Commit Graph

1868 Commits

Author SHA1 Message Date
Paul Donald
d7765c488c lldpd: shellcheck fixes
No functionality/behaviour changes; code is synonymous

Tested on: 22.03.6

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 5364fe0f01)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:03 +02:00
Paul Donald
601bbdda6a lldpd: implement lldp_policy parameter
For certain lldp_class scenarios (2 & 3) a policy must be set also.
Class 4 is default, although it's good to handle the policy eventuality.

Here, set a default lldp_policy for all lldp_class scenarios. Any
lldp_policy can now be set.

Depends on PR #14584 (which introduced an `if` block)

Tested on 22.03.5, 22.03.6

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 497fafb8ae)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:03 +02:00
Paul Donald
56675166e8 lldpd: Implement location parameter
Previously only partially implemented. After commit
5007f488bb lldp_location was never removed

Now, add the value of lldp_location to the generated config.

The location param has a few syntaxes, so the config acquires the first
usage from the man page: 'address country EU'

Supplementary fix for PR #14193 (this param was included in the original
PR #13018 but the lldp_location fixes were absent from PR #14193).

Tested on 22.03.5, 22.03.6

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 53252eeb3b)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:03 +02:00
Paul Donald
7542e7927b lldpd: fix error "sh: XXXms: bad number"
from commit 3ce909914a

The lldpd man page says that "configure lldp tx-interval" can
specify an interval value in milliseconds by appending a "ms" suffix to
the figure. Thus mandating string handling, and not integer comparison.

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 79ee4cb039)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:03 +02:00
Paul Donald
b886948692 lldpd: refactor out ifaces derivation; reuse function
from commit 909f063066

Now pass two params to get_config_cid_ifaces() for:

cid_interface
interface

Each of which is a CSV of interfaces.

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 228d4e7f1b)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:03 +02:00
Paul Donald
74581b02b2 lldpd: remove unneeded quotes
from commit a5f715da71

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 4dcece46a7)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:03 +02:00
Paul Donald
8766fed5cd lldpd: remove unneeded quotes and variable quoting
from commit ac771313eb

portidsubtype takes 1 of 2 possible keywords which do not need quoting:

         configure lldp portidsubtype ifname | macaddress

The third keyword 'local' is used in the syntax when individual ports
are being defined:

         configure [ports ethX [,…]] lldp portidsubtype local value

When this syntax is used, quoting is useful (see test cases for lldpd).
In the init file, the 'local' syntax is unused.

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit bd1b17d589)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:03 +02:00
Paul Donald
64b38f3bd5 lldpd: remove unneeded quotes and variable quoting
from commit c98ee4dbb3

agent-type takes 1 of 3 possible keywords which do not require quoting:

         configure lldp agent-type nearest-bridge | nearest-non-tpmr-bridge
         | nearest-customer-bridge

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 24a4da527f)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:03 +02:00
Paul Donald
89759ee4bb lldpd: remove unneeded quotes and variable quoting
from commit 3ce909914a

'capabilities enabled x' where x is a string of CSV

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit b039641071)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:03 +02:00
Paul Donald
50135a03a6 lldpd: remove unneeded quotes
from commit 3ce909914a

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 82ec853284)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:03 +02:00
Paul Donald
4446346fdd lldpd: remove unneeded quotes and variable quoting
from commit 24176a6bdd

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 20a4dddeb0)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:03 +02:00
Paul Donald
b1ddf0a859 lldpd: fix a paste error
from commit 1be2088a52

The original PR #13018 did not exhibit this.

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 4fb8fea6de)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:03 +02:00
Paul Donald
c0217ef8f8 lldpd: spell fixes
Supplementary fix for PR #14193

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 1909b6f883)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:03 +02:00
Paul Donald
1d14e0abfc lldpd: fix -k 'lldp_no_version' row
Supplementary fix for PR #14193 and commit
b67182008f

Tested on 22.03.5

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 97eb3bf76c)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:03 +02:00
Stephen Howell
4ebd60b083 lldpd: add option to force EDP
allow EDP support if compiled and add force EDP option

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
(cherry picked from commit d274867c21)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:03 +02:00
Stephen Howell
13193cb070 lldpd: only use snmp options when compiled in
prevent SNMP options being passed unless lldpd supports them

