Commit Graph

217 Commits

Author SHA1 Message Date
John Crispin
8f3e9c91a8 hostapd: backport BSSID black/whitelists
This change adds the configuration options "bssid_whitelist" and
"bssid_blacklist" used to limit the AP selection of a network to a
specified (finite) set or discard certain APs.

This can be useful for environments where multiple networks operate
using the same SSID and roaming between those is not desired. It is also
useful to ignore a faulty or otherwise unwanted AP.

In many applications it is useful not just to enumerate a group of well
known access points, but to use a address/mask notation to match an
entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00).

This is especially useful if an OpenWrt device with two radios is used to
retransmit the same network (one in AP mode for other clients, one as STA for
the uplink); the following configuration prevents the device from associating
with itself, given that the own AP to be avoided is using the bssid
'C0:FF:EE:D0:0D:42':

config wifi-iface
	option device 'radio2'
	option network 'uplink'
	option mode 'sta'
	option ssid 'MyNetwork'
	option encryption 'none'
	list bssid_blacklist 'C0:FF:EE:D0:0D:42/00:FF:FF:FF:FF:FF'

This change consists of the following cherry-picked upstream commits:

b3d6a0a8259002448a29f14855d58fe0a624ab76
b83e455451a875ba233b3b8ac29aff8b62f064f2
79cd993a623e101952b81fa6a29c674cd858504f
(squashed to implement bssid_{white,black}lists)

0047306bc9ab7d46e8cc22ff9a3e876c47626473
(Add os_snprintf_error() helper)

Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>

SVN-Revision: 44438
2015-02-13 10:53:54 +00:00
Felix Fietkau
768d09be87 mac80211/hostapd: fix HT mode setup for RSN ad-hoc networks
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44100
2015-01-24 19:27:22 +00:00
John Crispin
491f3fc048 Support for building an hardened OpenWRT
Introduce configuration options to build an "hardened" OpenWRT.

Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.

uClibc makefile now automatically detects if SSP support is necessary.

hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.

Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.

Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.

Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>

SVN-Revision: 44005
2015-01-17 14:31:30 +00:00
Rafał Miłecki
adaac86c7f hostapd: backport patch fixing handling new stations
This patch fixes adding new stations for some specific drivers when
using more than 1 BSS.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 43951
2015-01-12 22:10:00 +00:00
Felix Fietkau
4ea1edf840 hostapd: Add uapsd option to netifd.sh
The uapsd option sets the uapsd_advertisement_enabled flag in hostapd.

The check for phy support is already implemented here in hostapd since 2011:
http://w1.fi/cgit/hostap/commit/?id=70619a5d8a3d32faa43d66bcb1b670cacf0c243e

So this can be safely set to 1 as default.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>

SVN-Revision: 43846
2015-01-05 13:03:12 +00:00
Felix Fietkau
b2de18bea4 hostapd: add support for configuring supported rates
patch by Wilco Baan Hofman from #18627

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43782
2014-12-27 12:59:47 +00:00
John Crispin
d40842d180 hostapd: improve 802.1x dynamic vlan support with bridge names
In r41872 and r42787 Dynamic VLAN support was reintroduced, but the vlan_bridge
parameter is not read while setting up the config, so the default is used which
is undesirable for some uses.

Signed-off-by: Ben Franske <ben.mm@franske.com>

SVN-Revision: 43473
2014-12-01 16:15:20 +00:00
Felix Fietkau
ed5ed9cf6f hostapd: fix build error on some variants with CONFIG_WPA_RFKILL_SUPPORT=y (#17765)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43345
2014-11-23 14:16:47 +00:00
Felix Fietkau
6c1c3cac55 hostapd: switch dependency from mac80211 to cfg80211
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 43339
2014-11-21 20:38:14 +00:00
Nicolas Thill
f4417f7ad8 package/*: replace occurences of 'ln -sf' to '$(LN)'
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 43205
2014-11-06 19:35:34 +00:00
John Crispin
74a3a77bcd license info - revert r43155
turns out that r43155 adds duplicate info.

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43167
2014-11-03 09:56:44 +00:00
John Crispin
c10d97484a Add more license tags with SPDX identifiers
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.

I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.

