aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/hostapd/files
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: don't set htmode for wpa_supplicantLeon M. George2017-11-211-2/+0
| | | | | | no longer supported Signed-off-by: Leon M. George <leon@georgemail.eu>
* hostapd: rework frequency/ht/vht selection for ibss/meshFelix Fietkau2017-11-154-15/+31
| | | | | | | | | | - Remove obsolete patch chunks regarding fixed_freq - Instead of patching in custom HT40+/- parameters, use the standard config syntax as much as possible. - Use fixed_freq for mesh - Fix issues with disabling obss scan when using fixed_freq on mesh Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: explicitly set beacon interval for wpa_supplicantSven Eckelmann2017-11-151-0/+1
| | | | | | | | | | | | | | | The beacon_int is currently set explicitly for hostapd and when LEDE uses iw to join and IBSS/mesh. But it was not done when wpa_supplicant was used to join an encrypted IBSS or mesh. This configuration is required when an AP interface is configured together with an mesh interface. The beacon_int= line must therefore be re-added to the wpa_supplicant config. The value is retrieved from the the global variable. Fixes: 1a16cb9c67f0 ("mac80211, hostapd: always explicitly set beacon interval") Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Felix Fietkau <nbd@nbd.name> [rebase]
* hostapd: remove default r1_key_holder generationYury Shvedov2017-11-061-2/+1
| | | | | | | | By default, hostapd assumes r1_key_holder equal to bssid. If LEDE configures the same static r1 key holder ID on two different APs (BSSes) the RRB exchanges fails behind them. Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
* Revert "wpa_supplicant: log to syslog instead of stdout"Jo-Philipp Wich2017-10-271-1/+1
| | | | | | | | | | | | | | This reverts commit e7373e489d8a215402d6b0c408a26188342c7c17. Support of "-s" depends on the CONFIG_DEBUG_SYSLOG compile time flag which is not enabled for all build variants. Revert the change for now until we can properly examine the size impact of CONFIG_DEBUG_SYSLOG. Fixes FS#1117. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: add wpa_disable_eapol_key_retries optionStijn Tintel2017-10-171-0/+5
| | | | | | | | | | | | | | Commit 2127425434046ae2b9f02fdbbdd37cac447af19c introduced an AP-side workaround for key reinstallation attacks. This option can be used to mitigate KRACK on the station side, in case those stations cannot be updated. Since many devices are out there will not receive an update anytime soon (if at all), it makes sense to include this workaround. Unfortunately this can cause interoperability issues and reduced robustness of key negotiation, so disable the workaround by default, and add an option to allow the user to enable it if he deems necessary. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: add support for specifying device config options directly in uciFelix Fietkau2017-09-281-0/+6
| | | | | | | This is useful for tuning some more exotic parameters where it doesn't make sense to attempt to cover everything in uci directly Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update wpa_supplicant p2p configLorenzo Santina2017-09-281-91/+278
| | | | | | | | | | | | | | | | Update the config file to the latest version. Added CONFIG_EAP_FAST=y because it was the only missing flag about EAP compared to full config. Removed NEED_80211_COMMON flag because it is not part of config file, it is set by the hostapd upstream Makefile. Other flags are the same as before. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update wpa_supplicant mini configLorenzo Santina2017-09-281-100/+292
| | | | | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Removed NEED_80211_COMMON flag because it is not part of config file, it is set by the hostapd upstream Makefile. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update wpa_supplicant full configLorenzo Santina2017-09-281-93/+280
| | | | | | | | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Commented CONFIG_IEEE80211W=y flag because it is set in the Makefile, only if the driver supports it. Removed NEED_80211_COMMON flag because it is not part of config file, it is set by the hostapd upstream Makefile. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update hostapd mini configLorenzo Santina2017-09-281-19/+237
| | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update hostapd full configLorenzo Santina2017-09-281-27/+235
| | | | | | | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Removed flag CONFIG_WPS2 because it is no more needed due to this changelog (2014-06-04 - v2.2): "remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled whenever CONFIG_WPS=y is set". Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: ft_over_ds supportLorenzo Santina2017-09-181-2/+4
