aboutsummaryrefslogtreecommitdiff
path: root/package/network/services/hostapd/patches
Commit message (Collapse)AuthorAge
* hostapd: fix a null pointer dereference in wpa_supplicant on teardownFelix Fietkau2024-05-01
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: Fix compile against mbedtsl 3.6Hauke Mehrtens2024-04-28
| | | | | | Fix compile of the mbedtls extension for hostapd. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: slightly clean up patchesFelix Fietkau2024-04-04
| | | | | | | | - move build/ifdef related changes together to the 200 patch range - reduce adding/removing include statements across patches - move patches away from the 99x patch range to simplify maintenance Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: replace "argument list too long" fix with a simpler versionFelix Fietkau2024-04-04
| | | | | | Less convoluted and more robust Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: remove workaround for broken WPA IEs in ancient devicesFelix Fietkau2024-04-04
| | | | | | Affected devices were already quite old when this patch was added. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: adjust patches to work with git amEneas U de Queiroz2024-04-04
| | | | | | | | | | | | | | | | | This adds From:, Date: and Subject: to patches, allowing one to run 'git am' to import the patches to a hostapd git repository. From: and Date: fields were taken from the OpenWrt commit where the patches were first introduced. Most of the Subject: also followed suit, except for: - 300-noscan.patch: Took the description from the LuCI web interface - 350-nl80211_del_beacon_bss.patch: Used the file name The order of the files in the patch was changed to match what git format-patch does. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* hostapd: remove unused fixEneas U de Queiroz2024-04-04
| | | | | | | | | | | | Patch 050-build_fix.patch fixes the abscence of sha384-kdf.o from the list of needed objetct files when FILS is selected without any other option that will select the .o file. While it is a bug waiting to be fixes upstream, it is not needed for OpenWrt use case, because OWE already selects sha384-kdf.o, and FILS is selected along with OWE. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* hostapd: bump to 2024-03-09Eneas U de Queiroz2024-04-04
| | | | | | | | | | | | | | | | | This brings many changes, including fixes for a couple of memory leaks, and improved interoperability with 802.11r. There are also many changes related to 802.11be, which is not enabled at this time. Fixed upstream: - 022-hostapd-fix-use-of-uninitialized-stack-variables.patch - 180-driver_nl80211-fix-setting-QoS-map-on-secondary-BSSs.patch - 993-2023-10-28-ACS-Fix-typo-in-bw_40-frequency-array.patch Switch PKG_SOURCE_URL to https, since http is not currently working. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Tested-by: Ilya Katsnelson <me@0upti.me> Tested by: Andrew Sim <andrewsimz@gmail.com>
* hostapd: fix Argument list too long build errorRobert Marko2024-03-25
| | | | | | | | | | | | | | | Currently, both CI and local builds of wpa-supplicant will fail with: /bin/sh: Argument list too long Its happening as the argument list for mkdir in build.rules is too large and over the MAX_ARG_STRLEN limit. It seems that recent introduction of APK compatible version schema has increased the argument size and thus pushed it over the limit uncovering the issue. Fixes: e8725a932e16 ("treewide: use APK compatible version schema") Signed-off-by: Robert Marko <robimarko@gmail.com>
* hostapd: ACS: Fix typo in bw_40 frequency arrayDavid Bauer2024-01-18
| | | | | | | | | | | [Upstream Backport] The range for the 5 GHz channel 118 was encoded with an incorrect channel number. Fixes: ed8e13decc71 (ACS: Extract bw40/80/160 freqs out of acs_usable_bwXXX_chan()) Signed-off-by: Michael Lee <michael-cy.lee@mediatek.com> Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: add udebug supportFelix Fietkau2023-11-20
| | | | | | | This is not activated by default and must be explicitly enabled via ubus It supports reporting log messages and netlink packets Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: refresh patchesChristian Marangi2023-11-09
| | | | | | Refresh patches for hostapd using make package/hostapd/refresh. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* hostapd: permit 40MHz in 802.1s only also for 2.4GHz g/n with noscanChristian Marangi2023-11-09