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
(cherry picked from commit 8b2d02e48c)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:03 +02:00
Stephen Howell
02e3845890 lldpd: Update Makefile package release
increment Makefile package release to reflect changes to init script

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
(cherry picked from commit 1b36d44323)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:02 +02:00
Stephen Howell
a7f749ded4 lldpd: add option for tx delay and tx hold
add option to set LLDP transmit delay, hold timers to set update frequency

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
(cherry picked from commit a5f715da71)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:02 +02:00
Stephen Howell
b2008404ab lldpd: add option to set system platform
add option to override system platform instead of using kernel name

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
(cherry picked from commit 4159acceeb)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:02 +02:00
Stephen Howell
18fc86a0f5 lldpd: add option to force SONMP enabled
add option to force SONMP to be enabled even when no peer detected

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
(cherry picked from commit 4ac134aa78)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:02 +02:00
Stephen Howell
1201a69664 lldpd: add option to force FDP on
add option to force FDP when no peers detected

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
(cherry picked from commit 1be2088a52)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:02 +02:00
Stephen Howell
d6da0952ab lldpd: set CDP version and allow forcing CDP on
add option to specify CDPv1 or CDPv2 and separately enable or force each

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
(cherry picked from commit b67182008f)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:02 +02:00
Stephen Howell
7f58fc14d8 lldpd: allow disabling LLDP protcol
add option to allow LLDP disabling while using other supported protocols

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
(cherry picked from commit 61dbe756d8)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:02 +02:00
Stephen Howell
ed3f182d63 lldpd: add portidsubtype option
add option portidsubtype to correct port identifiers and descriptions

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
(cherry picked from commit ac771313eb)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:02 +02:00
Stephen Howell
6cbc100762 lldpd: add agent-type option
add option to set agent-type to control propogation

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
(cherry picked from commit c98ee4dbb3)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:02 +02:00
Stephen Howell
be4824977b lldpd: add LLDP MED options
add option to enable LLDP MED fast-start and set fast-start timer

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
(cherry picked from commit 24176a6bdd)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:02 +02:00
Stephen Howell
15e6259231 lldpd: option to disable LLDP-MED inventory TLV
add option to disable LLDP-MED inventory TLV transmission

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
(cherry picked from commit 1753498b01)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:02 +02:00
Stephen Howell
59ad77faba lldpd: Init adds no-version option
add option to disable advertising kernel version

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
(cherry picked from commit 058f284b1a)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:02 +02:00
Stephen Howell
1d83e4c5ed lldpd: Allow neighbour filtering
add filter option to init script.

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
(cherry picked from commit ac3ed75309)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:02 +02:00
Stephen Howell
f79ab96312 lldpd: LLDPD binds to only specified interfaces
Bind to the configured system interfaces only. Switchport interfaces
are no longer ignored and uci interface values for LLDPD are honored.

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
(cherry picked from commit 064b4999ad)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:02 +02:00
Stephen Howell
b0f991d03c lldpd: Init config read on reload
Init script reload with trigger to detect config file update.
Reload command added to attempt non-impactful lldpd reload where
lldpcli can be used to update config without process restart.
Config hash function used to track whether process restart is needed.

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
(cherry picked from commit e483c247dc)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:02 +02:00
Sebastian Pflieger
8f714af40b lldpd: add lldp_syscapabilities config option
allow to overwrite the detected system capabilities e.g. if devices
does not operate as bridge.

Signed-off-by: Sebastian Pflieger <sebastian@pflieger.email>
(cherry picked from commit 3ce909914a)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-09-17 12:36:02 +02:00
Sarah Maedel
5a8588e360 hostapd: fix anqp_3gpp_cell_net list delimiter
This patch fixes the list delimiter between 3GPP networks
passed to hostapd.

> list iw_anqp_3gpp_cell_net '262,001'
> list iw_anqp_3gpp_cell_net '262,002'

When passing a list of "iw_anqp_3gpp_cell_net" parameters via UCI,
hostapd would crash at startup:
> daemon.err hostapd: Line 73: Invalid anqp_3gpp_cell_net: 262,001:262,002

Using a semicolon as a delimiter, hostapd will start as expected.

Signed-off-by: Sarah Maedel <git@tbspace.de>
(cherry picked from commit 8de185a176)
2024-08-28 12:00:23 +02:00
Rany Hany
e4625c37c4 hostapd: fix SAE H2E security vulnerability
This patch backports fixes for a security vulnerability impacting the
hostapd implementation of SAE H2E.