| | | | | | Add support for ft_over_ds flag in ieee80211r Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
* hostapd: ft_psk_generate_local supportLorenzo Santina2017-09-181-2/+4
| | | | | | | | Add support for ft_psk_generate_local flag in ieee80211r Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [original author] Signed-off-by: Sergio <mailbox@sergio.spb.ru>
* treewide: fix shellscript syntax errors/typosLorenzo Santina2017-09-131-1/+1
| | | | | | | | | Fix multiple syntax errors in shelscripts (of packages only) These errors were causing many conditions to not working properly Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [increase PKG_RELEASE, drop command substitution from directip.sh] Signed-off-by: Mathias Kresin <dev@kresin.em>
* hostapd: fix iapp_interface optionLorenzo Santina2017-09-101-1/+1
| | | | | | | ifname variable were not assigned due to syntax error causing the hostapd config file to have an empty iapp_interface= option Signed-off-by: Lorenzo Santina <lorenzo.santina.dev@gmail.com>
* wpa_supplicant: log to syslog instead of stdoutStijn Tintel2017-08-101-1/+1
| | | | | | | | While debugging an issue with a client device, wpa_supplicant did not seem to log anything at all. Make wpa_supplicant log to syslog instead of stdout, to make debugging easier and to be consistent with hostapd. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: configure NAS ID regardless of encryptionYury Shvedov2017-06-281-3/+3
| | | | | | | | | | | RADIUS protocol could be used not only for authentication but for accounting too. Accounting could be configured for any type of networks. However there is no way to configure NAS Identifier for non-WPA networks without this patch. Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com> [cleanup commit message] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: add acct_interval optionYury Shvedov2017-06-281-2/+5
| | | | | | | | Make an ability to configure Accounting-Interim-Interval via UCI Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com> [add hostapd prefix, cleanup commit message] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: add support for acs_chan_bias optionKevin Darbyshire-Bryant2017-06-241-1/+5
| | | | | | | | | | During auto channel selection we may wish to prefer certain channels over others. e.g. we can just squeeze 4 channels into europe so '1:0.8 5:0.8 9:0.8 13:0.8' does that. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* mac80211, hostapd: always explicitly set beacon intervalMatthias Schiffer2017-05-131-3/+2
| | | | | | | | | | | | | | | | One of the latest mac80211 updates added sanity checks, requiring the beacon intervals of all VIFs of the same radio to match. This often broke AP+11s setups, as these modes use different default intervals, at least in some configurations (observed on ath9k). Instead of relying on driver or hostapd defaults, change the scripts to always explicitly set the beacon interval, defaulting to 100. This also applies the beacon interval to 11s interfaces, which had been forgotten before. VIF-specific beacon_int setting is removed from hostapd.sh. Fixes FS#619. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* hostapd: remove unused variable declarations in hostapd.shMatthias Schiffer2017-05-131-1/+0
| | | | | | | None of the variables in this "local" declaration are actually set in wpa_supplicant_add_network(). Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* hostapd: add legacy_rates option to disable 802.11b data rates.Nick Lowe2017-05-031-8/+20
| | | | | | | | | | | | | | | | | | Setting legacy_rates to 0 disables 802.11b data rates. Setting legacy_rates to 1 enables 802.11b data rates. (Default) The basic_rate option and supported_rates option are filtered based on this. The rationale for the change, stronger now than in 2014, can be found in: https://mentor.ieee.org/802.11/dcn/14/11-14-0099-00-000m-renewing-2-4ghz-band.pptx The balance of equities between compatibility with b clients and the detriment to the 2.4 GHz ecosystem as a whole strongly favors disabling b rates by default. Signed-off-by: Nick Lowe <nick.lowe@gmail.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup, defaults change]
* hostapd: mv netifd.sh hostapd.shDaniel Albers2017-02-151-0/+0
| | | | | | same name for the file on the host and target Signed-off-by: Daniel Albers <daniel.albers@public-files.de>
* hostapd: enable support for logging wpa_printf messages to syslogRafał Miłecki2017-01-312-0/+6
| | | | | | | This will allow starting hostapd with the new -s parameter and finally read all (error) messages from the syslog. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* hostapd: default to wps_independent 1Steven Honson2017-01-261-1/+2
