changelog

最新的Host AP 新添加了许多pcmcia 的驱动

ChangeLog for hostapd

2009-03-23 - v0.6.9
	* driver_nl80211: fixed STA accounting data collection (TX/RX bytes
	  reported correctly; TX/RX packets not yet available from kernel)
	* fixed EAPOL/EAP reauthentication when using an external RADIUS
	  authentication server
	* driver_prism54: fixed segmentation fault on initialization
	* fixed TNC with EAP-TTLS
	* fixed IEEE 802.11r key derivation function to match with the standard
	  (note: this breaks interoperability with previous version) [Bug 303]

2009-02-15 - v0.6.8
	* increased hostapd_cli ping interval to 5 seconds and made this
	  configurable with a new command line options (-G<seconds>)
	* driver_nl80211: use Linux socket filter to improve performance
	* added support for external Registrars with WPS (UPnP transport)

2009-01-06 - v0.6.7
	* added support for Wi-Fi Protected Setup (WPS)
	  (hostapd can now be configured to act as an integrated WPS Registrar
	  and provision credentials for WPS Enrollees using PIN and PBC
	  methods; external wireless Registrar can configure the AP, but
	  external WLAN Manager Registrars are not supported); WPS support can
	  be enabled by adding CONFIG_WPS=y into .config and setting the
	  runtime configuration variables in hostapd.conf (see WPS section in
	  the example configuration file); new hostapd_cli commands wps_pin and
	  wps_pbc are used to configure WPS negotiation; see README-WPS for
	  more details
	* added IEEE 802.11n HT capability configuration (ht_capab)
	* added support for generating Country IE based on nl80211 regulatory
	  information (added if ieee80211d=1 in configuration)
	* fixed WEP authentication (both Open System and Shared Key) with
	  mac80211
	* added support for EAP-AKA' (draft-arkko-eap-aka-kdf)
	* added support for using driver_test over UDP socket
	* changed EAP-GPSK to use the IANA assigned EAP method type 51
	* updated management frame protection to use IEEE 802.11w/D7.0
	* fixed retransmission of EAP requests if no response is received

2008-11-23 - v0.6.6
	* added a new configuration option, wpa_ptk_rekey, that can be used to
	  enforce frequent PTK rekeying, e.g., to mitigate some attacks against
	  TKIP deficiencies
	* updated OpenSSL code for EAP-FAST to use an updated version of the
	  session ticket overriding API that was included into the upstream
	  OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is
	  needed with that version anymore)
	* changed channel flags configuration to read the information from
	  the driver (e.g., via driver_nl80211 when using mac80211) instead of
	  using hostapd as the source of the regulatory information (i.e.,
	  information from CRDA is now used with mac80211); this allows 5 GHz
	  channels to be used with hostapd (if allowed in the current
	  regulatory domain)
	* fixed EAP-TLS message processing for the last TLS message if it is
	  large enough to require fragmentation (e.g., if a large Session
	  Ticket data is included)
	* fixed listen interval configuration for nl80211 drivers

2008-11-01 - v0.6.5
	* added support for SHA-256 as X.509 certificate digest when using the
	  internal X.509/TLSv1 implementation
	* fixed EAP-FAST PAC-Opaque padding (0.6.4 broke this for some peer
	  identity lengths)
	* fixed internal TLSv1 implementation for abbreviated handshake (used
	  by EAP-FAST server)
	* added support for setting VLAN ID for STAs based on local MAC ACL
	  (accept_mac_file) as an alternative for RADIUS server-based
	  configuration
	* updated management frame protection to use IEEE 802.11w/D6.0
	  (adds a new association ping to protect against unauthenticated
	  authenticate or (re)associate request frames dropping association)
	* added support for using SHA256-based stronger key derivation for WPA2
	  (IEEE 802.11w)
	* added new "driver wrapper" for RADIUS-only configuration
	  (driver=none in hostapd.conf; CONFIG_DRIVER_NONE=y in .config)
	* fixed WPA/RSN IE validation to verify that the proto (WPA vs. WPA2)
	  is enabled in configuration
	* changed EAP-FAST configuration to use separate fields for A-ID and
	  A-ID-Info (eap_fast_a_id_info) to allow A-ID to be set to a fixed
	  16-octet len binary value for better interoperability with some peer
	  implementations; eap_fast_a_id is now configured as a hex string
	* driver_nl80211: Updated to match the current Linux mac80211 AP mode
	  configuration (wireless-testing.git and Linux kernel releases
	  starting from 2.6.29)

2008-08-10 - v0.6.4
	* added peer identity into EAP-FAST PAC-Opaque and skip Phase 2
	  Identity Request if identity is already known
	* added support for EAP Sequences in EAP-FAST Phase 2
	* added support for EAP-TNC (Trusted Network Connect)
	  (this version implements the EAP-TNC method and EAP-TTLS/EAP-FAST
	  changes needed to run two methods in sequence (IF-T) and the IF-IMV
	  and IF-TNCCS interfaces from TNCS)
	* added support for optional cryptobinding with PEAPv0
	* added fragmentation support for EAP-TNC
	* added support for fragmenting EAP-TTLS/PEAP/FAST Phase 2 (tunneled)
	  data
	* added support for opportunistic key caching (OKC)

