib/hostapd/COPYING b/contrib/hostapd/COPYING
new file mode 100644 (file)
index 0000000..8a98582
--- /dev/null
@@ -0,0 +1,22 @@
+wpa_supplicant and hostapd
+--------------------------
+
+Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> and contributors
+All Rights Reserved.
+
+
+See the README file for the current license terms.
+
+This software was previously distributed under BSD/GPL v2 dual license
+terms that allowed either of those license alternatives to be
+selected. As of February 11, 2012, the project has chosen to use only
+the BSD license option for future distribution. As such, the GPL v2
+license option is no longer used. It should be noted that the BSD
+license option (the one with advertisement clause removed) is compatible
+with GPL and as such, does not prevent use of this software in projects
+that use GPL.
+
+Some of the files may still include pointers to GPL version 2 license
+terms. However, such copyright and license notifications are maintained
+only for attribution purposes and any distribution of this software
+after February 11, 2012 is no longer under the GPL v2 option.
diff --git a/contrib/hostapd/README b/contrib/hostapd/README
new file mode 100644 (file)
index 0000000..8de14a6
--- /dev/null
@@ -0,0 +1,56 @@
+wpa_supplicant and hostapd
+--------------------------
+
+Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi> and contributors
+All Rights Reserved.
+
+These programs are licensed under the BSD license (the one with
+advertisement clause removed).
+
+If you are submitting changes to the project, please see CONTRIBUTIONS
+file for more instructions.
+
+
+This package may include either wpa_supplicant, hostapd, or both. See
+README file respective subdirectories (wpa_supplicant/README or
+hostapd/README) for more details.
+
+Source code files were moved around in v0.6.x releases and compared to
+earlier releases, the programs are now built by first going to a
+subdirectory (wpa_supplicant or hostapd) and creating build
+configuration (.config) and running 'make' there (for Linux/BSD/cygwin
+builds).
+
+
+License
+-------
+
+This software may be distributed, used, and modified under the terms of
+BSD license:
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+3. Neither the name(s) of the above-listed copyright holder(s) nor the
+   names of its contributors may be used to endorse or promote products
+   derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/contrib/hostapd/hostapd/ChangeLog b/contrib/hostapd/hostapd/ChangeLog
new file mode 100644 (file)
index 0000000..5ef9676
--- /dev/null
@@ -0,0 +1,885 @@
+ChangeLog for hostapd
+
+2014-02-04 - v2.1
+       * added support for simultaneous authentication of equals (SAE) for
+         stronger password-based authentication with WPA2-Personal
+       * added nl80211 functionality
+         - VHT configuration for nl80211
+         - support split wiphy dump
+         - driver-based MAC ACL
+         - QoS Mapping configuration
+       * added fully automated regression testing with mac80211_hwsim
+       * allow ctrl_iface group to be specified on command line (-G<group>)
+       * allow single hostapd process to control independent WPS interfaces
+         (wps_independent=1) instead of synchronized operations through all
+         configured interfaces within a process
+       * avoid processing received management frames multiple times when using
+         nl80211 with multiple BSSes
+       * added support for DFS (processing radar detection events, CAC, channel
+         re-selection)
+       * added EAP-EKE server
+       * added automatic channel selection (ACS)
+       * added option for using per-BSS (vif) configuration files with
+         -b<phyname>:<config file name>
+       * extended global control interface ADD/REMOVE commands to allow BSSes
+         of a radio to be removed individually without having to add/remove all
+         other BSSes of the radio at the same time
+       * added support for sending debug info to Linux tracing (-T on command
+         line)
+       * replace dump_file functionality with same information being available
+         through the hostapd control interface
+       * added support for using Protected Dual of Public Action frames for
+         GAS/ANQP exchanges when PMF is enabled
+       * added support for WPS+NFC updates
+         - improved protocol
+         - option to fetch and report alternative carrier records for external
+           NFC operations
+       * various bug fixes
+
+2013-01-12 - v2.0
+       * added AP-STA-DISCONNECTED ctrl_iface event
+       * improved debug logging (human readable event names, interface name
+         included in more entries)
+       * added number of small changes to make it easier for static analyzers
+         to understand the implementation
+       * added a workaround for Windows 7 Michael MIC failure reporting and
+         use of the Secure bit in EAPOL-Key msg 3/4
+       * fixed number of small bugs (see git logs for more details)
+       * changed OpenSSL to read full certificate chain from server_cert file
+       * nl80211: number of updates to use new cfg80211/nl80211 functionality
+         - replace monitor interface with nl80211 commands
+         - additional information for driver-based AP SME
+       * EAP-pwd:
+         - fix KDF for group 21 and zero-padding
+         - added support for fragmentation
+         - increased maximum number of hunting-and-pecking iterations
+       * avoid excessive Probe Response retries for broadcast Probe Request
+         frames (only with drivers using hostapd SME/MLME)
+       * added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
+       * fixed WPS operation stopping on dual concurrent AP
+       * added wps_rf_bands configuration parameter for overriding RF Bands
+         value for WPS
+       * added support for getting per-device PSK from RADIUS Tunnel-Password
+       * added support for libnl 3.2 and newer
+       * increased initial group key handshake retransmit timeout to 500 ms
+       * added a workaround for 4-way handshake to update SNonce even after
+         having sent EAPOL-Key 3/4 to avoid issues with some supplicant
+         implementations that can change SNonce for each EAP-Key 2/4
+       * added a workaround for EAPOL-Key 4/4 using incorrect type value in
+         WPA2 mode (some deployed stations use WPA type in that message)
+       * added a WPS workaround for mixed mode AP Settings with Windows 7
+       * changed WPS AP PIN disabling mechanism to disable the PIN after 10
+         consecutive failures in addition to using the exponential lockout
+         period
+       * added support for WFA Hotspot 2.0
+         - GAS/ANQP advertisement of network information
+         - disable_dgaf parameter to disable downstream group-addressed
+           forwarding
+       * simplified licensing terms by selecting the BSD license as the only
+         alternative
+       * EAP-SIM: fixed re-authentication not to update pseudonym
+       * EAP-SIM: use Notification round before EAP-Failure
+       * EAP-AKA: added support for AT_COUNTER_TOO_SMALL
+       * EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
+       * EAP-AKA': fixed identity for MK derivation
+       * EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
+         breaks interoperability with older versions
+       * EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
+       * changed ANonce to be a random number instead of Counter-based
+       * added support for canceling WPS operations with hostapd_cli wps_cancel
+       * fixed EAP/WPS to PSK transition on reassociation in cases where
+         deauthentication is missed
+       * hlr_auc_gw enhancements:
+         - a new command line parameter -u can be used to enable updating of
+           SQN in Milenage file
+         - use 5 bit IND for SQN updates
+         - SQLite database can now be used to store Milenage information
+       * EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
+         and reauth data
+       * added support for Chargeable-User-Identity (RFC 4372)
+       * added radius_auth_req_attr and radius_acct_req_attr configuration
+         parameters to allow adding/overriding of RADIUS attributes in
+         Access-Request and Accounting-Request packets
+       * added support for RADIUS dynamic authorization server (RFC 5176)
+       * added initial support for WNM operations
+         - BSS max idle period
+         - WNM-Sleep Mode
+       * added new WPS NFC ctrl_iface mechanism
+         - removed obsoleted WPS_OOB command (including support for deprecated
+           UFD config_method)
+       * added FT support for drivers that implement MLME internally
+       * added SA Query support for drivers that implement MLME internally
+       * removed default ACM=1 from AC_VO and AC_VI
+       * changed VENDOR-TEST EAP method to use proper private enterprise number
+         (this will not interoperate with older versions)
+       * added hostapd.conf parameter vendor_elements to allow arbitrary vendor
+         specific elements to be added to the Beacon and Probe Response frames
+       * added support for configuring GCMP cipher for IEEE 802.11ad
+       * added support for 256-bit AES with internal TLS implementation
+       * changed EAPOL transmission to use AC_VO if WMM is active
+       * fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
+         correctly; invalid messages could have caused the hostapd process to
+         terminate before this fix [CVE-2012-4445]
+       * limit number of active wildcard PINs for WPS Registrar to one to avoid
+         confusing behavior with multiple wildcard PINs
+       * added a workaround for WPS PBC session overlap detection to avoid
+         interop issues with deployed station implementations that do not
+         remove active PBC indication from Probe Request frames properly
+       * added support for using SQLite for the eap_user database
+       * added Acct-Session-Id attribute into Access-Request messages
+       * fixed EAPOL frame transmission to non-QoS STAs with nl80211
+         (do not send QoS frames if the STA did not negotiate use of QoS for
+         this association)
+
+2012-05-10 - v1.0
+       * Add channel selection support in hostapd. See hostapd.conf.
+       * Add support for IEEE 802.11v Time Advertisement mechanism with UTC
+         TSF offset. See hostapd.conf for config info.
+       * Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
+         This allows the driver to use PS buffering of Deauthentication and
+         Disassociation frames when the STA is in power save sleep. Only
+         available with drivers that provide TX status events for Deauth/
+         Disassoc frames (nl80211).
+       * Allow PMKSA caching to be disabled on the Authenticator. See
+         hostap.conf config parameter disable_pmksa_caching.
+       * atheros: Add support for IEEE 802.11w configuration.
+       * bsd: Add support for setting HT values in IFM_MMASK.
+       * Allow client isolation to be configured with ap_isolate. Client
+         isolation can be used to prevent low-level bridging of frames
+         between associated stations in the BSS. By default, this bridging
+         is allowed.
+       * Allow coexistance of HT BSSes with WEP/TKIP BSSes.
+       * Add require_ht config parameter, which can be used to configure
+         hostapd to reject association with any station that does not support
+         HT PHY.
+       * Add support for writing debug log to a file using "-f" option. Also
+         add relog CLI command to re-open the log file.
+       * Add bridge handling for WDS STA interfaces. By default they are
+         added to the configured bridge of the AP interface (if present),
+         but the user can also specify a separate bridge using cli command
+         wds_bridge.
+       * hostapd_cli:
+         - Add wds_bridge command for specifying bridge for WDS STA
+           interfaces.
+         - Add relog command for reopening log file.
+         - Send AP-STA-DISCONNECTED event when an AP disconnects a station
+           due to inactivity.
+         - Add wps_config ctrl_interface command for configuring AP. This
+           command can be used to configure the AP using the internal WPS
+           registrar. It works in the same way as new AP settings received
+           from an ER.
+         - Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
+         - Add command get version, that returns hostapd version string.
+       * WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
+         Use hostapd_cli ess_disassoc (STA addr) (URL) to send the
+         notification to the STA.
+       * Allow AP mode to disconnect STAs based on low ACK condition (when
+         the data connection is not working properly, e.g., due to the STA
+         going outside the range of the AP). Disabled by default, enable by
+         config option disassoc_low_ack.
+       * Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad
+         config file.
+       * WPS:
+         - Send AP Settings as a wrapped Credential attribute to ctrl_iface
+           in WPS-NEW-AP-SETTINGS.
+         - Dispatch more WPS events through hostapd ctrl_iface.
+         - Add mechanism for indicating non-standard WPS errors.
+         - Change concurrent radio AP to use only one WPS UPnP instance.
+         - Add wps_check_pin command for processing PIN from user input.
+           UIs can use this command to process a PIN entered by a user and to
+           validate the checksum digit (if present).
+         - Add hostap_cli get_config command to display current AP config.
+         - Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
+           runtime and support dynamic AP PIN management.
+         - Disable AP PIN after 10 consecutive failures. Slow down attacks
+           on failures up to 10.
+         - Allow AP to start in Enrollee mode without AP PIN for probing,
+           to be compatible with Windows 7.
+         - Add Config Error into WPS-FAIL events to provide more info
+           to the user on how to resolve the issue.
+         - When controlling multiple interfaces:
+            - apply WPS commands to all interfaces configured to use WPS
+            - apply WPS config changes to all interfaces that use WPS
+            - when an attack is detected on any interface, disable AP PIN on
+              all interfaces
+       * WPS ER:
+         - Show SetSelectedRegistrar events as ctrl_iface events.
+         - Add special AP Setup Locked mode to allow read only ER.
+           ap_setup_locked=2 can now be used to enable a special mode where
+           WPS ER can learn the current AP settings, but cannot change them.
+       * WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
+         - Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
+           for testing protocol extensibility.
+         - Add build option CONFIG_WPS_STRICT to allow disabling of WPS
+           workarounds.
+         - Add support for AuthorizedMACs attribute.
+       * TDLS:
+         - Allow TDLS use or TDLS channel switching in the BSS to be
+           prohibited in the BSS, using config params tdls_prohibit and
+           tdls_prohibit_chan_switch.
+       * EAP server: Add support for configuring fragment size (see
+         fragment_size in hostapd.conf).
+       * wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
+         wlantest can be used to capture frames from a monitor interface
+         for realtime capturing or from pcap files for offline analysis.
+       * Interworking: Support added for 802.11u. Enable in .config with
+         CONFIG_INTERWORKING. See hostapd.conf for config parameters for
+         interworking.
+       * Android: Add build and runtime support for Android hostapd.
+       * Add a new debug message level for excessive information. Use
+         -ddd to enable.
+       * TLS: Add support for tls_disable_time_checks=1 in client mode.
+       * Internal TLS:
+         - Add support for TLS v1.1 (RFC 4346). Enable with build parameter
+           CONFIG_TLSV11.
+         - Add domainComponent parser for X.509 names
+       * Reorder some IEs to get closer to IEEE 802.11 standard. Move
+         WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames.
+         Move HT IEs to be later in (Re)Assoc Resp.
+       * Many bugfixes.
+
+2010-04-18 - v0.7.2
+       * fix WPS internal Registrar use when an external Registrar is also
+         active
+       * bsd: Cleaned up driver wrapper and added various low-level
+         configuration options
+       * TNC: fixed issues with fragmentation
+       * EAP-TNC: add Flags field into fragment acknowledgement (needed to
+         interoperate with other implementations; may potentially breaks
+         compatibility with older wpa_supplicant/hostapd versions)
+       * cleaned up driver wrapper API for multi-BSS operations
+       * nl80211: fix multi-BSS and VLAN operations
+       * fix number of issues with IEEE 802.11r/FT; this version is not
+         backwards compatible with old versions
+       * add SA Query Request processing in AP mode (IEEE 802.11w)
+       * fix IGTK PN in group rekeying (IEEE 802.11w)
+       * fix WPS PBC session overlap detection to use correct attribute
+       * hostapd_notif_Assoc() can now be called with all IEs to simplify
+         driver wrappers
+       * work around interoperability issue with some WPS External Registrar
+         implementations
+       * nl80211: fix WPS IE update
+       * hostapd_cli: add support for action script operations (run a script
+         on hostapd events)
+       * fix DH padding with internal crypto code (mainly, for WPS)
+       * fix WPS association with both WPS IE and WPA/RSN IE present with
+         driver wrappers that use hostapd MLME (e.g., nl80211)
+
+2010-01-16 - v0.7.1
+       * cleaned up driver wrapper API (struct wpa_driver_ops); the new API
+         is not fully backwards compatible, so out-of-tree driver wrappers
+         will need modifications
+       * cleaned up various module interfaces
+       * merge hostapd and wpa_supplicant developers' documentation into a
+         single document
+       * fixed HT Capabilities IE with nl80211 drivers
+       * moved generic AP functionality code into src/ap
+       * WPS: handle Selected Registrar as union of info from all Registrars
+       * remove obsolte Prism54.org driver wrapper
+       * added internal debugging mechanism with backtrace support and memory
+         allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y)
+       * EAP-FAST server: piggyback Phase 2 start with the end of Phase 1
+       * WPS: add support for dynamically selecting whether to provision the
+         PSK as an ASCII passphrase or PSK
+       * added support for WDS (4-address frame) mode with per-station virtual
+         interfaces (wds_sta=1 in config file; only supported with
+         driver=nl80211 for now)
+       * fixed WPS Probe Request processing to handle missing required
+         attribute
+       * fixed PKCS#12 use with OpenSSL 1.0.0
+       * detect bridge interface automatically so that bridge parameter in
+         hostapd.conf becomes optional (though, it may now be used to
+         automatically add then WLAN interface into a bridge with
+         driver=nl80211)
+
+2009-11-21 - v0.7.0
+       * increased hostapd_cli ping interval to 5 seconds and made this
+         configurable with a new command line options (-G<seconds>)
+       * driver_nl80211: use Linux socket filter to improve performance
+       * added support for external Registrars with WPS (UPnP transport)
+       * 802.11n: scan for overlapping BSSes before starting 20/40 MHz channel
+       * driver_nl80211: fixed STA accounting data collection (TX/RX bytes
+         reported correctly; TX/RX packets not yet available from kernel)
+       * added support for WPS USBA out-of-band mechanism with USB Flash
+         Drives (UFD) (CONFIG_WPS_UFD=y)
+       * fixed EAPOL/EAP reauthentication when using an external RADIUS
+         authentication server
+       * fixed TNC with EAP-TTLS
+       * fixed IEEE 802.11r key derivation function to match with the standard
+         (note: this breaks interoperability with previous version) [Bug 303]
+       * fixed SHA-256 based key derivation function to match with the
+         standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
+         (note: this breaks interoperability with previous version) [Bug 307]
+       * added number of code size optimizations to remove unnecessary
+         functionality from the program binary based on build configuration
+         (part of this automatic; part configurable with CONFIG_NO_* build
+         options)
+       * use shared driver wrapper files with wpa_supplicant
+       * driver_nl80211: multiple updates to provide support for new Linux
+         nl80211/mac80211 functionality
+       * updated management frame protection to use IEEE Std 802.11w-2009
+       * fixed number of small WPS issues and added workarounds to
+         interoperate with common deployed broken implementations
+       * added some IEEE 802.11n co-existence rules to disable 40 MHz channels
+         or modify primary/secondary channels if needed based on neighboring
+         networks
+       * added support for NFC out-of-band mechanism with WPS
+       * added preliminary support for IEEE 802.11r RIC processing
+
+2009-01-06 - v0.6.7
+       * added support for Wi-Fi Protected Setup (WPS)
+         (hostapd can now be configured to act as an integrated WPS Registrar
+         and provision credentials for WPS Enrollees using PIN and PBC
+         methods; external wireless Registrar can configure the AP, but
+         external WLAN Manager Registrars are not supported); WPS support can
+         be enabled by adding CONFIG_WPS=y into .config and setting the
+         runtime configuration variables in hostapd.conf (see WPS section in
+         the example configuration file); new hostapd_cli commands wps_pin and
+         wps_pbc are used to configure WPS negotiation; see README-WPS for
+         more details
+       * added IEEE 802.11n HT capability configuration (ht_capab)
+       * added support for generating Country IE based on nl80211 regulatory
+         information (added if ieee80211d=1 in configuration)
+       * fixed WEP authentication (both Open System and Shared Key) with
+         mac80211
+       * added support for EAP-AKA' (draft-arkko-eap-aka-kdf)
+       * added support for using driver_test over UDP socket
+       * changed EAP-GPSK to use the IANA assigned EAP method type 51
+       * updated management frame protection to use IEEE 802.11w/D7.0
+       * fixed retransmission of EAP requests if no response is received
+
+2008-11-23 - v0.6.6
+       * added a new configuration option, wpa_ptk_rekey, that can be used to
+         enforce frequent PTK rekeying, e.g., to mitigate some attacks against
+         TKIP deficiencies
+       * updated OpenSSL code for EAP-FAST to use an updated version of the
+         session ticket overriding API that was included into the upstream
+         OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is
+         needed with that version anymore)
+       * changed channel flags configuration to read the information from
+         the driver (e.g., via driver_nl80211 when using mac80211) instead of
+         using hostapd as the source of the regulatory information (i.e.,
+         information from CRDA is now used with mac80211); this allows 5 GHz
+         channels to be used with hostapd (if allowed in the current
+         regulatory domain)
+       * fixed EAP-TLS message processing for the last TLS message if it is
+         large enough to require fragmentation (e.g., if a large Session
+         Ticket data is included)
+       * fixed listen interval configuration for nl80211 drivers
+
+2008-11-01 - v0.6.5
+       * added support for SHA-256 as X.509 certificate digest when using the
+         internal X.509/TLSv1 implementation
+       * fixed EAP-FAST PAC-Opaque padding (0.6.4 broke this for some peer
+         identity lengths)
+       * fixed internal TLSv1 implementation for abbreviated handshake (used
+         by EAP-FAST server)
+       * added support for setting VLAN ID for STAs based on local MAC ACL
+         (accept_mac_file) as an alternative for RADIUS server-based
+         configuration
+       * updated management frame protection to use IEEE 802.11w/D6.0
+         (adds a new association ping to protect against unauthenticated
+         authenticate or (re)associate request frames dropping association)
+       * added support for using SHA256-based stronger key derivation for WPA2
+         (IEEE 802.11w)
+       * added new "driver wrapper" for RADIUS-only configuration
+         (driver=none in hostapd.conf; CONFIG_DRIVER_NONE=y in .config)
+       * fixed WPA/RSN IE validation to verify that the proto (WPA vs. WPA2)
+         is enabled in configuration
+       * changed EAP-FAST configuration to use separate fields for A-ID and
+         A-ID-Info (eap_fast_a_id_info) to allow A-ID to be set to a fixed
+         16-octet len binary value for better interoperability with some peer
+         implementations; eap_fast_a_id is now configured as a hex string
+       * driver_nl80211: Updated to match the current Linux mac80211 AP mode
+         configuration (wireless-testing.git and Linux kernel releases
+         starting from 2.6.29)
+
+2008-08-10 - v0.6.4
+       * added peer identity into EAP-FAST PAC-Opaque and skip Phase 2
+         Identity Request if identity is already known
+       * added support for EAP Sequences in EAP-FAST Phase 2
+       * added support for EAP-TNC (Trusted Network Connect)
+         (this version implements the EAP-TNC method and EAP-TTLS/EAP-FAST
+         changes needed to run two methods in sequence (IF-T) and the IF-IMV
+         and IF-TNCCS interfaces from TNCS)
+       * added support for optional cryptobinding with PEAPv0
+       * added fragmentation support for EAP-TNC
+       * added support for fragmenting EAP-TTLS/PEAP/FAST Phase 2 (tunneled)
+         data
+       * added support for opportunistic key caching (OKC)
+
+2008-02-22 - v0.6.3
+       * fixed Reassociation Response callback processing when using internal
+         MLME (driver_{hostap,nl80211,test}.c)
+       * updated FT support to use the latest draft, IEEE 802.11r/D9.0
+       * copy optional Proxy-State attributes into RADIUS response when acting
+         as a RADIUS authentication server
+       * fixed EAPOL state machine to handle a case in which no response is
+         received from the RADIUS authentication server; previous version
+         could have triggered a crash in some cases after a timeout
+       * fixed EAP-SIM/AKA realm processing to allow decorated usernames to
+         be used
+       * added a workaround for EAP-SIM/AKA peers that include incorrect null
+         termination in the username
+       * fixed EAP-SIM/AKA protected result indication to include AT_COUNTER
+         attribute in notification messages only when using fast
+         reauthentication
+       * fixed EAP-SIM Start response processing for fast reauthentication
+         case
+       * added support for pending EAP processing in EAP-{PEAP,TTLS,FAST}
+         phase 2 to allow EAP-SIM and EAP-AKA to be used as the Phase 2 method
+
+2008-01-01 - v0.6.2
+       * fixed EAP-SIM and EAP-AKA message parser to validate attribute
+         lengths properly to avoid potential crash caused by invalid messages
+       * added data structure for storing allocated buffers (struct wpabuf);
+         this does not affect hostapd usage, but many of the APIs changed
+         and various interfaces (e.g., EAP) is not compatible with old
+         versions
+       * added support for protecting EAP-AKA/Identity messages with
+         AT_CHECKCODE (optional feature in RFC 4187)
+       * added support for protected result indication with AT_RESULT_IND for
+         EAP-SIM and EAP-AKA (eap_sim_aka_result_ind=1)
+       * added support for configuring EAP-TTLS phase 2 non-EAP methods in
+         EAP server configuration; previously all four were enabled for every
+         phase 2 user, now all four are disabled by default and need to be
+         enabled with new method names TTLS-PAP, TTLS-CHAP, TTLS-MSCHAP,
+         TTLS-MSCHAPV2
+       * removed old debug printing mechanism and the related 'debug'
+         parameter in the configuration file; debug verbosity is now set with
+         -d (or -dd) command line arguments
+       * added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt);
+         only shared key/password authentication is supported in this version
+
+2007-11-24 - v0.6.1
+       * added experimental, integrated TLSv1 server implementation with the
+         needed X.509/ASN.1/RSA/bignum processing (this can be enabled by
+         setting CONFIG_TLS=internal and CONFIG_INTERNAL_LIBTOMMATH=y in
+         .config); this can be useful, e.g., if the target system does not
+         have a suitable TLS library and a minimal code size is required
+       * added support for EAP-FAST server method to the integrated EAP
+         server
+       * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+         draft (draft-ietf-emu-eap-gpsk-07.txt)
+       * added a new configuration parameter, rsn_pairwise, to allow different
+         pairwise cipher suites to be enabled for WPA and RSN/WPA2
+         (note: if wpa_pairwise differs from rsn_pairwise, the driver will
+         either need to support this or will have to use the WPA/RSN IEs from
+         hostapd; currently, the included madwifi and bsd driver interfaces do
+         not have support for this)
+       * updated FT support to use the latest draft, IEEE 802.11r/D8.0
+
+2007-05-28 - v0.6.0
+       * added experimental IEEE 802.11r/D6.0 support
+       * updated EAP-SAKE to RFC 4763 and the IANA-allocated EAP type 48
+       * updated EAP-PSK to use the IANA-allocated EAP type 47
+       * fixed EAP-PSK bit ordering of the Flags field
+       * fixed configuration reloading (SIGHUP) to re-initialize WPA PSKs
+         by reading wpa_psk_file [Bug 181]
+       * fixed EAP-TTLS AVP parser processing for too short AVP lengths
+       * fixed IPv6 connection to RADIUS accounting server
+       * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+         draft (draft-ietf-emu-eap-gpsk-04.txt)
+       * hlr_auc_gw: read GSM triplet file into memory and rotate through the
+         entries instead of only using the same three triplets every time
+         (this does not work properly with tests using multiple clients, but
+         provides bit better triplet data for testing a single client; anyway,
+         if a better quality triplets are needed, GSM-Milenage should be used
+         instead of hardcoded triplet file)
+       * fixed EAP-MSCHAPv2 server to use a space between S and M parameters
+         in Success Request [Bug 203]
+       * added support for sending EAP-AKA Notifications in error cases
+       * updated to use IEEE 802.11w/D2.0 for management frame protection
+         (still experimental)
+       * RADIUS server: added support for processing duplicate messages
+         (retransmissions from RADIUS client) by replying with the previous
+         reply
+
+2006-11-24 - v0.5.6
+       * added support for configuring and controlling multiple BSSes per
+         radio interface (bss=<ifname> in hostapd.conf); this is only
+         available with Devicescape and test driver interfaces
+       * fixed PMKSA cache update in the end of successful RSN
+         pre-authentication
+       * added support for dynamic VLAN configuration (i.e., selecting VLAN-ID
+         for each STA based on RADIUS Access-Accept attributes); this requires
+         VLAN support from the kernel driver/802.11 stack and this is
+         currently only available with Devicescape and test driver interfaces
+       * driver_madwifi: fixed configuration of unencrypted modes (plaintext
+         and IEEE 802.1X without WEP)
+       * removed STAKey handshake since PeerKey handshake has replaced it in
+         IEEE 802.11ma and there are no known deployments of STAKey
+       * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+         draft (draft-ietf-emu-eap-gpsk-01.txt)
+       * added preliminary implementation of IEEE 802.11w/D1.0 (management
+         frame protection)
+         (Note: this requires driver support to work properly.)
