domenico/openwrt-19.07
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
domenico
2025-06-24 16:03:39 +02:00
commit f3256cdaf2
6949 changed files with 1441681 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
package/network/services/hostapd/Config.in Normal file
View File

@@ -0,0 +1,78 @@
# wpa_supplicant config
config WPA_RFKILL_SUPPORT
bool "Add rfkill support"
depends on PACKAGE_wpa-supplicant || \
PACKAGE_wpa-supplicant-openssl || \
PACKAGE_wpa-supplicant-wolfssl || \
PACKAGE_wpa-supplicant-mesh-openssl || \
PACKAGE_wpa-supplicant-mesh-wolfssl || \
PACKAGE_wpa-supplicant-basic || \
PACKAGE_wpa-supplicant-mini || \
PACKAGE_wpa-supplicant-p2p || \
PACKAGE_wpad || \
PACKAGE_wpad-openssl || \
PACKAGE_wpad-wolfssl || \
PACKAGE_wpad-basic || \
PACKAGE_wpad-basic-wolfssl || \
PACKAGE_wpad-mini || \
PACKAGE_wpad-mesh-openssl || \
PACKAGE_wpad-mesh-wolfssl
default n
config WPA_MSG_MIN_PRIORITY
int "Minimum debug message priority"
depends on PACKAGE_wpa-supplicant || \
PACKAGE_wpa-supplicant-openssl || \
PACKAGE_wpa-supplicant-wolfssl || \
PACKAGE_wpa-supplicant-mesh-openssl || \
PACKAGE_wpa-supplicant-mesh-wolfssl || \
PACKAGE_wpa-supplicant-basic || \
PACKAGE_wpa-supplicant-mini || \
PACKAGE_wpa-supplicant-p2p || \
PACKAGE_wpad || \
PACKAGE_wpad-openssl || \
PACKAGE_wpad-wolfssl || \
PACKAGE_wpad-basic || \
PACKAGE_wpad-basic-wolfssl || \
PACKAGE_wpad-mini || \
PACKAGE_wpad-mesh-openssl || \
PACKAGE_wpad-mesh-wolfssl
default 3
help
Useful values are:
0 = all messages
1 = raw message dumps
2 = most debugging messages
3 = info messages
4 = warnings
5 = errors
config WPA_WOLFSSL
bool
default PACKAGE_wpa-supplicant-wolfssl ||\
PACKAGE_wpad-wolfssl ||\
PACKAGE_wpad-basic-wolfssl || \
PACKAGE_wpad-mesh-wolfssl ||\
PACKAGE_eapol-test-wolfssl
select WOLFSSL_HAS_AES_CCM
select WOLFSSL_HAS_ARC4
select WOLFSSL_HAS_DH
select WOLFSSL_HAS_OCSP
select WOLFSSL_HAS_SESSION_TICKET
select WOLFSSL_HAS_WPAS
config DRIVER_WEXT_SUPPORT
bool
default n
config DRIVER_11N_SUPPORT
bool
default n
config DRIVER_11AC_SUPPORT
bool
default n
config DRIVER_11W_SUPPORT
bool
default n

642
package/network/services/hostapd/Makefile Normal file
View File

@@ -0,0 +1,642 @@
# Copyright (C) 2006-2014 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=hostapd
PKG_RELEASE:=7
PKG_SOURCE_URL:=http://w1.fi/hostap.git
PKG_SOURCE_PROTO:=git
PKG_SOURCE_DATE:=2019-08-08
PKG_SOURCE_VERSION:=ca8c2bd28ad53f431d6ee60ef754e98cfdb4c17b
PKG_MIRROR_HASH:=9d9f1c60afa5324ee17219bd3ec61c1a6fa4043b4187da9bb44e59025d3ed31d
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
PKG_LICENSE:=BSD-3-Clause
PKG_CPE_ID:=cpe:/a:w1.fi:hostapd
PKG_BUILD_PARALLEL:=1
PKG_CONFIG_DEPENDS:= \
CONFIG_PACKAGE_kmod-ath9k \
CONFIG_PACKAGE_kmod-cfg80211 \
CONFIG_PACKAGE_hostapd \
CONFIG_PACKAGE_hostapd-basic \
CONFIG_PACKAGE_hostapd-mini \
CONFIG_WPA_RFKILL_SUPPORT \
CONFIG_DRIVER_WEXT_SUPPORT \
CONFIG_DRIVER_11N_SUPPORT \
CONFIG_DRIVER_11AC_SUPPORT \
EAPOL_TEST_PROVIDERS:=eapol-test eapol-test-openssl eapol-test-wolfssl
SUPPLICANT_PROVIDERS:=
HOSTAPD_PROVIDERS:=
LOCAL_TYPE=$(strip \
$(if $(findstring wpad,$(BUILD_VARIANT)),wpad, \
$(if $(findstring supplicant,$(BUILD_VARIANT)),supplicant, \
hostapd \
)))
LOCAL_AND_LIB_VARIANT=$(patsubst hostapd-%,%,\
$(patsubst wpad-%,%,\
$(patsubst supplicant-%,%,\
$(BUILD_VARIANT)\
)))
LOCAL_VARIANT=$(patsubst %-internal,%,\
$(patsubst %-openssl,%,\
$(patsubst %-wolfssl,%,\
$(LOCAL_AND_LIB_VARIANT)\
)))
SSL_VARIANT=$(strip \
$(if $(findstring openssl,$(LOCAL_AND_LIB_VARIANT)),openssl,\
$(if $(findstring wolfssl,$(LOCAL_AND_LIB_VARIANT)),wolfssl,\
internal\
)))
CONFIG_VARIANT:=$(LOCAL_VARIANT)
ifeq ($(LOCAL_VARIANT),mesh)
CONFIG_VARIANT:=full
endif
include $(INCLUDE_DIR)/package.mk
STAMP_CONFIGURED:=$(STAMP_CONFIGURED)_$(CONFIG_WPA_MSG_MIN_PRIORITY)
ifneq ($(CONFIG_DRIVER_11N_SUPPORT),)
HOSTAPD_IEEE80211N:=y
endif
ifneq ($(CONFIG_DRIVER_11AC_SUPPORT),)
HOSTAPD_IEEE80211AC:=y
endif
DRIVER_MAKEOPTS= \
CONFIG_ACS=$(CONFIG_PACKAGE_kmod-cfg80211) \
CONFIG_DRIVER_NL80211=$(CONFIG_PACKAGE_kmod-cfg80211) \
CONFIG_IEEE80211N=$(HOSTAPD_IEEE80211N) \
CONFIG_IEEE80211AC=$(HOSTAPD_IEEE80211AC) \
CONFIG_DRIVER_WEXT=$(CONFIG_DRIVER_WEXT_SUPPORT) \
ifneq ($(LOCAL_VARIANT),mini)
DRIVER_MAKEOPTS += CONFIG_IEEE80211W=$(CONFIG_DRIVER_11W_SUPPORT)
endif
ifeq ($(SSL_VARIANT),openssl)
DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y
TARGET_LDFLAGS += -lcrypto -lssl
ifeq ($(LOCAL_VARIANT),mesh)
DRIVER_MAKEOPTS += CONFIG_AP=y CONFIG_MESH=y
endif
ifeq ($(LOCAL_VARIANT),full)
DRIVER_MAKEOPTS += CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y
endif
endif
ifeq ($(SSL_VARIANT),wolfssl)
DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_SAE=y
TARGET_LDFLAGS += -lwolfssl
ifeq ($(LOCAL_VARIANT),mesh)
DRIVER_MAKEOPTS += CONFIG_AP=y CONFIG_MESH=y CONFIG_WPS_NFC=1
endif
ifeq ($(LOCAL_VARIANT),full)
DRIVER_MAKEOPTS += CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y CONFIG_WPS_NFC=1
endif
endif
ifneq ($(LOCAL_TYPE),hostapd)
ifdef CONFIG_WPA_RFKILL_SUPPORT
DRIVER_MAKEOPTS += NEED_RFKILL=y
endif
endif
ifdef CONFIG_USE_GLIBC
TARGET_LDFLAGS += -lrt
TARGET_LDFLAGS_C += -lrt
endif
DRV_DEPENDS:=+PACKAGE_kmod-cfg80211:libnl-tiny
define Package/hostapd/Default
SECTION:=net
CATEGORY:=Network
TITLE:=IEEE 802.1x Authenticator
URL:=http://hostap.epitest.fi/
DEPENDS:=$(DRV_DEPENDS) +hostapd-common +libubus
PROVIDES:=hostapd
CONFLICTS:=$(HOSTAPD_PROVIDERS)
HOSTAPD_PROVIDERS+=$(1)
endef
define Package/hostapd
$(call Package/hostapd/Default,$(1))
TITLE+= (built-in full)
VARIANT:=full-internal
endef
define Package/hostapd/description
This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS
Authenticator.
endef
define Package/hostapd-openssl
$(call Package/hostapd/Default,$(1))
TITLE+= (OpenSSL full)
VARIANT:=full-openssl
DEPENDS+=+libopenssl
endef
Package/hostapd-openssl/description = $(Package/hostapd/description)
define Package/hostapd-wolfssl
$(call Package/hostapd/Default,$(1))
TITLE+= (wolfSSL full)
VARIANT:=full-wolfssl
DEPENDS+=+libwolfssl
endef
Package/hostapd-wolfssl/description = $(Package/hostapd/description)
define Package/hostapd-basic
$(call Package/hostapd/Default,$(1))
TITLE+= (WPA-PSK, 11r, 11w)
VARIANT:=basic
endef
define Package/hostapd-basic/description
This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.
endef
define Package/hostapd-mini
$(call Package/hostapd/Default,$(1))
TITLE+= (WPA-PSK only)
VARIANT:=mini
endef
define Package/hostapd-mini/description
This package contains a minimal IEEE 802.1x/WPA Authenticator (WPA-PSK only).
endef
define Package/wpad/Default
SECTION:=net
CATEGORY:=Network
TITLE:=IEEE 802.1x Auth/Supplicant
DEPENDS:=$(DRV_DEPENDS) +hostapd-common +libubus
URL:=http://hostap.epitest.fi/
PROVIDES:=hostapd wpa-supplicant
CONFLICTS:=$(HOSTAPD_PROVIDERS) $(SUPPLICANT_PROVIDERS)
HOSTAPD_PROVIDERS+=$(1)
SUPPLICANT_PROVIDERS+=$(1)
endef
define Package/wpad
$(call Package/wpad/Default,$(1))
TITLE+= (built-in full)
VARIANT:=wpad-full-internal
endef
define Package/wpad/description
This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS
Authenticator and Supplicant
endef
define Package/wpad-openssl
$(call Package/wpad/Default,$(1))
TITLE+= (OpenSSL full)
VARIANT:=wpad-full-openssl
DEPENDS+=+libopenssl
endef
Package/wpad-openssl/description = $(Package/wpad/description)
define Package/wpad-wolfssl
$(call Package/wpad/Default,$(1))
TITLE+= (wolfSSL full)
VARIANT:=wpad-full-wolfssl
DEPENDS+=+libwolfssl
endef
Package/wpad-wolfssl/description = $(Package/wpad/description)
define Package/wpad-basic
$(call Package/wpad/Default,$(1))
TITLE+= (WPA-PSK, 11r, 11w)
VARIANT:=wpad-basic
endef
define Package/wpad-basic/description
This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, 802.11r and 802.11w support.
endef
define Package/wpad-basic-wolfssl
$(call Package/wpad/Default,$(1))
TITLE+= (wolfSSL, 11r, 11w)
VARIANT:=wpad-basic-wolfssl
DEPENDS+=+libwolfssl
endef
define Package/wpad-basic-wolfssl/description
This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w support.
endef
define Package/wpad-mini
$(call Package/wpad/Default,$(1))
TITLE+= (WPA-PSK only)
VARIANT:=wpad-mini
endef
define Package/wpad-mini/description
This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (WPA-PSK only).
endef
define Package/wpad-mesh
$(call Package/wpad/Default,$(1))
DEPENDS+=@PACKAGE_kmod-cfg80211 @(!TARGET_uml||BROKEN)
PROVIDES+=wpa-supplicant-mesh wpad-mesh
endef
define Package/wpad-mesh/description
This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (with 802.11s mesh and SAE support).
endef
define Package/wpad-mesh-openssl
$(call Package/wpad-mesh,$(1))
TITLE+= (OpenSSL, 11s, SAE)
DEPENDS+=+libopenssl
VARIANT:=wpad-mesh-openssl
endef
Package/wpad-mesh-openssl/description = $(Package/wpad-mesh/description)
define Package/wpad-mesh-wolfssl
$(call Package/wpad-mesh,$(1))
TITLE+= (wolfSSL, 11s, SAE)
DEPENDS+=+libwolfssl
VARIANT:=wpad-mesh-wolfssl
endef
Package/wpad-mesh-wolfssl/description = $(Package/wpad-mesh/description)
define Package/wpa-supplicant/Default
SECTION:=net
CATEGORY:=Network
TITLE:=WPA Supplicant
URL:=http://hostap.epitest.fi/wpa_supplicant/
DEPENDS:=$(DRV_DEPENDS) +hostapd-common +libubus
PROVIDES:=wpa-supplicant
CONFLICTS:=$(SUPPLICANT_PROVIDERS)
SUPPLICANT_PROVIDERS+=$(1)
endef
define Package/wpa-supplicant
$(call Package/wpa-supplicant/Default,$(1))
TITLE+= (built-in full)
VARIANT:=supplicant-full-internal
endef
define Package/wpa-supplicant-openssl
$(call Package/wpa-supplicant/Default,$(1))
TITLE+= (OpenSSL full)
VARIANT:=supplicant-full-openssl
DEPENDS+=+libopenssl
endef
define Package/wpa-supplicant-wolfssl
$(call Package/wpa-supplicant/Default,$(1))
TITLE+= (wolfSSL full)
VARIANT:=supplicant-full-wolfssl
DEPENDS+=+libwolfssl
endef
define Package/wpa-supplicant/config
source "$(SOURCE)/Config.in"
endef
define Package/wpa-supplicant-p2p
$(call Package/wpa-supplicant/Default,$(1))
TITLE+= (Wi-Fi P2P support)
DEPENDS+=@PACKAGE_kmod-cfg80211
VARIANT:=supplicant-p2p-internal
endef
define Package/wpa-supplicant-mesh/Default
$(call Package/wpa-supplicant/Default,$(1))
DEPENDS+=@PACKAGE_kmod-cfg80211 @(!TARGET_uml||BROKEN)
PROVIDES+=wpa-supplicant-mesh
endef
define Package/wpa-supplicant-mesh-openssl
$(call Package/wpa-supplicant-mesh/Default,$(1))
TITLE+= (OpenSSL, 11s, SAE)
VARIANT:=supplicant-mesh-openssl
DEPENDS+=+libopenssl
endef
define Package/wpa-supplicant-mesh-wolfssl
$(call Package/wpa-supplicant-mesh/Default,$(1))
TITLE+= (wolfSSL, 11s, SAE)
VARIANT:=supplicant-mesh-wolfssl
DEPENDS+=+libwolfssl
endef
define Package/wpa-supplicant-basic
$(call Package/wpa-supplicant/Default,$(1))
TITLE+= (11r, 11w)
VARIANT:=supplicant-basic
endef
define Package/wpa-supplicant-mini
$(call Package/wpa-supplicant/Default,$(1))
TITLE+= (minimal)
VARIANT:=supplicant-mini
endef
define Package/hostapd-common
TITLE:=hostapd/wpa_supplicant common support files
SECTION:=net
CATEGORY:=Network
endef
define Package/hostapd-utils
SECTION:=net
CATEGORY:=Network
TITLE:=IEEE 802.1x Authenticator (utils)
URL:=http://hostap.epitest.fi/
DEPENDS:=@$(subst $(space),||,$(foreach pkg,$(HOSTAPD_PROVIDERS),PACKAGE_$(pkg)))
endef
define Package/hostapd-utils/description
This package contains a command line utility to control the
IEEE 802.1x/WPA/EAP/RADIUS Authenticator.
endef
define Package/wpa-cli
SECTION:=net
CATEGORY:=Network
DEPENDS:=@$(subst $(space),||,$(foreach pkg,$(SUPPLICANT_PROVIDERS),PACKAGE_$(pkg)))
TITLE:=WPA Supplicant command line control utility
endef
define Package/eapol-test/Default
TITLE:=802.1x auth test utility
SECTION:=net
CATEGORY:=Network
DEPENDS:=$(DRV_DEPENDS) +libubus
endef
define Package/eapol-test
$(call Package/eapol-test/Default,$(1))
TITLE+= (built-in full)
VARIANT:=supplicant-full-internal
endef
define Package/eapol-test-openssl
$(call Package/eapol-test/Default,$(1))
TITLE+= (OpenSSL full)
VARIANT:=supplicant-full-openssl
CONFLICTS:=$(filter-out eapol-test-openssl ,$(EAPOL_TEST_PROVIDERS))
DEPENDS+=+libopenssl
PROVIDES:=eapol-test
endef
define Package/eapol-test-wolfssl
$(call Package/eapol-test/Default,$(1))
TITLE+= (wolfSSL full)
VARIANT:=supplicant-full-wolfssl
CONFLICTS:=$(filter-out eapol-test-openssl ,$(filter-out eapol-test-wolfssl ,$(EAPOL_TEST_PROVIDERS)))
DEPENDS+=+libwolfssl
PROVIDES:=eapol-test
endef
ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
define Build/Configure/rebuild
$(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.a | $(XARGS) rm -f
rm -f $(PKG_BUILD_DIR)/hostapd/hostapd
rm -f $(PKG_BUILD_DIR)/wpa_supplicant/wpa_supplicant
rm -f $(PKG_BUILD_DIR)/.config_*
touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
endef
endif
define Build/Configure
$(Build/Configure/rebuild)
$(if $(wildcard ./files/hostapd-$(CONFIG_VARIANT).config), \
$(CP) ./files/hostapd-$(CONFIG_VARIANT).config $(PKG_BUILD_DIR)/hostapd/.config \
)
$(CP) ./files/wpa_supplicant-$(CONFIG_VARIANT).config $(PKG_BUILD_DIR)/wpa_supplicant/.config
endef
TARGET_CPPFLAGS := \
-I$(STAGING_DIR)/usr/include/libnl-tiny \
-I$(PKG_BUILD_DIR)/src/crypto \
$(TARGET_CPPFLAGS) \
-DCONFIG_LIBNL20 \
-D_GNU_SOURCE \
$(if $(CONFIG_WPA_MSG_MIN_PRIORITY),-DCONFIG_MSG_MIN_PRIORITY=$(CONFIG_WPA_MSG_MIN_PRIORITY))
TARGET_CFLAGS += -ffunction-sections -fdata-sections -flto
TARGET_LDFLAGS += -Wl,--gc-sections -flto=jobserver -fuse-linker-plugin -lubox -lubus
ifdef CONFIG_PACKAGE_kmod-cfg80211
TARGET_LDFLAGS += -lm -lnl-tiny
endif
define Build/RunMake
CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \
$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/$(1) \
$(TARGET_CONFIGURE_OPTS) \
$(DRIVER_MAKEOPTS) \
LIBS="$(TARGET_LDFLAGS)" \
LIBS_c="$(TARGET_LDFLAGS_C)" \
AR="$(TARGET_CROSS)gcc-ar" \
BCHECK= \
$(2)
endef
define Build/Compile/wpad
echo ` \
$(call Build/RunMake,hostapd,-s MULTICALL=1 dump_cflags); \
$(call Build/RunMake,wpa_supplicant,-s MULTICALL=1 dump_cflags) | \
sed -e 's,-n ,,g' -e 's^$(TARGET_CFLAGS)^^' \
` > $(PKG_BUILD_DIR)/.cflags
sed -i 's/"/\\"/g' $(PKG_BUILD_DIR)/.cflags
+$(call Build/RunMake,hostapd, \
CFLAGS="$$$$(cat $(PKG_BUILD_DIR)/.cflags)" \
MULTICALL=1 \
hostapd_cli hostapd_multi.a \
)
+$(call Build/RunMake,wpa_supplicant, \
CFLAGS="$$$$(cat $(PKG_BUILD_DIR)/.cflags)" \
MULTICALL=1 \
wpa_cli wpa_supplicant_multi.a \
)
+export MAKEFLAGS="$(MAKE_JOBSERVER)"; $(TARGET_CC) -o $(PKG_BUILD_DIR)/wpad \
$(TARGET_CFLAGS) \
./files/multicall.c \
$(PKG_BUILD_DIR)/hostapd/hostapd_multi.a \
$(PKG_BUILD_DIR)/wpa_supplicant/wpa_supplicant_multi.a \
$(TARGET_LDFLAGS)
endef
define Build/Compile/hostapd
+$(call Build/RunMake,hostapd, \
hostapd hostapd_cli \
)
endef
define Build/Compile/supplicant
+$(call Build/RunMake,wpa_supplicant, \
wpa_cli wpa_supplicant \
)
endef
define Build/Compile/supplicant-full-internal
+$(call Build/RunMake,wpa_supplicant, \
eapol_test \
)
endef
define Build/Compile/supplicant-full-openssl
+$(call Build/RunMake,wpa_supplicant, \
eapol_test \
)
endef
define Build/Compile/supplicant-full-wolfssl
+$(call Build/RunMake,wpa_supplicant, \
eapol_test \
)
endef
define Build/Compile
$(Build/Compile/$(LOCAL_TYPE))
$(Build/Compile/$(BUILD_VARIANT))
endef
define Install/hostapd
$(INSTALL_DIR) $(1)/usr/sbin
endef
define Install/supplicant
$(INSTALL_DIR) $(1)/usr/sbin
endef
define Package/hostapd-common/install
$(INSTALL_DIR) $(1)/lib/netifd $(1)/etc/rc.button
$(INSTALL_DATA) ./files/hostapd.sh $(1)/lib/netifd/hostapd.sh
$(INSTALL_BIN) ./files/wps-hotplug.sh $(1)/etc/rc.button/wps
endef
define Package/hostapd/install
$(call Install/hostapd,$(1))
$(INSTALL_BIN) $(PKG_BUILD_DIR)/hostapd/hostapd $(1)/usr/sbin/
endef
Package/hostapd-basic/install = $(Package/hostapd/install)
Package/hostapd-mini/install = $(Package/hostapd/install)
Package/hostapd-openssl/install = $(Package/hostapd/install)
Package/hostapd-wolfssl/install = $(Package/hostapd/install)
ifneq ($(LOCAL_TYPE),supplicant)
define Package/hostapd-utils/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/hostapd/hostapd_cli $(1)/usr/sbin/
endef
endif
define Package/wpad/install
$(call Install/hostapd,$(1))
$(call Install/supplicant,$(1))
$(INSTALL_BIN) $(PKG_BUILD_DIR)/wpad $(1)/usr/sbin/
$(LN) wpad $(1)/usr/sbin/hostapd
$(LN) wpad $(1)/usr/sbin/wpa_supplicant
endef
Package/wpad-basic/install = $(Package/wpad/install)
Package/wpad-basic-wolfssl/install = $(Package/wpad/install)
Package/wpad-mini/install = $(Package/wpad/install)
Package/wpad-openssl/install = $(Package/wpad/install)
Package/wpad-wolfssl/install = $(Package/wpad/install)
Package/wpad-mesh-openssl/install = $(Package/wpad/install)
Package/wpad-mesh-wolfssl/install = $(Package/wpad/install)
define Package/wpa-supplicant/install
$(call Install/supplicant,$(1))
$(INSTALL_BIN) $(PKG_BUILD_DIR)/wpa_supplicant/wpa_supplicant $(1)/usr/sbin/
endef
Package/wpa-supplicant-basic/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-mini/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-p2p/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-openssl/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-wolfssl/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-mesh-openssl/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-mesh-wolfssl/install = $(Package/wpa-supplicant/install)
ifneq ($(LOCAL_TYPE),hostapd)
define Package/wpa-cli/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/wpa_cli $(1)/usr/sbin/
endef
endif
ifeq ($(BUILD_VARIANT),supplicant-full-internal)
define Package/eapol-test/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/
endef
endif
ifeq ($(BUILD_VARIANT),supplicant-full-openssl)
define Package/eapol-test-openssl/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/
endef
endif
ifeq ($(BUILD_VARIANT),supplicant-full-wolfssl)
define Package/eapol-test-wolfssl/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/
endef
endif
$(eval $(call BuildPackage,hostapd))
$(eval $(call BuildPackage,hostapd-basic))
$(eval $(call BuildPackage,hostapd-mini))
$(eval $(call BuildPackage,hostapd-openssl))
$(eval $(call BuildPackage,hostapd-wolfssl))
$(eval $(call BuildPackage,wpad))
$(eval $(call BuildPackage,wpad-mesh-openssl))
$(eval $(call BuildPackage,wpad-mesh-wolfssl))
$(eval $(call BuildPackage,wpad-basic))
$(eval $(call BuildPackage,wpad-basic-wolfssl))
$(eval $(call BuildPackage,wpad-mini))
$(eval $(call BuildPackage,wpad-openssl))
$(eval $(call BuildPackage,wpad-wolfssl))
$(eval $(call BuildPackage,wpa-supplicant))
$(eval $(call BuildPackage,wpa-supplicant-mesh-openssl))
$(eval $(call BuildPackage,wpa-supplicant-mesh-wolfssl))
$(eval $(call BuildPackage,wpa-supplicant-basic))
$(eval $(call BuildPackage,wpa-supplicant-mini))
$(eval $(call BuildPackage,wpa-supplicant-p2p))
$(eval $(call BuildPackage,wpa-supplicant-openssl))
$(eval $(call BuildPackage,wpa-supplicant-wolfssl))
$(eval $(call BuildPackage,wpa-cli))
$(eval $(call BuildPackage,hostapd-utils))
$(eval $(call BuildPackage,hostapd-common))
$(eval $(call BuildPackage,eapol-test))
$(eval $(call BuildPackage,eapol-test-openssl))
$(eval $(call BuildPackage,eapol-test-wolfssl))

396
package/network/services/hostapd/files/hostapd-basic.config Normal file
View File

@@ -0,0 +1,396 @@
# Example hostapd build time configuration
#
# This file lists the configuration options that are used when building the
# hostapd binary. All lines starting with # are ignored. Configuration option
# lines must be commented out complete, if they are not to be included, i.e.,
# just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cass, these lines should use += in order not
# to override previous values of the variables.
# Driver interface for Host AP driver
#CONFIG_DRIVER_HOSTAP=y
# Driver interface for wired authenticator
CONFIG_DRIVER_WIRED=y
# Driver interface for drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for no driver (e.g., RADIUS server only)
#CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
#CONFIG_IAPP=y
# WPA2/IEEE 802.11i RSN pre-authentication
CONFIG_RSN_PREAUTH=y
# IEEE 802.11w (management frame protection)
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Integrated EAP server
#CONFIG_EAP=y
# EAP Re-authentication Protocol (ERP) in integrated EAP server
#CONFIG_ERP=y
# EAP-MD5 for the integrated EAP server
#CONFIG_EAP_MD5=y
# EAP-TLS for the integrated EAP server
#CONFIG_EAP_TLS=y
# EAP-MSCHAPv2 for the integrated EAP server
#CONFIG_EAP_MSCHAPV2=y
# EAP-PEAP for the integrated EAP server
#CONFIG_EAP_PEAP=y
# EAP-GTC for the integrated EAP server
#CONFIG_EAP_GTC=y
# EAP-TTLS for the integrated EAP server
#CONFIG_EAP_TTLS=y
# EAP-SIM for the integrated EAP server
#CONFIG_EAP_SIM=y
# EAP-AKA for the integrated EAP server
#CONFIG_EAP_AKA=y
# EAP-AKA' for the integrated EAP server
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# EAP-PAX for the integrated EAP server
#CONFIG_EAP_PAX=y
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd for the integrated EAP server (secure authentication with a password)
#CONFIG_EAP_PWD=y
# EAP-SAKE for the integrated EAP server
#CONFIG_EAP_SAKE=y
# EAP-GPSK for the integrated EAP server
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
#CONFIG_EAP_FAST=y
# EAP-TEAP for the integrated EAP server
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# Wi-Fi Protected Setup (WPS)
#CONFIG_WPS=y
# Enable UPnP support for external WPS Registrars
#CONFIG_WPS_UPNP=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# Trusted Network Connect (EAP-TNC)
#CONFIG_EAP_TNC=y
# EAP-EKE for the integrated EAP server
#CONFIG_EAP_EKE=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
#CONFIG_PKCS12=y
# RADIUS authentication server. This provides access to the integrated EAP
# server from external hosts using RADIUS.
#CONFIG_RADIUS_SERVER=y
# Build IPv6 support for RADIUS operations
#CONFIG_IPV6=y
# IEEE Std 802.11r-2008 (Fast BSS Transition)
CONFIG_IEEE80211R=y
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
CONFIG_IEEE80211N=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
# IEEE 802.11ac (Very High Throughput) support
CONFIG_IEEE80211AC=y
# IEEE 802.11ax HE support
# Note: This is experimental and work in progress. The definitions are still
# subject to change and this should not be expected to interoperate with the
# final IEEE 802.11ax version.
#CONFIG_IEEE80211AX=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
# code is not needed.
#CONFIG_NO_STDOUT_DEBUG=y
# Add support for writing debug log to a file: -f /tmp/hostapd.log
# Disabled by default.
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Remove support for RADIUS accounting
CONFIG_NO_ACCOUNTING=y
# Remove support for RADIUS
CONFIG_NO_RADIUS=y
# Remove support for VLANs
#CONFIG_NO_VLAN=y
# Enable support for fully dynamic VLANs. This enables hostapd to
# automatically create bridge and VLAN interfaces if necessary.
#CONFIG_FULL_DYNAMIC_VLAN=y
# Use netlink-based kernel API for VLAN operations instead of ioctl()
# Note: This requires libnl 3.1 or newer.
#CONFIG_VLAN_NETLINK=y
# Remove support for dumping internal state through control interface commands
# This can be used to reduce binary size at the cost of disabling a debugging
# option.
CONFIG_NO_DUMP_STATE=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, comment out these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, comment out these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# hostapd depends on strong random number generation being available from the
# operating system. os_get_random() function is used to fetch random data when
# needed, e.g., for key generation. On Linux and BSD systems, this works by
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
# properly initialized before hostapd is started. This is important especially
# on embedded devices that do not have a hardware random number generator and
# may by default start up with minimal entropy available for random number
# generation.
#
# As a safety net, hostapd is by default trying to internally collect
# additional entropy for generating random data to mix in with the data
# fetched from the OS. This by itself is not considered to be very strong, but
# it may help in cases where the system pool is not initialized properly.
# However, it is very strongly recommended that the system pool is initialized
# with enough entropy either by using hardware assisted random number
# generator or by storing state over device reboots.
#
# hostapd can be configured to maintain its own entropy store over restarts to
# enhance random number generation. This is not perfect, but it is much more
# secure than using the same sequence of random numbers after every reboot.
# This can be enabled with -e<entropy file> command line option. The specified
# file needs to be readable and writable by hostapd.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal hostapd random pool can be disabled.
# This will save some in binary size and CPU use. However, this should only be
# considered for builds that are known to be used on devices that meet the
# requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
#CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used.
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms.
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks.
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
#CONFIG_SQLITE=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# Testing options
# This can be used to enable some testing options (see also the example
# configuration file) that are really useful only for testing clients that
# connect to this hostapd. These options allow, for example, to drop a
# certain percentage of probe requests or auth/(re)assoc frames.
#
#CONFIG_TESTING_OPTIONS=y
# Automatic Channel Selection
# This will allow hostapd to pick the channel automatically when channel is set
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# You can customize the ACS survey algorithm with the hostapd.conf variable
# acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#
#CONFIG_ACS=y
# Multiband Operation support
# These extentions facilitate efficient use of multiple frequency bands
# available to the AP and the devices that may associate with it.
#CONFIG_MBO=y
# Client Taxonomy
# Has the AP retain the Probe Request and (Re)Association Request frames from
# a client, from which a signature can be produced which can identify the model
# of client device like "Nexus 6P" or "iPhone 5s".
#CONFIG_TAXONOMY=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Include internal line edit mode in hostapd_cli. This can be used to provide
# limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Airtime policy support
#CONFIG_AIRTIME_POLICY=y
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y

396
package/network/services/hostapd/files/hostapd-full.config Normal file
View File

@@ -0,0 +1,396 @@
# Example hostapd build time configuration
#
# This file lists the configuration options that are used when building the
# hostapd binary. All lines starting with # are ignored. Configuration option
# lines must be commented out complete, if they are not to be included, i.e.,
# just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cass, these lines should use += in order not
# to override previous values of the variables.
# Driver interface for Host AP driver
#CONFIG_DRIVER_HOSTAP=y
# Driver interface for wired authenticator
CONFIG_DRIVER_WIRED=y
# Driver interface for drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for no driver (e.g., RADIUS server only)
#CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
CONFIG_IAPP=y
# WPA2/IEEE 802.11i RSN pre-authentication
CONFIG_RSN_PREAUTH=y
# IEEE 802.11w (management frame protection)
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Integrated EAP server
CONFIG_EAP=y
# EAP Re-authentication Protocol (ERP) in integrated EAP server
#CONFIG_ERP=y
# EAP-MD5 for the integrated EAP server
CONFIG_EAP_MD5=y
# EAP-TLS for the integrated EAP server
CONFIG_EAP_TLS=y
# EAP-MSCHAPv2 for the integrated EAP server
CONFIG_EAP_MSCHAPV2=y
# EAP-PEAP for the integrated EAP server
CONFIG_EAP_PEAP=y
# EAP-GTC for the integrated EAP server
CONFIG_EAP_GTC=y
# EAP-TTLS for the integrated EAP server
CONFIG_EAP_TTLS=y
# EAP-SIM for the integrated EAP server
#CONFIG_EAP_SIM=y
# EAP-AKA for the integrated EAP server
#CONFIG_EAP_AKA=y
# EAP-AKA' for the integrated EAP server
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# EAP-PAX for the integrated EAP server
#CONFIG_EAP_PAX=y
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd for the integrated EAP server (secure authentication with a password)
#CONFIG_EAP_PWD=y
# EAP-SAKE for the integrated EAP server
#CONFIG_EAP_SAKE=y
# EAP-GPSK for the integrated EAP server
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
CONFIG_EAP_FAST=y
# EAP-TEAP for the integrated EAP server
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
# Enable UPnP support for external WPS Registrars
#CONFIG_WPS_UPNP=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# Trusted Network Connect (EAP-TNC)
#CONFIG_EAP_TNC=y
# EAP-EKE for the integrated EAP server
#CONFIG_EAP_EKE=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# RADIUS authentication server. This provides access to the integrated EAP
# server from external hosts using RADIUS.
#CONFIG_RADIUS_SERVER=y
# Build IPv6 support for RADIUS operations
CONFIG_IPV6=y
# IEEE Std 802.11r-2008 (Fast BSS Transition)
CONFIG_IEEE80211R=y
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
CONFIG_IEEE80211N=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
CONFIG_WNM=y
# IEEE 802.11ac (Very High Throughput) support
CONFIG_IEEE80211AC=y
# IEEE 802.11ax HE support
# Note: This is experimental and work in progress. The definitions are still
# subject to change and this should not be expected to interoperate with the
# final IEEE 802.11ax version.
#CONFIG_IEEE80211AX=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
# code is not needed.
#CONFIG_NO_STDOUT_DEBUG=y
# Add support for writing debug log to a file: -f /tmp/hostapd.log
# Disabled by default.
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Remove support for RADIUS accounting
#CONFIG_NO_ACCOUNTING=y
# Remove support for RADIUS
#CONFIG_NO_RADIUS=y
# Remove support for VLANs
#CONFIG_NO_VLAN=y
# Enable support for fully dynamic VLANs. This enables hostapd to
# automatically create bridge and VLAN interfaces if necessary.
CONFIG_FULL_DYNAMIC_VLAN=y
# Use netlink-based kernel API for VLAN operations instead of ioctl()
# Note: This requires libnl 3.1 or newer.
#CONFIG_VLAN_NETLINK=y
# Remove support for dumping internal state through control interface commands
# This can be used to reduce binary size at the cost of disabling a debugging
# option.
CONFIG_NO_DUMP_STATE=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, comment out these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, comment out these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# hostapd depends on strong random number generation being available from the
# operating system. os_get_random() function is used to fetch random data when
# needed, e.g., for key generation. On Linux and BSD systems, this works by
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
# properly initialized before hostapd is started. This is important especially
# on embedded devices that do not have a hardware random number generator and
# may by default start up with minimal entropy available for random number
# generation.
#
# As a safety net, hostapd is by default trying to internally collect
# additional entropy for generating random data to mix in with the data
# fetched from the OS. This by itself is not considered to be very strong, but
# it may help in cases where the system pool is not initialized properly.
# However, it is very strongly recommended that the system pool is initialized
# with enough entropy either by using hardware assisted random number
# generator or by storing state over device reboots.
#
# hostapd can be configured to maintain its own entropy store over restarts to
# enhance random number generation. This is not perfect, but it is much more
# secure than using the same sequence of random numbers after every reboot.
# This can be enabled with -e<entropy file> command line option. The specified
# file needs to be readable and writable by hostapd.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal hostapd random pool can be disabled.
# This will save some in binary size and CPU use. However, this should only be
# considered for builds that are known to be used on devices that meet the
# requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
#CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used.
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms.
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks.
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
#CONFIG_SQLITE=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# Testing options
# This can be used to enable some testing options (see also the example
# configuration file) that are really useful only for testing clients that
# connect to this hostapd. These options allow, for example, to drop a
# certain percentage of probe requests or auth/(re)assoc frames.
#
#CONFIG_TESTING_OPTIONS=y
# Automatic Channel Selection
# This will allow hostapd to pick the channel automatically when channel is set
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# You can customize the ACS survey algorithm with the hostapd.conf variable
# acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#
#CONFIG_ACS=y
# Multiband Operation support
# These extentions facilitate efficient use of multiple frequency bands
# available to the AP and the devices that may associate with it.
#CONFIG_MBO=y
# Client Taxonomy
# Has the AP retain the Probe Request and (Re)Association Request frames from
# a client, from which a signature can be produced which can identify the model
# of client device like "Nexus 6P" or "iPhone 5s".
CONFIG_TAXONOMY=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Include internal line edit mode in hostapd_cli. This can be used to provide
# limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Airtime policy support
#CONFIG_AIRTIME_POLICY=y
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y

