Commit Graph

4044 Commits

Author SHA1 Message Date
Felix Fietkau
3e1ac00ccb umdns: update to the latest version
479c7f8676d9 cache: make record/hostname lookup case-insensitive
26c97a5a50bf ubus: add a browse flag for suppressing cached ip addresses
c286c51a9bd9 Fix AVL tree traversal in cache_record_find and cache_host_is_known
4035fe42df58 interface: use a global socket instead of per-interface ones
c63d465698c7 cache: dump hostname target from srv records
b42b22152d73 use hostname from SRV record to look up IP addresses
d45c443aa1e6 ubus: add array flag support for the hosts method

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-10-19 19:15:32 +02:00
Nick Hainke
5b85c19642 iproute2: update to 6.5.0
Release Notes:
https://lore.kernel.org/netdev/20230906093918.394a1b1d@hermes.local/T/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-10-14 08:01:56 +02:00
Nick Hainke
abe908ca53 ethtool: update to 6.5
Release Notes:
https://lore.kernel.org/netdev/20230912223336.zywfpavr3ln3trp3@lion.mk-sys.cz/T/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-10-14 08:01:45 +02:00
Martin Schiller
e53ed6af87 linux-atm: use target specific kernel headers
There are a few targets that mess with the atm kernel headers. To avoid
incompatibility between kernel and user space during compilation, the
correct headers should be used.

Consequently, the package must also be marked as nonshared.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2023-10-05 10:31:39 +02:00
Uwe Niethammer
32a696f9e4 uqmi: added timeout to fix hanging qmi.sh
Modems which are using qmi do not reply on the 1st sync but they do
on subsequent. So qmi.sh is hanging on the first call. Since 2020 uqmi
supports a timeout parameter. Unfortunately qmi.sh didn't make use of
this parameter. So qmi.sh is now invoking an early dummy access to
unlock the modem

Signed-off-by: Uwe Niethammer <uwe@dr-niethammer.de>
2023-10-03 18:50:01 +02:00
Nick Hainke
91d2ead3c3 hostapd: increase PKG_RELEASE to fix builds
Recent hostapd changes just edited the ucode files. It is required to
bump the PKG_RELEASE to include the newest changes in the latest builds.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-09-29 11:26:49 +02:00
Felix Fietkau
abceef120d hostapd: fix wpa_supplicant mac address allocation on ap+sta
If the full interface is restarted while bringing up an AP, it can trigger a
wpa_supplicant interface start before wpa_supplicant is notified of the
allocated mac addresses.
Fix this by moving the iface_update_supplicant_macaddr call to just after
the point where mac addresses are allocated.

Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-28 10:30:14 +02:00
Felix Fietkau
0c43a48735 hostapd: fix mac address of interfaces created via wdev.uc
Use the wdev config with the generated MAC address

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-27 15:04:25 +02:00
Felix Fietkau
f1bb528ae7 hostapd: fix rare crash with AP+STA and ACS enabled
Ensure that the iface disable in uc_hostapd_iface_start also clears the ACS
state.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-25 18:46:22 +02:00
Leon M. Busch-George
9f52a57c99 package: dnsmasq: remove off-by-one mitigation for limit
In the dnsmasq init script, an off-by-one in the range calculation of
ipcalc.sh was mitigated by passing the limit as if its counting started
at zero. This patch removes the mitigation as the off-by-one has been
fixed.

Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
2023-09-25 15:02:49 +02:00
Leon M. Busch-George
6b23836071 package: avoid the use of eval to parse ipcalc.sh output
Add a function 'ipcalc' to /lib/functions.sh that sets variables more
safely using export.
With this new function, dnsmasq also handles the return value of ipcalc
correctly.

Fixes: e4bd3de1be ("dnsmasq: refuse to add empty DHCP range")
Co-Authored-By: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
2023-09-25 15:02:49 +02:00
Sebastian Pflieger
3ce909914a lldpd: add lldp_syscapabilities config option
allow to overwrite the detected system capabilities e.g. if devices
does not operate as bridge.

