2014-08-09 03:22:58 +02:00
|
|
|
Background
|
|
|
|
==========
|
|
|
|
|
|
|
|
- Priority scale: High, Medium and Low
|
|
|
|
|
|
|
|
- Complexity scale: C1, C2, C4 and C8. The complexity scale is exponential,
|
|
|
|
with complexity 1 being the lowest complexity. Complexity is a function
|
|
|
|
of both task 'complexity' and task 'scope'.
|
|
|
|
|
|
|
|
The general rule of thumb is that a complexity 1 task should take 1-2 weeks
|
|
|
|
for a person very familiar with the codebase. Higher complexity tasks
|
|
|
|
require more time and have higher uncertainty.
|
|
|
|
|
|
|
|
Higher complexity tasks should be refined into several lower complexity tasks
|
|
|
|
once the task is better understood.
|
|
|
|
|
|
|
|
|
|
|
|
mac80211_hwsim
|
|
|
|
==============
|
|
|
|
|
|
|
|
- Add support for HWSIM_CMD_SET_RADIO command
|
|
|
|
|
|
|
|
To allow modifying an existing radio, add the HWSIM_CMD_SET_RADIO. The
|
|
|
|
first possible feature should be to emulate the hardware RFKILL switch.
|
|
|
|
|
|
|
|
It might be required to add a HWSIM_ATTR_RADIO_HW_RFKILL attribute flag
|
|
|
|
to the HWSIM_CMD_NEW_RADIO to enable virtual radios with a hardware
|
|
|
|
level RFKILL switch.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C1
|
|
|
|
|
2014-08-09 04:15:38 +02:00
|
|
|
- Allow configuration of MAC address or list of MAC addresses
|
|
|
|
|
|
|
|
The radios are auto-generating a fake MAC address. It would be useful
|
|
|
|
to allow specifying a MAC address to be used. In certain cases it might
|
|
|
|
be also useful to provide a list of MAC addresses so that for example
|
|
|
|
with secondary interfaces these can be used.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C2
|
|
|
|
|
|
|
|
- Move mac80211_hwsim.h header file to UAPI includes
|
|
|
|
|
|
|
|
The mac80211_hwsim.h is the public API description of this netlink
|
|
|
|
interface and thus it should be provided via UAPI includes.
|
|
|
|
|
|
|
|
For this work work the mac80211_hwsim.h header needs to be modified
|
|
|
|
so that it also compiles from userspace. At the moment it throws
|
|
|
|
errors. And it needs to become part of the UAPI headers of the
|
|
|
|
Linux kernel.
|
|
|
|
|
|
|
|
In addition it should provide HWSIM_GENL_NAME that provides the
|
|
|
|
generic netlink "MAC82011_HWSIM" family string.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C1
|
|
|
|
|
2014-08-09 03:22:58 +02:00
|
|
|
- Provide kernel option to allow defining the number of initial radios
|
|
|
|
|
|
|
|
By default the mac80211_hwsim modules creates 2 radios by default unless
|
|
|
|
it is overwritten with the radios=x module parameter.
|
|
|
|
|
|
|
|
To allow loading the mac80211_hwsim by default and even with accidental
|
|
|
|
loading of the module, it would be good to provide a kernel configuration
|
|
|
|
option that allows changing the default value here.
|
|
|
|
|
|
|
|
For our testing we want to load mac80211_hwsim without any radios. Maybe
|
|
|
|
this should be the default for the new kernel option.
|
|
|
|
|
2014-08-09 04:15:38 +02:00
|
|
|
If the default of initial radios can be changed to zero, then it is also
|
|
|
|
possible to add MODULE_ALIAS_GENL_FAMILY to support auto-loading of
|
|
|
|
the mac80211_hwsim kernel module.
|
|
|
|
|
2014-08-09 03:22:58 +02:00
|
|
|
Priority: Low
|
|
|
|
Complexity: C1
|
|
|
|
|
|
|
|
- New configuration options for radios
|
|
|
|
|
|
|
|
At the moment the radios created are all equal and feature rich. However
|
|
|
|
for testing we want to create radios with different emulated hardware
|
|
|
|
capabilities. Provide new attributes or flags that allow enabling or
|
|
|
|
disabling certain mac80211 features.
