Commit Graph

421 Commits

Author SHA1 Message Date
Lorenzo Santina
fd84ecda7d treewide: fix shellscript syntax errors/typos
Fix multiple syntax errors in shelscripts (of packages only)
These errors were causing many conditions to not working properly

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[increase PKG_RELEASE, drop command substitution from directip.sh]
Signed-off-by: Mathias Kresin <dev@kresin.em>
2017-09-13 08:07:54 +02:00
Lorenzo Santina
bd24d53ea2 hostapd: fix iapp_interface option
ifname variable were not assigned due to syntax error
causing the hostapd config file to have an empty iapp_interface= option

Signed-off-by: Lorenzo Santina <lorenzo.santina.dev@gmail.com>
2017-09-10 08:30:32 +02:00
John Crispin
d18e0dc7d1 hostapd: add additional ubus notifications
Signed-off-by: John Crispin <john@phrozen.org>
2017-08-22 21:31:39 +02:00
Stijn Tintel
e7373e489d wpa_supplicant: log to syslog instead of stdout
While debugging an issue with a client device, wpa_supplicant did not
seem to log anything at all. Make wpa_supplicant log to syslog instead
of stdout, to make debugging easier and to be consistent with hostapd.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-10 16:35:53 +02:00
Yury Shvedov
37c1513b1f hostapd: configure NAS ID regardless of encryption
RADIUS protocol could be used not only for authentication but for
accounting too. Accounting could be configured for any type of networks.
However there is no way to configure NAS Identifier for non-WPA
networks without this patch.

Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
[cleanup commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-28 02:18:20 +02:00
Yury Shvedov
0e7bbcd43b hostapd: add acct_interval option
Make an ability to configure Accounting-Interim-Interval via UCI

Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
[add hostapd prefix, cleanup commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-28 02:18:20 +02:00
Kevin Darbyshire-Bryant
4ed40be3e3 hostapd: add support for acs_chan_bias option
During auto channel selection we may wish to prefer certain channels
over others.

e.g. we can just squeeze 4 channels into europe so '1:0.8 5:0.8 9:0.8
13:0.8' does that.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-06-24 13:11:19 +02:00
Matthias Schiffer
1a16cb9c67
mac80211, hostapd: always explicitly set beacon interval
One of the latest mac80211 updates added sanity checks, requiring the
beacon intervals of all VIFs of the same radio to match. This often broke
AP+11s setups, as these modes use different default intervals, at least in
some configurations (observed on ath9k).

Instead of relying on driver or hostapd defaults, change the scripts to
always explicitly set the beacon interval, defaulting to 100. This also
applies the beacon interval to 11s interfaces, which had been forgotten
before. VIF-specific beacon_int setting is removed from hostapd.sh.

Fixes FS#619.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-13 17:12:54 +02:00
Matthias Schiffer
5e481881d7
hostapd: remove unused variable declarations in hostapd.sh
None of the variables in this "local" declaration are actually set in
wpa_supplicant_add_network().

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-13 16:27:22 +02:00
Nick Lowe
ed62d91f4b hostapd: add legacy_rates option to disable 802.11b data rates.
Setting legacy_rates to 0 disables 802.11b data rates.
Setting legacy_rates to 1 enables 802.11b data rates. (Default)

The basic_rate option and supported_rates option are filtered based on this.

The rationale for the change, stronger now than in 2014, can be found in:

https://mentor.ieee.org/802.11/dcn/14/11-14-0099-00-000m-renewing-2-4ghz-band.pptx

The balance of equities between compatibility with b clients and the
detriment to the 2.4 GHz ecosystem as a whole strongly favors disabling b
rates by default.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup, defaults change]
2017-05-03 13:58:23 +02:00
Abhilash Tuse
41feba8c4a hostapd: fix reload frequency change patch
When sta is configured, hostapd receives 'stop' and 'update' command from
wpa_supplicant. In the update command, hostapd gets sta parameters with
which it configures ap.

Problem is, with the default wireless configuration:
mode:11g freq:2.4GHz channel:1
If sta is connected to 5GHz network, then ap does not work. Ideally with
340-reload_freq_change.patch hostapd should reload the frequency changes
and start ap in 5GHz, but ap becomes invisible in the network.

This issue can be reproduced with following /etc/config/wireless:
config wifi-device  radio0
        option type     mac80211
        option channel  1
        option hwmode   11g
        option path     'virtual/uccp420/uccwlan'
        option htmode   'none'

config wifi-iface 'ap'
        option device 'radio0'
        option encryption 'none'
        option mode 'ap'
        option network 'ap'
        option ssid 'MyTestNet'
        option encryption none

config wifi-iface 'sta'
       option device radio0
       option network sta
       option mode sta
       option ssid TestNet-5G
       option encryption psk2
       option key 12345

This change updates current_mode structure based on configured hw_mode
received from wpa_supplicant. Also prepare rates table after frequency
selection.

Signed-off-by: Abhilash Tuse <Abhilash.Tuse@imgtec.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup, patch refresh]
2017-05-03 13:58:23 +02:00
Jo-Philipp Wich
aff2d5c856 hostapd: fix feature indication
- Fix eap test to work with standalone hostapd builds
 - Fix 11n test to check the correct define
 - Add 11ac, 11r and 11w tests

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-20 12:06:18 +01:00
Daniel Albers
cb801b052c hostapd: mv netifd.sh hostapd.sh
same name for the file on the host and target

Signed-off-by: Daniel Albers <daniel.albers@public-files.de>
2017-02-15 09:38:57 +01:00
Rafał Miłecki
546b1a4d36 hostapd: enable support for logging wpa_printf messages to syslog
This will allow starting hostapd with the new -s parameter and finally
read all (error) messages from the syslog.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-31 13:55:26 +01:00
Rafał Miłecki
37b489fe04 hostapd: backport support for sending debug messages to the syslog
It wasn't possible to read hostapd wpa_printf messages unless running
hostapd manually. It was because hostapd was printing them using vprintf
and not directly to the syslog.

We were trying to workaround this problem by redirecting STDIN_FILENO
and STDOUT_FILENO but it was working only for the initialization phase.
As soon as hostapd did os_daemonize our solution stopped working.

Please note despite the subject this change doesn't affect debug level
messages only but just everything printed by hostapd with wpa_printf
including MSG_ERROR-s. This makes it even more important as reading
error messages can be quite useful for debugging.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-30 06:52:02 +01:00
Steven Honson
c0ed04ce45 hostapd: default to wps_independent 1
Signed-off-by: Steven Honson <steven@honson.id.au>
2017-01-26 14:41:31 +01:00
Steven Honson
c0345d93a2 hostapd: expose wps_independent and ap_setup_locked as uci options
ap_setup_locked is named wps_ap_setup_locked in uci for consistency with other
wps related uci options.

Signed-off-by: Steven Honson <steven@honson.id.au>
2017-01-26 14:41:31 +01:00
Wilco Baan Hofman
fa0ac030f5 Fix dependency for hostapd
Signed-off-by: Wilco Baan Hofman <wilco@baanhofman.nl>
2017-01-26 11:38:21 +01:00
Jo-Philipp Wich
633c35aaa4 hostapd: fix stray "out of range" shell errors in hostapd.sh
The hostapd_append_wpa_key_mgmt() procedure uses the possibly uninitialized
$ieee80211r and $ieee80211w variables in a numerical comparisation, leading
to stray "netifd: radio0 (0000): sh: out of range" errors in logread when
WPA-PSK security is enabled.

Ensure that those variables are substituted with a default value in order to
avoid emitting this (harmless) shell error.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-23 14:55:46 +01:00
Felix Fietkau
7e8fecb224 hostapd: fix passing jobserver to hostapd/supplicant build processes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-15 14:57:53 +01:00
Felix Fietkau
40e4c342fd hostapd: backport a few upstream fixes
Fixes reassoc issues with WDS mode
Fixes reassoc issues in AP mode
Fixes IBSS reauthentication issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-15 14:53:28 +01:00
Sujith Manoharan
593240075f wpa_supplicant: Fix mesh encryption config
wpa_supplicant allows only SAE as the key management
type for mesh mode. The recent key_mgmt rework unconditionally
added WPA-PSK - this breaks interface bringup and wpa_s
throws this error message:

Line 10: key_mgmt for mesh network should be open or SAE
Line 10: failed to parse network block.
Failed to read or parse configuration '/var/run/wpa_supplicant-wlan0.conf

Fix this by making sure that only SAE is used for mesh.