However, I can not garantee that I always picked the correct information
and/or did not miss license information.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 43155
2014-11-03 08:01:08 +00:00
Steven Barth
bec9d38fa4 Add a few SPDX tags
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43151
2014-11-02 12:20:54 +00:00
Felix Fietkau
3c9fcd2526 hostapd: update to 2014-10-25
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43059
2014-10-25 16:48:45 +00:00
John Crispin
d5b734e145 hostapd: Add wpa_psk_file option to netifd.sh
The wpa_psk_file option offers the possibility to use a different WPA-PSK key for each client. The directive points to a file with the following syntax:

mac_address wpa_passphrase_or_hex_key

Example:

00:11:22:33:44:55 passphrase_for_client_1
00:11:22:33:44:67 passphrase_for_client_2
00:11:22:33:44:89 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef

So it is possible to specify both ASCII passphrases and raw 64-chars hex keys.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>

SVN-Revision: 43001
2014-10-20 11:19:21 +00:00
Steven Barth
99984eaeb3 hostapd: CVE-2014-3686 fixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42942
2014-10-17 06:15:35 +00:00
John Crispin
20940138ac scripts: fix wrong usage of '==' operator
[base-files] shell-scripting: fix wrong usage of '==' operator

normally the '==' is used for invoking a regex parser and is a bashism.
all of the fixes just want to compare a string. the used busybox-ash
will silently "ignore" this mistake, but make it portable/clean at least.

this patch does not change the behavior/logic of the scripts.

Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>

SVN-Revision: 42911
2014-10-14 12:21:11 +00:00
John Crispin
70d56d749b hostapd: read missing parameter for dynamic VLANs
In r41872 Dynamic VLAN support was reintroduced, but the vlan_naming
parameter is not read while setting up the config, so it always
defaults to 1.

Signed-off-by: Reiner Herrmann <reiner@reiner-h.de>

SVN-Revision: 42787
2014-10-06 04:52:21 +00:00
Felix Fietkau
bf0305725a hostapd: add conflicts with wpad(-mini) to hostapd and wpa_supplicant
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42772
2014-10-05 16:41:50 +00:00
Felix Fietkau
281f40cef2 hostapd: allow using iapp for any encryption type (fixes #18022)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42764
2014-10-05 10:55:55 +00:00
Felix Fietkau
cd80931e03 hostapd: merge an upstream patch for pmksa cache
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42762
2014-10-05 10:26:26 +00:00
John Crispin
ed2fff7452 hostapd: do not remove foreign wpa_supplicant sockets
https://dev.openwrt.org/ticket/17886

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42586
2014-09-17 07:41:31 +00:00
Felix Fietkau
7ff276afd3 hostapd: remove bogus default setting for wps_pin (#17873)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42553
2014-09-15 16:09:23 +00:00
Felix Fietkau
96b74d4eef hostapd: add ubus bindings for wps
With this patch WPS discovery can be started or canceled over ubus if
WPS is enabled in wireless configuration. This is equivalent of
'hostapd_cli wps_pbc' and 'hostapd_cli wps_cancel' commands.

Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>

SVN-Revision: 42459
2014-09-10 13:01:53 +00:00
Luka Perkov
bc69ee8eab hostapd: fix some whitespaces
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 42111
2014-08-11 08:44:48 +00:00
Felix Fietkau
44cb68c038 hostapd: revert bogus version that was added in r41872
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41960
2014-08-03 10:53:40 +00:00
Jo-Philipp Wich
b6153f92ad hostapd: Reintroduce Full Dynamic VLAN support
This patch brings full dynamic vlan support to netifd that existed in hostapd.sh in Attitude Adjustment.

Signed-off-by: Joseph CG Walker <Joe@ChubbyPenguin.net>
[jow@openwrt.org: changed commit message, rebased on top of current hostapd.sh]
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 41872
2014-07-29 09:48:02 +00:00
Felix Fietkau
c6d1992701 hostapd: add more missing ifdefs
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41863
2014-07-28 22:52:39 +00:00
Felix Fietkau
fd619513d1 hostapd: add missing ifdef
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41855
2014-07-28 10:36:51 +00:00
Felix Fietkau
eaa3c4a11d hostapd: prevent spurious 20/40 mhz channel bandwidth switches if noscan is enabled
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41828
2014-07-25 14:29:58 +00:00
Felix Fietkau
b24e77714e hostapd: add a require_mode option in wifi-device sections to select the minimum hardware mode that the AP requires from clients
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41665
2014-07-15 10:30:08 +00:00
Felix Fietkau
53fa9374c2 hostapd: fix wpad-mini compile error (#16700)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41023
2014-06-05 21:14:02 +00:00
Felix Fietkau
5758b210e3 hostapd: update to 2014-06-03
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41022
2014-06-05 15:58:01 +00:00
Felix Fietkau
a073d13baa wpa_supplicant: fix locking hostapd to 20MHz (#12720)
Fixed wpa_supplicant when the radio is in 40MHz mode so that it no
longer restarts hostapd with the second channel disabled.