| | | | | | | | | | | | | Currently for 802.1s only, for wifi 2.4GHz in g/n mode, 40MHz is never permitted. This is probably due to the complexity of setting periodic check for the intolerant bit. When noscan option is set, we ignore the presence of the intoleran bit in near AP, so we can enable 40MHz and ignore any complex logic for checking. Fixes: #13112 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* hostapd: permit also channel 7 for 2.5GHz to be set to HT40PLUSChristian Marangi2023-11-09
| | | | | | | Also channel 7 for 2.4GHz can be set to HT40PLUS. Permit this and add it to the list of the channels. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* hostapd: fix broke noscan option for meshChristian Marangi2023-11-09
| | | | | | | | | noscan option for mesh was broken and actually never applied. This is caused by a typo where ssid->noscan value is check instead of conf->noscan resulting in the logic swapped and broken. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* hostapd: fix broken WPS on broadcom-wl and ath11kPetr Štetiar2023-11-01
| | | | | | | | | | | | | | | | | | | | Upgrading wpa_supplicant from 2.9 to 2.10 breaks broadcom-wl/ath11k based adapters. The reason for it is hostapd tries to install additional IEs for scanning while the driver does not support this. The kernel indicates the maximum number of bytes for additional scan IEs using the NL80211_ATTR_MAX_SCAN_IE_LEN attribute. Save this value and only add additional scan IEs in case the driver can accommodate these additional IEs. Bug: http://lists.infradead.org/pipermail/hostap/2022-January/040178.html Bug-Debian: https://bugs.debian.org/1004524 Bug-ArchLinux: https://bugs.archlinux.org/task/73495 Upstream-Status: Changes Requested [https://patchwork.ozlabs.org/project/hostap/patch/20220130192200.10883-1-mail@david-bauer.net] Reported-by: Étienne Morice <neon.emorice@mail.com> Tested-by: Étienne Morice <neon.emorice@mail.com> Signed-off-by: David Bauer <mail@david-bauer.net> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* hostapd: fix OWE association with mbedtlsDavid Bauer2023-10-31
| | | | | | | | | | | | | | | | The code for hostapd-mbedtls did not work when used for OWE association. When handling association requests, the buffer offsets and length assumptions were incorrect, leading to never calculating the y point, thus denying association. Also when crafting the association response, the buffer contained the trailing key-type. Fix up both issues to adhere to the specification and make hostapd-mbedtls work with the OWE security type. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: fix patch rebase after a crash fixFelix Fietkau2023-09-22
| | | | | | | | The patch refresh accidentally moved the hostapd_ucode_free_iface call to the wrong function Fixes: e9722aef9e84 ("hostapd: fix a crash when disabling an interface during channel list update") Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix a crash when disabling an interface during channel list updateFelix Fietkau2023-09-20
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: use phy name for hostapd interfaces instead of first-bss ifnameFelix Fietkau2023-09-19
| | | | | | Improves reliability in error handling Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix dynamically adding interfaces with 802.11ax support disabled in ↵Felix Fietkau2023-09-18
| | | | | | | | the build Move an important code line outside of #ifdef CONFIG_IEEE80211AX Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix more dynamic reload issuesFelix Fietkau2023-09-14
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to the latest versionFelix Fietkau2023-09-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 8e6485a1bcb0 PEAP client: Update Phase 2 authentication requirements de9a11f4dde9 TTLS client: Support phase2_auth=2 b2a1e7fe7ab9 tests: PEAP and TTLS phase2_auth behavior 518ae8c7cca8 P2P: Do not print control characters in debug a4c133ea73c7 WPS: Optimize attribute parsing workaround 7a37a94eaa0d Check whether element parsing has failed f80d83368818 ACS: Remove invalid debug print fb2b7858a728 FILS: Fix HE MCS field initialization 50ee26fc7044 P2P: Check p2p_channel_select() return value a50d1ea6a2b3 Add QCA vendor attributes for user defined power save