Commit Graph

20679 Commits

Author SHA1 Message Date
Felix Fietkau
50e16efd41 hostapd: support dynamic reload of vlan files when renaming interfaces
Avoids unnecessary AP restart on ifname changes when wifi-vlan sections
are present.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-15 14:25:27 +02:00
Felix Fietkau
99515fbc36 netifd: update to the latest version
3d425f16d6a6 wireless: rework and fix vlan/station config reload handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-15 13:10:39 +02:00
Daniel Maslowski
c1206675a4
kernel: decouple 9P virtio from 9P net
General support for 9P is desirable on platforms without virtualization.
This decouples the 9P general networking support for use on more platforms.

Signed-off-by: Daniel Maslowski <info@orangecms.org>
2023-09-14 23:44:14 +02:00
Felix Fietkau
4acbe4e336 hostapd: fix more AP+STA issues
When STA is disconnected, ensure that the interface is in a cleanly stopped
state:
 - if in regular enable/disable state, stop beacons if necessary
 - in any other state, disable the interface

When the STA is up, ignore repeated start commands for the same channel, in
order to avoid unnecessary AP restarts

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-14 19:13:36 +02:00
Felix Fietkau
a63e118f77 hostapd: fix more dynamic reload issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-14 19:13:36 +02:00
Felix Fietkau
16889141d9 mac80211: fix AP reconfiguration on DFS channels in non-ETSI regdomain
Allow grace period for DFS available after shutting down beacons on the channel

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-14 19:13:35 +02:00
Felix Fietkau
6cf27094e9 hostapd: add missing return statement
Avoids crash due to uninitialized stack/register garbage

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 22:57:49 +02:00
Felix Fietkau
02b4dc93b6 mac80211: only add the mbssid option to the config when set
This avoids errors when the feature is not built into the hostapd binary

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 17:38:25 +02:00
Felix Fietkau
7365e8f1bb hostapd: do not modify hapd->started when stopping an AP
It can cause cleanup to be skipped on wifi restart, which can lead to
use-after-free bugs