2008-02-22 - v0.6.3
	* fixed Reassociation Response callback processing when using internal
	  MLME (driver_{hostap,nl80211,test}.c)
	* updated FT support to use the latest draft, IEEE 802.11r/D9.0
	* copy optional Proxy-State attributes into RADIUS response when acting
	  as a RADIUS authentication server
	* fixed EAPOL state machine to handle a case in which no response is
	  received from the RADIUS authentication server; previous version
	  could have triggered a crash in some cases after a timeout
	* fixed EAP-SIM/AKA realm processing to allow decorated usernames to
	  be used
	* added a workaround for EAP-SIM/AKA peers that include incorrect null
	  termination in the username
	* fixed EAP-SIM/AKA protected result indication to include AT_COUNTER
	  attribute in notification messages only when using fast
	  reauthentication
	* fixed EAP-SIM Start response processing for fast reauthentication
	  case
	* added support for pending EAP processing in EAP-{PEAP,TTLS,FAST}
	  phase 2 to allow EAP-SIM and EAP-AKA to be used as the Phase 2 method

2008-01-01 - v0.6.2
	* fixed EAP-SIM and EAP-AKA message parser to validate attribute
	  lengths properly to avoid potential crash caused by invalid messages
	* added data structure for storing allocated buffers (struct wpabuf);
	  this does not affect hostapd usage, but many of the APIs changed
	  and various interfaces (e.g., EAP) is not compatible with old
	  versions
	* added support for protecting EAP-AKA/Identity messages with
	  AT_CHECKCODE (optional feature in RFC 4187)
	* added support for protected result indication with AT_RESULT_IND for
	  EAP-SIM and EAP-AKA (eap_sim_aka_result_ind=1)
	* added support for configuring EAP-TTLS phase 2 non-EAP methods in
	  EAP server configuration; previously all four were enabled for every
	  phase 2 user, now all four are disabled by default and need to be
	  enabled with new method names TTLS-PAP, TTLS-CHAP, TTLS-MSCHAP,
	  TTLS-MSCHAPV2
	* removed old debug printing mechanism and the related 'debug'
	  parameter in the configuration file; debug verbosity is now set with
	  -d (or -dd) command line arguments
	* added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt);
	  only shared key/password authentication is supported in this version

2007-11-24 - v0.6.1
	* added experimental, integrated TLSv1 server implementation with the
	  needed X.509/ASN.1/RSA/bignum processing (this can be enabled by
	  setting CONFIG_TLS=internal and CONFIG_INTERNAL_LIBTOMMATH=y in
	  .config); this can be useful, e.g., if the target system does not
	  have a suitable TLS library and a minimal code size is required
	* added support for EAP-FAST server method to the integrated EAP
	  server
	* updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
	  draft (draft-ietf-emu-eap-gpsk-07.txt)
	* added a new configuration parameter, rsn_pairwise, to allow different
	  pairwise cipher suites to be enabled for WPA and RSN/WPA2
	  (note: if wpa_pairwise differs from rsn_pairwise, the driver will
	  either need to support this or will have to use the WPA/RSN IEs from
	  hostapd; currently, the included madwifi and bsd driver interfaces do
	  not have support for this)
	* updated FT support to use the latest draft, IEEE 802.11r/D8.0

2007-05-28 - v0.6.0
	* added experimental IEEE 802.11r/D6.0 support
	* updated EAP-SAKE to RFC 4763 and the IANA-allocated EAP type 48
	* updated EAP-PSK to use the IANA-allocated EAP type 47
	* fixed EAP-PSK bit ordering of the Flags field
	* fixed configuration reloading (SIGHUP) to re-initialize WPA PSKs
	  by reading wpa_psk_file [Bug 181]
	* fixed EAP-TTLS AVP parser processing for too short AVP lengths
	* fixed IPv6 connection to RADIUS accounting server
	* updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
	  draft (draft-ietf-emu-eap-gpsk-04.txt)
	* hlr_auc_gw: read GSM triplet file into memory and rotate through the
	  entries instead of only using the same three triplets every time
	  (this does not work properly with tests using multiple clients, but
	  provides bit better triplet data for testing a single client; anyway,
	  if a better quality triplets are needed, GSM-Milenage should be used
	  instead of hardcoded triplet file)
	* fixed EAP-MSCHAPv2 server to use a space between S and M parameters
	  in Success Request [Bug 203]
	* added support for sending EAP-AKA Notifications in error cases
	* updated to use IEEE 802.11w/D2.0 for management frame protection
	  (still experimental)
	* RADIUS server: added support for processing duplicate messages
	  (retransmissions from RADIUS client) by replying with the previous
	  reply