parameters 4636476b7f22 Set RRM used config if the (Re)Association Request frame has RRM IE e53d44ac63e8 AP MLD: Use STA assoc link address in external auth status to the driver 99a96b2f9df7 AP MLD: OWE when SME is offloaded to the driver 96deacf5d710 nl80211: Skip STA MLO link channel switch handling in AP mode d320692d918a AP MLD: Handle new STA event when using SME offload to the driver faee8b99e928 tests: Fix eht_mld_sae_legacy_client to restore sae_pwe c3f465c56c94 wlantest: Handle variable length MIC field in EAPOL-Key with OWE 605034240e0c wlantest: Support multiple input files 053bd8af8ed2 Recognize FTE MLO subelements 43b5f11d969a Defragmentation of FTE 3973300b8ded FTE protected element check for MLO Reassociation Response frame 74e4a0a6f1e4 wlantest: Learn AP MLD MAC address from Beacon frames a5a0b2cf7b1b wlantest: Find non-AP MLD only from affiliated BSSs of the AP MLD 74472758584d wlantest: Recognize non-AP MLD based on any link address for decryption 1ffabd697c67 wlantest: Learn non-AP MLD MAC address from (Re)Association Request frames 4e8e515f92b9 wlantest: Use MLO search for the STA in reassociation 49bf9f2df95a wlantest: Use the MLD MAC address as well for matching STA entries 5434a42ec69c wlantest: Search for FT Target AP using MLD MAC address as well a19fcf685cae wlantest: Include the MLD MAC address of the AP MLD in new-STA prints 709d46da73da wlantest: Do not claim update to AP MD MAC address if no change 770760454f9e wlantest: Do not update BSS entries for other AP MLDs in PTK cloning 084745ffc508 Add QCA vendor attributes for NDP setup bf9cbb462fd9 Fix writing of BIGTK in FT protocol 011775af9443 tests: Check for beacon loss when using beacon protection 8f148d51322f Fix a compiler warning on prototype mismatch b7db495ad9c9 AP: Fix ieee802_1x_ml_set_sta_authorized() 232667eafe0d Fix CCMP test vector issues 30771e6e05ed Include PTID in PV1 nonce construction for CCMP test vector 34841cfd9aba Minor formatting changes to CCMP test vectors a685d84139e6 BSS coloring: Fix CCA with multiple BSS bc0636841a70 wpa_supplicant: Fix configuration parsing error for tx_queue_* 2763d1d97e66 hostapd: Fix AID assignment in multiple BSSID 763a19286e2f AP: Add configuration option to specify the desired MLD address bd209633eb10 AP: Use is_zero_ether_addr() to check if BSSID is NULL bc0268d053b4 wlantest: Guess SAE/OWE group from EAPOL-Key length mismatch a94ba5322803 EHT: Support puncturing for 320 MHz channel bandwidth 7e1f5c44c97e EHT: 320 MHz DFS support 6f293b32112a QCA vendor attributes for updating roaming AP BSSID info 5856373554eb Extend QCA vendor command to include more parameters for netdev events e080930aa0a5 Define QCA vendor roam control RSSI attributes fe72afe713ad Define QCA vendor attribute for high RSSI roam trigger threshold 47a65ccbfde2 P2P: Clean wpa_s->last_ssid when removing a temporary group network 884125ab7d21 tests: P2P autonomous GO and clearing of networking information 7637d0f25053 P2P: Do not filter pref_freq_list if the driver does not provide one dd1330b502ff Fix hostapd interface cleanup with multiple interfaces 0a6842d5030e nl80211: Fix beacon rate configuration for legacy rates 36, 48, 54 Mbps d606efe054d5 tests: Beacon rate configuration for 54 Mbps f91d10c0e6aa tests: Update RSA 3k certificates 07d3c1177bbb tests: Make sae_proto_hostapd_status_* more robust 1085e3bdc6f6 Update iface->current_mode when fetching new hw_features 338a78846b44 Add a QCA vendor sub command for transmit latency statistics 9318db7c38bc wlantest: Use local variables for AA/SPA in FT Request/Response processing 628b9f10223d wlantest: Derive PMK-R1 and PTK using AA/SPA for MLO FT over-the-DS 104aa291e5c8 wlantest: Fix FT over-the-DS decryption 37c87efecfe3 wlantest: Search SPA using MLO aware find for FT Request/Response frame 19f33d7929e8 wlantest: Learn the Link ID for AP MLD affiliated BSSs 6ae43bb10323 wlantest: Learn link address for assoc link from (Re)Association Request 4c079dcc64da Increment hmac_sha*_vector() maximum num_elem value to 25 e6f64a8e1daf FT: FTE MIC calculation for MLO Reassociation Request frame a83575df5994 wlantest: FTE MIC calculation for MLO Reassociation Request frames ff02f734baf8 wlantest: Allow specific link BSS to be found with bss_find_mld() 7381c60db8f0 FT: Make FTE MIC calculation more flexible ac9bf1cc2a4c Decrement hmac_sha*_vector() maximum