Signed-off-by: Sebastian Pflieger <sebastian@pflieger.email>
2023-09-24 17:07:28 +02:00
Felix Fietkau
3a5ad6e3d7 hostapd: fix patch rebase after a crash fix
The patch refresh accidentally moved the hostapd_ucode_free_iface call to
the wrong function

Fixes: e9722aef9e ("hostapd: fix a crash when disabling an interface during channel list update")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-22 20:00:13 +02:00
Felix Fietkau
fd6d7aafb2 hostapd: fix wpa_supplicant bringup with non-nl80211 drivers
Needed for wired 802.1x

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-22 07:59:27 +02:00
Felix Fietkau
4145ff4d8a hostapd: add missing NULL pointer check in uc_hostapd_iface_stop
Avoid crashing if the interface has already been removed

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-20 18:40:33 +02:00
Felix Fietkau
e9722aef9e hostapd: fix a crash when disabling an interface during channel list update
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-20 14:11:14 +02:00
Alexander Couzens
8572007f90 packages: assign PKG_CPE_ID for all missing packages
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining package which have a CPE ID.
Not every package has CPE id.

Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2023-09-19 20:21:13 +02:00
Felix Fietkau
f52e008d04 netifd: update to the latest version
7a58b995fdbe wireless: update prev_config on SET_DATA notify

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-19 11:56:30 +02:00
Felix Fietkau
a511480368 hostapd: use phy name for hostapd interfaces instead of first-bss ifname
Improves reliability in error handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-19 11:56:30 +02:00
Felix Fietkau
93e147c9e6 hostapd: fix dynamically adding interfaces with 802.11ax support disabled in the build
Move an important code line outside of #ifdef CONFIG_IEEE80211AX

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-18 16:51:34 +02:00
Felix Fietkau
a33f1d3515 netifd: update to the latest version
88a3a9e2be07 wireless: clean up prev_config handling
afcd3825dad9 wireless: dynamically enable/disable virtual interfaces base on network interface autostart

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-15 20:43:27 +02:00
Felix Fietkau
f5380184e6 hostapd: add missing ubus ACL entries for AP+client (#13449)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-15 20:42:56 +02:00
Felix Fietkau
50e16efd41 hostapd: support dynamic reload of vlan files when renaming interfaces
Avoids unnecessary AP restart on ifname changes when wifi-vlan sections
are present.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-15 14:25:27 +02:00
Felix Fietkau
99515fbc36 netifd: update to the latest version
3d425f16d6a6 wireless: rework and fix vlan/station config reload handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-15 13:10:39 +02:00
Felix Fietkau
4acbe4e336 hostapd: fix more AP+STA issues
When STA is disconnected, ensure that the interface is in a cleanly stopped
state:
 - if in regular enable/disable state, stop beacons if necessary
 - in any other state, disable the interface

When the STA is up, ignore repeated start commands for the same channel, in
order to avoid unnecessary AP restarts

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-14 19:13:36 +02:00
Felix Fietkau
a63e118f77 hostapd: fix more dynamic reload issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-14 19:13:36 +02:00
Felix Fietkau
6cf27094e9 hostapd: add missing return statement
Avoids crash due to uninitialized stack/register garbage

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 22:57:49 +02:00
Felix Fietkau
7365e8f1bb hostapd: do not modify hapd->started when stopping an AP
It can cause cleanup to be skipped on wifi restart, which can lead to
use-after-free bugs

