aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/hostapd/patches
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: update to git snapshot of 2018-03-26Daniel Golle2018-03-2733-1525/+144
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following patches were merged upstream: 000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch replaced by commit 0e3bd7ac6 001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch replaced by commit cb5132bb3 002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch replaced by commit 87e2db16b 003-Prevent-installation-of-an-all-zero-TK.patch replaced by commit 53bb18cc8 004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch replaced by commit 0adc9b28b 005-TDLS-Reject-TPK-TK-reconfiguration.patch replaced by commit ff89af96e 006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch replaced by commit adae51f8b 007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch replaced by commit 2a9c5217b 008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch replaced by commit a00e946c1 009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch replaced by commit b488a1294 010-Optional-AP-side-workaround-for-key-reinstallation-a.patch replaced by commit 6f234c1e2 011-Additional-consistentcy-checks-for-PTK-component-len.patch replaced by commit a6ea66530 012-Clear-BSSID-information-in-supplicant-state-machine-.patch replaced by commit c0fe5f125 013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch replaced by commit 114f2830d Some patches had to be modified to work with changed upstream source: 380-disable_ctrl_iface_mib.patch (adding more ifdef'ery) plus some minor knits needed for other patches to apply which are not worth being explicitely listed here. For SAE key management in mesh mode, use the newly introduce sae_password parameter instead of the psk parameter to also support SAE keys which would fail the checks applied on the psk field (ie. length and such). This fixes compatibility issues for users migrating from authsae. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: return with 80211 codes in handle event functionNick Hainke2018-02-211-13/+27
| | | | | | | | | | | If the auth or assoc request was denied the reason was always WLAN_STATUS_UNSPECIFIED_FAILURE. That's why for example the wpa supplicant was always trying to reconnect to the AP. Now it's possible to give reasoncodes why the auth or assoc was denied. Signed-off-by: Nick Hainke <vincent@systemli.org>
* hostapd: add support for turning on 802.11k/v features via ubusFelix Fietkau2018-02-211-0/+17
| | | | | | | Neighbor reports are enabled implicitly on use, beacon reports and BSS transition management need to be enabled explicitly Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: backport fix for wnm_sleep_mode=0Timo Sigurdsson2017-12-071-0/+35
| | | | | | | | | | | | | wpa_disable_eapol_key_retries can't prevent attacks against the Wireless Network Management (WNM) Sleep Mode handshake. Currently, hostapd processes WNM Sleep Mode requests from clients regardless of the setting wnm_sleep_mode. Backport Jouni Malinen's upstream patch 114f2830 in order to ignore such requests by clients when wnm_sleep_mode is disabled (which is the default). Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de> [rewrite commit subject (<= 50 characters), bump PKG_RELEASE] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: rework frequency/ht/vht selection for ibss/meshFelix Fietkau2017-11-154-163/+24
| | | | | | | | | | - Remove obsolete patch chunks regarding fixed_freq - Instead of patching in custom HT40+/- parameters, use the standard config syntax as much as possible. - Use fixed_freq for mesh - Fix issues with disabling obss scan when using fixed_freq on mesh Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: set mcast_rate in mesh modeSven Eckelmann2017-11-151-0/+68
| | | | | | | | | | | | | | | | | | The wpa_supplicant code for IBSS allows to set the mcast rate. It is recommended to increase this value from 1 or 6 Mbit/s to something higher when using a mesh protocol on top which uses the multicast packet loss as indicator for the link quality. This setting was unfortunately not applied for mesh mode. But it would be beneficial when wpa_supplicant would behave similar to IBSS mode and set this argument during mesh join like authsae already does. At least it is helpful for companies/projects which are currently switching to 802.11s (without mesh_fwding and with mesh_ttl set to 1) as replacement for IBSS because newer drivers seem to support 802.11s but not IBSS anymore. Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com> Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh]