Signed-off-by: Sujith Manoharan <m.sujith@gmail.com>
2017-01-11 04:01:07 +01:00
Stijn Tintel
388681fe53 hostapd: enable SHA256-based algorithms
Enable support for stronger SHA256-based algorithms in hostapd and
wpa_supplicant when using WPA-EAP or WPA-PSK with 802.11w enabled.

We cannot unconditionally enable it, as it requires hostapd to be
compiled with 802.11w support, which is disabled in the -mini variants.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
2017-01-03 20:53:49 +01:00
Stijn Tintel
30f14f6198 hostapd: add function to handle wpa_key_mgmt
Now that wpa_key_mgmt handling for hostapd and wpa_supplicant are
consistent, we can move parts of it to a dedicated function.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
2017-01-03 20:53:48 +01:00
Stijn Tintel
bdcffb9bb6 wpa_supplicant: rework wpa_key_mgmt handling
Rework wpa_key_mgmt handling for wpa_supplicant to be consistent with
how it is done for hostapd.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
2017-01-03 20:53:48 +01:00
Felix Fietkau
c7c1cf5618 treewide: clean up and unify PKG_VERSION for git based downloads
Also use default defintions for PKG_SOURCE_SUBDIR, PKG_SOURCE

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-22 16:42:21 +01:00
Koen Vandeputte
05abcf518d hostapd: update to version 2016-12-19
Update to latest upstream HEAD:

- Refreshed all
- Fixes 2 regressions:
--> PeerKey: Fix STK 4-way handshake regression
--> PeerKey: Fix EAPOL-Key processing

Compile tested Full & Mini configs
Run-tested Mini config

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2016-12-20 21:35:56 +01:00
Alexis Green
77ece30eb9 hostapd: Add ability to specify that that wireless driver supports 802.11ac
Signed-off-by: Alexis Green <agreen@cococorp.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [make more generic]
2016-12-20 16:24:22 +01:00
Koen Vandeputte
f628d0e0e9 hostapd: update to version 2016-12-15
Update to latest upstream HEAD:

- Refreshed all
- Delete patches and parts which made it upstream

Compile tested Full & Mini configs
Run-tested Mini config

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [another update, remove broken patch]
2016-12-20 16:24:21 +01:00
Yousong Zhou
cf62a17710 hostapd: remove never-used Package/<name>/Description
The build system only accepts Package/<name>/description and since the
typoed version virtually has the same content as the TITLE field, remove
them altogether

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2016-12-20 09:35:35 +01:00
Felix Fietkau
720b99215d treewide: clean up download hashes
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-16 22:39:22 +01:00
Matthias Schiffer
c18bf14dab
hostapd: fix PKG_CONFIG_DEPENDS for CONFIG_WPA_SUPPLICANT_*
These symbols don't affect wpa-supplicant only, but also wpad.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-11-16 20:59:17 +01:00
Alexis Green
12f0d5402c hostapd: properly package wpa-supplicant-mesh
Ensure that selecting the wpa-supplicant-mesh package actually packages the
wpa_supplicant binary with SAE support and add missing dependency on OpenSSL.

Signed-off-by: Alexis Green <alexis@cessp.it>
[Jo-Philipp Wich: slightly reword commit message for clarity]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-10-31 13:46:01 +01:00
Petr Konecny
6797a10fa1 hostapd support for VLANs through a file in addition to Radius.
Signed-off-by: Petr Konecny <pekon@google.com>
2016-10-31 13:24:58 +01:00
Alexandru Ardelean
58cf9a2476 network/services/hostapd: move whole files outside of patches and drop Build/Prepare rule in favor of default one
This more of a demo for the previous commit that comes with
this one, where I added support for copying source from 'src' to
the build dir(s).

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2016-10-15 11:36:51 +02:00
Daniel Engberg
9edfe7dd13 source: Switch to xz for packages and tools where possible
* Change git packages to xz
* Update mirror checksums in packages where they are used
* Change a few source tarballs to xz if available upstream
* Remove unused lines in packages we're touching, requested by jow- and blogic
* We're relying more on xz-utils so add official mirror as primary source, master site as secondary.
* Add SHA256 checksums to multiple git tarball packages

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-10-06 12:16:56 +02:00
Felix Fietkau
73c87a3cad hostapd: make -mesh and -p2p variants depend on the cfg80211 symbol
Avoids build failures when the nl80211 driver is disabled

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-10-05 23:02:13 +02:00
Rafał Miłecki
e70e3c544a hostapd: fix regression breaking brcmfmac
The latest update of hostapd broke brcmfmac due to upstream regression.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-09-13 12:06:42 +02:00
Felix Fietkau
859d940c79 hostapd: update to version 2016-09-05
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-08 15:28:38 +02:00
Johannes Römer
e8cb7d30e9 hostapd: fix typo and indentation in ap_sta_support.patch
Signed-off-by: Johannes Römer <jroemer@posteo.net>
2016-09-05 18:03:24 +02:00
Ash Benz
798cd261ab hostapd: use printf to improve portability.
Signed-off-by: Ash Benz <ash.benz@bk.ru>
2016-08-23 12:15:41 +02:00
Petko Bordjukov
dff6df9625 hostapd: Allow RADIUS accounting without 802.1x
RADIUS accounting can be used even when RADIUS authentication is not
used. Move the accounting configuration outside of the EAP-exclusive
sections.

Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
2016-08-11 10:45:33 +02:00
Felix Fietkau
51e70267bd hostapd: remove unused hostapd-common-old package
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-05 11:02:57 +02:00
Felix Fietkau
9201e88f51 kernel: remove hostap driver
It has been marked as broken for well over a month now and nobody has
complained.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-31 12:25:24 +02:00
Felix Fietkau
da328f2865 hostapd: backport mesh/ibss HT20/HT40 related fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-27 17:22:39 +02:00
Felix Fietkau
ca6375ac51 hostapd: fix an error on parsing radius_das_client
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-21 16:58:50 +02:00
Felix Fietkau
75329fc161 hostapd: fix VLAN support in full wpad builds
Suppress -DCONFIG_NO_VLAN if CONFIG_IBSS_RSN is enabled

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-18 13:37:10 +02:00
Felix Fietkau
ad430c1080 hostapd: add a WDS AP fix for reconnecting clients
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-06 10:12:37 +02:00
Hauke Mehrtens
3f38356893 packages: prefer http over git for git protocol
In company networks everything except the http and https protocol is
often causes problems, because the network administrators try to block
everything else. To make it easier to use LEDE in company networks use
the https/http protocol for git access when possible.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-06-22 19:32:06 +02:00
Felix Fietkau
4e0a533f60 hostapd: fix breakage with non-nl80211 drivers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 19:28:55 +02:00
Jo-Philipp Wich
e2a9c638e7 hostapd: fix compilation error in wext backend
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-15 19:10:32 +02:00
Felix Fietkau
ef74d5cbf8 hostapd: implement fallback for incomplete survey data
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 17:31:48 +02:00
Felix Fietkau
13b44abcff hostapd: update to version 2016-06-15
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 17:11:43 +02:00
Michal Hrusecky
b67af71181 hostapd: Update to version 2016-05-05
Fixes CVE-2016-4476 and few possible memory leaks.

Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
2016-06-15 17:11:18 +02:00
Felix Fietkau
7eeb254cc4 treewide: replace nbd@openwrt.org with nbd@nbd.name
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-07 08:58:42 +02:00
John Crispin
fa69553900 branding: add LEDE branding
Signed-off-by: John Crispin <blogic@openwrt.org>
2016-03-24 22:40:13 +01:00
Hauke Mehrtens
3830200d6a hostapd.sh: Add support for "anonymous_identity" config field
The wpa_supplicant supports an "anonymous_identity" field, which some
EAP networks require.  From the documentation:

anonymous_identity: Anonymous identity string for EAP (to be used as the
    unencrypted identity with EAP types that support different tunnelled
    identity, e.g., EAP-TTLS).

This change modifies the hostapd.sh script to propagate this field
from the UCI config to the wpa_supplicant.conf file.

Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Reviewed-by: Manuel Munz <freifunk@somakoma.de>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49181
2016-04-17 12:50:55 +00:00
Felix Fietkau
eb47ddd557 hostapd: remove useless TLS provider selection override for wpad-mesh/wpa_supplicant-mesh
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48537
2016-01-28 22:42:14 +00:00
Felix Fietkau
18b2f2d694 hostapd: fix mesh interface bridge handling
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48529
2016-01-28 17:20:10 +00:00
Felix Fietkau
b4ef1fca48 hostapd: fix wpad-mesh and wpa-supplicant-mesh configuration issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48528
2016-01-28 17:19:48 +00:00
Felix Fietkau
924407b253 hostapd: update to version 2016-01-15
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48527
2016-01-28 17:19:13 +00:00
Felix Fietkau
faad8b68a4 wpa_supplicant: add support for EAP-TLS phase2
Introduce config options client_cert2, priv_key2 and priv_key2_pwd
used for EAP-TLS phase2 authentication in WPA-EAP client mode.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 48345
2016-01-19 10:06:29 +00:00
Felix Fietkau
3b15eb0ade hostap/wpa_supplicant: enable EAP-FAST in -full builds
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 48344
2016-01-19 10:06:23 +00:00
Felix Fietkau
e4cf25cfab wpa_supplicant: improve generating phase2 config line for WPA-EAP
WPA-EAP supports several phase2 (=inner) authentication methods when
using EAP-TTLS, EAP-PEAP or EAP-FAST (the latter is added as a first
step towards the UCI model supporting EAP-FAST by this commit)
The value of the auth config variable was previously expected to be
directly parseable as the content of the 'phase2' option of
wpa_supplicant.
This exposed wpa_supplicant's internals, leaving it to view-level to
set the value properly. Unfortunately, this is currently not the case,
as LuCI currently allows values like 'PAP', 'CHAP', 'MSCHAPV2'.
Users thus probably diverged and set auth to values like
'auth=MSCHAPV2' as a work-around.
This behaviour isn't explicitely documented anywhere and is not quite
intuitive...

The phase2-string is now generated according to $eap_type and $auth,
following the scheme also found in hostap's test-cases:
http://w1.fi/cgit/hostap/tree/tests/hwsim/test_ap_eap.py
The old behaviour is also still supported for the sake of not breaking
existing, working configurations.

Examples:
  eap_type   auth
  'ttls'     'EAP-MSCHAPV2'     -> phase2="autheap=MSCHAPV2"
  'ttls'     'MSCHAPV2'         -> phase2="auth=MSCHAPV2"
  'peap'     'EAP-GTC'          -> phase2="auth=GTC"

Deprecated syntax supported for compatibility:
  'ttls'     'autheap=MSCHAPV2' -> phase2="autheap=MSCHAPV2"

I will suggest a patch to LuCI adding EAP-MSCHAPV2, EAP-GTC, ... to
the list of Authentication methods available.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 48309
2016-01-18 11:40:44 +00:00
Rafał Miłecki
2611a5538e hostapd: fix disassociation with FullMAC drivers and multi-BSS
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 48202
2016-01-11 18:51:47 +00:00
Felix Fietkau
6c40914c0c hostapd: fix post v2.4 security issues
- WPS: Fix HTTP chunked transfer encoding parser (CVE-2015-4141)
- EAP-pwd peer: Fix payload length validation for Commit and Confirm
  (CVE-2015-4143)
- EAP-pwd server: Fix payload length validation for Commit and Confirm
  (CVE-2015-4143)
- EAP-pwd peer: Fix Total-Length parsing for fragment reassembly
  (CVE-2015-4144, CVE-2015-4145)
- EAP-pwd server: Fix Total-Length parsing for fragment reassembly
  (CVE-2015-4144, CVE-2015-4145)
- EAP-pwd peer: Fix asymmetric fragmentation behavior (CVE-2015-4146)
- NFC: Fix payload length validation in NDEF record parser (CVE-2015-8041)
- WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use
  (CVE-2015-5310)
- EAP-pwd peer: Fix last fragment length validation (CVE-2015-5315)
- EAP-pwd server: Fix last fragment length validation (CVE-2015-5314)
- EAP-pwd peer: Fix error path for unexpected Confirm message (CVE-2015-5316)

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>

SVN-Revision: 48185
2016-01-10 17:03:37 +00:00
Felix Fietkau
74c36b9d20 wpa_supplicant: set regulatory domain the same way as hostapd
In sta-only configuration, wpa_supplicant needs correct regulatory
domain because otherwise it may skip channel of its AP during scan.

Another alternative is to fix "iw reg set" in mac80211 netifd script.
Currently it fails if some phy has private regulatory domain which
matches configured one.

Signed-off-by: Dmitry Ivanov <dima@ubnt.com>

SVN-Revision: 48099
2016-01-03 20:56:57 +00:00
John Crispin
3afe39af72 wpa-supplicant: Get 802.11s ssid information from option mesh_id
The scripts for authsae and iw use the option mesh_id to get set the
"meshid" during a mesh join. But the script for wpad-mesh ignores the
option mesh_id and instead uses the option ssid. Unify the mesh
configuration and let the wpa_supplicant script also use the mesh_id from
the configuration.

Signed-off-by: Sven Eckelmann <sven@open-mesh.com>

SVN-Revision: 47615
2015-11-24 18:28:44 +00:00
Felix Fietkau
047f9ef8eb hostapd: Use network_get_device instead of uci_get_state
This fixes the IAPP functionality.

Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>

SVN-Revision: 47455
2015-11-11 08:34:59 +00:00
Felix Fietkau
460640b6d7 hostapd: add default value to eapol_version (#20641)
r46861 introduced a new option eapol_version to hostapd, but did not
provide a default value. When the option value is evaluated,
the non-existing value causes errors to the systen log:
"netifd: radio0: sh: out of range"

Add a no-op default value 0 for eapol_version. Only values 1 or 2 are
actually passed on, so 0 will not change the default action in hostapd.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

SVN-Revision: 47361
2015-11-02 18:12:54 +00:00
Felix Fietkau
8aa110f7a2 hostapd: wait longer for inactive client probe (empty data frame)
One second is not enough for some devices to ackowledge null data frame
which is sent at the end of ap_max_inactivity interval. In particular,
this causes severe Wi-Fi instability with Apple iPhone which may take
up to 3 seconds to respond.

Signed-off-by: Dmitry Ivanov <dima@ubnt.com>

SVN-Revision: 47149
2015-10-06 12:33:10 +00:00
Rafał Miłecki
b6320a63a2 hostapd: check for banned client on association event
When using FullMAC drivers (e.g. brcmfmac) we don't get mgmt frames so
check for banned client in probe request handler won't ever be used.
Since cfg80211 provides us info about STA associating let's put a check
there.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 47064
2015-09-28 09:09:00 +00:00
Felix Fietkau
42a3d7811f mac80211/hostapd: rework 802.11w driver support selection, do not hardcode drivers in hostapd makefile
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46903
2015-09-14 06:51:10 +00:00
Felix Fietkau
9abc02479e hostapd: Add eapol_version config option
Add eapol_version to the openwrt wireless config ssid section.
Only eapol_version=1 and 2 will get passed to hostapd, the default
in hostapd is 2.

This is only useful for really old client devices that don't
accept eapol_version=2.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 46861
2015-09-11 16:33:54 +00:00
Felix Fietkau
3adce75a67 hostapd: work around unconditional libopenssl build dependency
As the OpenWrt build system only resolves build dependencies per directory,
all hostapd variants were causing libopenssl to be downloaded and built,
not only wpad-mesh. Fix this by applying the same workaround as in
ustream-ssl.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>

SVN-Revision: 46851
2015-09-11 16:31:18 +00:00
Felix Fietkau
5da52afa79 hostapd: properly enable 802.11w support
Add CONFIG_IEEE80211W variable to DRIVER_MAKEOPTS so that 802.11w
support is properly compiled in full variant.

This fixes #20179

Signed-off-by: Janusz Dziemidowicz <rraptorr@nails.eu.org>

SVN-Revision: 46737
2015-08-27 12:43:22 +00:00
John Crispin
e5488123e6 hostapd: Add vlan_file option to netifd.sh
Other VLAN related options are already being processed in netifd.sh
but the vlan_file option is missing. This option allows the mapping
of vlan IDs to network interfaces and will be used in dynamic VLAN
feature for binding stations to interfaces based on VLAN
assignments. The change is done similarly to the wpa_psk_file
option.

Signed-off-by: Gong Cheng <chengg11@yahoo.com>

SVN-Revision: 46652
2015-08-17 06:17:13 +00:00
John Crispin
e7b34b2b0d buttons: make all button handler scripts return 0
this is required by the new button timeout feature

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 46471
2015-07-24 09:11:35 +00:00
Felix Fietkau
e23c3bb339 wpa-supplicant: add 802.11r client support
Add 802.11r client support to wpa_supplicant. It's only enabled in
wpa_supplicant-full. hostapd gained 802.11r support in commit r45051.

Tested on a TP-Link TL-WR710N sta psk client with two 802.11r enabled
openwrt accesspoints (TP-Link TL-WDR3600).