num_elem value to 11 aa08d9d76803 Fix use of defragmented FTE information 78b153f90a74 Calculate defragmented FTE length during IE parsing 8cf919ffd5c4 wlantest: FTE MIC calculation for MLO Reassociation Response frame d12a3dce82a9 wlantest: Store and check SNonce/ANonce for FT Authentication 20febfd7838d wlantest: Dump MLO association information in debug 609864d6a8a1 Add QCA vendor attribute to configure MLD ID in ML probe request 12154861e24a Add support for conversion to little endian for 24 bits c437665041c0 Add Non EHT SCS Capability in (Re)Association Request frames 33da386553b7 SCS: Add support for QoS Characteristics in SCS request edfca280cbe8 SCS: Add support for optional QoS Charateristics parameters 32dcec9529ec Send actual MFP configuration when driver takes care of BSS selection 123d16d860fa Update hw_mode when CSA finishes b3d852560bda Change QCA vendor configure attribution name of peer MAC address 12fabc4765c2 Add QCA vendor attribute for configuring max A-MPDU aggregation count f6eaa7b729cb Add QCA vendor attribute for TTLM negotiation support type f6dcd326fea7 wlantest: Indicate ToDS/FromDS values for BSS DATA entries 6ce745bb87d4 wlantest: MLO support for decrypting 4-address frames 850dc1482953 wlantest: Remove duplicated A1/A2/A3 override detection for MLO 770e5a808fbb wlantest: Determine whether A1 points to STA once in rx_data_bss_prot() 377d617b574a Define new BSS command info mask for AP MLD address d3ab6e001f62 wlantest: Use non-AP MLD's MLD MAC address in FT over-the-air derivation a845601ffe32 wlantest: Derive PTK in MLO using MLD MAC addresses for FT over-the-air 0cd2bfc8a402 wlantest: Fix FTE MIC calculation for MLO Reassociation Response frames 528abdeb673b wlantest: Learn group keys from MLO FT Reassociation Response frames 990600753dd9 wlantest: Defragment Basic MLE before processing de043ec01ab5 wlantest: Defragment the Per-STA Profile subelement bae1ec693c44 wlantest: Minimal parsing of Basic MLE STA Profile ba1579f3bf7c Clear BIGTK values from wpa_supplicant state machine when not needed b46c4b9a916a tests: Beacon protection and reconnection 3e71516936b7 Document per-ESS MAC address (mac_addr=3 and mac_value) f85b2b2dee3b Extend wpa_parse_kde_ies() to include EHT capabilities e3a68081bc1e driver: Add option for link ID to be specified for send_tdls_mgmt() c7561502f2e8 nl80211: Use a QCA vendor command to set the link for TDLS Discovery Response a41c8dbdd84e TDLS: Copy peer's EHT capabilities 626501434be1 TDLS: Learn MLD link ID from TDLS Discovery Response 5f30f62eead7 TDLS: Reply to Discovery Request on the link with matching BSSID 940ef9a05c0f TDLS: Use link-specific BSSID instead of sm->bssid for MLO cases f429064189c3 TDLS: Set EHT/MLO information for TDLS STA into the driver dd25885a9daa Remove space-before-tab in QCA vendor related definitions af6e0306b2a9 Fix typos in QCA vendor related definitions 4c9af238c1e4 Fix inconsistent whitespace use in QCA vendor related definitions e5ccbfc69ecf Split long comment lines in QCA vendor related definitions Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add internal API for renaming AP interfacesFelix Fietkau2023-09-13
| | | | | | Will be used for improving reload support Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix applying gratuitous ARP settings with bridge-vlanFelix Fietkau2023-09-12
| | | | | | The arp_accept setting needs to be applied to the snoop_iface Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: remove obsolete patchFelix Fietkau2023-08-23
| | | | | | It was only needed when hostapd was being started with one instance per PHY Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: revert upstream commit to fix #13156Stijn Tintel2023-08-18
| | | | | | | | | | | | Commit e978072baaca ("Do prune_association only after the STA is authorized") causes issues when an STA roams from one interface to another interface on the same PHY. The mt7915 driver is not able to handle this properly. While the commits fixes a DoS, there are other devices and drivers with the same limitation, so revert to the orginal behavior for now, until we have a better solution in place. Fixes: #13156 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: reimplement AP/STA support via ucodeFelix Fietkau2023-08-10
