Initial support for dynamic reload of RxKHs.
In order to check if RxKHs need reloading.
RxKHs defined in the rxkh_file first has to be parsed and formated,
the same way as hostapd will read from the file and also output,
with the command GET_RXKHS.
Then each list of RxKHs can be hashed and compared.
Ucode implementation of hostapds rkh_derive_key() function.
Hostapd converts hex keys with 128-bits or more when less than 256-bits
to 256-bits, and truncates those that are more than 256-bits.
See: https://w1.fi/cgit/hostap/commit/hostapd/config_file.c?id=245fc96e5f4b1c566b7eaa19180c774307ebed79
Signed-off-by: Sybil127 <sybil127@outlook.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
With rxkh_file, hostapd will read a list of RxKHs from a text file.
This also makes it possible for hostapd to dynamically reload RxKHs.
RxKHs defined in rxkh_file should be formated as described in hostapd.conf,
with one entry per line.
R0KH/R1KH format:
r0kh=<MAC address> <NAS Identifier> <256-bit key as hex string>
r1kh=<MAC address> <R1KH-ID> <256-bit key as hex string>
Reworked behavior of the uci options r0kh and r1kh.
When rxkh_file is not configured:
Instead of appending the RxKHs to the hostapd bss configuration.
They will be added to a interface specific file with name
/var/run/hostapd-phyX-apX.rxkh.
This file will be used as the rxkh_file in the hostapd bss configuration.
When rxkh_file is configured:
The specified file will be used in the hostapd bss configuration,
and will be the only source for configured RxKHs.
All RxKHs defined with the uci options r0kh or r1kh will be ignored.
Signed-off-by: Sybil127 <sybil127@outlook.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The initialization of mesh interfaces currently fail when wpa_supplicant
is not installed. This is due to the script calling the wpa_supplicant
feature indicator without verifying wpa_supplicant is installed at all.
To avoid failing, first check if wpa_supplicant is installed before
determining the available featureset.
Signed-off-by: David Bauer <mail@david-bauer.net>
dnsmasq passes a limited amount of information via DHCP script arguments. Much
more information is available through environment variables starting with
DNSMASQ_, such as DNSMASQ_INTERFACE. However, when the dhcp-script builds its
JSON environment and passes it to hotplug, all of this information is discarded
since it is not copied to the JSON environment.
Personally, I have a custom-made set of DDNS scripts and rely on environment
variables such as DNSMASQ_INTERFACE in order to determine which DNS zones
to update. So, not being able to access these variables was detrimental to me.
I patched in a quick copy of all DNSMASQ_ variables to the JSON environment
so that they can be used in hotplug scripts. In order to do so I also copied
/usr/bin/env into dnsmasq's chroot jail.
Signed-off-by: Chuck R <github@chuck.cloud>
Link: https://github.com/openwrt/openwrt/pull/16354
Signed-off-by: John Crispin <john@phrozen.org>
Group 'local' declarations and 'json_get_vars', sort alphabetically within groups, and split off more generic parameters.
- delegate and sourcefilter were not declared as local variables
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Link: https://github.com/openwrt/openwrt/pull/16734
Signed-off-by: John Crispin <john@phrozen.org>
Group 'local' declarations and 'json_get_vars', sort alphabetically within groups, and split off more generic parameters.
- delegate and sourcefilter were not declared as local variables
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Group 'local' declarations and 'json_get_vars', sort alphabetically within groups, and split off more generic parameters.
- delegate and sourcefilter were not declared as local variables
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
change Support-UDP-Traceroute rule from 'enabled false' to 'enabled 0'
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17133
Signed-off-by: John Crispin <john@phrozen.org>
Regarding SAE support in wifi-station:
Important Note: Unlike PSK wifi-stations, both `mac` and `key` options are required
to make it work. With PSK, hostapd used to perform a brute-force match to find which
PSK entry to use, but with SAE this is infeasible due to SAE's design.
When `mac` is omitted, it will allow any MAC address to use the SAE password if it
didn't have a MAC address assigned to it, but this could only be done once.