Signed-off-by: Lance Chaney <furryfur1@gmail.com>

SVN-Revision: 41019
2014-06-05 14:55:10 +00:00
Felix Fietkau
c20bb27aad hostapd: move reading of rsn_preauth out of auth_type=eap context
rsn_preauth is used outside of "case $auth_type", so if it is set
for an EAP-enabled SSID, it would also be set for the following
non-EAP-enabled SSIDs, because it would not be read again.

Signed-off-by: Reiner Herrmann <reiner@reiner-h.de>

SVN-Revision: 41012
2014-06-05 11:55:36 +00:00
Felix Fietkau
b8d190da1f hostapd: replace undefined $bridge with $network_bridge
Signed-off-by: Reiner Herrmann <reiner@reiner-h.de>

SVN-Revision: 41002
2014-06-04 11:51:59 +00:00
John Crispin
3bc4516ebb hostapd: Add optional support for hostapd own_ip_addr in wireless config
`own_ip_addr` is used by hostapd as NAS-IP-Address.
This is used to identify the AP that is requesting the authentication of the
user and could be used to define which AP's can authenticate users.
Some vendors implement only NAS-Identifier or NAS-IP-Address and not both.
This patch adds ownip as an optional parameter in /etc/config/wireless.

Signed-off-by: Thomas Wouters <thomaswouters@gmail.com>

SVN-Revision: 40934
2014-06-02 12:44:40 +00:00
Felix Fietkau
239b3c09c9 hostapd: add a package for eapol_test
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40782
2014-05-19 21:58:48 +00:00
Felix Fietkau
26044703a4 hostapd: add an option for 802.11h (enabled by default)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40690
2014-05-03 21:14:48 +00:00
Felix Fietkau
e795250a1e hostapd: fix eglibc 2.15 support
This patch fixes compilation failure for hostapd when using eglibc 2.15.

Signed-off-by: Zachery Stoddard <zacherystoddard@gmail.com>

SVN-Revision: 40575
2014-04-27 18:30:50 +00:00
Felix Fietkau
8a831de514 hostapd: update to version 2014-04-24, fixes some dfs related issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40571
2014-04-26 19:48:06 +00:00
John Crispin
3bc77db5f5 802.11s: fix authsae support in netifd
This patch implements support for 802.11s protected mesh wireless networks (using authsae) in the netifd framework.

Until meshd-nl80211 implements a proper -P option for the PID file, this uses shell backgrounding in order to be able to get the PID for the process.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>

SVN-Revision: 40497
2014-04-12 21:22:17 +00:00
Felix Fietkau
0d7e8ba3a9 hostapd: fix "bad number" error due to missing wps_pbc_in_m1 option (since r39995)
r39995 introduced a new parameter wps_pbc_in_m1 to wifi wps config, but
apparently did not provide a default value 0.

When that option's non-existing value is later evaluated in
/lib/netifd/hostapd.sh, it causes the "bad number" error to be logged in
syslog if user has not set the wps_pbc_in_m1 option. The error materialises
only if user has enabled wps.
    Sat Apr 12 13:25:01 2014 daemon.notice netifd: radio1 (1254): sh: bad number
    Sat Apr 12 13:25:01 2014 daemon.notice netifd: radio0 (1253): sh: bad number

Discussion in bug 15508: https://dev.openwrt.org/ticket/15508#comment:3

Error is caused by line 282:
https://dev.openwrt.org/browser/trunk/package/network/services/hostapd/files/netifd.sh#L282

My patch sets the parameter's default value to 0, which does nothing. The
default might also be set a bit later in the function, but this felt like the
most clear place to do that.