396
package/network/services/hostapd/files/hostapd-mini.config Normal file
View File

@@ -0,0 +1,396 @@
# Example hostapd build time configuration
#
# This file lists the configuration options that are used when building the
# hostapd binary. All lines starting with # are ignored. Configuration option
# lines must be commented out complete, if they are not to be included, i.e.,
# just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cass, these lines should use += in order not
# to override previous values of the variables.
# Driver interface for Host AP driver
#CONFIG_DRIVER_HOSTAP=y
# Driver interface for wired authenticator
CONFIG_DRIVER_WIRED=y
# Driver interface for drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for no driver (e.g., RADIUS server only)
#CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
#CONFIG_IAPP=y
# WPA2/IEEE 802.11i RSN pre-authentication
CONFIG_RSN_PREAUTH=y
# IEEE 802.11w (management frame protection)
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Integrated EAP server
#CONFIG_EAP=y
# EAP Re-authentication Protocol (ERP) in integrated EAP server
#CONFIG_ERP=y
# EAP-MD5 for the integrated EAP server
#CONFIG_EAP_MD5=y
# EAP-TLS for the integrated EAP server
#CONFIG_EAP_TLS=y
# EAP-MSCHAPv2 for the integrated EAP server
#CONFIG_EAP_MSCHAPV2=y
# EAP-PEAP for the integrated EAP server
#CONFIG_EAP_PEAP=y
# EAP-GTC for the integrated EAP server
#CONFIG_EAP_GTC=y
# EAP-TTLS for the integrated EAP server
#CONFIG_EAP_TTLS=y
# EAP-SIM for the integrated EAP server
#CONFIG_EAP_SIM=y
# EAP-AKA for the integrated EAP server
#CONFIG_EAP_AKA=y
# EAP-AKA' for the integrated EAP server
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# EAP-PAX for the integrated EAP server
#CONFIG_EAP_PAX=y
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd for the integrated EAP server (secure authentication with a password)
#CONFIG_EAP_PWD=y
# EAP-SAKE for the integrated EAP server
#CONFIG_EAP_SAKE=y
# EAP-GPSK for the integrated EAP server
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
#CONFIG_EAP_FAST=y
# EAP-TEAP for the integrated EAP server
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# Wi-Fi Protected Setup (WPS)
#CONFIG_WPS=y
# Enable UPnP support for external WPS Registrars
#CONFIG_WPS_UPNP=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# Trusted Network Connect (EAP-TNC)
#CONFIG_EAP_TNC=y
# EAP-EKE for the integrated EAP server
#CONFIG_EAP_EKE=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
#CONFIG_PKCS12=y
# RADIUS authentication server. This provides access to the integrated EAP
# server from external hosts using RADIUS.
#CONFIG_RADIUS_SERVER=y
# Build IPv6 support for RADIUS operations
#CONFIG_IPV6=y
# IEEE Std 802.11r-2008 (Fast BSS Transition)
#CONFIG_IEEE80211R=y
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
CONFIG_IEEE80211N=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
# IEEE 802.11ac (Very High Throughput) support
CONFIG_IEEE80211AC=y
# IEEE 802.11ax HE support
# Note: This is experimental and work in progress. The definitions are still
# subject to change and this should not be expected to interoperate with the
# final IEEE 802.11ax version.
#CONFIG_IEEE80211AX=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
# code is not needed.
#CONFIG_NO_STDOUT_DEBUG=y
# Add support for writing debug log to a file: -f /tmp/hostapd.log
# Disabled by default.
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Remove support for RADIUS accounting
CONFIG_NO_ACCOUNTING=y
# Remove support for RADIUS
CONFIG_NO_RADIUS=y
# Remove support for VLANs
#CONFIG_NO_VLAN=y
# Enable support for fully dynamic VLANs. This enables hostapd to
# automatically create bridge and VLAN interfaces if necessary.
#CONFIG_FULL_DYNAMIC_VLAN=y
# Use netlink-based kernel API for VLAN operations instead of ioctl()
# Note: This requires libnl 3.1 or newer.
#CONFIG_VLAN_NETLINK=y
# Remove support for dumping internal state through control interface commands
# This can be used to reduce binary size at the cost of disabling a debugging
# option.
CONFIG_NO_DUMP_STATE=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, comment out these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, comment out these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# hostapd depends on strong random number generation being available from the
# operating system. os_get_random() function is used to fetch random data when
# needed, e.g., for key generation. On Linux and BSD systems, this works by
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
# properly initialized before hostapd is started. This is important especially
# on embedded devices that do not have a hardware random number generator and
# may by default start up with minimal entropy available for random number
# generation.
#
# As a safety net, hostapd is by default trying to internally collect
# additional entropy for generating random data to mix in with the data
# fetched from the OS. This by itself is not considered to be very strong, but
# it may help in cases where the system pool is not initialized properly.
# However, it is very strongly recommended that the system pool is initialized
# with enough entropy either by using hardware assisted random number
# generator or by storing state over device reboots.
#
# hostapd can be configured to maintain its own entropy store over restarts to
# enhance random number generation. This is not perfect, but it is much more
# secure than using the same sequence of random numbers after every reboot.
# This can be enabled with -e<entropy file> command line option. The specified
# file needs to be readable and writable by hostapd.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal hostapd random pool can be disabled.
# This will save some in binary size and CPU use. However, this should only be
# considered for builds that are known to be used on devices that meet the
# requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
#CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used.
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms.
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks.
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
#CONFIG_SQLITE=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# Testing options
# This can be used to enable some testing options (see also the example
# configuration file) that are really useful only for testing clients that
# connect to this hostapd. These options allow, for example, to drop a
# certain percentage of probe requests or auth/(re)assoc frames.
#
#CONFIG_TESTING_OPTIONS=y
# Automatic Channel Selection
# This will allow hostapd to pick the channel automatically when channel is set
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# You can customize the ACS survey algorithm with the hostapd.conf variable
# acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#
#CONFIG_ACS=y
# Multiband Operation support
# These extentions facilitate efficient use of multiple frequency bands
# available to the AP and the devices that may associate with it.
#CONFIG_MBO=y
# Client Taxonomy
# Has the AP retain the Probe Request and (Re)Association Request frames from
# a client, from which a signature can be produced which can identify the model
# of client device like "Nexus 6P" or "iPhone 5s".
#CONFIG_TAXONOMY=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Include internal line edit mode in hostapd_cli. This can be used to provide
# limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Airtime policy support
#CONFIG_AIRTIME_POLICY=y
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y

972
package/network/services/hostapd/files/hostapd.sh Normal file
View File

@@ -0,0 +1,972 @@
. /lib/functions/network.sh
wpa_supplicant_add_rate() {
local var="$1"
local val="$(($2 / 1000))"
local sub="$((($2 / 100) % 10))"
append $var "$val" ","
[ $sub -gt 0 ] && append $var "."
}
hostapd_add_rate() {
local var="$1"
local val="$(($2 / 100))"
append $var "$val" " "
}
hostapd_append_wep_key() {
local var="$1"
wep_keyidx=0
set_default key 1
case "$key" in
[1234])
for idx in 1 2 3 4; do
local zidx
zidx=$(($idx - 1))
json_get_var ckey "key${idx}"
[ -n "$ckey" ] && \
append $var "wep_key${zidx}=$(prepare_key_wep "$ckey")" "$N$T"
done
wep_keyidx=$((key - 1))
;;
*)
append $var "wep_key0=$(prepare_key_wep "$key")" "$N$T"
;;
esac
}
hostapd_append_wpa_key_mgmt() {
local auth_type_l="$(echo $auth_type | tr 'a-z' 'A-Z')"
case "$auth_type" in
psk|eap)
append wpa_key_mgmt "WPA-$auth_type_l"
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type_l}"
[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
;;
eap192)
append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
;;
eap-eap192)
append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
append wpa_key_mgmt "WPA-EAP"
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
;;
sae)
append wpa_key_mgmt "SAE"
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
;;
psk-sae)
append wpa_key_mgmt "WPA-PSK"
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK"
[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256"
append wpa_key_mgmt "SAE"
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
;;
owe)
append wpa_key_mgmt "OWE"
;;
esac
}
hostapd_add_log_config() {
config_add_boolean \
log_80211 \
log_8021x \
log_radius \
log_wpa \
log_driver \
log_iapp \
log_mlme
config_add_int log_level
}
hostapd_common_add_device_config() {
config_add_array basic_rate
config_add_array supported_rates
config_add_string country
config_add_boolean country_ie doth
config_add_string require_mode
config_add_boolean legacy_rates
config_add_string acs_chan_bias
config_add_array hostapd_options
hostapd_add_log_config
}
hostapd_prepare_device_config() {
local config="$1"
local driver="$2"
local base="${config%%.conf}"
local base_cfg=
json_get_vars country country_ie beacon_int:100 doth require_mode legacy_rates acs_chan_bias
hostapd_set_log_options base_cfg
set_default country_ie 1
set_default doth 1
set_default legacy_rates 1
[ "$hwmode" = "b" ] && legacy_rates=1
[ -n "$country" ] && {
append base_cfg "country_code=$country" "$N"
[ "$country_ie" -gt 0 ] && append base_cfg "ieee80211d=1" "$N"
[ "$hwmode" = "a" -a "$doth" -gt 0 ] && append base_cfg "ieee80211h=1" "$N"
}
[ -n "$acs_chan_bias" ] && append base_cfg "acs_chan_bias=$acs_chan_bias" "$N"
local brlist= br
json_get_values basic_rate_list basic_rate
local rlist= r
json_get_values rate_list supported_rates
[ -n "$hwmode" ] && append base_cfg "hw_mode=$hwmode" "$N"
[ "$legacy_rates" -eq 0 ] && set_default require_mode g
[ "$hwmode" = "g" ] && {
[ "$legacy_rates" -eq 0 ] && set_default rate_list "6000 9000 12000 18000 24000 36000 48000 54000"
[ -n "$require_mode" ] && set_default basic_rate_list "6000 12000 24000"
}
case "$require_mode" in
n) append base_cfg "require_ht=1" "$N";;
ac) append base_cfg "require_vht=1" "$N";;
esac
for r in $rate_list; do
hostapd_add_rate rlist "$r"
done
for br in $basic_rate_list; do
hostapd_add_rate brlist "$br"
done
[ -n "$rlist" ] && append base_cfg "supported_rates=$rlist" "$N"
[ -n "$brlist" ] && append base_cfg "basic_rates=$brlist" "$N"
append base_cfg "beacon_int=$beacon_int" "$N"
json_get_values opts hostapd_options
for val in $opts; do
append base_cfg "$val" "$N"
done
cat > "$config" <<EOF
driver=$driver
$base_cfg
EOF
}
hostapd_common_add_bss_config() {
config_add_string 'bssid:macaddr' 'ssid:string'
config_add_boolean wds wmm uapsd hidden utf8_ssid
config_add_int maxassoc max_inactivity
config_add_boolean disassoc_low_ack isolate short_preamble
config_add_int \
wep_rekey eap_reauth_period \
wpa_group_rekey wpa_pair_rekey wpa_master_rekey
config_add_boolean wpa_disable_eapol_key_retries
config_add_boolean tdls_prohibit
config_add_boolean rsn_preauth auth_cache
config_add_int ieee80211w
config_add_int eapol_version
config_add_string 'auth_server:host' 'server:host'
config_add_string auth_secret
config_add_int 'auth_port:port' 'port:port'
config_add_string acct_server
config_add_string acct_secret
config_add_int acct_port
config_add_int acct_interval
config_add_string dae_client
config_add_string dae_secret
config_add_int dae_port
config_add_string nasid
config_add_string ownip
config_add_string radius_client_addr
config_add_string iapp_interface
config_add_string eap_type ca_cert client_cert identity anonymous_identity auth priv_key priv_key_pwd
config_add_string ieee80211w_mgmt_cipher
config_add_int dynamic_vlan vlan_naming
config_add_string vlan_tagged_interface vlan_bridge
config_add_string vlan_file
config_add_string 'key1:wepkey' 'key2:wepkey' 'key3:wepkey' 'key4:wepkey' 'password:wpakey'
config_add_string wpa_psk_file
config_add_int multi_ap
config_add_boolean wps_pushbutton wps_label ext_registrar wps_pbc_in_m1
config_add_int wps_ap_setup_locked wps_independent
config_add_string wps_device_type wps_device_name wps_manufacturer wps_pin
config_add_string multi_ap_backhaul_ssid multi_ap_backhaul_key
config_add_boolean ieee80211v wnm_sleep_mode bss_transition
config_add_int time_advertisement
config_add_string time_zone
config_add_boolean ieee80211k rrm_neighbor_report rrm_beacon_report
config_add_boolean ieee80211r pmk_r1_push ft_psk_generate_local ft_over_ds
config_add_int r0_key_lifetime reassociation_deadline
config_add_string mobility_domain r1_key_holder
config_add_array r0kh r1kh
config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout
config_add_string macfilter 'macfile:file'
config_add_array 'maclist:list(macaddr)'
config_add_array bssid_blacklist
config_add_array bssid_whitelist
config_add_int mcast_rate
config_add_array basic_rate
config_add_array supported_rates
config_add_boolean sae_require_mfp
config_add_string 'owe_transition_bssid:macaddr' 'owe_transition_ssid:string'
}
hostapd_set_bss_options() {
local var="$1"
local phy="$2"
local vif="$3"
wireless_vif_parse_encryption
local bss_conf
local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_key_mgmt
json_get_vars \
wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey \
wpa_disable_eapol_key_retries tdls_prohibit \
maxassoc max_inactivity disassoc_low_ack isolate auth_cache \
wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 wps_ap_setup_locked \
wps_independent wps_device_type wps_device_name wps_manufacturer wps_pin \
macfilter ssid utf8_ssid wmm uapsd hidden short_preamble rsn_preauth \
iapp_interface eapol_version dynamic_vlan ieee80211w nasid \
acct_server acct_secret acct_port acct_interval \
bss_load_update_period chan_util_avg_period sae_require_mfp \
multi_ap multi_ap_backhaul_ssid multi_ap_backhaul_key
set_default isolate 0
set_default maxassoc 0
set_default max_inactivity 0
set_default short_preamble 1
set_default disassoc_low_ack 1
set_default hidden 0
set_default wmm 1
set_default uapsd 1
set_default wpa_disable_eapol_key_retries 0
set_default tdls_prohibit 0
set_default eapol_version 0
set_default acct_port 1813
set_default bss_load_update_period 60
set_default chan_util_avg_period 600
set_default utf8_ssid 1
set_default multi_ap 0
append bss_conf "ctrl_interface=/var/run/hostapd"
if [ "$isolate" -gt 0 ]; then
append bss_conf "ap_isolate=$isolate" "$N"
fi
if [ "$maxassoc" -gt 0 ]; then
append bss_conf "max_num_sta=$maxassoc" "$N"
fi
if [ "$max_inactivity" -gt 0 ]; then
append bss_conf "ap_max_inactivity=$max_inactivity" "$N"
fi
append bss_conf "bss_load_update_period=$bss_load_update_period" "$N"
append bss_conf "chan_util_avg_period=$chan_util_avg_period" "$N"
append bss_conf "disassoc_low_ack=$disassoc_low_ack" "$N"
append bss_conf "preamble=$short_preamble" "$N"
append bss_conf "wmm_enabled=$wmm" "$N"
append bss_conf "ignore_broadcast_ssid=$hidden" "$N"
append bss_conf "uapsd_advertisement_enabled=$uapsd" "$N"
append bss_conf "utf8_ssid=$utf8_ssid" "$N"
append bss_conf "multi_ap=$multi_ap" "$N"
[ "$tdls_prohibit" -gt 0 ] && append bss_conf "tdls_prohibit=$tdls_prohibit" "$N"
[ "$wpa" -gt 0 ] && {
[ -n "$wpa_group_rekey" ] && append bss_conf "wpa_group_rekey=$wpa_group_rekey" "$N"
[ -n "$wpa_pair_rekey" ] && append bss_conf "wpa_ptk_rekey=$wpa_pair_rekey" "$N"
[ -n "$wpa_master_rekey" ] && append bss_conf "wpa_gmk_rekey=$wpa_master_rekey" "$N"
}
[ -n "$nasid" ] && append bss_conf "nas_identifier=$nasid" "$N"
[ -n "$acct_server" ] && {
append bss_conf "acct_server_addr=$acct_server" "$N"
append bss_conf "acct_server_port=$acct_port" "$N"
[ -n "$acct_secret" ] && \
append bss_conf "acct_server_shared_secret=$acct_secret" "$N"
[ -n "$acct_interval" ] && \
append bss_conf "radius_acct_interim_interval=$acct_interval" "$N"
}
case "$auth_type" in
sae|owe|eap192|eap-eap192)
set_default ieee80211w 2
set_default sae_require_mfp 1
;;
psk-sae)
set_default ieee80211w 1
set_default sae_require_mfp 1
;;
esac
[ -n "$sae_require_mfp" ] && append bss_conf "sae_require_mfp=$sae_require_mfp" "$N"
local vlan_possible=""
case "$auth_type" in
none|owe)
json_get_vars owe_transition_bssid owe_transition_ssid
[ -n "$owe_transition_ssid" ] && append bss_conf "owe_transition_ssid=\"$owe_transition_ssid\"" "$N"
[ -n "$owe_transition_bssid" ] && append bss_conf "owe_transition_bssid=$owe_transition_bssid" "$N"
wps_possible=1
# Here we make the assumption that if we're in open mode
# with WPS enabled, we got to be in unconfigured state.
wps_not_configured=1
;;
psk|sae|psk-sae)
json_get_vars key wpa_psk_file
if [ ${#key} -lt 8 ]; then
wireless_setup_vif_failed INVALID_WPA_PSK
return 1
elif [ ${#key} -eq 64 ]; then
append bss_conf "wpa_psk=$key" "$N"
else
append bss_conf "wpa_passphrase=$key" "$N"
fi
[ -n "$wpa_psk_file" ] && {
[ -e "$wpa_psk_file" ] || touch "$wpa_psk_file"
append bss_conf "wpa_psk_file=$wpa_psk_file" "$N"
}
[ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N"
wps_possible=1
;;
eap|eap192|eap-eap192)
json_get_vars \
auth_server auth_secret auth_port \
dae_client dae_secret dae_port \
ownip radius_client_addr \
eap_reauth_period
# radius can provide VLAN ID for clients
vlan_possible=1
# legacy compatibility
[ -n "$auth_server" ] || json_get_var auth_server server
[ -n "$auth_port" ] || json_get_var auth_port port
[ -n "$auth_secret" ] || json_get_var auth_secret key
set_default auth_port 1812
set_default dae_port 3799
append bss_conf "auth_server_addr=$auth_server" "$N"
append bss_conf "auth_server_port=$auth_port" "$N"
append bss_conf "auth_server_shared_secret=$auth_secret" "$N"
[ -n "$eap_reauth_period" ] && append bss_conf "eap_reauth_period=$eap_reauth_period" "$N"
[ -n "$dae_client" -a -n "$dae_secret" ] && {
append bss_conf "radius_das_port=$dae_port" "$N"
append bss_conf "radius_das_client=$dae_client $dae_secret" "$N"
}
[ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N"
[ -n "$radius_client_addr" ] && append bss_conf "radius_client_addr=$radius_client_addr" "$N"
append bss_conf "eapol_key_index_workaround=1" "$N"
append bss_conf "ieee8021x=1" "$N"
[ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N"
;;
wep)
local wep_keyidx=0
json_get_vars key
hostapd_append_wep_key bss_conf
append bss_conf "wep_default_key=$wep_keyidx" "$N"
[ -n "$wep_rekey" ] && append bss_conf "wep_rekey_period=$wep_rekey" "$N"
;;
esac
local auth_algs=$((($auth_mode_shared << 1) | $auth_mode_open))
append bss_conf "auth_algs=${auth_algs:-1}" "$N"
append bss_conf "wpa=$wpa" "$N"
[ -n "$wpa_pairwise" ] && append bss_conf "wpa_pairwise=$wpa_pairwise" "$N"
set_default wps_pushbutton 0
set_default wps_label 0
set_default wps_pbc_in_m1 0
config_methods=
[ "$wps_pushbutton" -gt 0 ] && append config_methods push_button
[ "$wps_label" -gt 0 ] && append config_methods label
# WPS not possible on Multi-AP backhaul-only SSID
[ "$multi_ap" = 1 ] && wps_possible=
[ -n "$wps_possible" -a -n "$config_methods" ] && {
set_default ext_registrar 0
set_default wps_device_type "6-0050F204-1"
set_default wps_device_name "OpenWrt AP"
set_default wps_manufacturer "www.openwrt.org"
set_default wps_independent 1
wps_state=2
[ -n "$wps_configured" ] && wps_state=1
[ "$ext_registrar" -gt 0 -a -n "$network_bridge" ] && append bss_conf "upnp_iface=$network_bridge" "$N"
append bss_conf "eap_server=1" "$N"
[ -n "$wps_pin" ] && append bss_conf "ap_pin=$wps_pin" "$N"
append bss_conf "wps_state=$wps_state" "$N"
append bss_conf "device_type=$wps_device_type" "$N"
append bss_conf "device_name=$wps_device_name" "$N"
append bss_conf "manufacturer=$wps_manufacturer" "$N"
append bss_conf "config_methods=$config_methods" "$N"
append bss_conf "wps_independent=$wps_independent" "$N"
[ -n "$wps_ap_setup_locked" ] && append bss_conf "ap_setup_locked=$wps_ap_setup_locked" "$N"
[ "$wps_pbc_in_m1" -gt 0 ] && append bss_conf "pbc_in_m1=$wps_pbc_in_m1" "$N"
[ "$multi_ap" -gt 0 ] && [ -n "$multi_ap_backhaul_ssid" ] && {
append bss_conf "multi_ap_backhaul_ssid=\"$multi_ap_backhaul_ssid\"" "$N"
if [ -z "$multi_ap_backhaul_key" ]; then
:
elif [ ${#multi_ap_backhaul_key} -lt 8 ]; then
wireless_setup_vif_failed INVALID_WPA_PSK
return 1
elif [ ${#multi_ap_backhaul_key} -eq 64 ]; then
append bss_conf "multi_ap_backhaul_wpa_psk=$multi_ap_backhaul_key" "$N"
else
append bss_conf "multi_ap_backhaul_wpa_passphrase=$multi_ap_backhaul_key" "$N"
fi
}
}
append bss_conf "ssid=$ssid" "$N"
[ -n "$network_bridge" ] && append bss_conf "bridge=$network_bridge" "$N"
[ -n "$iapp_interface" ] && {
local ifname
network_get_device ifname "$iapp_interface" || ifname="$iapp_interface"
append bss_conf "iapp_interface=$ifname" "$N"
}
json_get_vars ieee80211v
set_default ieee80211v 0
if [ "$ieee80211v" -eq "1" ]; then
json_get_vars time_advertisement time_zone wnm_sleep_mode bss_transition
set_default time_advertisement 0
set_default wnm_sleep_mode 0
set_default bss_transition 0
append bss_conf "time_advertisement=$time_advertisement" "$N"
[ -n "$time_zone" ] && append bss_conf "time_zone=$time_zone" "$N"
append bss_conf "wnm_sleep_mode=$wnm_sleep_mode" "$N"
append bss_conf "bss_transition=$bss_transition" "$N"
fi
json_get_vars ieee80211k
set_default ieee80211k 0
if [ "$ieee80211k" -eq "1" ]; then
json_get_vars rrm_neighbor_report rrm_beacon_report
set_default rrm_neighbor_report 1
set_default rrm_beacon_report 1
append bss_conf "rrm_neighbor_report=$rrm_neighbor_report" "$N"
append bss_conf "rrm_beacon_report=$rrm_beacon_report" "$N"
fi
if [ "$wpa" -ge "1" ]; then
json_get_vars ieee80211r
set_default ieee80211r 0
if [ "$ieee80211r" -gt "0" ]; then
json_get_vars mobility_domain ft_psk_generate_local ft_over_ds reassociation_deadline
set_default mobility_domain "$(echo "$ssid" | md5sum | head -c 4)"
set_default ft_psk_generate_local 1
set_default ft_over_ds 1
set_default reassociation_deadline 1000
append bss_conf "mobility_domain=$mobility_domain" "$N"
append bss_conf "ft_psk_generate_local=$ft_psk_generate_local" "$N"
append bss_conf "ft_over_ds=$ft_over_ds" "$N"
append bss_conf "reassociation_deadline=$reassociation_deadline" "$N"
[ -n "$nasid" ] || append bss_conf "nas_identifier=${macaddr//\:}" "$N"
if [ "$ft_psk_generate_local" -eq "0" ]; then
json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push
json_get_values r0kh r0kh
json_get_values r1kh r1kh
set_default r0_key_lifetime 10000
set_default pmk_r1_push 0
[ -n "$r1_key_holder" ] && append bss_conf "r1_key_holder=$r1_key_holder" "$N"
append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N"
append bss_conf "pmk_r1_push=$pmk_r1_push" "$N"
for kh in $r0kh; do
append bss_conf "r0kh=${kh//,/ }" "$N"
done
for kh in $r1kh; do
append bss_conf "r1kh=${kh//,/ }" "$N"
done
fi
fi
append bss_conf "wpa_disable_eapol_key_retries=$wpa_disable_eapol_key_retries" "$N"
hostapd_append_wpa_key_mgmt
[ -n "$wpa_key_mgmt" ] && append bss_conf "wpa_key_mgmt=$wpa_key_mgmt" "$N"
fi
if [ "$wpa" -ge "2" ]; then
if [ -n "$network_bridge" -a "$rsn_preauth" = 1 ]; then
set_default auth_cache 1
append bss_conf "rsn_preauth=1" "$N"
append bss_conf "rsn_preauth_interfaces=$network_bridge" "$N"
else
case "$auth_type" in
sae|psk-sae|owe)
set_default auth_cache 1
;;
*)
set_default auth_cache 0
;;
esac
fi
append bss_conf "okc=$auth_cache" "$N"
[ "$auth_cache" = 0 ] && append bss_conf "disable_pmksa_caching=1" "$N"
# RSN -> allow management frame protection
case "$ieee80211w" in
[012])
json_get_vars ieee80211w_mgmt_cipher ieee80211w_max_timeout ieee80211w_retry_timeout
append bss_conf "ieee80211w=$ieee80211w" "$N"
[ "$ieee80211w" -gt "0" ] && {
append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N"
[ -n "$ieee80211w_max_timeout" ] && \
append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
[ -n "$ieee80211w_retry_timeout" ] && \
append bss_conf "assoc_sa_query_retry_timeout=$ieee80211w_retry_timeout" "$N"
}
;;
esac
fi
_macfile="/var/run/hostapd-$ifname.maclist"
case "$macfilter" in
allow)
append bss_conf "macaddr_acl=1" "$N"
append bss_conf "accept_mac_file=$_macfile" "$N"
# accept_mac_file can be used to set MAC to VLAN ID mapping
vlan_possible=1
;;
deny)
append bss_conf "macaddr_acl=0" "$N"
append bss_conf "deny_mac_file=$_macfile" "$N"
;;
*)
_macfile=""
;;
esac
[ -n "$_macfile" ] && {
json_get_vars macfile
json_get_values maclist maclist
rm -f "$_macfile"
(
for mac in $maclist; do
echo "$mac"
done
[ -n "$macfile" -a -f "$macfile" ] && cat "$macfile"
) > "$_macfile"
}
[ -n "$vlan_possible" -a -n "$dynamic_vlan" ] && {
json_get_vars vlan_naming vlan_tagged_interface vlan_bridge vlan_file
set_default vlan_naming 1
append bss_conf "dynamic_vlan=$dynamic_vlan" "$N"
append bss_conf "vlan_naming=$vlan_naming" "$N"
[ -n "$vlan_bridge" ] && \
append bss_conf "vlan_bridge=$vlan_bridge" "$N"
[ -n "$vlan_tagged_interface" ] && \
append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N"
[ -n "$vlan_file" ] && {
[ -e "$vlan_file" ] || touch "$vlan_file"
append bss_conf "vlan_file=$vlan_file" "$N"
}
}
append "$var" "$bss_conf" "$N"
return 0
}
hostapd_set_log_options() {
local var="$1"
local log_level log_80211 log_8021x log_radius log_wpa log_driver log_iapp log_mlme
json_get_vars log_level log_80211 log_8021x log_radius log_wpa log_driver log_iapp log_mlme
set_default log_level 2
set_default log_80211 1
set_default log_8021x 1
set_default log_radius 1
set_default log_wpa 1
set_default log_driver 1
set_default log_iapp 1
set_default log_mlme 1
local log_mask=$(( \
($log_80211 << 0) | \
($log_8021x << 1) | \
($log_radius << 2) | \
($log_wpa << 3) | \
($log_driver << 4) | \
($log_iapp << 5) | \
($log_mlme << 6) \
))
append "$var" "logger_syslog=$log_mask" "$N"
append "$var" "logger_syslog_level=$log_level" "$N"
append "$var" "logger_stdout=$log_mask" "$N"
append "$var" "logger_stdout_level=$log_level" "$N"
return 0
}
_wpa_supplicant_common() {
local ifname="$1"
_rpath="/var/run/wpa_supplicant"
_config="${_rpath}-$ifname.conf"
}
wpa_supplicant_teardown_interface() {
_wpa_supplicant_common "$1"
rm -rf "$_rpath/$1" "$_config"
}
wpa_supplicant_prepare_interface() {
local ifname="$1"
_w_driver="$2"
_wpa_supplicant_common "$1"
json_get_vars mode wds multi_ap
[ -n "$network_bridge" ] && {
fail=
case "$mode" in
adhoc)
fail=1
;;
sta)
[ "$wds" = 1 -o "$multi_ap" = 1 ] || fail=1
;;
esac
[ -n "$fail" ] && {
wireless_setup_vif_failed BRIDGE_NOT_ALLOWED
return 1
}
}
local ap_scan=
_w_mode="$mode"
[[ "$mode" = adhoc ]] && {
ap_scan="ap_scan=2"
}
local country_str=
[ -n "$country" ] && {
country_str="country=$country"
}
multiap_flag_file="${_config}.is_multiap"
if [ "$multi_ap" = "1" ]; then
touch "$multiap_flag_file"
else
[ -e "$multiap_flag_file" ] && rm "$multiap_flag_file"
fi
wpa_supplicant_teardown_interface "$ifname"
cat > "$_config" <<EOF
$ap_scan
$country_str
EOF
return 0
}
wpa_supplicant_set_fixed_freq() {
local freq="$1"
local htmode="$2"
append network_data "fixed_freq=1" "$N$T"
append network_data "frequency=$freq" "$N$T"
case "$htmode" in
NOHT) append network_data "disable_ht=1" "$N$T";;
HT20|VHT20) append network_data "disable_ht40=1" "$N$T";;
HT40*|VHT40*|VHT80*|VHT160*) append network_data "ht40=1" "$N$T";;
esac
case "$htmode" in
VHT*) append network_data "vht=1" "$N$T";;
esac
case "$htmode" in
VHT80) append network_data "max_oper_chwidth=1" "$N$T";;
VHT160) append network_data "max_oper_chwidth=2" "$N$T";;
*) append network_data "max_oper_chwidth=0" "$N$T";;
esac
}
wpa_supplicant_add_network() {
local ifname="$1"
local freq="$2"
local htmode="$3"
local noscan="$4"
_wpa_supplicant_common "$1"
wireless_vif_parse_encryption
json_get_vars \
ssid bssid key \
basic_rate mcast_rate \
ieee80211w ieee80211r \
multi_ap
case "$auth_type" in
sae|owe|eap192|eap-eap192)
set_default ieee80211w 2
;;
psk-sae)
set_default ieee80211w 1
;;
esac
set_default ieee80211r 0
set_default multi_ap 0
local key_mgmt='NONE'
local enc_str=
local network_data=
local T=" "
local scan_ssid="scan_ssid=1"
local freq wpa_key_mgmt
[[ "$_w_mode" = "adhoc" ]] && {
append network_data "mode=1" "$N$T"
[ -n "$freq" ] && wpa_supplicant_set_fixed_freq "$freq" "$htmode"
[ "$noscan" = "1" ] && append network_data "noscan=1" "$N$T"
scan_ssid="scan_ssid=0"
[ "$_w_driver" = "nl80211" ] || append wpa_key_mgmt "WPA-NONE"
}
[[ "$_w_mode" = "mesh" ]] && {
json_get_vars mesh_id mesh_fwding mesh_rssi_threshold
[ -n "$mesh_id" ] && ssid="${mesh_id}"
append network_data "mode=5" "$N$T"
[ -n "$mesh_fwding" ] && append network_data "mesh_fwding=${mesh_fwding}" "$N$T"
[ -n "$mesh_rssi_threshold" ] && append network_data "mesh_rssi_threshold=${mesh_rssi_threshold}" "$N$T"
[ -n "$freq" ] && wpa_supplicant_set_fixed_freq "$freq" "$htmode"
[ "$noscan" = "1" ] && append network_data "noscan=1" "$N$T"
append wpa_key_mgmt "SAE"
scan_ssid=""
}
[ "$multi_ap" = 1 -a "$_w_mode" = "sta" ] && append network_data "multi_ap_backhaul_sta=1" "$N$T"
case "$auth_type" in
none) ;;
owe)
hostapd_append_wpa_key_mgmt
key_mgmt="$wpa_key_mgmt"
;;
wep)
local wep_keyidx=0
hostapd_append_wep_key network_data
append network_data "wep_tx_keyidx=$wep_keyidx" "$N$T"
;;
wps)
key_mgmt='WPS'
;;
psk|sae|psk-sae)
local passphrase
if [ "$_w_mode" != "mesh" ]; then
hostapd_append_wpa_key_mgmt
fi
key_mgmt="$wpa_key_mgmt"
if [ ${#key} -eq 64 ]; then
passphrase="psk=${key}"
else
if [ "$_w_mode" = "mesh" ]; then
passphrase="sae_password=\"${key}\""
else
passphrase="psk=\"${key}\""
fi
fi
append network_data "$passphrase" "$N$T"
;;
eap|eap192|eap-eap192)
hostapd_append_wpa_key_mgmt
key_mgmt="$wpa_key_mgmt"
json_get_vars eap_type identity anonymous_identity ca_cert
[ -n "$ca_cert" ] && append network_data "ca_cert=\"$ca_cert\"" "$N$T"
[ -n "$identity" ] && append network_data "identity=\"$identity\"" "$N$T"
[ -n "$anonymous_identity" ] && append network_data "anonymous_identity=\"$anonymous_identity\"" "$N$T"
case "$eap_type" in
tls)
json_get_vars client_cert priv_key priv_key_pwd
append network_data "client_cert=\"$client_cert\"" "$N$T"
append network_data "private_key=\"$priv_key\"" "$N$T"
append network_data "private_key_passwd=\"$priv_key_pwd\"" "$N$T"
;;
fast|peap|ttls)
json_get_vars auth password ca_cert2 client_cert2 priv_key2 priv_key2_pwd
set_default auth MSCHAPV2
if [ "$auth" = "EAP-TLS" ]; then
[ -n "$ca_cert2" ] &&
append network_data "ca_cert2=\"$ca_cert2\"" "$N$T"
append network_data "client_cert2=\"$client_cert2\"" "$N$T"
append network_data "private_key2=\"$priv_key2\"" "$N$T"
append network_data "private_key2_passwd=\"$priv_key2_pwd\"" "$N$T"
else
append network_data "password=\"$password\"" "$N$T"
fi
phase2proto="auth="
case "$auth" in
"auth"*)
phase2proto=""
;;
"EAP-"*)
auth="$(echo $auth | cut -b 5- )"
[ "$eap_type" = "ttls" ] &&
phase2proto="autheap="
;;
esac
append network_data "phase2=\"$phase2proto$auth\"" "$N$T"
;;
esac
append network_data "eap=$(echo $eap_type | tr 'a-z' 'A-Z')" "$N$T"
;;
esac
[ "$mode" = mesh ] || {
case "$wpa" in
1)
append network_data "proto=WPA" "$N$T"
;;
2)
append network_data "proto=RSN" "$N$T"
;;
esac
case "$ieee80211w" in
[012])
[ "$wpa" -ge 2 ] && append network_data "ieee80211w=$ieee80211w" "$N$T"
;;
esac
}
[ -n "$bssid" ] && append network_data "bssid=$bssid" "$N$T"
[ -n "$beacon_int" ] && append network_data "beacon_int=$beacon_int" "$N$T"
local bssid_blacklist bssid_whitelist
json_get_values bssid_blacklist bssid_blacklist
json_get_values bssid_whitelist bssid_whitelist
[ -n "$bssid_blacklist" ] && append network_data "bssid_blacklist=$bssid_blacklist" "$N$T"
[ -n "$bssid_whitelist" ] && append network_data "bssid_whitelist=$bssid_whitelist" "$N$T"
[ -n "$basic_rate" ] && {
local br rate_list=
for br in $basic_rate; do
wpa_supplicant_add_rate rate_list "$br"
done
[ -n "$rate_list" ] && append network_data "rates=$rate_list" "$N$T"
}
[ -n "$mcast_rate" ] && {
local mc_rate=
wpa_supplicant_add_rate mc_rate "$mcast_rate"
append network_data "mcast_rate=$mc_rate" "$N$T"
}
if [ "$key_mgnt" = "WPS" ]; then
echo "wps_cred_processing=1" >> "$_config"
else
cat >> "$_config" <<EOF
network={
$scan_ssid
ssid="$ssid"
key_mgmt=$key_mgmt
$network_data
}
EOF
fi
return 0
}
wpa_supplicant_run() {
local ifname="$1"; shift
_wpa_supplicant_common "$ifname"
/usr/sbin/wpa_supplicant -B -s \
${network_bridge:+-b $network_bridge} \
-P "/var/run/wpa_supplicant-${ifname}.pid" \
-D ${_w_driver:-wext} \
-i "$ifname" \
-c "$_config" \
-C "$_rpath" \
"$@"
ret="$?"
wireless_add_process "$(cat "/var/run/wpa_supplicant-${ifname}.pid")" /usr/sbin/wpa_supplicant 1
[ "$ret" != 0 ] && wireless_setup_vif_failed WPA_SUPPLICANT_FAILED
return $ret
}
hostapd_common_cleanup() {
killall hostapd wpa_supplicant meshd-nl80211
}