|
|
|
|
|
|
|
|
For example AP mode, P2P mode, number of interface combinations, TDLS
|
|
|
|
support, number of Scan SSIDs, supported ciphers and so on.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C2
|
2014-08-09 03:38:42 +02:00
|
|
|
|
|
|
|
|
2014-08-09 04:31:14 +02:00
|
|
|
Wireless monitor
|
|
|
|
================
|
|
|
|
|
2014-08-11 06:37:13 +02:00
|
|
|
- Add support for PACKET_RECV_OUTPUT socket option of AF_PACKET
|
|
|
|
|
|
|
|
Instead of having to switch every interface manually into promiscuous
|
|
|
|
mode, it would be useful to set PACKET_RECV_OUTPUT to receive also
|
|
|
|
the traffic that leaves the system.
|
|
|
|
|
|
|
|
This would make tracing PAE / EAPoL traffic easy and provides better
|
|
|
|
sniffing capabilities.
|
|
|
|
|
2015-01-22 16:45:32 +01:00
|
|
|
Unfortunately, PACKET_RECV_OUTPUT logic is not implemented at all in
|
|
|
|
the kernel. So, first implement it in the kernel, and then use it in
|
|
|
|
nlmon.c as a set_sockopt option.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C8
|
2014-08-11 06:37:13 +02:00
|
|
|
|
2014-08-09 04:31:14 +02:00
|
|
|
- Subscribe to all nl80211 multicast groups at startup
|
|
|
|
|
|
|
|
It seems the nlmon packets are limited to actual subscribed mutlicast
|
|
|
|
groups. To get a complete picture of all the nl80211 commands and
|
|
|
|
events, it is required that iwmon adds membership to all multicast
|
|
|
|
groups that the nl80211 lists.
|
|
|
|
|
|
|
|
This means that the netlink socket used for resolving nl80211 family
|
2014-08-10 01:15:23 +02:00
|
|
|
name needs to be kept open and actively processed since it will also
|
2014-08-09 04:31:14 +02:00
|
|
|
receive these multicast events. However the event itself can be dropped
|
|
|
|
since the one from nlmon with the proper kernel level timestamps should
|
|
|
|
be taken into account.
|
|
|
|
|
2014-08-10 01:15:23 +02:00
|
|
|
An alternative is to fix the netlink_deliver_tap() function in the
|
|
|
|
kernel netlink layer to not be affected by the broadcast filtering.
|
|
|
|
|
2014-08-09 04:31:14 +02:00
|
|
|
Priority: Medium
|
|
|
|
Complexity: C1
|
|
|
|
|
2014-08-09 04:57:02 +02:00
|
|
|
- Add support for writing PCAP files
|
|
|
|
|
|
|
|
The new -w <file> option should allow for writing PCAP files with the
|
|
|
|
Linux SLL link type.
|
|
|
|
|
|
|
|
When creating PCAP files using tcpdump a lot of extra information from
|
|
|
|
all netlink sockets are written. This write support should only write
|
|
|
|
the information related to nl80211. However parts from the generic
|
|
|
|
netlink control channel from resolving the nl80211 family name must
|
|
|
|
be included as well.
|
|
|
|
|
|
|
|
It might be also beneficial to include RTNL messages related to the
|
|
|
|
wireless network interfaces. Currently these are all filtered out.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C2
|
|
|
|
|
2015-05-01 01:04:56 +02:00
|
|
|
- Print the 'group' of the decoded message
|
|
|
|
|
|
|
|
Whenever an event / message is received, iwmon should print the genl
|
|
|
|
group of the message (e.g. mlme, scan, config, regulatory). This will
|
|
|
|
make it easier to add handling of such events / commands inside iwd.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C1
|
|
|
|
|
2014-08-09 05:08:03 +02:00
|
|
|
|
|
|
|
Wireless simulator
|
|
|
|
==================
|
|
|
|
|
|
|
|
- Add support for builtin wireless access point emulator
|
|
|
|
|
|
|
|
When creating a pair of mac80211_hwsim radios, allow one to operate as
|
|
|
|
access point. The hwsim utility will emulate the access point on the
|
|
|
|
second interface for as long as it is running. Which means that from
|
|
|
|
the first interface it is possible to scan and connect to this access
|
|
|
|
point using standard wireless tools (including iwd and iwctl).