As upgrading hostapd would require more testing, the second mitigation
step which involves backporting several patches was adopted as outlined
in the official advisory[1].

An explanation of the impact of the vulnerability is provided from the
advisory[1]:

This vulnerability allows the attacker to downgrade the negotiated group
to another enabled group if both the AP and STA have enabled SAE H2E and
multiple groups. It should be noted that the H2E option is not enabled
by default and the attack is not applicable to the default option, i.e.,
hunting-and-pecking, since it does not have any downgrade protection for
group negotiation. In addition, the default configuration for enabled
SAE groups in hostapd is to enable only a single group, so the
vulnerability is not applicable unless hostapd has been explicitly
configured to enable more groups for SAE.

[1]: https://w1.fi/security/2024-2/sae-h2h-and-incomplete-downgrade-protection-for-group-negotiation.txt

Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/16043
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit db7f70fe61)
2024-08-02 23:18:03 +02:00
Felix Fietkau
d0c7b19db8 hostapd: fix a crash corner case
On some setup failures, iface->bss can be NULL

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 1ee5b7e506)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-08 21:13:26 +02:00
Felix Fietkau
287e2565e2 hostapd: fix crash on interface setup failure
Add a missing NULL pointer check when deleting beacons

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 3984fb0582)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-08 21:13:25 +02:00
Felix Fietkau
80a36594f9 hostapd: use strdup on string passed to hostapd_add_iface
The data is modified within hostapd_add_iface

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 032d3fcf7a)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-08 21:13:25 +02:00
Fabrice Fontaine
6ea9cf3203 package/network/services/dropbear: fix PKG_CPE_ID
cpe:/a:dropbear_ssh_project:dropbear_ssh is the correct CPE ID for dropbear:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3🅰️dropbear_ssh_project:dropbear_ssh

Fixes: c61a239514 (add PKG_CPE_ID ids to package and tools)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15290
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 289f811abb)
Link: https://github.com/openwrt/openwrt/pull/15881
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-06 18:31:14 +02:00
David Bauer
ef4fc5cc1d hostapd: bump PKG_RELEASE
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 89d7051485)
2024-06-30 22:31:51 +02:00
David Bauer
85ff47c6be hostapd: don't ignore probe-requests with invalid DSSS params
Don't ignore probe requests which contain an invalid DS parameter for the
current operating channel.

As the comment outlines, the drop shall only apply if
dot11RadioMeasurementActivated is set to 1.

However, it was observed Linux clients (Debian 12 / NixOS 23.11)
with an Intel 8265 NIC may generate a probe request frame with
dot11RadioMeasurementActivated set to false and an invalid DSSS
parameter.

These were also dropped even though they should not have been. They
however should not have contained this parameter in the first place.

Don't drop Probe Requests which contain such an invalid field. This may
lead to more probe responses being sent, however it does fix very
frequent connection issues for these clients on 2.4 GHz.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 68e4cc9be5)
2024-06-30 22:31:51 +02:00
Alexandru Gagniuc
a6bb1df40b wifi-scripts: fix creation of IBSS in legacy (non-HT) mode
When an IBBS interface is configured for IBSS legacy mode, wdev.htmode
is empty. This is empty string results in an empty positional argument
to the "ibbs join" command, for example:

    iw dev phy0-ibss0 ibss join crymesh 2412 '' fixed-freq beacon-interval 100

This empty argument is interpreted as an invalid HT mode by 'iw',
causing the entire command to fail and print a "usage" message:

    daemon.notice netifd: radio0 (4527): Usage:    iw [options] \
        dev <devname> ibss join <SSID> <freq in MHz> ...

Although nobody will ever need more than 640K of IBSS, explicitly use
"NOHT" if an HT mode is not given. This fixes the problem.