28
package/network/services/hostapd/files/multicall.c Normal file
View File

@@ -0,0 +1,28 @@
#include <stdio.h>
#include <string.h>
#include <stdbool.h>
extern int hostapd_main(int argc, char **argv);
extern int wpa_supplicant_main(int argc, char **argv);
int main(int argc, char **argv)
{
bool restart = false;
const char *prog = argv[0];
restart:
if (strstr(argv[0], "hostapd"))
return hostapd_main(argc, argv);
else if (strstr(argv[0], "wpa_supplicant"))
return wpa_supplicant_main(argc, argv);
if (!restart && argc > 1) {
argv++;
argc--;
restart = true;
goto restart;
}
fprintf(stderr, "Invalid command.\nUsage: %s wpa_supplicant|hostapd [<arguments>]\n", prog);
return 255;
}

620
package/network/services/hostapd/files/wpa_supplicant-basic.config Normal file
View File

@@ -0,0 +1,620 @@
# Example wpa_supplicant build time configuration
#
# This file lists the configuration options that are used when building the
# wpa_supplicant binary. All lines starting with # are ignored. Configuration
# option lines must be commented out complete, if they are not to be included,
# i.e., just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cases, these lines should use += in order not
# to override previous values of the variables.
# Uncomment following two lines and fix the paths if you have installed OpenSSL
# or GnuTLS in non-default location
#CFLAGS += -I/usr/local/openssl/include
#LIBS += -L/usr/local/openssl/lib
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
# the kerberos files are not in the default include path. Following line can be
# used to fix build issues on such systems (krb5.h not found).
#CFLAGS += -I/usr/include/kerberos
# Driver interface for generic Linux wireless extensions
# Note: WEXT is deprecated in the current Linux kernel version and no new
# functionality is added to it. nl80211-based interface is the new
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for Windows NDIS
#CONFIG_DRIVER_NDIS=y
#CFLAGS += -I/usr/include/w32api/ddk
#LIBS += -L/usr/local/lib
# For native build using mingw
#CONFIG_NATIVE_WINDOWS=y
# Additional directories for cross-compilation on Linux host for mingw target
#CFLAGS += -I/opt/mingw/mingw32/include/ddk
#LIBS += -L/opt/mingw/mingw32/lib
#CC=mingw32-gcc
# By default, driver_ndis uses WinPcap for low-level operations. This can be
# replaced with the following option which replaces WinPcap calls with NDISUIO.
# However, this requires that WZC is disabled (net stop wzcsvc) before starting
# wpa_supplicant.
# CONFIG_USE_NDISUIO=y
# Driver interface for wired Ethernet drivers
CONFIG_DRIVER_WIRED=y
# Driver interface for MACsec capable Qualcomm Atheros drivers
#CONFIG_DRIVER_MACSEC_QCA=y
# Driver interface for Linux MACsec drivers
#CONFIG_DRIVER_MACSEC_LINUX=y
# Driver interface for the Broadcom RoboSwitch family
#CONFIG_DRIVER_ROBOSWITCH=y
# Driver interface for no driver (e.g., WPS ER only)
#CONFIG_DRIVER_NONE=y
# Solaris libraries
#LIBS += -lsocket -ldlpi -lnsl
#LIBS_c += -lsocket
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
# MACsec is included)
#CONFIG_IEEE8021X_EAPOL=y
# EAP-MD5
#CONFIG_EAP_MD5=y
# EAP-MSCHAPv2
#CONFIG_EAP_MSCHAPV2=y
# EAP-TLS
#CONFIG_EAP_TLS=y
# EAL-PEAP
#CONFIG_EAP_PEAP=y
# EAP-TTLS
#CONFIG_EAP_TTLS=y
# EAP-FAST
#CONFIG_EAP_FAST=y
# EAP-TEAP
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# EAP-GTC
#CONFIG_EAP_GTC=y
# EAP-OTP
#CONFIG_EAP_OTP=y
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
#CONFIG_EAP_SIM=y
# Enable SIM simulator (Milenage) for EAP-SIM
#CONFIG_SIM_SIMULATOR=y
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd (secure authentication using only a password)
#CONFIG_EAP_PWD=y
# EAP-PAX
#CONFIG_EAP_PAX=y
# LEAP
#CONFIG_EAP_LEAP=y
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
#CONFIG_EAP_AKA=y
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# Enable USIM simulator (Milenage) for EAP-AKA
#CONFIG_USIM_SIMULATOR=y
# EAP-SAKE
#CONFIG_EAP_SAKE=y
# EAP-GPSK
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-TNC and related Trusted Network Connect support (experimental)
#CONFIG_EAP_TNC=y
# Wi-Fi Protected Setup (WPS)
#CONFIG_WPS=y
# Enable WPS external registrar functionality
#CONFIG_WPS_ER=y
# Disable credentials for an open network by default when acting as a WPS
# registrar.
#CONFIG_WPS_REG_DISABLE_OPEN=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# EAP-EKE
#CONFIG_EAP_EKE=y
# MACsec
#CONFIG_MACSEC=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
#CONFIG_PKCS12=y
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
# engine.
#CONFIG_SMARTCARD=y
# PC/SC interface for smartcards (USIM, GSM SIM)
# Enable this if EAP-SIM or EAP-AKA is included
#CONFIG_PCSC=y
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
CONFIG_HT_OVERRIDES=y
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
CONFIG_VHT_OVERRIDES=y
# Development testing
#CONFIG_EAPOL_TEST=y
# Select control interface backend for external programs, e.g, wpa_cli:
# unix = UNIX domain sockets (default for Linux/*BSD)
# udp = UDP sockets using localhost (127.0.0.1)
# udp6 = UDP IPv6 sockets using localhost (::1)
# named_pipe = Windows Named Pipe (default for Windows)
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
# y = use default (backwards compatibility)
# If this option is commented out, control interface is not included in the
# build.
CONFIG_CTRL_IFACE=y
# Include support for GNU Readline and History Libraries in wpa_cli.
# When building a wpa_cli binary for distribution, please note that these
# libraries are licensed under GPL and as such, BSD license may not apply for
# the resulting binary.
#CONFIG_READLINE=y
# Include internal line edit mode in wpa_cli. This can be used as a replacement
# for GNU Readline to provide limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Remove debugging code that is printing out debug message to stdout.
# This can be used to reduce the size of the wpa_supplicant considerably
# if debugging code is not needed. The size reduction can be around 35%
# (e.g., 90 kB).
#CONFIG_NO_STDOUT_DEBUG=y
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
# 35-50 kB in code size.
#CONFIG_NO_WPA=y
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
# This option can be used to reduce code size by removing support for
# converting ASCII passphrases into PSK. If this functionality is removed, the
# PSK can only be configured as the 64-octet hexstring (e.g., from
# wpa_passphrase). This saves about 0.5 kB in code size.
#CONFIG_NO_WPA_PASSPHRASE=y
# Simultaneous Authentication of Equals (SAE), WPA3-Personal
#CONFIG_SAE=y
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
# This can be used if ap_scan=1 mode is never enabled.
#CONFIG_NO_SCAN_PROCESSING=y
# Select configuration backend:
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
# path is given on command line, not here; this option is just used to
# select the backend that allows configuration files to be used)
# winreg = Windows registry (see win_example.reg for an example)
CONFIG_BACKEND=file
# Remove configuration write functionality (i.e., to allow the configuration
# file to be updated based on runtime configuration changes). The runtime
# configuration can still be changed, the changes are just not going to be
# persistent over restarts. This option can be used to reduce code size by
# about 3.5 kB.
#CONFIG_NO_CONFIG_WRITE=y
# Remove support for configuration blobs to reduce code size by about 1.5 kB.
#CONFIG_NO_CONFIG_BLOBS=y
# Select program entry point implementation:
# main = UNIX/POSIX like main() function (default)
# main_winsvc = Windows service (read parameters from registry)
# main_none = Very basic example (development use only)
#CONFIG_MAIN=main
# Select wrapper for operating system and C library specific functions
# unix = UNIX/POSIX like systems (default)
# win32 = Windows systems
# none = Empty template
#CONFIG_OS=unix
# Select event loop implementation
# eloop = select() loop (default)
# eloop_win = Windows events and WaitForMultipleObject() loop
#CONFIG_ELOOP=eloop
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
#CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select layer 2 packet implementation
# linux = Linux packet socket (default)
# pcap = libpcap/libdnet/WinPcap
# freebsd = FreeBSD libpcap
# winpcap = WinPcap with receive thread
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
# none = Empty template
#CONFIG_L2_PACKET=linux
# Disable Linux packet socket workaround applicable for station interface
# in a bridge for EAPOL frames. This should be uncommented only if the kernel
# is known to not have the regression issue in packet socket behavior with
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used. It should be noted that some existing TLS v1.0 -based
# implementation may not be compatible with TLS v1.1 message (ClientHello is
# sent prior to negotiating which version will be used)
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms. It should be
# noted that some existing TLS v1.0 -based implementation may not be compatible
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
# will be used)
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
# This is only for Windows builds and requires WMI-related header files and
# WbemUuid.Lib from Platform SDK even when building with MinGW.
#CONFIG_NDIS_EVENTS_INTEGRATED=y
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
# Add support for new DBus control interface
# (fi.w1.hostap.wpa_supplicant1)
#CONFIG_CTRL_IFACE_DBUS_NEW=y
# Add introspection support for new DBus control interface
#CONFIG_CTRL_IFACE_DBUS_INTRO=y
# Add support for loading EAP methods dynamically as shared libraries.
# When this option is enabled, each EAP method can be either included
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
# be loaded in the beginning of the wpa_supplicant configuration file
# (see load_dynamic_eap parameter in the example file) before being used in
# the network blocks.
#
# Note that some shared parts of EAP methods are included in the main program
# and in order to be able to use dynamic EAP methods using these parts, the
# main program must have been build with the EAP method enabled (=y or =dyn).
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
# unless at least one of them was included in the main build to force inclusion
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
# in the main build to be able to load these methods dynamically.
#
# Please also note that using dynamic libraries will increase the total binary
# size. Thus, it may not be the best option for targets that have limited
# amount of memory/flash.
#CONFIG_DYNAMIC_EAP_METHODS=y
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
CONFIG_IEEE80211R=y
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Set syslog facility for debug messages
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Add support for writing debug log to Android logcat instead of standard
# output
#CONFIG_ANDROID_LOG=y
# Enable privilege separation (see README 'Privilege separation' for details)
#CONFIG_PRIVSEP=y
# Enable mitigation against certain attacks against TKIP by delaying Michael
# MIC error reports by a random amount of time between 0 and 60 seconds
#CONFIG_DELAYED_MIC_ERROR_REPORT=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, uncomment these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, uncomment these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# wpa_supplicant depends on strong random number generation being available
# from the operating system. os_get_random() function is used to fetch random
# data when needed, e.g., for key generation. On Linux and BSD systems, this
# works by reading /dev/urandom. It should be noted that the OS entropy pool
# needs to be properly initialized before wpa_supplicant is started. This is
# important especially on embedded devices that do not have a hardware random
# number generator and may by default start up with minimal entropy available
# for random number generation.
#
# As a safety net, wpa_supplicant is by default trying to internally collect
# additional entropy for generating random data to mix in with the data fetched
# from the OS. This by itself is not considered to be very strong, but it may
# help in cases where the system pool is not initialized properly. However, it
# is very strongly recommended that the system pool is initialized with enough
# entropy either by using hardware assisted random number generator or by
# storing state over device reboots.
#
# wpa_supplicant can be configured to maintain its own entropy store over
# restarts to enhance random number generation. This is not perfect, but it is
# much more secure than using the same sequence of random numbers after every
# reboot. This can be enabled with -e<entropy file> command line option. The
# specified file needs to be readable and writable by wpa_supplicant.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal wpa_supplicant random pool can be
# disabled. This will save some in binary size and CPU use. However, this
# should only be considered for builds that are known to be used on devices
# that meet the requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
#CONFIG_IEEE80211N=y
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
# (depends on CONFIG_IEEE80211N)
#CONFIG_IEEE80211AC=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks (GAS/ANQP to learn more about the networks and network
# selection based on available credentials).
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable interface matching in wpa_supplicant
#CONFIG_MATCH_IFACE=y
# Disable roaming in wpa_supplicant
#CONFIG_NO_ROAMING=y
# AP mode operations with wpa_supplicant
# This can be used for controlling AP mode operations with wpa_supplicant. It
# should be noted that this is mainly aimed at simple cases like
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
# external RADIUS server can be supported with hostapd.
#CONFIG_AP=y
# P2P (Wi-Fi Direct)
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
# more information on P2P operations.
#CONFIG_P2P=y
# Enable TDLS support
#CONFIG_TDLS=y
# Wi-Fi Display
# This can be used to enable Wi-Fi Display extensions for P2P using an external
# program to control the additional information exchanges in the messages.
#CONFIG_WIFI_DISPLAY=y
# Autoscan
# This can be used to enable automatic scan support in wpa_supplicant.
# See wpa_supplicant.conf for more information on autoscan usage.
#
# Enabling directly a module will enable autoscan support.
# For exponential module:
#CONFIG_AUTOSCAN_EXPONENTIAL=y
# For periodic module:
#CONFIG_AUTOSCAN_PERIODIC=y
# Password (and passphrase, etc.) backend for external storage
# These optional mechanisms can be used to add support for storing passwords
# and other secrets in external (to wpa_supplicant) location. This allows, for
# example, operating system specific key storage to be used
#
# External password backend for testing purposes (developer use)
#CONFIG_EXT_PASSWORD_TEST=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# OS X builds. This is only for building eapol_test.
#CONFIG_OSX=y
# Automatic Channel Selection
# This will allow wpa_supplicant to pick the channel automatically when channel
# is set to "0".
#
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
# to "channel=0". This would enable us to eventually add other ACS algorithms in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
# a newly to create wpa_supplicant.conf variable acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#CONFIG_ACS=y
# Support Multi Band Operation
#CONFIG_MBO=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Support RSN on IBSS networks
# This is needed to be able to use mode=1 network profile with proto=RSN and
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
#CONFIG_IBSS_RSN=y
# External PMKSA cache control
# This can be used to enable control interface commands that allow the current
# PMKSA cache entries to be fetched and new entries to be added.
#CONFIG_PMKSA_CACHE_EXTERNAL=y
# Mesh Networking (IEEE 802.11s)
#CONFIG_MESH=y
# Background scanning modules
# These can be used to request wpa_supplicant to perform background scanning
# operations for roaming within an ESS (same SSID). See the bgscan parameter in
# the wpa_supplicant.conf file for more details.
# Periodic background scans based on signal strength
#CONFIG_BGSCAN_SIMPLE=y
# Learn channels used by the network and try to avoid bgscans on other
# channels (experimental)
#CONFIG_BGSCAN_LEARN=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Device Provisioning Protocol (DPP)
# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
# wpa_supplicant/README-DPP for details)
#CONFIG_DPP=y
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y

620
package/network/services/hostapd/files/wpa_supplicant-full.config Normal file
View File

@@ -0,0 +1,620 @@
# Example wpa_supplicant build time configuration
#
# This file lists the configuration options that are used when building the
# wpa_supplicant binary. All lines starting with # are ignored. Configuration
# option lines must be commented out complete, if they are not to be included,
# i.e., just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cases, these lines should use += in order not
# to override previous values of the variables.
# Uncomment following two lines and fix the paths if you have installed OpenSSL
# or GnuTLS in non-default location
#CFLAGS += -I/usr/local/openssl/include
#LIBS += -L/usr/local/openssl/lib
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
# the kerberos files are not in the default include path. Following line can be
# used to fix build issues on such systems (krb5.h not found).
#CFLAGS += -I/usr/include/kerberos
# Driver interface for generic Linux wireless extensions
# Note: WEXT is deprecated in the current Linux kernel version and no new
# functionality is added to it. nl80211-based interface is the new
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for Windows NDIS
#CONFIG_DRIVER_NDIS=y
#CFLAGS += -I/usr/include/w32api/ddk
#LIBS += -L/usr/local/lib
# For native build using mingw
#CONFIG_NATIVE_WINDOWS=y
# Additional directories for cross-compilation on Linux host for mingw target
#CFLAGS += -I/opt/mingw/mingw32/include/ddk
#LIBS += -L/opt/mingw/mingw32/lib
#CC=mingw32-gcc
# By default, driver_ndis uses WinPcap for low-level operations. This can be
# replaced with the following option which replaces WinPcap calls with NDISUIO.
# However, this requires that WZC is disabled (net stop wzcsvc) before starting
# wpa_supplicant.
# CONFIG_USE_NDISUIO=y
# Driver interface for wired Ethernet drivers
CONFIG_DRIVER_WIRED=y
# Driver interface for MACsec capable Qualcomm Atheros drivers
#CONFIG_DRIVER_MACSEC_QCA=y
# Driver interface for Linux MACsec drivers
#CONFIG_DRIVER_MACSEC_LINUX=y
# Driver interface for the Broadcom RoboSwitch family
#CONFIG_DRIVER_ROBOSWITCH=y
# Driver interface for no driver (e.g., WPS ER only)
#CONFIG_DRIVER_NONE=y
# Solaris libraries
#LIBS += -lsocket -ldlpi -lnsl
#LIBS_c += -lsocket
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
# MACsec is included)
CONFIG_IEEE8021X_EAPOL=y
# EAP-MD5
CONFIG_EAP_MD5=y
# EAP-MSCHAPv2
CONFIG_EAP_MSCHAPV2=y
# EAP-TLS
CONFIG_EAP_TLS=y
# EAL-PEAP
CONFIG_EAP_PEAP=y
# EAP-TTLS
CONFIG_EAP_TTLS=y
# EAP-FAST
CONFIG_EAP_FAST=y
# EAP-TEAP
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# EAP-GTC
CONFIG_EAP_GTC=y
# EAP-OTP
CONFIG_EAP_OTP=y
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
#CONFIG_EAP_SIM=y
# Enable SIM simulator (Milenage) for EAP-SIM
#CONFIG_SIM_SIMULATOR=y
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd (secure authentication using only a password)
#CONFIG_EAP_PWD=y
# EAP-PAX
#CONFIG_EAP_PAX=y
# LEAP
CONFIG_EAP_LEAP=y
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
#CONFIG_EAP_AKA=y
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# Enable USIM simulator (Milenage) for EAP-AKA
#CONFIG_USIM_SIMULATOR=y
# EAP-SAKE
#CONFIG_EAP_SAKE=y
# EAP-GPSK
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-TNC and related Trusted Network Connect support (experimental)
#CONFIG_EAP_TNC=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
# Enable WPS external registrar functionality
#CONFIG_WPS_ER=y
# Disable credentials for an open network by default when acting as a WPS
# registrar.
#CONFIG_WPS_REG_DISABLE_OPEN=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# EAP-EKE
#CONFIG_EAP_EKE=y
# MACsec
#CONFIG_MACSEC=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
# engine.
CONFIG_SMARTCARD=y
# PC/SC interface for smartcards (USIM, GSM SIM)
# Enable this if EAP-SIM or EAP-AKA is included
#CONFIG_PCSC=y
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
CONFIG_HT_OVERRIDES=y
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
CONFIG_VHT_OVERRIDES=y
# Development testing
#CONFIG_EAPOL_TEST=y
# Select control interface backend for external programs, e.g, wpa_cli:
# unix = UNIX domain sockets (default for Linux/*BSD)
# udp = UDP sockets using localhost (127.0.0.1)
# udp6 = UDP IPv6 sockets using localhost (::1)
# named_pipe = Windows Named Pipe (default for Windows)
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
# y = use default (backwards compatibility)
# If this option is commented out, control interface is not included in the
# build.
CONFIG_CTRL_IFACE=y
# Include support for GNU Readline and History Libraries in wpa_cli.
# When building a wpa_cli binary for distribution, please note that these
# libraries are licensed under GPL and as such, BSD license may not apply for
# the resulting binary.
#CONFIG_READLINE=y
# Include internal line edit mode in wpa_cli. This can be used as a replacement
# for GNU Readline to provide limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Remove debugging code that is printing out debug message to stdout.
# This can be used to reduce the size of the wpa_supplicant considerably
# if debugging code is not needed. The size reduction can be around 35%
# (e.g., 90 kB).
#CONFIG_NO_STDOUT_DEBUG=y
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
# 35-50 kB in code size.
#CONFIG_NO_WPA=y
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
# This option can be used to reduce code size by removing support for
# converting ASCII passphrases into PSK. If this functionality is removed, the
# PSK can only be configured as the 64-octet hexstring (e.g., from
# wpa_passphrase). This saves about 0.5 kB in code size.
#CONFIG_NO_WPA_PASSPHRASE=y
# Simultaneous Authentication of Equals (SAE), WPA3-Personal
#CONFIG_SAE=y
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
# This can be used if ap_scan=1 mode is never enabled.
#CONFIG_NO_SCAN_PROCESSING=y
# Select configuration backend:
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
# path is given on command line, not here; this option is just used to
# select the backend that allows configuration files to be used)
# winreg = Windows registry (see win_example.reg for an example)
CONFIG_BACKEND=file
# Remove configuration write functionality (i.e., to allow the configuration
# file to be updated based on runtime configuration changes). The runtime
# configuration can still be changed, the changes are just not going to be
# persistent over restarts. This option can be used to reduce code size by
# about 3.5 kB.
#CONFIG_NO_CONFIG_WRITE=y
# Remove support for configuration blobs to reduce code size by about 1.5 kB.
#CONFIG_NO_CONFIG_BLOBS=y
# Select program entry point implementation:
# main = UNIX/POSIX like main() function (default)
# main_winsvc = Windows service (read parameters from registry)
# main_none = Very basic example (development use only)
#CONFIG_MAIN=main
# Select wrapper for operating system and C library specific functions
# unix = UNIX/POSIX like systems (default)
# win32 = Windows systems
# none = Empty template
#CONFIG_OS=unix
# Select event loop implementation
# eloop = select() loop (default)
# eloop_win = Windows events and WaitForMultipleObject() loop
#CONFIG_ELOOP=eloop
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
#CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select layer 2 packet implementation
# linux = Linux packet socket (default)
# pcap = libpcap/libdnet/WinPcap
# freebsd = FreeBSD libpcap
# winpcap = WinPcap with receive thread
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
# none = Empty template
#CONFIG_L2_PACKET=linux
# Disable Linux packet socket workaround applicable for station interface
# in a bridge for EAPOL frames. This should be uncommented only if the kernel
# is known to not have the regression issue in packet socket behavior with
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used. It should be noted that some existing TLS v1.0 -based
# implementation may not be compatible with TLS v1.1 message (ClientHello is
# sent prior to negotiating which version will be used)
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms. It should be
# noted that some existing TLS v1.0 -based implementation may not be compatible
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
# will be used)
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
# This is only for Windows builds and requires WMI-related header files and
# WbemUuid.Lib from Platform SDK even when building with MinGW.
#CONFIG_NDIS_EVENTS_INTEGRATED=y
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
# Add support for new DBus control interface
# (fi.w1.hostap.wpa_supplicant1)
#CONFIG_CTRL_IFACE_DBUS_NEW=y
# Add introspection support for new DBus control interface
#CONFIG_CTRL_IFACE_DBUS_INTRO=y
# Add support for loading EAP methods dynamically as shared libraries.
# When this option is enabled, each EAP method can be either included
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
# be loaded in the beginning of the wpa_supplicant configuration file
# (see load_dynamic_eap parameter in the example file) before being used in
# the network blocks.
#
# Note that some shared parts of EAP methods are included in the main program
# and in order to be able to use dynamic EAP methods using these parts, the
# main program must have been build with the EAP method enabled (=y or =dyn).
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
# unless at least one of them was included in the main build to force inclusion
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
# in the main build to be able to load these methods dynamically.
#
# Please also note that using dynamic libraries will increase the total binary
# size. Thus, it may not be the best option for targets that have limited
# amount of memory/flash.
#CONFIG_DYNAMIC_EAP_METHODS=y
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
CONFIG_IEEE80211R=y
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Set syslog facility for debug messages
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Add support for writing debug log to Android logcat instead of standard
# output
#CONFIG_ANDROID_LOG=y
# Enable privilege separation (see README 'Privilege separation' for details)
#CONFIG_PRIVSEP=y
# Enable mitigation against certain attacks against TKIP by delaying Michael
# MIC error reports by a random amount of time between 0 and 60 seconds
#CONFIG_DELAYED_MIC_ERROR_REPORT=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, uncomment these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, uncomment these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# wpa_supplicant depends on strong random number generation being available
# from the operating system. os_get_random() function is used to fetch random
# data when needed, e.g., for key generation. On Linux and BSD systems, this
# works by reading /dev/urandom. It should be noted that the OS entropy pool
# needs to be properly initialized before wpa_supplicant is started. This is
# important especially on embedded devices that do not have a hardware random
# number generator and may by default start up with minimal entropy available
# for random number generation.
#
# As a safety net, wpa_supplicant is by default trying to internally collect
# additional entropy for generating random data to mix in with the data fetched
# from the OS. This by itself is not considered to be very strong, but it may
# help in cases where the system pool is not initialized properly. However, it
# is very strongly recommended that the system pool is initialized with enough
# entropy either by using hardware assisted random number generator or by
# storing state over device reboots.
#
# wpa_supplicant can be configured to maintain its own entropy store over
# restarts to enhance random number generation. This is not perfect, but it is
# much more secure than using the same sequence of random numbers after every
# reboot. This can be enabled with -e<entropy file> command line option. The
# specified file needs to be readable and writable by wpa_supplicant.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal wpa_supplicant random pool can be
# disabled. This will save some in binary size and CPU use. However, this
# should only be considered for builds that are known to be used on devices
# that meet the requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
#CONFIG_IEEE80211N=y
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
# (depends on CONFIG_IEEE80211N)
#CONFIG_IEEE80211AC=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
CONFIG_WNM=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks (GAS/ANQP to learn more about the networks and network
# selection based on available credentials).
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable interface matching in wpa_supplicant
#CONFIG_MATCH_IFACE=y
# Disable roaming in wpa_supplicant
#CONFIG_NO_ROAMING=y
# AP mode operations with wpa_supplicant
# This can be used for controlling AP mode operations with wpa_supplicant. It
# should be noted that this is mainly aimed at simple cases like
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
# external RADIUS server can be supported with hostapd.
#CONFIG_AP=y
# P2P (Wi-Fi Direct)
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
# more information on P2P operations.
#CONFIG_P2P=y
# Enable TDLS support
#CONFIG_TDLS=y
# Wi-Fi Display
# This can be used to enable Wi-Fi Display extensions for P2P using an external
# program to control the additional information exchanges in the messages.
#CONFIG_WIFI_DISPLAY=y
# Autoscan
# This can be used to enable automatic scan support in wpa_supplicant.
# See wpa_supplicant.conf for more information on autoscan usage.
#
# Enabling directly a module will enable autoscan support.
# For exponential module:
#CONFIG_AUTOSCAN_EXPONENTIAL=y
# For periodic module:
#CONFIG_AUTOSCAN_PERIODIC=y
# Password (and passphrase, etc.) backend for external storage
# These optional mechanisms can be used to add support for storing passwords
# and other secrets in external (to wpa_supplicant) location. This allows, for
# example, operating system specific key storage to be used
#
# External password backend for testing purposes (developer use)
#CONFIG_EXT_PASSWORD_TEST=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# OS X builds. This is only for building eapol_test.
#CONFIG_OSX=y
# Automatic Channel Selection
# This will allow wpa_supplicant to pick the channel automatically when channel
# is set to "0".
#
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
# to "channel=0". This would enable us to eventually add other ACS algorithms in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
# a newly to create wpa_supplicant.conf variable acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#CONFIG_ACS=y
# Support Multi Band Operation
#CONFIG_MBO=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Support RSN on IBSS networks
# This is needed to be able to use mode=1 network profile with proto=RSN and
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
CONFIG_IBSS_RSN=y
# External PMKSA cache control
# This can be used to enable control interface commands that allow the current
# PMKSA cache entries to be fetched and new entries to be added.
#CONFIG_PMKSA_CACHE_EXTERNAL=y
# Mesh Networking (IEEE 802.11s)
#CONFIG_MESH=y
# Background scanning modules
# These can be used to request wpa_supplicant to perform background scanning
# operations for roaming within an ESS (same SSID). See the bgscan parameter in
# the wpa_supplicant.conf file for more details.
# Periodic background scans based on signal strength
#CONFIG_BGSCAN_SIMPLE=y
# Learn channels used by the network and try to avoid bgscans on other
# channels (experimental)
#CONFIG_BGSCAN_LEARN=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Device Provisioning Protocol (DPP)
# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
# wpa_supplicant/README-DPP for details)
#CONFIG_DPP=y
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y

620
package/network/services/hostapd/files/wpa_supplicant-mini.config Normal file
View File