|
|
|
|
|
|
|
|
Code for the AP mode can be shared from iwd feature for access point
|
|
|
|
operation once that has been implemented.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C8
|
2014-08-09 05:17:11 +02:00
|
|
|
|
|
|
|
|
|
|
|
Wireless daemon
|
|
|
|
===============
|
|
|
|
|
2016-08-28 07:39:57 +02:00
|
|
|
- Let EAP methods configure timeouts
|
|
|
|
|
|
|
|
Different EAP methods might have different recommendations for various
|
|
|
|
timeouts. E.g. retransmit timeout, overall timeout, etc. The EAP framework
|
|
|
|
should be updated to enable EAP methods to configure these timeouts
|
|
|
|
accordingly. A sane default should also be provided.
|
|
|
|
|
|
|
|
Priority: High
|
|
|
|
Complexity: C2
|
|
|
|
|
2016-08-28 07:40:13 +02:00
|
|
|
- EAPoL should take EAP timeouts into consideration
|
|
|
|
|
|
|
|
EAPoL state machine currently uses its own (very short) timeout for the
|
|
|
|
4-Way handshake / session key generation. This timeout does not take into
|
|
|
|
account the fact that EAP authentication might need to be performed first.
|
|
|
|
|
|
|
|
Priority: High
|
|
|
|
Complexity: C1
|
|
|
|
|
2015-06-08 17:49:02 +02:00
|
|
|
- Add unit test data with 2nd RSNE in Authenticator 3/4 message
|
|
|
|
|
|
|
|
The specification allows the AP to send a second RSN element in its 4-way
|
|
|
|
handshake message 3/4. Find some test data for this case and create a unit
|
|
|
|
test case.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C1
|
|
|
|
|
2015-04-29 18:19:05 +02:00
|
|
|
- Handle "Use group cipher suite" option for pairwise ciphers
|
|
|
|
|
|
|
|
If the AP specifies "Use group cipher suite" as its only pairwise suite, then
|
|
|
|
handle this appropriately inside EAPoL handshaking code. The install_gtk
|
|
|
|
callback might need to be modified to handle this case.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C1
|
|
|
|
|
2016-07-18 20:58:25 +02:00
|
|
|
- Add support for PMK Caching from 802.11-2007. This is sometimes referred to
|
|
|
|
as "fast, secure roam back". Essentially the client caches PMKIDs generated
|
|
|
|
when connecting to various APs. If the client roams back to an AP that has
|
|
|
|
already been connected to, and the PMK is cached by both, then the 802.1X
|
|
|
|
exchange can be skipped.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C4
|
|
|
|
|
|
|
|
- Add support for Opportunistic Key Caching (OKC). This is not defined by
|
|
|
|
any 802.11 standards, but is made available by major vendors such as Cisco
|
|
|
|
and Microsoft.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C4
|
|
|
|
|
2017-10-23 18:48:20 +02:00
|
|
|
- Add support for receiving SA Query and generating SA Response Action frames
|
|
|
|
when connected to a network with Protected Management Frame support enabled.
|
|
|
|
The AP generates SA Query frames when it receives a new unprotected
|
|
|
|
(Re)Associate request when it thinks an STA is still connected. If the request
|
|
|
|
was spoofed it gives a chance for the currently connected STA to tell the AP
|
|
|
|
that it is still connected. Support for this feature is mandatory when PMF is
|
|
|
|
enabled.
|
|
|
|
|
|
|
|
Priority: High
|
|
|
|
Complexity: C2
|
|
|
|
|
|
|
|
- Add support for sending SA Query and handling SA Response Action frames when
|
|
|
|
connected to a network with Protected Management Frame support enabled. If the
|
|
|
|
STA receives an unprotected Disassociate request with a valid reason code and
|
|
|
|
the STA thinks it is still connected to an AP (e.g. the Disassociate was
|
|
|
|
spoofed) it can send an SA Query Action frame out to the AP. If the AP comes
|
|
|
|
back within a given timeout with an SA Response, then the Disassociate can be
|
|
|
|
ignored. Otherwise the STA should honor the Disassociate frame and disconnect.
|
|
|
|
Support for this feature is mandatory when PMF is enabled.
|
|
|
|
|
|
|
|
Priority: High
|
|
|
|
Complexity: C2
|
|
|
|
|
2016-07-18 20:58:25 +02:00
|
|
|
- Add support for Direct Link Setup from 802.11e.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C8
|
|
|
|
|
|
|
|
- Add support for Automatic Power Save Delivery (APSD). This includes
|
|
|
|
scheduled (s-APSD) and unscheduled (u-APSD). This will require rudimentary
|
|
|
|
support of WMM protocol. This feature was introduced in 802.11e.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C4
|
|
|
|
|
2017-10-20 03:20:06 +02:00
|
|
|
- Add support for Fast BSS Transition (FT) from 802.11r. FT over air is
|
|
|
|
already supported by iwd. Add support for 'FT over DS'. In FT over DS,
|
2016-07-18 20:58:25 +02:00
|
|
|
action frames can be used to perform a 4-way handshake to the target AP
|
2017-10-20 03:20:06 +02:00
|
|
|
while still connected to the current AP.