Signed-off-by hnyman <hannu.nyman@iki.fi>

SVN-Revision: 40469
2014-04-12 14:28:34 +00:00
Felix Fietkau
8994b4b191 hostapd: update to version 2014-04-04
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40394
2014-04-06 12:13:55 +00:00
Felix Fietkau
c53c7a0fe0 hostapd: add pbc_in_m1 option
Option pbc_in_m1 is being used as a WPS capability discovery
workaround for PBC with Windows 7.
Add possibility to enable this workaround from UCI.

To enable it, turn on wps and set wps_pbc_in_m1 parameter to 1.

Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>

SVN-Revision: 39995
2014-03-21 15:55:03 +00:00
Felix Fietkau
a9d4cd35fc hostapd: fix deletion of wds sta interfaces in AP mode
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39765
2014-02-28 14:43:53 +00:00
Felix Fietkau
c01d211259 hostapd: link against librt if eglibc is used
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39741
2014-02-24 15:03:06 +00:00
John Crispin
26e850dafa hostapd: add validation rules to wireless handler
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 39620
2014-02-18 13:33:59 +00:00
Felix Fietkau
38587f87ed wifi: Introduce 802.11ac support
This patch introduces 802.11ac support to mac80211 and hostapd. The split of
VHT160 in two 80 MHz bands is not yet supported, since it requires an
additional user supplied parameter for the channel of the second band.

Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
Signed-off-by: Simon Wunderlich <simon@open-mesh.com>
[sven@open-mesh.com: Rebased patch, merged htmode and vhtmode,
removed special hwmode, replaced uci vht_capab list with overwritable
autoconfig, fixed hostapd integration, fixed commit description, add HT40+/-
for VHT modes, add VHT40 center_freq autoconfig, refactored major parts]
Signed-off-by: Sven Eckelmann <sven@open-mesh.com>

SVN-Revision: 39456
2014-02-03 13:31:44 +00:00
Felix Fietkau
50417b58ad hostapd: do not get basic_rate as a simple string variable
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39448
2014-02-02 14:25:02 +00:00
Felix Fietkau
cfc20090f1 hostapd: fix basic rate list handling with netifd
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39431
2014-01-31 10:43:18 +00:00
Felix Fietkau
2725913d2a hostapd: fix frequency selection for ap+sta
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39426
2014-01-30 13:21:30 +00:00
Jo-Philipp Wich
b5400c775e hostapd: Fix 80211w setup with netifd
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 39412
2014-01-28 21:12:45 +00:00
Jo-Philipp Wich
c1cb867c13 hostapd: Fix basic_rate setup with netifd
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 39411
2014-01-28 21:12:36 +00:00
John Crispin
4ae2d6f293 hostapd: fix mcast_rate setting
Introduced by ("netifd: add wireless configuration support and port mac80211 to
the new framework")

Reported-by: René van Weert <r.vanweert@sowifi.com>
Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>

SVN-Revision: 39288
2014-01-14 19:35:55 +00:00
John Crispin
2f9048d8d3 hostapd: fix frequency setting for IBSS/RSN
Introduced by ("netifd: add wireless configuration support and port mac80211 to
the new framework")

Reported-by: René van Weert <rene@sowifi.com>
Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>

SVN-Revision: 39231
2014-01-12 12:07:11 +00:00
Felix Fietkau
c7d23cbeb9 hostapd: fix mixed wep/wpa with netifd
Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>

SVN-Revision: 39174
2013-12-28 11:07:37 +00:00
Felix Fietkau
da886d761a hostapd: fix the uci option name for ap isolate
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39173
2013-12-28 11:07:28 +00:00
Felix Fietkau
aab522e1e3 hostapd: fix wep with netifd
Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>

SVN-Revision: 39156
2013-12-23 12:11:28 +00:00
Felix Fietkau
fd4cd3825b wpa_supplicant: fix interface combination parsing issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39155
2013-12-21 19:42:45 +00:00
Felix Fietkau
b6bcb7ff2d hostapd: move old wifi setup scripts to hostapd-common-old
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39103
2013-12-16 18:42:43 +00:00
Jo-Philipp Wich
32223b3c4d hostapd: fix short_preamble option
SVN-Revision: 39027
2013-12-10 16:24:48 +00:00
Jo-Philipp Wich
18dd101903 hostapd: properly parse wmm and hidden uci options (#14589)
SVN-Revision: 39005
2013-12-08 20:51:21 +00:00
Felix Fietkau
603c532eed hostapd: fix maclist processing with netifd
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38991
2013-12-03 09:02:58 +00:00
Felix Fietkau
498d84fc4e netifd: add wireless configuration support and port mac80211 to the new framework
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38988
2013-12-02 16:41:03 +00:00
Felix Fietkau
a26242cb63 hostapd: change the wildcard for the hostapd control socket directory
prepare for using /var/run/hostapd instead of /var/run/hostapd-phy*