@@ -0,0 +1,620 @@
# Example wpa_supplicant build time configuration
#
# This file lists the configuration options that are used when building the
# wpa_supplicant binary. All lines starting with # are ignored. Configuration
# option lines must be commented out complete, if they are not to be included,
# i.e., just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cases, these lines should use += in order not
# to override previous values of the variables.
# Uncomment following two lines and fix the paths if you have installed OpenSSL
# or GnuTLS in non-default location
#CFLAGS += -I/usr/local/openssl/include
#LIBS += -L/usr/local/openssl/lib
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
# the kerberos files are not in the default include path. Following line can be
# used to fix build issues on such systems (krb5.h not found).
#CFLAGS += -I/usr/include/kerberos
# Driver interface for generic Linux wireless extensions
# Note: WEXT is deprecated in the current Linux kernel version and no new
# functionality is added to it. nl80211-based interface is the new
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for Windows NDIS
#CONFIG_DRIVER_NDIS=y
#CFLAGS += -I/usr/include/w32api/ddk
#LIBS += -L/usr/local/lib
# For native build using mingw
#CONFIG_NATIVE_WINDOWS=y
# Additional directories for cross-compilation on Linux host for mingw target
#CFLAGS += -I/opt/mingw/mingw32/include/ddk
#LIBS += -L/opt/mingw/mingw32/lib
#CC=mingw32-gcc
# By default, driver_ndis uses WinPcap for low-level operations. This can be
# replaced with the following option which replaces WinPcap calls with NDISUIO.
# However, this requires that WZC is disabled (net stop wzcsvc) before starting
# wpa_supplicant.
# CONFIG_USE_NDISUIO=y
# Driver interface for wired Ethernet drivers
CONFIG_DRIVER_WIRED=y
# Driver interface for MACsec capable Qualcomm Atheros drivers
#CONFIG_DRIVER_MACSEC_QCA=y
# Driver interface for Linux MACsec drivers
#CONFIG_DRIVER_MACSEC_LINUX=y
# Driver interface for the Broadcom RoboSwitch family
#CONFIG_DRIVER_ROBOSWITCH=y
# Driver interface for no driver (e.g., WPS ER only)
#CONFIG_DRIVER_NONE=y
# Solaris libraries
#LIBS += -lsocket -ldlpi -lnsl
#LIBS_c += -lsocket
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
# MACsec is included)
#CONFIG_IEEE8021X_EAPOL=y
# EAP-MD5
#CONFIG_EAP_MD5=y
# EAP-MSCHAPv2
#CONFIG_EAP_MSCHAPV2=y
# EAP-TLS
#CONFIG_EAP_TLS=y
# EAL-PEAP
#CONFIG_EAP_PEAP=y
# EAP-TTLS
#CONFIG_EAP_TTLS=y
# EAP-FAST
#CONFIG_EAP_FAST=y
# EAP-TEAP
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# EAP-GTC
#CONFIG_EAP_GTC=y
# EAP-OTP
#CONFIG_EAP_OTP=y
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
#CONFIG_EAP_SIM=y
# Enable SIM simulator (Milenage) for EAP-SIM
#CONFIG_SIM_SIMULATOR=y
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd (secure authentication using only a password)
#CONFIG_EAP_PWD=y
# EAP-PAX
#CONFIG_EAP_PAX=y
# LEAP
#CONFIG_EAP_LEAP=y
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
#CONFIG_EAP_AKA=y
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# Enable USIM simulator (Milenage) for EAP-AKA
#CONFIG_USIM_SIMULATOR=y
# EAP-SAKE
#CONFIG_EAP_SAKE=y
# EAP-GPSK
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-TNC and related Trusted Network Connect support (experimental)
#CONFIG_EAP_TNC=y
# Wi-Fi Protected Setup (WPS)
#CONFIG_WPS=y
# Enable WPS external registrar functionality
#CONFIG_WPS_ER=y
# Disable credentials for an open network by default when acting as a WPS
# registrar.
#CONFIG_WPS_REG_DISABLE_OPEN=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# EAP-EKE
#CONFIG_EAP_EKE=y
# MACsec
#CONFIG_MACSEC=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
#CONFIG_PKCS12=y
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
# engine.
#CONFIG_SMARTCARD=y
# PC/SC interface for smartcards (USIM, GSM SIM)
# Enable this if EAP-SIM or EAP-AKA is included
#CONFIG_PCSC=y
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
CONFIG_HT_OVERRIDES=y
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
CONFIG_VHT_OVERRIDES=y
# Development testing
#CONFIG_EAPOL_TEST=y
# Select control interface backend for external programs, e.g, wpa_cli:
# unix = UNIX domain sockets (default for Linux/*BSD)
# udp = UDP sockets using localhost (127.0.0.1)
# udp6 = UDP IPv6 sockets using localhost (::1)
# named_pipe = Windows Named Pipe (default for Windows)
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
# y = use default (backwards compatibility)
# If this option is commented out, control interface is not included in the
# build.
CONFIG_CTRL_IFACE=y
# Include support for GNU Readline and History Libraries in wpa_cli.
# When building a wpa_cli binary for distribution, please note that these
# libraries are licensed under GPL and as such, BSD license may not apply for
# the resulting binary.
#CONFIG_READLINE=y
# Include internal line edit mode in wpa_cli. This can be used as a replacement
# for GNU Readline to provide limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Remove debugging code that is printing out debug message to stdout.
# This can be used to reduce the size of the wpa_supplicant considerably
# if debugging code is not needed. The size reduction can be around 35%
# (e.g., 90 kB).
#CONFIG_NO_STDOUT_DEBUG=y
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
# 35-50 kB in code size.
#CONFIG_NO_WPA=y
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
# This option can be used to reduce code size by removing support for
# converting ASCII passphrases into PSK. If this functionality is removed, the
# PSK can only be configured as the 64-octet hexstring (e.g., from
# wpa_passphrase). This saves about 0.5 kB in code size.
#CONFIG_NO_WPA_PASSPHRASE=y
# Simultaneous Authentication of Equals (SAE), WPA3-Personal
#CONFIG_SAE=y
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
# This can be used if ap_scan=1 mode is never enabled.
#CONFIG_NO_SCAN_PROCESSING=y
# Select configuration backend:
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
# path is given on command line, not here; this option is just used to
# select the backend that allows configuration files to be used)
# winreg = Windows registry (see win_example.reg for an example)
CONFIG_BACKEND=file
# Remove configuration write functionality (i.e., to allow the configuration
# file to be updated based on runtime configuration changes). The runtime
# configuration can still be changed, the changes are just not going to be
# persistent over restarts. This option can be used to reduce code size by
# about 3.5 kB.
#CONFIG_NO_CONFIG_WRITE=y
# Remove support for configuration blobs to reduce code size by about 1.5 kB.
#CONFIG_NO_CONFIG_BLOBS=y
# Select program entry point implementation:
# main = UNIX/POSIX like main() function (default)
# main_winsvc = Windows service (read parameters from registry)
# main_none = Very basic example (development use only)
#CONFIG_MAIN=main
# Select wrapper for operating system and C library specific functions
# unix = UNIX/POSIX like systems (default)
# win32 = Windows systems
# none = Empty template
#CONFIG_OS=unix
# Select event loop implementation
# eloop = select() loop (default)
# eloop_win = Windows events and WaitForMultipleObject() loop
#CONFIG_ELOOP=eloop
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
#CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select layer 2 packet implementation
# linux = Linux packet socket (default)
# pcap = libpcap/libdnet/WinPcap
# freebsd = FreeBSD libpcap
# winpcap = WinPcap with receive thread
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
# none = Empty template
#CONFIG_L2_PACKET=linux
# Disable Linux packet socket workaround applicable for station interface
# in a bridge for EAPOL frames. This should be uncommented only if the kernel
# is known to not have the regression issue in packet socket behavior with
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used. It should be noted that some existing TLS v1.0 -based
# implementation may not be compatible with TLS v1.1 message (ClientHello is
# sent prior to negotiating which version will be used)
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms. It should be
# noted that some existing TLS v1.0 -based implementation may not be compatible
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
# will be used)
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
# This is only for Windows builds and requires WMI-related header files and
# WbemUuid.Lib from Platform SDK even when building with MinGW.
#CONFIG_NDIS_EVENTS_INTEGRATED=y
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
# Add support for new DBus control interface
# (fi.w1.hostap.wpa_supplicant1)
#CONFIG_CTRL_IFACE_DBUS_NEW=y
# Add introspection support for new DBus control interface
#CONFIG_CTRL_IFACE_DBUS_INTRO=y
# Add support for loading EAP methods dynamically as shared libraries.
# When this option is enabled, each EAP method can be either included
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
# be loaded in the beginning of the wpa_supplicant configuration file
# (see load_dynamic_eap parameter in the example file) before being used in
# the network blocks.
#
# Note that some shared parts of EAP methods are included in the main program
# and in order to be able to use dynamic EAP methods using these parts, the
# main program must have been build with the EAP method enabled (=y or =dyn).
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
# unless at least one of them was included in the main build to force inclusion
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
# in the main build to be able to load these methods dynamically.
#
# Please also note that using dynamic libraries will increase the total binary
# size. Thus, it may not be the best option for targets that have limited
# amount of memory/flash.
#CONFIG_DYNAMIC_EAP_METHODS=y
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
#CONFIG_IEEE80211R=y
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Set syslog facility for debug messages
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Add support for writing debug log to Android logcat instead of standard
# output
#CONFIG_ANDROID_LOG=y
# Enable privilege separation (see README 'Privilege separation' for details)
#CONFIG_PRIVSEP=y
# Enable mitigation against certain attacks against TKIP by delaying Michael
# MIC error reports by a random amount of time between 0 and 60 seconds
#CONFIG_DELAYED_MIC_ERROR_REPORT=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, uncomment these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, uncomment these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# wpa_supplicant depends on strong random number generation being available
# from the operating system. os_get_random() function is used to fetch random
# data when needed, e.g., for key generation. On Linux and BSD systems, this
# works by reading /dev/urandom. It should be noted that the OS entropy pool
# needs to be properly initialized before wpa_supplicant is started. This is
# important especially on embedded devices that do not have a hardware random
# number generator and may by default start up with minimal entropy available
# for random number generation.
#
# As a safety net, wpa_supplicant is by default trying to internally collect
# additional entropy for generating random data to mix in with the data fetched
# from the OS. This by itself is not considered to be very strong, but it may
# help in cases where the system pool is not initialized properly. However, it
# is very strongly recommended that the system pool is initialized with enough
# entropy either by using hardware assisted random number generator or by
# storing state over device reboots.
#
# wpa_supplicant can be configured to maintain its own entropy store over
# restarts to enhance random number generation. This is not perfect, but it is
# much more secure than using the same sequence of random numbers after every
# reboot. This can be enabled with -e<entropy file> command line option. The
# specified file needs to be readable and writable by wpa_supplicant.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal wpa_supplicant random pool can be
# disabled. This will save some in binary size and CPU use. However, this
# should only be considered for builds that are known to be used on devices
# that meet the requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
#CONFIG_IEEE80211N=y
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
# (depends on CONFIG_IEEE80211N)
#CONFIG_IEEE80211AC=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks (GAS/ANQP to learn more about the networks and network
# selection based on available credentials).
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable interface matching in wpa_supplicant
#CONFIG_MATCH_IFACE=y
# Disable roaming in wpa_supplicant
#CONFIG_NO_ROAMING=y
# AP mode operations with wpa_supplicant
# This can be used for controlling AP mode operations with wpa_supplicant. It
# should be noted that this is mainly aimed at simple cases like
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
# external RADIUS server can be supported with hostapd.
#CONFIG_AP=y
# P2P (Wi-Fi Direct)
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
# more information on P2P operations.
#CONFIG_P2P=y
# Enable TDLS support
#CONFIG_TDLS=y
# Wi-Fi Display
# This can be used to enable Wi-Fi Display extensions for P2P using an external
# program to control the additional information exchanges in the messages.
#CONFIG_WIFI_DISPLAY=y
# Autoscan
# This can be used to enable automatic scan support in wpa_supplicant.
# See wpa_supplicant.conf for more information on autoscan usage.
#
# Enabling directly a module will enable autoscan support.
# For exponential module:
#CONFIG_AUTOSCAN_EXPONENTIAL=y
# For periodic module:
#CONFIG_AUTOSCAN_PERIODIC=y
# Password (and passphrase, etc.) backend for external storage
# These optional mechanisms can be used to add support for storing passwords
# and other secrets in external (to wpa_supplicant) location. This allows, for
# example, operating system specific key storage to be used
#
# External password backend for testing purposes (developer use)
#CONFIG_EXT_PASSWORD_TEST=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# OS X builds. This is only for building eapol_test.
#CONFIG_OSX=y
# Automatic Channel Selection
# This will allow wpa_supplicant to pick the channel automatically when channel
# is set to "0".
#
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
# to "channel=0". This would enable us to eventually add other ACS algorithms in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
# a newly to create wpa_supplicant.conf variable acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#CONFIG_ACS=y
# Support Multi Band Operation
#CONFIG_MBO=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Support RSN on IBSS networks
# This is needed to be able to use mode=1 network profile with proto=RSN and
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
#CONFIG_IBSS_RSN=y
# External PMKSA cache control
# This can be used to enable control interface commands that allow the current
# PMKSA cache entries to be fetched and new entries to be added.
#CONFIG_PMKSA_CACHE_EXTERNAL=y
# Mesh Networking (IEEE 802.11s)
#CONFIG_MESH=y
# Background scanning modules
# These can be used to request wpa_supplicant to perform background scanning
# operations for roaming within an ESS (same SSID). See the bgscan parameter in
# the wpa_supplicant.conf file for more details.
# Periodic background scans based on signal strength
#CONFIG_BGSCAN_SIMPLE=y
# Learn channels used by the network and try to avoid bgscans on other
# channels (experimental)
#CONFIG_BGSCAN_LEARN=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Device Provisioning Protocol (DPP)
# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
# wpa_supplicant/README-DPP for details)
#CONFIG_DPP=y
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y

620
package/network/services/hostapd/files/wpa_supplicant-p2p.config Normal file
View File

@@ -0,0 +1,620 @@
# Example wpa_supplicant build time configuration
#
# This file lists the configuration options that are used when building the
# wpa_supplicant binary. All lines starting with # are ignored. Configuration
# option lines must be commented out complete, if they are not to be included,
# i.e., just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cases, these lines should use += in order not
# to override previous values of the variables.
# Uncomment following two lines and fix the paths if you have installed OpenSSL
# or GnuTLS in non-default location
#CFLAGS += -I/usr/local/openssl/include
#LIBS += -L/usr/local/openssl/lib
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
# the kerberos files are not in the default include path. Following line can be
# used to fix build issues on such systems (krb5.h not found).
#CFLAGS += -I/usr/include/kerberos
# Driver interface for generic Linux wireless extensions
# Note: WEXT is deprecated in the current Linux kernel version and no new
# functionality is added to it. nl80211-based interface is the new
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for Windows NDIS
#CONFIG_DRIVER_NDIS=y
#CFLAGS += -I/usr/include/w32api/ddk
#LIBS += -L/usr/local/lib
# For native build using mingw
#CONFIG_NATIVE_WINDOWS=y
# Additional directories for cross-compilation on Linux host for mingw target
#CFLAGS += -I/opt/mingw/mingw32/include/ddk
#LIBS += -L/opt/mingw/mingw32/lib
#CC=mingw32-gcc
# By default, driver_ndis uses WinPcap for low-level operations. This can be
# replaced with the following option which replaces WinPcap calls with NDISUIO.
# However, this requires that WZC is disabled (net stop wzcsvc) before starting
# wpa_supplicant.
# CONFIG_USE_NDISUIO=y
# Driver interface for wired Ethernet drivers
CONFIG_DRIVER_WIRED=y
# Driver interface for MACsec capable Qualcomm Atheros drivers
#CONFIG_DRIVER_MACSEC_QCA=y
# Driver interface for Linux MACsec drivers
#CONFIG_DRIVER_MACSEC_LINUX=y
# Driver interface for the Broadcom RoboSwitch family
#CONFIG_DRIVER_ROBOSWITCH=y
# Driver interface for no driver (e.g., WPS ER only)
#CONFIG_DRIVER_NONE=y
# Solaris libraries
#LIBS += -lsocket -ldlpi -lnsl
#LIBS_c += -lsocket
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
# MACsec is included)
CONFIG_IEEE8021X_EAPOL=y
# EAP-MD5
CONFIG_EAP_MD5=y
# EAP-MSCHAPv2
CONFIG_EAP_MSCHAPV2=y
# EAP-TLS
CONFIG_EAP_TLS=y
# EAL-PEAP
CONFIG_EAP_PEAP=y
# EAP-TTLS
CONFIG_EAP_TTLS=y
# EAP-FAST
CONFIG_EAP_FAST=y
# EAP-TEAP
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# EAP-GTC
CONFIG_EAP_GTC=y
# EAP-OTP
CONFIG_EAP_OTP=y
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
#CONFIG_EAP_SIM=y
# Enable SIM simulator (Milenage) for EAP-SIM
#CONFIG_SIM_SIMULATOR=y
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd (secure authentication using only a password)
#CONFIG_EAP_PWD=y
# EAP-PAX
#CONFIG_EAP_PAX=y
# LEAP
CONFIG_EAP_LEAP=y
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
#CONFIG_EAP_AKA=y
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# Enable USIM simulator (Milenage) for EAP-AKA
#CONFIG_USIM_SIMULATOR=y
# EAP-SAKE
#CONFIG_EAP_SAKE=y
# EAP-GPSK
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-TNC and related Trusted Network Connect support (experimental)
#CONFIG_EAP_TNC=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
# Enable WPS external registrar functionality
#CONFIG_WPS_ER=y
# Disable credentials for an open network by default when acting as a WPS
# registrar.
#CONFIG_WPS_REG_DISABLE_OPEN=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# EAP-EKE
#CONFIG_EAP_EKE=y
# MACsec
#CONFIG_MACSEC=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
# engine.
CONFIG_SMARTCARD=y
# PC/SC interface for smartcards (USIM, GSM SIM)
# Enable this if EAP-SIM or EAP-AKA is included
#CONFIG_PCSC=y
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
CONFIG_HT_OVERRIDES=y
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
CONFIG_VHT_OVERRIDES=y
# Development testing
#CONFIG_EAPOL_TEST=y
# Select control interface backend for external programs, e.g, wpa_cli:
# unix = UNIX domain sockets (default for Linux/*BSD)
# udp = UDP sockets using localhost (127.0.0.1)
# udp6 = UDP IPv6 sockets using localhost (::1)
# named_pipe = Windows Named Pipe (default for Windows)
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
# y = use default (backwards compatibility)
# If this option is commented out, control interface is not included in the
# build.
CONFIG_CTRL_IFACE=y
# Include support for GNU Readline and History Libraries in wpa_cli.
# When building a wpa_cli binary for distribution, please note that these
# libraries are licensed under GPL and as such, BSD license may not apply for
# the resulting binary.
#CONFIG_READLINE=y
# Include internal line edit mode in wpa_cli. This can be used as a replacement
# for GNU Readline to provide limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Remove debugging code that is printing out debug message to stdout.
# This can be used to reduce the size of the wpa_supplicant considerably
# if debugging code is not needed. The size reduction can be around 35%
# (e.g., 90 kB).
#CONFIG_NO_STDOUT_DEBUG=y
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
# 35-50 kB in code size.
#CONFIG_NO_WPA=y
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
# This option can be used to reduce code size by removing support for
# converting ASCII passphrases into PSK. If this functionality is removed, the
# PSK can only be configured as the 64-octet hexstring (e.g., from
# wpa_passphrase). This saves about 0.5 kB in code size.
#CONFIG_NO_WPA_PASSPHRASE=y
# Simultaneous Authentication of Equals (SAE), WPA3-Personal
#CONFIG_SAE=y
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
# This can be used if ap_scan=1 mode is never enabled.
#CONFIG_NO_SCAN_PROCESSING=y
# Select configuration backend:
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
# path is given on command line, not here; this option is just used to
# select the backend that allows configuration files to be used)
# winreg = Windows registry (see win_example.reg for an example)
CONFIG_BACKEND=file
# Remove configuration write functionality (i.e., to allow the configuration
# file to be updated based on runtime configuration changes). The runtime
# configuration can still be changed, the changes are just not going to be
# persistent over restarts. This option can be used to reduce code size by
# about 3.5 kB.
#CONFIG_NO_CONFIG_WRITE=y
# Remove support for configuration blobs to reduce code size by about 1.5 kB.
#CONFIG_NO_CONFIG_BLOBS=y
# Select program entry point implementation:
# main = UNIX/POSIX like main() function (default)
# main_winsvc = Windows service (read parameters from registry)
# main_none = Very basic example (development use only)
#CONFIG_MAIN=main
# Select wrapper for operating system and C library specific functions
# unix = UNIX/POSIX like systems (default)
# win32 = Windows systems
# none = Empty template
#CONFIG_OS=unix
# Select event loop implementation
# eloop = select() loop (default)
# eloop_win = Windows events and WaitForMultipleObject() loop
#CONFIG_ELOOP=eloop
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
#CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select layer 2 packet implementation
# linux = Linux packet socket (default)
# pcap = libpcap/libdnet/WinPcap
# freebsd = FreeBSD libpcap
# winpcap = WinPcap with receive thread
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
# none = Empty template
#CONFIG_L2_PACKET=linux
# Disable Linux packet socket workaround applicable for station interface
# in a bridge for EAPOL frames. This should be uncommented only if the kernel
# is known to not have the regression issue in packet socket behavior with
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used. It should be noted that some existing TLS v1.0 -based
# implementation may not be compatible with TLS v1.1 message (ClientHello is
# sent prior to negotiating which version will be used)
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms. It should be
# noted that some existing TLS v1.0 -based implementation may not be compatible
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
# will be used)
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
# This is only for Windows builds and requires WMI-related header files and
# WbemUuid.Lib from Platform SDK even when building with MinGW.
#CONFIG_NDIS_EVENTS_INTEGRATED=y
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
# Add support for new DBus control interface
# (fi.w1.hostap.wpa_supplicant1)
#CONFIG_CTRL_IFACE_DBUS_NEW=y
# Add introspection support for new DBus control interface
#CONFIG_CTRL_IFACE_DBUS_INTRO=y
# Add support for loading EAP methods dynamically as shared libraries.
# When this option is enabled, each EAP method can be either included
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
# be loaded in the beginning of the wpa_supplicant configuration file
# (see load_dynamic_eap parameter in the example file) before being used in
# the network blocks.
#
# Note that some shared parts of EAP methods are included in the main program
# and in order to be able to use dynamic EAP methods using these parts, the
# main program must have been build with the EAP method enabled (=y or =dyn).
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
# unless at least one of them was included in the main build to force inclusion
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
# in the main build to be able to load these methods dynamically.
#
# Please also note that using dynamic libraries will increase the total binary
# size. Thus, it may not be the best option for targets that have limited
# amount of memory/flash.
#CONFIG_DYNAMIC_EAP_METHODS=y
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
#CONFIG_IEEE80211R=y
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Set syslog facility for debug messages
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Add support for writing debug log to Android logcat instead of standard
# output
#CONFIG_ANDROID_LOG=y
# Enable privilege separation (see README 'Privilege separation' for details)
#CONFIG_PRIVSEP=y
# Enable mitigation against certain attacks against TKIP by delaying Michael
# MIC error reports by a random amount of time between 0 and 60 seconds
#CONFIG_DELAYED_MIC_ERROR_REPORT=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, uncomment these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, uncomment these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# wpa_supplicant depends on strong random number generation being available
# from the operating system. os_get_random() function is used to fetch random
# data when needed, e.g., for key generation. On Linux and BSD systems, this
# works by reading /dev/urandom. It should be noted that the OS entropy pool
# needs to be properly initialized before wpa_supplicant is started. This is
# important especially on embedded devices that do not have a hardware random
# number generator and may by default start up with minimal entropy available
# for random number generation.
#
# As a safety net, wpa_supplicant is by default trying to internally collect
# additional entropy for generating random data to mix in with the data fetched
# from the OS. This by itself is not considered to be very strong, but it may
# help in cases where the system pool is not initialized properly. However, it
# is very strongly recommended that the system pool is initialized with enough
# entropy either by using hardware assisted random number generator or by
# storing state over device reboots.
#
# wpa_supplicant can be configured to maintain its own entropy store over
# restarts to enhance random number generation. This is not perfect, but it is
# much more secure than using the same sequence of random numbers after every
# reboot. This can be enabled with -e<entropy file> command line option. The
# specified file needs to be readable and writable by wpa_supplicant.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal wpa_supplicant random pool can be
# disabled. This will save some in binary size and CPU use. However, this
# should only be considered for builds that are known to be used on devices
# that meet the requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
#CONFIG_IEEE80211N=y
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
# (depends on CONFIG_IEEE80211N)
#CONFIG_IEEE80211AC=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks (GAS/ANQP to learn more about the networks and network
# selection based on available credentials).
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable interface matching in wpa_supplicant
#CONFIG_MATCH_IFACE=y
# Disable roaming in wpa_supplicant
#CONFIG_NO_ROAMING=y
# AP mode operations with wpa_supplicant
# This can be used for controlling AP mode operations with wpa_supplicant. It
# should be noted that this is mainly aimed at simple cases like
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
# external RADIUS server can be supported with hostapd.
CONFIG_AP=y
# P2P (Wi-Fi Direct)
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
# more information on P2P operations.
CONFIG_P2P=y
# Enable TDLS support
#CONFIG_TDLS=y
# Wi-Fi Display
# This can be used to enable Wi-Fi Display extensions for P2P using an external
# program to control the additional information exchanges in the messages.
#CONFIG_WIFI_DISPLAY=y
# Autoscan
# This can be used to enable automatic scan support in wpa_supplicant.
# See wpa_supplicant.conf for more information on autoscan usage.
#
# Enabling directly a module will enable autoscan support.
# For exponential module:
#CONFIG_AUTOSCAN_EXPONENTIAL=y
# For periodic module:
#CONFIG_AUTOSCAN_PERIODIC=y
# Password (and passphrase, etc.) backend for external storage
# These optional mechanisms can be used to add support for storing passwords
# and other secrets in external (to wpa_supplicant) location. This allows, for
# example, operating system specific key storage to be used
#
# External password backend for testing purposes (developer use)
#CONFIG_EXT_PASSWORD_TEST=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# OS X builds. This is only for building eapol_test.
#CONFIG_OSX=y
# Automatic Channel Selection
# This will allow wpa_supplicant to pick the channel automatically when channel
# is set to "0".
#
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
# to "channel=0". This would enable us to eventually add other ACS algorithms in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
# a newly to create wpa_supplicant.conf variable acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#CONFIG_ACS=y
# Support Multi Band Operation
#CONFIG_MBO=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Support RSN on IBSS networks
# This is needed to be able to use mode=1 network profile with proto=RSN and
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
CONFIG_IBSS_RSN=y
# External PMKSA cache control
# This can be used to enable control interface commands that allow the current
# PMKSA cache entries to be fetched and new entries to be added.
#CONFIG_PMKSA_CACHE_EXTERNAL=y
# Mesh Networking (IEEE 802.11s)
#CONFIG_MESH=y
# Background scanning modules
# These can be used to request wpa_supplicant to perform background scanning
# operations for roaming within an ESS (same SSID). See the bgscan parameter in
# the wpa_supplicant.conf file for more details.
# Periodic background scans based on signal strength
#CONFIG_BGSCAN_SIMPLE=y
# Learn channels used by the network and try to avoid bgscans on other
# channels (experimental)
#CONFIG_BGSCAN_LEARN=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Device Provisioning Protocol (DPP)
# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
# wpa_supplicant/README-DPP for details)
#CONFIG_DPP=y
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y

62
package/network/services/hostapd/files/wps-hotplug.sh Normal file
View File

@@ -0,0 +1,62 @@
#!/bin/sh
wps_catch_credentials() {
local iface ifaces ifc ifname ssid encryption key radio radios
local found=0
. /usr/share/libubox/jshn.sh
ubus -S -t 30 listen wps_credentials | while read creds; do
json_init
json_load "$creds"
json_select wps_credentials || continue
json_get_vars ifname ssid key encryption
local ifcname="$ifname"
json_init
json_load "$(ubus -S call network.wireless status)"
json_get_keys radios
for radio in $radios; do
json_select $radio
json_select interfaces
json_get_keys ifaces
for ifc in $ifaces; do
json_select $ifc
json_get_vars ifname
[ "$ifname" = "$ifcname" ] && {
ubus -S call uci set "{\"config\":\"wireless\", \"type\":\"wifi-iface\", \
\"match\": { \"device\": \"$radio\", \"encryption\": \"wps\" }, \
\"values\": { \"encryption\": \"$encryption\", \
\"ssid\": \"$ssid\", \
\"key\": \"$key\" } }"
ubus -S call uci commit '{"config": "wireless"}'
ubus -S call uci apply
}
json_select ..
done
json_select ..
json_select ..
done
done
}
if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
wps_done=0
ubusobjs="$( ubus -S list hostapd.* )"
for ubusobj in $ubusobjs; do
ubus -S call $ubusobj wps_start && wps_done=1
done
[ $wps_done = 0 ] || return 0
wps_done=0
ubusobjs="$( ubus -S list wpa_supplicant.* )"
for ubusobj in $ubusobjs; do
ifname="$(echo $ubusobj | cut -d'.' -f2 )"
multi_ap=""
if [ -e "/var/run/wpa_supplicant-${ifname}.conf.is_multiap" ]; then
ubus -S call $ubusobj wps_start '{ "multi_ap": true }' && wps_done=1
else
ubus -S call $ubusobj wps_start && wps_done=1
fi
done
[ $wps_done = 0 ] || wps_catch_credentials &
fi
return 0

124
package/network/services/hostapd/patches/004-mesh-use-setup-completion-callback-to-complete-mesh-.patch Normal file
View File

@@ -0,0 +1,124 @@
From c05ace7510ead96e72b97ce47b33f7b5865d6d36 Mon Sep 17 00:00:00 2001
From: Peter Oh <peter.oh@bowerswilkins.com>
Date: Mon, 27 Aug 2018 14:28:38 -0700
Subject: [PATCH 1/7] mesh: use setup completion callback to complete mesh join
mesh join function is the last function to be called during
mesh join process, but it's been called a bit earlier than
it's supposed to be, so that some mesh parameter values
such as VHT capabilities not applied correct when mesh join
is in process.
Moreover current design of mesh join that is called directly
after mesh initialization isn't suitable for DFS channels to use,
since mesh join process should be paused until DFS CAC is
done and resumed after it's done.
The callback will be called by hostapd_setup_interface_complete_sync.
There is possiblity that completing mesh init fails, so add error
handle codes.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
---
src/ap/hostapd.c | 11 ++++++++++-
wpa_supplicant/mesh.c | 13 +++++++------
2 files changed, 17 insertions(+), 7 deletions(-)
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -423,6 +423,8 @@ static void hostapd_free_hapd_data(struc
#ifdef CONFIG_MESH
wpabuf_free(hapd->mesh_pending_auth);
hapd->mesh_pending_auth = NULL;
+ /* handling setup failure is already done */
+ hapd->setup_complete_cb = NULL;
#endif /* CONFIG_MESH */
hostapd_clean_rrm(hapd);
@@ -2049,6 +2051,13 @@ dfs_offload:
if (hapd->setup_complete_cb)
hapd->setup_complete_cb(hapd->setup_complete_cb_ctx);
+#ifdef CONFIG_MESH
+ if (delay_apply_cfg && !iface->mconf) {
+ wpa_printf(MSG_ERROR, "Error while completing mesh init");
+ goto fail;
+ }
+#endif /* CONFIG_MESH */
+
wpa_printf(MSG_DEBUG, "%s: Setup of interface done.",
iface->bss[0]->conf->iface);
if (iface->interfaces && iface->interfaces->terminate_on_error > 0)
@@ -2192,7 +2201,7 @@ int hostapd_setup_interface(struct hosta
ret = setup_interface(iface);
if (ret) {
wpa_printf(MSG_ERROR, "%s: Unable to setup interface.",
- iface->bss[0]->conf->iface);
+ iface->conf ? iface->conf->bss[0]->iface : "N/A");
return -1;
}
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -190,8 +190,9 @@ static int wpas_mesh_init_rsn(struct wpa
}
-static int wpas_mesh_complete(struct wpa_supplicant *wpa_s)
+static void wpas_mesh_complete_cb(void *ctx)
{
+ struct wpa_supplicant *wpa_s = ctx;
struct hostapd_iface *ifmsh = wpa_s->ifmsh;
struct wpa_driver_mesh_join_params *params = wpa_s->mesh_params;
struct wpa_ssid *ssid = wpa_s->current_ssid;
@@ -200,7 +201,7 @@ static int wpas_mesh_complete(struct wpa
if (!params || !ssid || !ifmsh) {
wpa_printf(MSG_ERROR, "mesh: %s called without active mesh",
__func__);
- return -1;
+ return;
}
if (ifmsh->mconf->security != MESH_CONF_SEC_NONE &&
@@ -209,7 +210,7 @@ static int wpas_mesh_complete(struct wpa
"mesh: RSN initialization failed - deinit mesh");
wpa_supplicant_mesh_deinit(wpa_s);
wpa_drv_leave_mesh(wpa_s);
- return -1;
+ return;
}
if (ssid->key_mgmt & WPA_KEY_MGMT_SAE) {
@@ -235,8 +236,6 @@ static int wpas_mesh_complete(struct wpa
if (!ret)
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
-
- return ret;
}
@@ -263,6 +262,7 @@ static int wpa_supplicant_mesh_init(stru
if (!ifmsh)
return -ENOMEM;
+ ifmsh->owner = wpa_s;
ifmsh->drv_flags = wpa_s->drv_flags;
ifmsh->num_bss = 1;
ifmsh->bss = os_calloc(wpa_s->ifmsh->num_bss,
@@ -280,6 +280,8 @@ static int wpa_supplicant_mesh_init(stru
bss->drv_priv = wpa_s->drv_priv;
bss->iface = ifmsh;
bss->mesh_sta_free_cb = mesh_mpm_free_sta;
+ bss->setup_complete_cb = wpas_mesh_complete_cb;
+ bss->setup_complete_cb_ctx = wpa_s;
frequency = ssid->frequency;
if (frequency != freq->freq &&
frequency == freq->freq + freq->sec_channel_offset * 20) {
@@ -521,7 +523,6 @@ int wpa_supplicant_join_mesh(struct wpa_
goto out;
}
- ret = wpas_mesh_complete(wpa_s);
out:
return ret;
}

26
package/network/services/hostapd/patches/005-mesh-update-ssid-frequency-as-pri-sec-channel-switch.patch Normal file
View File

@@ -0,0 +1,26 @@
From c56f18380d1d404a2abc0ea5373d294508ef1e54 Mon Sep 17 00:00:00 2001
From: Peter Oh <peter.oh@bowerswilkins.com>
Date: Mon, 27 Aug 2018 14:28:41 -0700
Subject: [PATCH 2/7] mesh: update ssid->frequency as pri/sec channel switch
ssid->frequency is one of variables used to gets channel
number from given frequency. Leave it as unchanged when
pri/sec channel switched will cause picking up wrong
channel number after applying secondary channel offset
for HT40 and leads failing interface bring-up.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
---
wpa_supplicant/mesh.c | 1 +
1 file changed, 1 insertion(+)
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -287,6 +287,7 @@ static int wpa_supplicant_mesh_init(stru
frequency == freq->freq + freq->sec_channel_offset * 20) {
wpa_printf(MSG_DEBUG, "mesh: pri/sec channels switched");
frequency = freq->freq;
+ ssid->frequency = frequency;
}
wpa_s->assoc_freq = frequency;
wpa_s->current_ssid = ssid;

48
package/network/services/hostapd/patches/006-mesh-inform-kernel-driver-DFS-handler-in-userspace.patch Normal file
View File

@@ -0,0 +1,48 @@
From 593602b7f14be5c2695979639764b1c50f01bbec Mon Sep 17 00:00:00 2001
From: Peter Oh <peter.oh@bowerswilkins.com>
Date: Mon, 27 Aug 2018 14:28:49 -0700
Subject: [PATCH 7/7] mesh: inform kernel driver DFS handler in userspace
NL80211_ATTR_HANDLE_DFS is required by kerenel space
to enable DFS channels that indicates DFS handler
resides in userspace.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
---
src/drivers/driver.h | 1 +
src/drivers/driver_nl80211.c | 3 +++
wpa_supplicant/mesh.c | 1 +
3 files changed, 5 insertions(+)
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1477,6 +1477,7 @@ struct wpa_driver_mesh_join_params {
#define WPA_DRIVER_MESH_FLAG_SAE_AUTH 0x00000004
#define WPA_DRIVER_MESH_FLAG_AMPE 0x00000008
unsigned int flags;
+ u8 handle_dfs;
};
/**
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -9624,6 +9624,9 @@ static int nl80211_join_mesh(struct i802
wpa_printf(MSG_DEBUG, " * flags=%08X", params->flags);
+ if (params->handle_dfs)
+ if (nla_put_flag(msg, NL80211_ATTR_HANDLE_DFS))
+ goto fail;
container = nla_nest_start(msg, NL80211_ATTR_MESH_SETUP);
if (!container)
goto fail;
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -309,6 +309,7 @@ static int wpa_supplicant_mesh_init(stru
conf->country[0] = wpa_s->conf->country[0];
conf->country[1] = wpa_s->conf->country[1];
conf->country[2] = ' ';
+ wpa_s->mesh_params->handle_dfs = 1;
}
bss->iconf = conf;

47
package/network/services/hostapd/patches/007-mesh-apply-channel-attributes-before-running-Mesh.patch Normal file
View File

@@ -0,0 +1,47 @@
From 2564184440d9d6041d11a8c7d50b31368634c3bd Mon Sep 17 00:00:00 2001
From: Peter Oh <peter.oh@bowerswilkins.com>
Date: Mon, 27 Aug 2018 14:28:40 -0700
Subject: [PATCH] mesh: Apply channel attributes before setup interface
This helps mesh interface initialization with correct channel
parameters.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
---
wpa_supplicant/mesh.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -249,7 +249,7 @@ static int wpa_supplicant_mesh_init(stru
struct mesh_conf *mconf;
int basic_rates_erp[] = { 10, 20, 55, 60, 110, 120, 240, -1 };
int rate_len;
- int frequency;
+ int frequency, saved_freq;
if (!wpa_s->conf->user_mpm) {
/* not much for us to do here */
@@ -386,6 +386,13 @@ static int wpa_supplicant_mesh_init(stru
conf->basic_rates[rate_len] = -1;
}
+ /* Handle pri/sec switch frequency within AP configuration parameter
+ * generation without changing the stored network profile in the end. */
+ saved_freq = ssid->frequency;
+ ssid->frequency = frequency;
+ wpa_supplicant_conf_ap_ht(wpa_s, ssid, conf);
+ ssid->frequency = saved_freq;
+
if (wpa_drv_init_mesh(wpa_s)) {
wpa_msg(wpa_s, MSG_ERROR, "Failed to init mesh in driver");
return -1;
@@ -397,8 +404,6 @@ static int wpa_supplicant_mesh_init(stru
return -1;
}
- wpa_supplicant_conf_ap_ht(wpa_s, ssid, conf);
-
return 0;
out_free:
wpa_supplicant_mesh_deinit(wpa_s);