Signed-off-by: Stefan Hellermann <stefan@the2masters.de>

SVN-Revision: 46377
2015-07-15 08:16:22 +00:00
Felix Fietkau
ecaacad14d hostapd: move ht_coex variable to mac80211.sh, guarded by 802.11n support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45917
2015-06-06 23:09:43 +00:00
Felix Fietkau
91467cec6f hostapd: add a new option to control HT coexistance separate from noscan
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45873
2015-06-02 08:39:19 +00:00
Felix Fietkau
06556a8e6b hostapd: fix remote denial of service vulnerability in WMM action frame parsing
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45619
2015-05-06 09:45:39 +00:00
Felix Fietkau
a503023ec2 hostapd: enable 802.11w only for the full variants
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45616
2015-05-06 00:59:36 +00:00
Felix Fietkau
eba659cbba hostapd: backport fix for CVE-2015-1863, refresh patches
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45567
2015-04-23 08:01:51 +00:00
Nicolas Thill
05d28c47e8 hostapd: mark wpa-supplicant & wpad-mesh as broken on uml
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 45561
2015-04-22 15:36:00 +00:00
Felix Fietkau
ce0eddc2fb hostapd/netifd: encrypted mesh with wpa_supplicant
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 45519
2015-04-20 15:00:07 +00:00
John Crispin
125b2ced63 hostapd: Fix wps button hotplug script to handle multiple radios
Hostapd's control file location was changed in 2013, and that has apparently
broken the wps button hotplug script in cases where there are multiple radios
and wps is possibly configured also for the second radio. The current wps
button hotplug script always handles only the first radio.

https://dev.openwrt.org/browser/trunk/package/network/services/hostapd/files/wps-hotplug.sh

The reason is that the button hotplug script seeks directories like
/var/run/hostapd*, as the hostapd-phy0.conf files were earlier in
per-interface subdirectories.

Currently the *.conf files are directly in /var/run and the control sockets
are in /var/run/hostapd, but there is no subdirectory for each radio.

root@OpenWrt:/# ls /var/run/hostapd*
/var/run/hostapd-phy0.conf  /var/run/hostapd-phy1.conf

/var/run/hostapd:
wlan0  wlan1

The hotplug script was attempted to be fixed after the hostapd change by
r38986 in Dec2013, but that change only unbroke the script for the first
radio, but left it broken for multiple radios.
https://dev.openwrt.org/changeset/38986/

The script fails to find subdirectories with [ -d "$dir" ], and passes just
the only found directory /var/run/hostapd, leading into activating only the
first radio, as hostapd_cli defaults to first socket found inthe passed
directory:
root@OpenWrt:/# hostapd_cli -?
...
usage: hostapd_cli [-p<path>] [-i<ifname>] [-hvB] [-a<path>] \
                    [-G<ping interval>] [command..]
...
    -p<path>     path to find control sockets (default: /var/run/hostapd)
...
    -i<ifname>   Interface to listen on (default: first interface found in the
                 socket path)

Below is a run with the default script and with my proposed solution.

Default script (with logging added):
==================================
root@OpenWrt:/# cat /etc/rc.button/wps
#!/bin/sh

if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
         for dir in /var/run/hostapd*; do
                 [ -d "$dir" ] || continue
                 logger "WPS activated for: $dir"
                 hostapd_cli -p "$dir" wps_pbc
         done
fi

 >>>> WPS BUTTON PRESSED <<<<<

root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan0 wps_get_status
PBC Status: Active
Last WPS result: None
root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan1 wps_get_status
PBC Status: Timed-out
Last WPS result: None
root@OpenWrt:/# logread | grep WPS
Tue Apr 14 18:38:50 2015 user.notice root: WPS activated for: /var/run/hostapd

wlan0 got WPS activated, while wlan1 remained inactive.

I have modified the script to search for sockets instead of directories and
to use the "-i" option with hostapd_cli, and now the script properly
activates wps for both radios. As "-i" needs the interface name instead of
the full path, the script first changes dir to /var/run/hostapd to get simply
the interface names.

Modified script (with logging):
===============================
root@OpenWrt:/# cat /etc/rc.button/wps
#!/bin/sh

if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
         cd /var/run/hostapd
         for dir in *; do
                 [ -S "$socket" ] || continue
                 logger "WPS activated for: $socket"
                 hostapd_cli -i "$socket" wps_pbc
         done
fi

 >>>> WPS BUTTON PRESSED <<<<<

root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan0 wps_get_status
PBC Status: Active
Last WPS result: None
root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan1 wps_get_status
PBC Status: Active
Last WPS result: None
root@OpenWrt:/# logread | grep WPS
Tue Apr 14 18:53:06 2015 user.notice root: WPS activated for: wlan0
Tue Apr 14 18:53:06 2015 user.notice root: WPS activated for: wlan1

Both radios got their WPS activated properly.

I am not sure if my solution is optimal, but it seems to work. WPS button is
maybe not that often used functionality, but it might be fixed in any case.
Routers with multiple radios are common now, so the bug is maybe more
prominent than earlier.

The modified script has been in a slightly different format in my community
build since r42420 in September 2014.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

SVN-Revision: 45492
2015-04-18 10:19:37 +00:00
Felix Fietkau
e8a45bfc15 netifd: fix ieee80211r 'sh: bad number' in mac80211 setup (bug #19345)
Two errors "netifd: radio0: sh: bad number" have recently surfaced in system
log in trunk when wifi interfaces come up. I tracked the errors to checking
numerical values of some config options without ensuring that the option has
any value.

The errors I see have apparently been introduced by r45051 (ieee80211r in
hostapd) and r45326 (start_disabled in mac80211). My patches fix two
instances of "bad number", but there may be a third one, as the original
report in bug 19345 pre-dates r45326 and already has two "bad number" errors
for radio0.

https://dev.openwrt.org/ticket/19345

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

SVN-Revision: 45380
2015-04-11 10:52:01 +00:00
John Crispin
2b95d21fdb hostapd: remove unused asprintf parameter
r45270 removed ieee80211n=%d from the format string but didn't remove
the parameter itself. Though this probably doesn't cause any harm, it's
quite confusing and unneeded.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 45351
2015-04-10 08:31:26 +00:00
John Crispin
ff211def3e hostapd: add update_beacon to ubus binding
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45325
2015-04-09 10:31:45 +00:00
Felix Fietkau
fe8d9f59da hostapd: when running AP+STA, preserve the AP 802.11n-enabled setting
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45270
2015-04-04 17:51:46 +00:00
Felix Fietkau
89abb27f2c hostapd: fix compile errors with nl80211 disabled (#19325)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45063
2015-03-27 14:55:01 +00:00
Felix Fietkau
44218424f1 hostapd: fix a compiler warning in ap+station patch
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45062
2015-03-27 14:54:53 +00:00
Felix Fietkau
8905eb39b6 hostapd: disable the bridge packet receive workaround, it is unnecessary on openwrt and could potentially harm performance
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45060
2015-03-27 14:54:41 +00:00
Felix Fietkau
23b4bf6507 hostapd: add 802.11r support
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 45051
2015-03-26 23:34:33 +00:00
Felix Fietkau
07b17c6b25 hostapd: allow multiple key management algorithms
To enable 802.11r, wpa_key_mgmt should contain FT-EAP or FT-PSK. Allow
multiple key management algorithms to make this possible.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 45050
2015-03-26 23:34:24 +00:00
Felix Fietkau
4482d10a04 hostapd: append nasid to config for all WPA types
The 802.11r implementation in hostapd uses nas_identifier as PMK-R0 Key
Holder identifier. As 802.11r can also be used with WPA Personal, nasid
should be appended to the hostapd config for all WPA types.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 45049
2015-03-26 23:34:10 +00:00
Felix Fietkau
eedf17dc9e hostapd: add dependency to hostapd-common
'hostapd-common' is needed by all of the variants for wifi to function
correctly (a number of the target profiles simply select 'wpad-mini').

Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>

SVN-Revision: 45048
2015-03-26 23:34:01 +00:00
Felix Fietkau
cec80c7267 hostapd: package wpad-mesh and wpa_supplicant-mesh variants
These new variants include support for mesh mode and SAE crypto.
They always depend on openssl as EC operations are not provided by
the internal crypto implementation.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 45047
2015-03-26 23:33:56 +00:00
Felix Fietkau
184bac2707 hostapd: add switch_chan and set_vendor_elements ubus methods
Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45046
2015-03-26 23:33:52 +00:00
Felix Fietkau
9c7784e5f3 hostapd: update hostapd to 2015-03-25
madwifi was dropped upstream, can't find it anywhere in OpenWrt
either, thus finally burrying madwifi.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45045
2015-03-26 23:33:47 +00:00
Felix Fietkau
5d9eeab64a build: remove obsolete references to cris and avr32
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44965
2015-03-24 10:07:40 +00:00
Nicolas Thill
4b382a440b packages: some (e)glibc fixes after r44701
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 44842
2015-03-16 12:25:06 +00:00
John Crispin
ef87acc6a5 hostapd: fix c&p typo
https://dev.openwrt.org/ticket/19010

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 44484
2015-02-17 15:59:28 +00:00
John Crispin
8f3e9c91a8 hostapd: backport BSSID black/whitelists
This change adds the configuration options "bssid_whitelist" and
"bssid_blacklist" used to limit the AP selection of a network to a
specified (finite) set or discard certain APs.

This can be useful for environments where multiple networks operate
using the same SSID and roaming between those is not desired. It is also
useful to ignore a faulty or otherwise unwanted AP.

In many applications it is useful not just to enumerate a group of well
known access points, but to use a address/mask notation to match an
entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00).

This is especially useful if an OpenWrt device with two radios is used to
retransmit the same network (one in AP mode for other clients, one as STA for
the uplink); the following configuration prevents the device from associating
with itself, given that the own AP to be avoided is using the bssid
'C0:FF:EE:D0:0D:42':

config wifi-iface
	option device 'radio2'
	option network 'uplink'
	option mode 'sta'
	option ssid 'MyNetwork'
	option encryption 'none'
	list bssid_blacklist 'C0:FF:EE:D0:0D:42/00:FF:FF:FF:FF:FF'

This change consists of the following cherry-picked upstream commits:

b3d6a0a8259002448a29f14855d58fe0a624ab76
b83e455451a875ba233b3b8ac29aff8b62f064f2
79cd993a623e101952b81fa6a29c674cd858504f
(squashed to implement bssid_{white,black}lists)

0047306bc9ab7d46e8cc22ff9a3e876c47626473
(Add os_snprintf_error() helper)

Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>

SVN-Revision: 44438
2015-02-13 10:53:54 +00:00
Felix Fietkau
768d09be87 mac80211/hostapd: fix HT mode setup for RSN ad-hoc networks
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44100
2015-01-24 19:27:22 +00:00
John Crispin
491f3fc048 Support for building an hardened OpenWRT
Introduce configuration options to build an "hardened" OpenWRT.

Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.

uClibc makefile now automatically detects if SSP support is necessary.

hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.

Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.

Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.

Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>

SVN-Revision: 44005
2015-01-17 14:31:30 +00:00
Rafał Miłecki
adaac86c7f hostapd: backport patch fixing handling new stations
This patch fixes adding new stations for some specific drivers when
using more than 1 BSS.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 43951
2015-01-12 22:10:00 +00:00
Felix Fietkau
4ea1edf840 hostapd: Add uapsd option to netifd.sh
The uapsd option sets the uapsd_advertisement_enabled flag in hostapd.

The check for phy support is already implemented here in hostapd since 2011:
http://w1.fi/cgit/hostap/commit/?id=70619a5d8a3d32faa43d66bcb1b670cacf0c243e

So this can be safely set to 1 as default.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>

SVN-Revision: 43846
2015-01-05 13:03:12 +00:00
Felix Fietkau
b2de18bea4 hostapd: add support for configuring supported rates
patch by Wilco Baan Hofman from #18627

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43782
2014-12-27 12:59:47 +00:00
John Crispin
d40842d180 hostapd: improve 802.1x dynamic vlan support with bridge names
In r41872 and r42787 Dynamic VLAN support was reintroduced, but the vlan_bridge
parameter is not read while setting up the config, so the default is used which
is undesirable for some uses.

Signed-off-by: Ben Franske <ben.mm@franske.com>

SVN-Revision: 43473
2014-12-01 16:15:20 +00:00
Felix Fietkau
ed5ed9cf6f hostapd: fix build error on some variants with CONFIG_WPA_RFKILL_SUPPORT=y (#17765)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43345
2014-11-23 14:16:47 +00:00
Felix Fietkau
6c1c3cac55 hostapd: switch dependency from mac80211 to cfg80211
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 43339
2014-11-21 20:38:14 +00:00
Nicolas Thill
f4417f7ad8 package/*: replace occurences of 'ln -sf' to '$(LN)'
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 43205
2014-11-06 19:35:34 +00:00
John Crispin
74a3a77bcd license info - revert r43155
turns out that r43155 adds duplicate info.

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43167
2014-11-03 09:56:44 +00:00
John Crispin
c10d97484a Add more license tags with SPDX identifiers
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.

I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.

However, I can not garantee that I always picked the correct information
and/or did not miss license information.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 43155
2014-11-03 08:01:08 +00:00
Steven Barth
bec9d38fa4 Add a few SPDX tags
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43151
2014-11-02 12:20:54 +00:00
Felix Fietkau
3c9fcd2526 hostapd: update to 2014-10-25
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43059
2014-10-25 16:48:45 +00:00
John Crispin
d5b734e145 hostapd: Add wpa_psk_file option to netifd.sh
The wpa_psk_file option offers the possibility to use a different WPA-PSK key for each client. The directive points to a file with the following syntax:

mac_address wpa_passphrase_or_hex_key

Example:

00:11:22:33:44:55 passphrase_for_client_1
00:11:22:33:44:67 passphrase_for_client_2
00:11:22:33:44:89 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef

So it is possible to specify both ASCII passphrases and raw 64-chars hex keys.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>

SVN-Revision: 43001
2014-10-20 11:19:21 +00:00
Steven Barth
99984eaeb3 hostapd: CVE-2014-3686 fixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42942
2014-10-17 06:15:35 +00:00
John Crispin
20940138ac scripts: fix wrong usage of '==' operator
[base-files] shell-scripting: fix wrong usage of '==' operator

normally the '==' is used for invoking a regex parser and is a bashism.
all of the fixes just want to compare a string. the used busybox-ash
will silently "ignore" this mistake, but make it portable/clean at least.

this patch does not change the behavior/logic of the scripts.

Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>

SVN-Revision: 42911
2014-10-14 12:21:11 +00:00
John Crispin
70d56d749b hostapd: read missing parameter for dynamic VLANs
In r41872 Dynamic VLAN support was reintroduced, but the vlan_naming
parameter is not read while setting up the config, so it always
defaults to 1.

Signed-off-by: Reiner Herrmann <reiner@reiner-h.de>

SVN-Revision: 42787
2014-10-06 04:52:21 +00:00
Felix Fietkau
bf0305725a hostapd: add conflicts with wpad(-mini) to hostapd and wpa_supplicant
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42772
2014-10-05 16:41:50 +00:00
Felix Fietkau
281f40cef2 hostapd: allow using iapp for any encryption type (fixes #18022)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42764
2014-10-05 10:55:55 +00:00
Felix Fietkau
cd80931e03 hostapd: merge an upstream patch for pmksa cache
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42762
2014-10-05 10:26:26 +00:00
John Crispin
ed2fff7452 hostapd: do not remove foreign wpa_supplicant sockets
https://dev.openwrt.org/ticket/17886

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42586
2014-09-17 07:41:31 +00:00
Felix Fietkau
7ff276afd3 hostapd: remove bogus default setting for wps_pin (#17873)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42553
2014-09-15 16:09:23 +00:00
Felix Fietkau
96b74d4eef hostapd: add ubus bindings for wps
With this patch WPS discovery can be started or canceled over ubus if
WPS is enabled in wireless configuration. This is equivalent of
'hostapd_cli wps_pbc' and 'hostapd_cli wps_cancel' commands.

Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>

SVN-Revision: 42459
2014-09-10 13:01:53 +00:00
Luka Perkov
bc69ee8eab hostapd: fix some whitespaces
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 42111
2014-08-11 08:44:48 +00:00
Felix Fietkau
44cb68c038 hostapd: revert bogus version that was added in r41872
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41960
2014-08-03 10:53:40 +00:00
Jo-Philipp Wich
b6153f92ad hostapd: Reintroduce Full Dynamic VLAN support
This patch brings full dynamic vlan support to netifd that existed in hostapd.sh in Attitude Adjustment.