The last wildcard entry would be used.
Also, unlike "hostapd: add support for SAE in PPSK option" (commit 913368a),
it is not required to set `sae_pwe` to `0`. This gives it a slight advantage
over using PPSK that goes beyond not needing RADIUS.
Example Configuration:
```
config wifi-vlan
option iface default_radio0
option name 999
option vid 999
option network management
config wifi-station
# Allow user with MAC address 00:11:22:33:44:55 and matching
# key "secretadminpass" to access the management network.
option iface default_radio0
option vid 999
option mac '00:11:22:33:44:55'
option key secretadminpass
config wifi-vlan
option iface default_radio0
option name 100
option vid 100
option network guest
config wifi-station
# With SAE, when 'mac' is omitted it will be the fallback in case no
# other MAC address matches. It won't be possible for a user that
# has a matching MAC to use this network (i.e., 00:11:22:33:44:55
# in this example).
option iface default_radio0
option vid 100
option key guestpass
```
Regarding PSK file creation optimization:
This patch now conditionally runs `hostapd_set_psk_file` depending on `auth_type`.
Previously, `hostapd_set_psk` would always execute `hostapd_set_psk_file`, which
would create a new file if `wifi-station` was in use even if PSK was not enabled.
This change checks the `auth_type` to ensure that it is appropriate to parse the
`wifi-station` entries and create those files.
Furthermore, we now only configure `wpa_psk_file` when it is a supported option
(i.e., psk or psk-sae is used). Previously, we used to configure it when it was
not necessary. While it didn't cause any issues, it would litter `/var/run` with
unnecessary files. This patch fixes that case by configuring it depending on the
`auth_type`.
The new SAE support is aligned with these PSK file changes.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/17145
Signed-off-by: John Crispin <john@phrozen.org>
93458ac dns: fix response to TYPE_PTR query
68af311 fix unicast response port and timeout
a2b4979 service: announce all services in single dns answer
4537734 display announced services in ubus call umdns browse
0b50c29 display more srv attributes in output of ubus browse function
Signed-off-by: John Crispin <john@phrozen.org>
libbfd feature is not used when building eBPF program, and it makes bpftool fail to build in a clean environment, since binutils in toolchain have libbfd disabled.
Signed-off-by: Eric Long <i@hack3r.moe>
Link: https://github.com/openwrt/openwrt/pull/17073
Signed-off-by: Robert Marko <robimarko@gmail.com>
- fix variable references for ft key
- add r0kh and r1kh if ft_generate_local is not set (logic inversion bug)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The internal hostapd version cannot be built with EAP-pwd support, so
enable it only for the SSL variants.
Fixes: #17163
Fixes: 6365316fab ("hostapd: add ubus support for wired driver")
Link: https://github.com/openwrt/openwrt/pull/17164
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add an ucode based re-implementation of the shell script based wifi code.
The new code is jsonschema driven. The code has been refactored into several
files making it easier to follow.
The new scripts are also way faster than the previous sh implementation.
The new code is currently opt-in via WIFI_SCRIPTS_UCODE and defaults to
EXPERIMENTAL.
Signed-off-by: John Crispin <john@phrozen.org>
Add an ucode based re-implementation of iwinfo. The tool behaves like the old
one with a few minor output differences. It is now possible to add -j to any
command resulting in JSON output.
The new code is currently opt-in via WIFI_SCRIPTS_UCODE and defaults to
EXPERIMENTAL.
Signed-off-by: John Crispin <john@phrozen.org>
Use and alternate ubus object when the config contains "driver=wired". This
commit is in preparation of the ieee8021x-wired daemon.
Signed-off-by: John Crispin <john@phrozen.org>
This allows a radius server to send AVPs for client rate control inside the
accept message. Further add the ratelimits to the sta-authorized ubus
notification.
Signed-off-by: John Crispin <john@phrozen.org>
Avoid harmless error from network script by checking presence of
now-optional wifi support script, most notably confusing users of x86
snapshots.