78
package/network/services/hostapd/patches/011-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch Normal file
View File

@@ -0,0 +1,78 @@
From 89fa0d75fb1be82330258082ed3d7fd452eb6076 Mon Sep 17 00:00:00 2001
From: Peter Oh <peter.oh@bowerswilkins.com>
Date: Mon, 27 Aug 2018 14:28:45 -0700
Subject: [PATCH 3/7] mesh: Allow DFS channels to be selected if dfs is enabled
Note: DFS is assumed to be usable if a country code has been set
Signed-off-by: Benjamin Berg <benjamin@sipsolutions.net>
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
---
wpa_supplicant/wpa_supplicant.c | 24 ++++++++++++++++++------
1 file changed, 18 insertions(+), 6 deletions(-)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -2153,6 +2153,8 @@ void ibss_mesh_setup_freq(struct wpa_sup
struct hostapd_freq_params vht_freq;
int chwidth, seg0, seg1;
u32 vht_caps = 0;
+ int dfs_enabled = wpa_s->conf->country[0] &&
+ (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR);
freq->freq = ssid->frequency;
@@ -2232,8 +2234,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
return;
/* Check primary channel flags */
- if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
+ if (pri_chan->flag & HOSTAPD_CHAN_DISABLED)
return;
+ if (pri_chan->flag & (HOSTAPD_CHAN_RADAR | HOSTAPD_CHAN_NO_IR))
+ if (!dfs_enabled)
+ return;
freq->channel = pri_chan->chan;
@@ -2264,8 +2269,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
return;
/* Check secondary channel flags */
- if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
+ if (sec_chan->flag & HOSTAPD_CHAN_DISABLED)
return;
+ if (sec_chan->flag & (HOSTAPD_CHAN_RADAR | HOSTAPD_CHAN_NO_IR))
+ if (!dfs_enabled)
+ return;
if (ht40 == -1) {
if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
@@ -2356,8 +2364,11 @@ skip_ht40:
return;
/* Back to HT configuration if channel not usable */
- if (chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
+ if (chan->flag & HOSTAPD_CHAN_DISABLED)
return;
+ if (chan->flag & (HOSTAPD_CHAN_RADAR | HOSTAPD_CHAN_NO_IR))
+ if (!dfs_enabled)
+ return;
}
chwidth = CHANWIDTH_80MHZ;
@@ -2377,10 +2388,11 @@ skip_ht40:
if (!chan)
continue;
- if (chan->flag & (HOSTAPD_CHAN_DISABLED |
- HOSTAPD_CHAN_NO_IR |
- HOSTAPD_CHAN_RADAR))
+ if (chan->flag & HOSTAPD_CHAN_DISABLED)
continue;
+ if (chan->flag & (HOSTAPD_CHAN_RADAR | HOSTAPD_CHAN_NO_IR))
+ if (!dfs_enabled)
+ continue;
/* Found a suitable second segment for 80+80 */
chwidth = CHANWIDTH_80P80MHZ;

29
package/network/services/hostapd/patches/013-mesh-do-not-allow-pri-sec-channel-switch.patch Normal file
View File

@@ -0,0 +1,29 @@
From 4f4a9b9e2e61fba334a21dadea749e4b440f42e6 Mon Sep 17 00:00:00 2001
From: Peter Oh <peter.oh@bowerswilkins.com>
Date: Mon, 27 Aug 2018 14:28:48 -0700
Subject: [PATCH 6/7] mesh: don't allow pri/sec channel switch
This limitation isn't backed by standard, but it is known that
mesh doesn't have capability to handle 20/40 coex change in
current implementation and it will not able to establish
PLINK when channel switch between primary and secondary happens.
Since it's unknown when we will have the implementation of handling
20/40 coex change for mesh, it'd better to avoid them from happening
until standard based implementation is introduced.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
---
wpa_supplicant/mesh.c | 1 +
1 file changed, 1 insertion(+)
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -386,6 +386,7 @@ static int wpa_supplicant_mesh_init(stru
conf->basic_rates[rate_len] = -1;
}
+ conf->no_pri_sec_switch = 1;
/* Handle pri/sec switch frequency within AP configuration parameter
* generation without changing the stored network profile in the end. */
saved_freq = ssid->frequency;

61
package/network/services/hostapd/patches/015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch Normal file
View File

@@ -0,0 +1,61 @@
From 71e9c65a7c8af90a5fd11072062b596421316452 Mon Sep 17 00:00:00 2001
From: Peter Oh <peter.oh@bowerswilkins.com>
Date: Mon, 27 Aug 2018 14:28:46 -0700
Subject: [PATCH 4/7] mesh: do not set offchanok on DFS channels in non-ETSI
mac80211 does not allow mgmt tx to use off channel on
DFS channels in non-ETSI domain, because it will invalidate
CAC result on current operating channel.
(mac80211 commit: 34373d12f3cbb74960a73431138ef619d857996f)
Hence don't set offchanok for mgmt tx in case of DFS channels
in non-ETSI.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
---
src/drivers/driver_nl80211.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -7462,6 +7462,10 @@ static int wpa_driver_nl80211_send_actio
int ret = -1;
u8 *buf;
struct ieee80211_hdr *hdr;
+ struct hostapd_hw_modes *modes;
+ int i, offchanok = 1;
+ u16 num_modes, flags;
+ u8 dfs_domain;
wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, "
"freq=%u MHz wait=%d ms no_cck=%d)",
@@ -7486,6 +7490,21 @@ static int wpa_driver_nl80211_send_actio
os_memset(bss->rand_addr, 0, ETH_ALEN);
}
+ if (is_mesh_interface(drv->nlmode)) {
+ modes = nl80211_get_hw_feature_data(bss, &num_modes,
+ &flags, &dfs_domain);
+ if (dfs_domain != HOSTAPD_DFS_REGION_ETSI &&
+ ieee80211_is_dfs(bss->freq, modes, num_modes))
+ offchanok = 0;
+ if (modes) {
+ for (i = 0; i < num_modes; i++) {
+ os_free(modes[i].channels);
+ os_free(modes[i].rates);
+ }
+ os_free(modes);
+ }
+ }
+
if (is_ap_interface(drv->nlmode) &&
(!(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) ||
(int) freq == bss->freq || drv->device_ap_sme ||
@@ -7497,7 +7516,7 @@ static int wpa_driver_nl80211_send_actio
ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf,
24 + data_len,
&drv->send_action_cookie,
- no_cck, 0, 1, NULL, 0);
+ no_cck, 0, offchanok, NULL, 0);
os_free(buf);
return ret;

59
package/network/services/hostapd/patches/016-mesh-fix-channel-switch-error-during-CAC.patch Normal file
View File

@@ -0,0 +1,59 @@
From 5913d6e2a741683e7c747c046f72ca790bbe1337 Mon Sep 17 00:00:00 2001
From: Peter Oh <peter.oh@bowerswilkins.com>
Date: Mon, 27 Aug 2018 14:28:47 -0700
Subject: [PATCH 5/7] mesh: fix channel switch error during CAC
Mesh interface has used its channel parameters that configured
during its initialization even after channel switched due to
DFS radar detection during CAC which caused channel switch error.
This change fixes the error by updating its channel parameters
when channel's been changed from initial one.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
---
wpa_supplicant/mesh.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -13,6 +13,7 @@
#include "utils/uuid.h"
#include "common/ieee802_11_defs.h"
#include "common/wpa_ctrl.h"
+#include "common/hw_features_common.h"
#include "ap/sta_info.h"
#include "ap/hostapd.h"
#include "ap/ieee802_11.h"
@@ -204,6 +205,32 @@ static void wpas_mesh_complete_cb(void *
return;
}
+ /*
+ * inspect if channel's been changed since initialized.
+ * i.e. DFS radar detection
+ */
+ if (ifmsh->freq != params->freq.freq) {
+ wpa_s->assoc_freq = ifmsh->freq;
+ ssid->frequency = ifmsh->freq;
+ if (hostapd_set_freq_params(&params->freq,
+ ifmsh->conf->hw_mode,
+ ifmsh->freq,
+ ifmsh->conf->channel,
+ ifmsh->conf->ieee80211n,
+ ifmsh->conf->ieee80211ac,
+ ifmsh->conf->ieee80211ax,
+ ifmsh->conf->secondary_channel,
+ hostapd_get_oper_chwidth(ifmsh->conf),
+ hostapd_get_oper_centr_freq_seg0_idx(ifmsh->conf),
+ hostapd_get_oper_centr_freq_seg1_idx(ifmsh->conf),
+ ifmsh->current_mode->vht_capab,
+ &ifmsh->current_mode->he_capab[IEEE80211_MODE_AP])) {
+ wpa_printf(MSG_ERROR, "Error updating mesh frequency params.");
+ wpa_supplicant_mesh_deinit(wpa_s);
+ return;
+ }
+ }
+
if (ifmsh->mconf->security != MESH_CONF_SEC_NONE &&
wpas_mesh_init_rsn(wpa_s)) {
wpa_printf(MSG_ERROR,

219
package/network/services/hostapd/patches/018-mesh-make-forwarding-configurable.patch Normal file
View File

@@ -0,0 +1,219 @@
From 90fe6429624fc48bc0e5d2d7eeecb7498708b5e3 Mon Sep 17 00:00:00 2001
From: Daniel Golle <daniel@makrotopia.org>
Date: Wed, 18 Apr 2018 19:24:31 +0200
Subject: [PATCH 18/18] mesh: make forwarding configurable
Allow mesh_fwding to be specified in a mesh bss config, pass that
to the driver (only nl80211 implemented for now) and announce
forwarding capability accordingly.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---
src/ap/ap_config.h | 2 ++
src/drivers/driver.h | 2 ++
src/drivers/driver_nl80211.c | 3 +++
wpa_supplicant/config.c | 4 ++++
wpa_supplicant/config.h | 9 +++++++++
wpa_supplicant/config_file.c | 4 ++++
wpa_supplicant/config_ssid.h | 5 +++++
wpa_supplicant/mesh.c | 6 ++++++
wpa_supplicant/mesh_mpm.c | 4 ++--
wpa_supplicant/wpa_supplicant.conf | 3 +++
10 files changed, 40 insertions(+), 2 deletions(-)
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -51,6 +51,7 @@ struct mesh_conf {
int dot11MeshRetryTimeout; /* msec */
int dot11MeshConfirmTimeout; /* msec */
int dot11MeshHoldingTimeout; /* msec */
+ int mesh_fwding;
};
#define MAX_STA_COUNT 2007
@@ -666,6 +667,7 @@ struct hostapd_bss_config {
#define MESH_ENABLED BIT(0)
int mesh;
+ int mesh_fwding;
u8 radio_measurements[RRM_CAPABILITIES_IE_LEN];
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1450,6 +1450,7 @@ struct wpa_driver_mesh_bss_params {
#define WPA_DRIVER_MESH_CONF_FLAG_MAX_PEER_LINKS 0x00000004
#define WPA_DRIVER_MESH_CONF_FLAG_HT_OP_MODE 0x00000008
#define WPA_DRIVER_MESH_CONF_FLAG_RSSI_THRESHOLD 0x00000010
+#define WPA_DRIVER_MESH_CONF_FLAG_FORWARDING 0x00000020
/*
* TODO: Other mesh configuration parameters would go here.
* See NL80211_MESHCONF_* for all the mesh config parameters.
@@ -1459,6 +1460,7 @@ struct wpa_driver_mesh_bss_params {
int peer_link_timeout;
int max_peer_links;
int rssi_threshold;
+ int forwarding;
u16 ht_opmode;
};
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -9592,6 +9592,9 @@ static int nl80211_put_mesh_config(struc
if (((params->flags & WPA_DRIVER_MESH_CONF_FLAG_AUTO_PLINKS) &&
nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
params->auto_plinks)) ||
+ ((params->flags & WPA_DRIVER_MESH_CONF_FLAG_FORWARDING) &&
+ nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
+ params->forwarding)) ||
((params->flags & WPA_DRIVER_MESH_CONF_FLAG_MAX_PEER_LINKS) &&
nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
params->max_peer_links)) ||
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -2307,6 +2307,7 @@ static const struct parse_data ssid_fiel
#ifdef CONFIG_MESH
{ INT_RANGE(mode, 0, 5) },
{ INT_RANGE(no_auto_peer, 0, 1) },
+ { INT_RANGE(mesh_fwding, 0, 1) },
{ INT_RANGE(mesh_rssi_threshold, -255, 1) },
#else /* CONFIG_MESH */
{ INT_RANGE(mode, 0, 4) },
@@ -2869,6 +2870,7 @@ void wpa_config_set_network_defaults(str
ssid->dot11MeshRetryTimeout = DEFAULT_MESH_RETRY_TIMEOUT;
ssid->dot11MeshConfirmTimeout = DEFAULT_MESH_CONFIRM_TIMEOUT;
ssid->dot11MeshHoldingTimeout = DEFAULT_MESH_HOLDING_TIMEOUT;
+ ssid->mesh_fwding = DEFAULT_MESH_FWDING;
ssid->mesh_rssi_threshold = DEFAULT_MESH_RSSI_THRESHOLD;
#endif /* CONFIG_MESH */
#ifdef CONFIG_HT_OVERRIDES
@@ -4089,6 +4091,7 @@ struct wpa_config * wpa_config_alloc_emp
config->user_mpm = DEFAULT_USER_MPM;
config->max_peer_links = DEFAULT_MAX_PEER_LINKS;
config->mesh_max_inactivity = DEFAULT_MESH_MAX_INACTIVITY;
+ config->mesh_fwding = DEFAULT_MESH_FWDING;
config->dot11RSNASAERetransPeriod =
DEFAULT_DOT11_RSNA_SAE_RETRANS_PERIOD;
config->fast_reauth = DEFAULT_FAST_REAUTH;
@@ -4726,6 +4729,7 @@ static const struct global_parse_data gl
{ INT(user_mpm), 0 },
{ INT_RANGE(max_peer_links, 0, 255), 0 },
{ INT(mesh_max_inactivity), 0 },
+ { INT_RANGE(mesh_fwding, 0, 1), 0 },
{ INT(dot11RSNASAERetransPeriod), 0 },
#endif /* CONFIG_MESH */
{ INT(disable_scan_offload), 0 },
--- a/wpa_supplicant/config.h
+++ b/wpa_supplicant/config.h
@@ -18,6 +18,7 @@
#define DEFAULT_USER_MPM 1
#define DEFAULT_MAX_PEER_LINKS 99
#define DEFAULT_MESH_MAX_INACTIVITY 300
+#define DEFAULT_MESH_FWDING 1
/*
* The default dot11RSNASAERetransPeriod is defined as 40 ms in the standard,
* but use 1000 ms in practice to avoid issues on low power CPUs.
@@ -1327,6 +1328,14 @@ struct wpa_config {
int mesh_max_inactivity;
/**
+ * mesh_fwding - Mesh network layer-2 forwarding
+ *
+ * This controls whether to enable layer-2 forwarding.
+ * By default: 1: enabled
+ */
+ int mesh_fwding;
+
+ /**
* dot11RSNASAERetransPeriod - Timeout to retransmit SAE Auth frame
*
* This timeout value is used in mesh STA to retransmit
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -829,6 +829,7 @@ static void wpa_config_write_network(FIL
#endif /* IEEE8021X_EAPOL */
INT(mode);
INT(no_auto_peer);
+ INT(mesh_fwding);
INT(frequency);
INT(fixed_freq);
#ifdef CONFIG_ACS
@@ -1472,6 +1473,9 @@ static void wpa_config_write_global(FILE
fprintf(f, "mesh_max_inactivity=%d\n",
config->mesh_max_inactivity);
+ if (config->mesh_fwding != DEFAULT_MESH_FWDING)
+ fprintf(f, "mesh_fwding=%d\n", config->mesh_fwding);
+
if (config->dot11RSNASAERetransPeriod !=
DEFAULT_DOT11_RSNA_SAE_RETRANS_PERIOD)
fprintf(f, "dot11RSNASAERetransPeriod=%d\n",
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -516,6 +516,11 @@ struct wpa_ssid {
int dot11MeshConfirmTimeout; /* msec */
int dot11MeshHoldingTimeout; /* msec */
+ /**
+ * Mesh network layer-2 forwarding
+ */
+ int mesh_fwding;
+
int ht;
int ht40;
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -126,6 +126,7 @@ static struct mesh_conf * mesh_config_cr
conf->mesh_cc_id = 0;
conf->mesh_sp_id = MESH_SYNC_METHOD_NEIGHBOR_OFFSET;
conf->mesh_auth_id = (conf->security & MESH_CONF_SEC_AUTH) ? 1 : 0;
+ conf->mesh_fwding = ssid->mesh_fwding;
conf->dot11MeshMaxRetries = ssid->dot11MeshMaxRetries;
conf->dot11MeshRetryTimeout = ssid->dot11MeshRetryTimeout;
conf->dot11MeshConfirmTimeout = ssid->dot11MeshConfirmTimeout;
@@ -328,6 +329,7 @@ static int wpa_supplicant_mesh_init(stru
bss->conf->start_disabled = 1;
bss->conf->mesh = MESH_ENABLED;
bss->conf->ap_max_inactivity = wpa_s->conf->mesh_max_inactivity;
+ bss->conf->mesh_fwding = wpa_s->conf->mesh_fwding;
if (ieee80211_is_dfs(ssid->frequency, wpa_s->hw.modes,
wpa_s->hw.num_modes) && wpa_s->conf->country[0]) {
@@ -549,6 +551,10 @@ int wpa_supplicant_join_mesh(struct wpa_
}
params->conf.peer_link_timeout = wpa_s->conf->mesh_max_inactivity;
+ /* always explicitely set forwarding to on or off for now */
+ params->conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_FORWARDING;
+ params->conf.forwarding = ssid->mesh_fwding;
+
os_free(wpa_s->mesh_params);
wpa_s->mesh_params = params;
if (wpa_supplicant_mesh_init(wpa_s, ssid, &params->freq)) {
--- a/wpa_supplicant/mesh_mpm.c
+++ b/wpa_supplicant/mesh_mpm.c
@@ -305,9 +305,9 @@ static void mesh_mpm_send_plink_action(s
info = (bss->num_plinks > 63 ? 63 : bss->num_plinks) << 1;
/* TODO: Add Connected to Mesh Gate/AS subfields */
wpabuf_put_u8(buf, info);
- /* always forwarding & accepting plinks for now */
+ /* set forwarding & always accepting plinks for now */
wpabuf_put_u8(buf, MESH_CAP_ACCEPT_ADDITIONAL_PEER |
- MESH_CAP_FORWARDING);
+ (conf->mesh_fwding ? MESH_CAP_FORWARDING : 0));
} else { /* Peer closing frame */
/* IE: Mesh ID */
wpabuf_put_u8(buf, WLAN_EID_MESH_ID);
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -153,6 +153,9 @@ ap_scan=1
# This timeout value is used in mesh STA to clean up inactive stations.
#mesh_max_inactivity=300
+# Enable 802.11s layer-2 routing and forwarding
+#mesh_fwding=1
+
# cert_in_cb - Whether to include a peer certificate dump in events
# This controls whether peer certificates for authentication server and
# its certificate chain are included in EAP peer certificate events. This is

78
package/network/services/hostapd/patches/020-ignore-4addr-mode-enabling-error.patch Normal file
View File

@@ -0,0 +1,78 @@
From c7cca9b08f3e1e49c4a4a59ec66c47d91448e6ae Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 13 Feb 2021 23:59:28 +0200
Subject: [PATCH] nl80211: Ignore 4addr mode enabling error if it was already
enabled
nl80211_set_4addr_mode() could fail when trying to enable 4addr mode on
an interface that is in a bridge and has 4addr mode already enabled.
This operation would not have been necessary in the first place and this
failure results in disconnecting, e.g., when roaming from one backhaul
BSS to another BSS with Multi AP.
Avoid this issue by ignoring the nl80211 command failure in the case
where 4addr mode is being enabled while it has already been enabled.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/drivers/driver_nl80211.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 72189da24..011a15e68 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -617,6 +617,7 @@ struct wiphy_idx_data {
int wiphy_idx;
enum nl80211_iftype nlmode;
u8 *macaddr;
+ u8 use_4addr;
};
@@ -639,6 +640,9 @@ static int netdev_info_handler(struct nl_msg *msg, void *arg)
os_memcpy(info->macaddr, nla_data(tb[NL80211_ATTR_MAC]),
ETH_ALEN);
+ if (tb[NL80211_ATTR_4ADDR])
+ info->use_4addr = nla_get_u8(tb[NL80211_ATTR_4ADDR]);
+
return NL_SKIP;
}
@@ -691,6 +695,20 @@ static int nl80211_get_macaddr(struct i802_bss *bss)
}
+static int nl80211_get_4addr(struct i802_bss *bss)
+{
+ struct nl_msg *msg;
+ struct wiphy_idx_data data = {
+ .use_4addr = 0,
+ };
+
+ if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_GET_INTERFACE)) ||
+ send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data))
+ return -1;
+ return data.use_4addr;
+}
+
+
static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv,
struct nl80211_wiphy_data *w)
{
@@ -11482,6 +11500,11 @@ static int nl80211_set_4addr_mode(void *priv, const char *bridge_ifname,
ret = send_and_recv_msgs(drv, msg, NULL, NULL);
msg = NULL;
+ if (ret && val && nl80211_get_4addr(bss) == 1) {
+ wpa_printf(MSG_DEBUG,
+ "nl80211: 4addr mode was already enabled");
+ ret = 0;
+ }
if (!ret) {
if (bridge_ifname[0] && val &&
i802_check_bridge(drv, bss, bridge_ifname, bss->ifname) < 0)
--
2.29.2

34
package/network/services/hostapd/patches/051-wpa_supplicant-fix-race-condition-in-mesh-mpm-new-pe.patch Normal file
View File

@@ -0,0 +1,34 @@
From: Felix Fietkau <nbd@nbd.name>
Date: Tue, 12 Feb 2019 14:22:43 +0100
Subject: [PATCH v2] wpa_supplicant: fix race condition in mesh mpm new peer
handling
When wpa_supplicant receives another new peer event before the first one
has been processed, it tries to add a station to the driver a second time
(which fails) and then tears down the station entry until another event
comes in.
Fix this by only adding a station to the driver if it didn't exist already.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
--- a/wpa_supplicant/mesh_mpm.c
+++ b/wpa_supplicant/mesh_mpm.c
@@ -710,11 +710,12 @@ static struct sta_info * mesh_mpm_add_pe
}
sta = ap_get_sta(data, addr);
- if (!sta) {
- sta = ap_sta_add(data, addr);
- if (!sta)
- return NULL;
- }
+ if (sta)
+ return NULL;
+
+ sta = ap_sta_add(data, addr);
+ if (!sta)
+ return NULL;
/* Set WMM by default since Mesh STAs are QoS STAs */
sta->flags |= WLAN_STA_WMM;

45
package/network/services/hostapd/patches/060-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch Normal file
View File

@@ -0,0 +1,45 @@
From 8460e3230988ef2ec13ce6b69b687e941f6cdb32 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Tue, 8 Dec 2020 23:52:50 +0200
Subject: [PATCH] P2P: Fix a corner case in peer addition based on PD Request
p2p_add_device() may remove the oldest entry if there is no room in the
peer table for a new peer. This would result in any pointer to that
removed entry becoming stale. A corner case with an invalid PD Request
frame could result in such a case ending up using (read+write) freed
memory. This could only by triggered when the peer table has reached its
maximum size and the PD Request frame is received from the P2P Device
Address of the oldest remaining entry and the frame has incorrect P2P
Device Address in the payload.
Fix this by fetching the dev pointer again after having called
p2p_add_device() so that the stale pointer cannot be used.
Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
src/p2p/p2p_pd.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
--- a/src/p2p/p2p_pd.c
+++ b/src/p2p/p2p_pd.c
@@ -595,14 +595,12 @@ void p2p_process_prov_disc_req(struct p2
goto out;
}
+ dev = p2p_get_device(p2p, sa);
if (!dev) {
- dev = p2p_get_device(p2p, sa);
- if (!dev) {
- p2p_dbg(p2p,
- "Provision Discovery device not found "
- MACSTR, MAC2STR(sa));
- goto out;
- }
+ p2p_dbg(p2p,
+ "Provision Discovery device not found "
+ MACSTR, MAC2STR(sa));
+ goto out;
}
} else if (msg.wfd_subelems) {
wpabuf_free(dev->info.wfd_subelems);

66
package/network/services/hostapd/patches/067-0001-AP-Silently-ignore-management-frame-from-unexpected-.patch Normal file
View File

@@ -0,0 +1,66 @@
From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Thu, 29 Aug 2019 11:52:04 +0300
Subject: [PATCH] AP: Silently ignore management frame from unexpected source
address
Do not process any received Management frames with unexpected/invalid SA
so that we do not add any state for unexpected STA addresses or end up
sending out frames to unexpected destination. This prevents unexpected
sequences where an unprotected frame might end up causing the AP to send
out a response to another device and that other device processing the
unexpected response.
In particular, this prevents some potential denial of service cases
where the unexpected response frame from the AP might result in a
connected station dropping its association.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/ap/drv_callbacks.c | 13 +++++++++++++
src/ap/ieee802_11.c | 12 ++++++++++++
2 files changed, 25 insertions(+)
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_d
"hostapd_notif_assoc: Skip event with no address");
return -1;
}
+
+ if (is_multicast_ether_addr(addr) ||
+ is_zero_ether_addr(addr) ||
+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
+ " in received indication - ignore this indication silently",
+ __func__, MAC2STR(addr));
+ return 0;
+ }
+
random_add_randomness(addr, ETH_ALEN);
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data
fc = le_to_host16(mgmt->frame_control);
stype = WLAN_FC_GET_STYPE(fc);
+ if (is_multicast_ether_addr(mgmt->sa) ||
+ is_zero_ether_addr(mgmt->sa) ||
+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
+ " in received frame - ignore this frame silently",
+ MAC2STR(mgmt->sa));
+ return 0;
+ }
+
if (stype == WLAN_FC_STYPE_BEACON) {
handle_beacon(hapd, mgmt, len, fi);
return 1;

41
package/network/services/hostapd/patches/070-driver_nl80211-fix-WMM-queue-mapping-for-regulatory-.patch Normal file
View File

@@ -0,0 +1,41 @@
From: Felix Fietkau <nbd@nbd.name>
Date: Thu, 23 Jan 2020 13:50:47 +0100
Subject: [PATCH] driver_nl80211: fix WMM queue mapping for regulatory
limit
nl80211 uses a different queue mapping from hostap, so AC indexes need to
be converted.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -1403,6 +1403,12 @@ static void phy_info_freq(struct hostapd
[NL80211_WMMR_AIFSN] = { .type = NLA_U8 },
[NL80211_WMMR_TXOP] = { .type = NLA_U16 },
};
+ static const u8 wmm_map[4] = {
+ [NL80211_AC_BE] = WMM_AC_BE,
+ [NL80211_AC_BK] = WMM_AC_BK,
+ [NL80211_AC_VI] = WMM_AC_VI,
+ [NL80211_AC_VO] = WMM_AC_VO,
+ };
struct nlattr *nl_wmm;
struct nlattr *tb_wmm[NL80211_WMMR_MAX + 1];
int rem_wmm, ac, count = 0;
@@ -1424,12 +1430,13 @@ static void phy_info_freq(struct hostapd
return;
}
ac = nl_wmm->nla_type;
- if (ac < 0 || ac >= WMM_AC_NUM) {
+ if (ac >= ARRAY_SIZE(wmm_map)) {
wpa_printf(MSG_DEBUG,
"nl80211: Invalid AC value %d", ac);
return;
}
+ ac = wmm_map[ac];
chan->wmm_rules[ac].min_cwmin =
nla_get_u16(tb_wmm[NL80211_WMMR_CW_MIN]);
chan->wmm_rules[ac].min_cwmax =

47
package/network/services/hostapd/patches/071-driver_nl80211-fix-regulatory-limits-for-wmm-cwmin-c.patch Normal file
View File

@@ -0,0 +1,47 @@
From: Felix Fietkau <nbd@nbd.name>
Date: Thu, 23 Jan 2020 14:10:20 +0100
Subject: [PATCH] driver_nl80211: fix regulatory limits for wmm cwmin/cwmax
values
The internal WMM AC parameters use just the exponent of the CW value, while
nl80211 reports the full CW value.
This led to completely bogus CWmin/CWmax values in the WMM IE when a regulatory
limit was present. Fix this by converting the value to the exponent before
passing it on
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -1336,6 +1336,18 @@ static void phy_info_vht_capa(struct hos
}
}
+static inline int cw2ecw(unsigned int cw)
+{
+ int bit;
+
+ if (cw == 0)
+ return 0;
+
+ for (bit = 1; cw != 1; bit++)
+ cw >>= 1;
+
+ return bit;
+}
static void phy_info_freq(struct hostapd_hw_modes *mode,
struct hostapd_channel_data *chan,
@@ -1438,9 +1450,9 @@ static void phy_info_freq(struct hostapd
ac = wmm_map[ac];
chan->wmm_rules[ac].min_cwmin =
- nla_get_u16(tb_wmm[NL80211_WMMR_CW_MIN]);
+ cw2ecw(nla_get_u16(tb_wmm[NL80211_WMMR_CW_MIN]));
chan->wmm_rules[ac].min_cwmax =
- nla_get_u16(tb_wmm[NL80211_WMMR_CW_MAX]);
+ cw2ecw(nla_get_u16(tb_wmm[NL80211_WMMR_CW_MAX]));
chan->wmm_rules[ac].min_aifs =
nla_get_u8(tb_wmm[NL80211_WMMR_AIFSN]);
chan->wmm_rules[ac].max_txop =

26
package/network/services/hostapd/patches/090-wolfssl-fix-crypto_bignum_sum.patch Normal file
View File

@@ -0,0 +1,26 @@
From 1766e608ba1114220f3b3598e77aa53b50c38a6e Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Mon, 14 Oct 2019 19:27:47 +0300
Subject: [PATCH] wolfSSL: Fix crypto_bignum_sub()
The initial crypto wrapper implementation for wolfSSL seems to have
included a copy-paste error in crypto_bignum_sub() implementation that
was identical to crypto_bignum_add() while mp_sub() should have been
used instead of mp_add().
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
src/crypto/crypto_wolfssl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -1151,7 +1151,7 @@ int crypto_bignum_sub(const struct crypt
if (TEST_FAIL())
return -1;
- return mp_add((mp_int *) a, (mp_int *) b,
+ return mp_sub((mp_int *) a, (mp_int *) b,
(mp_int *) r) == MP_OKAY ? 0 : -1;
}

31
package/network/services/hostapd/patches/091-0001-wolfssl-Fix-compiler-warnings-on-size_t-printf-forma.patch Normal file
View File

@@ -0,0 +1,31 @@
From 6a28c4dbc102de3fed9db44637f47a10e7adfb78 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 16 May 2020 21:01:51 +0300
Subject: [PATCH 1/3] wolfssl: Fix compiler warnings on size_t printf format
use
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/crypto/tls_wolfssl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -1741,7 +1741,7 @@ struct wpabuf * tls_connection_encrypt(v
if (!conn)
return NULL;
- wpa_printf(MSG_DEBUG, "SSL: encrypt: %ld bytes", wpabuf_len(in_data));
+ wpa_printf(MSG_DEBUG, "SSL: encrypt: %zu bytes", wpabuf_len(in_data));
wolfssl_reset_out_data(&conn->output);
@@ -1792,7 +1792,7 @@ struct wpabuf * tls_connection_decrypt(v
}
wpabuf_put(buf, res);
- wpa_printf(MSG_DEBUG, "SSL: decrypt: %ld bytes", wpabuf_len(buf));
+ wpa_printf(MSG_DEBUG, "SSL: decrypt: %zu bytes", wpabuf_len(buf));
return buf;
}

49
package/network/services/hostapd/patches/091-0002-wolfssl-Fix-crypto_bignum_rand-implementation.patch Normal file
View File

@@ -0,0 +1,49 @@
From eb595b3e3ab531645a5bde71cf6385335b7a4b95 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 16 May 2020 21:02:17 +0300
Subject: [PATCH 2/3] wolfssl: Fix crypto_bignum_rand() implementation
The previous implementation used mp_rand_prime() to generate a random
value in range 0..m. That is insanely slow way of generating a random
value since mp_rand_prime() is for generating a random _prime_ which is
not what is needed here. Replace that implementation with generationg of
a random value in the requested range without doing any kind of prime
number checks or loops to reject values that are not primes.
This speeds up SAE and EAP-pwd routines by couple of orders of
magnitude..
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/crypto/crypto_wolfssl.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -1084,19 +1084,21 @@ int crypto_bignum_rand(struct crypto_big
{
int ret = 0;
WC_RNG rng;
+ size_t len;
+ u8 *buf;
if (TEST_FAIL())
return -1;
if (wc_InitRng(&rng) != 0)
return -1;
- if (mp_rand_prime((mp_int *) r,
- (mp_count_bits((mp_int *) m) + 7) / 8 * 2,
- &rng, NULL) != 0)
- ret = -1;
- if (ret == 0 &&
+ len = (mp_count_bits((mp_int *) m) + 7) / 8;
+ buf = os_malloc(len);
+ if (!buf || wc_RNG_GenerateBlock(&rng, buf, len) != 0 ||
+ mp_read_unsigned_bin((mp_int *) r, buf, len) != MP_OKAY ||
mp_mod((mp_int *) r, (mp_int *) m, (mp_int *) r) != 0)
ret = -1;
wc_FreeRng(&rng);
+ bin_clear_free(buf, len);
return ret;
}

26
package/network/services/hostapd/patches/091-0003-wolfssl-Do-not-hardcode-include-directory-in-wpa_sup.patch Normal file
View File

@@ -0,0 +1,26 @@
From 79488da576aeeb9400e1742fab7f463eed0fa7a1 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 16 May 2020 21:07:45 +0300
Subject: [PATCH 3/3] wolfssl: Do not hardcode include directory in
wpa_supplicant build
This is not really appropriate for any kind of cross compilations and is
not really needed in general since system specific values can be set in
.config.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
wpa_supplicant/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -1086,7 +1086,7 @@ endif
ifeq ($(CONFIG_TLS), wolfssl)
ifdef TLS_FUNCS
-CFLAGS += -DWOLFSSL_DER_LOAD -I/usr/local/include/wolfssl
+CFLAGS += -DWOLFSSL_DER_LOAD
OBJS += ../src/crypto/tls_wolfssl.o
endif
OBJS += ../src/crypto/crypto_wolfssl.o

97
package/network/services/hostapd/patches/100-daemonize_fix.patch Normal file
View File