2006-11-24 - v0.5.6
	* added support for configuring and controlling multiple BSSes per
	  radio interface (bss=<ifname> in hostapd.conf); this is only
	  available with Devicescape and test driver interfaces
	* fixed PMKSA cache update in the end of successful RSN
	  pre-authentication
	* added support for dynamic VLAN configuration (i.e., selecting VLAN-ID
	  for each STA based on RADIUS Access-Accept attributes); this requires
	  VLAN support from the kernel driver/802.11 stack and this is
	  currently only available with Devicescape and test driver interfaces
	* driver_madwifi: fixed configuration of unencrypted modes (plaintext
	  and IEEE 802.1X without WEP)
	* removed STAKey handshake since PeerKey handshake has replaced it in
	  IEEE 802.11ma and there are no known deployments of STAKey
	* updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
	  draft (draft-ietf-emu-eap-gpsk-01.txt)
	* added preliminary implementation of IEEE 802.11w/D1.0 (management
	  frame protection)
	  (Note: this requires driver support to work properly.)
	  (Note2: IEEE 802.11w is an unapproved draft and subject to change.)
	* hlr_auc_gw: added support for GSM-Milenage (for EAP-SIM)
	* hlr_auc_gw: added support for reading per-IMSI Milenage keys and
	  parameters from a text file to make it possible to implement proper
	  GSM/UMTS authentication server for multiple SIM/USIM cards using
	  EAP-SIM/EAP-AKA
	* fixed session timeout processing with drivers that do not use
	  ieee802_11.c (e.g., madwifi)

2006-08-27 - v0.5.5
	* added 'hostapd_cli new_sta <addr>' command for adding a new STA into
	  hostapd (e.g., to initialize wired network authentication based on an
	  external signal)
	* fixed hostapd to add PMKID KDE into 4-Way Handshake Message 1 when
	  using WPA2 even if PMKSA caching is not used
	* added -P<pid file> argument for hostapd to write the current process
	  id into a file
	* added support for RADIUS Authentication Server MIB (RFC 2619)

2006-06-20 - v0.5.4
	* fixed nt_password_hash build [Bug 144]
	* added PeerKey handshake implementation for IEEE 802.11e
	  direct link setup (DLS) to replace STAKey handshake
	* added support for EAP Generalized Pre-Shared Key (EAP-GPSK,
	  draft-clancy-emu-eap-shared-secret-00.txt)
	* fixed a segmentation fault when RSN pre-authentication was completed
	  successfully [Bug 152]

2006-04-27 - v0.5.3
	* do not build nt_password_hash and hlr_auc_gw by default to avoid
	  requiring a TLS library for a successful build; these programs can be
	  build with 'make nt_password_hash' and 'make hlr_auc_gw'
	* added a new configuration option, eapol_version, that can be used to
	  set EAPOL version to 1 (default is 2) to work around broken client
	  implementations that drop EAPOL frames which use version number 2
	  [Bug 89]
	* added support for EAP-SAKE (no EAP method number allocated yet, so
	  this is using the same experimental type 255 as EAP-PSK)
	* fixed EAP-MSCHAPv2 message length validation

2006-03-19 - v0.5.2
	* fixed stdarg use in hostapd_logger(): if both stdout and syslog
	  logging was enabled, hostapd could trigger a segmentation fault in
	  vsyslog on some CPU -- C library combinations
	* moved HLR/AuC gateway implementation for EAP-SIM/AKA into an external
	  program to make it easier to use for implementing real SS7 gateway;
	  eap_sim_db is not anymore used as a file name for GSM authentication
	  triplets; instead, it is path to UNIX domain socket that will be used
	  to communicate with the external gateway program (e.g., hlr_auc_gw)
	* added example HLR/AuC gateway implementation, hlr_auc_gw, that uses
	  local information (GSM authentication triplets from a text file and
	  hardcoded AKA authentication data); this can be used to test EAP-SIM
	  and EAP-AKA
	* added Milenage algorithm (example 3GPP AKA algorithm) to hlr_auc_gw
	  to make it possible to test EAP-AKA with real USIM cards (this is
	  disabled by default; define AKA_USE_MILENAGE when building hlr_auc_gw
	  to enable this)
	* driver_madwifi: added support for getting station RSN IE from
	  madwifi-ng svn r1453 and newer; this fixes RSN that was apparently
	  broken with earlier change (r1357) in the driver
	* changed EAP method registration to use a dynamic list of methods
	  instead of a static list generated at build time
	* fixed WPA message 3/4 not to encrypt Key Data field (WPA IE)
	  [Bug 125]
	* added ap_max_inactivity configuration parameter

2006-01-29 - v0.5.1
	* driver_test: added better support for multiple APs and STAs by using
	  a directory with sockets that include MAC address for each device in
	  the name (test_socket=DIR:/tmp/test)
	* added support for EAP expanded type (vendor specific EAP methods)

2005-12-18 - v0.5.0 (beginning of 0.5.x development releases)
	* added experimental STAKey handshake implementation for IEEE 802.11e
	  direct link setup (DLS); note: this is disabled by default in both
	  build and runtime configuration (can be enabled with CONFIG_STAKEY=y
	  and stakey=1)
	* added support for EAP methods to use callbacks to external programs
	  by buffering a pending request and processing it after the EAP method
	  is ready to continue
	* improved EAP-SIM database interface to allow external request to GSM
	  HLR/AuC without blocking hostapd process