| | | | Signed-off-by: Steven Honson <steven@honson.id.au>
* hostapd: expose wps_independent and ap_setup_locked as uci optionsSteven Honson2017-01-261-3/+5
| | | | | | | ap_setup_locked is named wps_ap_setup_locked in uci for consistency with other wps related uci options. Signed-off-by: Steven Honson <steven@honson.id.au>
* hostapd: fix stray "out of range" shell errors in hostapd.shJo-Philipp Wich2017-01-231-2/+2
| | | | | | | | | | | | The hostapd_append_wpa_key_mgmt() procedure uses the possibly uninitialized $ieee80211r and $ieee80211w variables in a numerical comparisation, leading to stray "netifd: radio0 (0000): sh: out of range" errors in logread when WPA-PSK security is enabled. Ensure that those variables are substituted with a default value in order to avoid emitting this (harmless) shell error. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wpa_supplicant: Fix mesh encryption configSujith Manoharan2017-01-111-1/+4
| | | | | | | | | | | | | | | wpa_supplicant allows only SAE as the key management type for mesh mode. The recent key_mgmt rework unconditionally added WPA-PSK - this breaks interface bringup and wpa_s throws this error message: Line 10: key_mgmt for mesh network should be open or SAE Line 10: failed to parse network block. Failed to read or parse configuration '/var/run/wpa_supplicant-wlan0.conf Fix this by making sure that only SAE is used for mesh. Signed-off-by: Sujith Manoharan <m.sujith@gmail.com>
* hostapd: enable SHA256-based algorithmsStijn Tintel2017-01-031-2/+2
| | | | | | | | | | | Enable support for stronger SHA256-based algorithms in hostapd and wpa_supplicant when using WPA-EAP or WPA-PSK with 802.11w enabled. We cannot unconditionally enable it, as it requires hostapd to be compiled with 802.11w support, which is disabled in the -mini variants. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
* hostapd: add function to handle wpa_key_mgmtStijn Tintel2017-01-031-9/+10
| | | | | | | | Now that wpa_key_mgmt handling for hostapd and wpa_supplicant are consistent, we can move parts of it to a dedicated function. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
* wpa_supplicant: rework wpa_key_mgmt handlingStijn Tintel2017-01-031-8/+9
| | | | | | | | Rework wpa_key_mgmt handling for wpa_supplicant to be consistent with how it is done for hostapd. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
* hostapd support for VLANs through a file in addition to Radius.Petr Konecny2016-10-311-18/+25
| | | | Signed-off-by: Petr Konecny <pekon@google.com>
* hostapd: Allow RADIUS accounting without 802.1xPetko Bordjukov2016-08-111-10/+9
| | | | | | | | RADIUS accounting can be used even when RADIUS authentication is not used. Move the accounting configuration outside of the EAP-exclusive sections. Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
* hostapd: remove unused hostapd-common-old packageFelix Fietkau2016-08-052-593/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: remove hostap driverFelix Fietkau2016-07-315-5/+5
| | | | | | | It has been marked as broken for well over a month now and nobody has complained. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* branding: add LEDE brandingJohn Crispin2016-03-242-4/+4
| | | | Signed-off-by: John Crispin <blogic@openwrt.org>
* hostapd.sh: Add support for "anonymous_identity" config fieldHauke Mehrtens2016-04-171-2/+3
| | | | | | | | | | | | | | | | | | The wpa_supplicant supports an "anonymous_identity" field, which some EAP networks require. From the documentation: anonymous_identity: Anonymous identity string for EAP (to be used as the unencrypted identity with EAP types that support different tunnelled identity, e.g., EAP-TTLS). This change modifies the hostapd.sh script to propagate this field from the UCI config to the wpa_supplicant.conf file. Signed-off-by: Kevin O'Connor <kevin@koconnor.net> Reviewed-by: Manuel Munz <freifunk@somakoma.de> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49181
* hostapd: fix wpad-mesh and wpa-supplicant-mesh configuration issuesFelix Fietkau2016-01-281-407/+0
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48528
* wpa_supplicant: add support for EAP-TLS phase2Felix Fietkau2016-01-191-2/+12
| | | | | | | | | Introduce config options client_cert2, priv_key2 and priv_key2_pwd used for EAP-TLS phase2 authentication in WPA-EAP client mode. Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 48345
* hostap/wpa_supplicant: enable EAP-FAST in -full buildsFelix Fietkau2016-01-192-0/+6
| | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 48344