+         (Note2: IEEE 802.11w is an unapproved draft and subject to change.)
+       * hlr_auc_gw: added support for GSM-Milenage (for EAP-SIM)
+       * hlr_auc_gw: added support for reading per-IMSI Milenage keys and
+         parameters from a text file to make it possible to implement proper
+         GSM/UMTS authentication server for multiple SIM/USIM cards using
+         EAP-SIM/EAP-AKA
+       * fixed session timeout processing with drivers that do not use
+         ieee802_11.c (e.g., madwifi)
+
+2006-08-27 - v0.5.5
+       * added 'hostapd_cli new_sta <addr>' command for adding a new STA into
+         hostapd (e.g., to initialize wired network authentication based on an
+         external signal)
+       * fixed hostapd to add PMKID KDE into 4-Way Handshake Message 1 when
+         using WPA2 even if PMKSA caching is not used
+       * added -P<pid file> argument for hostapd to write the current process
+         id into a file
+       * added support for RADIUS Authentication Server MIB (RFC 2619)
+
+2006-06-20 - v0.5.4
+       * fixed nt_password_hash build [Bug 144]
+       * added PeerKey handshake implementation for IEEE 802.11e
+         direct link setup (DLS) to replace STAKey handshake
+       * added support for EAP Generalized Pre-Shared Key (EAP-GPSK,
+         draft-clancy-emu-eap-shared-secret-00.txt)
+       * fixed a segmentation fault when RSN pre-authentication was completed
+         successfully [Bug 152]
+
+2006-04-27 - v0.5.3
+       * do not build nt_password_hash and hlr_auc_gw by default to avoid
+         requiring a TLS library for a successful build; these programs can be
+         build with 'make nt_password_hash' and 'make hlr_auc_gw'
+       * added a new configuration option, eapol_version, that can be used to
+         set EAPOL version to 1 (default is 2) to work around broken client
+         implementations that drop EAPOL frames which use version number 2
+         [Bug 89]
+       * added support for EAP-SAKE (no EAP method number allocated yet, so
+         this is using the same experimental type 255 as EAP-PSK)
+       * fixed EAP-MSCHAPv2 message length validation
+
+2006-03-19 - v0.5.2
+       * fixed stdarg use in hostapd_logger(): if both stdout and syslog
+         logging was enabled, hostapd could trigger a segmentation fault in
+         vsyslog on some CPU -- C library combinations
+       * moved HLR/AuC gateway implementation for EAP-SIM/AKA into an external
+         program to make it easier to use for implementing real SS7 gateway;
+         eap_sim_db is not anymore used as a file name for GSM authentication
+         triplets; instead, it is path to UNIX domain socket that will be used
+         to communicate with the external gateway program (e.g., hlr_auc_gw)
+       * added example HLR/AuC gateway implementation, hlr_auc_gw, that uses
+         local information (GSM authentication triplets from a text file and
+         hardcoded AKA authentication data); this can be used to test EAP-SIM
+         and EAP-AKA
+       * added Milenage algorithm (example 3GPP AKA algorithm) to hlr_auc_gw
+         to make it possible to test EAP-AKA with real USIM cards (this is
+         disabled by default; define AKA_USE_MILENAGE when building hlr_auc_gw
+         to enable this)
+       * driver_madwifi: added support for getting station RSN IE from
+         madwifi-ng svn r1453 and newer; this fixes RSN that was apparently
+         broken with earlier change (r1357) in the driver
+       * changed EAP method registration to use a dynamic list of methods
+         instead of a static list generated at build time
+       * fixed WPA message 3/4 not to encrypt Key Data field (WPA IE)
+         [Bug 125]
+       * added ap_max_inactivity configuration parameter
+
+2006-01-29 - v0.5.1
+       * driver_test: added better support for multiple APs and STAs by using
+         a directory with sockets that include MAC address for each device in
+         the name (test_socket=DIR:/tmp/test)
+       * added support for EAP expanded type (vendor specific EAP methods)
+
+2005-12-18 - v0.5.0 (beginning of 0.5.x development releases)
+       * added experimental STAKey handshake implementation for IEEE 802.11e
+         direct link setup (DLS); note: this is disabled by default in both
+         build and runtime configuration (can be enabled with CONFIG_STAKEY=y
+         and stakey=1)
+       * added support for EAP methods to use callbacks to external programs
+         by buffering a pending request and processing it after the EAP method
+         is ready to continue
+       * improved EAP-SIM database interface to allow external request to GSM
+         HLR/AuC without blocking hostapd process
+       * added support for using EAP-SIM pseudonyms and fast re-authentication
+       * added support for EAP-AKA in the integrated EAP authenticator
+       * added support for matching EAP identity prefixes (e.g., "1"*) in EAP
+         user database to allow EAP-SIM/AKA selection without extra roundtrip
+         for EAP-Nak negotiation
+       * added support for storing EAP user password as NtPasswordHash instead
+         of plaintext password when using MSCHAP or MSCHAPv2 for
+         authentication (hash:<16-octet hex value>); added nt_password_hash
+         tool for hashing password to generate NtPasswordHash
+
+2005-11-20 - v0.4.7 (beginning of 0.4.x stable releases)
+       * driver_wired: fixed EAPOL sending to optionally use PAE group address
+         as the destination instead of supplicant MAC address; this is
+         disabled by default, but should be enabled with use_pae_group_addr=1
+         in configuration file if the wired interface is used by only one
+         device at the time (common switch configuration)
+       * driver_madwifi: configure driver to use TKIP countermeasures in order
+         to get correct behavior (IEEE 802.11 association failing; previously,
+         association succeeded, but hostpad forced disassociation immediately)
+       * driver_madwifi: added support for madwifi-ng
+
+2005-10-27 - v0.4.6
+       * added support for replacing user identity from EAP with RADIUS
+         User-Name attribute from Access-Accept message, if that is included,
+         for the RADIUS accounting messages (e.g., for EAP-PEAP/TTLS to get
+         tunneled identity into accounting messages when the RADIUS server
+         does not support better way of doing this with Class attribute)
+       * driver_madwifi: fixed EAPOL packet receive for configuration where
+         ath# is part of a bridge interface
+       * added a configuration file and log analyzer script for logwatch
+       * fixed EAPOL state machine step function to process all state
+         transitions before processing new events; this resolves a race
+         condition in which EAPOL-Start message could trigger hostapd to send
+         two EAP-Response/Identity frames to the authentication server
+
+2005-09-25 - v0.4.5
+       * added client CA list to the TLS certificate request in order to make
+         it easier for the client to select which certificate to use
+       * added experimental support for EAP-PSK
+       * added support for WE-19 (hostap, madwifi)
+
+2005-08-21 - v0.4.4
+       * fixed build without CONFIG_RSN_PREAUTH
+       * fixed FreeBSD build
+
+2005-06-26 - v0.4.3
+       * fixed PMKSA caching to copy User-Name and Class attributes so that
+         RADIUS accounting gets correct information
+       * start RADIUS accounting only after successful completion of WPA
+         4-Way Handshake if WPA-PSK is used
+       * fixed PMKSA caching for the case where STA (re)associates without
+         first disassociating
+
+2005-06-12 - v0.4.2
+       * EAP-PAX is now registered as EAP type 46
+       * fixed EAP-PAX MAC calculation
+       * fixed EAP-PAX CK and ICK key derivation
+       * renamed eap_authenticator configuration variable to eap_server to
+         better match with RFC 3748 (EAP) terminology
+       * driver_test: added support for testing hostapd with wpa_supplicant
+         by using test driver interface without any kernel drivers or network
+         cards
+
+2005-05-22 - v0.4.1
+       * fixed RADIUS server initialization when only auth or acct server
+         is configured and the other one is left empty
+       * driver_madwifi: added support for RADIUS accounting
+       * driver_madwifi: added preliminary support for compiling against 'BSD'
+         branch of madwifi CVS tree
+       * driver_madwifi: fixed pairwise key removal to allow WPA reauth
+         without disassociation
+       * added support for reading additional certificates from PKCS#12 files
+         and adding them to the certificate chain
+       * fixed RADIUS Class attribute processing to only use Access-Accept
+         packets to update Class; previously, other RADIUS authentication
+         packets could have cleared Class attribute
+       * added support for more than one Class attribute in RADIUS packets
+       * added support for verifying certificate revocation list (CRL) when
+         using integrated EAP authenticator for EAP-TLS; new hostapd.conf
+         options 'check_crl'; CRL must be included in the ca_cert file for now
+
+2005-04-25 - v0.4.0 (beginning of 0.4.x development releases)
+       * added support for including network information into
+         EAP-Request/Identity message (ASCII-0 (nul) in eap_message)
+         (e.g., to implement draft-adrange-eap-network-discovery-07.txt)
+       * fixed a bug which caused some RSN pre-authentication cases to use
+         freed memory and potentially crash hostapd
+       * fixed private key loading for cases where passphrase is not set
+       * added support for sending TLS alerts and aborting authentication
+         when receiving a TLS alert
+       * fixed WPA2 to add PMKSA cache entry when using integrated EAP
+         authenticator
+       * fixed PMKSA caching (EAP authentication was not skipped correctly
+         with the new state machine changes from IEEE 802.1X draft)
+       * added support for RADIUS over IPv6; own_ip_addr, auth_server_addr,
+         and acct_server_addr can now be IPv6 addresses (CONFIG_IPV6=y needs
+         to be added to .config to include IPv6 support); for RADIUS server,
+         radius_server_ipv6=1 needs to be set in hostapd.conf and addresses
+         in RADIUS clients file can then use IPv6 format
+       * added experimental support for EAP-PAX
+       * replaced hostapd control interface library (hostapd_ctrl.[ch]) with
+         the same implementation that wpa_supplicant is using (wpa_ctrl.[ch])
+
+2005-02-12 - v0.3.7 (beginning of 0.3.x stable releases)
+
+2005-01-23 - v0.3.5
+       * added support for configuring a forced PEAP version based on the
+         Phase 1 identity
+       * fixed PEAPv1 to use tunneled EAP-Success/Failure instead of EAP-TLV
+         to terminate authentication
+       * fixed EAP identifier duplicate processing with the new IEEE 802.1X
+         draft
+       * clear accounting data in the driver when starting a new accounting
+         session
+       * driver_madwifi: filter wireless events based on ifindex to allow more
+         than one network interface to be used
+       * fixed WPA message 2/4 processing not to cancel timeout for TimeoutEvt
+         setting if the packet does not pass MIC verification (e.g., due to
+         incorrect PSK); previously, message 1/4 was not tried again if an
+         invalid message 2/4 was received
+       * fixed reconfiguration of RADIUS client retransmission timer when
+         adding a new message to the pending list; previously, timer was not
+         updated at this point and if there was a pending message with long
+         time for the next retry, the new message needed to wait that long for
+         its first retry, too
+
+2005-01-09 - v0.3.4
+       * added support for configuring multiple allowed EAP types for Phase 2
+         authentication (EAP-PEAP, EAP-TTLS)
+       * fixed EAPOL-Start processing to trigger WPA reauthentication
+         (previously, only EAPOL authentication was done)
+
+2005-01-02 - v0.3.3
+       * added support for EAP-PEAP in the integrated EAP authenticator
+       * added support for EAP-GTC in the integrated EAP authenticator
+       * added support for configuring list of EAP methods for Phase 1 so that
+         the integrated EAP authenticator can, e.g., use the wildcard entry
+         for EAP-TLS and EAP-PEAP
+       * added support for EAP-TTLS in the integrated EAP authenticator
+       * added support for EAP-SIM in the integrated EAP authenticator
+       * added support for using hostapd as a RADIUS authentication server
+         with the integrated EAP authenticator taking care of EAP
+         authentication (new hostapd.conf options: radius_server_clients and
+         radius_server_auth_port); this is not included in default build; use
+         CONFIG_RADIUS_SERVER=y in .config to include
+
+2004-12-19 - v0.3.2
+       * removed 'daemonize' configuration file option since it has not really
+         been used at all for more than year
+       * driver_madwifi: fixed group key setup and added get_ssid method
+       * added support for EAP-MSCHAPv2 in the integrated EAP authenticator
+
+2004-12-12 - v0.3.1
+       * added support for integrated EAP-TLS authentication (new hostapd.conf
+         variables: ca_cert, server_cert, private_key, private_key_passwd);
+         this enabled dynamic keying (WPA2/WPA/IEEE 802.1X/WEP) without
+         external RADIUS server
+       * added support for reading PKCS#12 (PFX) files (as a replacement for
+         PEM/DER) to get certificate and private key (CONFIG_PKCS12)
+
+2004-12-05 - v0.3.0 (beginning of 0.3.x development releases)
+       * added support for Acct-{Input,Output}-Gigawords
+       * added support for Event-Timestamp (in RADIUS Accounting-Requests)
+       * added support for RADIUS Authentication Client MIB (RFC2618)
+       * added support for RADIUS Accounting Client MIB (RFC2620)
+       * made EAP re-authentication period configurable (eap_reauth_period)
+       * fixed EAPOL reauthentication to trigger WPA/WPA2 reauthentication
+       * fixed EAPOL state machine to stop if STA is removed during
+         eapol_sm_step(); this fixes at least one segfault triggering bug with
+         IEEE 802.11i pre-authentication
+       * added support for multiple WPA pre-shared keys (e.g., one for each
+         client MAC address or keys shared by a group of clients);
+         new hostapd.conf field wpa_psk_file for setting path to a text file
+         containing PSKs, see hostapd.wpa_psk for an example
+       * added support for multiple driver interfaces to allow hostapd to be
+         used with other drivers
+       * added wired authenticator driver interface (driver=wired in
+         hostapd.conf, see wired.conf for example configuration)
+       * added madwifi driver interface (driver=madwifi in hostapd.conf, see
+         madwifi.conf for example configuration; Note: include files from
+         madwifi project is needed for building and a configuration file,
+         .config, needs to be created in hostapd directory with
+         CONFIG_DRIVER_MADWIFI=y to include this driver interface in hostapd
+         build)
+       * fixed an alignment issue that could cause SHA-1 to fail on some
+         platforms (e.g., Intel ixp425 with a compiler that does not 32-bit
+         align variables)
+       * fixed RADIUS reconnection after an error in sending interim
+         accounting packets
+       * added hostapd control interface for external programs and an example
+         CLI, hostapd_cli (like wpa_cli for wpa_supplicant)
+       * started adding dot11, dot1x, radius MIBs ('hostapd_cli mib',
+         'hostapd_cli sta <addr>')
+       * finished update from IEEE 802.1X-2001 to IEEE 802.1X-REV (now d11)
+       * added support for strict GTK rekeying (wpa_strict_rekey in
+         hostapd.conf)
+       * updated IAPP to use UDP port 3517 and multicast address 224.0.1.178
+         (instead of broadcast) for IAPP ADD-notify (moved from draft 3 to
+         IEEE 802.11F-2003)
+       * added Prism54 driver interface (driver=prism54 in hostapd.conf;
+         note: .config needs to be created in hostapd directory with
+         CONFIG_DRIVER_PRISM54=y to include this driver interface in hostapd
+         build)
+       * dual-licensed hostapd (GPLv2 and BSD licenses)
+       * fixed RADIUS accounting to generate a new session id for cases where
+         a station reassociates without first being complete deauthenticated
+       * fixed STA disassociation handler to mark next timeout state to
+         deauthenticate the station, i.e., skip long wait for inactivity poll
+         and extra disassociation, if the STA disassociates without
+         deauthenticating
+       * added integrated EAP authenticator that can be used instead of
+         external RADIUS authentication server; currently, only EAP-MD5 is
+         supported, so this cannot yet be used for key distribution; the EAP
+         method interface is generic, though, so adding new EAP methods should
+         be straightforward; new hostapd.conf variables: 'eap_authenticator'
+         and 'eap_user_file'; this obsoletes "minimal authentication server"
+         ('minimal_eap' in hostapd.conf) which is now removed
+       * added support for FreeBSD and driver interface for the BSD net80211
+         layer (driver=bsd in hostapd.conf and CONFIG_DRIVER_BSD=y in
+         .config); please note that some of the required kernel mods have not
+         yet been committed
+
+2004-07-17 - v0.2.4 (beginning of 0.2.x stable releases)
+       * fixed some accounting cases where Accounting-Start was sent when
+         IEEE 802.1X port was being deauthorized
+
+2004-06-20 - v0.2.3
+       * modified RADIUS client to re-connect the socket in case of certain
+         error codes that are generated when a network interface state is
+         changes (e.g., when IP address changes or the interface is set UP)
+       * fixed couple of cases where EAPOL state for a station was freed
+         twice causing a segfault for hostapd
+       * fixed couple of bugs in processing WPA deauthentication (freed data
+         was used)
+
+2004-05-31 - v0.2.2
+       * fixed WPA/WPA2 group rekeying to use key index correctly (GN/GM)
+       * fixed group rekeying to send zero TSC in EAPOL-Key messages to fix
+         cases where STAs dropped multicast frames as replay attacks
+       * added support for copying RADIUS Attribute 'Class' from
+         authentication messages into accounting messages
+       * send canned EAP failure if RADIUS server sends Access-Reject without
+         EAP message (previously, Supplicant was not notified in this case)
+       * fixed mixed WPA-PSK and WPA-EAP mode to work with WPA-PSK (i.e., do
+         not start EAPOL state machines if the STA selected to use WPA-PSK)
+
+2004-05-06 - v0.2.1
+       * added WPA and IEEE 802.11i/RSN (WPA2) Authenticator functionality
+         - based on IEEE 802.11i/D10.0 but modified to interoperate with WPA
+           (i.e., IEEE 802.11i/D3.0)
+         - supports WPA-only, RSN-only, and mixed WPA/RSN mode
+         - both WPA-PSK and WPA-RADIUS/EAP are supported
+         - PMKSA caching and pre-authentication
+         - new hostapd.conf variables: wpa, wpa_psk, wpa_passphrase,
+           wpa_key_mgmt, wpa_pairwise, wpa_group_rekey, wpa_gmk_rekey,
+           rsn_preauth, rsn_preauth_interfaces
+       * fixed interim accounting to remove any pending accounting messages
+         to the STA before sending a new one
+
+2004-02-15 - v0.2.0
+       * added support for Acct-Interim-Interval:
+         - draft-ietf-radius-acct-interim-01.txt
+         - use Acct-Interim-Interval attribute from Access-Accept if local
+           'radius_acct_interim_interval' is not set
+         - allow different update intervals for each STA
+       * fixed event loop to call signal handlers only after returning from
+         the real signal handler
+       * reset sta->timeout_next after successful association to make sure
+         that the previously registered inactivity timer will not remove the
+         STA immediately (e.g., if STA deauthenticates and re-associates
+         before the timer is triggered).
+       * added new hostapd.conf variable, nas_identifier, that can be used to
+         add an optional RADIUS Attribute, NAS-Identifier, into authentication
+         and accounting messages
+       * added support for Accounting-On and Accounting-Off messages
+       * fixed accounting session handling to send Accounting-Start only once
+         per session and not to send Accounting-Stop if the session was not
+         initialized properly
+       * fixed Accounting-Stop statistics in cases where the message was
+         previously sent after the kernel entry for the STA (and/or IEEE
+         802.1X data) was removed
+
+
+Note:
+
+Older changes up to and including v0.1.0 are included in the ChangeLog
+of the Host AP driver.
diff --git a/contrib/hostapd/hostapd/README b/contrib/hostapd/hostapd/README
new file mode 100644 (file)
index 0000000..50868ee
--- /dev/null
@@ -0,0 +1,372 @@
+hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP
+         Authenticator and RADIUS authentication server
+================================================================
+
+Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi> and contributors
+All Rights Reserved.
+
+This program is licensed under the BSD license (the one with
+advertisement clause removed).
+
+If you are submitting changes to the project, please see CONTRIBUTIONS
+file for more instructions.
+
+
+
+License
+-------
+
+This software may be distributed, used, and modified under the terms of
+BSD license:
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+3. Neither the name(s) of the above-listed copyright holder(s) nor the
+   names of its contributors may be used to endorse or promote products
+   derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+
+Introduction
+============
+
+Originally, hostapd was an optional user space component for Host AP
+driver. It adds more features to the basic IEEE 802.11 management
+included in the kernel driver: using external RADIUS authentication
+server for MAC address based access control, IEEE 802.1X Authenticator
+and dynamic WEP keying, RADIUS accounting, WPA/WPA2 (IEEE 802.11i/RSN)
+Authenticator and dynamic TKIP/CCMP keying.
+
+The current version includes support for other drivers, an integrated
+EAP server (i.e., allow full authentication without requiring
+an external RADIUS authentication server), and RADIUS authentication
+server for EAP authentication.
+
+
+Requirements
+------------
+
+Current hardware/software requirements:
+- drivers:
+       Host AP driver for Prism2/2.5/3.
+       (http://hostap.epitest.fi/)
+       Please note that station firmware version needs to be 1.7.0 or newer
+       to work in WPA mode.
+
+       madwifi driver for cards based on Atheros chip set (ar521x)
+       (http://sourceforge.net/projects/madwifi/)
+       Please note that you will need to add the correct path for
+       madwifi driver root directory in .config (see defconfig file for
+       an example: CFLAGS += -I<path>)
+
+       mac80211-based drivers that support AP mode (with driver=nl80211).
+       This includes drivers for Atheros (ath9k) and Broadcom (b43)
+       chipsets.
+
+       Any wired Ethernet driver for wired IEEE 802.1X authentication
+       (experimental code)
+
+       FreeBSD -current (with some kernel mods that have not yet been
+       committed when hostapd v0.3.0 was released)
+       BSD net80211 layer (e.g., Atheros driver)
+
+
+Build configuration
+-------------------
+
+In order to be able to build hostapd, you will need to create a build
+time configuration file, .config that selects which optional
+components are included. See defconfig file for example configuration
+and list of available options.