* hostapd: refresh ubus patchFelix Fietkau2017-11-151-36/+18
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix up ubus supportJohn Crispin2017-10-251-18/+44
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* hostapd: backport extra changes related to KRACKStijn Tintel2017-10-179-9/+442
| | | | | | | | While these changes are not included in the advisory, upstream encourages users to merge them. See http://lists.infradead.org/pipermail/hostap/2017-October/037989.html Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: merge fixes for WPA packet number reuse with replayed messages and ↵Felix Fietkau2017-10-1614-29/+965
| | | | | | | | | | | | | | | | | | | | | key reinstallation Fixes: - CERT case ID: VU#228519 - CVE-2017-13077 - CVE-2017-13078 - CVE-2017-13079 - CVE-2017-13080 - CVE-2017-13081 - CVE-2017-13082 - CVE-2017-13086 - CVE-2017-13087 - CVE-2017-13088 For more information see: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to version 2017-08-24Koen Vandeputte2017-10-0724-474/+141
| | | | | | | | | | | | - Deleted upstreamed patches & parts - Refreshed all Compile tested: full-option package + tools (hostapd + wpa_supplicant) Run-tested: hostapd wpa2 hotspot & wpa_supplicant IBSS link Targets: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* hostapd: add additional ubus notificationsJohn Crispin2017-08-221-2/+47
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* hostapd: fix reload frequency change patchAbhilash Tuse2017-05-032-7/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When sta is configured, hostapd receives 'stop' and 'update' command from wpa_supplicant. In the update command, hostapd gets sta parameters with which it configures ap. Problem is, with the default wireless configuration: mode:11g freq:2.4GHz channel:1 If sta is connected to 5GHz network, then ap does not work. Ideally with 340-reload_freq_change.patch hostapd should reload the frequency changes and start ap in 5GHz, but ap becomes invisible in the network. This issue can be reproduced with following /etc/config/wireless: config wifi-device radio0 option type mac80211 option channel 1 option hwmode 11g option path 'virtual/uccp420/uccwlan' option htmode 'none' config wifi-iface 'ap' option device 'radio0' option encryption 'none' option mode 'ap' option network 'ap' option ssid 'MyTestNet' option encryption none config wifi-iface 'sta' option device radio0 option network sta option mode sta option ssid TestNet-5G option encryption psk2 option key 12345 This change updates current_mode structure based on configured hw_mode received from wpa_supplicant. Also prepare rates table after frequency selection. Signed-off-by: Abhilash Tuse <Abhilash.Tuse@imgtec.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup, patch refresh]
* hostapd: backport support for sending debug messages to the syslogRafał Miłecki2017-01-306-24/+169
| | | | | | | | | | | | | | | | | It wasn't possible to read hostapd wpa_printf messages unless running hostapd manually. It was because hostapd was printing them using vprintf and not directly to the syslog. We were trying to workaround this problem by redirecting STDIN_FILENO and STDOUT_FILENO but it was working only for the initialization phase. As soon as hostapd did os_daemonize our solution stopped working. Please note despite the subject this change doesn't affect debug level messages only but just everything printed by hostapd with wpa_printf including MSG_ERROR-s. This makes it even more important as reading error messages can be quite useful for debugging. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* hostapd: backport a few upstream fixesFelix Fietkau2017-01-155-4/+163
| | | | | | | | Fixes reassoc issues with WDS mode Fixes reassoc issues in AP mode Fixes IBSS reauthentication issues Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to version 2016-12-19Koen Vandeputte2016-12-204-13/+13
| | | | | | | | | | | | | | Update to latest upstream HEAD: - Refreshed all - Fixes 2 regressions: --> PeerKey: Fix STK 4-way handshake regression --> PeerKey: Fix EAPOL-Key processing Compile tested Full & Mini configs Run-tested Mini config Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* hostapd: update to version 2016-12-15Koen Vandeputte2016-12-2019-166/+107