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38986
2013-12-02 13:08:14 +00:00
Felix Fietkau
9381eaccb3 wpa_supplicant: clean up hostapd control socket on exit to fix socket leak in ap+sta mode on wifi restarts
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38985
2013-12-02 13:08:11 +00:00
Felix Fietkau
6960ae4e65 hostapd: fix os_daemonize vs starting process race by creating the pid file in the parent
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38984
2013-12-02 13:08:08 +00:00
Felix Fietkau
5022b3949a hostapd: always include p2p options in wpa_cli
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38981
2013-12-02 13:07:46 +00:00
Felix Fietkau
15b4975925 hostapd: add support for auto-channel selection
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38915
2013-11-25 15:43:30 +00:00
Felix Fietkau
1d75f7506d hostapd: update to version 2013-11-20
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38914
2013-11-25 15:43:15 +00:00
Felix Fietkau
cd1c8d463f hostapd: remove random pool support - the entropy it gathers is questionable and we have better entropy sources on common platforms now
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38852
2013-11-18 13:54:26 +00:00
Felix Fietkau
37756a97a0 hostapd: remove #ifdef MULTICALL around ap+sta support code (to support separately installed supplicant+hostapd)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 38782
2013-11-12 22:11:14 +00:00
Jo-Philipp Wich
4f1e282238 wpa_supplicant: fix beacon_int configuration option
wpa_supplicant expects beacon_int instead of beacon_interval in its config
file.

Signed-off-by: Bruno Randolf <br1@einfach.org>

SVN-Revision: 38451
2013-10-18 11:47:47 +00:00
Felix Fietkau
ff40bc2db9 hostapd: recognize 8021x as an authentication mode
Currently, in order to configure the authentication daemon in
8021x mode, we need to set wireless.@wifi-iface[0].encryption="wpa"
Though it works it confuses folks as 8021x is using WEP
encryption and not WPA. Therefore the terminology itself is
confusing. This change adds 8021x as a recognized string for 8021x
authentication.

Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com>
Signed-off-by: Luis R. Rodriguez <mcgrof@qca.qualcomm.com>

SVN-Revision: 38339
2013-10-08 11:09:52 +00:00
Felix Fietkau
9beaea6fc2 hostapd: add external registrar support
Setting wireless.@wifi-iface[N].ext_registrar=1 will enable UPNP
advertising and add an external registrar to the interface this vif
belongs to (br-lan if the vif is included in the LAN bridge). By
enabling this we append upnp_iface=xxx to the hostapd config file.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com>
Signed-off-by: Luis R. Rodriguez <mcgrof@qca.qualcomm.com>

SVN-Revision: 38338
2013-10-08 11:09:48 +00:00
Felix Fietkau
246e9b449b hostapd: enable WPS2 support on hostapd-full.config
Enable CONFIG_WPS2 for hostapd. This is required to support
options like Virtual Push Button in WPS.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: Luis R. Rodriguez <mcgrof@qca.qualcomm.com>

SVN-Revision: 38337
2013-10-08 11:09:44 +00:00
Felix Fietkau
bcbc9b1e89 hostapd: fix hostapd RSN preauthentication PMKSA caching
In 2009 OpenWrt's hostapd config added an "auth_cache" boolean
to be used to address a reported issue #12129 [0] on a forum [1].
The reported issue on the ticket is different that the one
described on the forum. The commit was r33359. This change broke
proper RSN preauthentication [2] [3] [4] expectations on hostapd's
configuration for WPA2 and this in turn disabled PMKSA caching and
Opportunistic Key Caching. This change:

  * Leaves the "auth_cache" to be used only for WPA networks for those
    looking to use this as a workaround to a reported issue but annotates
    a warning over its usage.