+
+
+
+IEEE 802.1X
+===========
+
+IEEE Std 802.1X-2001 is a standard for port-based network access
+control. In case of IEEE 802.11 networks, a "virtual port" is used
+between each associated station and the AP. IEEE 802.11 specifies
+minimal authentication mechanism for stations, whereas IEEE 802.1X
+introduces a extensible mechanism for authenticating and authorizing
+users.
+
+IEEE 802.1X uses elements called Supplicant, Authenticator, Port
+Access Entity, and Authentication Server. Supplicant is a component in
+a station and it performs the authentication with the Authentication
+Server. An access point includes an Authenticator that relays the packets
+between a Supplicant and an Authentication Server. In addition, it has a
+Port Access Entity (PAE) with Authenticator functionality for
+controlling the virtual port authorization, i.e., whether to accept
+packets from or to the station.
+
+IEEE 802.1X uses Extensible Authentication Protocol (EAP). The frames
+between a Supplicant and an Authenticator are sent using EAP over LAN
+(EAPOL) and the Authenticator relays these frames to the Authentication
+Server (and similarly, relays the messages from the Authentication
+Server to the Supplicant). The Authentication Server can be colocated with the
+Authenticator, in which case there is no need for additional protocol
+for EAP frame transmission. However, a more common configuration is to
+use an external Authentication Server and encapsulate EAP frame in the
+frames used by that server. RADIUS is suitable for this, but IEEE
+802.1X would also allow other mechanisms.
+
+Host AP driver includes PAE functionality in the kernel driver. It
+is a relatively simple mechanism for denying normal frames going to
+or coming from an unauthorized port. PAE allows IEEE 802.1X related
+frames to be passed between the Supplicant and the Authenticator even
+on an unauthorized port.
+
+User space daemon, hostapd, includes Authenticator functionality. It
+receives 802.1X (EAPOL) frames from the Supplicant using the wlan#ap
+device that is also used with IEEE 802.11 management frames. The
+frames to the Supplicant are sent using the same device.
+
+The normal configuration of the Authenticator would use an external
+Authentication Server. hostapd supports RADIUS encapsulation of EAP
+packets, so the Authentication Server should be a RADIUS server, like
+FreeRADIUS (http://www.freeradius.org/). The Authenticator in hostapd
+relays the frames between the Supplicant and the Authentication
+Server. It also controls the PAE functionality in the kernel driver by
+controlling virtual port authorization, i.e., station-AP
+connection, based on the IEEE 802.1X state.
+
+When a station would like to use the services of an access point, it
+will first perform IEEE 802.11 authentication. This is normally done
+with open systems authentication, so there is no security. After
+this, IEEE 802.11 association is performed. If IEEE 802.1X is
+configured to be used, the virtual port for the station is set in
+Unauthorized state and only IEEE 802.1X frames are accepted at this
+point. The Authenticator will then ask the Supplicant to authenticate
+with the Authentication Server. After this is completed successfully,
+the virtual port is set to Authorized state and frames from and to the
+station are accepted.
+
+Host AP configuration for IEEE 802.1X
+-------------------------------------
+
+The user space daemon has its own configuration file that can be used to
+define AP options. Distribution package contains an example
+configuration file (hostapd/hostapd.conf) that can be used as a basis
+for configuration. It includes examples of all supported configuration
+options and short description of each option. hostapd should be started
+with full path to the configuration file as the command line argument,
+e.g., './hostapd /etc/hostapd.conf'. If you have more that one wireless
+LAN card, you can use one hostapd process for multiple interfaces by
+giving a list of configuration files (one per interface) in the command
+line.
+
+hostapd includes a minimal co-located IEEE 802.1X server which can be
+used to test IEEE 802.1X authentication. However, it should not be
+used in normal use since it does not provide any security. This can be
+configured by setting ieee8021x and minimal_eap options in the
+configuration file.
+
+An external Authentication Server (RADIUS) is configured with
+auth_server_{addr,port,shared_secret} options. In addition,
+ieee8021x and own_ip_addr must be set for this mode. With such
+configuration, the co-located Authentication Server is not used and EAP
+frames will be relayed using EAPOL between the Supplicant and the
+Authenticator and RADIUS encapsulation between the Authenticator and
+the Authentication Server. Other than this, the functionality is similar
+to the case with the co-located Authentication Server.
+
+Authentication Server and Supplicant
+------------------------------------
+
+Any RADIUS server supporting EAP should be usable as an IEEE 802.1X
+Authentication Server with hostapd Authenticator. FreeRADIUS
+(http://www.freeradius.org/) has been successfully tested with hostapd
+Authenticator and both Xsupplicant (http://www.open1x.org) and Windows
+XP Supplicants. EAP/TLS was used with Xsupplicant and
+EAP/MD5-Challenge with Windows XP.
+
+http://www.missl.cs.umd.edu/wireless/eaptls/ has useful information
+about using EAP/TLS with FreeRADIUS and Xsupplicant (just replace
+Cisco access point with Host AP driver, hostapd daemon, and a Prism2
+card ;-). http://www.freeradius.org/doc/EAP-MD5.html has information
+about using EAP/MD5 with FreeRADIUS, including instructions for WinXP
+configuration. http://www.denobula.com/EAPTLS.pdf has a HOWTO on
+EAP/TLS use with WinXP Supplicant.
+
+Automatic WEP key configuration
+-------------------------------
+
+EAP/TLS generates a session key that can be used to send WEP keys from
+an AP to authenticated stations. The Authenticator in hostapd can be
+configured to automatically select a random default/broadcast key
+(shared by all authenticated stations) with wep_key_len_broadcast
+option (5 for 40-bit WEP or 13 for 104-bit WEP). In addition,
+wep_key_len_unicast option can be used to configure individual unicast
+keys for stations. This requires support for individual keys in the
+station driver.
+
+WEP keys can be automatically updated by configuring rekeying. This
+will improve security of the network since same WEP key will only be
+used for a limited period of time. wep_rekey_period option sets the
+interval for rekeying in seconds.
+
+
+WPA/WPA2
+========
+
+Features
+--------
+
+Supported WPA/IEEE 802.11i features:
+- WPA-PSK ("WPA-Personal")
+- WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise")
+- key management for CCMP, TKIP, WEP104, WEP40
+- RSN/WPA2 (IEEE 802.11i), including PMKSA caching and pre-authentication
+
+WPA
+---
+
+The original security mechanism of IEEE 802.11 standard was not
+designed to be strong and has proved to be insufficient for most
+networks that require some kind of security. Task group I (Security)
+of IEEE 802.11 working group (http://www.ieee802.org/11/) has worked
+to address the flaws of the base standard and has in practice
+completed its work in May 2004. The IEEE 802.11i amendment to the IEEE
+802.11 standard was approved in June 2004 and this amendment is likely
+to be published in July 2004.
+
+Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version of the
+IEEE 802.11i work (draft 3.0) to define a subset of the security
+enhancements that can be implemented with existing wlan hardware. This
+is called Wi-Fi Protected Access<TM> (WPA). This has now become a
+mandatory component of interoperability testing and certification done
+by Wi-Fi Alliance. Wi-Fi provides information about WPA at its web
+site (http://www.wi-fi.org/OpenSection/protected_access.asp).
+
+IEEE 802.11 standard defined wired equivalent privacy (WEP) algorithm
+for protecting wireless networks. WEP uses RC4 with 40-bit keys,
+24-bit initialization vector (IV), and CRC32 to protect against packet
+forgery. All these choices have proven to be insufficient: key space is
+too small against current attacks, RC4 key scheduling is insufficient
+(beginning of the pseudorandom stream should be skipped), IV space is
+too small and IV reuse makes attacks easier, there is no replay
+protection, and non-keyed authentication does not protect against bit
+flipping packet data.
+
+WPA is an intermediate solution for the security issues. It uses
+Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP is a
+compromise on strong security and possibility to use existing
+hardware. It still uses RC4 for the encryption like WEP, but with
+per-packet RC4 keys. In addition, it implements replay protection,
+keyed packet authentication mechanism (Michael MIC).
+
+Keys can be managed using two different mechanisms. WPA can either use
+an external authentication server (e.g., RADIUS) and EAP just like
+IEEE 802.1X is using or pre-shared keys without need for additional
+servers. Wi-Fi calls these "WPA-Enterprise" and "WPA-Personal",
+respectively. Both mechanisms will generate a master session key for
+the Authenticator (AP) and Supplicant (client station).
+
+WPA implements a new key handshake (4-Way Handshake and Group Key
+Handshake) for generating and exchanging data encryption keys between
+the Authenticator and Supplicant. This handshake is also used to
+verify that both Authenticator and Supplicant know the master session
+key. These handshakes are identical regardless of the selected key
+management mechanism (only the method for generating master session
+key changes).
+
+
+IEEE 802.11i / WPA2
+-------------------
+
+The design for parts of IEEE 802.11i that were not included in WPA has
+finished (May 2004) and this amendment to IEEE 802.11 was approved in
+June 2004. Wi-Fi Alliance is using the final IEEE 802.11i as a new
+version of WPA called WPA2. This includes, e.g., support for more
+robust encryption algorithm (CCMP: AES in Counter mode with CBC-MAC)
+to replace TKIP and optimizations for handoff (reduced number of
+messages in initial key handshake, pre-authentication, and PMKSA caching).
+
+Some wireless LAN vendors are already providing support for CCMP in
+their WPA products. There is no "official" interoperability
+certification for CCMP and/or mixed modes using both TKIP and CCMP, so
+some interoperability issues can be expected even though many
+combinations seem to be working with equipment from different vendors.
+Testing for WPA2 is likely to start during the second half of 2004.
+
+hostapd configuration for WPA/WPA2
+----------------------------------
+
+TODO
+
+# Enable WPA. Setting this variable configures the AP to require WPA (either
+# WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either
+# wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK.
+# For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys),
+# RADIUS authentication server must be configured, and WPA-EAP must be included
+# in wpa_key_mgmt.
+# This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
+# and/or WPA2 (full IEEE 802.11i/RSN):
+# bit0 = WPA
+# bit1 = IEEE 802.11i/RSN (WPA2)
+#wpa=1
+
+# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit
+# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase
+# (8..63 characters) that will be converted to PSK. This conversion uses SSID
+# so the PSK changes when ASCII passphrase is used and the SSID is changed.
+#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
+#wpa_passphrase=secret passphrase
+
+# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The
+# entries are separated with a space.
+#wpa_key_mgmt=WPA-PSK WPA-EAP
+
+# Set of accepted cipher suites (encryption algorithms) for pairwise keys
+# (unicast packets). This is a space separated list of algorithms:
+# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i]
+# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i]
+# Group cipher suite (encryption algorithm for broadcast and multicast frames)
+# is automatically selected based on this configuration. If only CCMP is
+# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
+# TKIP will be used as the group cipher.
+#wpa_pairwise=TKIP CCMP
+
+# Time interval for rekeying GTK (broadcast/multicast encryption keys) in
+# seconds.
+#wpa_group_rekey=600
+
+# Time interval for rekeying GMK (master key used internally to generate GTKs
+# (in seconds).
+#wpa_gmk_rekey=86400
+
+# Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up
+# roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN
+# authentication and key handshake before actually associating with a new AP.
+#rsn_preauth=1
+#
+# Space separated list of interfaces from which pre-authentication frames are
+# accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This list should include all
+# interface that are used for connections to other APs. This could include
+# wired interfaces and WDS links. The normal wireless data interface towards
+# associated stations (e.g., wlan0) should not be added, since
+# pre-authentication is only used with APs other than the currently associated
+# one.
+#rsn_preauth_interfaces=eth0
diff --git a/contrib/hostapd/hostapd/README-WPS b/contrib/hostapd/hostapd/README-WPS
new file mode 100644 (file)
index 0000000..654b5bc
--- /dev/null
@@ -0,0 +1,354 @@
+hostapd and Wi-Fi Protected Setup (WPS)
+=======================================
+
+This document describes how the WPS implementation in hostapd can be
+configured and how an external component on an AP (e.g., web UI) is
+used to enable enrollment of client devices.
+
+
+Introduction to WPS
+-------------------
+
+Wi-Fi Protected Setup (WPS) is a mechanism for easy configuration of a
+wireless network. It allows automated generation of random keys (WPA
+passphrase/PSK) and configuration of an access point and client
+devices. WPS includes number of methods for setting up connections
+with PIN method and push-button configuration (PBC) being the most
+commonly deployed options.
+
+While WPS can enable more home networks to use encryption in the
+wireless network, it should be noted that the use of the PIN and
+especially PBC mechanisms for authenticating the initial key setup is
+not very secure. As such, use of WPS may not be suitable for
+environments that require secure network access without chance for
+allowing outsiders to gain access during the setup phase.
+
+WPS uses following terms to describe the entities participating in the
+network setup:
+- access point: the WLAN access point
+- Registrar: a device that control a network and can authorize
+  addition of new devices); this may be either in the AP ("internal
+  Registrar") or in an external device, e.g., a laptop, ("external
+  Registrar")
+- Enrollee: a device that is being authorized to use the network
+
+It should also be noted that the AP and a client device may change
+roles (i.e., AP acts as an Enrollee and client device as a Registrar)
+when WPS is used to configure the access point.
+
+
+More information about WPS is available from Wi-Fi Alliance:
+http://www.wi-fi.org/wifi-protected-setup
+
+
+hostapd implementation
+----------------------
+
+hostapd includes an optional WPS component that can be used as an
+internal WPS Registrar to manage addition of new WPS enabled clients
+to the network. In addition, WPS Enrollee functionality in hostapd can
+be used to allow external WPS Registrars to configure the access
+point, e.g., for initial network setup. In addition, hostapd can proxy a
+WPS registration between a wireless Enrollee and an external Registrar
+(e.g., Microsoft Vista or Atheros JumpStart) with UPnP.
+
+
+hostapd configuration
+---------------------
+
+WPS is an optional component that needs to be enabled in hostapd build
+configuration (.config). Here is an example configuration that
+includes WPS support and uses madwifi driver interface:
+
+CONFIG_DRIVER_MADWIFI=y
+CFLAGS += -I/usr/src/madwifi-0.9.3
+CONFIG_WPS=y
+CONFIG_WPS2=y
+CONFIG_WPS_UPNP=y
+
+Following parameter can be used to enable support for NFC config method:
+
+CONFIG_WPS_NFC=y
+
+
+Following section shows an example runtime configuration
+(hostapd.conf) that enables WPS:
+
+# Configure the driver and network interface
+driver=madwifi
+interface=ath0
+
+# WPA2-Personal configuration for the AP
+ssid=wps-test
+wpa=2
+wpa_key_mgmt=WPA-PSK
+wpa_pairwise=CCMP
+# Default WPA passphrase for legacy (non-WPS) clients
+wpa_passphrase=12345678
+# Enable random per-device PSK generation for WPS clients
+# Please note that the file has to exists for hostapd to start (i.e., create an
+# empty file as a starting point).
+wpa_psk_file=/etc/hostapd.psk
+
+# Enable control interface for PBC/PIN entry
+ctrl_interface=/var/run/hostapd
+
+# Enable internal EAP server for EAP-WSC (part of Wi-Fi Protected Setup)
+eap_server=1
+
+# WPS configuration (AP configured, do not allow external WPS Registrars)
+wps_state=2
+ap_setup_locked=1
+# If UUID is not configured, it will be generated based on local MAC address.
+uuid=87654321-9abc-def0-1234-56789abc0000
+wps_pin_requests=/var/run/hostapd.pin-req
+device_name=Wireless AP
+manufacturer=Company
+model_name=WAP
+model_number=123
+serial_number=12345
+device_type=6-0050F204-1
+os_version=01020300
+config_methods=label display push_button keypad
+
+# if external Registrars are allowed, UPnP support could be added:
+#upnp_iface=br0
+#friendly_name=WPS Access Point
+
+
+External operations
+-------------------
+
+WPS requires either a device PIN code (usually, 8-digit number) or a
+pushbutton event (for PBC) to allow a new WPS Enrollee to join the
+network. hostapd uses the control interface as an input channel for
+these events.
+
+The PIN value used in the commands must be processed by an UI to
+remove non-digit characters and potentially, to verify the checksum
+digit. "hostapd_cli wps_check_pin <PIN>" can be used to do such
+processing. It returns FAIL if the PIN is invalid, or FAIL-CHECKSUM if
+the checksum digit is incorrect, or the processed PIN (non-digit
+characters removed) if the PIN is valid.
+
+When a client device (WPS Enrollee) connects to hostapd (WPS
+Registrar) in order to start PIN mode negotiation for WPS, an
+identifier (Enrollee UUID) is sent. hostapd will need to be configured
+with a device password (PIN) for this Enrollee. This is an operation
+that requires user interaction (assuming there are no pre-configured
+PINs on the AP for a set of Enrollee).
+
+The PIN request with information about the device is appended to the
+wps_pin_requests file (/var/run/hostapd.pin-req in this example). In
+addition, hostapd control interface event is sent as a notification of
+a new device. The AP could use, e.g., a web UI for showing active
+Enrollees to the user and request a PIN for an Enrollee.
+
+The PIN request file has one line for every Enrollee that connected to
+the AP, but for which there was no PIN. Following information is
+provided for each Enrollee (separated with tabulators):
+- timestamp (seconds from 1970-01-01)
+- Enrollee UUID
+- MAC address
+- Device name
+- Manufacturer
+- Model Name
+- Model Number
+- Serial Number
+- Device category
+
+Example line in the /var/run/hostapd.pin-req file:
+1200188391     53b63a98-d29e-4457-a2ed-094d7e6a669c    Intel(R) Centrino(R)    Intel Corporation       Intel(R) Centrino(R)    -       -       1-0050F204-1
+
+Control interface data:
+WPS-PIN-NEEDED [UUID-E|MAC Address|Device Name|Manufacturer|Model Name|Model Number|Serial Number|Device Category]
+For example:
+<2>WPS-PIN-NEEDED [53b63a98-d29e-4457-a2ed-094d7e6a669c|02:12:34:56:78:9a|Device|Manuf|Model|Model Number|Serial Number|1-0050F204-1]
+
+When the user enters a PIN for a pending Enrollee, e.g., on the web
+UI), hostapd needs to be notified of the new PIN over the control
+interface. This can be done either by using the UNIX domain socket
+-based control interface directly (src/common/wpa_ctrl.c provides
+helper functions for using the interface) or by calling hostapd_cli.
+
+Example command to add a PIN (12345670) for an Enrollee:
+
+hostapd_cli wps_pin 53b63a98-d29e-4457-a2ed-094d7e6a669c 12345670
+
+If the UUID-E is not available (e.g., Enrollee waits for the Registrar
+to be selected before connecting), wildcard UUID may be used to allow
+the PIN to be used once with any UUID:
+
+hostapd_cli wps_pin any 12345670
+
+To reduce likelihood of PIN being used with other devices or of
+forgetting an active PIN available for potential attackers, expiration
+time in seconds can be set for the new PIN (value 0 indicates no
+expiration):
+
+hostapd_cli wps_pin any 12345670 300
+
+If the MAC address of the enrollee is known, it should be configured
+to allow the AP to advertise list of authorized enrollees:
+
+hostapd_cli wps_pin 53b63a98-d29e-4457-a2ed-094d7e6a669c \
+       12345670 300 00:11:22:33:44:55
+
+
+After this, the Enrollee can connect to the AP again and complete WPS
+negotiation. At that point, a new, random WPA PSK is generated for the
+client device and the client can then use that key to connect to the
+AP to access the network.
+
+
+If the AP includes a pushbutton, WPS PBC mode can be used. It is
+enabled by pushing a button on both the AP and the client at about the
+same time (2 minute window). hostapd needs to be notified about the AP
+button pushed event over the control interface, e.g., by calling
+hostapd_cli:
+
+hostapd_cli wps_pbc
+
+At this point, the client has two minutes to complete WPS negotiation
+which will generate a new WPA PSK in the same way as the PIN method
+described above.
+
+
+When an external Registrar is used, the AP can act as an Enrollee and
+use its AP PIN. A static AP PIN (e.g., one one a label in the AP
+device) can be configured in hostapd.conf (ap_pin parameter). A more
+secure option is to use hostapd_cli wps_ap_pin command to enable the
+AP PIN only based on user action (and even better security by using a
+random AP PIN for each session, i.e., by using "wps_ap_pin random"
+command with a timeout value). Following commands are available for
+managing the dynamic AP PIN operations:
+
+hostapd_cli wps_ap_pin disable
+- disable AP PIN (i.e., do not allow external Registrars to use it to
+  learn the current AP settings or to reconfigure the AP)
+
+hostapd_cli wps_ap_pin random [timeout]
+- generate a random AP PIN and enable it
+- if the optional timeout parameter is given, the AP PIN will be enabled
+  for the specified number of seconds
+
+hostapd_cli wps_ap_pin get
+- fetch the current AP PIN
+
+hostapd_cli wps_ap_pin set <PIN> [timeout]
+- set the AP PIN and enable it
+- if the optional timeout parameter is given, the AP PIN will be enabled
+  for the specified number of seconds
+
+hostapd_cli get_config
+- display the current configuration
+
+hostapd_cli wps_config <new SSID> <auth> <encr> <new key>
+examples:
+  hostapd_cli wps_config testing WPA2PSK CCMP 12345678
+  hostapd_cli wps_config "no security" OPEN NONE ""
+
+<auth> must be one of the following: OPEN WPAPSK WPA2PSK
+<encr> must be one of the following: NONE WEP TKIP CCMP
+
+
+Credential generation and configuration changes
+-----------------------------------------------
+
+By default, hostapd generates credentials for Enrollees and processing
+AP configuration updates internally. However, it is possible to
+control these operations from external programs, if desired.
+
+The internal credential generation can be disabled with
+skip_cred_build=1 option in the configuration. extra_cred option will
+then need to be used to provide pre-configured Credential attribute(s)
+for hostapd to use. The exact data from this binary file will be sent,
+i.e., it will have to include valid WPS attributes. extra_cred can
+also be used to add additional networks if the Registrar is used to
+configure credentials for multiple networks.
+
+Processing of received configuration updates can be disabled with
+wps_cred_processing=1 option. When this is used, an external program
+is responsible for creating hostapd configuration files and processing
+configuration updates based on messages received from hostapd over
+control interface. This will also include the initial configuration on
+first successful registration if the AP is initially set in
+unconfigured state.
+
+Following control interface messages are sent out for external programs:
+
+WPS-REG-SUCCESS <Enrollee MAC address <UUID-E>
+For example:
+<2>WPS-REG-SUCCESS 02:66:a0:ee:17:27 2b7093f1-d6fb-5108-adbb-bea66bb87333
+
+This can be used to trigger change from unconfigured to configured
+state (random configuration based on the first successful WPS
+registration). In addition, this can be used to update AP UI about the
+status of WPS registration progress.
+
+
+WPS-NEW-AP-SETTINGS <hexdump of AP Setup attributes>
+For example:
+<2>WPS-NEW-AP-SETTINGS 10260001011045000c6a6b6d2d7770732d74657374100300020020100f00020008102700403065346230343536633236366665306433396164313535346131663462663731323433376163666462376633393965353466316631623032306164343438623510200006024231cede15101e000844
+
+This can be used to update the externally stored AP configuration and
+then update hostapd configuration (followed by restarting of hostapd).
+
+
+WPS with NFC
+------------
+
+WPS can be used with NFC-based configuration method. An NFC tag
+containing a password token from the Enrollee can be used to
+authenticate the connection instead of the PIN. In addition, an NFC tag
+with a configuration token can be used to transfer AP settings without
+going through the WPS protocol.
+
+When the AP acts as an Enrollee, a local NFC tag with a password token
+can be used by touching the NFC interface of an external Registrar. The
+wps_nfc_token command is used to manage use of the NFC password token
+from the AP. "wps_nfc_token enable" enables the use of the AP's NFC
+password token (in place of AP PIN) and "wps_nfc_token disable" disables
+the NFC password token.
+
+The NFC password token that is either pre-configured in the
+configuration file (wps_nfc_dev_pw_id, wps_nfc_dh_pubkey,
+wps_nfc_dh_privkey, wps_nfc_dev_pw) or generated dynamically with
+"wps_nfc_token <WPS|NDEF>" command. The nfc_pw_token tool from
+wpa_supplicant can be used to generate NFC password tokens during
+manufacturing (each AP needs to have its own random keys).