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 17:07:21 +02:00
Felix Fietkau
a463bd8c99 hostapd: update to the latest version
8e6485a1bcb0 PEAP client: Update Phase 2 authentication requirements
de9a11f4dde9 TTLS client: Support phase2_auth=2
b2a1e7fe7ab9 tests: PEAP and TTLS phase2_auth behavior
518ae8c7cca8 P2P: Do not print control characters in debug
a4c133ea73c7 WPS: Optimize attribute parsing workaround
7a37a94eaa0d Check whether element parsing has failed
f80d83368818 ACS: Remove invalid debug print
fb2b7858a728 FILS: Fix HE MCS field initialization
50ee26fc7044 P2P: Check p2p_channel_select() return value
a50d1ea6a2b3 Add QCA vendor attributes for user defined power save parameters
4636476b7f22 Set RRM used config if the (Re)Association Request frame has RRM IE
e53d44ac63e8 AP MLD: Use STA assoc link address in external auth status to the driver
99a96b2f9df7 AP MLD: OWE when SME is offloaded to the driver
96deacf5d710 nl80211: Skip STA MLO link channel switch handling in AP mode
d320692d918a AP MLD: Handle new STA event when using SME offload to the driver
faee8b99e928 tests: Fix eht_mld_sae_legacy_client to restore sae_pwe
c3f465c56c94 wlantest: Handle variable length MIC field in EAPOL-Key with OWE
605034240e0c wlantest: Support multiple input files
053bd8af8ed2 Recognize FTE MLO subelements
43b5f11d969a Defragmentation of FTE
3973300b8ded FTE protected element check for MLO Reassociation Response frame
74e4a0a6f1e4 wlantest: Learn AP MLD MAC address from Beacon frames
a5a0b2cf7b1b wlantest: Find non-AP MLD only from affiliated BSSs of the AP MLD
74472758584d wlantest: Recognize non-AP MLD based on any link address for decryption
1ffabd697c67 wlantest: Learn non-AP MLD MAC address from (Re)Association Request frames
4e8e515f92b9 wlantest: Use MLO search for the STA in reassociation
49bf9f2df95a wlantest: Use the MLD MAC address as well for matching STA entries
5434a42ec69c wlantest: Search for FT Target AP using MLD MAC address as well
a19fcf685cae wlantest: Include the MLD MAC address of the AP MLD in new-STA prints
709d46da73da wlantest: Do not claim update to AP MD MAC address if no change
770760454f9e wlantest: Do not update BSS entries for other AP MLDs in PTK cloning
084745ffc508 Add QCA vendor attributes for NDP setup
bf9cbb462fd9 Fix writing of BIGTK in FT protocol
011775af9443 tests: Check for beacon loss when using beacon protection
8f148d51322f Fix a compiler warning on prototype mismatch
b7db495ad9c9 AP: Fix ieee802_1x_ml_set_sta_authorized()
232667eafe0d Fix CCMP test vector issues
30771e6e05ed Include PTID in PV1 nonce construction for CCMP test vector
34841cfd9aba Minor formatting changes to CCMP test vectors
a685d84139e6 BSS coloring: Fix CCA with multiple BSS
bc0636841a70 wpa_supplicant: Fix configuration parsing error for tx_queue_*
2763d1d97e66 hostapd: Fix AID assignment in multiple BSSID
763a19286e2f AP: Add configuration option to specify the desired MLD address
bd209633eb10 AP: Use is_zero_ether_addr() to check if BSSID is NULL
bc0268d053b4 wlantest: Guess SAE/OWE group from EAPOL-Key length mismatch
a94ba5322803 EHT: Support puncturing for 320 MHz channel bandwidth
7e1f5c44c97e EHT: 320 MHz DFS support
6f293b32112a QCA vendor attributes for updating roaming AP BSSID info
5856373554eb Extend QCA vendor command to include more parameters for netdev events
e080930aa0a5 Define QCA vendor roam control RSSI attributes
fe72afe713ad Define QCA vendor attribute for high RSSI roam trigger threshold
47a65ccbfde2 P2P: Clean wpa_s->last_ssid when removing a temporary group network
884125ab7d21 tests: P2P autonomous GO and clearing of networking information
7637d0f25053 P2P: Do not filter pref_freq_list if the driver does not provide one
dd1330b502ff Fix hostapd interface cleanup with multiple interfaces
0a6842d5030e nl80211: Fix beacon rate configuration for legacy rates 36, 48, 54 Mbps
d606efe054d5 tests: Beacon rate configuration for 54 Mbps
f91d10c0e6aa tests: Update RSA 3k certificates
07d3c1177bbb tests: Make sae_proto_hostapd_status_* more robust
1085e3bdc6f6 Update iface->current_mode when fetching new hw_features
338a78846b44 Add a QCA vendor sub command for transmit latency statistics
9318db7c38bc wlantest: Use local variables for AA/SPA in FT Request/Response processing
628b9f10223d wlantest: Derive PMK-R1 and PTK using AA/SPA for MLO FT over-the-DS
104aa291e5c8 wlantest: Fix FT over-the-DS decryption
37c87efecfe3 wlantest: Search SPA using MLO aware find for FT Request/Response frame
19f33d7929e8 wlantest: Learn the Link ID for AP MLD affiliated BSSs
6ae43bb10323 wlantest: Learn link address for assoc link from (Re)Association Request
4c079dcc64da Increment hmac_sha*_vector() maximum num_elem value to 25
e6f64a8e1daf FT: FTE MIC calculation for MLO Reassociation Request frame
a83575df5994 wlantest: FTE MIC calculation for MLO Reassociation Request frames
ff02f734baf8 wlantest: Allow specific link BSS to be found with bss_find_mld()
7381c60db8f0 FT: Make FTE MIC calculation more flexible
ac9bf1cc2a4c Decrement hmac_sha*_vector() maximum num_elem value to 11
aa08d9d76803 Fix use of defragmented FTE information
78b153f90a74 Calculate defragmented FTE length during IE parsing
8cf919ffd5c4 wlantest: FTE MIC calculation for MLO Reassociation Response frame
d12a3dce82a9 wlantest: Store and check SNonce/ANonce for FT Authentication
20febfd7838d wlantest: Dump MLO association information in debug
609864d6a8a1 Add QCA vendor attribute to configure MLD ID in ML probe request
12154861e24a Add support for conversion to little endian for 24 bits
c437665041c0 Add Non EHT SCS Capability in (Re)Association Request frames
33da386553b7 SCS: Add support for QoS Characteristics in SCS request
edfca280cbe8 SCS: Add support for optional QoS Charateristics parameters
32dcec9529ec Send actual MFP configuration when driver takes care of BSS selection
123d16d860fa Update hw_mode when CSA finishes
b3d852560bda Change QCA vendor configure attribution name of peer MAC address
12fabc4765c2 Add QCA vendor attribute for configuring max A-MPDU aggregation count
f6eaa7b729cb Add QCA vendor attribute for TTLM negotiation support type
f6dcd326fea7 wlantest: Indicate ToDS/FromDS values for BSS DATA entries
6ce745bb87d4 wlantest: MLO support for decrypting 4-address frames
850dc1482953 wlantest: Remove duplicated A1/A2/A3 override detection for MLO
770e5a808fbb wlantest: Determine whether A1 points to STA once in rx_data_bss_prot()
377d617b574a Define new BSS command info mask for AP MLD address
d3ab6e001f62 wlantest: Use non-AP MLD's MLD MAC address in FT over-the-air derivation
a845601ffe32 wlantest: Derive PTK in MLO using MLD MAC addresses for FT over-the-air
0cd2bfc8a402 wlantest: Fix FTE MIC calculation for MLO Reassociation Response frames
528abdeb673b wlantest: Learn group keys from MLO FT Reassociation Response frames
990600753dd9 wlantest: Defragment Basic MLE before processing
de043ec01ab5 wlantest: Defragment the Per-STA Profile subelement
bae1ec693c44 wlantest: Minimal parsing of Basic MLE STA Profile
ba1579f3bf7c Clear BIGTK values from wpa_supplicant state machine when not needed
b46c4b9a916a tests: Beacon protection and reconnection
3e71516936b7 Document per-ESS MAC address (mac_addr=3 and mac_value)
f85b2b2dee3b Extend wpa_parse_kde_ies() to include EHT capabilities
e3a68081bc1e driver: Add option for link ID to be specified for send_tdls_mgmt()
c7561502f2e8 nl80211: Use a QCA vendor command to set the link for TDLS Discovery Response
a41c8dbdd84e TDLS: Copy peer's EHT capabilities
626501434be1 TDLS: Learn MLD link ID from TDLS Discovery Response
5f30f62eead7 TDLS: Reply to Discovery Request on the link with matching BSSID
940ef9a05c0f TDLS: Use link-specific BSSID instead of sm->bssid for MLO cases
f429064189c3 TDLS: Set EHT/MLO information for TDLS STA into the driver
dd25885a9daa Remove space-before-tab in QCA vendor related definitions
af6e0306b2a9 Fix typos in QCA vendor related definitions
4c9af238c1e4 Fix inconsistent whitespace use in QCA vendor related definitions
e5ccbfc69ecf Split long comment lines in QCA vendor related definitions