| | | | | | | | | | | | | Update to latest upstream HEAD: - Refreshed all - Delete patches and parts which made it upstream Compile tested Full & Mini configs Run-tested Mini config Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [another update, remove broken patch]
* network/services/hostapd: move whole files outside of patches and drop ↵Alexandru Ardelean2016-10-152-640/+0
| | | | | | | | | | Build/Prepare rule in favor of default one This more of a demo for the previous commit that comes with this one, where I added support for copying source from 'src' to the build dir(s). Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* hostapd: fix regression breaking brcmfmacRafał Miłecki2016-09-134-7/+46
| | | | | | The latest update of hostapd broke brcmfmac due to upstream regression. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* hostapd: update to version 2016-09-05Felix Fietkau2016-09-0822-196/+96
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix typo and indentation in ap_sta_support.patchJohannes Römer2016-09-051-2/+2
| | | | Signed-off-by: Johannes Römer <jroemer@posteo.net>
* hostapd: use printf to improve portability.Ash Benz2016-08-231-4/+4
| | | | Signed-off-by: Ash Benz <ash.benz@bk.ru>
* hostapd: backport mesh/ibss HT20/HT40 related fixFelix Fietkau2016-07-276-8/+69
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix an error on parsing radius_das_clientFelix Fietkau2016-07-212-1/+11
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix VLAN support in full wpad buildsFelix Fietkau2016-07-182-6/+16
| | | | | | Suppress -DCONFIG_NO_VLAN if CONFIG_IBSS_RSN is enabled Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add a WDS AP fix for reconnecting clientsFelix Fietkau2016-07-061-0/+25
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix breakage with non-nl80211 driversFelix Fietkau2016-06-152-15/+18
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix compilation error in wext backendJo-Philipp Wich2016-06-151-0/+10
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: implement fallback for incomplete survey dataFelix Fietkau2016-06-151-0/+45
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to version 2016-06-15Felix Fietkau2016-06-1522-113/+113
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: Update to version 2016-05-05Michal Hrusecky2016-06-157-100/+177
| | | | | | Fixes CVE-2016-4476 and few possible memory leaks. Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
* treewide: replace nbd@openwrt.org with nbd@nbd.nameFelix Fietkau2016-06-071-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix mesh interface bridge handlingFelix Fietkau2016-01-285-10/+22
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48529
* hostapd: update to version 2016-01-15Felix Fietkau2016-01-2841-943/+241
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48527
* hostapd: fix disassociation with FullMAC drivers and multi-BSSRafał Miłecki2016-01-111-0/+67
| | | | | | Signed-off-by: Rafał Miłecki <zajec5@gmail.com> SVN-Revision: 48202
* hostapd: fix post v2.4 security issuesFelix Fietkau2016-01-1011-0/+554
| | | | | | | | | | | | | | | | | | | | | | | - WPS: Fix HTTP chunked transfer encoding parser (CVE-2015-4141) - EAP-pwd peer: Fix payload length validation for Commit and Confirm (CVE-2015-4143) - EAP-pwd server: Fix payload length validation for Commit and Confirm (CVE-2015-4143) - EAP-pwd peer: Fix Total-Length parsing for fragment reassembly (CVE-2015-4144, CVE-2015-4145) - EAP-pwd server: Fix Total-Length parsing for fragment reassembly (CVE-2015-4144, CVE-2015-4145) - EAP-pwd peer: Fix asymmetric fragmentation behavior (CVE-2015-4146) - NFC: Fix payload length validation in NDEF record parser (CVE-2015-8041) - WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use (CVE-2015-5310) - EAP-pwd peer: Fix last fragment length validation (CVE-2015-5315) - EAP-pwd server: Fix last fragment length validation (CVE-2015-5314) - EAP-pwd peer: Fix error path for unexpected Confirm message (CVE-2015-5316) Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> SVN-Revision: 48185
* hostapd: wait longer for inactive client probe (empty data frame)Felix Fietkau2015-10-061-0/+11