+
+The "wps_nfc_config_token <WPS/NDEF>" command can be used to build an
+NFC configuration token. The output value from this command is a hexdump
+of the current AP configuration (WPS parameter requests this to include
+only the WPS attributes; NDEF parameter requests additional NDEF
+encapsulation to be included). This data needs to be written to an NFC
+tag with an external program. Once written, the NFC configuration token
+can be used to touch an NFC interface on a station to provision the
+credentials needed to access the network.
+
+When the NFC device on the AP reads an NFC tag with a MIME media type
+"application/vnd.wfa.wsc", the NDEF message payload (with or without
+NDEF encapsulation) can be delivered to hostapd using the
+following hostapd_cli command:
+
+wps_nfc_tag_read <hexdump of payload>
+
+If the NFC tag contains a password token, the token is added to the
+internal Registrar. This allows station Enrollee from which the password
+token was received to run through WPS protocol to provision the
+credential.
+
+"nfc_get_handover_sel <NDEF> <WPS>" command can be used to build the
+contents of a Handover Select Message for connection handover when this
+does not depend on the contents of the Handover Request Message. The
+first argument selects the format of the output data and the second
+argument selects which type of connection handover is requested (WPS =
+Wi-Fi handover as specified in WSC 2.0).
+
+"nfc_report_handover <INIT/RESP> WPS <carrier from handover request>
+<carrier from handover select>" is used to report completed NFC
+connection handover. The first parameter indicates whether the local
+device initiated or responded to the connection handover and the carrier
+records are the selected carrier from the handover request and select
+messages as a hexdump.
diff --git a/contrib/hostapd/hostapd/config_file.c b/contrib/hostapd/hostapd/config_file.c
new file mode 100644 (file)
index 0000000..54e4af9
--- /dev/null
@@ -0,0 +1,3030 @@
+/*
+ * hostapd / Configuration file parser
+ * Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+#ifndef CONFIG_NATIVE_WINDOWS
+#include <grp.h>
+#endif /* CONFIG_NATIVE_WINDOWS */
+
+#include "utils/common.h"
+#include "utils/uuid.h"
+#include "common/ieee802_11_defs.h"
+#include "drivers/driver.h"
+#include "eap_server/eap.h"
+#include "radius/radius_client.h"
+#include "ap/wpa_auth.h"
+#include "ap/ap_config.h"
+#include "config_file.h"
+
+
+#ifndef CONFIG_NO_VLAN
+static int hostapd_config_read_vlan_file(struct hostapd_bss_config *bss,
+                                        const char *fname)
+{
+       FILE *f;
+       char buf[128], *pos, *pos2;
+       int line = 0, vlan_id;
+       struct hostapd_vlan *vlan;
+
+       f = fopen(fname, "r");
+       if (!f) {
+               wpa_printf(MSG_ERROR, "VLAN file '%s' not readable.", fname);
+               return -1;
+       }
+
+       while (fgets(buf, sizeof(buf), f)) {
+               line++;
+
+               if (buf[0] == '#')
+                       continue;
+               pos = buf;
+               while (*pos != '\0') {
+                       if (*pos == '\n') {
+                               *pos = '\0';
+                               break;
+                       }
+                       pos++;
+               }
+               if (buf[0] == '\0')
+                       continue;
+
+               if (buf[0] == '*') {
+                       vlan_id = VLAN_ID_WILDCARD;
+                       pos = buf + 1;
+               } else {
+                       vlan_id = strtol(buf, &pos, 10);
+                       if (buf == pos || vlan_id < 1 ||
+                           vlan_id > MAX_VLAN_ID) {
+                               wpa_printf(MSG_ERROR, "Invalid VLAN ID at "
+                                          "line %d in '%s'", line, fname);
+                               fclose(f);
+                               return -1;
+                       }
+               }
+
+               while (*pos == ' ' || *pos == '\t')
+                       pos++;
+               pos2 = pos;
+               while (*pos2 != ' ' && *pos2 != '\t' && *pos2 != '\0')
+                       pos2++;
+               *pos2 = '\0';
+               if (*pos == '\0' || os_strlen(pos) > IFNAMSIZ) {
+                       wpa_printf(MSG_ERROR, "Invalid VLAN ifname at line %d "
+                                  "in '%s'", line, fname);
+                       fclose(f);
+                       return -1;
+               }
+
+               vlan = os_zalloc(sizeof(*vlan));
+               if (vlan == NULL) {
+                       wpa_printf(MSG_ERROR, "Out of memory while reading "
+                                  "VLAN interfaces from '%s'", fname);
+                       fclose(f);
+                       return -1;
+               }
+
+               vlan->vlan_id = vlan_id;
+               os_strlcpy(vlan->ifname, pos, sizeof(vlan->ifname));
+               vlan->next = bss->vlan;
+               bss->vlan = vlan;
+       }
+
+       fclose(f);
+
+       return 0;
+}
+#endif /* CONFIG_NO_VLAN */
+
+
+static int hostapd_acl_comp(const void *a, const void *b)
+{
+       const struct mac_acl_entry *aa = a;
+       const struct mac_acl_entry *bb = b;
+       return os_memcmp(aa->addr, bb->addr, sizeof(macaddr));
+}
+
+
+static int hostapd_config_read_maclist(const char *fname,
+                                      struct mac_acl_entry **acl, int *num)
+{
+       FILE *f;
+       char buf[128], *pos;
+       int line = 0;
+       u8 addr[ETH_ALEN];
+       struct mac_acl_entry *newacl;
+       int vlan_id;
+
+       if (!fname)
+               return 0;
+
+       f = fopen(fname, "r");
+       if (!f) {
+               wpa_printf(MSG_ERROR, "MAC list file '%s' not found.", fname);
+               return -1;
+       }
+
+       while (fgets(buf, sizeof(buf), f)) {
+               line++;
+
+               if (buf[0] == '#')
+                       continue;
+               pos = buf;
+               while (*pos != '\0') {
+                       if (*pos == '\n') {
+                               *pos = '\0';
+                               break;
+                       }
+                       pos++;
+               }
+               if (buf[0] == '\0')
+                       continue;
+
+               if (hwaddr_aton(buf, addr)) {
+                       wpa_printf(MSG_ERROR, "Invalid MAC address '%s' at "
+                                  "line %d in '%s'", buf, line, fname);
+                       fclose(f);
+                       return -1;
+               }
+
+               vlan_id = 0;
+               pos = buf;
+               while (*pos != '\0' && *pos != ' ' && *pos != '\t')
+                       pos++;
+               while (*pos == ' ' || *pos == '\t')
+                       pos++;
+               if (*pos != '\0')
+                       vlan_id = atoi(pos);
+
+               newacl = os_realloc_array(*acl, *num + 1, sizeof(**acl));
+               if (newacl == NULL) {
+                       wpa_printf(MSG_ERROR, "MAC list reallocation failed");
+                       fclose(f);
+                       return -1;
+               }
+
+               *acl = newacl;
+               os_memcpy((*acl)[*num].addr, addr, ETH_ALEN);
+               (*acl)[*num].vlan_id = vlan_id;
+               (*num)++;
+       }
+
+       fclose(f);
+
+       qsort(*acl, *num, sizeof(**acl), hostapd_acl_comp);
+
+       return 0;
+}
+
+
+#ifdef EAP_SERVER
+static int hostapd_config_read_eap_user(const char *fname,
+                                       struct hostapd_bss_config *conf)
+{
+       FILE *f;
+       char buf[512], *pos, *start, *pos2;
+       int line = 0, ret = 0, num_methods;
+       struct hostapd_eap_user *user, *tail = NULL;
+
+       if (!fname)
+               return 0;
+
+       if (os_strncmp(fname, "sqlite:", 7) == 0) {
+               os_free(conf->eap_user_sqlite);
+               conf->eap_user_sqlite = os_strdup(fname + 7);
+               return 0;
+       }
+
+       f = fopen(fname, "r");
+       if (!f) {
+               wpa_printf(MSG_ERROR, "EAP user file '%s' not found.", fname);
+               return -1;
+       }
+
+       /* Lines: "user" METHOD,METHOD2 "password" (password optional) */
+       while (fgets(buf, sizeof(buf), f)) {
+               line++;
+
+               if (buf[0] == '#')
+                       continue;
+               pos = buf;
+               while (*pos != '\0') {
+                       if (*pos == '\n') {
+                               *pos = '\0';
+                               break;
+                       }
+                       pos++;
+               }
+               if (buf[0] == '\0')
+                       continue;
+
+               user = NULL;
+
+               if (buf[0] != '"' && buf[0] != '*') {
+                       wpa_printf(MSG_ERROR, "Invalid EAP identity (no \" in "
+                                  "start) on line %d in '%s'", line, fname);
+                       goto failed;
+               }
+
+               user = os_zalloc(sizeof(*user));
+               if (user == NULL) {
+                       wpa_printf(MSG_ERROR, "EAP user allocation failed");
+                       goto failed;
+               }
+               user->force_version = -1;
+
+               if (buf[0] == '*') {
+                       pos = buf;
+               } else {
+                       pos = buf + 1;
+                       start = pos;
+                       while (*pos != '"' && *pos != '\0')
+                               pos++;
+                       if (*pos == '\0') {
+                               wpa_printf(MSG_ERROR, "Invalid EAP identity "
+                                          "(no \" in end) on line %d in '%s'",
+                                          line, fname);
+                               goto failed;
+                       }
+
+                       user->identity = os_malloc(pos - start);
+                       if (user->identity == NULL) {
+                               wpa_printf(MSG_ERROR, "Failed to allocate "
+                                          "memory for EAP identity");
+                               goto failed;
+                       }
+                       os_memcpy(user->identity, start, pos - start);
+                       user->identity_len = pos - start;
+
+                       if (pos[0] == '"' && pos[1] == '*') {
+                               user->wildcard_prefix = 1;
+                               pos++;
+                       }
+               }
+               pos++;
+               while (*pos == ' ' || *pos == '\t')
+                       pos++;
+
+               if (*pos == '\0') {
+                       wpa_printf(MSG_ERROR, "No EAP method on line %d in "
+                                  "'%s'", line, fname);
+                       goto failed;
+               }
+
+               start = pos;
+               while (*pos != ' ' && *pos != '\t' && *pos != '\0')
+                       pos++;
+               if (*pos == '\0') {
+                       pos = NULL;
+               } else {
+                       *pos = '\0';
+                       pos++;
+               }
+               num_methods = 0;
+               while (*start) {
+                       char *pos3 = os_strchr(start, ',');
+                       if (pos3) {
+                               *pos3++ = '\0';
+                       }
+                       user->methods[num_methods].method =
+                               eap_server_get_type(
+                                       start,
+                                       &user->methods[num_methods].vendor);
+                       if (user->methods[num_methods].vendor ==
+                           EAP_VENDOR_IETF &&
+                           user->methods[num_methods].method == EAP_TYPE_NONE)
+                       {
+                               if (os_strcmp(start, "TTLS-PAP") == 0) {
+                                       user->ttls_auth |= EAP_TTLS_AUTH_PAP;
+                                       goto skip_eap;
+                               }
+                               if (os_strcmp(start, "TTLS-CHAP") == 0) {
+                                       user->ttls_auth |= EAP_TTLS_AUTH_CHAP;
+                                       goto skip_eap;
+                               }
+                               if (os_strcmp(start, "TTLS-MSCHAP") == 0) {
+                                       user->ttls_auth |=
+                                               EAP_TTLS_AUTH_MSCHAP;
+                                       goto skip_eap;
+                               }
+                               if (os_strcmp(start, "TTLS-MSCHAPV2") == 0) {
+                                       user->ttls_auth |=
+                                               EAP_TTLS_AUTH_MSCHAPV2;
+                                       goto skip_eap;
+                               }
+                               wpa_printf(MSG_ERROR, "Unsupported EAP type "
+                                          "'%s' on line %d in '%s'",
+                                          start, line, fname);
+                               goto failed;
+                       }
+
+                       num_methods++;
+                       if (num_methods >= EAP_MAX_METHODS)
+                               break;
+               skip_eap:
+                       if (pos3 == NULL)
+                               break;
+                       start = pos3;
+               }
+               if (num_methods == 0 && user->ttls_auth == 0) {
+                       wpa_printf(MSG_ERROR, "No EAP types configured on "
+                                  "line %d in '%s'", line, fname);
+                       goto failed;
+               }
+
+               if (pos == NULL)
+                       goto done;
+
+               while (*pos == ' ' || *pos == '\t')
+                       pos++;
+               if (*pos == '\0')
+                       goto done;
+
+               if (os_strncmp(pos, "[ver=0]", 7) == 0) {
+                       user->force_version = 0;
+                       goto done;
+               }
+
+               if (os_strncmp(pos, "[ver=1]", 7) == 0) {
+                       user->force_version = 1;
+                       goto done;
+               }
+
+               if (os_strncmp(pos, "[2]", 3) == 0) {
+                       user->phase2 = 1;
+                       goto done;
+               }
+
+               if (*pos == '"') {
+                       pos++;
+                       start = pos;
+                       while (*pos != '"' && *pos != '\0')
+                               pos++;
+                       if (*pos == '\0') {
+                               wpa_printf(MSG_ERROR, "Invalid EAP password "
+                                          "(no \" in end) on line %d in '%s'",
+                                          line, fname);
+                               goto failed;
+                       }
+
+                       user->password = os_malloc(pos - start);
+                       if (user->password == NULL) {
+                               wpa_printf(MSG_ERROR, "Failed to allocate "
+                                          "memory for EAP password");
+                               goto failed;
+                       }
+                       os_memcpy(user->password, start, pos - start);
+                       user->password_len = pos - start;
+
+                       pos++;
+               } else if (os_strncmp(pos, "hash:", 5) == 0) {
+                       pos += 5;
+                       pos2 = pos;
+                       while (*pos2 != '\0' && *pos2 != ' ' &&
+                              *pos2 != '\t' && *pos2 != '#')
+                               pos2++;
+                       if (pos2 - pos != 32) {
+                               wpa_printf(MSG_ERROR, "Invalid password hash "
+                                          "on line %d in '%s'", line, fname);
+                               goto failed;
+                       }
+                       user->password = os_malloc(16);
+                       if (user->password == NULL) {
+                               wpa_printf(MSG_ERROR, "Failed to allocate "
+                                          "memory for EAP password hash");
+                               goto failed;
+                       }
+                       if (hexstr2bin(pos, user->password, 16) < 0) {
+                               wpa_printf(MSG_ERROR, "Invalid hash password "
+                                          "on line %d in '%s'", line, fname);
+                               goto failed;
+                       }
+                       user->password_len = 16;
+                       user->password_hash = 1;
+                       pos = pos2;
+               } else {
+                       pos2 = pos;
+                       while (*pos2 != '\0' && *pos2 != ' ' &&
+                              *pos2 != '\t' && *pos2 != '#')
+                               pos2++;
+                       if ((pos2 - pos) & 1) {
+                               wpa_printf(MSG_ERROR, "Invalid hex password "
+                                          "on line %d in '%s'", line, fname);
+                               goto failed;
+                       }
+                       user->password = os_malloc((pos2 - pos) / 2);
+                       if (user->password == NULL) {
+                               wpa_printf(MSG_ERROR, "Failed to allocate "
+                                          "memory for EAP password");
+                               goto failed;
+                       }
+                       if (hexstr2bin(pos, user->password,
+                                      (pos2 - pos) / 2) < 0) {
+                               wpa_printf(MSG_ERROR, "Invalid hex password "
+                                          "on line %d in '%s'", line, fname);
+                               goto failed;
+                       }
+                       user->password_len = (pos2 - pos) / 2;
+                       pos = pos2;
+               }
+
+               while (*pos == ' ' || *pos == '\t')
+                       pos++;
+               if (os_strncmp(pos, "[2]", 3) == 0) {
+                       user->phase2 = 1;
+               }
+
+       done:
+               if (tail == NULL) {
+                       tail = conf->eap_user = user;
+               } else {
+                       tail->next = user;
+                       tail = user;
+               }
+               continue;
+
+       failed:
+               if (user) {
+                       os_free(user->password);
+                       os_free(user->identity);
+                       os_free(user);
+               }
+               ret = -1;
+               break;
+       }
+
+       fclose(f);
+
+       return ret;
+}
+#endif /* EAP_SERVER */
+
+
+#ifndef CONFIG_NO_RADIUS
+static int
+hostapd_config_read_radius_addr(struct hostapd_radius_server **server,
+                               int *num_server, const char *val, int def_port,
+                               struct hostapd_radius_server **curr_serv)
+{
+       struct hostapd_radius_server *nserv;
+       int ret;
+       static int server_index = 1;
+
+       nserv = os_realloc_array(*server, *num_server + 1, sizeof(*nserv));
+       if (nserv == NULL)
+               return -1;
+
+       *server = nserv;
+       nserv = &nserv[*num_server];
+       (*num_server)++;
+       (*curr_serv) = nserv;
+
+       os_memset(nserv, 0, sizeof(*nserv));
+       nserv->port = def_port;
+       ret = hostapd_parse_ip_addr(val, &nserv->addr);
+       nserv->index = server_index++;
+
+       return ret;
+}
+
+
+static struct hostapd_radius_attr *
+hostapd_parse_radius_attr(const char *value)
+{
+       const char *pos;
+       char syntax;
+       struct hostapd_radius_attr *attr;
+       size_t len;
+
+       attr = os_zalloc(sizeof(*attr));
+       if (attr == NULL)
+               return NULL;
+
+       attr->type = atoi(value);
+
+       pos = os_strchr(value, ':');
+       if (pos == NULL) {
+               attr->val = wpabuf_alloc(1);
+               if (attr->val == NULL) {
+                       os_free(attr);
+                       return NULL;
+               }
+               wpabuf_put_u8(attr->val, 0);
+               return attr;
+       }
+
+       pos++;
+       if (pos[0] == '\0' || pos[1] != ':') {
+               os_free(attr);
+               return NULL;
+       }
+       syntax = *pos++;
+       pos++;
+
+       switch (syntax) {
+       case 's':
+               attr->val = wpabuf_alloc_copy(pos, os_strlen(pos));
+               break;
+       case 'x':
+               len = os_strlen(pos);
+               if (len & 1)
+                       break;
+               len /= 2;
+               attr->val = wpabuf_alloc(len);
+               if (attr->val == NULL)
+                       break;
+               if (hexstr2bin(pos, wpabuf_put(attr->val, len), len) < 0) {
+                       wpabuf_free(attr->val);
+                       os_free(attr);
+                       return NULL;
+               }
+               break;
+       case 'd':
+               attr->val = wpabuf_alloc(4);
+               if (attr->val)
+                       wpabuf_put_be32(attr->val, atoi(pos));
+               break;
+       default:
+               os_free(attr);
+               return NULL;
+       }
+
+       if (attr->val == NULL) {
+               os_free(attr);
+               return NULL;
+       }
+
+       return attr;
+}
+
+
+static int hostapd_parse_das_client(struct hostapd_bss_config *bss,
+                                   const char *val)
+{
+       char *secret;
+
+       secret = os_strchr(val, ' ');
+       if (secret == NULL)
+               return -1;
+
+       secret++;
+
+       if (hostapd_parse_ip_addr(val, &bss->radius_das_client_addr))
+               return -1;
+
+       os_free(bss->radius_das_shared_secret);
+       bss->radius_das_shared_secret = (u8 *) os_strdup(secret);
+       if (bss->radius_das_shared_secret == NULL)
+               return -1;
+       bss->radius_das_shared_secret_len = os_strlen(secret);
+
+       return 0;
+}
+#endif /* CONFIG_NO_RADIUS */
+
+
+static int hostapd_config_parse_key_mgmt(int line, const char *value)
+{
+       int val = 0, last;
+       char *start, *end, *buf;
+
+       buf = os_strdup(value);
+       if (buf == NULL)
+               return -1;
+       start = buf;
+
+       while (*start != '\0') {
+               while (*start == ' ' || *start == '\t')
+                       start++;
+               if (*start == '\0')
+                       break;
+               end = start;
+               while (*end != ' ' && *end != '\t' && *end != '\0')
+                       end++;