@@ -0,0 +1,97 @@
--- a/src/utils/os_unix.c
+++ b/src/utils/os_unix.c
@@ -10,6 +10,7 @@
#include <time.h>
#include <sys/wait.h>
+#include <fcntl.h>
#ifdef ANDROID
#include <sys/capability.h>
@@ -182,59 +183,46 @@ int os_gmtime(os_time_t t, struct os_tm
return 0;
}
-
-#ifdef __APPLE__
-#include <fcntl.h>
-static int os_daemon(int nochdir, int noclose)
+int os_daemonize(const char *pid_file)
{
- int devnull;
+ int pid = 0, i, devnull;
- if (chdir("/") < 0)
- return -1;
+#if defined(__uClinux__) || defined(__sun__)
+ return -1;
+#else /* defined(__uClinux__) || defined(__sun__) */
- devnull = open("/dev/null", O_RDWR);
- if (devnull < 0)
+#ifndef __APPLE__
+ pid = fork();
+ if (pid < 0)
return -1;
+#endif
- if (dup2(devnull, STDIN_FILENO) < 0) {
- close(devnull);
- return -1;
+ if (pid > 0) {
+ if (pid_file) {
+ FILE *f = fopen(pid_file, "w");
+ if (f) {
+ fprintf(f, "%u\n", pid);
+ fclose(f);
+ }
+ }
+ _exit(0);
}
- if (dup2(devnull, STDOUT_FILENO) < 0) {
- close(devnull);
+ if (setsid() < 0)
return -1;
- }
- if (dup2(devnull, STDERR_FILENO) < 0) {
- close(devnull);
+ if (chdir("/") < 0)
return -1;
- }
-
- return 0;
-}
-#else /* __APPLE__ */
-#define os_daemon daemon
-#endif /* __APPLE__ */
-
-int os_daemonize(const char *pid_file)
-{
-#if defined(__uClinux__) || defined(__sun__)
- return -1;
-#else /* defined(__uClinux__) || defined(__sun__) */
- if (os_daemon(0, 0)) {
- perror("daemon");
+ devnull = open("/dev/null", O_RDWR);
+ if (devnull < 0)
return -1;
- }
- if (pid_file) {
- FILE *f = fopen(pid_file, "w");
- if (f) {
- fprintf(f, "%u\n", getpid());
- fclose(f);
- }
- }
+ for (i = 0; i <= STDERR_FILENO; i++)
+ dup2(devnull, i);
+
+ if (devnull > 2)
+ close(devnull);
return -0;
#endif /* defined(__uClinux__) || defined(__sun__) */

10
package/network/services/hostapd/patches/110-wolfssl-compile-fix.patch Normal file
View File

@@ -0,0 +1,10 @@
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -19,6 +19,7 @@
#include <wolfssl/ssl.h>
#include <wolfssl/error-ssl.h>
#include <wolfssl/wolfcrypt/asn.h>
+#include <wolfssl/openssl/x509v3.h>
#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
#define HAVE_AESGCM

355
package/network/services/hostapd/patches/200-multicall.patch Normal file
View File

@@ -0,0 +1,355 @@
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -28,6 +28,7 @@ CFLAGS += -I$(abspath ../src/utils)
export BINDIR ?= /usr/local/bin/
-include .config
+-include $(if $(MULTICALL), ../wpa_supplicant/.config)
ifndef CONFIG_NO_GITVER
# Add VERSION_STR postfix for builds from a git repository
@@ -198,7 +199,8 @@ endif
ifdef CONFIG_NO_VLAN
CFLAGS += -DCONFIG_NO_VLAN
-else
+endif
+ifneq ($(findstring CONFIG_NO_VLAN,$(CFLAGS)), CONFIG_NO_VLAN)
OBJS += ../src/ap/vlan_init.o
OBJS += ../src/ap/vlan_ifconfig.o
OBJS += ../src/ap/vlan.o
@@ -366,10 +368,14 @@ CFLAGS += -DCONFIG_MBO
OBJS += ../src/ap/mbo_ap.o
endif
+ifndef MULTICALL
+CFLAGS += -DNO_SUPPLICANT
+endif
+
include ../src/drivers/drivers.mak
-OBJS += $(DRV_AP_OBJS)
-CFLAGS += $(DRV_AP_CFLAGS)
-LDFLAGS += $(DRV_AP_LDFLAGS)
+OBJS += $(sort $(DRV_AP_OBJS) $(if $(MULTICALL),$(DRV_WPA_OBJS)))
+CFLAGS += $(DRV_AP_CFLAGS) $(if $(MULTICALL),$(DRV_WPA_CFLAGS))
+LDFLAGS += $(DRV_AP_LDFLAGS) $(if $(MULTICALL),$(DRV_WPA_LDFLAGS))
LIBS += $(DRV_AP_LIBS)
ifdef CONFIG_L2_PACKET
@@ -1316,6 +1322,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
BCHECK=../src/drivers/build.hostapd
+hostapd_multi.a: $(BCHECK) $(OBJS)
+ $(Q)$(CC) -c -o hostapd_multi.o -Dmain=hostapd_main $(CFLAGS) main.c
+ @$(E) " CC " $<
+ @rm -f $@
+ @$(AR) cr $@ hostapd_multi.o $(OBJS)
+
hostapd: $(BCHECK) $(OBJS)
$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
@$(E) " LD " $@
@@ -1358,6 +1370,12 @@ ifeq ($(CONFIG_TLS), linux)
HOBJS += ../src/crypto/crypto_linux.o
endif
+dump_cflags:
+ @printf "%s " "$(CFLAGS)"
+
+dump_ldflags:
+ @printf "%s " "$(LDFLAGS) $(LIBS) $(EXTRALIBS)"
+
nt_password_hash: $(NOBJS)
$(Q)$(CC) $(LDFLAGS) -o nt_password_hash $(NOBJS) $(LIBS_n)
@$(E) " LD " $@
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -27,6 +27,7 @@ CFLAGS += -I$(abspath ../src)
CFLAGS += -I$(abspath ../src/utils)
-include .config
+-include $(if $(MULTICALL),../hostapd/.config)
ifndef CONFIG_NO_GITVER
# Add VERSION_STR postfix for builds from a git repository
@@ -363,7 +364,9 @@ endif
ifdef CONFIG_IBSS_RSN
NEED_RSN_AUTHENTICATOR=y
CFLAGS += -DCONFIG_IBSS_RSN
+ifndef MULTICALL
CFLAGS += -DCONFIG_NO_VLAN
+endif
OBJS += ibss_rsn.o
endif
@@ -892,6 +895,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
LIBS += -ldl -rdynamic
endif
+else
+ ifdef MULTICALL
+ OBJS += ../src/eap_common/eap_common.o
+ endif
endif
ifdef CONFIG_AP
@@ -899,9 +906,11 @@ NEED_EAP_COMMON=y
NEED_RSN_AUTHENTICATOR=y
CFLAGS += -DCONFIG_AP
OBJS += ap.o
+ifndef MULTICALL
CFLAGS += -DCONFIG_NO_RADIUS
CFLAGS += -DCONFIG_NO_ACCOUNTING
CFLAGS += -DCONFIG_NO_VLAN
+endif
OBJS += ../src/ap/hostapd.o
OBJS += ../src/ap/wpa_auth_glue.o
OBJS += ../src/ap/utils.o
@@ -983,6 +992,12 @@ endif
ifdef CONFIG_HS20
OBJS += ../src/ap/hs20.o
endif
+else
+ ifdef MULTICALL
+ OBJS += ../src/eap_server/eap_server.o
+ OBJS += ../src/eap_server/eap_server_identity.o
+ OBJS += ../src/eap_server/eap_server_methods.o
+ endif
endif
ifdef CONFIG_MBO
@@ -991,7 +1006,9 @@ CFLAGS += -DCONFIG_MBO
endif
ifdef NEED_RSN_AUTHENTICATOR
+ifndef MULTICALL
CFLAGS += -DCONFIG_NO_RADIUS
+endif
NEED_AES_WRAP=y
OBJS += ../src/ap/wpa_auth.o
OBJS += ../src/ap/wpa_auth_ie.o
@@ -1899,6 +1916,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
$(OBJS_c) $(OBJS_t) $(OBJS_t2) $(OBJS) $(BCHECK) $(EXTRA_progs): .config
+wpa_supplicant_multi.a: .config $(BCHECK) $(OBJS) $(EXTRA_progs)
+ $(Q)$(CC) -c -o wpa_supplicant_multi.o -Dmain=wpa_supplicant_main $(CFLAGS) main.c
+ @$(E) " CC " $<
+ @rm -f $@
+ @$(AR) cr $@ wpa_supplicant_multi.o $(OBJS)
+
wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
@$(E) " LD " $@
@@ -1999,6 +2022,12 @@ endif
$(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@
@$(E) " sed" $<
+dump_cflags:
+ @printf "%s " "$(CFLAGS)"
+
+dump_ldflags:
+ @printf "%s " "$(LDFLAGS) $(LIBS) $(EXTRALIBS)"
+
wpa_supplicant.exe: wpa_supplicant
mv -f $< $@
wpa_cli.exe: wpa_cli
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -5657,8 +5657,8 @@ union wpa_event_data {
* Driver wrapper code should call this function whenever an event is received
* from the driver.
*/
-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
- union wpa_event_data *data);
+extern void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data);
/**
* wpa_supplicant_event_global - Report a driver event for wpa_supplicant
@@ -5670,7 +5670,7 @@ void wpa_supplicant_event(void *ctx, enu
* Same as wpa_supplicant_event(), but we search for the interface in
* wpa_global.
*/
-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
+extern void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
union wpa_event_data *data);
/*
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -1669,8 +1669,8 @@ err:
#endif /* CONFIG_OWE */
-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
- union wpa_event_data *data)
+void hostapd_wpa_event(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data)
{
struct hostapd_data *hapd = ctx;
#ifndef CONFIG_NO_STDOUT_DEBUG
@@ -1915,7 +1915,7 @@ void wpa_supplicant_event(void *ctx, enu
}
-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
+void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event,
union wpa_event_data *data)
{
struct hapd_interfaces *interfaces = ctx;
--- a/wpa_supplicant/wpa_priv.c
+++ b/wpa_supplicant/wpa_priv.c
@@ -1031,8 +1031,8 @@ static void wpa_priv_send_ft_response(st
}
-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
- union wpa_event_data *data)
+static void supplicant_event(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data)
{
struct wpa_priv_interface *iface = ctx;
@@ -1095,7 +1095,7 @@ void wpa_supplicant_event(void *ctx, enu
}
-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
+void supplicant_event_global(void *ctx, enum wpa_event_type event,
union wpa_event_data *data)
{
struct wpa_priv_global *global = ctx;
@@ -1207,6 +1207,8 @@ int main(int argc, char *argv[])
if (os_program_init())
return -1;
+ wpa_supplicant_event = supplicant_event;
+ wpa_supplicant_event_global = supplicant_event_global;
wpa_priv_fd_workaround();
os_memset(&global, 0, sizeof(global));
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -4184,8 +4184,8 @@ static void wpas_event_assoc_reject(stru
}
-void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
- union wpa_event_data *data)
+void supplicant_event(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data)
{
struct wpa_supplicant *wpa_s = ctx;
int resched;
@@ -4967,7 +4967,7 @@ void wpa_supplicant_event(void *ctx, enu
}
-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
+void supplicant_event_global(void *ctx, enum wpa_event_type event,
union wpa_event_data *data)
{
struct wpa_supplicant *wpa_s;
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -6096,7 +6096,6 @@ struct wpa_interface * wpa_supplicant_ma
return NULL;
}
-
/**
* wpa_supplicant_match_existing - Match existing interfaces
* @global: Pointer to global data from wpa_supplicant_init()
@@ -6133,6 +6132,11 @@ static int wpa_supplicant_match_existing
#endif /* CONFIG_MATCH_IFACE */
+extern void supplicant_event(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data);
+
+extern void supplicant_event_global(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data);
/**
* wpa_supplicant_add_iface - Add a new network interface
@@ -6389,6 +6393,8 @@ struct wpa_global * wpa_supplicant_init(
#ifndef CONFIG_NO_WPA_MSG
wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
#endif /* CONFIG_NO_WPA_MSG */
+ wpa_supplicant_event = supplicant_event;
+ wpa_supplicant_event_global = supplicant_event_global;
if (params->wpa_debug_file_path)
wpa_debug_open_file(params->wpa_debug_file_path);
--- a/hostapd/main.c
+++ b/hostapd/main.c
@@ -592,6 +592,11 @@ fail:
return -1;
}
+void hostapd_wpa_event(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data);
+
+void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data);
#ifdef CONFIG_WPS
static int gen_uuid(const char *txt_addr)
@@ -682,6 +687,8 @@ int main(int argc, char *argv[])
return -1;
#endif /* CONFIG_DPP */
+ wpa_supplicant_event = hostapd_wpa_event;
+ wpa_supplicant_event_global = hostapd_wpa_event_global;
for (;;) {
c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:");
if (c < 0)
--- a/src/drivers/drivers.c
+++ b/src/drivers/drivers.c
@@ -10,6 +10,10 @@
#include "utils/common.h"
#include "driver.h"
+void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data);
+void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data);
const struct wpa_driver_ops *const wpa_drivers[] =
{
--- a/wpa_supplicant/eapol_test.c
+++ b/wpa_supplicant/eapol_test.c
@@ -30,7 +30,12 @@
#include "ctrl_iface.h"
#include "pcsc_funcs.h"
#include "wpas_glue.h"
+#include "drivers/driver.h"
+void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data);
+void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data);
const struct wpa_driver_ops *const wpa_drivers[] = { NULL };
@@ -1292,6 +1297,10 @@ static void usage(void)
"option several times.\n");
}
+extern void supplicant_event(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data);
+extern void supplicant_event_global(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data);
int main(int argc, char *argv[])
{
@@ -1312,6 +1321,8 @@ int main(int argc, char *argv[])
if (os_program_init())
return -1;
+ wpa_supplicant_event = supplicant_event;
+ wpa_supplicant_event_global = supplicant_event_global;
hostapd_logger_register_cb(hostapd_logger_cb);
os_memset(&eapol_test, 0, sizeof(eapol_test));

58
package/network/services/hostapd/patches/300-noscan.patch Normal file
View File

@@ -0,0 +1,58 @@
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -3411,6 +3411,10 @@ static int hostapd_config_fill(struct ho
bss->ieee80211w = 1;
#endif /* CONFIG_OCV */
#ifdef CONFIG_IEEE80211N
+ } else if (os_strcmp(buf, "noscan") == 0) {
+ conf->noscan = atoi(pos);
+ } else if (os_strcmp(buf, "ht_coex") == 0) {
+ conf->no_ht_coex = !atoi(pos);
} else if (os_strcmp(buf, "ieee80211n") == 0) {
conf->ieee80211n = atoi(pos);
} else if (os_strcmp(buf, "ht_capab") == 0) {
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -934,6 +934,8 @@ struct hostapd_config {
int ht_op_mode_fixed;
u16 ht_capab;
+ int noscan;
+ int no_ht_coex;
int ieee80211n;
int secondary_channel;
int no_pri_sec_switch;
--- a/src/ap/hw_features.c
+++ b/src/ap/hw_features.c
@@ -477,7 +477,8 @@ static int ieee80211n_check_40mhz(struct
int ret;
/* Check that HT40 is used and PRI / SEC switch is allowed */
- if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch)
+ if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch ||
+ iface->conf->noscan)
return 0;
hostapd_set_state(iface, HAPD_IFACE_HT_SCAN);
--- a/src/ap/ieee802_11_ht.c
+++ b/src/ap/ieee802_11_ht.c
@@ -252,6 +252,9 @@ void hostapd_2040_coex_action(struct hos
return;
}
+ if (iface->conf->noscan || iface->conf->no_ht_coex)
+ return;
+
if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie)) {
wpa_printf(MSG_DEBUG,
"Ignore too short 20/40 BSS Coexistence Management frame");
@@ -412,6 +415,9 @@ void ht40_intolerant_add(struct hostapd_
if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G)
return;
+ if (iface->conf->noscan || iface->conf->no_ht_coex)
+ return;
+
wpa_printf(MSG_INFO, "HT: Forty MHz Intolerant is set by STA " MACSTR
" in Association Request", MAC2STR(sta->addr));

68
package/network/services/hostapd/patches/301-mesh-noscan.patch Normal file
View File

@@ -0,0 +1,68 @@
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -2312,6 +2312,7 @@ static const struct parse_data ssid_fiel
#else /* CONFIG_MESH */
{ INT_RANGE(mode, 0, 4) },
#endif /* CONFIG_MESH */
+ { INT_RANGE(noscan, 0, 1) },
{ INT_RANGE(proactive_key_caching, 0, 1) },
{ INT_RANGE(disabled, 0, 2) },
{ STR(id_str) },
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -829,6 +829,7 @@ static void wpa_config_write_network(FIL
#endif /* IEEE8021X_EAPOL */
INT(mode);
INT(no_auto_peer);
+ INT(noscan);
INT(mesh_fwding);
INT(frequency);
INT(fixed_freq);
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -361,6 +361,8 @@ static int wpa_supplicant_mesh_init(stru
frequency);
goto out_free;
}
+ if (ssid->noscan)
+ conf->noscan = 1;
if (ssid->ht40)
conf->secondary_channel = ssid->ht40;
if (conf->hw_mode == HOSTAPD_MODE_IEEE80211A && ssid->vht) {
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -2143,12 +2143,12 @@ void ibss_mesh_setup_freq(struct wpa_sup
int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
enum hostapd_hw_mode hw_mode;
struct hostapd_hw_modes *mode = NULL;
- int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
+ int ht40plus[] = { 1, 2, 3, 4, 5, 6, 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
184, 192 };
int vht80[] = { 36, 52, 100, 116, 132, 149 };
struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
u8 channel;
- int i, chan_idx, ht40 = -1, res, obss_scan = 1;
+ int i, chan_idx, ht40 = -1, res, obss_scan = !(ssid->noscan);
unsigned int j, k;
struct hostapd_freq_params vht_freq;
int chwidth, seg0, seg1;
@@ -2221,7 +2221,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
return;
/* Setup higher BW only for 5 GHz */
- if (mode->mode != HOSTAPD_MODE_IEEE80211A)
+ if (mode->mode != HOSTAPD_MODE_IEEE80211A && !(ssid->noscan))
return;
for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -918,6 +918,8 @@ struct wpa_ssid {
*/
int no_auto_peer;
+ int noscan;
+
/**
* mesh_rssi_threshold - Set mesh parameter mesh_rssi_threshold (dBm)
*

11
package/network/services/hostapd/patches/310-rescan_immediately.patch Normal file
View File

@@ -0,0 +1,11 @@
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -4474,7 +4474,7 @@ wpa_supplicant_alloc(struct wpa_supplica
if (wpa_s == NULL)
return NULL;
wpa_s->scan_req = INITIAL_SCAN_REQ;
- wpa_s->scan_interval = 5;
+ wpa_s->scan_interval = 1;
wpa_s->new_connection = 1;
wpa_s->parent = parent ? parent : wpa_s;
wpa_s->p2pdev = wpa_s->parent;

61
package/network/services/hostapd/patches/320-optional_rfkill.patch Normal file
View File

@@ -0,0 +1,61 @@
--- a/src/drivers/drivers.mak
+++ b/src/drivers/drivers.mak
@@ -50,7 +50,6 @@ NEED_SME=y
NEED_AP_MLME=y
NEED_NETLINK=y
NEED_LINUX_IOCTL=y
-NEED_RFKILL=y
NEED_RADIOTAP=y
NEED_LIBNL=y
endif
@@ -107,7 +106,6 @@ DRV_WPA_CFLAGS += -DCONFIG_DRIVER_WEXT
CONFIG_WIRELESS_EXTENSION=y
NEED_NETLINK=y
NEED_LINUX_IOCTL=y
-NEED_RFKILL=y
endif
ifdef CONFIG_DRIVER_NDIS
@@ -133,7 +131,6 @@ endif
ifdef CONFIG_WIRELESS_EXTENSION
DRV_WPA_CFLAGS += -DCONFIG_WIRELESS_EXTENSION
DRV_WPA_OBJS += ../src/drivers/driver_wext.o
-NEED_RFKILL=y
endif
ifdef NEED_NETLINK
@@ -146,6 +143,7 @@ endif
ifdef NEED_RFKILL
DRV_OBJS += ../src/drivers/rfkill.o
+DRV_WPA_CFLAGS += -DCONFIG_RFKILL
endif
ifdef NEED_RADIOTAP
--- a/src/drivers/rfkill.h
+++ b/src/drivers/rfkill.h
@@ -18,8 +18,24 @@ struct rfkill_config {
void (*unblocked_cb)(void *ctx);
};
+#ifdef CONFIG_RFKILL
struct rfkill_data * rfkill_init(struct rfkill_config *cfg);
void rfkill_deinit(struct rfkill_data *rfkill);
int rfkill_is_blocked(struct rfkill_data *rfkill);
+#else
+static inline struct rfkill_data * rfkill_init(struct rfkill_config *cfg)
+{
+ return (void *) 1;
+}
+
+static inline void rfkill_deinit(struct rfkill_data *rfkill)
+{
+}
+
+static inline int rfkill_is_blocked(struct rfkill_data *rfkill)
+{
+ return 0;
+}
+#endif
#endif /* RFKILL_H */

11
package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch Normal file
View File

@@ -0,0 +1,11 @@
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -4431,7 +4431,7 @@ static int nl80211_set_channel(struct i8
freq->freq, freq->ht_enabled, freq->vht_enabled, freq->he_enabled,
freq->bandwidth, freq->center_freq1, freq->center_freq2);
- msg = nl80211_drv_msg(drv, 0, set_chan ? NL80211_CMD_SET_CHANNEL :
+ msg = nl80211_bss_msg(bss, 0, set_chan ? NL80211_CMD_SET_CHANNEL :
NL80211_CMD_SET_WIPHY);
if (!msg || nl80211_put_freq_params(msg, freq) < 0) {
nlmsg_free(msg);

73
package/network/services/hostapd/patches/340-reload_freq_change.patch Normal file
View File

@@ -0,0 +1,73 @@
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -108,6 +108,26 @@ static void hostapd_reload_bss(struct ho
#endif /* CONFIG_NO_RADIUS */
ssid = &hapd->conf->ssid;
+
+ hostapd_set_freq(hapd, hapd->iconf->hw_mode, hapd->iface->freq,
+ hapd->iconf->channel,
+ hapd->iconf->ieee80211n,
+ hapd->iconf->ieee80211ac,
+ hapd->iconf->ieee80211ax,
+ hapd->iconf->secondary_channel,
+ hostapd_get_oper_chwidth(hapd->iconf),
+ hostapd_get_oper_centr_freq_seg0_idx(hapd->iconf),
+ hostapd_get_oper_centr_freq_seg1_idx(hapd->iconf));
+
+ if (hapd->iface->current_mode) {
+ if (hostapd_prepare_rates(hapd->iface, hapd->iface->current_mode)) {
+ wpa_printf(MSG_ERROR, "Failed to prepare rates table.");
+ hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
+ HOSTAPD_LEVEL_WARNING,
+ "Failed to prepare rates table.");
+ }
+ }
+
if (!ssid->wpa_psk_set && ssid->wpa_psk && !ssid->wpa_psk->next &&
ssid->wpa_passphrase_set && ssid->wpa_passphrase) {
/*
@@ -205,6 +225,7 @@ int hostapd_reload_config(struct hostapd
struct hostapd_data *hapd = iface->bss[0];
struct hostapd_config *newconf, *oldconf;
size_t j;
+ int i;
if (iface->config_fname == NULL) {
/* Only in-memory config in use - assume it has been updated */
@@ -255,24 +276,20 @@ int hostapd_reload_config(struct hostapd
}
iface->conf = newconf;
+ for (i = 0; i < iface->num_hw_features; i++) {
+ struct hostapd_hw_modes *mode = &iface->hw_features[i];
+ if (mode->mode == iface->conf->hw_mode) {
+ iface->current_mode = mode;
+ break;
+ }
+ }
+
+ if (iface->conf->channel)
+ iface->freq = hostapd_hw_get_freq(hapd, iface->conf->channel);
+
for (j = 0; j < iface->num_bss; j++) {
hapd = iface->bss[j];
hapd->iconf = newconf;
- hapd->iconf->channel = oldconf->channel;
- hapd->iconf->acs = oldconf->acs;
- hapd->iconf->secondary_channel = oldconf->secondary_channel;
- hapd->iconf->ieee80211n = oldconf->ieee80211n;
- hapd->iconf->ieee80211ac = oldconf->ieee80211ac;
- hapd->iconf->ht_capab = oldconf->ht_capab;
- hapd->iconf->vht_capab = oldconf->vht_capab;
- hostapd_set_oper_chwidth(hapd->iconf,
- hostapd_get_oper_chwidth(oldconf));
- hostapd_set_oper_centr_freq_seg0_idx(
- hapd->iconf,
- hostapd_get_oper_centr_freq_seg0_idx(oldconf));
- hostapd_set_oper_centr_freq_seg1_idx(
- hapd->iconf,
- hostapd_get_oper_centr_freq_seg1_idx(oldconf));
hapd->conf = newconf->bss[j];
hostapd_reload_bss(hapd);
}

39
package/network/services/hostapd/patches/341-mesh-ctrl-iface-channel-switch.patch Normal file
View File

@@ -0,0 +1,39 @@
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -1378,15 +1378,35 @@ int ap_switch_channel(struct wpa_supplic
#ifdef CONFIG_CTRL_IFACE
+
+static int __ap_ctrl_iface_chanswitch(struct hostapd_iface *iface,
+ struct csa_settings *settings)
+{
+#ifdef NEED_AP_MLME
+ if (!iface || !iface->bss[0])
+ return 0;
+
+ return hostapd_switch_channel(iface->bss[0], settings);
+#else
+ return -1;
+#endif
+}
+
+
int ap_ctrl_iface_chanswitch(struct wpa_supplicant *wpa_s, const char *pos)
{
struct csa_settings settings;
int ret = hostapd_parse_csa_settings(pos, &settings);
+ if (!(wpa_s->ap_iface && wpa_s->ap_iface->bss[0]) &&
+ !(wpa_s->ifmsh && wpa_s->ifmsh->bss[0]))
+ return -1;
+
+ ret = __ap_ctrl_iface_chanswitch(wpa_s->ap_iface, &settings);
if (ret)
return ret;
- return ap_switch_channel(wpa_s, &settings);
+ return __ap_ctrl_iface_chanswitch(wpa_s->ifmsh, &settings);
}
#endif /* CONFIG_CTRL_IFACE */

54
package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch Normal file
View File

@@ -0,0 +1,54 @@
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -2721,10 +2721,15 @@ static int wpa_driver_nl80211_del_beacon
struct nl_msg *msg;
struct wpa_driver_nl80211_data *drv = bss->drv;
+ if (!bss->beacon_set)
+ return 0;
+
+ bss->beacon_set = 0;
+
wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)",
- drv->ifindex);
+ bss->ifindex);
nl80211_put_wiphy_data_ap(bss);
- msg = nl80211_drv_msg(drv, 0, NL80211_CMD_DEL_BEACON);
+ msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_BEACON);
return send_and_recv_msgs(drv, msg, NULL, NULL);
}
@@ -5042,7 +5047,7 @@ static void nl80211_teardown_ap(struct i
nl80211_mgmt_unsubscribe(bss, "AP teardown");
nl80211_put_wiphy_data_ap(bss);
- bss->beacon_set = 0;
+ wpa_driver_nl80211_del_beacon(bss);
}
@@ -7353,8 +7358,6 @@ static int wpa_driver_nl80211_if_remove(
} else {
wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
nl80211_teardown_ap(bss);
- if (!bss->added_if && !drv->first_bss->next)
- wpa_driver_nl80211_del_beacon(bss);
nl80211_destroy_bss(bss);
if (!bss->added_if)
i802_set_iface_flags(bss, 0);
@@ -7744,7 +7747,6 @@ static int wpa_driver_nl80211_deinit_ap(
if (!is_ap_interface(drv->nlmode))
return -1;
wpa_driver_nl80211_del_beacon(bss);
- bss->beacon_set = 0;
/*
* If the P2P GO interface was dynamically added, then it is
@@ -7764,7 +7766,6 @@ static int wpa_driver_nl80211_stop_ap(vo
if (!is_ap_interface(drv->nlmode))
return -1;
wpa_driver_nl80211_del_beacon(bss);
- bss->beacon_set = 0;
return 0;
}

106
package/network/services/hostapd/patches/360-ctrl_iface_reload.patch Normal file
View File

@@ -0,0 +1,106 @@
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -60,6 +60,7 @@
#include "fst/fst_ctrl_iface.h"
#include "config_file.h"
#include "ctrl_iface.h"
+#include "config_file.h"
#define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256
@@ -78,6 +79,7 @@ static void hostapd_ctrl_iface_send(stru
enum wpa_msg_type type,
const char *buf, size_t len);
+static char *reload_opts = NULL;
static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd,
struct sockaddr_storage *from,
@@ -129,6 +131,61 @@ static int hostapd_ctrl_iface_new_sta(st
return 0;
}
+static char *get_option(char *opt, char *str)
+{
+ int len = strlen(str);
+
+ if (!strncmp(opt, str, len))
+ return opt + len;
+ else
+ return NULL;
+}
+
+static struct hostapd_config *hostapd_ctrl_iface_config_read(const char *fname)
+{
+ struct hostapd_config *conf;
+ char *opt, *val;
+
+ conf = hostapd_config_read(fname);
+ if (!conf)
+ return NULL;
+
+ for (opt = strtok(reload_opts, " ");
+ opt;
+ opt = strtok(NULL, " ")) {
+
+ if ((val = get_option(opt, "channel=")))
+ conf->channel = atoi(val);
+ else if ((val = get_option(opt, "ht_capab=")))
+ conf->ht_capab = atoi(val);
+ else if ((val = get_option(opt, "ht_capab_mask=")))
+ conf->ht_capab &= atoi(val);
+ else if ((val = get_option(opt, "sec_chan=")))
+ conf->secondary_channel = atoi(val);
+ else if ((val = get_option(opt, "hw_mode=")))
+ conf->hw_mode = atoi(val);
+ else if ((val = get_option(opt, "ieee80211n=")))
+ conf->ieee80211n = atoi(val);
+ else
+ break;
+ }
+
+ return conf;
+}
+
+static int hostapd_ctrl_iface_update(struct hostapd_data *hapd, char *txt)
+{
+ struct hostapd_config * (*config_read_cb)(const char *config_fname);
+ struct hostapd_iface *iface = hapd->iface;
+
+ config_read_cb = iface->interfaces->config_read_cb;
+ iface->interfaces->config_read_cb = hostapd_ctrl_iface_config_read;
+ reload_opts = txt;
+
+ hostapd_reload_config(iface);
+
+ iface->interfaces->config_read_cb = config_read_cb;
+}
#ifdef CONFIG_IEEE80211W
#ifdef NEED_AP_MLME
@@ -3195,6 +3252,8 @@ static int hostapd_ctrl_iface_receive_pr
} else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply,
reply_size);
+ } else if (os_strncmp(buf, "UPDATE ", 7) == 0) {
+ hostapd_ctrl_iface_update(hapd, buf + 7);
} else if (os_strcmp(buf, "ERP_FLUSH") == 0) {
ieee802_1x_erp_flush(hapd);
#ifdef RADIUS_SERVER
--- a/src/ap/ctrl_iface_ap.c
+++ b/src/ap/ctrl_iface_ap.c
@@ -874,7 +874,13 @@ int hostapd_parse_csa_settings(const cha
int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd)
{
- return hostapd_drv_stop_ap(hapd);
+ struct hostapd_iface *iface = hapd->iface;
+ int i;
+
+ for (i = 0; i < iface->num_bss; i++)
+ hostapd_drv_stop_ap(iface->bss[i]);
+
+ return 0;
}

274
package/network/services/hostapd/patches/370-ap_sta_support.patch Normal file
View File

@@ -0,0 +1,274 @@
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -26,6 +26,10 @@ CFLAGS += $(EXTRA_CFLAGS)
CFLAGS += -I$(abspath ../src)
CFLAGS += -I$(abspath ../src/utils)
+ifdef MULTICALL
+CFLAGS += -DMULTICALL
+endif
+
-include .config
-include $(if $(MULTICALL),../hostapd/.config)
@@ -116,6 +120,8 @@ OBJS_c += ../src/utils/common.o
OBJS_c += ../src/common/cli.o
OBJS += wmm_ac.o
+OBJS += ../src/common/wpa_ctrl.o
+
ifndef CONFIG_OS
ifdef CONFIG_NATIVE_WINDOWS
CONFIG_OS=win32
--- a/wpa_supplicant/bss.c
+++ b/wpa_supplicant/bss.c
@@ -11,6 +11,7 @@
#include "utils/common.h"
#include "utils/eloop.h"
#include "common/ieee802_11_defs.h"
+#include "common/ieee802_11_common.h"
#include "drivers/driver.h"
#include "eap_peer/eap.h"
#include "wpa_supplicant_i.h"
@@ -294,6 +295,10 @@ void calculate_update_time(const struct
static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src,
struct os_reltime *fetch_time)
{
+ struct ieee80211_ht_capabilities *capab;
+ struct ieee80211_ht_operation *oper;
+ struct ieee802_11_elems elems;
+
dst->flags = src->flags;
os_memcpy(dst->bssid, src->bssid, ETH_ALEN);
dst->freq = src->freq;
@@ -306,6 +311,15 @@ static void wpa_bss_copy_res(struct wpa_
dst->est_throughput = src->est_throughput;
dst->snr = src->snr;
+ memset(&elems, 0, sizeof(elems));
+ ieee802_11_parse_elems((u8 *) (src + 1), src->ie_len, &elems, 0);
+ capab = (struct ieee80211_ht_capabilities *) elems.ht_capabilities;
+ oper = (struct ieee80211_ht_operation *) elems.ht_operation;
+ if (capab)
+ dst->ht_capab = le_to_host16(capab->ht_capabilities_info);
+ if (oper)
+ dst->ht_param = oper->ht_param;
+
calculate_update_time(fetch_time, src->age, &dst->last_update);
}
--- a/wpa_supplicant/bss.h
+++ b/wpa_supplicant/bss.h
@@ -82,6 +82,10 @@ struct wpa_bss {
u8 ssid[SSID_MAX_LEN];
/** Length of SSID */
size_t ssid_len;
+ /** HT capabilities */
+ u16 ht_capab;
+ /* Five octets of HT Operation Information */
+ u8 ht_param;
/** Frequency of the channel in MHz (e.g., 2412 = channel 1) */
int freq;
/** Beacon interval in TUs (host byte order) */
--- a/wpa_supplicant/main.c
+++ b/wpa_supplicant/main.c
@@ -34,7 +34,7 @@ static void usage(void)
"vW] [-P<pid file>] "
"[-g<global ctrl>] \\\n"
" [-G<group>] \\\n"
- " -i<ifname> -c<config file> [-C<ctrl>] [-D<driver>] "
+ " -i<ifname> -c<config file> [-C<ctrl>] [-D<driver>] [-H<hostapd path>] "
"[-p<driver_param>] \\\n"
" [-b<br_ifname>] [-e<entropy file>]"
#ifdef CONFIG_DEBUG_FILE
@@ -74,6 +74,7 @@ static void usage(void)
" -g = global ctrl_interface\n"
" -G = global ctrl_interface group\n"
" -h = show this help text\n"
+ " -H = connect to a hostapd instance to manage state changes\n"
" -i = interface name\n"
" -I = additional configuration file\n"
" -K = include keys (passwords, etc.) in debug output\n"
@@ -201,7 +202,7 @@ int main(int argc, char *argv[])
for (;;) {
c = getopt(argc, argv,
- "b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuvW");
+ "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuvW");
if (c < 0)
break;
switch (c) {
@@ -248,6 +249,9 @@ int main(int argc, char *argv[])
usage();
exitcode = 0;
goto out;
+ case 'H':
+ iface->hostapd_ctrl = optarg;
+ break;
case 'i':
iface->ifname = optarg;
break;
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -127,6 +127,55 @@ static void wpas_update_fils_connect_par
#endif /* CONFIG_FILS && IEEE8021X_EAPOL */
+static int hostapd_stop(struct wpa_supplicant *wpa_s)
+{
+ const char *cmd = "STOP_AP";
+ char buf[256];
+ size_t len = sizeof(buf);
+
+ if (wpa_ctrl_request(wpa_s->hostapd, cmd, os_strlen(cmd), buf, &len, NULL) < 0) {
+ wpa_printf(MSG_ERROR, "\nFailed to stop hostapd AP interfaces\n");
+ return -1;
+ }
+ return 0;
+}
+
+static int hostapd_reload(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
+{
+ char *cmd = NULL;
+ char buf[256];
+ size_t len = sizeof(buf);
+ enum hostapd_hw_mode hw_mode;
+ u8 channel;
+ int sec_chan = 0;
+ int ret;
+
+ if (!bss)
+ return -1;
+
+ if (bss->ht_param & HT_INFO_HT_PARAM_STA_CHNL_WIDTH) {
+ int sec = bss->ht_param & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK;
+ if (sec == HT_INFO_HT_PARAM_SECONDARY_CHNL_ABOVE)
+ sec_chan = 1;
+ else if (sec == HT_INFO_HT_PARAM_SECONDARY_CHNL_BELOW)
+ sec_chan = -1;
+ }
+
+ hw_mode = ieee80211_freq_to_chan(bss->freq, &channel);
+ if (asprintf(&cmd, "UPDATE channel=%d sec_chan=%d hw_mode=%d",
+ channel, sec_chan, hw_mode) < 0)
+ return -1;
+
+ ret = wpa_ctrl_request(wpa_s->hostapd, cmd, os_strlen(cmd), buf, &len, NULL);
+ free(cmd);
+
+ if (ret < 0) {
+ wpa_printf(MSG_ERROR, "\nFailed to reload hostapd AP interfaces\n");
+ return -1;
+ }
+ return 0;
+}
+
/* Configure default/group WEP keys for static WEP */
int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
{
@@ -940,12 +989,16 @@ void wpa_supplicant_set_state(struct wpa
sme_sched_obss_scan(wpa_s, 1);
+ if (wpa_s->hostapd)
+ hostapd_reload(wpa_s, wpa_s->current_bss);
#if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
if (!fils_hlp_sent && ssid && ssid->eap.erp)
wpas_update_fils_connect_params(wpa_s);
#endif /* CONFIG_FILS && IEEE8021X_EAPOL */
} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
state == WPA_ASSOCIATED) {
+ if (wpa_s->hostapd)
+ hostapd_stop(wpa_s);
wpa_s->new_connection = 1;
wpa_drv_set_operstate(wpa_s, 0);
#ifndef IEEE8021X_EAPOL
@@ -2038,6 +2091,8 @@ void wpa_supplicant_associate(struct wpa
wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
ssid->id);
wpas_notify_mesh_group_started(wpa_s, ssid);
+ if (wpa_s->hostapd)
+ hostapd_reload(wpa_s, wpa_s->current_bss);
#else /* CONFIG_MESH */
wpa_msg(wpa_s, MSG_ERROR,
"mesh mode support not included in the build");
@@ -5716,6 +5771,16 @@ static int wpa_supplicant_init_iface(str
sizeof(wpa_s->bridge_ifname));
}
+ if (iface->hostapd_ctrl) {
+ wpa_s->hostapd = wpa_ctrl_open(iface->hostapd_ctrl);
+ if (!wpa_s->hostapd) {
+ wpa_printf(MSG_ERROR, "\nFailed to connect to hostapd\n");
+ return -1;
+ }
+ if (hostapd_stop(wpa_s) < 0)
+ return -1;
+ }
+
/* RSNA Supplicant Key Management - INITIALIZE */
eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
@@ -6043,6 +6108,11 @@ static void wpa_supplicant_deinit_iface(
if (terminate)
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
+ if (wpa_s->hostapd) {
+ wpa_ctrl_close(wpa_s->hostapd);
+ wpa_s->hostapd = NULL;
+ }
+
if (wpa_s->ctrl_iface) {
wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
wpa_s->ctrl_iface = NULL;
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -101,6 +101,11 @@ struct wpa_interface {
const char *ifname;
/**
+ * hostapd_ctrl - path to hostapd control socket for notification
+ */
+ const char *hostapd_ctrl;
+
+ /**
* bridge_ifname - Optional bridge interface name
*
* If the driver interface (ifname) is included in a Linux bridge
@@ -516,6 +521,8 @@ struct wpa_supplicant {
#endif /* CONFIG_CTRL_IFACE_BINDER */
char bridge_ifname[16];
+ struct wpa_ctrl *hostapd;
+
char *confname;
char *confanother;
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -2408,6 +2408,11 @@ static int hostapd_ctrl_iface_chan_switc
if (ret)
return ret;
+ if (os_strstr(pos, " auto-ht")) {
+ settings.freq_params.ht_enabled = iface->conf->ieee80211n;
+ settings.freq_params.vht_enabled = iface->conf->ieee80211ac;
+ }
+
for (i = 0; i < iface->num_bss; i++) {
/* Save CHAN_SWITCH VHT config */
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -1403,11 +1403,6 @@ int ieee802_11_set_beacon(struct hostapd
struct wpabuf *beacon, *proberesp, *assocresp;
int res, ret = -1;
- if (hapd->csa_in_progress) {
- wpa_printf(MSG_ERROR, "Cannot set beacons during CSA period");
- return -1;
- }
-
hapd->beacon_set_done = 1;
if (ieee802_11_build_ap_params(hapd, &params) < 0)