* wpa_supplicant: improve generating phase2 config line for WPA-EAPFelix Fietkau2016-01-181-2/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | WPA-EAP supports several phase2 (=inner) authentication methods when using EAP-TTLS, EAP-PEAP or EAP-FAST (the latter is added as a first step towards the UCI model supporting EAP-FAST by this commit) The value of the auth config variable was previously expected to be directly parseable as the content of the 'phase2' option of wpa_supplicant. This exposed wpa_supplicant's internals, leaving it to view-level to set the value properly. Unfortunately, this is currently not the case, as LuCI currently allows values like 'PAP', 'CHAP', 'MSCHAPV2'. Users thus probably diverged and set auth to values like 'auth=MSCHAPV2' as a work-around. This behaviour isn't explicitely documented anywhere and is not quite intuitive... The phase2-string is now generated according to $eap_type and $auth, following the scheme also found in hostap's test-cases: http://w1.fi/cgit/hostap/tree/tests/hwsim/test_ap_eap.py The old behaviour is also still supported for the sake of not breaking existing, working configurations. Examples: eap_type auth 'ttls' 'EAP-MSCHAPV2' -> phase2="autheap=MSCHAPV2" 'ttls' 'MSCHAPV2' -> phase2="auth=MSCHAPV2" 'peap' 'EAP-GTC' -> phase2="auth=GTC" Deprecated syntax supported for compatibility: 'ttls' 'autheap=MSCHAPV2' -> phase2="autheap=MSCHAPV2" I will suggest a patch to LuCI adding EAP-MSCHAPV2, EAP-GTC, ... to the list of Authentication methods available. Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 48309
* wpa_supplicant: set regulatory domain the same way as hostapdFelix Fietkau2016-01-031-0/+6
| | | | | | | | | | | | | In sta-only configuration, wpa_supplicant needs correct regulatory domain because otherwise it may skip channel of its AP during scan. Another alternative is to fix "iw reg set" in mac80211 netifd script. Currently it fails if some phy has private regulatory domain which matches configured one. Signed-off-by: Dmitry Ivanov <dima@ubnt.com> SVN-Revision: 48099
* wpa-supplicant: Get 802.11s ssid information from option mesh_idJohn Crispin2015-11-241-0/+3
| | | | | | | | | | | | The scripts for authsae and iw use the option mesh_id to get set the "meshid" during a mesh join. But the script for wpad-mesh ignores the option mesh_id and instead uses the option ssid. Unify the mesh configuration and let the wpa_supplicant script also use the mesh_id from the configuration. Signed-off-by: Sven Eckelmann <sven@open-mesh.com> SVN-Revision: 47615
* hostapd: Use network_get_device instead of uci_get_stateFelix Fietkau2015-11-112-4/+12
| | | | | | | | This fixes the IAPP functionality. Signed-off-by: Petko Bordjukov <bordjukov@gmail.com> SVN-Revision: 47455
* hostapd: add default value to eapol_version (#20641)Felix Fietkau2015-11-021-0/+1
| | | | | | | | | | | | | | r46861 introduced a new option eapol_version to hostapd, but did not provide a default value. When the option value is evaluated, the non-existing value causes errors to the systen log: "netifd: radio0: sh: out of range" Add a no-op default value 0 for eapol_version. Only values 1 or 2 are actually passed on, so 0 will not change the default action in hostapd. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> SVN-Revision: 47361
* hostapd: Add eapol_version config optionFelix Fietkau2015-09-111-1/+6
| | | | | | | | | | | | | Add eapol_version to the openwrt wireless config ssid section. Only eapol_version=1 and 2 will get passed to hostapd, the default in hostapd is 2. This is only useful for really old client devices that don't accept eapol_version=2. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> SVN-Revision: 46861
* hostapd: Add vlan_file option to netifd.shJohn Crispin2015-08-171-1/+6
| | | | | | | | | | | | | Other VLAN related options are already being processed in netifd.sh but the vlan_file option is missing. This option allows the mapping of vlan IDs to network interfaces and will be used in dynamic VLAN feature for binding stations to interfaces based on VLAN assignments. The change is done similarly to the wpa_psk_file option. Signed-off-by: Gong Cheng <chengg11@yahoo.com> SVN-Revision: 46652
* buttons: make all button handler scripts return 0John Crispin2015-07-241-0/+2
| | | | | | | | this is required by the new button timeout feature Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 46471
* wpa-supplicant: add 802.11r client supportFelix Fietkau2015-07-152-2/+7
| | | | | | | | | | | | Add 802.11r client support to wpa_supplicant. It's only enabled in wpa_supplicant-full. hostapd gained 802.11r support in commit r45051. Tested on a TP-Link TL-WR710N sta psk client with two 802.11r enabled openwrt accesspoints (TP-Link TL-WDR3600). Signed-off-by: Stefan Hellermann <stefan@the2masters.de> SVN-Revision: 46377
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 14:42:57 +0000