+               last = *end == '\0';
+               *end = '\0';
+               if (os_strcmp(start, "WPA-PSK") == 0)
+                       val |= WPA_KEY_MGMT_PSK;
+               else if (os_strcmp(start, "WPA-EAP") == 0)
+                       val |= WPA_KEY_MGMT_IEEE8021X;
+#ifdef CONFIG_IEEE80211R
+               else if (os_strcmp(start, "FT-PSK") == 0)
+                       val |= WPA_KEY_MGMT_FT_PSK;
+               else if (os_strcmp(start, "FT-EAP") == 0)
+                       val |= WPA_KEY_MGMT_FT_IEEE8021X;
+#endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_IEEE80211W
+               else if (os_strcmp(start, "WPA-PSK-SHA256") == 0)
+                       val |= WPA_KEY_MGMT_PSK_SHA256;
+               else if (os_strcmp(start, "WPA-EAP-SHA256") == 0)
+                       val |= WPA_KEY_MGMT_IEEE8021X_SHA256;
+#endif /* CONFIG_IEEE80211W */
+#ifdef CONFIG_SAE
+               else if (os_strcmp(start, "SAE") == 0)
+                       val |= WPA_KEY_MGMT_SAE;
+               else if (os_strcmp(start, "FT-SAE") == 0)
+                       val |= WPA_KEY_MGMT_FT_SAE;
+#endif /* CONFIG_SAE */
+               else {
+                       wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'",
+                                  line, start);
+                       os_free(buf);
+                       return -1;
+               }
+
+               if (last)
+                       break;
+               start = end + 1;
+       }
+
+       os_free(buf);
+       if (val == 0) {
+               wpa_printf(MSG_ERROR, "Line %d: no key_mgmt values "
+                          "configured.", line);
+               return -1;
+       }
+
+       return val;
+}
+
+
+static int hostapd_config_parse_cipher(int line, const char *value)
+{
+       int val = wpa_parse_cipher(value);
+       if (val < 0) {
+               wpa_printf(MSG_ERROR, "Line %d: invalid cipher '%s'.",
+                          line, value);
+               return -1;
+       }
+       if (val == 0) {
+               wpa_printf(MSG_ERROR, "Line %d: no cipher values configured.",
+                          line);
+               return -1;
+       }
+       return val;
+}
+
+
+static int hostapd_config_read_wep(struct hostapd_wep_keys *wep, int keyidx,
+                                  char *val)
+{
+       size_t len = os_strlen(val);
+
+       if (keyidx < 0 || keyidx > 3 || wep->key[keyidx] != NULL)
+               return -1;
+
+       if (val[0] == '"') {
+               if (len < 2 || val[len - 1] != '"')
+                       return -1;
+               len -= 2;
+               wep->key[keyidx] = os_malloc(len);
+               if (wep->key[keyidx] == NULL)
+                       return -1;
+               os_memcpy(wep->key[keyidx], val + 1, len);
+               wep->len[keyidx] = len;
+       } else {
+               if (len & 1)
+                       return -1;
+               len /= 2;
+               wep->key[keyidx] = os_malloc(len);
+               if (wep->key[keyidx] == NULL)
+                       return -1;
+               wep->len[keyidx] = len;
+               if (hexstr2bin(val, wep->key[keyidx], len) < 0)
+                       return -1;
+       }
+
+       wep->keys_set++;
+
+       return 0;
+}
+
+
+static int hostapd_parse_intlist(int **int_list, char *val)
+{
+       int *list;
+       int count;
+       char *pos, *end;
+
+       os_free(*int_list);
+       *int_list = NULL;
+
+       pos = val;
+       count = 0;
+       while (*pos != '\0') {
+               if (*pos == ' ')
+                       count++;
+               pos++;
+       }
+
+       list = os_malloc(sizeof(int) * (count + 2));
+       if (list == NULL)
+               return -1;
+       pos = val;
+       count = 0;
+       while (*pos != '\0') {
+               end = os_strchr(pos, ' ');
+               if (end)
+                       *end = '\0';
+
+               list[count++] = atoi(pos);
+               if (!end)
+                       break;
+               pos = end + 1;
+       }
+       list[count] = -1;
+
+       *int_list = list;
+       return 0;
+}
+
+
+static int hostapd_config_bss(struct hostapd_config *conf, const char *ifname)
+{
+       struct hostapd_bss_config **all, *bss;
+
+       if (*ifname == '\0')
+               return -1;
+
+       all = os_realloc_array(conf->bss, conf->num_bss + 1,
+                              sizeof(struct hostapd_bss_config *));
+       if (all == NULL) {
+               wpa_printf(MSG_ERROR, "Failed to allocate memory for "
+                          "multi-BSS entry");
+               return -1;
+       }
+       conf->bss = all;
+
+       bss = os_zalloc(sizeof(*bss));
+       if (bss == NULL)
+               return -1;
+       bss->radius = os_zalloc(sizeof(*bss->radius));
+       if (bss->radius == NULL) {
+               wpa_printf(MSG_ERROR, "Failed to allocate memory for "
+                          "multi-BSS RADIUS data");
+               os_free(bss);
+               return -1;
+       }
+
+       conf->bss[conf->num_bss++] = bss;
+       conf->last_bss = bss;
+
+       hostapd_config_defaults_bss(bss);
+       os_strlcpy(bss->iface, ifname, sizeof(bss->iface));
+       os_memcpy(bss->ssid.vlan, bss->iface, IFNAMSIZ + 1);
+
+       return 0;
+}
+
+
+/* convert floats with one decimal place to value*10 int, i.e.,
+ * "1.5" will return 15 */
+static int hostapd_config_read_int10(const char *value)
+{
+       int i, d;
+       char *pos;
+
+       i = atoi(value);
+       pos = os_strchr(value, '.');
+       d = 0;
+       if (pos) {
+               pos++;
+               if (*pos >= '0' && *pos <= '9')
+                       d = *pos - '0';
+       }
+
+       return i * 10 + d;
+}
+
+
+static int valid_cw(int cw)
+{
+       return (cw == 1 || cw == 3 || cw == 7 || cw == 15 || cw == 31 ||
+               cw == 63 || cw == 127 || cw == 255 || cw == 511 || cw == 1023);
+}
+
+
+enum {
+       IEEE80211_TX_QUEUE_DATA0 = 0, /* used for EDCA AC_VO data */
+       IEEE80211_TX_QUEUE_DATA1 = 1, /* used for EDCA AC_VI data */
+       IEEE80211_TX_QUEUE_DATA2 = 2, /* used for EDCA AC_BE data */
+       IEEE80211_TX_QUEUE_DATA3 = 3 /* used for EDCA AC_BK data */
+};
+
+static int hostapd_config_tx_queue(struct hostapd_config *conf, char *name,
+                                  char *val)
+{
+       int num;
+       char *pos;
+       struct hostapd_tx_queue_params *queue;
+
+       /* skip 'tx_queue_' prefix */
+       pos = name + 9;
+       if (os_strncmp(pos, "data", 4) == 0 &&
+           pos[4] >= '0' && pos[4] <= '9' && pos[5] == '_') {
+               num = pos[4] - '0';
+               pos += 6;
+       } else if (os_strncmp(pos, "after_beacon_", 13) == 0 ||
+                  os_strncmp(pos, "beacon_", 7) == 0) {
+               wpa_printf(MSG_INFO, "DEPRECATED: '%s' not used", name);
+               return 0;
+       } else {
+               wpa_printf(MSG_ERROR, "Unknown tx_queue name '%s'", pos);
+               return -1;
+       }
+
+       if (num >= NUM_TX_QUEUES) {
+               /* for backwards compatibility, do not trigger failure */
+               wpa_printf(MSG_INFO, "DEPRECATED: '%s' not used", name);
+               return 0;
+       }
+
+       queue = &conf->tx_queue[num];
+
+       if (os_strcmp(pos, "aifs") == 0) {
+               queue->aifs = atoi(val);
+               if (queue->aifs < 0 || queue->aifs > 255) {
+                       wpa_printf(MSG_ERROR, "Invalid AIFS value %d",
+                                  queue->aifs);
+                       return -1;
+               }
+       } else if (os_strcmp(pos, "cwmin") == 0) {
+               queue->cwmin = atoi(val);
+               if (!valid_cw(queue->cwmin)) {
+                       wpa_printf(MSG_ERROR, "Invalid cwMin value %d",
+                                  queue->cwmin);
+                       return -1;
+               }
+       } else if (os_strcmp(pos, "cwmax") == 0) {
+               queue->cwmax = atoi(val);
+               if (!valid_cw(queue->cwmax)) {
+                       wpa_printf(MSG_ERROR, "Invalid cwMax value %d",
+                                  queue->cwmax);
+                       return -1;
+               }
+       } else if (os_strcmp(pos, "burst") == 0) {
+               queue->burst = hostapd_config_read_int10(val);
+       } else {
+               wpa_printf(MSG_ERROR, "Unknown tx_queue field '%s'", pos);
+               return -1;
+       }
+
+       return 0;
+}
+
+
+#ifdef CONFIG_IEEE80211R
+static int add_r0kh(struct hostapd_bss_config *bss, char *value)
+{
+       struct ft_remote_r0kh *r0kh;
+       char *pos, *next;
+
+       r0kh = os_zalloc(sizeof(*r0kh));
+       if (r0kh == NULL)
+               return -1;
+
+       /* 02:01:02:03:04:05 a.example.com 000102030405060708090a0b0c0d0e0f */
+       pos = value;
+       next = os_strchr(pos, ' ');
+       if (next)
+               *next++ = '\0';
+       if (next == NULL || hwaddr_aton(pos, r0kh->addr)) {
+               wpa_printf(MSG_ERROR, "Invalid R0KH MAC address: '%s'", pos);
+               os_free(r0kh);
+               return -1;
+       }
+
+       pos = next;
+       next = os_strchr(pos, ' ');
+       if (next)
+               *next++ = '\0';
+       if (next == NULL || next - pos > FT_R0KH_ID_MAX_LEN) {
+               wpa_printf(MSG_ERROR, "Invalid R0KH-ID: '%s'", pos);
+               os_free(r0kh);
+               return -1;
+       }
+       r0kh->id_len = next - pos - 1;
+       os_memcpy(r0kh->id, pos, r0kh->id_len);
+
+       pos = next;
+       if (hexstr2bin(pos, r0kh->key, sizeof(r0kh->key))) {
+               wpa_printf(MSG_ERROR, "Invalid R0KH key: '%s'", pos);
+               os_free(r0kh);
+               return -1;
+       }
+
+       r0kh->next = bss->r0kh_list;
+       bss->r0kh_list = r0kh;
+
+       return 0;
+}
+
+
+static int add_r1kh(struct hostapd_bss_config *bss, char *value)
+{
+       struct ft_remote_r1kh *r1kh;
+       char *pos, *next;
+
+       r1kh = os_zalloc(sizeof(*r1kh));
+       if (r1kh == NULL)
+               return -1;
+
+       /* 02:01:02:03:04:05 02:01:02:03:04:05
+        * 000102030405060708090a0b0c0d0e0f */
+       pos = value;
+       next = os_strchr(pos, ' ');
+       if (next)
+               *next++ = '\0';
+       if (next == NULL || hwaddr_aton(pos, r1kh->addr)) {
+               wpa_printf(MSG_ERROR, "Invalid R1KH MAC address: '%s'", pos);
+               os_free(r1kh);
+               return -1;
+       }
+
+       pos = next;
+       next = os_strchr(pos, ' ');
+       if (next)
+               *next++ = '\0';
+       if (next == NULL || hwaddr_aton(pos, r1kh->id)) {
+               wpa_printf(MSG_ERROR, "Invalid R1KH-ID: '%s'", pos);
+               os_free(r1kh);
+               return -1;
+       }
+
+       pos = next;
+       if (hexstr2bin(pos, r1kh->key, sizeof(r1kh->key))) {
+               wpa_printf(MSG_ERROR, "Invalid R1KH key: '%s'", pos);
+               os_free(r1kh);
+               return -1;
+       }
+
+       r1kh->next = bss->r1kh_list;
+       bss->r1kh_list = r1kh;
+
+       return 0;
+}
+#endif /* CONFIG_IEEE80211R */
+
+
+#ifdef CONFIG_IEEE80211N
+static int hostapd_config_ht_capab(struct hostapd_config *conf,
+                                  const char *capab)
+{
+       if (os_strstr(capab, "[LDPC]"))
+               conf->ht_capab |= HT_CAP_INFO_LDPC_CODING_CAP;
+       if (os_strstr(capab, "[HT40-]")) {
+               conf->ht_capab |= HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET;
+               conf->secondary_channel = -1;
+       }
+       if (os_strstr(capab, "[HT40+]")) {
+               conf->ht_capab |= HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET;
+               conf->secondary_channel = 1;
+       }
+       if (os_strstr(capab, "[SMPS-STATIC]")) {
+               conf->ht_capab &= ~HT_CAP_INFO_SMPS_MASK;
+               conf->ht_capab |= HT_CAP_INFO_SMPS_STATIC;
+       }
+       if (os_strstr(capab, "[SMPS-DYNAMIC]")) {
+               conf->ht_capab &= ~HT_CAP_INFO_SMPS_MASK;
+               conf->ht_capab |= HT_CAP_INFO_SMPS_DYNAMIC;
+       }
+       if (os_strstr(capab, "[GF]"))
+               conf->ht_capab |= HT_CAP_INFO_GREEN_FIELD;
+       if (os_strstr(capab, "[SHORT-GI-20]"))
+               conf->ht_capab |= HT_CAP_INFO_SHORT_GI20MHZ;
+       if (os_strstr(capab, "[SHORT-GI-40]"))
+               conf->ht_capab |= HT_CAP_INFO_SHORT_GI40MHZ;
+       if (os_strstr(capab, "[TX-STBC]"))
+               conf->ht_capab |= HT_CAP_INFO_TX_STBC;
+       if (os_strstr(capab, "[RX-STBC1]")) {
+               conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
+               conf->ht_capab |= HT_CAP_INFO_RX_STBC_1;
+       }
+       if (os_strstr(capab, "[RX-STBC12]")) {
+               conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
+               conf->ht_capab |= HT_CAP_INFO_RX_STBC_12;
+       }
+       if (os_strstr(capab, "[RX-STBC123]")) {
+               conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK;
+               conf->ht_capab |= HT_CAP_INFO_RX_STBC_123;
+       }
+       if (os_strstr(capab, "[DELAYED-BA]"))
+               conf->ht_capab |= HT_CAP_INFO_DELAYED_BA;
+       if (os_strstr(capab, "[MAX-AMSDU-7935]"))
+               conf->ht_capab |= HT_CAP_INFO_MAX_AMSDU_SIZE;
+       if (os_strstr(capab, "[DSSS_CCK-40]"))
+               conf->ht_capab |= HT_CAP_INFO_DSSS_CCK40MHZ;
+       if (os_strstr(capab, "[PSMP]"))
+               conf->ht_capab |= HT_CAP_INFO_PSMP_SUPP;
+       if (os_strstr(capab, "[LSIG-TXOP-PROT]"))
+               conf->ht_capab |= HT_CAP_INFO_LSIG_TXOP_PROTECT_SUPPORT;
+
+       return 0;
+}
+#endif /* CONFIG_IEEE80211N */
+
+
+#ifdef CONFIG_IEEE80211AC
+static int hostapd_config_vht_capab(struct hostapd_config *conf,
+                                   const char *capab)
+{
+       if (os_strstr(capab, "[MAX-MPDU-7991]"))
+               conf->vht_capab |= VHT_CAP_MAX_MPDU_LENGTH_7991;
+       if (os_strstr(capab, "[MAX-MPDU-11454]"))
+               conf->vht_capab |= VHT_CAP_MAX_MPDU_LENGTH_11454;
+       if (os_strstr(capab, "[VHT160]"))
+               conf->vht_capab |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
+       if (os_strstr(capab, "[VHT160-80PLUS80]"))
+               conf->vht_capab |= VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
+       if (os_strstr(capab, "[VHT160-80PLUS80]"))
+               conf->vht_capab |= VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
+       if (os_strstr(capab, "[RXLDPC]"))
+               conf->vht_capab |= VHT_CAP_RXLDPC;
+       if (os_strstr(capab, "[SHORT-GI-80]"))
+               conf->vht_capab |= VHT_CAP_SHORT_GI_80;
+       if (os_strstr(capab, "[SHORT-GI-160]"))
+               conf->vht_capab |= VHT_CAP_SHORT_GI_160;
+       if (os_strstr(capab, "[TX-STBC-2BY1]"))
+               conf->vht_capab |= VHT_CAP_TXSTBC;
+       if (os_strstr(capab, "[RX-STBC-1]"))
+               conf->vht_capab |= VHT_CAP_RXSTBC_1;
+       if (os_strstr(capab, "[RX-STBC-12]"))
+               conf->vht_capab |= VHT_CAP_RXSTBC_2;
+       if (os_strstr(capab, "[RX-STBC-123]"))
+               conf->vht_capab |= VHT_CAP_RXSTBC_3;
+       if (os_strstr(capab, "[RX-STBC-1234]"))
+               conf->vht_capab |= VHT_CAP_RXSTBC_4;
+       if (os_strstr(capab, "[SU-BEAMFORMER]"))
+               conf->vht_capab |= VHT_CAP_SU_BEAMFORMER_CAPABLE;
+       if (os_strstr(capab, "[SU-BEAMFORMEE]"))
+               conf->vht_capab |= VHT_CAP_SU_BEAMFORMEE_CAPABLE;
+       if (os_strstr(capab, "[BF-ANTENNA-2]") &&
+           (conf->vht_capab & VHT_CAP_SU_BEAMFORMEE_CAPABLE))
+               conf->vht_capab |= (1 << VHT_CAP_BEAMFORMEE_STS_OFFSET);
+       if (os_strstr(capab, "[SOUNDING-DIMENSION-2]") &&
+           (conf->vht_capab & VHT_CAP_SU_BEAMFORMER_CAPABLE))
+               conf->vht_capab |= (1 << VHT_CAP_SOUNDING_DIMENSION_OFFSET);
+       if (os_strstr(capab, "[MU-BEAMFORMER]"))
+               conf->vht_capab |= VHT_CAP_MU_BEAMFORMER_CAPABLE;
+       if (os_strstr(capab, "[MU-BEAMFORMEE]"))
+               conf->vht_capab |= VHT_CAP_MU_BEAMFORMEE_CAPABLE;
+       if (os_strstr(capab, "[VHT-TXOP-PS]"))
+               conf->vht_capab |= VHT_CAP_VHT_TXOP_PS;
+       if (os_strstr(capab, "[HTC-VHT]"))
+               conf->vht_capab |= VHT_CAP_HTC_VHT;
+       if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP0]"))
+               conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT;
+       if (os_strstr(capab, "[VHT-LINK-ADAPT2]") &&
+           (conf->vht_capab & VHT_CAP_HTC_VHT))
+               conf->vht_capab |= VHT_CAP_VHT_LINK_ADAPTATION_VHT_UNSOL_MFB;
+       if (os_strstr(capab, "[VHT-LINK-ADAPT3]") &&
+           (conf->vht_capab & VHT_CAP_HTC_VHT))
+               conf->vht_capab |= VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB;
+       if (os_strstr(capab, "[RX-ANTENNA-PATTERN]"))
+               conf->vht_capab |= VHT_CAP_RX_ANTENNA_PATTERN;
+       if (os_strstr(capab, "[TX-ANTENNA-PATTERN]"))
+               conf->vht_capab |= VHT_CAP_TX_ANTENNA_PATTERN;
+       return 0;
+}
+#endif /* CONFIG_IEEE80211AC */
+
+
+#ifdef CONFIG_INTERWORKING
+static int parse_roaming_consortium(struct hostapd_bss_config *bss, char *pos,
+                                   int line)
+{
+       size_t len = os_strlen(pos);
+       u8 oi[MAX_ROAMING_CONSORTIUM_LEN];
+
+       struct hostapd_roaming_consortium *rc;
+
+       if ((len & 1) || len < 2 * 3 || len / 2 > MAX_ROAMING_CONSORTIUM_LEN ||
+           hexstr2bin(pos, oi, len / 2)) {
+               wpa_printf(MSG_ERROR, "Line %d: invalid roaming_consortium "
+                          "'%s'", line, pos);
+               return -1;
+       }
+       len /= 2;
+
+       rc = os_realloc_array(bss->roaming_consortium,
+                             bss->roaming_consortium_count + 1,
+                             sizeof(struct hostapd_roaming_consortium));
+       if (rc == NULL)
+               return -1;
+
+       os_memcpy(rc[bss->roaming_consortium_count].oi, oi, len);
+       rc[bss->roaming_consortium_count].len = len;
+
+       bss->roaming_consortium = rc;
+       bss->roaming_consortium_count++;
+
+       return 0;
+}
+
+
+static int parse_lang_string(struct hostapd_lang_string **array,
+                            unsigned int *count, char *pos)
+{
+       char *sep, *str = NULL;
+       size_t clen, nlen, slen;
+       struct hostapd_lang_string *ls;
+       int ret = -1;
+
+       if (*pos == '"' || (*pos == 'P' && pos[1] == '"')) {
+               str = wpa_config_parse_string(pos, &slen);
+               if (!str)
+                       return -1;
+               pos = str;
+       }
+
+       sep = os_strchr(pos, ':');
+       if (sep == NULL)
+               goto fail;
+       *sep++ = '\0';
+
+       clen = os_strlen(pos);
+       if (clen < 2 || clen > sizeof(ls->lang))
+               goto fail;
+       nlen = os_strlen(sep);
+       if (nlen > 252)
+               goto fail;
+
+       ls = os_realloc_array(*array, *count + 1,
+                             sizeof(struct hostapd_lang_string));
+       if (ls == NULL)
+               goto fail;
+
+       *array = ls;
+       ls = &(*array)[*count];
+       (*count)++;
+
+       os_memset(ls->lang, 0, sizeof(ls->lang));
+       os_memcpy(ls->lang, pos, clen);
+       ls->name_len = nlen;
+       os_memcpy(ls->name, sep, nlen);
+
+       ret = 0;
+fail:
+       os_free(str);
+       return ret;
+}
+
+
+static int parse_venue_name(struct hostapd_bss_config *bss, char *pos,
+                           int line)
+{
+       if (parse_lang_string(&bss->venue_name, &bss->venue_name_count, pos)) {
+               wpa_printf(MSG_ERROR, "Line %d: Invalid venue_name '%s'",
+                          line, pos);
+               return -1;
+       }
+       return 0;
+}
+
+
+static int parse_3gpp_cell_net(struct hostapd_bss_config *bss, char *buf,
+                              int line)
+{
+       size_t count;
+       char *pos;
+       u8 *info = NULL, *ipos;
+
+       /* format: <MCC1,MNC1>[;<MCC2,MNC2>][;...] */
+
+       count = 1;
+       for (pos = buf; *pos; pos++) {
+               if ((*pos < '0' && *pos > '9') && *pos != ';' && *pos != ',')
+                       goto fail;
+               if (*pos == ';')
+                       count++;
+       }
+       if (1 + count * 3 > 0x7f)
+               goto fail;
+
+       info = os_zalloc(2 + 3 + count * 3);
+       if (info == NULL)
+               return -1;
+
+       ipos = info;
+       *ipos++ = 0; /* GUD - Version 1 */
+       *ipos++ = 3 + count * 3; /* User Data Header Length (UDHL) */
+       *ipos++ = 0; /* PLMN List IEI */
+       /* ext(b8) | Length of PLMN List value contents(b7..1) */
+       *ipos++ = 1 + count * 3;
+       *ipos++ = count; /* Number of PLMNs */
+
+       pos = buf;
+       while (pos && *pos) {
+               char *mcc, *mnc;
+               size_t mnc_len;
+
+               mcc = pos;
+               mnc = os_strchr(pos, ',');
+               if (mnc == NULL)
+                       goto fail;
+               *mnc++ = '\0';
+               pos = os_strchr(mnc, ';');
+               if (pos)
+                       *pos++ = '\0';
+
+               mnc_len = os_strlen(mnc);
+               if (os_strlen(mcc) != 3 || (mnc_len != 2 && mnc_len != 3))
+                       goto fail;
+
+               /* BC coded MCC,MNC */
+               /* MCC digit 2 | MCC digit 1 */
+               *ipos++ = ((mcc[1] - '0') << 4) | (mcc[0] - '0');
+               /* MNC digit 3 | MCC digit 3 */
+               *ipos++ = (((mnc_len == 2) ? 0xf0 : ((mnc[2] - '0') << 4))) |
+                       (mcc[2] - '0');
+               /* MNC digit 2 | MNC digit 1 */
+               *ipos++ = ((mnc[1] - '0') << 4) | (mnc[0] - '0');
+       }
+
+       os_free(bss->anqp_3gpp_cell_net);
+       bss->anqp_3gpp_cell_net = info;
+       bss->anqp_3gpp_cell_net_len = 2 + 3 + 3 * count;
+       wpa_hexdump(MSG_MSGDUMP, "3GPP Cellular Network information",
+                   bss->anqp_3gpp_cell_net, bss->anqp_3gpp_cell_net_len);
+
+       return 0;
+
+fail:
+       wpa_printf(MSG_ERROR, "Line %d: Invalid anqp_3gpp_cell_net: %s",
+                  line, buf);
+       os_free(info);
+       return -1;
+}
+
+
+static int parse_nai_realm(struct hostapd_bss_config *bss, char *buf, int line)
+{
+       struct hostapd_nai_realm_data *realm;
+       size_t i, j, len;
+       int *offsets;
+       char *pos, *end, *rpos;
+
+       offsets = os_calloc(bss->nai_realm_count * MAX_NAI_REALMS,
+                           sizeof(int));
+       if (offsets == NULL)
+               return -1;
+
+       for (i = 0; i < bss->nai_realm_count; i++) {
+               realm = &bss->nai_realm_data[i];
+               for (j = 0; j < MAX_NAI_REALMS; j++) {
+                       offsets[i * MAX_NAI_REALMS + j] =
+                               realm->realm[j] ?