  * Separate "auth_cache" from WPA2 RSN preauthentication, leaving
    WPA2 RSN preauthentication to enabled only with "rsn_preauth" with
    the expected and recommended settings.

  * Adds a new WPA2 RSN preauthentication "rsn_preauth_testing" to
    be used when evaluating funcionality for WPA2 RSN preauthentication
    with the expected and recommended settings with the only difference
    so far with what should be enabled by default to disable Opportunistic
    Key Caching.

Disabling the PMKSA cache should mean the STA could not roam off and back
onto the AP that had PMKSA caching disabled and would require a full
authentication cycle. This fixes this for WPA2 networks with
RSN preauthentication enabled.

This change should be applied to AA as well as trunk.

  TL DR;

The issue described on the forum has to do with failure of a STA
being able to try to authenticate again with the AP if it failed
its first try. This may have been an issue with hostapd in 2009
but as per some tests I cannot reproduce this today on a WPA2
network.

The issue described on the ticket alludes to a security issue with the
design of using a Radius server to authenticate to an AP. The issue
vaguely alludes to the circumstances of zapping a user, deleting their
authentication credentials to log in to the network, and that if
RSN preauthentication is enabled with PMKSA caching that the user
that was zapped would still be able to authenticate.

Lets treat these as separate issues.

I cannot reproduce the first issue reported on the forums of not
being able to authenticate anymore on a WPA2 network.

The issue reported on the ticket modified WPA2 RSN preauthentication
by adding two fields to the hostapd configuration if auth_cache
was enabled:

  * disable_pmksa_caching=1
  * okc=0

The first one disables PMKSA authentication cache.
The second one disables Opportunistic Key Caching.

The issue reported on the ticket was fixed by implementing a workaround
in hostapd's configuration. Disabling PMKSA caching breaks proper use
of WPA2 RSN pre authentication. The usage of disable_pmksa_caching=1
prevents hostapd from adding PMKSA entries into its cache when a successful
802.1x authentication occurs. In practice RSN preauthentication would
trigger a STA to perform authentication with other APs on the same SSID,
it would then have its own supplicant PMKSA cache held. If a STA roams
between one AP to another no new authenitcation would need to be performed
as the new AP would already have authenticated the STA. The purpose of the
PMKSA cache on the AP side would be for the AP to use the same PMKID for
a STA when the STA roams off onto another BSSID and later comes back to it.

Disabling Opportunistic Key Caching could help the reported issue
as well but its not the correct place to address this. Opportunistic
Key Caching enables an AP with different interfaces to share the
PMKSA cache. Its a technical enhancement and disabling it would
be useful to let a testing suite properly test for RSN preauthentication
given that otherwise Opportunistic Key Caching would enable an
interface being tested to derive its own derive the PMKSA entry.
In production though okc=1 should be enabled to help with RSN
preauthentication.

The real fix for this particular issue outside of the scope of hostapd's
configuration and it should not be dealt with as a workaround to
its configuration and breaking expected RSN preauthentication and
technical optimizations. Revert this change and enable users to pick
and choose to enable or disable disable_pmksa_caching and okc expecting them
to instead have read clearly more what these do.

As for the core issure ported, the correct place to fix this is to
enable a sort of messaging between the RADIUS server and its peers
so that if caching for authentication is enabled that cache can be
cleared upon user credential updates. Updating a user password
(not just zapping a user) is another possible issue that would need
to be resolved here. Another part of the solution might be to reduce
the cache timing to account for any systematic limitations (RADIUS
server not able to ask peers to clear cache might be
one).

[0] https://dev.openwrt.org/changeset/33359
[1] https://forum.openwrt.org/viewtopic.php?id=19596
[2] http://wireless.kernel.org/en/users/Documentation/hostapd#IEEE_802.11i.2FRSN.2FWPA2_pre-authentication
[3] http://wireless.kernel.org/en/users/Documentation/wpa_supplicant#RSN_preauthentication
[4] http://wiki.openwrt.org/doc/recipes/rsn_preauthentication

Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>

SVN-Revision: 38336
2013-10-08 11:09:40 +00:00
Felix Fietkau
40aec9ed46 hostapd: Add WPS unconfigured & WPS pin method support
Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com>
Signed-off-by: Luis R. Rodriguez <mcgrof@qca.qualcomm.com>

SVN-Revision: 38335
2013-10-08 11:09:36 +00:00
Felix Fietkau
4689bc8517 hostapd: Add eap_reauth_period config option
This adds the eap_reauth_period to be used for modifying
the RADIUS server reauthentication authentication period,
a parameter that gets passed directly to the hostapd
configuration file.

Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com>
Signed-off-by: Luis R. Rodriguez <mcgrof@qca.qualcomm.com>

SVN-Revision: 38334
2013-10-08 11:09:27 +00:00
Felix Fietkau
b2447d1fca hostapd: adjust the md5sum for the uploaded source tarball (fixes #14155)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37990
2013-09-14 20:07:35 +00:00
Felix Fietkau
4cda88a879 hostapd: fix typo in version number
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37742
2013-08-08 20:45:15 +00:00
Felix Fietkau
9df75e7f34 hostapd: fix ubus reconnect handling
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37741
2013-08-08 20:45:12 +00:00
Felix Fietkau
750197b3af hostapd: add a build variant for wpa_supplicant with p2p (aka Wi-Fi Direct) support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37739
2013-08-08 16:24:50 +00:00
Felix Fietkau
f53b96813e hostapd: update to latest version (20130707)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37738
2013-08-08 16:04:19 +00:00
Felix Fietkau
9a22315ca4 hostapd: Settings for DAE/CoA server
hostapd supports "Dynamic Authorization Extensions", making it possible
to forcibly disconnect a user by sending it a RADIUS "Disconnect-Request"
packet.

I've added three new variables to enable setting of the
"radius_das_client" and "radius_das_port" variables in the hostapd
configuration, which enable these extensions.

* dae_client - IP of the client that can send disconnect requests
* dae_secret - shared secret for DAE packets

These are combined into the "radius_das_client" option in hostapd.conf
To enable the server, both dae_client and dae_secret must be set.

* dae_port - optional, default value is 3799 as specified in RFC 5176

Signed-off-by: Martijn van de Streek <martijn@vandestreek.net>

SVN-Revision: 37734
2013-08-06 18:55:30 +00:00
Felix Fietkau
91f0b411f4 hostapd: Fix WDS/WEP usage
WEP in WDS is currently broken in hostapd. Add a patch
to fix the issue.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>

SVN-Revision: 37733
2013-08-06 17:59:12 +00:00
Felix Fietkau
76ca564e79 hostapd: Refresh patches
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>

SVN-Revision: 37731
2013-08-06 17:59:05 +00:00
Felix Fietkau
22e012bad8 hostapd: Add an option to disable beaconing
Add a patch for hostapd that introduces a config option
"start_disabled" which can be used to bring up an AP
interface with beaconing disabled. This is useful in
a Repeater-AP setup where the Repeater AP has to start
beaconing only after the WDS link has been established.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>

SVN-Revision: 37730
2013-08-06 17:59:02 +00:00
Jo-Philipp Wich
7c197d9f0e hostapd: truncate default mac file before adding entries to it (#13797)
SVN-Revision: 37114
2013-07-01 10:52:35 +00:00
Felix Fietkau
ee68734929 hostapd: fix multi-ssid and AP+STA, clean up code
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37111
2013-06-30 21:01:13 +00:00
Felix Fietkau
60b040bbaf hostapd: update to latest git version
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37110
2013-06-30 20:27:38 +00:00
John Crispin
e7dbdad43b hostapd: fix superflous coma
this cause the wps trigegr to be copied to the wrong place

https://dev.openwrt.org/ticket/13753

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 37031
2013-06-24 16:44:18 +00:00
John Crispin
4999ae4236 hostapd: remove old button hotplug script
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 36991
2013-06-21 16:53:07 +00:00
Jo-Philipp Wich
541fbfbb9e hostapd: correctly handle macfile uci option
Make hostapd.sh correctly handle the macfile uci option.

Such option specifies the macfile name to pass into the
hostapd configuration file. Moreover, if a maclist option
has been specified, copy the macfile before appending new
entries.