193
package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch Normal file
View File

@@ -0,0 +1,193 @@
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -220,6 +220,9 @@ endif
ifdef CONFIG_NO_CTRL_IFACE
CFLAGS += -DCONFIG_NO_CTRL_IFACE
else
+ifdef CONFIG_CTRL_IFACE_MIB
+CFLAGS += -DCONFIG_CTRL_IFACE_MIB
+endif
ifeq ($(CONFIG_CTRL_IFACE), udp)
CFLAGS += -DCONFIG_CTRL_IFACE_UDP
else
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -3020,6 +3020,7 @@ static int hostapd_ctrl_iface_receive_pr
reply_size);
} else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
reply_len = hostapd_drv_status(hapd, reply, reply_size);
+#ifdef CONFIG_CTRL_IFACE_MIB
} else if (os_strcmp(buf, "MIB") == 0) {
reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
if (reply_len >= 0) {
@@ -3061,6 +3062,7 @@ static int hostapd_ctrl_iface_receive_pr
} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
reply_size);
+#endif
} else if (os_strcmp(buf, "ATTACH") == 0) {
if (hostapd_ctrl_iface_attach(hapd, from, fromlen, NULL))
reply_len = -1;
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -957,6 +957,9 @@ ifdef CONFIG_FILS
OBJS += ../src/ap/fils_hlp.o
endif
ifdef CONFIG_CTRL_IFACE
+ifdef CONFIG_CTRL_IFACE_MIB
+CFLAGS += -DCONFIG_CTRL_IFACE_MIB
+endif
OBJS += ../src/ap/ctrl_iface_ap.o
endif
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -2144,7 +2144,7 @@ static int wpa_supplicant_ctrl_iface_sta
pos += ret;
}
-#ifdef CONFIG_AP
+#if defined(CONFIG_AP) && defined(CONFIG_CTRL_IFACE_MIB)
if (wpa_s->ap_iface) {
pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos,
end - pos,
@@ -9962,6 +9962,7 @@ char * wpa_supplicant_ctrl_iface_process
reply_len = -1;
} else if (os_strncmp(buf, "NOTE ", 5) == 0) {
wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
+#ifdef CONFIG_CTRL_IFACE_MIB
} else if (os_strcmp(buf, "MIB") == 0) {
reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
if (reply_len >= 0) {
@@ -9974,6 +9975,7 @@ char * wpa_supplicant_ctrl_iface_process
reply_size - reply_len);
#endif /* CONFIG_MACSEC */
}
+#endif
} else if (os_strncmp(buf, "STATUS", 6) == 0) {
reply_len = wpa_supplicant_ctrl_iface_status(
wpa_s, buf + 6, reply, reply_size);
@@ -10458,6 +10460,7 @@ char * wpa_supplicant_ctrl_iface_process
reply_len = wpa_supplicant_ctrl_iface_bss(
wpa_s, buf + 4, reply, reply_size);
#ifdef CONFIG_AP
+#ifdef CONFIG_CTRL_IFACE_MIB
} else if (os_strcmp(buf, "STA-FIRST") == 0) {
reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size);
} else if (os_strncmp(buf, "STA ", 4) == 0) {
@@ -10466,12 +10469,15 @@ char * wpa_supplicant_ctrl_iface_process
} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
reply_size);
+#endif
+#ifdef CONFIG_CTRL_IFACE_MIB
} else if (os_strncmp(buf, "DEAUTHENTICATE ", 15) == 0) {
if (ap_ctrl_iface_sta_deauthenticate(wpa_s, buf + 15))
reply_len = -1;
} else if (os_strncmp(buf, "DISASSOCIATE ", 13) == 0) {
if (ap_ctrl_iface_sta_disassociate(wpa_s, buf + 13))
reply_len = -1;
+#endif
} else if (os_strncmp(buf, "CHAN_SWITCH ", 12) == 0) {
if (ap_ctrl_iface_chanswitch(wpa_s, buf + 12))
reply_len = -1;
--- a/src/ap/ctrl_iface_ap.c
+++ b/src/ap/ctrl_iface_ap.c
@@ -25,6 +25,7 @@
#include "mbo_ap.h"
#include "taxonomy.h"
+#ifdef CONFIG_CTRL_IFACE_MIB
static size_t hostapd_write_ht_mcs_bitmask(char *buf, size_t buflen,
size_t curr_len, const u8 *mcs_set)
@@ -423,6 +424,7 @@ int hostapd_ctrl_iface_sta_next(struct h
return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen);
}
+#endif
#ifdef CONFIG_P2P_MANAGER
static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
@@ -763,12 +765,12 @@ int hostapd_ctrl_iface_status(struct hos
return len;
len += ret;
}
-
+#ifdef CONFIG_CTRL_IFACE_MIB
if (iface->conf->ieee80211n && !hapd->conf->disable_11n && mode) {
len = hostapd_write_ht_mcs_bitmask(buf, buflen, len,
mode->mcs_set);
}
-
+#endif /* CONFIG_CTRL_IFACE_MIB */
if (iface->current_rates && iface->num_rates) {
ret = os_snprintf(buf + len, buflen - len, "supported_rates=");
if (os_snprintf_error(buflen - len, ret))
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -2706,6 +2706,7 @@ static const char * bool_txt(Boolean val
return val ? "TRUE" : "FALSE";
}
+#ifdef CONFIG_CTRL_IFACE_MIB
int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
{
@@ -2892,6 +2893,7 @@ int ieee802_1x_get_mib_sta(struct hostap
return len;
}
+#endif
#ifdef CONFIG_HS20
static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -4116,6 +4116,7 @@ static const char * wpa_bool_txt(int val
return val ? "TRUE" : "FALSE";
}
+#ifdef CONFIG_CTRL_IFACE_MIB
#define RSN_SUITE "%02x-%02x-%02x-%d"
#define RSN_SUITE_ARG(s) \
@@ -4264,7 +4265,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
return len;
}
-
+#endif
void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
{
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -2502,6 +2502,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
}
+#ifdef CONFIG_CTRL_IFACE_MIB
+
#define RSN_SUITE "%02x-%02x-%02x-%d"
#define RSN_SUITE_ARG(s) \
((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
@@ -2585,6 +2587,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
return (int) len;
}
+#endif
#endif /* CONFIG_CTRL_IFACE */
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -1236,7 +1236,7 @@ int wpas_ap_wps_nfc_report_handover(stru
#endif /* CONFIG_WPS */
-#ifdef CONFIG_CTRL_IFACE
+#if defined(CONFIG_CTRL_IFACE) && defined(CONFIG_CTRL_IFACE_MIB)
int ap_ctrl_iface_sta_first(struct wpa_supplicant *wpa_s,
char *buf, size_t buflen)

11
package/network/services/hostapd/patches/381-hostapd_cli_UNKNOWN-COMMAND.patch Normal file
View File

@@ -0,0 +1,11 @@
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
@@ -743,7 +743,7 @@ static int wpa_ctrl_command_sta(struct w
}
buf[len] = '\0';
- if (memcmp(buf, "FAIL", 4) == 0)
+ if (memcmp(buf, "FAIL", 4) == 0 || memcmp(buf, "UNKNOWN COMMAND", 15) == 0)
return -1;
if (print)
printf("%s", buf);

56
package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch Normal file
View File

@@ -0,0 +1,56 @@
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -2089,6 +2089,31 @@ u32 wpa_akm_to_suite(int akm)
}
+static void wpa_fixup_wpa_ie_rsn(u8 *assoc_ie, const u8 *wpa_msg_ie,
+ size_t rsn_ie_len)
+{
+ int pos, count;
+
+ pos = sizeof(struct rsn_ie_hdr) + RSN_SELECTOR_LEN;
+ if (rsn_ie_len < pos + 2)
+ return;
+
+ count = WPA_GET_LE16(wpa_msg_ie + pos);
+ pos += 2 + count * RSN_SELECTOR_LEN;
+ if (rsn_ie_len < pos + 2)
+ return;
+
+ count = WPA_GET_LE16(wpa_msg_ie + pos);
+ pos += 2 + count * RSN_SELECTOR_LEN;
+ if (rsn_ie_len < pos + 2)
+ return;
+
+ if (!assoc_ie[pos] && !assoc_ie[pos + 1] &&
+ (wpa_msg_ie[pos] || wpa_msg_ie[pos + 1]))
+ memcpy(&assoc_ie[pos], &wpa_msg_ie[pos], 2);
+}
+
+
int wpa_compare_rsn_ie(int ft_initial_assoc,
const u8 *ie1, size_t ie1len,
const u8 *ie2, size_t ie2len)
@@ -2096,8 +2121,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
if (ie1 == NULL || ie2 == NULL)
return -1;
- if (ie1len == ie2len && os_memcmp(ie1, ie2, ie1len) == 0)
- return 0; /* identical IEs */
+ if (ie1len == ie2len) {
+ u8 *ie_tmp;
+
+ if (os_memcmp(ie1, ie2, ie1len) == 0)
+ return 0; /* identical IEs */
+
+ ie_tmp = alloca(ie1len);
+ memcpy(ie_tmp, ie1, ie1len);
+ wpa_fixup_wpa_ie_rsn(ie_tmp, ie2, ie1len);
+
+ if (os_memcmp(ie_tmp, ie2, ie1len) == 0)
+ return 0; /* only mismatch in RSN capabilties */
+ }
#ifdef CONFIG_IEEE80211R
if (ft_initial_assoc) {

22
package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch Normal file
View File

@@ -0,0 +1,22 @@
--- a/src/ap/wps_hostapd.c
+++ b/src/ap/wps_hostapd.c
@@ -346,8 +346,7 @@ static int hapd_wps_reconfig_in_memory(s
bss->wpa_pairwise |= WPA_CIPHER_GCMP;
else
bss->wpa_pairwise |= WPA_CIPHER_CCMP;
- }
- if (cred->encr_type & WPS_ENCR_TKIP)
+ } else if (cred->encr_type & WPS_ENCR_TKIP)
bss->wpa_pairwise |= WPA_CIPHER_TKIP;
bss->rsn_pairwise = bss->wpa_pairwise;
bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
@@ -1108,8 +1107,7 @@ int hostapd_init_wps(struct hostapd_data
WPA_CIPHER_GCMP_256)) {
wps->encr_types |= WPS_ENCR_AES;
wps->encr_types_rsn |= WPS_ENCR_AES;
- }
- if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
+ } else if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
wps->encr_types |= WPS_ENCR_TKIP;
wps->encr_types_rsn |= WPS_ENCR_TKIP;
}

214
package/network/services/hostapd/patches/410-limit_debug_messages.patch Normal file
View File

@@ -0,0 +1,214 @@
--- a/src/utils/wpa_debug.c
+++ b/src/utils/wpa_debug.c
@@ -206,7 +206,7 @@ void wpa_debug_close_linux_tracing(void)
*
* Note: New line '\n' is added to the end of the text when printing to stdout.
*/
-void wpa_printf(int level, const char *fmt, ...)
+void _wpa_printf(int level, const char *fmt, ...)
{
va_list ap;
@@ -253,8 +253,8 @@ void wpa_printf(int level, const char *f
}
-static void _wpa_hexdump(int level, const char *title, const u8 *buf,
- size_t len, int show)
+void _wpa_hexdump(int level, const char *title, const u8 *buf,
+ size_t len, int show)
{
size_t i;
@@ -380,20 +380,8 @@ static void _wpa_hexdump(int level, cons
#endif /* CONFIG_ANDROID_LOG */
}
-void wpa_hexdump(int level, const char *title, const void *buf, size_t len)
-{
- _wpa_hexdump(level, title, buf, len, 1);
-}
-
-
-void wpa_hexdump_key(int level, const char *title, const void *buf, size_t len)
-{
- _wpa_hexdump(level, title, buf, len, wpa_debug_show_keys);
-}
-
-
-static void _wpa_hexdump_ascii(int level, const char *title, const void *buf,
- size_t len, int show)
+void _wpa_hexdump_ascii(int level, const char *title, const void *buf,
+ size_t len, int show)
{
size_t i, llen;
const u8 *pos = buf;
@@ -506,20 +494,6 @@ static void _wpa_hexdump_ascii(int level
}
-void wpa_hexdump_ascii(int level, const char *title, const void *buf,
- size_t len)
-{
- _wpa_hexdump_ascii(level, title, buf, len, 1);
-}
-
-
-void wpa_hexdump_ascii_key(int level, const char *title, const void *buf,
- size_t len)
-{
- _wpa_hexdump_ascii(level, title, buf, len, wpa_debug_show_keys);
-}
-
-
#ifdef CONFIG_DEBUG_FILE
static char *last_path = NULL;
#endif /* CONFIG_DEBUG_FILE */
@@ -635,7 +609,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_
}
-void wpa_msg(void *ctx, int level, const char *fmt, ...)
+void _wpa_msg(void *ctx, int level, const char *fmt, ...)
{
va_list ap;
char *buf;
@@ -673,7 +647,7 @@ void wpa_msg(void *ctx, int level, const
}
-void wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...)
+void _wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...)
{
va_list ap;
char *buf;
--- a/src/utils/wpa_debug.h
+++ b/src/utils/wpa_debug.h
@@ -52,6 +52,17 @@ int wpa_debug_reopen_file(void);
void wpa_debug_close_file(void);
void wpa_debug_setup_stdout(void);
+/* internal */
+void _wpa_hexdump(int level, const char *title, const u8 *buf,
+ size_t len, int show);
+void _wpa_hexdump_ascii(int level, const char *title, const void *buf,
+ size_t len, int show);
+extern int wpa_debug_show_keys;
+
+#ifndef CONFIG_MSG_MIN_PRIORITY
+#define CONFIG_MSG_MIN_PRIORITY 0
+#endif
+
/**
* wpa_debug_printf_timestamp - Print timestamp for debug output
*
@@ -72,9 +83,15 @@ void wpa_debug_print_timestamp(void);
*
* Note: New line '\n' is added to the end of the text when printing to stdout.
*/
-void wpa_printf(int level, const char *fmt, ...)
+void _wpa_printf(int level, const char *fmt, ...)
PRINTF_FORMAT(2, 3);
+#define wpa_printf(level, ...) \
+ do { \
+ if (level >= CONFIG_MSG_MIN_PRIORITY) \
+ _wpa_printf(level, __VA_ARGS__); \
+ } while(0)
+
/**
* wpa_hexdump - conditional hex dump
* @level: priority level (MSG_*) of the message
@@ -86,7 +103,13 @@ PRINTF_FORMAT(2, 3);
* output may be directed to stdout, stderr, and/or syslog based on
* configuration. The contents of buf is printed out has hex dump.
*/
-void wpa_hexdump(int level, const char *title, const void *buf, size_t len);
+static inline void wpa_hexdump(int level, const char *title, const void *buf, size_t len)
+{
+ if (level < CONFIG_MSG_MIN_PRIORITY)
+ return;
+
+ _wpa_hexdump(level, title, buf, len, 1);
+}
static inline void wpa_hexdump_buf(int level, const char *title,
const struct wpabuf *buf)
@@ -108,7 +131,13 @@ static inline void wpa_hexdump_buf(int l
* like wpa_hexdump(), but by default, does not include secret keys (passwords,
* etc.) in debug output.
*/
-void wpa_hexdump_key(int level, const char *title, const void *buf, size_t len);
+static inline void wpa_hexdump_key(int level, const char *title, const u8 *buf, size_t len)
+{
+ if (level < CONFIG_MSG_MIN_PRIORITY)
+ return;
+
+ _wpa_hexdump(level, title, buf, len, wpa_debug_show_keys);
+}
static inline void wpa_hexdump_buf_key(int level, const char *title,
const struct wpabuf *buf)
@@ -130,8 +159,14 @@ static inline void wpa_hexdump_buf_key(i
* the hex numbers and ASCII characters (for printable range) are shown. 16
* bytes per line will be shown.
*/
-void wpa_hexdump_ascii(int level, const char *title, const void *buf,
- size_t len);
+static inline void wpa_hexdump_ascii(int level, const char *title,
+ const u8 *buf, size_t len)
+{
+ if (level < CONFIG_MSG_MIN_PRIORITY)
+ return;
+
+ _wpa_hexdump_ascii(level, title, buf, len, 1);
+}
/**
* wpa_hexdump_ascii_key - conditional hex dump, hide keys
@@ -147,8 +182,14 @@ void wpa_hexdump_ascii(int level, const
* bytes per line will be shown. This works like wpa_hexdump_ascii(), but by
* default, does not include secret keys (passwords, etc.) in debug output.
*/
-void wpa_hexdump_ascii_key(int level, const char *title, const void *buf,
- size_t len);
+static inline void wpa_hexdump_ascii_key(int level, const char *title,
+ const u8 *buf, size_t len)
+{
+ if (level < CONFIG_MSG_MIN_PRIORITY)
+ return;
+
+ _wpa_hexdump_ascii(level, title, buf, len, wpa_debug_show_keys);
+}
/*
* wpa_dbg() behaves like wpa_msg(), but it can be removed from build to reduce
@@ -185,7 +226,12 @@ void wpa_hexdump_ascii_key(int level, co
*
* Note: New line '\n' is added to the end of the text when printing to stdout.
*/
-void wpa_msg(void *ctx, int level, const char *fmt, ...) PRINTF_FORMAT(3, 4);
+void _wpa_msg(void *ctx, int level, const char *fmt, ...) PRINTF_FORMAT(3, 4);
+#define wpa_msg(ctx, level, ...) \
+ do { \
+ if (level >= CONFIG_MSG_MIN_PRIORITY) \
+ _wpa_msg(ctx, level, __VA_ARGS__); \
+ } while(0)
/**
* wpa_msg_ctrl - Conditional printf for ctrl_iface monitors
@@ -199,8 +245,13 @@ void wpa_msg(void *ctx, int level, const
* attached ctrl_iface monitors. In other words, it can be used for frequent
* events that do not need to be sent to syslog.
*/
-void wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...)
+void _wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...)
PRINTF_FORMAT(3, 4);
+#define wpa_msg_ctrl(ctx, level, ...) \
+ do { \
+ if (level >= CONFIG_MSG_MIN_PRIORITY) \
+ _wpa_msg_ctrl(ctx, level, __VA_ARGS__); \
+ } while(0)
/**
* wpa_msg_global - Global printf for ctrl_iface monitors

62
package/network/services/hostapd/patches/420-indicate-features.patch Normal file
View File

@@ -0,0 +1,62 @@
--- a/hostapd/main.c
+++ b/hostapd/main.c
@@ -15,6 +15,7 @@
#include "utils/common.h"
#include "utils/eloop.h"
#include "utils/uuid.h"
+#include "utils/build_features.h"
#include "crypto/random.h"
#include "crypto/tls.h"
#include "common/version.h"
@@ -690,7 +691,7 @@ int main(int argc, char *argv[])
wpa_supplicant_event = hostapd_wpa_event;
wpa_supplicant_event_global = hostapd_wpa_event_global;
for (;;) {
- c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:");
+ c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:g:G:v::");
if (c < 0)
break;
switch (c) {
@@ -727,6 +728,8 @@ int main(int argc, char *argv[])
break;
#endif /* CONFIG_DEBUG_LINUX_TRACING */
case 'v':
+ if (optarg)
+ exit(!has_feature(optarg));
show_version();
exit(1);
break;
--- a/wpa_supplicant/main.c
+++ b/wpa_supplicant/main.c
@@ -12,6 +12,7 @@
#endif /* __linux__ */
#include "common.h"
+#include "build_features.h"
#include "fst/fst.h"
#include "wpa_supplicant_i.h"
#include "driver_i.h"
@@ -202,7 +203,7 @@ int main(int argc, char *argv[])
for (;;) {
c = getopt(argc, argv,
- "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuvW");
+ "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuv::W");
if (c < 0)
break;
switch (c) {
@@ -305,8 +306,12 @@ int main(int argc, char *argv[])
break;
#endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
case 'v':
- printf("%s\n", wpa_supplicant_version);
- exitcode = 0;
+ if (optarg) {
+ exitcode = !has_feature(optarg);
+ } else {
+ printf("%s\n", wpa_supplicant_version);
+ exitcode = 0;
+ }
goto out;
case 'W':
params.wait_for_monitor++;

58
package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch Normal file
View File

@@ -0,0 +1,58 @@
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
@@ -385,7 +385,6 @@ static int hostapd_cli_cmd_disassociate(
}
-#ifdef CONFIG_TAXONOMY
static int hostapd_cli_cmd_signature(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
@@ -398,7 +397,6 @@ static int hostapd_cli_cmd_signature(str
os_snprintf(buf, sizeof(buf), "SIGNATURE %s", argv[0]);
return wpa_ctrl_command(ctrl, buf);
}
-#endif /* CONFIG_TAXONOMY */
#ifdef CONFIG_IEEE80211W
@@ -417,7 +415,6 @@ static int hostapd_cli_cmd_sa_query(stru
#endif /* CONFIG_IEEE80211W */
-#ifdef CONFIG_WPS
static int hostapd_cli_cmd_wps_pin(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
@@ -643,7 +640,6 @@ static int hostapd_cli_cmd_wps_config(st
ssid_hex, argv[1]);
return wpa_ctrl_command(ctrl, buf);
}
-#endif /* CONFIG_WPS */
static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc,
@@ -1538,15 +1534,12 @@ static const struct hostapd_cli_cmd host
{ "disassociate", hostapd_cli_cmd_disassociate,
hostapd_complete_stations,
"<addr> = disassociate a station" },
-#ifdef CONFIG_TAXONOMY
{ "signature", hostapd_cli_cmd_signature, hostapd_complete_stations,
"<addr> = get taxonomy signature for a station" },
-#endif /* CONFIG_TAXONOMY */
#ifdef CONFIG_IEEE80211W
{ "sa_query", hostapd_cli_cmd_sa_query, hostapd_complete_stations,
"<addr> = send SA Query to a station" },
#endif /* CONFIG_IEEE80211W */
-#ifdef CONFIG_WPS
{ "wps_pin", hostapd_cli_cmd_wps_pin, NULL,
"<uuid> <pin> [timeout] [addr] = add WPS Enrollee PIN" },
{ "wps_check_pin", hostapd_cli_cmd_wps_check_pin, NULL,
@@ -1571,7 +1564,6 @@ static const struct hostapd_cli_cmd host
"<SSID> <auth> <encr> <key> = configure AP" },
{ "wps_get_status", hostapd_cli_cmd_wps_get_status, NULL,
"= show current WPS status" },
-#endif /* CONFIG_WPS */
{ "disassoc_imminent", hostapd_cli_cmd_disassoc_imminent, NULL,
"= send Disassociation Imminent notification" },
{ "ess_disassoc", hostapd_cli_cmd_ess_disassoc, NULL,

18
package/network/services/hostapd/patches/431-wpa_cli_ifdef.patch Normal file
View File

@@ -0,0 +1,18 @@
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
@@ -26,6 +26,15 @@
#include <cutils/properties.h>
#endif /* ANDROID */
+#ifndef CONFIG_P2P
+#define CONFIG_P2P
+#endif
+#ifndef CONFIG_AP
+#define CONFIG_AP
+#endif
+#ifndef CONFIG_MESH
+#define CONFIG_MESH
+#endif
static const char *const wpa_cli_version =
"wpa_cli v" VERSION_STR "\n"

10
package/network/services/hostapd/patches/432-missing-typedef.patch Normal file
View File

@@ -0,0 +1,10 @@
--- a/src/drivers/linux_wext.h
+++ b/src/drivers/linux_wext.h
@@ -26,6 +26,7 @@ typedef int32_t __s32;
typedef uint16_t __u16;
typedef int16_t __s16;
typedef uint8_t __u8;
+typedef int8_t __s8;
#ifndef __user
#define __user
#endif /* __user */

73
package/network/services/hostapd/patches/450-scan_wait.patch Normal file
View File

@@ -0,0 +1,73 @@
--- a/hostapd/main.c
+++ b/hostapd/main.c
@@ -39,6 +39,8 @@ struct hapd_global {
};
static struct hapd_global global;
+static int daemonize = 0;
+static char *pid_file = NULL;
#ifndef CONFIG_NO_HOSTAPD_LOGGER
@@ -149,6 +151,14 @@ static void hostapd_logger_cb(void *ctx,
}
#endif /* CONFIG_NO_HOSTAPD_LOGGER */
+static void hostapd_setup_complete_cb(void *ctx)
+{
+ if (daemonize && os_daemonize(pid_file)) {
+ perror("daemon");
+ return;
+ }
+ daemonize = 0;
+}
/**
* hostapd_driver_init - Preparate driver interface
@@ -167,6 +177,8 @@ static int hostapd_driver_init(struct ho
return -1;
}
+ hapd->setup_complete_cb = hostapd_setup_complete_cb;
+
/* Initialize the driver interface */
if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5]))
b = NULL;
@@ -407,8 +419,6 @@ static void hostapd_global_deinit(const
#endif /* CONFIG_NATIVE_WINDOWS */
eap_server_unregister_methods();
-
- os_daemonize_terminate(pid_file);
}
@@ -434,18 +444,6 @@ static int hostapd_global_run(struct hap
}
#endif /* EAP_SERVER_TNC */
- if (daemonize) {
- if (os_daemonize(pid_file)) {
- wpa_printf(MSG_ERROR, "daemon: %s", strerror(errno));
- return -1;
- }
- if (eloop_sock_requeue()) {
- wpa_printf(MSG_ERROR, "eloop_sock_requeue: %s",
- strerror(errno));
- return -1;
- }
- }
-
eloop_run();
return 0;
@@ -647,8 +645,7 @@ int main(int argc, char *argv[])
struct hapd_interfaces interfaces;
int ret = 1;
size_t i, j;
- int c, debug = 0, daemonize = 0;
- char *pid_file = NULL;
+ int c, debug = 0;
const char *log_file = NULL;
const char *entropy_file = NULL;
char **bss_config = NULL, **tmp_bss;

189
package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch Normal file
View File

@@ -0,0 +1,189 @@
From 4bb69d15477e0f2b00e166845341dc933de47c58 Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <ordex@autistici.org>
Date: Sun, 3 Jun 2012 18:22:56 +0200
Subject: [PATCHv2 601/602] wpa_supplicant: add new config params to be used
with the ibss join command
Signed-hostap: Antonio Quartulli <ordex@autistici.org>
---
src/drivers/driver.h | 6 +++
wpa_supplicant/config.c | 96 +++++++++++++++++++++++++++++++++++++++
wpa_supplicant/config_ssid.h | 6 +++
wpa_supplicant/wpa_supplicant.c | 23 +++++++---
4 files changed, 124 insertions(+), 7 deletions(-)
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -19,6 +19,7 @@
#define WPA_SUPPLICANT_DRIVER_VERSION 4
+#include "ap/sta_info.h"
#include "common/defs.h"
#include "common/ieee802_11_defs.h"
#include "common/wpa_common.h"
@@ -819,6 +820,9 @@ struct wpa_driver_associate_params {
* responsible for selecting with which BSS to associate. */
const u8 *bssid;
+ unsigned char rates[WLAN_SUPP_RATES_MAX];
+ int mcast_rate;
+
/**
* bssid_hint - BSSID of a proposed AP
*
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -17,6 +17,7 @@
#include "eap_peer/eap.h"
#include "p2p/p2p.h"
#include "fst/fst.h"
+#include "ap/sta_info.h"
#include "config.h"
@@ -2130,6 +2131,97 @@ static char * wpa_config_write_peerkey(c
#endif /* NO_CONFIG_WRITE */
+static int wpa_config_parse_mcast_rate(const struct parse_data *data,
+ struct wpa_ssid *ssid, int line,
+ const char *value)
+{
+ ssid->mcast_rate = (int)(strtod(value, NULL) * 10);
+
+ return 0;
+}
+
+#ifndef NO_CONFIG_WRITE
+static char * wpa_config_write_mcast_rate(const struct parse_data *data,
+ struct wpa_ssid *ssid)
+{
+ char *value;
+ int res;
+
+ if (!ssid->mcast_rate == 0)
+ return NULL;
+
+ value = os_malloc(6); /* longest: 300.0 */
+ if (value == NULL)
+ return NULL;
+ res = os_snprintf(value, 5, "%.1f", (double)ssid->mcast_rate / 10);
+ if (res < 0) {
+ os_free(value);
+ return NULL;
+ }
+ return value;
+}
+#endif /* NO_CONFIG_WRITE */
+
+static int wpa_config_parse_rates(const struct parse_data *data,
+ struct wpa_ssid *ssid, int line,
+ const char *value)
+{
+ int i;
+ char *pos, *r, *sptr, *end;
+ double rate;
+
+ pos = (char *)value;
+ r = strtok_r(pos, ",", &sptr);
+ i = 0;
+ while (pos && i < WLAN_SUPP_RATES_MAX) {
+ rate = 0.0;
+ if (r)
+ rate = strtod(r, &end);
+ ssid->rates[i] = rate * 2;
+ if (*end != '\0' || rate * 2 != ssid->rates[i])
+ return 1;
+
+ i++;
+ r = strtok_r(NULL, ",", &sptr);
+ }
+
+ return 0;
+}
+
+#ifndef NO_CONFIG_WRITE
+static char * wpa_config_write_rates(const struct parse_data *data,
+ struct wpa_ssid *ssid)
+{
+ char *value, *pos;
+ int res, i;
+
+ if (ssid->rates[0] <= 0)
+ return NULL;
+
+ value = os_malloc(6 * WLAN_SUPP_RATES_MAX + 1);
+ if (value == NULL)
+ return NULL;
+ pos = value;
+ for (i = 0; i < WLAN_SUPP_RATES_MAX - 1; i++) {
+ res = os_snprintf(pos, 6, "%.1f,", (double)ssid->rates[i] / 2);
+ if (res < 0) {
+ os_free(value);
+ return NULL;
+ }
+ pos += res;
+ }
+ res = os_snprintf(pos, 6, "%.1f",
+ (double)ssid->rates[WLAN_SUPP_RATES_MAX - 1] / 2);
+ if (res < 0) {
+ os_free(value);
+ return NULL;
+ }
+
+ value[6 * WLAN_SUPP_RATES_MAX] = '\0';
+ return value;
+}
+#endif /* NO_CONFIG_WRITE */
+
/* Helper macros for network block parser */
#ifdef OFFSET
@@ -2382,6 +2474,8 @@ static const struct parse_data ssid_fiel
{ INT(ap_max_inactivity) },
{ INT(dtim_period) },
{ INT(beacon_int) },
+ { FUNC(rates) },
+ { FUNC(mcast_rate) },
#ifdef CONFIG_MACSEC
{ INT_RANGE(macsec_policy, 0, 1) },
{ INT_RANGE(macsec_integ_only, 0, 1) },
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -10,8 +10,10 @@
#define CONFIG_SSID_H
#include "common/defs.h"
+#include "ap/sta_info.h"
#include "utils/list.h"
#include "eap_peer/eap_config.h"
+#include "drivers/nl80211_copy.h"
#define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
@@ -790,6 +792,9 @@ struct wpa_ssid {
*/
void *parent_cred;
+ unsigned char rates[WLAN_SUPP_RATES_MAX];
+ double mcast_rate;
+
#ifdef CONFIG_MACSEC
/**
* macsec_policy - Determines the policy for MACsec secure session
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -3266,6 +3266,12 @@ static void wpas_start_assoc_cb(struct w
params.beacon_int = ssid->beacon_int;
else
params.beacon_int = wpa_s->conf->beacon_int;
+ i = 0;
+ while (i < WLAN_SUPP_RATES_MAX) {
+ params.rates[i] = ssid->rates[i];
+ i++;
+ }
+ params.mcast_rate = ssid->mcast_rate;
}
params.pairwise_suite = cipher_pairwise;

59
package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch Normal file
View File