+                               realm->realm[j] - realm->realm_buf : -1;
+               }
+       }
+
+       realm = os_realloc_array(bss->nai_realm_data, bss->nai_realm_count + 1,
+                                sizeof(struct hostapd_nai_realm_data));
+       if (realm == NULL) {
+               os_free(offsets);
+               return -1;
+       }
+       bss->nai_realm_data = realm;
+
+       /* patch the pointers after realloc */
+       for (i = 0; i < bss->nai_realm_count; i++) {
+               realm = &bss->nai_realm_data[i];
+               for (j = 0; j < MAX_NAI_REALMS; j++) {
+                       int offs = offsets[i * MAX_NAI_REALMS + j];
+                       if (offs >= 0)
+                               realm->realm[j] = realm->realm_buf + offs;
+                       else
+                               realm->realm[j] = NULL;
+               }
+       }
+       os_free(offsets);
+
+       realm = &bss->nai_realm_data[bss->nai_realm_count];
+       os_memset(realm, 0, sizeof(*realm));
+
+       pos = buf;
+       realm->encoding = atoi(pos);
+       pos = os_strchr(pos, ',');
+       if (pos == NULL)
+               goto fail;
+       pos++;
+
+       end = os_strchr(pos, ',');
+       if (end) {
+               len = end - pos;
+               *end = '\0';
+       } else {
+               len = os_strlen(pos);
+       }
+
+       if (len > MAX_NAI_REALMLEN) {
+               wpa_printf(MSG_ERROR, "Too long a realm string (%d > max %d "
+                          "characters)", (int) len, MAX_NAI_REALMLEN);
+               goto fail;
+       }
+       os_memcpy(realm->realm_buf, pos, len);
+
+       if (end)
+               pos = end + 1;
+       else
+               pos = NULL;
+
+       while (pos && *pos) {
+               struct hostapd_nai_realm_eap *eap;
+
+               if (realm->eap_method_count >= MAX_NAI_EAP_METHODS) {
+                       wpa_printf(MSG_ERROR, "Too many EAP methods");
+                       goto fail;
+               }
+
+               eap = &realm->eap_method[realm->eap_method_count];
+               realm->eap_method_count++;
+
+               end = os_strchr(pos, ',');
+               if (end == NULL)
+                       end = pos + os_strlen(pos);
+
+               eap->eap_method = atoi(pos);
+               for (;;) {
+                       pos = os_strchr(pos, '[');
+                       if (pos == NULL || pos > end)
+                               break;
+                       pos++;
+                       if (eap->num_auths >= MAX_NAI_AUTH_TYPES) {
+                               wpa_printf(MSG_ERROR, "Too many auth params");
+                               goto fail;
+                       }
+                       eap->auth_id[eap->num_auths] = atoi(pos);
+                       pos = os_strchr(pos, ':');
+                       if (pos == NULL || pos > end)
+                               goto fail;
+                       pos++;
+                       eap->auth_val[eap->num_auths] = atoi(pos);
+                       pos = os_strchr(pos, ']');
+                       if (pos == NULL || pos > end)
+                               goto fail;
+                       pos++;
+                       eap->num_auths++;
+               }
+
+               if (*end != ',')
+                       break;
+
+               pos = end + 1;
+       }
+
+       /* Split realm list into null terminated realms */
+       rpos = realm->realm_buf;
+       i = 0;
+       while (*rpos) {
+               if (i >= MAX_NAI_REALMS) {
+                       wpa_printf(MSG_ERROR, "Too many realms");
+                       goto fail;
+               }
+               realm->realm[i++] = rpos;
+               rpos = os_strchr(rpos, ';');
+               if (rpos == NULL)
+                       break;
+               *rpos++ = '\0';
+       }
+
+       bss->nai_realm_count++;
+
+       return 0;
+
+fail:
+       wpa_printf(MSG_ERROR, "Line %d: invalid nai_realm '%s'", line, buf);
+       return -1;
+}
+
+
+static int parse_qos_map_set(struct hostapd_bss_config *bss,
+                            char *buf, int line)
+{
+       u8 qos_map_set[16 + 2 * 21], count = 0;
+       char *pos = buf;
+       int val;
+
+       for (;;) {
+               if (count == sizeof(qos_map_set)) {
+                       wpa_printf(MSG_ERROR, "Line %d: Too many qos_map_set "
+                                  "parameters '%s'", line, buf);
+                       return -1;
+               }
+
+               val = atoi(pos);
+               if (val > 255 || val < 0) {
+                       wpa_printf(MSG_ERROR, "Line %d: Invalid qos_map_set "
+                                  "'%s'", line, buf);
+                       return -1;
+               }
+
+               qos_map_set[count++] = val;
+               pos = os_strchr(pos, ',');
+               if (!pos)
+                       break;
+               pos++;
+       }
+
+       if (count < 16 || count & 1) {
+               wpa_printf(MSG_ERROR, "Line %d: Invalid qos_map_set '%s'",
+                          line, buf);
+               return -1;
+       }
+
+       os_memcpy(bss->qos_map_set, qos_map_set, count);
+       bss->qos_map_set_len = count;
+
+       return 0;
+}
+
+#endif /* CONFIG_INTERWORKING */
+
+
+#ifdef CONFIG_HS20
+static int hs20_parse_conn_capab(struct hostapd_bss_config *bss, char *buf,
+                                int line)
+{
+       u8 *conn_cap;
+       char *pos;
+
+       if (bss->hs20_connection_capability_len >= 0xfff0)
+               return -1;
+
+       conn_cap = os_realloc(bss->hs20_connection_capability,
+                             bss->hs20_connection_capability_len + 4);
+       if (conn_cap == NULL)
+               return -1;
+
+       bss->hs20_connection_capability = conn_cap;
+       conn_cap += bss->hs20_connection_capability_len;
+       pos = buf;
+       conn_cap[0] = atoi(pos);
+       pos = os_strchr(pos, ':');
+       if (pos == NULL)
+               return -1;
+       pos++;
+       WPA_PUT_LE16(conn_cap + 1, atoi(pos));
+       pos = os_strchr(pos, ':');
+       if (pos == NULL)
+               return -1;
+       pos++;
+       conn_cap[3] = atoi(pos);
+       bss->hs20_connection_capability_len += 4;
+
+       return 0;
+}
+
+
+static int hs20_parse_wan_metrics(struct hostapd_bss_config *bss, char *buf,
+                                 int line)
+{
+       u8 *wan_metrics;
+       char *pos;
+
+       /* <WAN Info>:<DL Speed>:<UL Speed>:<DL Load>:<UL Load>:<LMD> */
+
+       wan_metrics = os_zalloc(13);
+       if (wan_metrics == NULL)
+               return -1;
+
+       pos = buf;
+       /* WAN Info */
+       if (hexstr2bin(pos, wan_metrics, 1) < 0)
+               goto fail;
+       pos += 2;
+       if (*pos != ':')
+               goto fail;
+       pos++;
+
+       /* Downlink Speed */
+       WPA_PUT_LE32(wan_metrics + 1, atoi(pos));
+       pos = os_strchr(pos, ':');
+       if (pos == NULL)
+               goto fail;
+       pos++;
+
+       /* Uplink Speed */
+       WPA_PUT_LE32(wan_metrics + 5, atoi(pos));
+       pos = os_strchr(pos, ':');
+       if (pos == NULL)
+               goto fail;
+       pos++;
+
+       /* Downlink Load */
+       wan_metrics[9] = atoi(pos);
+       pos = os_strchr(pos, ':');
+       if (pos == NULL)
+               goto fail;
+       pos++;
+
+       /* Uplink Load */
+       wan_metrics[10] = atoi(pos);
+       pos = os_strchr(pos, ':');
+       if (pos == NULL)
+               goto fail;
+       pos++;
+
+       /* LMD */
+       WPA_PUT_LE16(wan_metrics + 11, atoi(pos));
+
+       os_free(bss->hs20_wan_metrics);
+       bss->hs20_wan_metrics = wan_metrics;
+
+       return 0;
+
+fail:
+       wpa_printf(MSG_ERROR, "Line %d: Invalid hs20_wan_metrics '%s'",
+                  line, pos);
+       os_free(wan_metrics);
+       return -1;
+}
+
+
+static int hs20_parse_oper_friendly_name(struct hostapd_bss_config *bss,
+                                        char *pos, int line)
+{
+       if (parse_lang_string(&bss->hs20_oper_friendly_name,
+                             &bss->hs20_oper_friendly_name_count, pos)) {
+               wpa_printf(MSG_ERROR, "Line %d: Invalid "
+                          "hs20_oper_friendly_name '%s'", line, pos);
+               return -1;
+       }
+       return 0;
+}
+#endif /* CONFIG_HS20 */
+
+
+#ifdef CONFIG_WPS_NFC
+static struct wpabuf * hostapd_parse_bin(const char *buf)
+{
+       size_t len;
+       struct wpabuf *ret;
+
+       len = os_strlen(buf);
+       if (len & 0x01)
+               return NULL;
+       len /= 2;
+
+       ret = wpabuf_alloc(len);
+       if (ret == NULL)
+               return NULL;
+
+       if (hexstr2bin(buf, wpabuf_put(ret, len), len)) {
+               wpabuf_free(ret);
+               return NULL;
+       }
+
+       return ret;
+}
+#endif /* CONFIG_WPS_NFC */
+
+
+static int hostapd_config_fill(struct hostapd_config *conf,
+                              struct hostapd_bss_config *bss,
+                              char *buf, char *pos, int line)
+{
+       int errors = 0;
+
+       {
+               if (os_strcmp(buf, "interface") == 0) {
+                       os_strlcpy(conf->bss[0]->iface, pos,
+                                  sizeof(conf->bss[0]->iface));
+               } else if (os_strcmp(buf, "bridge") == 0) {
+                       os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
+               } else if (os_strcmp(buf, "vlan_bridge") == 0) {
+                       os_strlcpy(bss->vlan_bridge, pos,
+                                  sizeof(bss->vlan_bridge));
+               } else if (os_strcmp(buf, "wds_bridge") == 0) {
+                       os_strlcpy(bss->wds_bridge, pos,
+                                  sizeof(bss->wds_bridge));
+               } else if (os_strcmp(buf, "driver") == 0) {
+                       int j;
+                       /* clear to get error below if setting is invalid */
+                       conf->driver = NULL;
+                       for (j = 0; wpa_drivers[j]; j++) {
+                               if (os_strcmp(pos, wpa_drivers[j]->name) == 0)
+                               {
+                                       conf->driver = wpa_drivers[j];
+                                       break;
+                               }
+                       }
+                       if (conf->driver == NULL) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid/"
+                                          "unknown driver '%s'", line, pos);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "debug") == 0) {
+                       wpa_printf(MSG_DEBUG, "Line %d: DEPRECATED: 'debug' "
+                                  "configuration variable is not used "
+                                  "anymore", line);
+               } else if (os_strcmp(buf, "logger_syslog_level") == 0) {
+                       bss->logger_syslog_level = atoi(pos);
+               } else if (os_strcmp(buf, "logger_stdout_level") == 0) {
+                       bss->logger_stdout_level = atoi(pos);
+               } else if (os_strcmp(buf, "logger_syslog") == 0) {
+                       bss->logger_syslog = atoi(pos);
+               } else if (os_strcmp(buf, "logger_stdout") == 0) {
+                       bss->logger_stdout = atoi(pos);
+               } else if (os_strcmp(buf, "dump_file") == 0) {
+                       wpa_printf(MSG_INFO, "Line %d: DEPRECATED: 'dump_file' configuration variable is not used anymore",
+                                  line);
+               } else if (os_strcmp(buf, "ssid") == 0) {
+                       bss->ssid.ssid_len = os_strlen(pos);
+                       if (bss->ssid.ssid_len > HOSTAPD_MAX_SSID_LEN ||
+                           bss->ssid.ssid_len < 1) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid SSID "
+                                          "'%s'", line, pos);
+                               errors++;
+                       } else {
+                               os_memcpy(bss->ssid.ssid, pos,
+                                         bss->ssid.ssid_len);
+                               bss->ssid.ssid_set = 1;
+                       }
+               } else if (os_strcmp(buf, "ssid2") == 0) {
+                       size_t slen;
+                       char *str = wpa_config_parse_string(pos, &slen);
+                       if (str == NULL || slen < 1 ||
+                                  slen > HOSTAPD_MAX_SSID_LEN) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid SSID "
+                                          "'%s'", line, pos);
+                               errors++;
+                       } else {
+                               os_memcpy(bss->ssid.ssid, str, slen);
+                               bss->ssid.ssid_len = slen;
+                               bss->ssid.ssid_set = 1;
+                       }
+                       os_free(str);
+               } else if (os_strcmp(buf, "utf8_ssid") == 0) {
+                       bss->ssid.utf8_ssid = atoi(pos) > 0;
+               } else if (os_strcmp(buf, "macaddr_acl") == 0) {
+                       bss->macaddr_acl = atoi(pos);
+                       if (bss->macaddr_acl != ACCEPT_UNLESS_DENIED &&
+                           bss->macaddr_acl != DENY_UNLESS_ACCEPTED &&
+                           bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
+                               wpa_printf(MSG_ERROR, "Line %d: unknown "
+                                          "macaddr_acl %d",
+                                          line, bss->macaddr_acl);
+                       }
+               } else if (os_strcmp(buf, "accept_mac_file") == 0) {
+                       if (hostapd_config_read_maclist(pos, &bss->accept_mac,
+                                                       &bss->num_accept_mac))
+                       {
+                               wpa_printf(MSG_ERROR, "Line %d: Failed to "
+                                          "read accept_mac_file '%s'",
+                                          line, pos);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "deny_mac_file") == 0) {
+                       if (hostapd_config_read_maclist(pos, &bss->deny_mac,
+                                                       &bss->num_deny_mac)) {
+                               wpa_printf(MSG_ERROR, "Line %d: Failed to "
+                                          "read deny_mac_file '%s'",
+                                          line, pos);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "wds_sta") == 0) {
+                       bss->wds_sta = atoi(pos);
+               } else if (os_strcmp(buf, "start_disabled") == 0) {
+                       bss->start_disabled = atoi(pos);
+               } else if (os_strcmp(buf, "ap_isolate") == 0) {
+                       bss->isolate = atoi(pos);
+               } else if (os_strcmp(buf, "ap_max_inactivity") == 0) {
+                       bss->ap_max_inactivity = atoi(pos);
+               } else if (os_strcmp(buf, "skip_inactivity_poll") == 0) {
+                       bss->skip_inactivity_poll = atoi(pos);
+               } else if (os_strcmp(buf, "country_code") == 0) {
+                       os_memcpy(conf->country, pos, 2);
+                       /* FIX: make this configurable */
+                       conf->country[2] = ' ';
+               } else if (os_strcmp(buf, "ieee80211d") == 0) {
+                       conf->ieee80211d = atoi(pos);
+               } else if (os_strcmp(buf, "ieee80211h") == 0) {
+                       conf->ieee80211h = atoi(pos);
+               } else if (os_strcmp(buf, "ieee8021x") == 0) {
+                       bss->ieee802_1x = atoi(pos);
+               } else if (os_strcmp(buf, "eapol_version") == 0) {
+                       bss->eapol_version = atoi(pos);
+                       if (bss->eapol_version < 1 ||
+                           bss->eapol_version > 2) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid EAPOL "
+                                          "version (%d): '%s'.",
+                                          line, bss->eapol_version, pos);
+                               errors++;
+                       } else
+                               wpa_printf(MSG_DEBUG, "eapol_version=%d",
+                                          bss->eapol_version);
+#ifdef EAP_SERVER
+               } else if (os_strcmp(buf, "eap_authenticator") == 0) {
+                       bss->eap_server = atoi(pos);
+                       wpa_printf(MSG_ERROR, "Line %d: obsolete "
+                                  "eap_authenticator used; this has been "
+                                  "renamed to eap_server", line);
+               } else if (os_strcmp(buf, "eap_server") == 0) {
+                       bss->eap_server = atoi(pos);
+               } else if (os_strcmp(buf, "eap_user_file") == 0) {
+                       if (hostapd_config_read_eap_user(pos, bss))
+                               errors++;
+               } else if (os_strcmp(buf, "ca_cert") == 0) {
+                       os_free(bss->ca_cert);
+                       bss->ca_cert = os_strdup(pos);
+               } else if (os_strcmp(buf, "server_cert") == 0) {
+                       os_free(bss->server_cert);
+                       bss->server_cert = os_strdup(pos);
+               } else if (os_strcmp(buf, "private_key") == 0) {
+                       os_free(bss->private_key);
+                       bss->private_key = os_strdup(pos);
+               } else if (os_strcmp(buf, "private_key_passwd") == 0) {
+                       os_free(bss->private_key_passwd);
+                       bss->private_key_passwd = os_strdup(pos);
+               } else if (os_strcmp(buf, "check_crl") == 0) {
+                       bss->check_crl = atoi(pos);
+               } else if (os_strcmp(buf, "ocsp_stapling_response") == 0) {
+                       os_free(bss->ocsp_stapling_response);
+                       bss->ocsp_stapling_response = os_strdup(pos);
+               } else if (os_strcmp(buf, "dh_file") == 0) {
+                       os_free(bss->dh_file);
+                       bss->dh_file = os_strdup(pos);
+               } else if (os_strcmp(buf, "fragment_size") == 0) {
+                       bss->fragment_size = atoi(pos);
+#ifdef EAP_SERVER_FAST
+               } else if (os_strcmp(buf, "pac_opaque_encr_key") == 0) {
+                       os_free(bss->pac_opaque_encr_key);
+                       bss->pac_opaque_encr_key = os_malloc(16);
+                       if (bss->pac_opaque_encr_key == NULL) {
+                               wpa_printf(MSG_ERROR, "Line %d: No memory for "
+                                          "pac_opaque_encr_key", line);
+                               errors++;
+                       } else if (hexstr2bin(pos, bss->pac_opaque_encr_key,
+                                             16)) {
+                               wpa_printf(MSG_ERROR, "Line %d: Invalid "
+                                          "pac_opaque_encr_key", line);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "eap_fast_a_id") == 0) {
+                       size_t idlen = os_strlen(pos);
+                       if (idlen & 1) {
+                               wpa_printf(MSG_ERROR, "Line %d: Invalid "
+                                          "eap_fast_a_id", line);
+                               errors++;
+                       } else {
+                               os_free(bss->eap_fast_a_id);
+                               bss->eap_fast_a_id = os_malloc(idlen / 2);
+                               if (bss->eap_fast_a_id == NULL ||
+                                   hexstr2bin(pos, bss->eap_fast_a_id,
+                                              idlen / 2)) {
+                                       wpa_printf(MSG_ERROR, "Line %d: "
+                                                  "Failed to parse "
+                                                  "eap_fast_a_id", line);
+                                       errors++;
+                               } else
+                                       bss->eap_fast_a_id_len = idlen / 2;
+                       }
+               } else if (os_strcmp(buf, "eap_fast_a_id_info") == 0) {
+                       os_free(bss->eap_fast_a_id_info);
+                       bss->eap_fast_a_id_info = os_strdup(pos);
+               } else if (os_strcmp(buf, "eap_fast_prov") == 0) {
+                       bss->eap_fast_prov = atoi(pos);
+               } else if (os_strcmp(buf, "pac_key_lifetime") == 0) {
+                       bss->pac_key_lifetime = atoi(pos);
+               } else if (os_strcmp(buf, "pac_key_refresh_time") == 0) {
+                       bss->pac_key_refresh_time = atoi(pos);
+#endif /* EAP_SERVER_FAST */
+#ifdef EAP_SERVER_SIM
+               } else if (os_strcmp(buf, "eap_sim_db") == 0) {
+                       os_free(bss->eap_sim_db);
+                       bss->eap_sim_db = os_strdup(pos);
+               } else if (os_strcmp(buf, "eap_sim_aka_result_ind") == 0) {
+                       bss->eap_sim_aka_result_ind = atoi(pos);
+#endif /* EAP_SERVER_SIM */
+#ifdef EAP_SERVER_TNC
+               } else if (os_strcmp(buf, "tnc") == 0) {
+                       bss->tnc = atoi(pos);
+#endif /* EAP_SERVER_TNC */
+#ifdef EAP_SERVER_PWD
+               } else if (os_strcmp(buf, "pwd_group") == 0) {
+                       bss->pwd_group = atoi(pos);
+#endif /* EAP_SERVER_PWD */
+#endif /* EAP_SERVER */
+               } else if (os_strcmp(buf, "eap_message") == 0) {
+                       char *term;
+                       bss->eap_req_id_text = os_strdup(pos);
+                       if (bss->eap_req_id_text == NULL) {
+                               wpa_printf(MSG_ERROR, "Line %d: Failed to "
+                                          "allocate memory for "
+                                          "eap_req_id_text", line);
+                               errors++;
+                               return errors;
+                       }
+                       bss->eap_req_id_text_len =
+                               os_strlen(bss->eap_req_id_text);
+                       term = os_strstr(bss->eap_req_id_text, "\\0");
+                       if (term) {
+                               *term++ = '\0';
+                               os_memmove(term, term + 1,
+                                          bss->eap_req_id_text_len -
+                                          (term - bss->eap_req_id_text) - 1);
+                               bss->eap_req_id_text_len--;
+                       }
+               } else if (os_strcmp(buf, "wep_key_len_broadcast") == 0) {
+                       bss->default_wep_key_len = atoi(pos);
+                       if (bss->default_wep_key_len > 13) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid WEP "
+                                          "key len %lu (= %lu bits)", line,
+                                          (unsigned long)
+                                          bss->default_wep_key_len,
+                                          (unsigned long)
+                                          bss->default_wep_key_len * 8);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "wep_key_len_unicast") == 0) {
+                       bss->individual_wep_key_len = atoi(pos);
+                       if (bss->individual_wep_key_len < 0 ||
+                           bss->individual_wep_key_len > 13) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid WEP "
+                                          "key len %d (= %d bits)", line,
+                                          bss->individual_wep_key_len,
+                                          bss->individual_wep_key_len * 8);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "wep_rekey_period") == 0) {
+                       bss->wep_rekeying_period = atoi(pos);
+                       if (bss->wep_rekeying_period < 0) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid "
+                                          "period %d",
+                                          line, bss->wep_rekeying_period);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "eap_reauth_period") == 0) {
+                       bss->eap_reauth_period = atoi(pos);
+                       if (bss->eap_reauth_period < 0) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid "
+                                          "period %d",
+                                          line, bss->eap_reauth_period);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "eapol_key_index_workaround") == 0) {
+                       bss->eapol_key_index_workaround = atoi(pos);
+#ifdef CONFIG_IAPP
+               } else if (os_strcmp(buf, "iapp_interface") == 0) {
+                       bss->ieee802_11f = 1;
+                       os_strlcpy(bss->iapp_iface, pos,
+                                  sizeof(bss->iapp_iface));
+#endif /* CONFIG_IAPP */
+               } else if (os_strcmp(buf, "own_ip_addr") == 0) {
+                       if (hostapd_parse_ip_addr(pos, &bss->own_ip_addr)) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid IP "
+                                          "address '%s'", line, pos);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "nas_identifier") == 0) {
+                       bss->nas_identifier = os_strdup(pos);
+#ifndef CONFIG_NO_RADIUS
+               } else if (os_strcmp(buf, "auth_server_addr") == 0) {
+                       if (hostapd_config_read_radius_addr(
+                                   &bss->radius->auth_servers,
+                                   &bss->radius->num_auth_servers, pos, 1812,
+                                   &bss->radius->auth_server)) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid IP "
+                                          "address '%s'", line, pos);
+                               errors++;
+                       }
+               } else if (bss->radius->auth_server &&
+                          os_strcmp(buf, "auth_server_port") == 0) {
+                       bss->radius->auth_server->port = atoi(pos);
+               } else if (bss->radius->auth_server &&
+                          os_strcmp(buf, "auth_server_shared_secret") == 0) {
+                       int len = os_strlen(pos);
+                       if (len == 0) {
+                               /* RFC 2865, Ch. 3 */
+                               wpa_printf(MSG_ERROR, "Line %d: empty shared "
+                                          "secret is not allowed.", line);
+                               errors++;
+                       }
+                       bss->radius->auth_server->shared_secret =
+                               (u8 *) os_strdup(pos);
+                       bss->radius->auth_server->shared_secret_len = len;
+               } else if (os_strcmp(buf, "acct_server_addr") == 0) {
+                       if (hostapd_config_read_radius_addr(
+                                   &bss->radius->acct_servers,
+                                   &bss->radius->num_acct_servers, pos, 1813,
+                                   &bss->radius->acct_server)) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid IP "
+                                          "address '%s'", line, pos);
+                               errors++;
+                       }
+               } else if (bss->radius->acct_server &&
+                          os_strcmp(buf, "acct_server_port") == 0) {
+                       bss->radius->acct_server->port = atoi(pos);
+               } else if (bss->radius->acct_server &&
+                          os_strcmp(buf, "acct_server_shared_secret") == 0) {
+                       int len = os_strlen(pos);
+                       if (len == 0) {
+                               /* RFC 2865, Ch. 3 */
+                               wpa_printf(MSG_ERROR, "Line %d: empty shared "
+                                          "secret is not allowed.", line);
+                               errors++;
+                       }
+                       bss->radius->acct_server->shared_secret =
+                               (u8 *) os_strdup(pos);
+                       bss->radius->acct_server->shared_secret_len = len;
+               } else if (os_strcmp(buf, "radius_retry_primary_interval") ==
+                          0) {
+                       bss->radius->retry_primary_interval = atoi(pos);
+               } else if (os_strcmp(buf, "radius_acct_interim_interval") == 0)
+               {
+                       bss->acct_interim_interval = atoi(pos);
+               } else if (os_strcmp(buf, "radius_request_cui") == 0) {
+                       bss->radius_request_cui = atoi(pos);
+               } else if (os_strcmp(buf, "radius_auth_req_attr") == 0) {
+                       struct hostapd_radius_attr *attr, *a;
+                       attr = hostapd_parse_radius_attr(pos);
+                       if (attr == NULL) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid "
+                                          "radius_auth_req_attr", line);
+                               errors++;
+                       } else if (bss->radius_auth_req_attr == NULL) {
+                               bss->radius_auth_req_attr = attr;
+                       } else {
+                               a = bss->radius_auth_req_attr;
+                               while (a->next)
+                                       a = a->next;
+                               a->next = attr;
+                       }
+               } else if (os_strcmp(buf, "radius_acct_req_attr") == 0) {