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 12:37:44 +02:00
Felix Fietkau
20c667cc88 hostapd: rework reload support and MAC address handling
MAC address and interface name assigned by mac80211.sh depend on the order in
which interfaces are brought up. This order changes when interfaces get added
or removed, which can cause unnecessary reload churn.

One part of the fix it making MAC address allocation more dynamic in both
wpa_supplicant and hostapd, by ignoring the provided MAC address using
the next available one, whenever the config does not explicitly specify one.

The other part is making use of support for renaming netdevs at runtime and
preserving the MAC address for renamed netdevs.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 12:37:44 +02:00
Felix Fietkau
651cb1422e mac80211: add multiple BSSID support
This advertises multiple BSS interfaces in a single set of beacons

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 12:37:44 +02:00
Felix Fietkau
da55eba968 mac80211: add support for configuring number of globally allocated MAC addresses
When a device has more than one reserved mac address, they can be used for
virtual interfaces without the local bit in the first byte

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 12:37:44 +02:00
Felix Fietkau
13c1080a3f hostapd: move mac address allocation from mac80211.sh to wdev.uc
Preparation for upcoming hostapd reload improvements

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 12:37:44 +02:00
Felix Fietkau
8566ddc8b3 hostapd: add internal API for renaming AP interfaces
Will be used for improving reload support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 12:37:44 +02:00
Felix Fietkau
ddd012d5ff hostapd: fix AP+STA configuration with autochannel enabled
Properly disable the interface when requested
Disable ACS when bringing it back up on the new channel

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 12:36:55 +02:00
Felix Fietkau
1688c47e3e mac80211: disable automatically created sta interfaces
They are not useful for anything on the system and are annoying when a PHY
is disabled in the config

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 11:57:06 +02:00
Felix Fietkau
4871acef79 hostapd: update interface/bss list after set_config calls
set_config causes the ucode bss resource to be re-created and because of that
the bss list needs to be updated as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 10:47:35 +02:00
Felix Fietkau
2148579116 mac80211: add missing kernel modules for brcmfmac
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-13 09:45:56 +02:00
Michał Kwiatek
03306969f5 ath11k-firmware: update to stable WLAN.HK.2.9.0.1-01890
Changelog from quic:

Bug fixes, stability improvements from previous releases
are present. There are no backward comatibility issues
with this release.