| | | | | | | | | | | Drop obsolete control interface patches. This fixes some corner cases in the previous code where the segment 0 center frequency was not adjusted properly, leading to logspam and non-working AP interfaces. Additionally, shutting down the AP was broken, because the next beacon update would re-enable it, leading to a race condition on assoc. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix bss color CCA issue with multiple wifi interfacesFelix Fietkau2023-08-07
| | | | | | | Fixes this error: hostapd: nl80211: kernel reports: integer out of range Reported-by: Hartmut Birr <e9hack@gmail.com> Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix mesh supplicant build errorFelix Fietkau2023-08-01
| | | | | | | Include AP ucode source file Fixes: e56c5f7b276a ("hostapd: add ucode support, use ucode for the main ubus object") Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add ucode support, use ucode for the main ubus objectFelix Fietkau2023-08-01
| | | | | | | | This implements vastly improved dynamic configuration reload support. It can handle configuration changes on individual wifi interfaces, as well as adding/removing interfaces. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: switch to using uloop (integrated with built-in eloop)Felix Fietkau2023-08-01
| | | | | | Preparation for pulling in more code that uses uloop Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add experimental radius serverFelix Fietkau2023-08-01
| | | | | | | | This can be used to run a standalone EAP server that can be used from other APs. It uses json as user database format and can automatically handle reload. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add fix for dealing with VHT 160 MHz via ext nss bwFelix Fietkau2023-07-14
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to 2023-06-22Andre Heider2023-07-07
| | | | | | | | | | | | | | Removed, merged upstream: - 170-wpa_supplicant-fix-compiling-without-IEEE8021X_EAPOL.patch Manually refreshed: - 040-mesh-allow-processing-authentication-frames-in-block.patch - 600-ubus_support.patch - 761-shared_das_port.patch Fixes: #12661 Fixes: 304423a4 ("hostapd: update to 2023-03-29") Signed-off-by: Andre Heider <a.heider@gmail.com>
* hostapd: remove unused legacy wireless extension supportFelix Fietkau2023-05-26
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to 2023-03-29Nick Hainke2023-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add patches: - 170-wpa_supplicant-fix-compiling-without-IEEE8021X_EAPOL.patch Remove upstreamed: - 170-DPP-fix-memleak-of-intro.peer_key.patch - 461-driver_nl80211-use-new-parameters-during-ibss-join.patch - 800-acs-don-t-select-indoor-channel-on-outdoor-operation.patch - 992-openssl-include-rsa.patch Automatically refreshed: - 011-mesh-use-deterministic-channel-on-channel-switch.patch - 021-fix-sta-add-after-previous-connection.patch - 022-hostapd-fix-use-of-uninitialized-stack-variables.patch - 030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch - 040-mesh-allow-processing-authentication-frames-in-block.patch - 050-build_fix.patch - 110-mbedtls-TLS-crypto-option-initial-port.patch - 120-mbedtls-fips186_2_prf.patch - 140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch - 150-add-NULL-checks-encountered-during-tests-hwsim.patch - 160-dpp_pkex-EC-point-mul-w-value-prime.patch - 200-multicall.patch - 300-noscan.patch - 310-rescan_immediately.patch - 330-nl80211_fix_set_freq.patch - 341-mesh-ctrl-iface-channel-switch.patch - 360-ctrl_iface_reload.patch - 381-hostapd_cli_UNKNOWN-COMMAND.patch - 390-wpa_ie_cap_workaround.patch - 410-limit_debug_messages.patch - 420-indicate-features.patch - 430-hostapd_cli_ifdef.patch - 450-scan_wait.patch - 460-wpa_supplicant-add-new-config-params-to-be-used-with.patch - 463-add-mcast_rate-to-11s.patch - 465-hostapd-config-support-random-BSS-color.patch - 500-lto-jobserver-support.patch - 590-rrm-wnm-statistics.patch - 710-vlan_no_bridge.patch - 720-iface_max_num_sta.patch - 730-ft_iface.patch - 750-qos_map_set_without_interworking.patch - 751-qos_map_ignore_when_unsupported.patch - 760-dynamic_own_ip.patch - 761-shared_das_port.patch - 990-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch Manually refresh: - 010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch - 301-mesh-noscan.patch - 340-reload_freq_change.patch - 350-nl80211_del_beacon_bss.patch - 370-ap_sta_support.patch - 380-disable_ctrl_iface_mib.patch - 464-fix-mesh-obss-check.patch - 470-survey_data_fallback.patch - 600-ubus_support.patch - 700-wifi-reload.patch - 711-wds_bridge_force.patch - 740-snoop_iface.patch Tested-by: Packet Please <pktpls@systemli.org> [Fritzbox 4040 (ipq40xx), EAP225-Outdoor (ath79); 802.11s, WPA3 OWE, and WPA3 PSK] Tested-by: Andrew Sim <andrewsimz@gmail.com> [mediatek/filogic] Signed-off-by: Nick Hainke <vincent@systemli.org>
