aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/hostapd/Makefile
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: convert ssl provider build options to variantsDaniel Golle2018-12-181-54/+234
| | | | | | | | | | | | Instead of selecting the SSL provider at compile time, build package variants for each option so users can select the binary package without having to build it themselves. Most likely not all variants have actually ever been user by anyone. We should reduce the selection to the reasonable and most used combinations at some point in future. For now, build them all. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (backported from c8fdd0e9c843dd483f6677dc41f7df17313aa3cd)
* hostapd: update to git HEAD of 2018-05-21, allow build against wolfsslDaniel Golle2018-12-181-12/+31
| | | | | | | | | | Support for building wpa_supplicant/hostapd against wolfssl has been added upstream recently, add build option to allow users using it. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (backported from 69f544937f8498e856690f9809a016f0d7f5f68b) (rebased patches) Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: fix VHT80 for encrypted mesh channel settingsSven Eckelmann2018-05-141-1/+1
| | | | | | | | | | | | | | | | | | | The max_oper_chwidth settings was parsed incorrectly for big endian system. This prevented the system to switch to VHT80 (or VHT160). Instead they were mapped to: * HT20: 20MHz * VHT20: 20MHz * HT40: 40MHz * VHT40: 40MHz * VHT80: 40MHz * VHT160: 40MHz This happened because each max_oper_chwidth setting in the config file was parsed as "0" instead of the actual value. Fixes: a4322eba2b12 ("hostapd: fix encrypted mesh channel settings") Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
* hostapd: fix mesh+APDaniel Golle2018-05-141-1/+1
| | | | | | | | Fix encrypted (or DFS) AP+MESH interface combination in a way similar to how it's done for AP+STA and fix netifd shell script. Refresh patches while at it. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: fix encrypted mesh channel settingsDaniel Golle2018-04-201-1/+1
| | | | | | | | | | | | | | | Import two patches from Peter Oh to allow setting channel bandwidth in the way it already works for managed interfaces. This fixes mesh interfaces on 802.11ac devices always coming up in VHT80 mode. Add a patch to allow HT40 also on 2.4GHz if noscan option is set, which also skips secondary channel scan just like noscan works in AP mode. This time also make sure to add all files to the patch before committing it... Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* Revert "hostapd: fix encrypted mesh channel settings"Felix Fietkau2018-04-201-1/+1
| | | | | | | This reverts commit 7f52919a2f2894125b4dca611eb2d30181af7e0b, which is currently breaking the builds and needs to be reworked Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix encrypted mesh channel settingsDaniel Golle2018-04-201-1/+1
| | | | | | | | | | | | Import two patches from Peter Oh to allow setting channel bandwidth in the way it already works for managed interfaces. This fixes mesh interfaces on 802.11ac devices always coming up in VHT80 mode. Add a patch to allow HT40 also on 2.4GHz if noscan option is set, which also skips secondary channel scan just like noscan works in AP mode. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: mesh: make forwarding configurableDaniel Golle2018-04-181-1/+1
| | | | | | | | | | | For unencrypted mesh networks our scripts take care of setting the various mesh_param values. wpa_supplicant changes somes of them when being used for SAE encrypted mesh and previously didn't allow configuring any of them. Add support for setting mesh_fwding (which has to be set to 0 when using other routing protocols on top of 802.11s) and update our script to pass the value to wpa_supplicant. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: update to git snapshot of 2018-04-09Daniel Golle2018-04-131-3/+3