Signed-off-by: Antonio Quartulli <antonio@open-mesh.com>

SVN-Revision: 36944
2013-06-17 11:59:29 +00:00
Felix Fietkau
b85c442e81 hostapd: enable 802.11r for the -full variant (#13250)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36533
2013-05-03 10:39:57 +00:00
Felix Fietkau
d7908e02b5 hostapd: return the frequency to some ubus calls to make integration easier
SVN-Revision: 36410
2013-04-23 18:35:50 +00:00
Felix Fietkau
62244d73ae hostapd: update to 2013-04-05
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36376
2013-04-22 13:24:48 +00:00
Felix Fietkau
96bb7c123b build: consistently use 'depends on' instead of 'depends'
make the syntax more compatible with kernel menuconfig

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36351
2013-04-17 15:36:41 +00:00
Felix Fietkau
31876c193a hostapd: fix build errors on supplicant-only builds
SVN-Revision: 36085
2013-03-18 16:11:32 +00:00
Felix Fietkau
2167101c90 hostapd: initial prototype of an ubus binding
Supports listing, removing and banning clients, and hooking into
probe/assoc/auth requests via object subscribe.

SVN-Revision: 36081
2013-03-17 20:47:18 +00:00
John Crispin
fce3deddff use new button scheme
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 36004
2013-03-13 18:11:25 +00:00
Felix Fietkau
9ddc45bc3f hostapd: fix client reassociation after too many ACK failures
SVN-Revision: 35973
2013-03-12 00:19:25 +00:00
Felix Fietkau
c3faa6be75 hostapd: include the madwifi headers in the package directory to avoid compile breakage if the madwifi build fails
SVN-Revision: 35893
2013-03-05 22:06:30 +00:00
Felix Fietkau
fa1749e668 hostapd: update to git version 2013-03-02
SVN-Revision: 35887
2013-03-04 17:16:38 +00:00
Felix Fietkau
1d6574b9c3 hostapd: fix the scan wait patch for multiple interfaces
SVN-Revision: 35630
2013-02-16 19:00:34 +00:00
Felix Fietkau
99782943d2 hostapd: add back the patch that waits for interface bringup in ht40, it got lost with the update
SVN-Revision: 35619
2013-02-16 14:26:03 +00:00
Felix Fietkau
1810b80ec0 mac80211/hostapd: short_preamble is a per-vif option and should be enabled by default
SVN-Revision: 35565
2013-02-11 18:59:10 +00:00
Jo-Philipp Wich
e804a663e3 hostapd: don't configure wpa_supplicant with empty password="" if no password is specified (#12912)
SVN-Revision: 35358
2013-01-28 18:05:33 +00:00
John Crispin
a730e96569 Remove remaining etrax references
SVN-Revision: 34968
2013-01-02 11:28:11 +00:00
Felix Fietkau
056d75049d wpa_supplicant.sh: always use parameters from the current section
Using variables from the outer scope unnecessarily complicates the code and
leads to issues.

This patch fixes the bug when having an "adhoc" wifi-iface section before a
"sta" section prevents wpa_supplicant from using the key specified in the
corresponding section as it tries to use the "adhoc" key instead (1 by
default).

Signed-off-by: Paul Fertser <fercerpav@gmail.com>

SVN-Revision: 34716
2012-12-16 13:23:37 +00:00
Felix Fietkau
8516ddb133 mac80211, hostapd: Fix macfilter for multi bssid setups
Previously only the first macfilter configuration would have been used
on all interfaces. However, the configuration was always done per vif
already. Hence, move the macfilter setup into hostapd.sh where and
create one mac list file per vif.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 34470
2012-12-04 12:06:40 +00:00
Florian Fainelli
f1498531c7 hostapd: include sys/stat.h for a struct stat definition
Some libcs need this header to be explicitely included (e.g: musl)

Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 34295
2012-11-21 20:27:06 +00:00
Felix Fietkau
f911fb32fe hostapd: merge some pending fixes (fixes assoc errors when moving between vaps of the same wifi device)
SVN-Revision: 33919
2012-10-25 14:31:17 +00:00
Felix Fietkau
26944502e3 hostapd: merge a security fix for a TLS message buffer overflow (CVE-2012-4445)
SVN-Revision: 33815
2012-10-17 18:16:56 +00:00
Felix Fietkau
2fb3792fa9 hostapd: remove redundant MAINTAINER lines
SVN-Revision: 33692
2012-10-10 12:36:44 +00:00
Felix Fietkau
405e21d167 packages: sort network related packages into package/network/
SVN-Revision: 33688
2012-10-10 12:32:29 +00:00