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 17:07:21 +02:00
Felix Fietkau
a463bd8c99 hostapd: update to the latest version
8e6485a1bcb0 PEAP client: Update Phase 2 authentication requirements
de9a11f4dde9 TTLS client: Support phase2_auth=2
b2a1e7fe7ab9 tests: PEAP and TTLS phase2_auth behavior
518ae8c7cca8 P2P: Do not print control characters in debug
a4c133ea73c7 WPS: Optimize attribute parsing workaround
7a37a94eaa0d Check whether element parsing has failed
f80d83368818 ACS: Remove invalid debug print
fb2b7858a728 FILS: Fix HE MCS field initialization
50ee26fc7044 P2P: Check p2p_channel_select() return value
a50d1ea6a2b3 Add QCA vendor attributes for user defined power save parameters
4636476b7f22 Set RRM used config if the (Re)Association Request frame has RRM IE
e53d44ac63e8 AP MLD: Use STA assoc link address in external auth status to the driver
99a96b2f9df7 AP MLD: OWE when SME is offloaded to the driver
96deacf5d710 nl80211: Skip STA MLO link channel switch handling in AP mode
d320692d918a AP MLD: Handle new STA event when using SME offload to the driver
faee8b99e928 tests: Fix eht_mld_sae_legacy_client to restore sae_pwe
c3f465c56c94 wlantest: Handle variable length MIC field in EAPOL-Key with OWE
605034240e0c wlantest: Support multiple input files
053bd8af8ed2 Recognize FTE MLO subelements
43b5f11d969a Defragmentation of FTE
3973300b8ded FTE protected element check for MLO Reassociation Response frame
74e4a0a6f1e4 wlantest: Learn AP MLD MAC address from Beacon frames
a5a0b2cf7b1b wlantest: Find non-AP MLD only from affiliated BSSs of the AP MLD
74472758584d wlantest: Recognize non-AP MLD based on any link address for decryption
1ffabd697c67 wlantest: Learn non-AP MLD MAC address from (Re)Association Request frames
4e8e515f92b9 wlantest: Use MLO search for the STA in reassociation
49bf9f2df95a wlantest: Use the MLD MAC address as well for matching STA entries
5434a42ec69c wlantest: Search for FT Target AP using MLD MAC address as well
a19fcf685cae wlantest: Include the MLD MAC address of the AP MLD in new-STA prints
709d46da73da wlantest: Do not claim update to AP MD MAC address if no change
770760454f9e wlantest: Do not update BSS entries for other AP MLDs in PTK cloning
084745ffc508 Add QCA vendor attributes for NDP setup
bf9cbb462fd9 Fix writing of BIGTK in FT protocol
011775af9443 tests: Check for beacon loss when using beacon protection
8f148d51322f Fix a compiler warning on prototype mismatch
b7db495ad9c9 AP: Fix ieee802_1x_ml_set_sta_authorized()
232667eafe0d Fix CCMP test vector issues
30771e6e05ed Include PTID in PV1 nonce construction for CCMP test vector
34841cfd9aba Minor formatting changes to CCMP test vectors
a685d84139e6 BSS coloring: Fix CCA with multiple BSS
bc0636841a70 wpa_supplicant: Fix configuration parsing error for tx_queue_*
2763d1d97e66 hostapd: Fix AID assignment in multiple BSSID
763a19286e2f AP: Add configuration option to specify the desired MLD address
bd209633eb10 AP: Use is_zero_ether_addr() to check if BSSID is NULL
bc0268d053b4 wlantest: Guess SAE/OWE group from EAPOL-Key length mismatch
a94ba5322803 EHT: Support puncturing for 320 MHz channel bandwidth
7e1f5c44c97e EHT: 320 MHz DFS support
6f293b32112a QCA vendor attributes for updating roaming AP BSSID info
5856373554eb Extend QCA vendor command to include more parameters for netdev events
e080930aa0a5 Define QCA vendor roam control RSSI attributes
fe72afe713ad Define QCA vendor attribute for high RSSI roam trigger threshold
47a65ccbfde2 P2P: Clean wpa_s->last_ssid when removing a temporary group network
884125ab7d21 tests: P2P autonomous GO and clearing of networking information
7637d0f25053 P2P: Do not filter pref_freq_list if the driver does not provide one
dd1330b502ff Fix hostapd interface cleanup with multiple interfaces
0a6842d5030e nl80211: Fix beacon rate configuration for legacy rates 36, 48, 54 Mbps
d606efe054d5 tests: Beacon rate configuration for 54 Mbps
f91d10c0e6aa tests: Update RSA 3k certificates
07d3c1177bbb tests: Make sae_proto_hostapd_status_* more robust