Known issues:
IPV6 connectivity problem, see: https://github.com/openwrt/openwrt/pull/13203#issuecomment-1666947749

Tested-by: Michał Kwiatek <michal@kwiatek.it> # Xiaomi AX3600
Signed-off-by: Michał Kwiatek <michal@kwiatek.it>
2023-09-12 23:39:04 +02:00
Felix Fietkau
20bd3502d3 mac80211: fix mesh id corruption on 32 bit systems
increase size of ifmsh->mbss_changed

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-12 15:35:24 +02:00
Aviana Cruz
46d673033b
ramips: add support for mtk eip93 crypto engine
Mediatek EIP93 Crypto engine is a crypto accelerator which
is available in the Mediatek MT7621 SoC.

Signed-off-by: Aviana Cruz <gwencroft@proton.me>
Co-authored-by: Richard van Schagen <vschagen@icloud.com>
Co-authored-by: Chukun Pan <amadeus@jmu.edu.cn>
2023-09-12 14:57:54 +02:00
Hannu Nyman
47d56ae546
base-files: sysupgrade: Add 2 sec sleep into process KILL loop
Add 2 seconds sleep after each forcibly killed/tried-to-kill process
in the final process termination loop in sysupgrade stage2.

This is needed especially for qualcommax/ipq807x, where ath11k
wireless driver may have a long 10-20 seconds delay after termination
before actually getting killed. This often breaks sysupgrade.

The current KILL loop in kill_remaining does all 10 kill attempts
consecutively without any delay, as evidenced here in a failing sysupgrade.
It does not allow any time for the process to finalize its internal
termination.

Sat Sep  2 19:05:56 EEST 2023 upgrade: Sending TERM to remaining processes ...
Sat Sep  2 19:05:56 EEST 2023 upgrade: Sending signal TERM to hostapd (2122)
Sat Sep  2 19:05:56 EEST 2023 upgrade: Sending signal TERM to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending KILL to remaining processes ...
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2122)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Sending signal KILL to hostapd (2138)
Sat Sep  2 19:06:00 EEST 2023 upgrade: Failed to kill all processes.
sysupgrade aborted with return code: 256

The change in this commit adds a 2 seconds delay after each kill attempt
in order to allow some processes to more gracefully handle their
internal termination.

The result is like this:

Sun Sep  3 11:15:10 EEST 2023 upgrade: Sending TERM to remaining processes ...
Sun Sep  3 11:15:10 EEST 2023 upgrade: Sending signal TERM to hostapd (2309)
Sun Sep  3 11:15:10 EEST 2023 upgrade: Sending signal TERM to hostapd (2324)
Sun Sep  3 11:15:14 EEST 2023 upgrade: Sending KILL to remaining processes ...
Sun Sep  3 11:15:14 EEST 2023 upgrade: Sending signal KILL to hostapd (2309)
[  699.827521] br-lan: port 7(hn5wpa2r) entered disabled state
[  699.908673] device hn5wpa2r left promiscuous mode
[  699.908721] br-lan: port 7(hn5wpa2r) entered disabled state
[  701.038029] br-lan: port 6(hn5wpa3) entered disabled state
Sun Sep  3 11:15:16 EEST 2023 upgrade: Sending signal KILL to hostapd (2324)
[  702.058256] br-lan: port 5(hn2wlan) entered disabled state
[  709.250063] stage2 (8237): drop_caches: 3
Sun Sep  3 11:15:25 EEST 2023 upgrade: Switching to ramdisk...

The delay introduced here only kicks in if there is some process that
does not get terminated by the first TERM call. Then there is at least
one 2 sec wait after the first KILL loop round.