Signed-off-by: Joseph CG Walker <Joe@ChubbyPenguin.net>
[jow@openwrt.org: changed commit message, rebased on top of current hostapd.sh]
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 41872
2014-07-29 09:48:02 +00:00
Felix Fietkau
c6d1992701 hostapd: add more missing ifdefs
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41863
2014-07-28 22:52:39 +00:00
Felix Fietkau
fd619513d1 hostapd: add missing ifdef
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41855
2014-07-28 10:36:51 +00:00
Felix Fietkau
eaa3c4a11d hostapd: prevent spurious 20/40 mhz channel bandwidth switches if noscan is enabled
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41828
2014-07-25 14:29:58 +00:00
Felix Fietkau
b24e77714e hostapd: add a require_mode option in wifi-device sections to select the minimum hardware mode that the AP requires from clients
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41665
2014-07-15 10:30:08 +00:00
Felix Fietkau
53fa9374c2 hostapd: fix wpad-mini compile error (#16700)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41023
2014-06-05 21:14:02 +00:00
Felix Fietkau
5758b210e3 hostapd: update to 2014-06-03
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41022
2014-06-05 15:58:01 +00:00
Felix Fietkau
a073d13baa wpa_supplicant: fix locking hostapd to 20MHz (#12720)
Fixed wpa_supplicant when the radio is in 40MHz mode so that it no
longer restarts hostapd with the second channel disabled.

Signed-off-by: Lance Chaney <furryfur1@gmail.com>

SVN-Revision: 41019
2014-06-05 14:55:10 +00:00
Felix Fietkau
c20bb27aad hostapd: move reading of rsn_preauth out of auth_type=eap context
rsn_preauth is used outside of "case $auth_type", so if it is set
for an EAP-enabled SSID, it would also be set for the following
non-EAP-enabled SSIDs, because it would not be read again.

Signed-off-by: Reiner Herrmann <reiner@reiner-h.de>

SVN-Revision: 41012
2014-06-05 11:55:36 +00:00
Felix Fietkau
b8d190da1f hostapd: replace undefined $bridge with $network_bridge
Signed-off-by: Reiner Herrmann <reiner@reiner-h.de>

SVN-Revision: 41002
2014-06-04 11:51:59 +00:00
John Crispin
3bc4516ebb hostapd: Add optional support for hostapd own_ip_addr in wireless config
`own_ip_addr` is used by hostapd as NAS-IP-Address.
This is used to identify the AP that is requesting the authentication of the
user and could be used to define which AP's can authenticate users.
Some vendors implement only NAS-Identifier or NAS-IP-Address and not both.
This patch adds ownip as an optional parameter in /etc/config/wireless.

Signed-off-by: Thomas Wouters <thomaswouters@gmail.com>

SVN-Revision: 40934
2014-06-02 12:44:40 +00:00
Felix Fietkau
239b3c09c9 hostapd: add a package for eapol_test
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40782
2014-05-19 21:58:48 +00:00
Felix Fietkau
26044703a4 hostapd: add an option for 802.11h (enabled by default)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40690
2014-05-03 21:14:48 +00:00
Felix Fietkau
e795250a1e hostapd: fix eglibc 2.15 support
This patch fixes compilation failure for hostapd when using eglibc 2.15.

Signed-off-by: Zachery Stoddard <zacherystoddard@gmail.com>

SVN-Revision: 40575
2014-04-27 18:30:50 +00:00
Felix Fietkau
8a831de514 hostapd: update to version 2014-04-24, fixes some dfs related issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40571
2014-04-26 19:48:06 +00:00
John Crispin
3bc77db5f5 802.11s: fix authsae support in netifd
This patch implements support for 802.11s protected mesh wireless networks (using authsae) in the netifd framework.

Until meshd-nl80211 implements a proper -P option for the PID file, this uses shell backgrounding in order to be able to get the PID for the process.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>

SVN-Revision: 40497
2014-04-12 21:22:17 +00:00
Felix Fietkau
0d7e8ba3a9 hostapd: fix "bad number" error due to missing wps_pbc_in_m1 option (since r39995)
r39995 introduced a new parameter wps_pbc_in_m1 to wifi wps config, but
apparently did not provide a default value 0.

When that option's non-existing value is later evaluated in
/lib/netifd/hostapd.sh, it causes the "bad number" error to be logged in
syslog if user has not set the wps_pbc_in_m1 option. The error materialises
only if user has enabled wps.
    Sat Apr 12 13:25:01 2014 daemon.notice netifd: radio1 (1254): sh: bad number
    Sat Apr 12 13:25:01 2014 daemon.notice netifd: radio0 (1253): sh: bad number

Discussion in bug 15508: https://dev.openwrt.org/ticket/15508#comment:3

Error is caused by line 282:
https://dev.openwrt.org/browser/trunk/package/network/services/hostapd/files/netifd.sh#L282

My patch sets the parameter's default value to 0, which does nothing. The
default might also be set a bit later in the function, but this felt like the
most clear place to do that.

Signed-off-by hnyman <hannu.nyman@iki.fi>

SVN-Revision: 40469
2014-04-12 14:28:34 +00:00
Felix Fietkau
8994b4b191 hostapd: update to version 2014-04-04
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40394
2014-04-06 12:13:55 +00:00
Felix Fietkau
c53c7a0fe0 hostapd: add pbc_in_m1 option
Option pbc_in_m1 is being used as a WPS capability discovery
workaround for PBC with Windows 7.
Add possibility to enable this workaround from UCI.

To enable it, turn on wps and set wps_pbc_in_m1 parameter to 1.

Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>

SVN-Revision: 39995
2014-03-21 15:55:03 +00:00
Felix Fietkau
a9d4cd35fc hostapd: fix deletion of wds sta interfaces in AP mode
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39765
2014-02-28 14:43:53 +00:00
Felix Fietkau
c01d211259 hostapd: link against librt if eglibc is used
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39741
2014-02-24 15:03:06 +00:00
John Crispin
26e850dafa hostapd: add validation rules to wireless handler
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 39620
2014-02-18 13:33:59 +00:00
Felix Fietkau
38587f87ed wifi: Introduce 802.11ac support
This patch introduces 802.11ac support to mac80211 and hostapd. The split of
VHT160 in two 80 MHz bands is not yet supported, since it requires an
additional user supplied parameter for the channel of the second band.

Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
Signed-off-by: Simon Wunderlich <simon@open-mesh.com>
[sven@open-mesh.com: Rebased patch, merged htmode and vhtmode,
removed special hwmode, replaced uci vht_capab list with overwritable
autoconfig, fixed hostapd integration, fixed commit description, add HT40+/-
for VHT modes, add VHT40 center_freq autoconfig, refactored major parts]
Signed-off-by: Sven Eckelmann <sven@open-mesh.com>

SVN-Revision: 39456
2014-02-03 13:31:44 +00:00
Felix Fietkau
50417b58ad hostapd: do not get basic_rate as a simple string variable
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39448
2014-02-02 14:25:02 +00:00
Felix Fietkau
cfc20090f1 hostapd: fix basic rate list handling with netifd
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39431
2014-01-31 10:43:18 +00:00
Felix Fietkau
2725913d2a hostapd: fix frequency selection for ap+sta
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39426
2014-01-30 13:21:30 +00:00
Jo-Philipp Wich
b5400c775e hostapd: Fix 80211w setup with netifd
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 39412
2014-01-28 21:12:45 +00:00
Jo-Philipp Wich
c1cb867c13 hostapd: Fix basic_rate setup with netifd
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 39411
2014-01-28 21:12:36 +00:00
John Crispin
4ae2d6f293 hostapd: fix mcast_rate setting
Introduced by ("netifd: add wireless configuration support and port mac80211 to
the new framework")

Reported-by: René van Weert <r.vanweert@sowifi.com>
Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>

SVN-Revision: 39288
2014-01-14 19:35:55 +00:00
John Crispin
2f9048d8d3 hostapd: fix frequency setting for IBSS/RSN
Introduced by ("netifd: add wireless configuration support and port mac80211 to
the new framework")

Reported-by: René van Weert <rene@sowifi.com>
Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>

SVN-Revision: 39231
2014-01-12 12:07:11 +00:00
Felix Fietkau
c7d23cbeb9 hostapd: fix mixed wep/wpa with netifd
Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>

SVN-Revision: 39174
2013-12-28 11:07:37 +00:00
Felix Fietkau
da886d761a hostapd: fix the uci option name for ap isolate
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39173
2013-12-28 11:07:28 +00:00
Felix Fietkau
aab522e1e3 hostapd: fix wep with netifd
Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>