|
2016-07-18 20:58:25 +02:00
|
|
|
|
2017-10-20 03:20:06 +02:00
|
|
|
Priority: Low
|
|
|
|
Complexity: C4
|
2016-07-18 20:58:25 +02:00
|
|
|
|
|
|
|
- Add support for 802.11u. This is required for Passpoint 2.0 support.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C8
|
|
|
|
|
|
|
|
- Add support for Wireless Network Management (WNM) from 802.11v. Parts of
|
|
|
|
this are needed for Passpoint support.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C8
|
|
|
|
|
|
|
|
- Add support for Tunneled Direct Link Setup (TDLS) from 802.11z.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C8
|
|
|
|
|
2017-10-20 03:33:23 +02:00
|
|
|
- Add support for the STK 4-Way Handshake into eapol.c as described in
|
|
|
|
802.11-2016 Setion 12.7.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C8
|
|
|
|
|
|
|
|
- Add support for WiFi P2P. This tasks depends on 'STK 4-Way Handshake' task.
|
|
|
|
iwd will require a new P2P D-Bus API to be exposed in order for clients to
|
|
|
|
manage P2P connections. P2P specific logic for device management and
|
|
|
|
switching between P2P and STA/AP modes for a particular interface will be
|
|
|
|
required.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C8
|
|
|
|
|
2017-10-20 03:36:08 +02:00
|
|
|
- Add support for EAP-LEAP. This is a Cisco proprietary EAP method that is
|
|
|
|
quite widespread.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C4
|
|
|
|
|
2017-10-20 03:43:26 +02:00
|
|
|
- Add support for EAP-GTC. GTC stands for 'Generic Token Card' and can be
|
|
|
|
found in RFC3784. Essentially it prompts the user to enter some value which
|
|
|
|
is reported back to the authenticator. EAP-GTC is generally tunneled inside
|
|
|
|
EAP-PEAP and is used in the PEAPv1 authentication suite.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C4
|
|
|
|
|
|
|
|
- Add support for EAP-OTP. OTP stands for 'One Time Password' and can be
|
|
|
|
found in RFC3784.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C4
|
|
|
|
|
2016-12-15 18:15:21 +01:00
|
|
|
- Take EAP MSK size into consideration.
|
|
|
|
|
|
|
|
MSK is mandated to be 64 bytes long, and depending on the AKM, different parts
|
|
|
|
of the MSK are used to generate keys. Some EAP methods produce MSKs with less
|
|
|
|
than 64 bytes of useable data. For example, LEAP produces only 16 bytes and
|
|
|
|
MSCHAPv2 produces 32 bytes. If the AKM requires MSK of a certain size, and
|
|
|
|
the EAP method does not provide enough data, then the handshake should be
|
|
|
|
aborted.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C2
|
|
|
|
|
2017-01-18 01:20:50 +01:00
|
|
|
- Implement Enrollee Session Overlap Detection after WSC Protocol Run
|
|
|
|
|
|
|
|
WSC Best Practices v2.0.1, Section 3.15 describes an enhacement to detect
|
|
|
|
PBC session overlaps. The Enrollee is asked to perform an extra scan without
|
|
|
|
the PBC request in the ProbeRequest frames after EAP-WSC completes
|
|
|
|
successfully. If another AP in PBC mode is found, then a SessionOverlap
|
|
|
|
error should be reported to the user.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C2
|
|
|
|
|
2015-02-03 20:38:43 +01:00
|
|
|
|
2014-12-09 16:57:38 +01:00
|
|
|
Client
|
|
|
|
======
|
|
|
|
|
2015-02-25 14:37:58 +01:00
|
|
|
- Implement dbus-based command-line client for iwd using ell supporting at least
|
|
|
|
the following: Scanning, Connect, Disconnect and agent functionality
|
|
|
|
|
|
|
|
Priority: High
|
|
|
|
Complexity: C2
|
2014-12-09 16:57:38 +01:00
|
|
|
|