@@ -0,0 +1,59 @@
From ffc4445958a3ed4064f2e1bf73fa478a61c5cf7b Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <ordex@autistici.org>
Date: Sun, 3 Jun 2012 18:42:25 +0200
Subject: [PATCHv2 602/602] driver_nl80211: use new parameters during ibss join
Signed-hostap: Antonio Quartulli <ordex@autistici.org>
---
src/drivers/driver_nl80211.c | 33 ++++++++++++++++++++++++++++++++-
1 file changed, 32 insertions(+), 1 deletion(-)
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -5323,7 +5323,7 @@ static int wpa_driver_nl80211_ibss(struc
struct wpa_driver_associate_params *params)
{
struct nl_msg *msg;
- int ret = -1;
+ int ret = -1, i;
int count = 0;
wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
@@ -5350,6 +5350,37 @@ retry:
nl80211_put_beacon_int(msg, params->beacon_int))
goto fail;
+ if (params->fixed_freq) {
+ wpa_printf(MSG_DEBUG, " * fixed_freq");
+ nla_put_flag(msg, NL80211_ATTR_FREQ_FIXED);
+ }
+
+ if (params->beacon_int > 0) {
+ wpa_printf(MSG_DEBUG, " * beacon_int=%d",
+ params->beacon_int);
+ nla_put_u32(msg, NL80211_ATTR_BEACON_INTERVAL,
+ params->beacon_int);
+ }
+
+ if (params->rates[0] > 0) {
+ wpa_printf(MSG_DEBUG, " * basic_rates:");
+ i = 0;
+ while (i < NL80211_MAX_SUPP_RATES &&
+ params->rates[i] > 0) {
+ wpa_printf(MSG_DEBUG, " %.1f",
+ (double)params->rates[i] / 2);
+ i++;
+ }
+ nla_put(msg, NL80211_ATTR_BSS_BASIC_RATES, i,
+ params->rates);
+ }
+
+ if (params->mcast_rate > 0) {
+ wpa_printf(MSG_DEBUG, " * mcast_rate=%.1f",
+ (double)params->mcast_rate / 10);
+ nla_put_u32(msg, NL80211_ATTR_MCAST_RATE, params->mcast_rate);
+ }
+
ret = nl80211_set_conn_keys(params, msg);
if (ret)
goto fail;

68
package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch Normal file
View File

@@ -0,0 +1,68 @@
From: Sven Eckelmann <sven.eckelmann@openmesh.com>
Date: Thu, 11 May 2017 08:21:45 +0200
Subject: [PATCH] set mcast_rate in mesh mode
The wpa_supplicant code for IBSS allows to set the mcast rate. It is
recommended to increase this value from 1 or 6 Mbit/s to something higher
when using a mesh protocol on top which uses the multicast packet loss as
indicator for the link quality.
This setting was unfortunately not applied for mesh mode. But it would be
beneficial when wpa_supplicant would behave similar to IBSS mode and set
this argument during mesh join like authsae already does. At least it is
helpful for companies/projects which are currently switching to 802.11s
(without mesh_fwding and with mesh_ttl set to 1) as replacement for IBSS
because newer drivers seem to support 802.11s but not IBSS anymore.
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com>
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1484,6 +1484,7 @@ struct wpa_driver_mesh_join_params {
#define WPA_DRIVER_MESH_FLAG_AMPE 0x00000008
unsigned int flags;
u8 handle_dfs;
+ int mcast_rate;
};
/**
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -9612,6 +9612,18 @@ static int nl80211_put_mesh_id(struct nl
}
+static int nl80211_put_mcast_rate(struct nl_msg *msg, int mcast_rate)
+{
+ if (mcast_rate > 0) {
+ wpa_printf(MSG_DEBUG, " * mcast_rate=%.1f",
+ (double)mcast_rate / 10);
+ return nla_put_u32(msg, NL80211_ATTR_MCAST_RATE, mcast_rate);
+ }
+
+ return 0;
+}
+
+
static int nl80211_put_mesh_config(struct nl_msg *msg,
struct wpa_driver_mesh_bss_params *params)
{
@@ -9673,6 +9685,7 @@ static int nl80211_join_mesh(struct i802
nl80211_put_basic_rates(msg, params->basic_rates) ||
nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) ||
nl80211_put_beacon_int(msg, params->beacon_int) ||
+ nl80211_put_mcast_rate(msg, params->mcast_rate) ||
nl80211_put_dtim_period(msg, params->dtim_period))
goto fail;
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -494,6 +494,7 @@ int wpa_supplicant_join_mesh(struct wpa_
params->meshid = ssid->ssid;
params->meshid_len = ssid->ssid_len;
+ params->mcast_rate = ssid->mcast_rate;
ibss_mesh_setup_freq(wpa_s, ssid, &params->freq);
wpa_s->mesh_ht_enabled = !!params->freq.ht_enabled;
wpa_s->mesh_vht_enabled = !!params->freq.vht_enabled;

19
package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch Normal file
View File

@@ -0,0 +1,19 @@
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -2216,11 +2216,13 @@ void ibss_mesh_setup_freq(struct wpa_sup
for (j = 0; j < wpa_s->last_scan_res_used; j++) {
struct wpa_bss *bss = wpa_s->last_scan_res[j];
- if (ssid->mode != WPAS_MODE_IBSS)
+ /* Don't adjust control freq in case of fixed_freq */
+ if (ssid->fixed_freq) {
+ obss_scan = 0;
break;
+ }
- /* Don't adjust control freq in case of fixed_freq */
- if (ssid->fixed_freq)
+ if (ssid->mode != WPAS_MODE_IBSS)
break;
if (!bss_is_ibss(bss))

45
package/network/services/hostapd/patches/470-survey_data_fallback.patch Normal file
View File

@@ -0,0 +1,45 @@
--- a/src/ap/acs.c
+++ b/src/ap/acs.c
@@ -293,18 +293,12 @@ static void acs_fail(struct hostapd_ifac
static long double
acs_survey_interference_factor(struct freq_survey *survey, s8 min_nf)
{
- long double factor, busy, total;
+ long double factor, busy = 0, total;
if (survey->filled & SURVEY_HAS_CHAN_TIME_BUSY)
busy = survey->channel_time_busy;
else if (survey->filled & SURVEY_HAS_CHAN_TIME_RX)
busy = survey->channel_time_rx;
- else {
- /* This shouldn't really happen as survey data is checked in
- * acs_sanity_check() */
- wpa_printf(MSG_ERROR, "ACS: Survey data missing");
- return 0;
- }
total = survey->channel_time;
@@ -406,20 +400,19 @@ static int acs_usable_vht160_chan(const
static int acs_survey_is_sufficient(struct freq_survey *survey)
{
if (!(survey->filled & SURVEY_HAS_NF)) {
+ survey->nf = -95;
wpa_printf(MSG_INFO, "ACS: Survey is missing noise floor");
- return 0;
}
if (!(survey->filled & SURVEY_HAS_CHAN_TIME)) {
+ survey->channel_time = 0;
wpa_printf(MSG_INFO, "ACS: Survey is missing channel time");
- return 0;
}
if (!(survey->filled & SURVEY_HAS_CHAN_TIME_BUSY) &&
!(survey->filled & SURVEY_HAS_CHAN_TIME_RX)) {
wpa_printf(MSG_INFO,
"ACS: Survey is missing RX and busy time (at least one is required)");
- return 0;
}
return 1;

50
package/network/services/hostapd/patches/500-lto-jobserver-support.patch Normal file
View File

@@ -0,0 +1,50 @@
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -1332,14 +1332,14 @@ hostapd_multi.a: $(BCHECK) $(OBJS)
@$(AR) cr $@ hostapd_multi.o $(OBJS)
hostapd: $(BCHECK) $(OBJS)
- $(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
+ +$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
@$(E) " LD " $@
ifdef CONFIG_WPA_TRACE
OBJS_c += ../src/utils/trace.o
endif
hostapd_cli: $(OBJS_c)
- $(Q)$(CC) $(LDFLAGS) -o hostapd_cli $(OBJS_c) $(LIBS_c)
+ +$(Q)$(CC) $(LDFLAGS) -o hostapd_cli $(OBJS_c) $(LIBS_c)
@$(E) " LD " $@
NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS)
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -1932,23 +1932,23 @@ wpa_supplicant_multi.a: .config $(BCHECK
@$(AR) cr $@ wpa_supplicant_multi.o $(OBJS)
wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
- $(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
+ +$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
@$(E) " LD " $@
eapol_test: $(OBJS_t)
- $(Q)$(LDO) $(LDFLAGS) -o eapol_test $(OBJS_t) $(LIBS)
+ +$(Q)$(LDO) $(LDFLAGS) -o eapol_test $(OBJS_t) $(LIBS)
@$(E) " LD " $@
preauth_test: $(OBJS_t2)
- $(Q)$(LDO) $(LDFLAGS) -o preauth_test $(OBJS_t2) $(LIBS)
+ +$(Q)$(LDO) $(LDFLAGS) -o preauth_test $(OBJS_t2) $(LIBS)
@$(E) " LD " $@
wpa_passphrase: $(OBJS_p)
- $(Q)$(LDO) $(LDFLAGS) -o wpa_passphrase $(OBJS_p) $(LIBS_p) $(LIBS)
+ +$(Q)$(LDO) $(LDFLAGS) -o wpa_passphrase $(OBJS_p) $(LIBS_p) $(LIBS)
@$(E) " LD " $@
wpa_cli: $(OBJS_c)
- $(Q)$(LDO) $(LDFLAGS) -o wpa_cli $(OBJS_c) $(LIBS_c)
+ +$(Q)$(LDO) $(LDFLAGS) -o wpa_cli $(OBJS_c) $(LIBS_c)
@$(E) " LD " $@
LIBCTRL += ../src/common/wpa_ctrl.o

19
package/network/services/hostapd/patches/599-wpa_supplicant-fix-warnings.patch Normal file
View File

@@ -0,0 +1,19 @@
--- a/wpa_supplicant/wps_supplicant.h
+++ b/wpa_supplicant/wps_supplicant.h
@@ -9,6 +9,7 @@
#ifndef WPS_SUPPLICANT_H
#define WPS_SUPPLICANT_H
+struct wpa_bss;
struct wpa_scan_results;
#ifdef CONFIG_WPS
@@ -16,8 +17,6 @@ struct wpa_scan_results;
#include "wps/wps.h"
#include "wps/wps_defs.h"
-struct wpa_bss;
-
struct wps_new_ap_settings {
const char *ssid_hex;
const char *auth;

337
package/network/services/hostapd/patches/600-ubus_support.patch Normal file
View File

@@ -0,0 +1,337 @@
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -165,6 +165,11 @@ OBJS += ../src/common/hw_features_common
OBJS += ../src/eapol_auth/eapol_auth_sm.o
+ifdef CONFIG_UBUS
+CFLAGS += -DUBUS_SUPPORT
+OBJS += ../src/ap/ubus.o
+LIBS += -lubox -lubus
+endif
ifdef CONFIG_CODE_COVERAGE
CFLAGS += -O0 -fprofile-arcs -ftest-coverage
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -17,6 +17,7 @@
#include "utils/list.h"
#include "ap_config.h"
#include "drivers/driver.h"
+#include "ubus.h"
#define OCE_STA_CFON_ENABLED(hapd) \
((hapd->conf->oce & OCE_STA_CFON) && \
@@ -145,6 +146,7 @@ struct hostapd_data {
struct hostapd_iface *iface;
struct hostapd_config *iconf;
struct hostapd_bss_config *conf;
+ struct hostapd_ubus_bss ubus;
int interface_added; /* virtual interface added for this BSS */
unsigned int started:1;
unsigned int disabled:1;
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -380,6 +380,7 @@ static void hostapd_free_hapd_data(struc
hapd->beacon_set_done = 0;
wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface);
+ hostapd_ubus_free_bss(hapd);
iapp_deinit(hapd->iapp);
hapd->iapp = NULL;
accounting_deinit(hapd);
@@ -1377,6 +1378,8 @@ static int hostapd_setup_bss(struct host
if (hapd->driver && hapd->driver->set_operstate)
hapd->driver->set_operstate(hapd->drv_priv, 1);
+ hostapd_ubus_add_bss(hapd);
+
return 0;
}
@@ -1891,6 +1894,7 @@ static int hostapd_setup_interface_compl
if (err)
goto fail;
+ hostapd_ubus_add_iface(iface);
wpa_printf(MSG_DEBUG, "Completing interface initialization");
if (iface->conf->channel) {
#ifdef NEED_AP_MLME
@@ -2087,6 +2091,7 @@ dfs_offload:
fail:
wpa_printf(MSG_ERROR, "Interface initialization failed");
+ hostapd_ubus_free_iface(iface);
hostapd_set_state(iface, HAPD_IFACE_DISABLED);
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED);
#ifdef CONFIG_FST
@@ -2562,6 +2567,7 @@ void hostapd_interface_deinit_free(struc
(unsigned int) iface->conf->num_bss);
driver = iface->bss[0]->driver;
drv_priv = iface->bss[0]->drv_priv;
+ hostapd_ubus_free_iface(iface);
hostapd_interface_deinit(iface);
wpa_printf(MSG_DEBUG, "%s: driver=%p drv_priv=%p -> hapd_deinit",
__func__, driver, drv_priv);
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -2032,7 +2032,7 @@ static void handle_auth(struct hostapd_d
u16 auth_alg, auth_transaction, status_code;
u16 resp = WLAN_STATUS_SUCCESS;
struct sta_info *sta = NULL;
- int res, reply_res;
+ int res, reply_res, ubus_resp;
u16 fc;
const u8 *challenge = NULL;
u32 session_timeout, acct_interim_interval;
@@ -2043,6 +2043,11 @@ static void handle_auth(struct hostapd_d
char *identity = NULL;
char *radius_cui = NULL;
u16 seq_ctrl;
+ struct hostapd_ubus_request req = {
+ .type = HOSTAPD_UBUS_AUTH_REQ,
+ .mgmt_frame = mgmt,
+ .ssi_signal = rssi,
+ };
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
@@ -2204,6 +2209,13 @@ static void handle_auth(struct hostapd_d
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
+ ubus_resp = hostapd_ubus_handle_event(hapd, &req);
+ if (ubus_resp) {
+ wpa_printf(MSG_DEBUG, "Station " MACSTR " rejected by ubus handler.\n",
+ MAC2STR(mgmt->sa));
+ resp = ubus_resp > 0 ? (u16) ubus_resp : WLAN_STATUS_UNSPECIFIED_FAILURE;
+ goto fail;
+ }
if (res == HOSTAPD_ACL_PENDING)
return;
@@ -3862,7 +3874,7 @@ static void handle_assoc(struct hostapd_
u16 capab_info, listen_interval, seq_ctrl, fc;
u16 resp = WLAN_STATUS_SUCCESS, reply_res;
const u8 *pos;
- int left, i;
+ int left, i, ubus_resp;
struct sta_info *sta;
u8 *tmp = NULL;
struct hostapd_sta_wpa_psk_short *psk = NULL;
@@ -3871,6 +3883,11 @@ static void handle_assoc(struct hostapd_
#ifdef CONFIG_FILS
int delay_assoc = 0;
#endif /* CONFIG_FILS */
+ struct hostapd_ubus_request req = {
+ .type = HOSTAPD_UBUS_ASSOC_REQ,
+ .mgmt_frame = mgmt,
+ .ssi_signal = rssi,
+ };
if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
sizeof(mgmt->u.assoc_req))) {
@@ -4050,6 +4067,14 @@ static void handle_assoc(struct hostapd_
}
#endif /* CONFIG_MBO */
+ ubus_resp = hostapd_ubus_handle_event(hapd, &req);
+ if (ubus_resp) {
+ wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
+ MAC2STR(mgmt->sa));
+ resp = ubus_resp > 0 ? (u16) ubus_resp : WLAN_STATUS_UNSPECIFIED_FAILURE;
+ goto fail;
+ }
+
/*
* sta->capability is used in check_assoc_ies() for RRM enabled
* capability element.
@@ -4277,6 +4302,7 @@ static void handle_disassoc(struct hosta
wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
MAC2STR(mgmt->sa),
le_to_host16(mgmt->u.disassoc.reason_code));
+ hostapd_ubus_notify(hapd, "disassoc", mgmt->sa);
sta = ap_get_sta(hapd, mgmt->sa);
if (sta == NULL) {
@@ -4342,6 +4368,8 @@ static void handle_deauth(struct hostapd
" reason_code=%d",
MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
+ hostapd_ubus_notify(hapd, "deauth", mgmt->sa);
+
sta = ap_get_sta(hapd, mgmt->sa);
if (sta == NULL) {
wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -746,6 +746,12 @@ void handle_probe_req(struct hostapd_dat
struct hostapd_sta_wpa_psk_short *psk = NULL;
char *identity = NULL;
char *radius_cui = NULL;
+ struct hostapd_ubus_request req = {
+ .type = HOSTAPD_UBUS_PROBE_REQ,
+ .mgmt_frame = mgmt,
+ .ssi_signal = ssi_signal,
+ .elems = &elems,
+ };
if (len < IEEE80211_HDRLEN)
return;
@@ -923,6 +929,12 @@ void handle_probe_req(struct hostapd_dat
}
#endif /* CONFIG_P2P */
+ if (hostapd_ubus_handle_event(hapd, &req)) {
+ wpa_printf(MSG_DEBUG, "Probe request for " MACSTR " rejected by ubus handler.\n",
+ MAC2STR(mgmt->sa));
+ return;
+ }
+
/* TODO: verify that supp_rates contains at least one matching rate
* with AP configuration */
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -118,6 +118,10 @@ int hostapd_notif_assoc(struct hostapd_d
u16 reason = WLAN_REASON_UNSPECIFIED;
u16 status = WLAN_STATUS_SUCCESS;
const u8 *p2p_dev_addr = NULL;
+ struct hostapd_ubus_request req = {
+ .type = HOSTAPD_UBUS_ASSOC_REQ,
+ .addr = addr,
+ };
if (addr == NULL) {
/*
@@ -210,6 +214,12 @@ int hostapd_notif_assoc(struct hostapd_d
goto fail;
}
+ if (hostapd_ubus_handle_event(hapd, &req)) {
+ wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
+ MAC2STR(req.addr));
+ goto fail;
+ }
+
#ifdef CONFIG_P2P
if (elems.p2p) {
wpabuf_free(sta->p2p_ie);
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -424,6 +424,7 @@ void ap_handle_timer(void *eloop_ctx, vo
HOSTAPD_LEVEL_INFO, "deauthenticated due to "
"local deauth request");
ap_free_sta(hapd, sta);
+ hostapd_ubus_notify(hapd, "local-deauth", sta->addr);
return;
}
@@ -578,6 +579,7 @@ skip_poll:
hapd, sta,
WLAN_REASON_PREV_AUTH_NOT_VALID);
ap_free_sta(hapd, sta);
+ hostapd_ubus_notify(hapd, "inactive-deauth", sta->addr);
break;
}
}
@@ -1284,6 +1286,7 @@ void ap_sta_set_authorized(struct hostap
buf, ip_addr, keyid_buf);
} else {
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
+ hostapd_ubus_notify(hapd, "disassoc", sta->addr);
if (hapd->msg_ctx_parent &&
hapd->msg_ctx_parent != hapd->msg_ctx)
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -185,6 +185,7 @@ static void hostapd_wpa_auth_psk_failure
struct hostapd_data *hapd = ctx;
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
MAC2STR(addr));
+ hostapd_ubus_notify(hapd, "key-mismatch", addr);
}
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -188,6 +188,12 @@ ifdef CONFIG_EAPOL_TEST
CFLAGS += -Werror -DEAPOL_TEST
endif
+ifdef CONFIG_UBUS
+CFLAGS += -DUBUS_SUPPORT
+OBJS += ubus.o
+LIBS += -lubox -lubus
+endif
+
ifdef CONFIG_CODE_COVERAGE
CFLAGS += -O0 -fprofile-arcs -ftest-coverage
LIBS += -lgcov
@@ -945,6 +951,9 @@ endif
ifdef CONFIG_IEEE80211AX
OBJS += ../src/ap/ieee802_11_he.o
endif
+ifdef CONFIG_UBUS
+OBJS += ../src/ap/ubus.o
+endif
endif
ifdef CONFIG_WNM_AP
CFLAGS += -DCONFIG_WNM_AP
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -6297,6 +6297,8 @@ struct wpa_supplicant * wpa_supplicant_a
}
#endif /* CONFIG_P2P */
+ wpas_ubus_add_bss(wpa_s);
+
return wpa_s;
}
@@ -6323,6 +6325,8 @@ int wpa_supplicant_remove_iface(struct w
struct wpa_supplicant *parent = wpa_s->parent;
#endif /* CONFIG_MESH */
+ wpas_ubus_free_bss(wpa_s);
+
/* Remove interface from the global list of interfaces */
prev = global->ifaces;
if (prev == wpa_s) {
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -17,6 +17,7 @@
#include "wps/wps_defs.h"
#include "config_ssid.h"
#include "wmm_ac.h"
+#include "ubus.h"
extern const char *const wpa_supplicant_version;
extern const char *const wpa_supplicant_license;
@@ -506,6 +507,7 @@ struct wpa_supplicant {
unsigned char own_addr[ETH_ALEN];
unsigned char perm_addr[ETH_ALEN];
char ifname[100];
+ struct wpas_ubus_bss ubus;
#ifdef CONFIG_MATCH_IFACE
int matched;
#endif /* CONFIG_MATCH_IFACE */
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
@@ -33,6 +33,7 @@
#include "p2p/p2p.h"
#include "p2p_supplicant.h"
#include "wps_supplicant.h"
+#include "ubus.h"
#ifndef WPS_PIN_SCAN_IGNORE_SEL_REG
@@ -388,6 +389,8 @@ static int wpa_supplicant_wps_cred(void
wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",
cred->cred_attr, cred->cred_attr_len);
+ wpas_ubus_notify(wpa_s, cred);
+
if (wpa_s->conf->wps_cred_processing == 1)
return 0;

38
package/network/services/hostapd/patches/801-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch Normal file
View File

@@ -0,0 +1,38 @@
From 947272febe24a8f0ea828b5b2f35f13c3821901e Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Mon, 9 Nov 2020 11:43:12 +0200
Subject: [PATCH] P2P: Fix copying of secondary device types for P2P group
client
Parsing and copying of WPS secondary device types list was verifying
that the contents is not too long for the internal maximum in the case
of WPS messages, but similar validation was missing from the case of P2P
group information which encodes this information in a different
attribute. This could result in writing beyond the memory area assigned
for these entries and corrupting memory within an instance of struct
p2p_device. This could result in invalid operations and unexpected
behavior when trying to free pointers from that corrupted memory.
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269
Fixes: e57ae6e19edf ("P2P: Keep track of secondary device types for peers")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
src/p2p/p2p.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index 74b7b52ae05c..5cbfc217fc1f 100644
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -453,6 +453,8 @@ static void p2p_copy_client_info(struct p2p_device *dev,
dev->info.config_methods = cli->config_methods;
os_memcpy(dev->info.pri_dev_type, cli->pri_dev_type, 8);
dev->info.wps_sec_dev_type_list_len = 8 * cli->num_sec_dev_types;
+ if (dev->info.wps_sec_dev_type_list_len > WPS_SEC_DEV_TYPE_MAX_LEN)
+ dev->info.wps_sec_dev_type_list_len = WPS_SEC_DEV_TYPE_MAX_LEN;
os_memcpy(dev->info.wps_sec_dev_type_list, cli->sec_dev_types,
dev->info.wps_sec_dev_type_list_len);
}
--
2.25.1

1142
package/network/services/hostapd/src/src/ap/ubus.c Normal file
View File

File diff suppressed because it is too large Load Diff

78
package/network/services/hostapd/src/src/ap/ubus.h Normal file
View File

@@ -0,0 +1,78 @@
/*
* hostapd / ubus support
* Copyright (c) 2013, Felix Fietkau <nbd@nbd.name>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
#ifndef __HOSTAPD_UBUS_H
#define __HOSTAPD_UBUS_H
enum hostapd_ubus_event_type {
HOSTAPD_UBUS_PROBE_REQ,
HOSTAPD_UBUS_AUTH_REQ,
HOSTAPD_UBUS_ASSOC_REQ,
HOSTAPD_UBUS_TYPE_MAX
};
struct hostapd_ubus_request {
enum hostapd_ubus_event_type type;
const struct ieee80211_mgmt *mgmt_frame;
const struct ieee802_11_elems *elems;
int ssi_signal; /* dBm */
const u8 *addr;
};
struct hostapd_iface;
struct hostapd_data;
#ifdef UBUS_SUPPORT
#include <libubox/avl.h>
#include <libubus.h>
struct hostapd_ubus_bss {
struct ubus_object obj;
struct avl_tree banned;
int notify_response;
};
void hostapd_ubus_add_iface(struct hostapd_iface *iface);
void hostapd_ubus_free_iface(struct hostapd_iface *iface);
void hostapd_ubus_add_bss(struct hostapd_data *hapd);
void hostapd_ubus_free_bss(struct hostapd_data *hapd);
int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req);
void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *mac);
#else
struct hostapd_ubus_bss {};
static inline void hostapd_ubus_add_iface(struct hostapd_iface *iface)
{
}
static inline void hostapd_ubus_free_iface(struct hostapd_iface *iface)
{
}
static inline void hostapd_ubus_add_bss(struct hostapd_data *hapd)
{
}
static inline void hostapd_ubus_free_bss(struct hostapd_data *hapd)
{
}
static inline int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req)
{
return 0;
}
static inline void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *mac)
{
}
#endif
#endif

45
package/network/services/hostapd/src/src/utils/build_features.h Normal file
View File

@@ -0,0 +1,45 @@
#ifndef BUILD_FEATURES_H
#define BUILD_FEATURES_H
static inline int has_feature(const char *feat)
{
#if defined(IEEE8021X_EAPOL) || (defined(HOSTAPD) && !defined(CONFIG_NO_RADIUS))
if (!strcmp(feat, "eap"))
return 1;
#endif
#ifdef CONFIG_IEEE80211N
if (!strcmp(feat, "11n"))
return 1;
#endif
#ifdef CONFIG_IEEE80211AC
if (!strcmp(feat, "11ac"))
return 1;
#endif
#ifdef CONFIG_IEEE80211R
if (!strcmp(feat, "11r"))
return 1;
#endif
#ifdef CONFIG_IEEE80211W
if (!strcmp(feat, "11w"))
return 1;
#endif
#ifdef CONFIG_ACS
if (!strcmp(feat, "acs"))
return 1;
#endif
#ifdef CONFIG_SAE
if (!strcmp(feat, "sae"))
return 1;
#endif
#ifdef CONFIG_OWE
if (!strcmp(feat, "owe"))
return 1;
#endif
#ifdef CONFIG_SUITEB192
if (!strcmp(feat, "suiteb192"))
return 1;
#endif
return 0;
}
#endif /* BUILD_FEATURES_H */

265
package/network/services/hostapd/src/wpa_supplicant/ubus.c Normal file
View File

@@ -0,0 +1,265 @@
/*
* wpa_supplicant / ubus support
* Copyright (c) 2018, Daniel Golle <daniel@makrotopia.org>
* Copyright (c) 2013, Felix Fietkau <nbd@nbd.name>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
#include "utils/includes.h"
#include "utils/common.h"
#include "utils/eloop.h"
#include "utils/wpabuf.h"
#include "common/ieee802_11_defs.h"
#include "wpa_supplicant_i.h"
#include "wps_supplicant.h"
#include "ubus.h"
static struct ubus_context *ctx;
static struct blob_buf b;
static int ctx_ref;
static inline struct wpa_supplicant *get_wpas_from_object(struct ubus_object *obj)
{
return container_of(obj, struct wpa_supplicant, ubus.obj);
}
static void ubus_receive(int sock, void *eloop_ctx, void *sock_ctx)
{
struct ubus_context *ctx = eloop_ctx;
ubus_handle_event(ctx);
}
static void ubus_reconnect_timeout(void *eloop_data, void *user_ctx)
{
if (ubus_reconnect(ctx, NULL)) {
eloop_register_timeout(1, 0, ubus_reconnect_timeout, ctx, NULL);
return;
}
eloop_register_read_sock(ctx->sock.fd, ubus_receive, ctx, NULL);
}
static void wpas_ubus_connection_lost(struct ubus_context *ctx)
{
eloop_unregister_read_sock(ctx->sock.fd);
eloop_register_timeout(1, 0, ubus_reconnect_timeout, ctx, NULL);
}
static bool wpas_ubus_init(void)
{
if (ctx)
return true;
ctx = ubus_connect(NULL);
if (!ctx)
return false;
ctx->connection_lost = wpas_ubus_connection_lost;
eloop_register_read_sock(ctx->sock.fd, ubus_receive, ctx, NULL);
return true;
}
static void wpas_ubus_ref_inc(void)
{
ctx_ref++;
}
static void wpas_ubus_ref_dec(void)
{
ctx_ref--;
if (!ctx)
return;
if (ctx_ref)
return;
eloop_unregister_read_sock(ctx->sock.fd);
ubus_free(ctx);
ctx = NULL;
}
static int
wpas_bss_get_features(struct ubus_context *ctx, struct ubus_object *obj,
struct ubus_request_data *req, const char *method,
struct blob_attr *msg)
{
struct wpa_supplicant *wpa_s = get_wpas_from_object(obj);
blob_buf_init(&b, 0);
blobmsg_add_u8(&b, "ht_supported", ht_supported(wpa_s->hw.modes));
blobmsg_add_u8(&b, "vht_supported", vht_supported(wpa_s->hw.modes));
ubus_send_reply(ctx, req, b.head);
return 0;
}
#ifdef CONFIG_WPS
enum {
WPS_START_MULTI_AP,
__WPS_START_MAX
};
static const struct blobmsg_policy wps_start_policy[] = {
[WPS_START_MULTI_AP] = { "multi_ap", BLOBMSG_TYPE_BOOL },
};
static int
wpas_bss_wps_start(struct ubus_context *ctx, struct ubus_object *obj,
struct ubus_request_data *req, const char *method,
struct blob_attr *msg)
{
int rc;
struct wpa_supplicant *wpa_s = get_wpas_from_object(obj);
struct blob_attr *tb[__WPS_START_MAX], *cur;
int multi_ap = 0;
blobmsg_parse(wps_start_policy, __WPS_START_MAX, tb, blobmsg_data(msg), blobmsg_data_len(msg));
if (tb[WPS_START_MULTI_AP])
multi_ap = blobmsg_get_bool(tb[WPS_START_MULTI_AP]);
rc = wpas_wps_start_pbc(wpa_s, NULL, 0, multi_ap);
if (rc != 0)
return UBUS_STATUS_NOT_SUPPORTED;
return 0;
}
static int
wpas_bss_wps_cancel(struct ubus_context *ctx, struct ubus_object *obj,
struct ubus_request_data *req, const char *method,
struct blob_attr *msg)
{
int rc;
struct wpa_supplicant *wpa_s = get_wpas_from_object(obj);
rc = wpas_wps_cancel(wpa_s);
if (rc != 0)
return UBUS_STATUS_NOT_SUPPORTED;
return 0;
}
#endif
static const struct ubus_method bss_methods[] = {
#ifdef CONFIG_WPS
UBUS_METHOD_NOARG("wps_start", wpas_bss_wps_start),
UBUS_METHOD_NOARG("wps_cancel", wpas_bss_wps_cancel),
#endif
UBUS_METHOD_NOARG("get_features", wpas_bss_get_features),
};
static struct ubus_object_type bss_object_type =
UBUS_OBJECT_TYPE("wpas_bss", bss_methods);
void wpas_ubus_add_bss(struct wpa_supplicant *wpa_s)
{
struct ubus_object *obj = &wpa_s->ubus.obj;
char *name;
int ret;
if (!wpas_ubus_init())
return;
if (asprintf(&name, "wpa_supplicant.%s", wpa_s->ifname) < 0)
return;
obj->name = name;
obj->type = &bss_object_type;
obj->methods = bss_object_type.methods;
obj->n_methods = bss_object_type.n_methods;
ret = ubus_add_object(ctx, obj);
wpas_ubus_ref_inc();
}
void wpas_ubus_free_bss(struct wpa_supplicant *wpa_s)
{
struct ubus_object *obj = &wpa_s->ubus.obj;
char *name = (char *) obj->name;
if (!ctx)
return;
if (obj->id) {
ubus_remove_object(ctx, obj);
wpas_ubus_ref_dec();
}
free(name);
}
#ifdef CONFIG_WPS
void wpas_ubus_notify(struct wpa_supplicant *wpa_s, const struct wps_credential *cred)
{
u16 auth_type;
char *ifname, *encryption, *ssid, *key;
size_t ifname_len;
if (!cred)
return;
auth_type = cred->auth_type;
if (auth_type == (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK))
auth_type = WPS_AUTH_WPA2PSK;
if (auth_type != WPS_AUTH_OPEN &&
auth_type != WPS_AUTH_WPAPSK &&
auth_type != WPS_AUTH_WPA2PSK) {
wpa_printf(MSG_DEBUG, "WPS: Ignored credentials for "
"unsupported authentication type 0x%x",
auth_type);
return;
}
if (auth_type == WPS_AUTH_WPAPSK || auth_type == WPS_AUTH_WPA2PSK) {
if (cred->key_len < 8 || cred->key_len > 2 * PMK_LEN) {
wpa_printf(MSG_ERROR, "WPS: Reject PSK credential with "
"invalid Network Key length %lu",
(unsigned long) cred->key_len);
return;
}
}
blob_buf_init(&b, 0);
ifname_len = strlen(wpa_s->ifname);
ifname = blobmsg_alloc_string_buffer(&b, "ifname", ifname_len + 1);
memcpy(ifname, wpa_s->ifname, ifname_len + 1);
ifname[ifname_len] = '\0';
blobmsg_add_string_buffer(&b);
switch (auth_type) {
case WPS_AUTH_WPA2PSK:
encryption = "psk2";
break;
case WPS_AUTH_WPAPSK:
encryption = "psk";
break;
default:
encryption = "none";
break;
}
blobmsg_add_string(&b, "encryption", encryption);
ssid = blobmsg_alloc_string_buffer(&b, "ssid", cred->ssid_len + 1);
memcpy(ssid, cred->ssid, cred->ssid_len);
ssid[cred->ssid_len] = '\0';
blobmsg_add_string_buffer(&b);
if (cred->key_len > 0) {
key = blobmsg_alloc_string_buffer(&b, "key", cred->key_len + 1);
memcpy(key, cred->key, cred->key_len);
key[cred->key_len] = '\0';
blobmsg_add_string_buffer(&b);
}
// ubus_notify(ctx, &wpa_s->ubus.obj, "wps_credentials", b.head, -1);
ubus_send_event(ctx, "wps_credentials", b.head);
}
#endif /* CONFIG_WPS */

53
package/network/services/hostapd/src/wpa_supplicant/ubus.h Normal file
View File

@@ -0,0 +1,53 @@
/*
* wpa_supplicant / ubus support
* Copyright (c) 2018, Daniel Golle <daniel@makrotopia.org>
* Copyright (c) 2013, Felix Fietkau <nbd@nbd.name>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
#ifndef __WPAS_UBUS_H
#define __WPAS_UBUS_H
struct wpa_supplicant;
#include "wps_supplicant.h"
#ifdef UBUS_SUPPORT
#include <libubus.h>
struct wpas_ubus_bss {
struct ubus_object obj;
};
void wpas_ubus_add_bss(struct wpa_supplicant *wpa_s);
void wpas_ubus_free_bss(struct wpa_supplicant *wpa_s);
#ifdef CONFIG_WPS
void wpas_ubus_notify(struct wpa_supplicant *wpa_s, const struct wps_credential *cred);
#endif
#else
struct wpas_ubus_bss {};
static inline void wpas_ubus_add_iface(struct wpa_supplicant *wpa_s)
{
}
static inline void wpas_ubus_free_iface(struct wpa_supplicant *wpa_s)
{
}
static inline void wpas_ubus_add_bss(struct wpa_supplicant *wpa_s)
{
}
static inline void wpas_ubus_free_bss(struct wpa_supplicant *wpa_s)
{
}
static inline void wpas_ubus_notify(struct wpa_supplicant *wpa_s, struct wps_credential *cred)
{
}
#endif
#endif