| | | | | | | | | And import patchset to allow 802.11s mesh on DFS channels, see also http://lists.infradead.org/pipermail/hostap/2018-April/038418.html Fix sae_password for encryption mesh (sent upstream as well). Also refreshed existing patches and fixed 463-add-mcast_rate-to-11s. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: update to git snapshot of 2018-03-26Daniel Golle2018-03-271-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following patches were merged upstream: 000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch replaced by commit 0e3bd7ac6 001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch replaced by commit cb5132bb3 002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch replaced by commit 87e2db16b 003-Prevent-installation-of-an-all-zero-TK.patch replaced by commit 53bb18cc8 004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch replaced by commit 0adc9b28b 005-TDLS-Reject-TPK-TK-reconfiguration.patch replaced by commit ff89af96e 006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch replaced by commit adae51f8b 007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch replaced by commit 2a9c5217b 008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch replaced by commit a00e946c1 009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch replaced by commit b488a1294 010-Optional-AP-side-workaround-for-key-reinstallation-a.patch replaced by commit 6f234c1e2 011-Additional-consistentcy-checks-for-PTK-component-len.patch replaced by commit a6ea66530 012-Clear-BSSID-information-in-supplicant-state-machine-.patch replaced by commit c0fe5f125 013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch replaced by commit 114f2830d Some patches had to be modified to work with changed upstream source: 380-disable_ctrl_iface_mib.patch (adding more ifdef'ery) plus some minor knits needed for other patches to apply which are not worth being explicitely listed here. For SAE key management in mesh mode, use the newly introduce sae_password parameter instead of the psk parameter to also support SAE keys which would fail the checks applied on the psk field (ie. length and such). This fixes compatibility issues for users migrating from authsae. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: bump PKG_RELEASE after 802.11w changesJo-Philipp Wich2018-01-071-1/+1
| | | | | Fixes: 8a57531855 "hostapd: set group_mgmt_cipher when ieee80211w is enabled" Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: backport fix for wnm_sleep_mode=0Timo Sigurdsson2017-12-071-1/+1
| | | | | | | | | | | | | wpa_disable_eapol_key_retries can't prevent attacks against the Wireless Network Management (WNM) Sleep Mode handshake. Currently, hostapd processes WNM Sleep Mode requests from clients regardless of the setting wnm_sleep_mode. Backport Jouni Malinen's upstream patch 114f2830 in order to ignore such requests by clients when wnm_sleep_mode is disabled (which is the default). Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de> [rewrite commit subject (<= 50 characters), bump PKG_RELEASE] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* add PKG_CPE_ID ids to package and toolsAlexander Couzens2017-11-171-0/+1
| | | | | | | | | | | CPE ids helps to tracks CVE in packages. https://cpe.mitre.org/specification/ Thanks to swalker for CPE to package mapping and keep tracking CVEs. Acked-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* Revert "wpa_supplicant: log to syslog instead of stdout"Jo-Philipp Wich2017-10-271-1/+1
| | | | | | | | | | | | | | This reverts commit e7373e489d8a215402d6b0c408a26188342c7c17. Support of "-s" depends on the CONFIG_DEBUG_SYSLOG compile time flag which is not enabled for all build variants. Revert the change for now until we can properly examine the size impact of CONFIG_DEBUG_SYSLOG. Fixes FS#1117. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: bump PKG_RELEASEStijn Tintel2017-10-181-1/+1
| | | | | | | | | | The previous commit did not adjust PKG_RELEASE, therefore the hostapd/wpad/wpa_supplicant packages containing the AP-side workaround for KRACK do not appear as opkg update. Bump the PKG_RELEASE to signify upgrades to downstream users. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: bump PKG_RELEASEStijn Tintel2017-10-171-1/+1
| | | | | | | | | The previous CVE bugfix commit did not adjust PKG_RELEASE, therefore the fixed hostapd/wpad/wpa_supplicant packages do not appear as opkg update. Bump the PKG_RELEASE to signify upgrades to downstream users. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: escape double quoutes in wpad CFLAGSStijn Tintel2017-10-071-0/+1
| | | | | | | | | | | | | | | | | | A recent commit in hostapd added a build option to specify the default TLS ciphers. This build option is passed via CFLAGS. Due to the way CFLAGS are handled when building wpad, the compiler tries to recursively expand TLS_DEFAULT_CIPHERS, resulting in the following error: ../src/crypto/tls_openssl.c: In function 'tls_init': <command-line>:0:21: error: 'DEFAULT' undeclared (first use in this function) ../src/crypto/tls_openssl.c:1028:13: note: in expansion of macro 'TLS_DEFAULT_CIPHERS' ciphers = TLS_DEFAULT_CIPHERS; ^ Escape double quotes in the .cflags file to avoid this. Fixes: 2f78034c3ef ("hostapd: update to version 2017-08-24") Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update to version 2017-08-24Koen Vandeputte2017-10-071-4/+4