1085e3bdc6f6 Update iface->current_mode when fetching new hw_features
338a78846b44 Add a QCA vendor sub command for transmit latency statistics
9318db7c38bc wlantest: Use local variables for AA/SPA in FT Request/Response processing
628b9f10223d wlantest: Derive PMK-R1 and PTK using AA/SPA for MLO FT over-the-DS
104aa291e5c8 wlantest: Fix FT over-the-DS decryption
37c87efecfe3 wlantest: Search SPA using MLO aware find for FT Request/Response frame
19f33d7929e8 wlantest: Learn the Link ID for AP MLD affiliated BSSs
6ae43bb10323 wlantest: Learn link address for assoc link from (Re)Association Request
4c079dcc64da Increment hmac_sha*_vector() maximum num_elem value to 25
e6f64a8e1daf FT: FTE MIC calculation for MLO Reassociation Request frame
a83575df5994 wlantest: FTE MIC calculation for MLO Reassociation Request frames
ff02f734baf8 wlantest: Allow specific link BSS to be found with bss_find_mld()
7381c60db8f0 FT: Make FTE MIC calculation more flexible
ac9bf1cc2a4c Decrement hmac_sha*_vector() maximum num_elem value to 11
aa08d9d76803 Fix use of defragmented FTE information
78b153f90a74 Calculate defragmented FTE length during IE parsing
8cf919ffd5c4 wlantest: FTE MIC calculation for MLO Reassociation Response frame
d12a3dce82a9 wlantest: Store and check SNonce/ANonce for FT Authentication
20febfd7838d wlantest: Dump MLO association information in debug
609864d6a8a1 Add QCA vendor attribute to configure MLD ID in ML probe request
12154861e24a Add support for conversion to little endian for 24 bits
c437665041c0 Add Non EHT SCS Capability in (Re)Association Request frames
33da386553b7 SCS: Add support for QoS Characteristics in SCS request
edfca280cbe8 SCS: Add support for optional QoS Charateristics parameters
32dcec9529ec Send actual MFP configuration when driver takes care of BSS selection
123d16d860fa Update hw_mode when CSA finishes
b3d852560bda Change QCA vendor configure attribution name of peer MAC address
12fabc4765c2 Add QCA vendor attribute for configuring max A-MPDU aggregation count
f6eaa7b729cb Add QCA vendor attribute for TTLM negotiation support type
f6dcd326fea7 wlantest: Indicate ToDS/FromDS values for BSS DATA entries
6ce745bb87d4 wlantest: MLO support for decrypting 4-address frames
850dc1482953 wlantest: Remove duplicated A1/A2/A3 override detection for MLO
770e5a808fbb wlantest: Determine whether A1 points to STA once in rx_data_bss_prot()
377d617b574a Define new BSS command info mask for AP MLD address
d3ab6e001f62 wlantest: Use non-AP MLD's MLD MAC address in FT over-the-air derivation
a845601ffe32 wlantest: Derive PTK in MLO using MLD MAC addresses for FT over-the-air
0cd2bfc8a402 wlantest: Fix FTE MIC calculation for MLO Reassociation Response frames
528abdeb673b wlantest: Learn group keys from MLO FT Reassociation Response frames
990600753dd9 wlantest: Defragment Basic MLE before processing
de043ec01ab5 wlantest: Defragment the Per-STA Profile subelement
bae1ec693c44 wlantest: Minimal parsing of Basic MLE STA Profile
ba1579f3bf7c Clear BIGTK values from wpa_supplicant state machine when not needed
b46c4b9a916a tests: Beacon protection and reconnection
3e71516936b7 Document per-ESS MAC address (mac_addr=3 and mac_value)
f85b2b2dee3b Extend wpa_parse_kde_ies() to include EHT capabilities
e3a68081bc1e driver: Add option for link ID to be specified for send_tdls_mgmt()
c7561502f2e8 nl80211: Use a QCA vendor command to set the link for TDLS Discovery Response
a41c8dbdd84e TDLS: Copy peer's EHT capabilities
626501434be1 TDLS: Learn MLD link ID from TDLS Discovery Response
5f30f62eead7 TDLS: Reply to Discovery Request on the link with matching BSSID
940ef9a05c0f TDLS: Use link-specific BSSID instead of sm->bssid for MLO cases
f429064189c3 TDLS: Set EHT/MLO information for TDLS STA into the driver
dd25885a9daa Remove space-before-tab in QCA vendor related definitions
af6e0306b2a9 Fix typos in QCA vendor related definitions
4c9af238c1e4 Fix inconsistent whitespace use in QCA vendor related definitions
e5ccbfc69ecf Split long comment lines in QCA vendor related definitions