This commit is related to discussion in PRs #12235 and #12632

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Reviewed-by: Robert Marko <robimarko@gmail.com>
2023-09-12 14:52:50 +02:00
Felix Fietkau
499ca4cbe0 hostapd: fix bringing up AP in AP+mesh configurations
Pass the correct frequency + secondary channel offset to hostapd

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-12 14:09:59 +02:00
Felix Fietkau
ea1787b7bc hostapd: clear ucode interface/bss resource pointers
Avoids potential use-after-free bugs

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-12 14:09:58 +02:00
Felix Fietkau
36a9f8449c hostapd: fix applying gratuitous ARP settings with bridge-vlan
The arp_accept setting needs to be applied to the snoop_iface

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-12 12:58:26 +02:00
Felix Fietkau
42fda2f64e mac80211: add missing dependency for iwlwifi
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-12 11:18:45 +02:00
Felix Fietkau
e648e3ccf9 mac80211: fix build regressions on linux 6.1
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-11 18:54:13 +02:00
Felix Fietkau
f861292abc mac80211: update to version 6.5
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-11 14:29:36 +02:00
Piotr Dymacz
69f12c2f23 uboot-envtools: ramips: add support for ALFA Network AX1800RM
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2023-09-11 11:46:52 +02:00
Daniel Golle
948ad2ec7a arm-trusted-firmware-mediatek: fix hang on reboot on MT7622
With recent updates of TF-A the previously already fixed bug slipped
back into the source tree. Again, reorder bl2 init for MT7622 and
initialize WDT only after DRAM init has completed to avoid the
notorious hang.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-09-10 23:47:38 +01:00
Daniel Golle
9725524235 uboot-mediatek: sync mtk-snand driver with SDK
Sync SPI-NAND/ECC controller driver for MT7622, MT7981, MT7986 and MT7988:
 * Platform data for MT7981 was actually missing and is now added.
 * Add support for Winbond W25N01KV 1Gbit chip.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-09-10 23:46:06 +01:00
Patricia Lee
907e9e0bd3 mediatek: add support for Cetron CT3003
**Hardware specification:**

- SoC: MediaTek MT7981B 2x A53
- Flash: ESMT F50L1G41LB 128MB
- RAM: Nanya NT5CC128M16JR-EK 256MB
- Ethernet: 4 x 10/100/1000 Mbps
- Switch: MediaTek MT7531AE
- WiFi: MediaTek MT7976C
- Button: Reset, Mesh
- Power: DC 12V 1A
- UART: 3.3v, 115200n8
  | Layout:   |
  | :-------- |
  | <Antenna> |
  | VCC       |
  | GND       |
  | Tx        |
  | Rx        |

**Flash instructions:**

1. Rename `openwrt-mediatek-filogic-cetron_ct3003-squashfs-factory.bin` to `factory.bin`.
2. Upload the `factory.bin` using the device's Web interface.
3. Click the upgrade button and wait for the process to finish.
4. Access the OpenWrt interface using the same password.
5. Use the 'Restore' function to reset the firmware to its initial state.

**Notes:**

If you plan to recovery the stock firmware in the future, it's advisable
to connect the device via the serial port and enter failsafe mode to
back up all the MTD partitions before proceeding the steps above.

Signed-off-by: Patricia Lee <patricialee320@gmail.com>
2023-09-08 23:17:26 +02:00
Jayantajit Gogoi
18b6bae851 uboot-rockchip: add suport for Radxa ROCK Pi E
Add uboot support for Radxa ROCK Pi E, rockchip rk3328 board.
Add pre-built files to fix swig dependencies.

Specification:

- CPU: Rockchip RK3328 64-bit Quad-core
- RAM: DDR3 256MB ~ 2GB
- Network:
    1 x 10/100/1000M Ethernet
    1 x 10/100M Ethernet
- USB Host:
    1 x USB3.0 Type A HOST
    1 x USB2.0 OTG (40-pin pin-header)
- Wireless:
    RTL8723DU/RTL8821CU
- Power Supply: Type-C 5V

Installation:
- Write image to SD Card or EMMC with dd
- Boot ROCK Pi E from the SD Card

Signed-off-by: Jayantajit Gogoi <jayanta.gogoi525@gmail.com>
2023-09-05 00:20:51 +05:30
Yuu Toriyama
0e13363de6 wireless-regdb: update to 2023.09.01
Changes:
    9dc0800 wireless-regdb: Update regulatory rules for Philippines (PH)
    111ba89 wireless-regdb: Update regulatory rules for Egypt (EG) from March 2022 guidelines
    ae1421f wireless-regdb: Update regulatory info for Türkiye (TR)
    20e5b73 wireless-regdb: Update regulatory rules for Australia (AU) for June 2023
    991b1ef wireless-regdb: update regulatory database based on preceding changes

Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
2023-09-03 23:06:09 +02:00
Felix Fietkau
4a0b1af905 hostapd: allow adding initial AP without breaking STA interface connection
When switching from a STA-only configuration to AP+STA on the same phy, the
STA was previously restarted in order to notify hostapd of the new frequency,
which might not match the AP configuration.
Fix the STA restart by querying the operating frequency from within hostapd
when bringing up the AP.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-03 09:51:28 +02:00
Felix Fietkau
d65354488d hostapd: fix config change detection on boolean values
Check for null instead of truish value

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-03 09:51:08 +02:00
Felix Fietkau
3b44e0a4c1 hostapd: fix parsing HT secondary channel offset
It returned the wrong value when using HT40-

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-02 19:39:24 +02:00
Felix Fietkau
2021ca0a02 hostapd: reset center_seg0_idx for 2.4 GHz
Fixes 40 MHz channel bandwidth on 2.4 GHz AP+STA

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-02 19:39:24 +02:00
Felix Fietkau
b460ec66ed hostapd: use proper helper functions for setting seg0/seg1 idx and chwidth
Simplifies code and removes #ifdef statements

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-02 19:39:24 +02:00
Felix Fietkau
7049ea9e95 firewall4: update to the latest version
23a434d0d15d tests: fix expected test output
840ccdeeabce fw4: avoid emitting invalid rule jump targets
20da9933fd7e fw4: fix another instance of invalid rule jump targets
598d9fbb5179 fw4: remove special cases around hw flow offloading

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-01 14:01:06 +02:00
Felix Fietkau
821cf6dd38 hostapd: remove cfg80211 dependency
Always enable nl80211 driver support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-01 12:18:13 +02:00
Daniel Golle
9a4bd3b1e4 netifd: update to latest git HEAD
1a07f1dff32b make_ethtool_modes_h.sh: apply anti-bashism

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-09-01 01:03:13 +01:00
Daniel Golle
b85646f32f netifd: update to latest git HEAD
f429bd94f99e system-linux: switch to new ETHTOOL_xLINKSETTINGS API

Fixes AN announcement for speeds beyond 1 GBit/s.
Adds new UCI options for Ethernet devices:
 - autoneg: switch on or off auto-negotiation
 - pause: if set to 0, do not announce symmetric flow control capability
 - asym_pause: if set to 0, do not announce asymmetric flow control
               capability.
 - rxpause: if set overrides AN and forces RX pause accordingly
 - txpause: if set overrides AN and forces TX pause accordingly

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-08-31 21:54:40 +01:00
Felix Fietkau
560965d582 hostapd: select libopenssl-legacy for openssl variants
Without it, a lot of authentication modes fail without obvious error messages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-31 13:12:25 +02:00
Felix Fietkau
b0501d380f hostapd: remove eap-eap192 auth type value
It is no longer used

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-31 13:05:13 +02:00
Felix Fietkau
8c03dc962f netifd: update to the latest version
db3934d2f740 scripts/netifd-wireless.sh: properly fix WPA3 Enterprise support

Support the following values for the different WPA3 Enterprise modes:

- wpa3-mixed: WPA3 Enterprise transitional mode
	This supports EAP with both SHA1 and SHA-256, with optional MFP
- wpa3: WPA3 Enterprise only mode
	This supports only SHA256 with mandatory MFP
- wpa3-192: WPA3 Enterprise with mandatory 192 bit support
	This uses only GCMP-256 ciphers

Disable 192 bit support and GCMP-256 ciphers for the regular "wpa3" mode.
It seems that even leaving in optional 192 bit support breaks auth on some
clients, including iOS devices.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-31 13:05:13 +02:00
Felix Fietkau
b63df6ce5d hostapd: support eap-eap2 and eap2 auth_type values
WPA3 Enterprise-transitional requires optional MFP support and SHA1+SHA256
WPA3 Enterprise-only requires SHA1 support disabled and mandatory MFP.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-31 13:05:13 +02:00
Felix Fietkau
f0d1349b52 hostapd: fix FILS key mgmt type for WPA3 Enterprise 192 bit
Use the SHA384 variant to account for longer keys with more security

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-31 13:05:13 +02:00
Felix Fietkau
99a98b3024 mac80211: remove non-upstream antenna gain configuration patch
It seems that this was not functioning properly and was likely completely unused.
Keeping this out of tree also introduced some annoying churn when updating, because
of the iw nl80211.h sync patch.
If this is needed, it will be reintroduced when/if it is added upstream

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-30 12:28:30 +02:00