| | | | | | | | | | | | - Deleted upstreamed patches & parts - Refreshed all Compile tested: full-option package + tools (hostapd + wpa_supplicant) Run-tested: hostapd wpa2 hotspot & wpa_supplicant IBSS link Targets: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* treewide: fix shellscript syntax errors/typosLorenzo Santina2017-09-131-1/+1
| | | | | | | | | Fix multiple syntax errors in shelscripts (of packages only) These errors were causing many conditions to not working properly Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [increase PKG_RELEASE, drop command substitution from directip.sh] Signed-off-by: Mathias Kresin <dev@kresin.em>
* hostapd: add support for acs_chan_bias optionKevin Darbyshire-Bryant2017-06-241-1/+1
| | | | | | | | | | During auto channel selection we may wish to prefer certain channels over others. e.g. we can just squeeze 4 channels into europe so '1:0.8 5:0.8 9:0.8 13:0.8' does that. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* mac80211, hostapd: always explicitly set beacon intervalMatthias Schiffer2017-05-131-1/+1
| | | | | | | | | | | | | | | | One of the latest mac80211 updates added sanity checks, requiring the beacon intervals of all VIFs of the same radio to match. This often broke AP+11s setups, as these modes use different default intervals, at least in some configurations (observed on ath9k). Instead of relying on driver or hostapd defaults, change the scripts to always explicitly set the beacon interval, defaulting to 100. This also applies the beacon interval to 11s interfaces, which had been forgotten before. VIF-specific beacon_int setting is removed from hostapd.sh. Fixes FS#619. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* hostapd: mv netifd.sh hostapd.shDaniel Albers2017-02-151-1/+1
| | | | | | same name for the file on the host and target Signed-off-by: Daniel Albers <daniel.albers@public-files.de>
* Fix dependency for hostapdWilco Baan Hofman2017-01-261-1/+1
| | | | Signed-off-by: Wilco Baan Hofman <wilco@baanhofman.nl>
* hostapd: fix stray "out of range" shell errors in hostapd.shJo-Philipp Wich2017-01-231-1/+1
| | | | | | | | | | | | The hostapd_append_wpa_key_mgmt() procedure uses the possibly uninitialized $ieee80211r and $ieee80211w variables in a numerical comparisation, leading to stray "netifd: radio0 (0000): sh: out of range" errors in logread when WPA-PSK security is enabled. Ensure that those variables are substituted with a default value in order to avoid emitting this (harmless) shell error. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: fix passing jobserver to hostapd/supplicant build processesFelix Fietkau2017-01-151-3/+3
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* treewide: clean up and unify PKG_VERSION for git based downloadsFelix Fietkau2016-12-221-7/+4
| | | | | | Also use default defintions for PKG_SOURCE_SUBDIR, PKG_SOURCE Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to version 2016-12-19Koen Vandeputte2016-12-201-3/+3
| | | | | | | | | | | | | | Update to latest upstream HEAD: - Refreshed all - Fixes 2 regressions: --> PeerKey: Fix STK 4-way handshake regression --> PeerKey: Fix EAPOL-Key processing Compile tested Full & Mini configs Run-tested Mini config Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* hostapd: Add ability to specify that that wireless driver supports 802.11acAlexis Green2016-12-201-1/+7
| | | | | Signed-off-by: Alexis Green <agreen@cococorp.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [make more generic]
* hostapd: update to version 2016-12-15Koen Vandeputte2016-12-201-3/+3
| | | | | | | | | | | | | Update to latest upstream HEAD: - Refreshed all - Delete patches and parts which made it upstream Compile tested Full & Mini configs Run-tested Mini config Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [another update, remove broken patch]
* hostapd: remove never-used Package/<name>/DescriptionYousong Zhou2016-12-201-21/+1
| | | | | | | | The build system only accepts Package/<name>/description and since the typoed version virtually has the same content as the TITLE field, remove them altogether Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* treewide: clean up download hashesFelix Fietkau2016-12-161-1/+1
| | | | | | Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix PKG_CONFIG_DEPENDS for CONFIG_WPA_SUPPLICANT_*Matthias Schiffer2016-11-161-1/+1
| | | | | | These symbols don't affect wpa-supplicant only, but also wpad. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* hostapd: properly package wpa-supplicant-meshAlexis Green2016-10-311-1/+2
| | | | | | | | | Ensure that selecting the wpa-supplicant-mesh package actually packages the wpa_supplicant binary with SAE support and add missing dependency on OpenSSL. Signed-off-by: Alexis Green <alexis@cessp.it> [Jo-Philipp Wich: slightly reword commit message for clarity] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* source: Switch to xz for packages and tools where possibleDaniel Engberg2016-10-061-2/+2
| | | | | | | | | | | * Change git packages to xz * Update mirror checksums in packages where they are used * Change a few source tarballs to xz if available upstream * Remove unused lines in packages we're touching, requested by jow- and blogic * We're relying more on xz-utils so add official mirror as primary source, master site as secondary. * Add SHA256 checksums to multiple git tarball packages Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* hostapd: make -mesh and -p2p variants depend on the cfg80211 symbolFelix Fietkau2016-10-051-3/+3
| | | | | | Avoids build failures when the nl80211 driver is disabled Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to version 2016-09-05Felix Fietkau2016-09-081-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: remove unused hostapd-common-old packageFelix Fietkau2016-08-051-13/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: remove hostap driverFelix Fietkau2016-07-311-2/+0
| | | | | | | It has been marked as broken for well over a month now and nobody has complained. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* packages: prefer http over git for git protocolHauke Mehrtens2016-06-221-1/+1
| | | | | | | | | In company networks everything except the http and https protocol is often causes problems, because the network administrators try to block everything else. To make it easier to use LEDE in company networks use the https/http protocol for git access when possible. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: update to version 2016-06-15Felix Fietkau2016-06-151-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: Update to version 2016-05-05Michal Hrusecky2016-06-151-3/+3
| | | | | | Fixes CVE-2016-4476 and few possible memory leaks. Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
* treewide: replace nbd@openwrt.org with nbd@nbd.nameFelix Fietkau2016-06-071-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix wpad-mesh and wpa-supplicant-mesh configuration issuesFelix Fietkau2016-01-281-10/+9
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48528
* hostapd: update to version 2016-01-15Felix Fietkau2016-01-281-2/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48527
* hostapd: Use network_get_device instead of uci_get_stateFelix Fietkau2015-11-111-1/+1
| | | | | | | | This fixes the IAPP functionality. Signed-off-by: Petko Bordjukov <bordjukov@gmail.com> SVN-Revision: 47455
* mac80211/hostapd: rework 802.11w driver support selection, do not hardcode ↵Felix Fietkau2015-09-141-1/+1
| | | | | | | | drivers in hostapd makefile Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 46903
* hostapd: work around unconditional libopenssl build dependencyFelix Fietkau2015-09-111-1/+1
| | | | | | | | | | | As the OpenWrt build system only resolves build dependencies per directory, all hostapd variants were causing libopenssl to be downloaded and built, not only wpad-mesh. Fix this by applying the same workaround as in ustream-ssl. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> SVN-Revision: 46851
* hostapd: properly enable 802.11w supportFelix Fietkau2015-08-271-1/+1
| | | | | | | | | | | Add CONFIG_IEEE80211W variable to DRIVER_MAKEOPTS so that 802.11w support is properly compiled in full variant. This fixes #20179 Signed-off-by: Janusz Dziemidowicz <rraptorr@nails.eu.org> SVN-Revision: 46737
* hostapd: enable 802.11w only for the full variantsFelix Fietkau2015-05-061-1/+4
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45616
* hostapd: mark wpa-supplicant & wpad-mesh as broken on umlNicolas Thill2015-04-221-2/+2
| | | | | | Signed-off-by: Nicolas Thill <nico@openwrt.org> SVN-Revision: 45561
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-29 22:31:57 +0000