Fixes: #14964
Signed-off-by: Andris PE <neandris@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14986
Signed-off-by: Robert Marko <robimarko@gmail.com>
86da5cbcdb9d system-linux: do not pull ifindex/flags from netlink messages on rtnl events
cd96f61ba63e proto-shell: fix spurious interface teardowns with host deps
a39fe3a8b150 wireless: add support for adding a list of devices for a wifi-iface
d29cf707478c iprule: add ipproto property
768027c5a764 system-linux: restore reading flags from netlink messages
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17074
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fixup capabilities parsing in iw output.
In addition to the normal capabilities iw now also outputs HE MAC, HE
PHY and EHT MAC and EHT PHY capabilities. Exclude them in the parsing.
The grep returns this with mac80211-hwsim:
```
root@OpenWrt:~# iw phy phy0 info | grep 'Capabilities:'
Capabilities: 0x107e
HE PHY Capabilities: (0x02bfce0000000000000000):
EHT PHY Capabilities: (0x7c0000feffff7f01):
HE PHY Capabilities: (0x02bfce0000000000000000):
EHT PHY Capabilities: (0x7c0000feffff7f01):
HE PHY Capabilities: (0x02bf000000000000000000):
Capabilities: 0x107e
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfc1f3ffeffff7f37):
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfc1f3ffeffff7f37):
HE PHY Capabilities: (0x1cbf000000000000000000):
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfefffffeffffff7f):
HE PHY Capabilities: (0x1cbfce0000000000000000):
EHT PHY Capabilities: (0xfefffffeffffff7f):
HE PHY Capabilities: (0x1cbf000000000000000000):
Capabilities: 0x107e
```
With busybox 1.36.1 the ht_cap_mask variable will be set to
-72057598332895361. With busybox 1.37.0 it will be set to -1.
Both values are wrong, after this change it will be set to 4222
(0x107E).
Link: https://github.com/openwrt/openwrt/pull/17043
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
b6ae9ffaeb0e odhcp6c: allow to request specific ipv6 prefix
Signed-off-by: He Ping <pinghejk@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17013
Signed-off-by: Petr Štetiar <ynezz@true.cz> [hash, commit]
The config_get_bool also works with on/off, yes/no, true/false.
Add 'main' section name. This will make it easier to change settings from uci.
Add a link to documentation.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15579
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The ppp package can support all features since Linux 4.7.0 kernel.
Therefore, most kernel version checks can pass unconditionally on
OpenWrt v18.06 and later version. This patch can reduce the size
of ppp package by approximately 2.5 KB.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16695
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
These two were getting rather long.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Link: https://github.com/openwrt/openwrt/pull/16849
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
e93f6c3fc729 main: fix format string related warnings for log/debug printf functions
6ab44a2413f9 fix signed/unsigned comparison warnings
4fe997b61d7d system-dummy: add system_if_apply_settings_after_up
992d33cb42a6 ubus: add notifications on wireless device state changes
34eb11eb6f5c device/interface: add "tags" attribute from config to status dump
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This allows annotating wifi interfaces in the config in a way that can be
queried through wifi status. One example use case is to mark wifi interfaces
for use with specific services without having to explicitly reference the
(often unnamed) sections from elsewhere.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Currently, xdp-tools doesn't compile on build systems where
bpftool is installed because additional tools and BPF programs
will be compiled then, which results in build errors.
This commit disables the compilation of those bpftool-dependent tools.
Signed-off-by: Til Kaiser <mail@tk154.de>
Link: https://github.com/openwrt/openwrt/pull/16787
Signed-off-by: Robert Marko <robimarko@gmail.com>
Drop the patch to re-add the vlan_hdr struct
because it is required now to build xdp-filter.
Signed-off-by: Til Kaiser <mail@tk154.de>
Link: https://github.com/openwrt/openwrt/pull/16798
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
It seems some package (sstp-client) makes use of pppd.pc file to detect
the ppp version as 2.5.0 changed some API.
Also install the .pc file to permit the version detection of pppd.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