+                       struct hostapd_radius_attr *attr, *a;
+                       attr = hostapd_parse_radius_attr(pos);
+                       if (attr == NULL) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid "
+                                          "radius_acct_req_attr", line);
+                               errors++;
+                       } else if (bss->radius_acct_req_attr == NULL) {
+                               bss->radius_acct_req_attr = attr;
+                       } else {
+                               a = bss->radius_acct_req_attr;
+                               while (a->next)
+                                       a = a->next;
+                               a->next = attr;
+                       }
+               } else if (os_strcmp(buf, "radius_das_port") == 0) {
+                       bss->radius_das_port = atoi(pos);
+               } else if (os_strcmp(buf, "radius_das_client") == 0) {
+                       if (hostapd_parse_das_client(bss, pos) < 0) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid "
+                                          "DAS client", line);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "radius_das_time_window") == 0) {
+                       bss->radius_das_time_window = atoi(pos);
+               } else if (os_strcmp(buf, "radius_das_require_event_timestamp")
+                          == 0) {
+                       bss->radius_das_require_event_timestamp = atoi(pos);
+#endif /* CONFIG_NO_RADIUS */
+               } else if (os_strcmp(buf, "auth_algs") == 0) {
+                       bss->auth_algs = atoi(pos);
+                       if (bss->auth_algs == 0) {
+                               wpa_printf(MSG_ERROR, "Line %d: no "
+                                          "authentication algorithms allowed",
+                                          line);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "max_num_sta") == 0) {
+                       bss->max_num_sta = atoi(pos);
+                       if (bss->max_num_sta < 0 ||
+                           bss->max_num_sta > MAX_STA_COUNT) {
+                               wpa_printf(MSG_ERROR, "Line %d: Invalid "
+                                          "max_num_sta=%d; allowed range "
+                                          "0..%d", line, bss->max_num_sta,
+                                          MAX_STA_COUNT);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "wpa") == 0) {
+                       bss->wpa = atoi(pos);
+               } else if (os_strcmp(buf, "wpa_group_rekey") == 0) {
+                       bss->wpa_group_rekey = atoi(pos);
+               } else if (os_strcmp(buf, "wpa_strict_rekey") == 0) {
+                       bss->wpa_strict_rekey = atoi(pos);
+               } else if (os_strcmp(buf, "wpa_gmk_rekey") == 0) {
+                       bss->wpa_gmk_rekey = atoi(pos);
+               } else if (os_strcmp(buf, "wpa_ptk_rekey") == 0) {
+                       bss->wpa_ptk_rekey = atoi(pos);
+               } else if (os_strcmp(buf, "wpa_passphrase") == 0) {
+                       int len = os_strlen(pos);
+                       if (len < 8 || len > 63) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid WPA "
+                                          "passphrase length %d (expected "
+                                          "8..63)", line, len);
+                               errors++;
+                       } else {
+                               os_free(bss->ssid.wpa_passphrase);
+                               bss->ssid.wpa_passphrase = os_strdup(pos);
+                               if (bss->ssid.wpa_passphrase) {
+                                       os_free(bss->ssid.wpa_psk);
+                                       bss->ssid.wpa_psk = NULL;
+                                       bss->ssid.wpa_passphrase_set = 1;
+                               }
+                       }
+               } else if (os_strcmp(buf, "wpa_psk") == 0) {
+                       os_free(bss->ssid.wpa_psk);
+                       bss->ssid.wpa_psk =
+                               os_zalloc(sizeof(struct hostapd_wpa_psk));
+                       if (bss->ssid.wpa_psk == NULL)
+                               errors++;
+                       else if (hexstr2bin(pos, bss->ssid.wpa_psk->psk,
+                                           PMK_LEN) ||
+                                pos[PMK_LEN * 2] != '\0') {
+                               wpa_printf(MSG_ERROR, "Line %d: Invalid PSK "
+                                          "'%s'.", line, pos);
+                               errors++;
+                       } else {
+                               bss->ssid.wpa_psk->group = 1;
+                               os_free(bss->ssid.wpa_passphrase);
+                               bss->ssid.wpa_passphrase = NULL;
+                               bss->ssid.wpa_psk_set = 1;
+                       }
+               } else if (os_strcmp(buf, "wpa_psk_file") == 0) {
+                       os_free(bss->ssid.wpa_psk_file);
+                       bss->ssid.wpa_psk_file = os_strdup(pos);
+                       if (!bss->ssid.wpa_psk_file) {
+                               wpa_printf(MSG_ERROR, "Line %d: allocation "
+                                          "failed", line);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "wpa_key_mgmt") == 0) {
+                       bss->wpa_key_mgmt =
+                               hostapd_config_parse_key_mgmt(line, pos);
+                       if (bss->wpa_key_mgmt == -1)
+                               errors++;
+               } else if (os_strcmp(buf, "wpa_psk_radius") == 0) {
+                       bss->wpa_psk_radius = atoi(pos);
+                       if (bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&
+                           bss->wpa_psk_radius != PSK_RADIUS_ACCEPTED &&
+                           bss->wpa_psk_radius != PSK_RADIUS_REQUIRED) {
+                               wpa_printf(MSG_ERROR, "Line %d: unknown "
+                                          "wpa_psk_radius %d",
+                                          line, bss->wpa_psk_radius);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "wpa_pairwise") == 0) {
+                       bss->wpa_pairwise =
+                               hostapd_config_parse_cipher(line, pos);
+                       if (bss->wpa_pairwise == -1 ||
+                           bss->wpa_pairwise == 0)
+                               errors++;
+                       else if (bss->wpa_pairwise &
+                                (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 |
+                                 WPA_CIPHER_WEP104)) {
+                               wpa_printf(MSG_ERROR, "Line %d: unsupported "
+                                          "pairwise cipher suite '%s'",
+                                          bss->wpa_pairwise, pos);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "rsn_pairwise") == 0) {
+                       bss->rsn_pairwise =
+                               hostapd_config_parse_cipher(line, pos);
+                       if (bss->rsn_pairwise == -1 ||
+                           bss->rsn_pairwise == 0)
+                               errors++;
+                       else if (bss->rsn_pairwise &
+                                (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 |
+                                 WPA_CIPHER_WEP104)) {
+                               wpa_printf(MSG_ERROR, "Line %d: unsupported "
+                                          "pairwise cipher suite '%s'",
+                                          bss->rsn_pairwise, pos);
+                               errors++;
+                       }
+#ifdef CONFIG_RSN_PREAUTH
+               } else if (os_strcmp(buf, "rsn_preauth") == 0) {
+                       bss->rsn_preauth = atoi(pos);
+               } else if (os_strcmp(buf, "rsn_preauth_interfaces") == 0) {
+                       bss->rsn_preauth_interfaces = os_strdup(pos);
+#endif /* CONFIG_RSN_PREAUTH */
+#ifdef CONFIG_PEERKEY
+               } else if (os_strcmp(buf, "peerkey") == 0) {
+                       bss->peerkey = atoi(pos);
+#endif /* CONFIG_PEERKEY */
+#ifdef CONFIG_IEEE80211R
+               } else if (os_strcmp(buf, "mobility_domain") == 0) {
+                       if (os_strlen(pos) != 2 * MOBILITY_DOMAIN_ID_LEN ||
+                           hexstr2bin(pos, bss->mobility_domain,
+                                      MOBILITY_DOMAIN_ID_LEN) != 0) {
+                               wpa_printf(MSG_DEBUG, "Line %d: Invalid "
+                                          "mobility_domain '%s'", line, pos);
+                               errors++;
+                               return errors;
+                       }
+               } else if (os_strcmp(buf, "r1_key_holder") == 0) {
+                       if (os_strlen(pos) != 2 * FT_R1KH_ID_LEN ||
+                           hexstr2bin(pos, bss->r1_key_holder,
+                                      FT_R1KH_ID_LEN) != 0) {
+                               wpa_printf(MSG_DEBUG, "Line %d: Invalid "
+                                          "r1_key_holder '%s'", line, pos);
+                               errors++;
+                               return errors;
+                       }
+               } else if (os_strcmp(buf, "r0_key_lifetime") == 0) {
+                       bss->r0_key_lifetime = atoi(pos);
+               } else if (os_strcmp(buf, "reassociation_deadline") == 0) {
+                       bss->reassociation_deadline = atoi(pos);
+               } else if (os_strcmp(buf, "r0kh") == 0) {
+                       if (add_r0kh(bss, pos) < 0) {
+                               wpa_printf(MSG_DEBUG, "Line %d: Invalid "
+                                          "r0kh '%s'", line, pos);
+                               errors++;
+                               return errors;
+                       }
+               } else if (os_strcmp(buf, "r1kh") == 0) {
+                       if (add_r1kh(bss, pos) < 0) {
+                               wpa_printf(MSG_DEBUG, "Line %d: Invalid "
+                                          "r1kh '%s'", line, pos);
+                               errors++;
+                               return errors;
+                       }
+               } else if (os_strcmp(buf, "pmk_r1_push") == 0) {
+                       bss->pmk_r1_push = atoi(pos);
+               } else if (os_strcmp(buf, "ft_over_ds") == 0) {
+                       bss->ft_over_ds = atoi(pos);
+#endif /* CONFIG_IEEE80211R */
+#ifndef CONFIG_NO_CTRL_IFACE
+               } else if (os_strcmp(buf, "ctrl_interface") == 0) {
+                       os_free(bss->ctrl_interface);
+                       bss->ctrl_interface = os_strdup(pos);
+               } else if (os_strcmp(buf, "ctrl_interface_group") == 0) {
+#ifndef CONFIG_NATIVE_WINDOWS
+                       struct group *grp;
+                       char *endp;
+                       const char *group = pos;
+
+                       grp = getgrnam(group);
+                       if (grp) {
+                               bss->ctrl_interface_gid = grp->gr_gid;
+                               bss->ctrl_interface_gid_set = 1;
+                               wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d"
+                                          " (from group name '%s')",
+                                          bss->ctrl_interface_gid, group);
+                               return errors;
+                       }
+
+                       /* Group name not found - try to parse this as gid */
+                       bss->ctrl_interface_gid = strtol(group, &endp, 10);
+                       if (*group == '\0' || *endp != '\0') {
+                               wpa_printf(MSG_DEBUG, "Line %d: Invalid group "
+                                          "'%s'", line, group);
+                               errors++;
+                               return errors;
+                       }
+                       bss->ctrl_interface_gid_set = 1;
+                       wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
+                                  bss->ctrl_interface_gid);
+#endif /* CONFIG_NATIVE_WINDOWS */
+#endif /* CONFIG_NO_CTRL_IFACE */
+#ifdef RADIUS_SERVER
+               } else if (os_strcmp(buf, "radius_server_clients") == 0) {
+                       os_free(bss->radius_server_clients);
+                       bss->radius_server_clients = os_strdup(pos);
+               } else if (os_strcmp(buf, "radius_server_auth_port") == 0) {
+                       bss->radius_server_auth_port = atoi(pos);
+               } else if (os_strcmp(buf, "radius_server_ipv6") == 0) {
+                       bss->radius_server_ipv6 = atoi(pos);
+#endif /* RADIUS_SERVER */
+               } else if (os_strcmp(buf, "test_socket") == 0) {
+                       os_free(bss->test_socket);
+                       bss->test_socket = os_strdup(pos);
+               } else if (os_strcmp(buf, "use_pae_group_addr") == 0) {
+                       bss->use_pae_group_addr = atoi(pos);
+               } else if (os_strcmp(buf, "hw_mode") == 0) {
+                       if (os_strcmp(pos, "a") == 0)
+                               conf->hw_mode = HOSTAPD_MODE_IEEE80211A;
+                       else if (os_strcmp(pos, "b") == 0)
+                               conf->hw_mode = HOSTAPD_MODE_IEEE80211B;
+                       else if (os_strcmp(pos, "g") == 0)
+                               conf->hw_mode = HOSTAPD_MODE_IEEE80211G;
+                       else if (os_strcmp(pos, "ad") == 0)
+                               conf->hw_mode = HOSTAPD_MODE_IEEE80211AD;
+                       else {
+                               wpa_printf(MSG_ERROR, "Line %d: unknown "
+                                          "hw_mode '%s'", line, pos);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "wps_rf_bands") == 0) {
+                       if (os_strcmp(pos, "a") == 0)
+                               bss->wps_rf_bands = WPS_RF_50GHZ;
+                       else if (os_strcmp(pos, "g") == 0 ||
+                                os_strcmp(pos, "b") == 0)
+                               bss->wps_rf_bands = WPS_RF_24GHZ;
+                       else if (os_strcmp(pos, "ag") == 0 ||
+                                os_strcmp(pos, "ga") == 0)
+                               bss->wps_rf_bands =
+                                       WPS_RF_24GHZ | WPS_RF_50GHZ;
+                       else {
+                               wpa_printf(MSG_ERROR, "Line %d: unknown "
+                                          "wps_rf_band '%s'", line, pos);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "channel") == 0) {
+                       if (os_strcmp(pos, "acs_survey") == 0) {
+#ifndef CONFIG_ACS
+                               wpa_printf(MSG_ERROR, "Line %d: tries to enable ACS but CONFIG_ACS disabled",
+                                          line);
+                               errors++;
+#endif /* CONFIG_ACS */
+                               conf->channel = 0;
+                       } else
+                               conf->channel = atoi(pos);
+               } else if (os_strcmp(buf, "beacon_int") == 0) {
+                       int val = atoi(pos);
+                       /* MIB defines range as 1..65535, but very small values
+                        * cause problems with the current implementation.
+                        * Since it is unlikely that this small numbers are
+                        * useful in real life scenarios, do not allow beacon
+                        * period to be set below 15 TU. */
+                       if (val < 15 || val > 65535) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid "
+                                          "beacon_int %d (expected "
+                                          "15..65535)", line, val);
+                               errors++;
+                       } else
+                               conf->beacon_int = val;
+#ifdef CONFIG_ACS
+               } else if (os_strcmp(buf, "acs_num_scans") == 0) {
+                       int val = atoi(pos);
+                       if (val <= 0 || val > 100) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid acs_num_scans %d (expected 1..100)",
+                                          line, val);
+                               errors++;
+                       } else
+                               conf->acs_num_scans = val;
+#endif /* CONFIG_ACS */
+               } else if (os_strcmp(buf, "dtim_period") == 0) {
+                       bss->dtim_period = atoi(pos);
+                       if (bss->dtim_period < 1 || bss->dtim_period > 255) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid "
+                                          "dtim_period %d",
+                                          line, bss->dtim_period);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "rts_threshold") == 0) {
+                       conf->rts_threshold = atoi(pos);
+                       if (conf->rts_threshold < 0 ||
+                           conf->rts_threshold > 2347) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid "
+                                          "rts_threshold %d",
+                                          line, conf->rts_threshold);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "fragm_threshold") == 0) {
+                       conf->fragm_threshold = atoi(pos);
+                       if (conf->fragm_threshold < 256 ||
+                           conf->fragm_threshold > 2346) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid "
+                                          "fragm_threshold %d",
+                                          line, conf->fragm_threshold);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "send_probe_response") == 0) {
+                       int val = atoi(pos);
+                       if (val != 0 && val != 1) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid "
+                                          "send_probe_response %d (expected "
+                                          "0 or 1)", line, val);
+                       } else
+                               conf->send_probe_response = val;
+               } else if (os_strcmp(buf, "supported_rates") == 0) {
+                       if (hostapd_parse_intlist(&conf->supported_rates, pos))
+                       {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid rate "
+                                          "list", line);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "basic_rates") == 0) {
+                       if (hostapd_parse_intlist(&conf->basic_rates, pos)) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid rate "
+                                          "list", line);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "preamble") == 0) {
+                       if (atoi(pos))
+                               conf->preamble = SHORT_PREAMBLE;
+                       else
+                               conf->preamble = LONG_PREAMBLE;
+               } else if (os_strcmp(buf, "ignore_broadcast_ssid") == 0) {
+                       bss->ignore_broadcast_ssid = atoi(pos);
+               } else if (os_strcmp(buf, "wep_default_key") == 0) {
+                       bss->ssid.wep.idx = atoi(pos);
+                       if (bss->ssid.wep.idx > 3) {
+                               wpa_printf(MSG_ERROR, "Invalid "
+                                          "wep_default_key index %d",
+                                          bss->ssid.wep.idx);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "wep_key0") == 0 ||
+                          os_strcmp(buf, "wep_key1") == 0 ||
+                          os_strcmp(buf, "wep_key2") == 0 ||
+                          os_strcmp(buf, "wep_key3") == 0) {
+                       if (hostapd_config_read_wep(&bss->ssid.wep,
+                                                   buf[7] - '0', pos)) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid WEP "
+                                          "key '%s'", line, buf);
+                               errors++;
+                       }
+#ifndef CONFIG_NO_VLAN
+               } else if (os_strcmp(buf, "dynamic_vlan") == 0) {
+                       bss->ssid.dynamic_vlan = atoi(pos);
+               } else if (os_strcmp(buf, "vlan_file") == 0) {
+                       if (hostapd_config_read_vlan_file(bss, pos)) {
+                               wpa_printf(MSG_ERROR, "Line %d: failed to "
+                                          "read VLAN file '%s'", line, pos);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "vlan_naming") == 0) {
+                       bss->ssid.vlan_naming = atoi(pos);
+                       if (bss->ssid.vlan_naming >= DYNAMIC_VLAN_NAMING_END ||
+                           bss->ssid.vlan_naming < 0) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid "
+                                          "naming scheme %d", line,
+                                           bss->ssid.vlan_naming);
+                               errors++;
+                        }
+#ifdef CONFIG_FULL_DYNAMIC_VLAN
+               } else if (os_strcmp(buf, "vlan_tagged_interface") == 0) {
+                       bss->ssid.vlan_tagged_interface = os_strdup(pos);
+#endif /* CONFIG_FULL_DYNAMIC_VLAN */
+#endif /* CONFIG_NO_VLAN */
+               } else if (os_strcmp(buf, "ap_table_max_size") == 0) {
+                       conf->ap_table_max_size = atoi(pos);
+               } else if (os_strcmp(buf, "ap_table_expiration_time") == 0) {
+                       conf->ap_table_expiration_time = atoi(pos);
+               } else if (os_strncmp(buf, "tx_queue_", 9) == 0) {
+                       if (hostapd_config_tx_queue(conf, buf, pos)) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid TX "
+                                          "queue item", line);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "wme_enabled") == 0 ||
+                          os_strcmp(buf, "wmm_enabled") == 0) {
+                       bss->wmm_enabled = atoi(pos);
+               } else if (os_strcmp(buf, "uapsd_advertisement_enabled") == 0) {
+                       bss->wmm_uapsd = atoi(pos);
+               } else if (os_strncmp(buf, "wme_ac_", 7) == 0 ||
+                          os_strncmp(buf, "wmm_ac_", 7) == 0) {
+                       if (hostapd_config_wmm_ac(conf->wmm_ac_params, buf,
+                                                 pos)) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid WMM "
+                                          "ac item", line);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "bss") == 0) {
+                       if (hostapd_config_bss(conf, pos)) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid bss "
+                                          "item", line);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "bssid") == 0) {
+                       if (hwaddr_aton(pos, bss->bssid)) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid bssid "
+                                          "item", line);
+                               errors++;
+                       }
+#ifdef CONFIG_IEEE80211W
+               } else if (os_strcmp(buf, "ieee80211w") == 0) {
+                       bss->ieee80211w = atoi(pos);
+               } else if (os_strcmp(buf, "assoc_sa_query_max_timeout") == 0) {
+                       bss->assoc_sa_query_max_timeout = atoi(pos);
+                       if (bss->assoc_sa_query_max_timeout == 0) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid "
+                                          "assoc_sa_query_max_timeout", line);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "assoc_sa_query_retry_timeout") == 0)
+               {
+                       bss->assoc_sa_query_retry_timeout = atoi(pos);
+                       if (bss->assoc_sa_query_retry_timeout == 0) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid "
+                                          "assoc_sa_query_retry_timeout",
+                                          line);
+                               errors++;
+                       }
+#endif /* CONFIG_IEEE80211W */
+#ifdef CONFIG_IEEE80211N
+               } else if (os_strcmp(buf, "ieee80211n") == 0) {
+                       conf->ieee80211n = atoi(pos);
+               } else if (os_strcmp(buf, "ht_capab") == 0) {
+                       if (hostapd_config_ht_capab(conf, pos) < 0) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid "
+                                          "ht_capab", line);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "require_ht") == 0) {
+                       conf->require_ht = atoi(pos);
+               } else if (os_strcmp(buf, "obss_interval") == 0) {
+                       conf->obss_interval = atoi(pos);
+#endif /* CONFIG_IEEE80211N */
+#ifdef CONFIG_IEEE80211AC
+               } else if (os_strcmp(buf, "ieee80211ac") == 0) {
+                       conf->ieee80211ac = atoi(pos);
+               } else if (os_strcmp(buf, "vht_capab") == 0) {
+                       if (hostapd_config_vht_capab(conf, pos) < 0) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid "
+                                          "vht_capab", line);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "require_vht") == 0) {
+                       conf->require_vht = atoi(pos);
+               } else if (os_strcmp(buf, "vht_oper_chwidth") == 0) {
+                       conf->vht_oper_chwidth = atoi(pos);
+               } else if (os_strcmp(buf, "vht_oper_centr_freq_seg0_idx") == 0)
+               {
+                       conf->vht_oper_centr_freq_seg0_idx = atoi(pos);
+               } else if (os_strcmp(buf, "vht_oper_centr_freq_seg1_idx") == 0)
+               {
+                       conf->vht_oper_centr_freq_seg1_idx = atoi(pos);
+#endif /* CONFIG_IEEE80211AC */
+               } else if (os_strcmp(buf, "max_listen_interval") == 0) {
+                       bss->max_listen_interval = atoi(pos);
+               } else if (os_strcmp(buf, "disable_pmksa_caching") == 0) {
+                       bss->disable_pmksa_caching = atoi(pos);
+               } else if (os_strcmp(buf, "okc") == 0) {
+                       bss->okc = atoi(pos);
+#ifdef CONFIG_WPS
+               } else if (os_strcmp(buf, "wps_state") == 0) {
+                       bss->wps_state = atoi(pos);
+                       if (bss->wps_state < 0 || bss->wps_state > 2) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid "
+                                          "wps_state", line);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "wps_independent") == 0) {
+                       bss->wps_independent = atoi(pos);
+               } else if (os_strcmp(buf, "ap_setup_locked") == 0) {
+                       bss->ap_setup_locked = atoi(pos);
+               } else if (os_strcmp(buf, "uuid") == 0) {
+                       if (uuid_str2bin(pos, bss->uuid)) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid UUID",
+                                          line);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "wps_pin_requests") == 0) {
+                       os_free(bss->wps_pin_requests);
+                       bss->wps_pin_requests = os_strdup(pos);
+               } else if (os_strcmp(buf, "device_name") == 0) {
+                       if (os_strlen(pos) > 32) {
+                               wpa_printf(MSG_ERROR, "Line %d: Too long "
+                                          "device_name", line);
+                               errors++;
+                       }
+                       os_free(bss->device_name);
+                       bss->device_name = os_strdup(pos);
+               } else if (os_strcmp(buf, "manufacturer") == 0) {
+                       if (os_strlen(pos) > 64) {
+                               wpa_printf(MSG_ERROR, "Line %d: Too long "
+                                          "manufacturer", line);
+                               errors++;
+                       }
+                       os_free(bss->manufacturer);
+                       bss->manufacturer = os_strdup(pos);
+               } else if (os_strcmp(buf, "model_name") == 0) {
+                       if (os_strlen(pos) > 32) {
+                               wpa_printf(MSG_ERROR, "Line %d: Too long "
+                                          "model_name", line);
+                               errors++;
+                       }
+                       os_free(bss->model_name);
+                       bss->model_name = os_strdup(pos);
+               } else if (os_strcmp(buf, "model_number") == 0) {
+                       if (os_strlen(pos) > 32) {
+                               wpa_printf(MSG_ERROR, "Line %d: Too long "
+                                          "model_number", line);
+                               errors++;
+                       }
+                       os_free(bss->model_number);
+                       bss->model_number = os_strdup(pos);
+               } else if (os_strcmp(buf, "serial_number") == 0) {
+                       if (os_strlen(pos) > 32) {
+                               wpa_printf(MSG_ERROR, "Line %d: Too long "
+                                          "serial_number", line);
+                               errors++;
+                       }
+                       os_free(bss->serial_number);
+                       bss->serial_number = os_strdup(pos);
+               } else if (os_strcmp(buf, "device_type") == 0) {