* hostapd: allow sharing the incoming DAS port across multiple interfacesFelix Fietkau2022-12-27
| | | | | | Use the NAS identifier to find the right receiver context on incoming messages Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add mbedtls variantRosen Penev2022-12-19
| | | | | | | This adds the current WIP mbedtls patches for hostapd. The motivation here is to reduce size. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* hostapd: add support for automatically setting RADIUS own-ip dynamicallyFelix Fietkau2022-12-16
| | | | | | Some servers use the NAS-IP-Address attribute as a destination address Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix 350-nl80211_del_beacon_bss.patchAndre Heider2022-12-13
| | | | | | | | | | | | | | | | | Pass the expected struct: ../src/drivers/driver_nl80211.c: In function 'wpa_driver_nl80211_del_beacon': ../src/drivers/driver_nl80211.c:2945:31: warning: passing argument 1 of 'nl80211_bss_msg' from incompatible pointer type [-Wincompatible-pointer-types] 2945 | msg = nl80211_bss_msg(drv, 0, NL80211_CMD_DEL_BEACON); | ^~~ | | | struct wpa_driver_nl80211_data * ../src/drivers/driver_nl80211.c:695:50: note: expected 'struct i802_bss *' but argument is of type 'struct wpa_driver_nl80211_data *' 695 | struct nl_msg * nl80211_bss_msg(struct i802_bss *bss, int flags, uint8_t cmd) | ~~~~~~~~~~~~~~~~~^~~ Fixes: 35ff1affe8 "hostapd: update to 2022-05-08" Signed-off-by: Andre Heider <a.heider@gmail.com>
* hostapd: add ubus notification on sta authorizedFelix Fietkau2022-09-22
| | | | | | | Also include the station auth_type in the ubus and log message in order to detect, if clients used FT or FILS to associate Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to 2022-07-29David Bauer2022-09-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | b704dc72e tests: sigma_dut and updated ConfResult value for Configurator failures 89de431f2 DPP: Add config response status value to DPP-CONF-SENT 10104915a tests: sigma_dut and DPP PB session overlap 80d5e264c Enhance QCA vendor roam event to indicate MLO links after reassociation 662249306 Update copyright notices for the QCA vendor definitions 8adcdd659 tests: Temporary workaround for dpp_chirp_ap_5g ddcd15c2d tests: Fix fuzzing/sae build 7fa67861a tests: Fix p2p_channel_avoid3 ee3567d65 tests: Add more time for scan/connection 1d08b238c nl80211: Allow more time for the initial scan with 6 GHz ac9e6a2ab tests: Allow 6 GHz opclasses in MBO checks faf9c04cb Remove a host of unnecessary OPENSSL_IS_BORINGSSL ifdefs b9cd5a82f Always process pending QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH data ef4cd8e33 QoS: Use common classifier_mask for ipv4/ipv6 93be02592 Add fixed FDD mode to qca_btc_chain_mode QCA vendor attribute e7cbfa1c1 tests: sigma_dut and DPP Enrollee unsupported curves 5565fbee2 DPP: Check Enrollee supported curves when building Config Response ceae05cec tests: sigma_dut and DPP MUDURL setting for hostapd 4cfb484e9 DPP: Allow dpp_controller_start without arguments in CLIs c97000933 Fix ifdef condition for imsi_privacy_cert 2a9a61d6c tests: SAE with extended key AKM e35f6ed1d tests: More detailed report on SAE PMKSA caching error case f70db167a SAE: Derive a variable length PMK with the new AKM suites 91010e6f6 SAE: Indicate AKM suite selector in commit for new AKM suites e81ec0962 SAE: Use H2E unconditionally with the new AKM suites f8eed2e8b SAE: Store PMK length and AKM in SAE data 9dc4e9d13 SAE: EAPOL-Key and key/MIC length information for the new AKM suites a32ef3cfb SAE: Driver capability flags for the new SAE AKM suites 91df8c9c6 SAE: Internal WPA_KEY_MGMT_* defines for extended key AKMs 5c8a714b1 SAE: Use wpa_key_mgmt_sae() helper 5456b0f26 Define new RSN AKM suite selector values def33101c DPP: Clear push button announcement state on wpa_supplicant FLUSH 35587fa8f tests: DPP Controller/Relay with need to discover Controller d22dfe918 DPP: Event message for indicating