Fixes: e56c5f7b27 ("hostapd: add ucode support, use ucode for the main ubus object")
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [extend to cover more cases]
(cherry picked from commit cee9fcdb73)
2024-05-23 21:35:53 +02:00
Felix Fietkau
26548c4254 unetd: update to Git HEAD (2024-03-31)
52144f723bec pex: after receiving data update req, notify peer of local address/port
29aacb9386e0 pex: track indirect hosts (reachable via gateway) as peers without adding them to wg
48049524d4fc pex: do not send peer notifications for hosts with a gateway
12ac684ee22a pex: do not query for hosts with a gateway
203c88857354 pex: fix endian issues on config transfer
a29d45c71bca network: fix endian issue in converting port to network id
cbbe9d337a17 unet-cli: emit id by default
806457664ab6 unet-cli: strip initial newline in usage message

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a112ed4126)
2024-03-31 19:57:22 +02:00
Hauke Mehrtens
03a3a729ec dnsmasq: Backport 2 upstream patches
These two patches are fixing minor problems with DNSSEC found shortly
after the dnsmasq 2.90 release.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 28c87d7ecd)
2024-03-20 01:22:10 +01:00
Robert Marko
853b638f85 dnsmasq: reset PKG_RELEASE
dnsmasq was recently updated to 2.90, but PKG_RELEASE was not reset to 1.

Fixes: 838a27f64f ("dnsmasq: version 2.90")
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 694e647784)
2024-03-18 21:55:47 +01:00
Nathaniel Wesley Filardo
875822f283 dnsmasq: version 2.90
Bump to 2.90 to get upstream's fix for DNSSEC KeyTrap (CVE-2023-50387,
CVE-2023-50868) among many other goodies and fixes (notably, upstream
568fb024... fixes a UAF in cache_remove_uid that was routinely crashing
dnsmasq in my deployment).

Catch up our 200-ubus_dns.patch, too.

Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
(cherry picked from commit 838a27f64f)
2024-03-18 21:55:47 +01:00
Sven Eckelmann
af22a169c1 dnsmasq: mark global ubus context as closed after fork
If the dnsmasq process forks to handle TCP connections, it closes the ubus
context. But instead of changing the daemon wide pointer to NULL, only the
local variable was adjusted - and this portion of the code was even dropped
(dead store) by some optimizing compilers.

It makes more sense to change the daemon->ubus pointer because various
functions are already checking it for NULL. It is also the behavior which
ubus_destroy() implements.

Fixes: d8b33dad0b ("dnsmasq: add support for monitoring and modifying dns lookup results via ubus")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit 711dcb7763)
2024-03-18 21:55:47 +01:00
Konstantin Demin
6549a711be dropbear: cherry-pick upstream patches
critical fixes:
- libtommath: possible integer overflow (CVE-2023-36328)
- implement Strict KEX mode (CVE-2023-48795)

various fixes:
- fix DROPBEAR_DSS and DROPBEAR_RSA config options
- y2038 issues
- remove SO_LINGER socket option
- make banner reading failure non-fatal
- fix "noremotetcp" behavior
- don't try to shutdown a pty
- fix test for multiuser kernels

adds new features:
- option to bind to interface
- allow inetd with non-syslog
- ignore unsupported command line options with dropbearkey

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(cherry picked from commit b5cde26048)
[Only add the patches fixing security problems]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stijn Segers <foss@volatilesystems.org>
2024-03-15 23:53:01 +01:00
Petr Štetiar
0844937947
umdns: update to Git 7c675979 (2024-03-04)
Backport of single commit 9040335e102 ("interface: fix interface memory
corruption").

Fixes: openwrt/openwrt/issues/14120
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2024-03-08 07:56:44 +00:00
Jesus Fernandez Manzano
503f78f91c hostapd: fix 11r defaults when using WPA
802.11r can not be used when selecting WPA. It needs at least WPA2.

This is because 802.11r advertises FT support in-part through the
Authentication and Key Management (AKM) suites in the Robust
Security Network (RSN) Information Element, which was included in
the 802.11i amendment and WPA2 certification program.

Pre-standard WPA did not include the RSN IE, but the WPA IE.
This IE can not advertise the AKM suite for FT.

Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
(cherry picked from commit cdc4c55175)
2024-03-06 14:05:22 +01:00
Jesus Fernandez Manzano
e5a12edb88 hostapd: fix 11r defaults when using SAE
When using WPA3-SAE or WPA2/WPA3 Personal Mixed, we can not use
ft_psk_generate_local because it will break FT for SAE. Instead
use the r0kh and r1kh configuration approach.

Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
(cherry picked from commit e2f6bfb833)
Fixes: https://github.com/openwrt/luci/issues/6930
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2024-03-06 14:01:41 +01:00