| | | | | | | | | | | One second is not enough for some devices to ackowledge null data frame which is sent at the end of ap_max_inactivity interval. In particular, this causes severe Wi-Fi instability with Apple iPhone which may take up to 3 seconds to respond. Signed-off-by: Dmitry Ivanov <dima@ubnt.com> SVN-Revision: 47149
* hostapd: check for banned client on association eventRafał Miłecki2015-09-281-0/+26
| | | | | | | | | | | When using FullMAC drivers (e.g. brcmfmac) we don't get mgmt frames so check for banned client in probe request handler won't ever be used. Since cfg80211 provides us info about STA associating let's put a check there. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> SVN-Revision: 47064
* hostapd: add a new option to control HT coexistance separate from noscanFelix Fietkau2015-06-021-4/+7
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45873
* hostapd: fix remote denial of service vulnerability in WMM action frame parsingFelix Fietkau2015-05-061-0/+36
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45619
* hostapd: backport fix for CVE-2015-1863, refresh patchesFelix Fietkau2015-04-235-5/+42
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45567
* hostapd: remove unused asprintf parameterJohn Crispin2015-04-101-1/+1
| | | | | | | | | | r45270 removed ieee80211n=%d from the format string but didn't remove the parameter itself. Though this probably doesn't cause any harm, it's quite confusing and unneeded. Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 45351
* hostapd: add update_beacon to ubus bindingJohn Crispin2015-04-091-3/+20
| | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 45325
* hostapd: when running AP+STA, preserve the AP 802.11n-enabled settingFelix Fietkau2015-04-041-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45270
* hostapd: fix compile errors with nl80211 disabled (#19325)Felix Fietkau2015-03-271-1/+5
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45063
* hostapd: fix a compiler warning in ap+station patchFelix Fietkau2015-03-271-2/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45062
* hostapd: disable the bridge packet receive workaround, it is unnecessary on ↵Felix Fietkau2015-03-271-0/+12
| | | | | | | | openwrt and could potentially harm performance Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45060
* hostapd: add switch_chan and set_vendor_elements ubus methodsFelix Fietkau2015-03-261-1/+83
| | | | | | | Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com> Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45046
* hostapd: update hostapd to 2015-03-25Felix Fietkau2015-03-2629-968/+240
| | | | | | | | | | madwifi was dropped upstream, can't find it anywhere in OpenWrt either, thus finally burrying madwifi. Signed-off-by: Daniel Golle <daniel@makrotopia.org> Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45045
* hostapd: backport BSSID black/whitelistsJohn Crispin2015-02-132-0/+678
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change adds the configuration options "bssid_whitelist" and "bssid_blacklist" used to limit the AP selection of a network to a specified (finite) set or discard certain APs. This can be useful for environments where multiple networks operate using the same SSID and roaming between those is not desired. It is also useful to ignore a faulty or otherwise unwanted AP. In many applications it is useful not just to enumerate a group of well known access points, but to use a address/mask notation to match an entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00). This is especially useful if an OpenWrt device with two radios is used to retransmit the same network (one in AP mode for other clients, one as STA for the uplink); the following configuration prevents the device from associating with itself, given that the own AP to be avoided is using the bssid 'C0:FF:EE:D0:0D:42': config wifi-iface option device 'radio2' option network 'uplink' option mode 'sta' option ssid 'MyNetwork' option encryption 'none' list bssid_blacklist 'C0:FF:EE:D0:0D:42/00:FF:FF:FF:FF:FF' This change consists of the following cherry-picked upstream commits: b3d6a0a8259002448a29f14855d58fe0a624ab76 b83e455451a875ba233b3b8ac29aff8b62f064f2 79cd993a623e101952b81fa6a29c674cd858504f (squashed to implement bssid_{white,black}lists) 0047306bc9ab7d46e8cc22ff9a3e876c47626473 (Add os_snprintf_error() helper) Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de> SVN-Revision: 44438
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-16 20:01:40 +0000