when Relay would need a Controller ca7892e98 tests: DPP Relay and adding/removing connection to a Controller bfe3cfc38 DPP: Allow Relay connections to Controllers to be added and removed 808834b18 Add a comparison function for hostapd_ip_addr f7763880b DPP: Advertise Configurator connectivity on Relay automatically ff7cc1d49 tests: DPP Relay and dynamic Controller addition ca682f80a DPP: Dynamic Controller initiated connection on Relay d2388bcca DPP: Strict validation of PKEX peer bootstrapping key during auth a7b8cef8b DPP3: Fix push button boostrapping key passing through PKEX 69d7c8e6b DPP: Add peer=id entry for PKEX-over-TCP case b607d2723 tests: sigma_dut and DPP PB Configurator in wpa_supplicant 1ff9251a8 DPP3: Push button Configurator in wpa_supplicant b94e46bc7 tests: PB Configurator in wpa_supplicant ca4e82cbf tests: sigma_dut DPP/PKEX initiator as Configurator over TCP and Wi-Fi e9137950f DPP: Recognize own PKEX Exchange Request if it ends up being received 692956446 DPP: Note PKEX code/identifier deletion in debug log dfa9183b1 tests: DPP reconfig after Controller-initiated operation through Relay ae4a3a6f6 DPP: Add DPP-CONF-REQ-RX event for Controller 17216b524 tests: sigma_dut DPP/PKEX initiator as Configurator (TCP) through Relay fb2937b85 DPP: Allow Controller to initiate PKEX through Relay 15af83cf1 DPP: Delete PKEX code and identifier on success completion of PKEX d86ed5b72 tests: Allow DPP_PKEX_REMOVE success in dpp_pkex_hostapd_errors 0a4f391b1 tests: sigma_dut and DPP Connector Privacy 479e412a6 DPP3: Default value for dpp_connector_privacy 7d12871ba test: DPP Private Peer Introduction protocol 148de3e0d DPP3: Private Peer Introduction protocol 786ea402b HPKE base mode with single-shot API f0273bc81 OpenSSL: Remove a forgotten debug print f2bb0839f test: DPP 3rd party config information 68209ddbe DPP: Allow 3rd party information to be added into config object 0e2217c95 DPP: Allow 3rd party information to be added into config request obj 3d82fbe05 Add QCA vendor subcommand and attributes for SCS rule configuration 16b62ddfa QCA vendor attribute for DBAM configuration 004b1ff47 tests: DPP Controller initiating through Relay 451ede2c3 DPP: Allow AP/Relay to be configured to listed for new TCP connections 248654d36 tests: sigma_dut DPP PB test cases 697b7d7ec tests: DPP push button 7bbe85987 DPP3: Allow external configuration to be specified on AP for PB 8db786a43 DPP3: Testing functionality for push button announcements 37bccfcab DPP3: Push button bootstrap mechanism a0054fe7c Add AP and STA specific P802.11az security capabilities (vendor command) 159e63613 QCA vendor command for CoAP offload processing 3b7bb17f6 Add QCA vendor attribute for TIM beacon statistics 09a281e52 Add QCA vendor interface for PASN offload to userspace 809fb96fa Add a vendor attribute to configure concurrency policy for AP interface a5754f531 Rename QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY 085a3fc76 EHT: Add 320 channel width support bafe35df0 Move CHANWIDTH_* definitions from ieee80211_defs.h to defs.h 92f549901 tests: Remove the 80+80 vs. 160 part from wpa2_ocv_ap_vht160_mismatch c580c2aec tests: Make OCV negative test error cases more robust 3c2ba98ad Add QCA vendor event to indicate driver recovery after internal failures 6b461f68c Set current_ssid before changing state to ASSOCIATING 8dd826741 QCA vendor attribute to configure direct data path for audio traffic 504be2f9d QCA vendor command support to get WLAN radio combinations d5905dbc8 OCV: Check the Frequency Segment 1 Channel Number only on 80+80 MHz Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: don't select indoor channel on outdoor operationDavid Bauer2022-09-18
| | | | | | | Don't select channels designated for exclusive-indoor use when the country3 element is set on outdoor operation. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: apply patch to fix building openssl variantPaul Blazejowski2022-07-11
| | | | | | | | Add patch from: https://patchwork.ozlabs.org/project/hostap/patch/20220622121355.1337612-1-a.heider@gmail.com/ Fixes: dab9103 ("hostapd: update to 2022-06-02") Signed-off-by: Paul Blazejowski <paulb@blazebox.homeip.net>