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 12:37:44 +02:00
Felix Fietkau
20c667cc88 hostapd: rework reload support and MAC address handling
MAC address and interface name assigned by mac80211.sh depend on the order in
which interfaces are brought up. This order changes when interfaces get added
or removed, which can cause unnecessary reload churn.

One part of the fix it making MAC address allocation more dynamic in both
wpa_supplicant and hostapd, by ignoring the provided MAC address using
the next available one, whenever the config does not explicitly specify one.

The other part is making use of support for renaming netdevs at runtime and
preserving the MAC address for renamed netdevs.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 12:37:44 +02:00
Felix Fietkau
13c1080a3f hostapd: move mac address allocation from mac80211.sh to wdev.uc
Preparation for upcoming hostapd reload improvements

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 12:37:44 +02:00
Felix Fietkau
8566ddc8b3 hostapd: add internal API for renaming AP interfaces
Will be used for improving reload support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 12:37:44 +02:00
Felix Fietkau
ddd012d5ff hostapd: fix AP+STA configuration with autochannel enabled
Properly disable the interface when requested
Disable ACS when bringing it back up on the new channel

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 12:36:55 +02:00
Felix Fietkau
4871acef79 hostapd: update interface/bss list after set_config calls
set_config causes the ucode bss resource to be re-created and because of that
the bss list needs to be updated as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 10:47:35 +02:00
Felix Fietkau
499ca4cbe0 hostapd: fix bringing up AP in AP+mesh configurations
Pass the correct frequency + secondary channel offset to hostapd

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-12 14:09:59 +02:00
Felix Fietkau
ea1787b7bc hostapd: clear ucode interface/bss resource pointers
Avoids potential use-after-free bugs

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-12 14:09:58 +02:00
Felix Fietkau
36a9f8449c hostapd: fix applying gratuitous ARP settings with bridge-vlan
The arp_accept setting needs to be applied to the snoop_iface

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-12 12:58:26 +02:00
Felix Fietkau
4a0b1af905 hostapd: allow adding initial AP without breaking STA interface connection
When switching from a STA-only configuration to AP+STA on the same phy, the
STA was previously restarted in order to notify hostapd of the new frequency,
which might not match the AP configuration.
Fix the STA restart by querying the operating frequency from within hostapd
when bringing up the AP.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-03 09:51:28 +02:00
Felix Fietkau
d65354488d hostapd: fix config change detection on boolean values
Check for null instead of truish value

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-03 09:51:08 +02:00
Felix Fietkau
3b44e0a4c1 hostapd: fix parsing HT secondary channel offset
It returned the wrong value when using HT40-

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-02 19:39:24 +02:00
Felix Fietkau
2021ca0a02 hostapd: reset center_seg0_idx for 2.4 GHz
Fixes 40 MHz channel bandwidth on 2.4 GHz AP+STA

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-02 19:39:24 +02:00
Felix Fietkau
b460ec66ed hostapd: use proper helper functions for setting seg0/seg1 idx and chwidth
Simplifies code and removes #ifdef statements

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-02 19:39:24 +02:00
Felix Fietkau
7049ea9e95 firewall4: update to the latest version
23a434d0d15d tests: fix expected test output
840ccdeeabce fw4: avoid emitting invalid rule jump targets
20da9933fd7e fw4: fix another instance of invalid rule jump targets
598d9fbb5179 fw4: remove special cases around hw flow offloading

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-01 14:01:06 +02:00
Felix Fietkau
821cf6dd38 hostapd: remove cfg80211 dependency
Always enable nl80211 driver support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-01 12:18:13 +02:00
Daniel Golle
9a4bd3b1e4 netifd: update to latest git HEAD
1a07f1dff32b make_ethtool_modes_h.sh: apply anti-bashism

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-09-01 01:03:13 +01:00
Daniel Golle
b85646f32f netifd: update to latest git HEAD
f429bd94f99e system-linux: switch to new ETHTOOL_xLINKSETTINGS API

Fixes AN announcement for speeds beyond 1 GBit/s.
Adds new UCI options for Ethernet devices:
 - autoneg: switch on or off auto-negotiation
 - pause: if set to 0, do not announce symmetric flow control capability
 - asym_pause: if set to 0, do not announce asymmetric flow control
               capability.
 - rxpause: if set overrides AN and forces RX pause accordingly
 - txpause: if set overrides AN and forces TX pause accordingly

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-08-31 21:54:40 +01:00
Felix Fietkau
560965d582 hostapd: select libopenssl-legacy for openssl variants
Without it, a lot of authentication modes fail without obvious error messages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-31 13:12:25 +02:00
Felix Fietkau
b0501d380f hostapd: remove eap-eap192 auth type value
It is no longer used

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-31 13:05:13 +02:00
Felix Fietkau
8c03dc962f netifd: update to the latest version
db3934d2f740 scripts/netifd-wireless.sh: properly fix WPA3 Enterprise support

Support the following values for the different WPA3 Enterprise modes:

- wpa3-mixed: WPA3 Enterprise transitional mode
	This supports EAP with both SHA1 and SHA-256, with optional MFP
- wpa3: WPA3 Enterprise only mode
	This supports only SHA256 with mandatory MFP
- wpa3-192: WPA3 Enterprise with mandatory 192 bit support
	This uses only GCMP-256 ciphers

Disable 192 bit support and GCMP-256 ciphers for the regular "wpa3" mode.
It seems that even leaving in optional 192 bit support breaks auth on some
clients, including iOS devices.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-31 13:05:13 +02:00
Felix Fietkau
b63df6ce5d hostapd: support eap-eap2 and eap2 auth_type values
WPA3 Enterprise-transitional requires optional MFP support and SHA1+SHA256
WPA3 Enterprise-only requires SHA1 support disabled and mandatory MFP.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-31 13:05:13 +02:00