The following patches were merged upstream:
000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
replaced by commit 0e3bd7ac6
001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
replaced by commit cb5132bb3
002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
replaced by commit 87e2db16b
003-Prevent-installation-of-an-all-zero-TK.patch
replaced by commit 53bb18cc8
004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
replaced by commit 0adc9b28b
005-TDLS-Reject-TPK-TK-reconfiguration.patch
replaced by commit ff89af96e
006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
replaced by commit adae51f8b
007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
replaced by commit 2a9c5217b
008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
replaced by commit a00e946c1
009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
replaced by commit b488a1294
010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
replaced by commit 6f234c1e2
011-Additional-consistentcy-checks-for-PTK-component-len.patch
replaced by commit a6ea66530
012-Clear-BSSID-information-in-supplicant-state-machine-.patch
replaced by commit c0fe5f125
013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
replaced by commit 114f2830d
Some patches had to be modified to work with changed upstream source:
380-disable_ctrl_iface_mib.patch (adding more ifdef'ery)
plus some minor knits needed for other patches to apply which are not
worth being explicitely listed here.
For SAE key management in mesh mode, use the newly introduce
sae_password parameter instead of the psk parameter to also support
SAE keys which would fail the checks applied on the psk field (ie.
length and such). This fixes compatibility issues for users migrating
from authsae.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
If the auth or assoc request was denied the reason
was always WLAN_STATUS_UNSPECIFIED_FAILURE.
That's why for example the wpa supplicant was always
trying to reconnect to the AP.
Now it's possible to give reasoncodes why the auth
or assoc was denied.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Neighbor reports are enabled implicitly on use, beacon reports and BSS
transition management need to be enabled explicitly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
wpa_disable_eapol_key_retries can't prevent attacks against the Wireless
Network Management (WNM) Sleep Mode handshake. Currently, hostapd
processes WNM Sleep Mode requests from clients regardless of the setting
wnm_sleep_mode. Backport Jouni Malinen's upstream patch 114f2830 in
order to ignore such requests by clients when wnm_sleep_mode is disabled
(which is the default).
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[rewrite commit subject (<= 50 characters), bump PKG_RELEASE]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
- Remove obsolete patch chunks regarding fixed_freq
- Instead of patching in custom HT40+/- parameters, use the standard
config syntax as much as possible.
- Use fixed_freq for mesh
- Fix issues with disabling obss scan when using fixed_freq on mesh
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The wpa_supplicant code for IBSS allows to set the mcast rate. It is
recommended to increase this value from 1 or 6 Mbit/s to something higher
when using a mesh protocol on top which uses the multicast packet loss as
indicator for the link quality.
This setting was unfortunately not applied for mesh mode. But it would be
beneficial when wpa_supplicant would behave similar to IBSS mode and set
this argument during mesh join like authsae already does. At least it is
helpful for companies/projects which are currently switching to 802.11s
(without mesh_fwding and with mesh_ttl set to 1) as replacement for IBSS
because newer drivers seem to support 802.11s but not IBSS anymore.
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh]
When sta is configured, hostapd receives 'stop' and 'update' command from
wpa_supplicant. In the update command, hostapd gets sta parameters with
which it configures ap.
Problem is, with the default wireless configuration:
mode:11g freq:2.4GHz channel:1
If sta is connected to 5GHz network, then ap does not work. Ideally with
340-reload_freq_change.patch hostapd should reload the frequency changes
and start ap in 5GHz, but ap becomes invisible in the network.
This issue can be reproduced with following /etc/config/wireless:
config wifi-device radio0
option type mac80211
option channel 1
option hwmode 11g
option path 'virtual/uccp420/uccwlan'
option htmode 'none'
config wifi-iface 'ap'
option device 'radio0'
option encryption 'none'
option mode 'ap'
option network 'ap'
option ssid 'MyTestNet'
option encryption none
config wifi-iface 'sta'
option device radio0
option network sta
option mode sta
option ssid TestNet-5G
option encryption psk2
option key 12345
This change updates current_mode structure based on configured hw_mode
received from wpa_supplicant. Also prepare rates table after frequency
selection.
Signed-off-by: Abhilash Tuse <Abhilash.Tuse@imgtec.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup, patch refresh]
It wasn't possible to read hostapd wpa_printf messages unless running
hostapd manually. It was because hostapd was printing them using vprintf
and not directly to the syslog.
We were trying to workaround this problem by redirecting STDIN_FILENO
and STDOUT_FILENO but it was working only for the initialization phase.
As soon as hostapd did os_daemonize our solution stopped working.
Please note despite the subject this change doesn't affect debug level
messages only but just everything printed by hostapd with wpa_printf
including MSG_ERROR-s. This makes it even more important as reading
error messages can be quite useful for debugging.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Update to latest upstream HEAD:
- Refreshed all
- Delete patches and parts which made it upstream
Compile tested Full & Mini configs
Run-tested Mini config
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [another update, remove broken patch]
This more of a demo for the previous commit that comes with
this one, where I added support for copying source from 'src' to
the build dir(s).
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
One second is not enough for some devices to ackowledge null data frame
which is sent at the end of ap_max_inactivity interval. In particular,
this causes severe Wi-Fi instability with Apple iPhone which may take
up to 3 seconds to respond.
Signed-off-by: Dmitry Ivanov <dima@ubnt.com>
SVN-Revision: 47149
When using FullMAC drivers (e.g. brcmfmac) we don't get mgmt frames so
check for banned client in probe request handler won't ever be used.
Since cfg80211 provides us info about STA associating let's put a check
there.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47064
r45270 removed ieee80211n=%d from the format string but didn't remove
the parameter itself. Though this probably doesn't cause any harm, it's
quite confusing and unneeded.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 45351
madwifi was dropped upstream, can't find it anywhere in OpenWrt
either, thus finally burrying madwifi.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 45045
This change adds the configuration options "bssid_whitelist" and
"bssid_blacklist" used to limit the AP selection of a network to a
specified (finite) set or discard certain APs.
This can be useful for environments where multiple networks operate
using the same SSID and roaming between those is not desired. It is also
useful to ignore a faulty or otherwise unwanted AP.
In many applications it is useful not just to enumerate a group of well
known access points, but to use a address/mask notation to match an
entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00).
This is especially useful if an OpenWrt device with two radios is used to
retransmit the same network (one in AP mode for other clients, one as STA for
the uplink); the following configuration prevents the device from associating
with itself, given that the own AP to be avoided is using the bssid
'C0:FF:EE:D0:0D:42':
config wifi-iface
option device 'radio2'
option network 'uplink'
option mode 'sta'
option ssid 'MyNetwork'
option encryption 'none'
list bssid_blacklist 'C0:FF:EE:D0:0D:42/00:FF:FF:FF:FF:FF'
This change consists of the following cherry-picked upstream commits:
b3d6a0a8259002448a29f14855d58fe0a624ab76
b83e455451a875ba233b3b8ac29aff8b62f064f2
79cd993a623e101952b81fa6a29c674cd858504f
(squashed to implement bssid_{white,black}lists)
0047306bc9ab7d46e8cc22ff9a3e876c47626473
(Add os_snprintf_error() helper)
Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>
SVN-Revision: 44438