+                       if (wps_dev_type_str2bin(pos, bss->device_type))
+                               errors++;
+               } else if (os_strcmp(buf, "config_methods") == 0) {
+                       os_free(bss->config_methods);
+                       bss->config_methods = os_strdup(pos);
+               } else if (os_strcmp(buf, "os_version") == 0) {
+                       if (hexstr2bin(pos, bss->os_version, 4)) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid "
+                                          "os_version", line);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "ap_pin") == 0) {
+                       os_free(bss->ap_pin);
+                       bss->ap_pin = os_strdup(pos);
+               } else if (os_strcmp(buf, "skip_cred_build") == 0) {
+                       bss->skip_cred_build = atoi(pos);
+               } else if (os_strcmp(buf, "extra_cred") == 0) {
+                       os_free(bss->extra_cred);
+                       bss->extra_cred =
+                               (u8 *) os_readfile(pos, &bss->extra_cred_len);
+                       if (bss->extra_cred == NULL) {
+                               wpa_printf(MSG_ERROR, "Line %d: could not "
+                                          "read Credentials from '%s'",
+                                          line, pos);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "wps_cred_processing") == 0) {
+                       bss->wps_cred_processing = atoi(pos);
+               } else if (os_strcmp(buf, "ap_settings") == 0) {
+                       os_free(bss->ap_settings);
+                       bss->ap_settings =
+                               (u8 *) os_readfile(pos, &bss->ap_settings_len);
+                       if (bss->ap_settings == NULL) {
+                               wpa_printf(MSG_ERROR, "Line %d: could not "
+                                          "read AP Settings from '%s'",
+                                          line, pos);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "upnp_iface") == 0) {
+                       bss->upnp_iface = os_strdup(pos);
+               } else if (os_strcmp(buf, "friendly_name") == 0) {
+                       os_free(bss->friendly_name);
+                       bss->friendly_name = os_strdup(pos);
+               } else if (os_strcmp(buf, "manufacturer_url") == 0) {
+                       os_free(bss->manufacturer_url);
+                       bss->manufacturer_url = os_strdup(pos);
+               } else if (os_strcmp(buf, "model_description") == 0) {
+                       os_free(bss->model_description);
+                       bss->model_description = os_strdup(pos);
+               } else if (os_strcmp(buf, "model_url") == 0) {
+                       os_free(bss->model_url);
+                       bss->model_url = os_strdup(pos);
+               } else if (os_strcmp(buf, "upc") == 0) {
+                       os_free(bss->upc);
+                       bss->upc = os_strdup(pos);
+               } else if (os_strcmp(buf, "pbc_in_m1") == 0) {
+                       bss->pbc_in_m1 = atoi(pos);
+               } else if (os_strcmp(buf, "server_id") == 0) {
+                       os_free(bss->server_id);
+                       bss->server_id = os_strdup(pos);
+#ifdef CONFIG_WPS_NFC
+               } else if (os_strcmp(buf, "wps_nfc_dev_pw_id") == 0) {
+                       bss->wps_nfc_dev_pw_id = atoi(pos);
+                       if (bss->wps_nfc_dev_pw_id < 0x10 ||
+                           bss->wps_nfc_dev_pw_id > 0xffff) {
+                               wpa_printf(MSG_ERROR, "Line %d: Invalid "
+                                          "wps_nfc_dev_pw_id value", line);
+                               errors++;
+                       }
+                       bss->wps_nfc_pw_from_config = 1;
+               } else if (os_strcmp(buf, "wps_nfc_dh_pubkey") == 0) {
+                       wpabuf_free(bss->wps_nfc_dh_pubkey);
+                       bss->wps_nfc_dh_pubkey = hostapd_parse_bin(pos);
+                       bss->wps_nfc_pw_from_config = 1;
+               } else if (os_strcmp(buf, "wps_nfc_dh_privkey") == 0) {
+                       wpabuf_free(bss->wps_nfc_dh_privkey);
+                       bss->wps_nfc_dh_privkey = hostapd_parse_bin(pos);
+                       bss->wps_nfc_pw_from_config = 1;
+               } else if (os_strcmp(buf, "wps_nfc_dev_pw") == 0) {
+                       wpabuf_free(bss->wps_nfc_dev_pw);
+                       bss->wps_nfc_dev_pw = hostapd_parse_bin(pos);
+                       bss->wps_nfc_pw_from_config = 1;
+#endif /* CONFIG_WPS_NFC */
+#endif /* CONFIG_WPS */
+#ifdef CONFIG_P2P_MANAGER
+               } else if (os_strcmp(buf, "manage_p2p") == 0) {
+                       int manage = atoi(pos);
+                       if (manage)
+                               bss->p2p |= P2P_MANAGE;
+                       else
+                               bss->p2p &= ~P2P_MANAGE;
+               } else if (os_strcmp(buf, "allow_cross_connection") == 0) {
+                       if (atoi(pos))
+                               bss->p2p |= P2P_ALLOW_CROSS_CONNECTION;
+                       else
+                               bss->p2p &= ~P2P_ALLOW_CROSS_CONNECTION;
+#endif /* CONFIG_P2P_MANAGER */
+               } else if (os_strcmp(buf, "disassoc_low_ack") == 0) {
+                       bss->disassoc_low_ack = atoi(pos);
+               } else if (os_strcmp(buf, "tdls_prohibit") == 0) {
+                       int val = atoi(pos);
+                       if (val)
+                               bss->tdls |= TDLS_PROHIBIT;
+                       else
+                               bss->tdls &= ~TDLS_PROHIBIT;
+               } else if (os_strcmp(buf, "tdls_prohibit_chan_switch") == 0) {
+                       int val = atoi(pos);
+                       if (val)
+                               bss->tdls |= TDLS_PROHIBIT_CHAN_SWITCH;
+                       else
+                               bss->tdls &= ~TDLS_PROHIBIT_CHAN_SWITCH;
+#ifdef CONFIG_RSN_TESTING
+               } else if (os_strcmp(buf, "rsn_testing") == 0) {
+                       extern int rsn_testing;
+                       rsn_testing = atoi(pos);
+#endif /* CONFIG_RSN_TESTING */
+               } else if (os_strcmp(buf, "time_advertisement") == 0) {
+                       bss->time_advertisement = atoi(pos);
+               } else if (os_strcmp(buf, "time_zone") == 0) {
+                       size_t tz_len = os_strlen(pos);
+                       if (tz_len < 4 || tz_len > 255) {
+                               wpa_printf(MSG_DEBUG, "Line %d: invalid "
+                                          "time_zone", line);
+                               errors++;
+                               return errors;
+                       }
+                       os_free(bss->time_zone);
+                       bss->time_zone = os_strdup(pos);
+                       if (bss->time_zone == NULL)
+                               errors++;
+#ifdef CONFIG_WNM
+               } else if (os_strcmp(buf, "wnm_sleep_mode") == 0) {
+                       bss->wnm_sleep_mode = atoi(pos);
+               } else if (os_strcmp(buf, "bss_transition") == 0) {
+                       bss->bss_transition = atoi(pos);
+#endif /* CONFIG_WNM */
+#ifdef CONFIG_INTERWORKING
+               } else if (os_strcmp(buf, "interworking") == 0) {
+                       bss->interworking = atoi(pos);
+               } else if (os_strcmp(buf, "access_network_type") == 0) {
+                       bss->access_network_type = atoi(pos);
+                       if (bss->access_network_type < 0 ||
+                           bss->access_network_type > 15) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid "
+                                          "access_network_type", line);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "internet") == 0) {
+                       bss->internet = atoi(pos);
+               } else if (os_strcmp(buf, "asra") == 0) {
+                       bss->asra = atoi(pos);
+               } else if (os_strcmp(buf, "esr") == 0) {
+                       bss->esr = atoi(pos);
+               } else if (os_strcmp(buf, "uesa") == 0) {
+                       bss->uesa = atoi(pos);
+               } else if (os_strcmp(buf, "venue_group") == 0) {
+                       bss->venue_group = atoi(pos);
+                       bss->venue_info_set = 1;
+               } else if (os_strcmp(buf, "venue_type") == 0) {
+                       bss->venue_type = atoi(pos);
+                       bss->venue_info_set = 1;
+               } else if (os_strcmp(buf, "hessid") == 0) {
+                       if (hwaddr_aton(pos, bss->hessid)) {
+                               wpa_printf(MSG_ERROR, "Line %d: invalid "
+                                          "hessid", line);
+                               errors++;
+                       }
+               } else if (os_strcmp(buf, "roaming_consortium") == 0) {
+                       if (parse_roaming_consortium(bss, pos, line) < 0)
+                               errors++;
+               } else if (os_strcmp(buf, "venue_name") == 0) {
+                       if (parse_venue_name(bss, pos, line) < 0)
+                               errors++;
+               } else if (os_strcmp(buf, "network_auth_type") == 0) {
+                       u8 auth_type;
+                       u16 redirect_url_len;
+                       if (hexstr2bin(pos, &auth_type, 1)) {
+                               wpa_printf(MSG_ERROR, "Line %d: Invalid "
+                                          "network_auth_type '%s'",
+                                          line, pos);
+                               errors++;
+                               return errors;
+                       }
+                       if (auth_type == 0 || auth_type == 2)
+                               redirect_url_len = os_strlen(pos + 2);
+                       else
+                               redirect_url_len = 0;
+                       os_free(bss->network_auth_type);
+                       bss->network_auth_type =
+                               os_malloc(redirect_url_len + 3 + 1);
+                       if (bss->network_auth_type == NULL) {
+                               errors++;
+                               return errors;
+                       }
+                       *bss->network_auth_type = auth_type;
+                       WPA_PUT_LE16(bss->network_auth_type + 1,
+                                    redirect_url_len);
+                       if (redirect_url_len)
+                               os_memcpy(bss->network_auth_type + 3,
+                                         pos + 2, redirect_url_len);
+                       bss->network_auth_type_len = 3 + redirect_url_len;
+               } else if (os_strcmp(buf, "ipaddr_type_availability") == 0) {
+                       if (hexstr2bin(pos, &bss->ipaddr_type_availability, 1))
+                       {
+                               wpa_printf(MSG_ERROR, "Line %d: Invalid "
+                                          "ipaddr_type_availability '%s'",
+                                          line, pos);
+                               bss->ipaddr_type_configured = 0;
+                               errors++;
+                               return errors;
+                       }
+                       bss->ipaddr_type_configured = 1;
+               } else if (os_strcmp(buf, "domain_name") == 0) {
+                       int j, num_domains, domain_len, domain_list_len = 0;
+                       char *tok_start, *tok_prev;
+                       u8 *domain_list, *domain_ptr;
+
+                       domain_list_len = os_strlen(pos) + 1;
+                       domain_list = os_malloc(domain_list_len);
+                       if (domain_list == NULL) {
+                               errors++;
+                               return errors;
+                       }
+
+                       domain_ptr = domain_list;
+                       tok_prev = pos;
+                       num_domains = 1;
+                       while ((tok_prev = os_strchr(tok_prev, ','))) {
+                               num_domains++;
+                               tok_prev++;
+                       }
+                       tok_prev = pos;
+                       for (j = 0; j < num_domains; j++) {
+                               tok_start = os_strchr(tok_prev, ',');
+                               if (tok_start) {
+                                       domain_len = tok_start - tok_prev;
+                                       *domain_ptr = domain_len;
+                                       os_memcpy(domain_ptr + 1, tok_prev,
+                                                 domain_len);
+                                       domain_ptr += domain_len + 1;
+                                       tok_prev = ++tok_start;
+                               } else {
+                                       domain_len = os_strlen(tok_prev);
+                                       *domain_ptr = domain_len;
+                                       os_memcpy(domain_ptr + 1, tok_prev,
+                                                 domain_len);
+                                       domain_ptr += domain_len + 1;
+                               }
+                       }
+
+                       os_free(bss->domain_name);
+                       bss->domain_name = domain_list;
+                       bss->domain_name_len = domain_list_len;
+               } else if (os_strcmp(buf, "anqp_3gpp_cell_net") == 0) {
+                       if (parse_3gpp_cell_net(bss, pos, line) < 0)
+                               errors++;
+               } else if (os_strcmp(buf, "nai_realm") == 0) {
+                       if (parse_nai_realm(bss, pos, line) < 0)
+                               errors++;
+               } else if (os_strcmp(buf, "gas_frag_limit") == 0) {
+                       bss->gas_frag_limit = atoi(pos);
+               } else if (os_strcmp(buf, "gas_comeback_delay") == 0) {
+                       bss->gas_comeback_delay = atoi(pos);
+               } else if (os_strcmp(buf, "qos_map_set") == 0) {
+                       if (parse_qos_map_set(bss, pos, line) < 0)
+                               errors++;
+#endif /* CONFIG_INTERWORKING */
+#ifdef CONFIG_RADIUS_TEST
+               } else if (os_strcmp(buf, "dump_msk_file") == 0) {
+                       os_free(bss->dump_msk_file);
+                       bss->dump_msk_file = os_strdup(pos);
+#endif /* CONFIG_RADIUS_TEST */
+#ifdef CONFIG_HS20
+               } else if (os_strcmp(buf, "hs20") == 0) {
+                       bss->hs20 = atoi(pos);
+               } else if (os_strcmp(buf, "disable_dgaf") == 0) {
+                       bss->disable_dgaf = atoi(pos);
+               } else if (os_strcmp(buf, "hs20_oper_friendly_name") == 0) {
+                       if (hs20_parse_oper_friendly_name(bss, pos, line) < 0)
+                               errors++;
+               } else if (os_strcmp(buf, "hs20_wan_metrics") == 0) {
+                       if (hs20_parse_wan_metrics(bss, pos, line) < 0) {
+                               errors++;
+                               return errors;
+                       }
+               } else if (os_strcmp(buf, "hs20_conn_capab") == 0) {
+                       if (hs20_parse_conn_capab(bss, pos, line) < 0) {
+                               errors++;
+                               return errors;
+                       }
+               } else if (os_strcmp(buf, "hs20_operating_class") == 0) {
+                       u8 *oper_class;
+                       size_t oper_class_len;
+                       oper_class_len = os_strlen(pos);
+                       if (oper_class_len < 2 || (oper_class_len & 0x01)) {
+                               wpa_printf(MSG_ERROR, "Line %d: Invalid "
+                                          "hs20_operating_class '%s'",
+                                          line, pos);
+                               errors++;
+                               return errors;
+                       }
+                       oper_class_len /= 2;
+                       oper_class = os_malloc(oper_class_len);
+                       if (oper_class == NULL) {
+                               errors++;
+                               return errors;
+                       }
+                       if (hexstr2bin(pos, oper_class, oper_class_len)) {
+                               wpa_printf(MSG_ERROR, "Line %d: Invalid "
+                                          "hs20_operating_class '%s'",
+                                          line, pos);
+                               os_free(oper_class);
+                               errors++;
+                               return errors;
+                       }
+                       os_free(bss->hs20_operating_class);
+                       bss->hs20_operating_class = oper_class;
+                       bss->hs20_operating_class_len = oper_class_len;
+#endif /* CONFIG_HS20 */
+#ifdef CONFIG_TESTING_OPTIONS
+#define PARSE_TEST_PROBABILITY(_val)                                   \
+               } else if (os_strcmp(buf, #_val) == 0) {                \
+                       char *end;                                      \
+                                                                       \
+                       conf->_val = strtod(pos, &end);                 \
+                       if (*end || conf->_val < 0.0d ||                \
+                           conf->_val > 1.0d) {                        \
+                               wpa_printf(MSG_ERROR,                   \
+                                          "Line %d: Invalid value '%s'", \
+                                          line, pos);                  \
+                               errors++;                               \
+                               return errors;                          \
+                       }
+               PARSE_TEST_PROBABILITY(ignore_probe_probability)
+               PARSE_TEST_PROBABILITY(ignore_auth_probability)
+               PARSE_TEST_PROBABILITY(ignore_assoc_probability)
+               PARSE_TEST_PROBABILITY(ignore_reassoc_probability)
+               PARSE_TEST_PROBABILITY(corrupt_gtk_rekey_mic_probability)
+               } else if (os_strcmp(buf, "bss_load_test") == 0) {
+                       WPA_PUT_LE16(bss->bss_load_test, atoi(pos));
+                       pos = os_strchr(pos, ':');
+                       if (pos == NULL) {
+                               wpa_printf(MSG_ERROR, "Line %d: Invalid "
+                                          "bss_load_test", line);
+                               return 1;
+                       }
+                       pos++;
+                       bss->bss_load_test[2] = atoi(pos);
+                       pos = os_strchr(pos, ':');
+                       if (pos == NULL) {
+                               wpa_printf(MSG_ERROR, "Line %d: Invalid "
+                                          "bss_load_test", line);
+                               return 1;
+                       }
+                       pos++;
+                       WPA_PUT_LE16(&bss->bss_load_test[3], atoi(pos));
+                       bss->bss_load_test_set = 1;
+#endif /* CONFIG_TESTING_OPTIONS */
+               } else if (os_strcmp(buf, "vendor_elements") == 0) {
+                       struct wpabuf *elems;
+                       size_t len = os_strlen(pos);
+                       if (len & 0x01) {
+                               wpa_printf(MSG_ERROR, "Line %d: Invalid "
+                                          "vendor_elements '%s'", line, pos);
+                               return 1;
+                       }
+                       len /= 2;
+                       if (len == 0) {
+                               wpabuf_free(bss->vendor_elements);
+                               bss->vendor_elements = NULL;
+                               return 0;
+                       }
+
+                       elems = wpabuf_alloc(len);
+                       if (elems == NULL)
+                               return 1;
+
+                       if (hexstr2bin(pos, wpabuf_put(elems, len), len)) {
+                               wpabuf_free(elems);
+                               wpa_printf(MSG_ERROR, "Line %d: Invalid "
+                                          "vendor_elements '%s'", line, pos);
+                               return 1;
+                       }
+
+                       wpabuf_free(bss->vendor_elements);
+                       bss->vendor_elements = elems;
+               } else if (os_strcmp(buf, "sae_anti_clogging_threshold") == 0) {
+                       bss->sae_anti_clogging_threshold = atoi(pos);
+               } else if (os_strcmp(buf, "sae_groups") == 0) {
+                       if (hostapd_parse_intlist(&bss->sae_groups, pos)) {
+                               wpa_printf(MSG_ERROR, "Line %d: Invalid "
+                                          "sae_groups value '%s'", line, pos);
+                               return 1;
+                       }
+               } else {
+                       wpa_printf(MSG_ERROR, "Line %d: unknown configuration "
+                                  "item '%s'", line, buf);
+                       errors++;
+               }
+       }
+
+       return errors;
+}
+
+
+/**
+ * hostapd_config_read - Read and parse a configuration file
+ * @fname: Configuration file name (including path, if needed)
+ * Returns: Allocated configuration data structure
+ */
+struct hostapd_config * hostapd_config_read(const char *fname)
+{
+       struct hostapd_config *conf;
+       struct hostapd_bss_config *bss;
+       FILE *f;
+       char buf[512], *pos;
+       int line = 0;
+       int errors = 0;
+       size_t i;
+
+       f = fopen(fname, "r");
+       if (f == NULL) {
+               wpa_printf(MSG_ERROR, "Could not open configuration file '%s' "
+                          "for reading.", fname);
+               return NULL;
+       }
+
+       conf = hostapd_config_defaults();
+       if (conf == NULL) {
+               fclose(f);
+               return NULL;
+       }
+
+       /* set default driver based on configuration */
+       conf->driver = wpa_drivers[0];
+       if (conf->driver == NULL) {
+               wpa_printf(MSG_ERROR, "No driver wrappers registered!");
+               hostapd_config_free(conf);
+               fclose(f);
+               return NULL;
+       }
+
+       bss = conf->last_bss = conf->bss[0];
+
+       while (fgets(buf, sizeof(buf), f)) {
+               bss = conf->last_bss;
+               line++;
+
+               if (buf[0] == '#')
+                       continue;
+               pos = buf;
+               while (*pos != '\0') {
+                       if (*pos == '\n') {
+                               *pos = '\0';
+                               break;
+                       }
+                       pos++;
+               }
+               if (buf[0] == '\0')
+                       continue;
+
+               pos = os_strchr(buf, '=');
+               if (pos == NULL) {
+                       wpa_printf(MSG_ERROR, "Line %d: invalid line '%s'",
+                                  line, buf);
+                       errors++;
+                       continue;
+               }
+               *pos = '\0';
+               pos++;
+               errors += hostapd_config_fill(conf, bss, buf, pos, line);
+       }
+
+       fclose(f);
+
+       for (i = 0; i < conf->num_bss; i++)
+               hostapd_set_security_params(conf->bss[i]);
+
+       if (hostapd_config_check(conf, 1))
+               errors++;
+
+#ifndef WPA_IGNORE_CONFIG_ERRORS
+       if (errors) {
+               wpa_printf(MSG_ERROR, "%d errors found in configuration file "
+                          "'%s'", errors, fname);
+               hostapd_config_free(conf);
+               conf = NULL;
+       }
+#endif /* WPA_IGNORE_CONFIG_ERRORS */
+
+       return conf;
+}
+
+
+int hostapd_set_iface(struct hostapd_config *conf,
+                     struct hostapd_bss_config *bss, char *field, char *value)
+{
+       int errors;
+       size_t i;
+
+       errors = hostapd_config_fill(conf, bss, field, value, 0);
+       if (errors) {
+               wpa_printf(MSG_INFO, "Failed to set configuration field '%s' "
+                          "to value '%s'", field, value);
+               return -1;
+       }
+
+       for (i = 0; i < conf->num_bss; i++)
+               hostapd_set_security_params(conf->bss[i]);
+
+       if (hostapd_config_check(conf, 0)) {
+               wpa_printf(MSG_ERROR, "Configuration check failed");
+               return -1;
+       }
+
+       return 0;
+}
diff --git a/contrib/hostapd/hostapd/config_file.h b/contrib/hostapd/hostapd/config_file.h
new file mode 100644 (file)
index 0000000..fba57b8
--- /dev/null
@@ -0,0 +1,17 @@
+/*
+ * hostapd / Configuration file parser
+ * Copyright (c) 2003-2009, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef CONFIG_FILE_H
+#define CONFIG_FILE_H
+
+struct hostapd_config * hostapd_config_read(const char *fname);
+int hostapd_set_iface(struct hostapd_config *conf,
+                     struct hostapd_bss_config *bss, char *field,
+                     char *value);
+
+#endif /* CONFIG_FILE_H */
diff --git a/contrib/hostapd/hostapd/ctrl_iface.c b/contrib/hostapd/hostapd/ctrl_iface.c
new file mode 100644 (file)
index 0000000..4a9da5f
--- /dev/null
@@ -0,0 +1,1878 @@
+/*
+ * hostapd / UNIX domain socket -based control interface
+ * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+
+#ifndef CONFIG_NATIVE_WINDOWS
+
+#include <sys/un.h>
+#include <sys/stat.h>
+#include <stddef.h>
+
+#include "utils/common.h"
+#include "utils/eloop.h"
+#include "common/version.h"
+#include "common/ieee802_11_defs.h"
+#include "drivers/driver.h"
+#include "radius/radius_client.h"
+#include "radius/radius_server.h"
+#include "ap/hostapd.h"
+#include "ap/ap_config.h"
+#include "ap/ieee802_1x.h"
+#include "ap/wpa_auth.h"
+#include "ap/ieee802_11.h"
+#include "ap/sta_info.h"
+#include "ap/wps_hostapd.h"
+#include "ap/ctrl_iface_ap.h"
+#include "ap/ap_drv_ops.h"
+#include "ap/wnm_ap.h"
+#include "ap/wpa_auth.h"
+#include "wps/wps_defs.h"
+#include "wps/wps.h"
+#include "config_file.h"
+#include "ctrl_iface.h"
+
+
+struct wpa_ctrl_dst {
+       struct wpa_ctrl_dst *next;
+       struct sockaddr_un addr;
+       socklen_t addrlen;
+       int debug_level;
+       int errors;
+};
+
+
+static void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level,
+                                   const char *buf, size_t len);
+
+
+static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd,
+                                    struct sockaddr_un *from,
+                                    socklen_t fromlen)
+{
+       struct wpa_ctrl_dst *dst;
+
+       dst = os_zalloc(sizeof(*dst));
+       if (dst == NULL)
+               return -1;
+       os_memcpy(&dst->addr, from, sizeof(struct sockaddr_un));
+       dst->addrlen = fromlen;
+       dst->debug_level = MSG_INFO;
+       dst->next = hapd->ctrl_dst;
+       hapd->ctrl_dst = dst;
+       wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor attached",
+                   (u8 *) from->sun_path,
+                   fromlen - offsetof(struct sockaddr_un, sun_path));
+       return 0;
+}
+
+
+static int hostapd_ctrl_iface_detach(struct hostapd_data *hapd,
+                                    struct sockaddr_un *from,
+                                    socklen_t fromlen)
+{
+       struct wpa_ctrl_dst *dst, *prev = NULL;
+
+       dst = hapd->ctrl_dst;
+       while (dst) {
+               if (fromlen == dst->addrlen &&
+                   os_memcmp(from->sun_path, dst->addr.sun_path,
+                             fromlen - offsetof(struct sockaddr_un, sun_path))
+                   == 0) {
+                       wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor detached",
+                                   (u8 *) from->sun_path,
+                                   fromlen -
+                                   offsetof(struct sockaddr_un, sun_path));
+                       if (prev == NULL)
+                               hapd->ctrl_dst = dst->next;
+                       else
+                               prev->next = dst->next;
+                       os_free(dst);
+                       return 0;
+               }
+               prev = dst;
+               dst = dst->next;
+       }
+       return -1;
+}
+
+
+static int hostapd_ctrl_iface_level(struct hostapd_data *hapd,
+                                   struct sockaddr_un *from,
+                                   socklen_t fromlen,
+                                   char *level)
+{
+       struct wpa_ctrl_dst *dst;
+
+       wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level);
+
+       dst = hapd->ctrl_dst;
+       while (dst) {
+               if (fromlen == dst->addrlen &&
+                   os_memcmp(from->sun_path, dst->addr.sun_path,
+                             fromlen - offsetof(struct sockaddr_un, sun_path))
+                   == 0) {
+                       wpa_hexdump(MSG_DEBUG, "CTRL_IFACE changed monitor "
+                                   "level", (u8 *) from->sun_path, fromlen -
+                                   offsetof(struct sockaddr_un, sun_path));
+                       dst->debug_level = atoi(level);
+                       return 0;
+               }
+        &nbs