SVN-Revision: 39156
2013-12-23 12:11:28 +00:00
Felix Fietkau
fd4cd3825b wpa_supplicant: fix interface combination parsing issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39155
2013-12-21 19:42:45 +00:00
Felix Fietkau
b6bcb7ff2d hostapd: move old wifi setup scripts to hostapd-common-old
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39103
2013-12-16 18:42:43 +00:00
Jo-Philipp Wich
32223b3c4d hostapd: fix short_preamble option
SVN-Revision: 39027
2013-12-10 16:24:48 +00:00
Jo-Philipp Wich
18dd101903 hostapd: properly parse wmm and hidden uci options (#14589)
SVN-Revision: 39005
2013-12-08 20:51:21 +00:00
Felix Fietkau
603c532eed hostapd: fix maclist processing with netifd
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38991
2013-12-03 09:02:58 +00:00
Felix Fietkau
498d84fc4e netifd: add wireless configuration support and port mac80211 to the new framework
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38988
2013-12-02 16:41:03 +00:00
Felix Fietkau
a26242cb63 hostapd: change the wildcard for the hostapd control socket directory
prepare for using /var/run/hostapd instead of /var/run/hostapd-phy*

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38986
2013-12-02 13:08:14 +00:00
Felix Fietkau
9381eaccb3 wpa_supplicant: clean up hostapd control socket on exit to fix socket leak in ap+sta mode on wifi restarts
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38985
2013-12-02 13:08:11 +00:00
Felix Fietkau
6960ae4e65 hostapd: fix os_daemonize vs starting process race by creating the pid file in the parent
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38984
2013-12-02 13:08:08 +00:00
Felix Fietkau
5022b3949a hostapd: always include p2p options in wpa_cli
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38981
2013-12-02 13:07:46 +00:00
Felix Fietkau
15b4975925 hostapd: add support for auto-channel selection
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38915
2013-11-25 15:43:30 +00:00
Felix Fietkau
1d75f7506d hostapd: update to version 2013-11-20
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38914
2013-11-25 15:43:15 +00:00
Felix Fietkau
cd1c8d463f hostapd: remove random pool support - the entropy it gathers is questionable and we have better entropy sources on common platforms now
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38852
2013-11-18 13:54:26 +00:00
Felix Fietkau
37756a97a0 hostapd: remove #ifdef MULTICALL around ap+sta support code (to support separately installed supplicant+hostapd)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38782
2013-11-12 22:11:14 +00:00
Jo-Philipp Wich
4f1e282238 wpa_supplicant: fix beacon_int configuration option
wpa_supplicant expects beacon_int instead of beacon_interval in its config
file.

Signed-off-by: Bruno Randolf <br1@einfach.org>

SVN-Revision: 38451
2013-10-18 11:47:47 +00:00
Felix Fietkau
ff40bc2db9 hostapd: recognize 8021x as an authentication mode
Currently, in order to configure the authentication daemon in
8021x mode, we need to set wireless.@wifi-iface[0].encryption="wpa"
Though it works it confuses folks as 8021x is using WEP
encryption and not WPA. Therefore the terminology itself is
confusing. This change adds 8021x as a recognized string for 8021x
authentication.

Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com>
Signed-off-by: Luis R. Rodriguez <mcgrof@qca.qualcomm.com>

SVN-Revision: 38339
2013-10-08 11:09:52 +00:00
Felix Fietkau
9beaea6fc2 hostapd: add external registrar support
Setting wireless.@wifi-iface[N].ext_registrar=1 will enable UPNP
advertising and add an external registrar to the interface this vif
belongs to (br-lan if the vif is included in the LAN bridge). By
enabling this we append upnp_iface=xxx to the hostapd config file.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com>
Signed-off-by: Luis R. Rodriguez <mcgrof@qca.qualcomm.com>

SVN-Revision: 38338
2013-10-08 11:09:48 +00:00
Felix Fietkau
246e9b449b hostapd: enable WPS2 support on hostapd-full.config
Enable CONFIG_WPS2 for hostapd. This is required to support
options like Virtual Push Button in WPS.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: Luis R. Rodriguez <mcgrof@qca.qualcomm.com>

SVN-Revision: 38337
2013-10-08 11:09:44 +00:00
Felix Fietkau
bcbc9b1e89 hostapd: fix hostapd RSN preauthentication PMKSA caching
In 2009 OpenWrt's hostapd config added an "auth_cache" boolean
to be used to address a reported issue #12129 [0] on a forum [1].
The reported issue on the ticket is different that the one
described on the forum. The commit was r33359. This change broke
proper RSN preauthentication [2] [3] [4] expectations on hostapd's
configuration for WPA2 and this in turn disabled PMKSA caching and
Opportunistic Key Caching. This change:

  * Leaves the "auth_cache" to be used only for WPA networks for those
    looking to use this as a workaround to a reported issue but annotates
    a warning over its usage.

  * Separate "auth_cache" from WPA2 RSN preauthentication, leaving
    WPA2 RSN preauthentication to enabled only with "rsn_preauth" with
    the expected and recommended settings.

  * Adds a new WPA2 RSN preauthentication "rsn_preauth_testing" to
    be used when evaluating funcionality for WPA2 RSN preauthentication
    with the expected and recommended settings with the only difference
    so far with what should be enabled by default to disable Opportunistic
    Key Caching.

Disabling the PMKSA cache should mean the STA could not roam off and back
onto the AP that had PMKSA caching disabled and would require a full
authentication cycle. This fixes this for WPA2 networks with
RSN preauthentication enabled.

This change should be applied to AA as well as trunk.

  TL DR;

The issue described on the forum has to do with failure of a STA
being able to try to authenticate again with the AP if it failed
its first try. This may have been an issue with hostapd in 2009
but as per some tests I cannot reproduce this today on a WPA2
network.

The issue described on the ticket alludes to a security issue with the
design of using a Radius server to authenticate to an AP. The issue
vaguely alludes to the circumstances of zapping a user, deleting their
authentication credentials to log in to the network, and that if
RSN preauthentication is enabled with PMKSA caching that the user
that was zapped would still be able to authenticate.

Lets treat these as separate issues.

I cannot reproduce the first issue reported on the forums of not
being able to authenticate anymore on a WPA2 network.

The issue reported on the ticket modified WPA2 RSN preauthentication
by adding two fields to the hostapd configuration if auth_cache
was enabled:

  * disable_pmksa_caching=1
  * okc=0

The first one disables PMKSA authentication cache.
The second one disables Opportunistic Key Caching.

The issue reported on the ticket was fixed by implementing a workaround
in hostapd's configuration. Disabling PMKSA caching breaks proper use
of WPA2 RSN pre authentication. The usage of disable_pmksa_caching=1
prevents hostapd from adding PMKSA entries into its cache when a successful
802.1x authentication occurs. In practice RSN preauthentication would
trigger a STA to perform authentication with other APs on the same SSID,
it would then have its own supplicant PMKSA cache held. If a STA roams
between one AP to another no new authenitcation would need to be performed
as the new AP would already have authenticated the STA. The purpose of the
PMKSA cache on the AP side would be for the AP to use the same PMKID for
a STA when the STA roams off onto another BSSID and later comes back to it.

Disabling Opportunistic Key Caching could help the reported issue
as well but its not the correct place to address this. Opportunistic
Key Caching enables an AP with different interfaces to share the
PMKSA cache. Its a technical enhancement and disabling it would
be useful to let a testing suite properly test for RSN preauthentication
given that otherwise Opportunistic Key Caching would enable an
interface being tested to derive its own derive the PMKSA entry.
In production though okc=1 should be enabled to help with RSN
preauthentication.

The real fix for this particular issue outside of the scope of hostapd's
configuration and it should not be dealt with as a workaround to
its configuration and breaking expected RSN preauthentication and
technical optimizations. Revert this change and enable users to pick
and choose to enable or disable disable_pmksa_caching and okc expecting them
to instead have read clearly more what these do.

As for the core issure ported, the correct place to fix this is to
enable a sort of messaging between the RADIUS server and its peers
so that if caching for authentication is enabled that cache can be
cleared upon user credential updates. Updating a user password
(not just zapping a user) is another possible issue that would need
to be resolved here. Another part of the solution might be to reduce
the cache timing to account for any systematic limitations (RADIUS
server not able to ask peers to clear cache might be
one).

[0] https://dev.openwrt.org/changeset/33359
[1] https://forum.openwrt.org/viewtopic.php?id=19596
[2] http://wireless.kernel.org/en/users/Documentation/hostapd#IEEE_802.11i.2FRSN.2FWPA2_pre-authentication
[3] http://wireless.kernel.org/en/users/Documentation/wpa_supplicant#RSN_preauthentication
[4] http://wiki.openwrt.org/doc/recipes/rsn_preauthentication

Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>

SVN-Revision: 38336
2013-10-08 11:09:40 +00:00
Felix Fietkau
40aec9ed46 hostapd: Add WPS unconfigured & WPS pin method support
Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com>
Signed-off-by: Luis R. Rodriguez <mcgrof@qca.qualcomm.com>

SVN-Revision: 38335
2013-10-08 11:09:36 +00:00
Felix Fietkau
4689bc8517 hostapd: Add eap_reauth_period config option
This adds the eap_reauth_period to be used for modifying
the RADIUS server reauthentication authentication period,
a parameter that gets passed directly to the hostapd
configuration file.

Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com>
Signed-off-by: Luis R. Rodriguez <mcgrof@qca.qualcomm.com>

SVN-Revision: 38334
2013-10-08 11:09:27 +00:00
Felix Fietkau
b2447d1fca hostapd: adjust the md5sum for the uploaded source tarball (fixes #14155)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37990
2013-09-14 20:07:35 +00:00
Felix Fietkau
4cda88a879 hostapd: fix typo in version number
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37742
2013-08-08 20:45:15 +00:00
Felix Fietkau
9df75e7f34 hostapd: fix ubus reconnect handling
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37741
2013-08-08 20:45:12 +00:00
Felix Fietkau
750197b3af hostapd: add a build variant for wpa_supplicant with p2p (aka Wi-Fi Direct) support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37739
2013-08-08 16:24:50 +00:00
Felix Fietkau
f53b96813e hostapd: update to latest version (20130707)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37738
2013-08-08 16:04:19 +00:00
Felix Fietkau
9a22315ca4 hostapd: Settings for DAE/CoA server
hostapd supports "Dynamic Authorization Extensions", making it possible
to forcibly disconnect a user by sending it a RADIUS "Disconnect-Request"
packet.

I've added three new variables to enable setting of the
"radius_das_client" and "radius_das_port" variables in the hostapd
configuration, which enable these extensions.

* dae_client - IP of the client that can send disconnect requests
* dae_secret - shared secret for DAE packets

These are combined into the "radius_das_client" option in hostapd.conf
To enable the server, both dae_client and dae_secret must be set.

* dae_port - optional, default value is 3799 as specified in RFC 5176

Signed-off-by: Martijn van de Streek <martijn@vandestreek.net>

SVN-Revision: 37734
2013-08-06 18:55:30 +00:00
Felix Fietkau
91f0b411f4 hostapd: Fix WDS/WEP usage
WEP in WDS is currently broken in hostapd. Add a patch
to fix the issue.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>

SVN-Revision: 37733
2013-08-06 17:59:12 +00:00
Felix Fietkau
76ca564e79 hostapd: Refresh patches
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>

SVN-Revision: 37731
2013-08-06 17:59:05 +00:00
Felix Fietkau
22e012bad8 hostapd: Add an option to disable beaconing
Add a patch for hostapd that introduces a config option
"start_disabled" which can be used to bring up an AP
interface with beaconing disabled. This is useful in
a Repeater-AP setup where the Repeater AP has to start
beaconing only after the WDS link has been established.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>

SVN-Revision: 37730
2013-08-06 17:59:02 +00:00
Jo-Philipp Wich
7c197d9f0e hostapd: truncate default mac file before adding entries to it (#13797)
SVN-Revision: 37114
2013-07-01 10:52:35 +00:00
Felix Fietkau
ee68734929 hostapd: fix multi-ssid and AP+STA, clean up code
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37111
2013-06-30 21:01:13 +00:00
Felix Fietkau
60b040bbaf hostapd: update to latest git version
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37110
2013-06-30 20:27:38 +00:00
John Crispin
e7dbdad43b hostapd: fix superflous coma
this cause the wps trigegr to be copied to the wrong place

https://dev.openwrt.org/ticket/13753

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 37031
2013-06-24 16:44:18 +00:00
John Crispin
4999ae4236 hostapd: remove old button hotplug script
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 36991
2013-06-21 16:53:07 +00:00
Jo-Philipp Wich
541fbfbb9e hostapd: correctly handle macfile uci option
Make hostapd.sh correctly handle the macfile uci option.

Such option specifies the macfile name to pass into the
hostapd configuration file. Moreover, if a maclist option
has been specified, copy the macfile before appending new
entries.

Signed-off-by: Antonio Quartulli <antonio@open-mesh.com>

SVN-Revision: 36944
2013-06-17 11:59:29 +00:00
Felix Fietkau
b85c442e81 hostapd: enable 802.11r for the -full variant (#13250)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36533
2013-05-03 10:39:57 +00:00
Felix Fietkau
d7908e02b5 hostapd: return the frequency to some ubus calls to make integration easier
SVN-Revision: 36410
2013-04-23 18:35:50 +00:00
Felix Fietkau
62244d73ae hostapd: update to 2013-04-05
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36376
2013-04-22 13:24:48 +00:00
Felix Fietkau
96bb7c123b build: consistently use 'depends on' instead of 'depends'
make the syntax more compatible with kernel menuconfig

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36351
2013-04-17 15:36:41 +00:00
Felix Fietkau
31876c193a hostapd: fix build errors on supplicant-only builds
SVN-Revision: 36085
2013-03-18 16:11:32 +00:00
Felix Fietkau
2167101c90 hostapd: initial prototype of an ubus binding
Supports listing, removing and banning clients, and hooking into
probe/assoc/auth requests via object subscribe.

SVN-Revision: 36081
2013-03-17 20:47:18 +00:00
John Crispin
fce3deddff use new button scheme
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 36004
2013-03-13 18:11:25 +00:00
Felix Fietkau
9ddc45bc3f hostapd: fix client reassociation after too many ACK failures
SVN-Revision: 35973
2013-03-12 00:19:25 +00:00
Felix Fietkau
c3faa6be75 hostapd: include the madwifi headers in the package directory to avoid compile breakage if the madwifi build fails
SVN-Revision: 35893
2013-03-05 22:06:30 +00:00
Felix Fietkau
fa1749e668 hostapd: update to git version 2013-03-02
SVN-Revision: 35887
2013-03-04 17:16:38 +00:00
Felix Fietkau
1d6574b9c3 hostapd: fix the scan wait patch for multiple interfaces
SVN-Revision: 35630
2013-02-16 19:00:34 +00:00
Felix Fietkau
99782943d2 hostapd: add back the patch that waits for interface bringup in ht40, it got lost with the update
SVN-Revision: 35619
2013-02-16 14:26:03 +00:00
Felix Fietkau
1810b80ec0 mac80211/hostapd: short_preamble is a per-vif option and should be enabled by default
SVN-Revision: 35565
2013-02-11 18:59:10 +00:00
Jo-Philipp Wich
e804a663e3 hostapd: don't configure wpa_supplicant with empty password="" if no password is specified (#12912)
SVN-Revision: 35358
2013-01-28 18:05:33 +00:00
John Crispin
a730e96569 Remove remaining etrax references
SVN-Revision: 34968
2013-01-02 11:28:11 +00:00
Felix Fietkau
056d75049d wpa_supplicant.sh: always use parameters from the current section
Using variables from the outer scope unnecessarily complicates the code and
leads to issues.

This patch fixes the bug when having an "adhoc" wifi-iface section before a
"sta" section prevents wpa_supplicant from using the key specified in the
corresponding section as it tries to use the "adhoc" key instead (1 by
default).

Signed-off-by: Paul Fertser <fercerpav@gmail.com>

SVN-Revision: 34716
2012-12-16 13:23:37 +00:00
Felix Fietkau
8516ddb133 mac80211, hostapd: Fix macfilter for multi bssid setups
Previously only the first macfilter configuration would have been used
on all interfaces. However, the configuration was always done per vif
already. Hence, move the macfilter setup into hostapd.sh where and
create one mac list file per vif.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 34470
2012-12-04 12:06:40 +00:00
Florian Fainelli
f1498531c7 hostapd: include sys/stat.h for a struct stat definition
Some libcs need this header to be explicitely included (e.g: musl)

Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 34295
2012-11-21 20:27:06 +00:00
Felix Fietkau
f911fb32fe hostapd: merge some pending fixes (fixes assoc errors when moving between vaps of the same wifi device)
SVN-Revision: 33919
2012-10-25 14:31:17 +00:00
Felix Fietkau
26944502e3 hostapd: merge a security fix for a TLS message buffer overflow (CVE-2012-4445)
SVN-Revision: 33815
2012-10-17 18:16:56 +00:00
Felix Fietkau
2fb3792fa9 hostapd: remove redundant MAINTAINER lines
SVN-Revision: 33692
2012-10-10 12:36:44 +00:00
Felix Fietkau
405e21d167 packages: sort network related packages into package/network/
SVN-Revision: 33688
2012-10-10 12:32:29 +00:00