* hostapd: update to 2022-06-02David Bauer2022-06-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 4383528e0 P2P: Use weighted preferred channel list for channel selection f2c5c8d38 QCA vendor attribute to configure RX link speed threshold for roaming 94bc94b20 Add QCA vendor attribute for DO_ACS to allow using existing scan entries b9e2826b9 P2P: Filter 6 GHz channels if peer doesn't support them d5a9944b8 Reserve QCA vendor sub command id 206..212 ed63c286f Remove space before tab in QCA vendor commands e4015440a ProxyARP: Clear bridge parameters on deinit only if hostapd set them 02047e9c8 hs20-osu-client: Explicit checks for snprintf() result cd92f7f98 FIPS PRF: Avoid duplicate SHA1Init() functionality 5c87fcc15 OpenSSL: Use internal FIPS 186-2 PRF with OpenSSL 3.0 9e305878c SAE-PK: Fix build without AES-SIV c41004d86 OpenSSL: Convert more crypto_ec_key routines to new EVP API 667a2959c OpenSSL: crypto_ec_key_get_public_key() using new EVP_PKEY API 5b97395b3 OpenSSL: crypto_ec_key_get_private_key() using new EVP_PKEY API 177ebfe10 crypto: Convert crypto_ec_key_get_public_key() to return new ec_point 26780d92f crypto: Convert crypto_ec_key_get_private_key() to return new bignum c9c2c2d9c OpenSSL: Fix a memory leak on crypto_hash_init() error path 6d19dccf9 OpenSSL: Free OSSL_DECODER_CTX in tls_global_dh() 4f4479ef9 OpenSSL: crypto_ec_key_parse_{priv,pub}() without EC_KEY API b092d8ee6 tests: imsi_privacy_attr 563699174 EAP-SIM/AKA peer: IMSI privacy attribute 1004fb7ee tests: Testing functionality to discard DPP Public Action frames 355069616 tests: Add forgotten files for expired IMSI privacy cert tests b9a222cdd tests: sigma_dut and DPP curve-from-URI special functionality fa36e7ee4 tests: sigma_dut controlled STA and EAP-AKA parameters 99165cc4b Rename wpa_supplicant imsi_privacy_key configuration parameter dde7f90a4 tests: Update VM setup example to use Ubuntu 22.04 and UML 426932f06 tests: EAP-AKA and expired imsi_privacy_key 35eda6e70 EAP-SIM peer: Free imsi_privacy_key on an error path 1328cdeb1 Do not try to use network profile with invalid imsi_privacy_key d1652dc7c OpenSSL: Refuse to accept expired RSA certificate 866e7b745 OpenSSL: Include rsa.h for OpenSSL 3.0 bc99366f9 OpenSSL: Drop security level to 0 with OpenSSL 3.0 when using TLS 1.0/1.1 39e662308 tests: Work around reentrant logging issues due to __del__ misuse 72641f924 tests: Clean up failed test list in parallel-vm.py e36a7c794 tests: Support pycryptodome a44744d3b tests: Set ECB mode for AES explicitly to work with cryptodome e90ea900a tests: sigma_dut DPP TCP Configurator as initiator with addr from URI ed325ff0f DPP: Allow TCP destination (address/port) to be used from peer URI e58dabbcf tests: DPP URI with host info 37bb4178b DPP: Host information in bootstrapping URI 1142b6e41 EHT: Do not check HE PHY capability info reserved fields 7173992b9 tests: Flush scan table in ap_wps_priority to make it more robust b9313e17e tests: Update ap_wpa2_psk_ext_delayed_ptk_rekey to match implementation bc3699179 Use Secure=1 in PTK rekeying EAPOL-Key msg 1/4 and 2/4 d2ce1b4d6 tests: Wait for request before responding in dscp_response Compile-tested: all versions / ath79-generic, ramips-mt7621 Run-tested: hostapd-wolfssl / ath79-generic, ramips-mt7621 Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: fix feature detectionRobert Marko2022-06-12
| | | | | | | | | | | Fix hostapd feature detection after the bump to 2022-05-08. getopt was not updated correctly after upstream added support for -q arg. This reenables feature detection so that LuCi can check for features like SAE, fast roaming etc. Fixes: c35ff1affe8f ("hostapd: update to 2022-05-08") Signed-off-by: Robert Marko <robimarko@gmail.com>
* hostapd: randomize default BSS colorDavid Bauer2022-06-08
| | | | | | | In case no specific BSS color is configured, set it to a random value. Signed-off-by: David Bauer <mail@david-bauer.net> Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update to 2022-05-08David Bauer2022-06-08
| | | | | | | | | | Update hostapd to Git HEAD from 2022-05-08. This allows us to take advantage of background radar-detection as well as BSS color collision detection. Suggested-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: David Bauer <mail@david-bauer.net> Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: add ubus link-measurements notificationsDavid Bauer2022-04-08
| | | | | | Notify external ubus subscribers of received link-measurement reports. Signed-off-by: David Bauer <mail@david-bauer.net>